Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://link.mail.beehiiv.com/ls/click?upn=fBLT-2BLuQl3NwiQlY-2FUB-2F7yZK63rzVbOt6SRjyVrBIqFzFDo8M-2Fg4Bo4-2BO4hpom8z7ZLuxy2QxlYMgW1Gzy6pwCm23aez0vVyhBm7eCGwE0WdMbo1BXh-2BFRtbcaklbKh26FDy0n-2FdQ9t7RCwaH39WupxeBlLns-2FCYgl5f1ctJEhM-3DLmFo_AmeWD5ZsKC-2B3ZheZjnDpbUkAKgKl5WpTuOJCpyDqXRc8K-2FlFlJ4-2Bn1zD

Overview

General Information

Sample URL:https://link.mail.beehiiv.com/ls/click?upn=fBLT-2BLuQl3NwiQlY-2FUB-2F7yZK63rzVbOt6SRjyVrBIqFzFDo8M-2Fg4Bo4-2BO4hpom8z7ZLuxy2QxlYMgW1Gzy6pwCm23aez0vVyhBm7eCGwE0WdMbo1BXh-2BFRtbcaklbKh26FDy0n-2FdQ9t7RCw
Analysis ID:1388791
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Creates files inside the system directory
URL contains potential PII (phishing indication)

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 5764 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 1800 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 --field-trial-handle=2492,i,5070101363910953062,9900782759702370279,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6544 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "https://link.mail.beehiiv.com/ls/click?upn=fBLT-2BLuQl3NwiQlY-2FUB-2F7yZK63rzVbOt6SRjyVrBIqFzFDo8M-2Fg4Bo4-2BO4hpom8z7ZLuxy2QxlYMgW1Gzy6pwCm23aez0vVyhBm7eCGwE0WdMbo1BXh-2BFRtbcaklbKh26FDy0n-2FdQ9t7RCwaH39WupxeBlLns-2FCYgl5f1ctJEhM-3DLmFo_AmeWD5ZsKC-2B3ZheZjnDpbUkAKgKl5WpTuOJCpyDqXRc8K-2FlFlJ4-2Bn1zDfmQE1bOIB5-2BmaBYS52bqAMuImdaBWt-2B7NcvDjHLSjDEqun4F40VGOju6f5eraMm-2BmA2cI4TwN5m-2FdXmsuh3AvB8I3hqCf5Su72C52AB82bXT78OFaGhLdykrKPYdzAmNePbUMkJfeZ1o1xXkpY533PpjggEufwqS96U2lHFtuM0AF0XznjCWvz2-2FAJxdv2yOU4Rja8sE1aVzAzUItssHkUW9tujzTKsHooxa0T1wqU-2BXsNw6IZYMBuNd2XQD3BPavL2FyKwgqOl-2BNlCpAsuRQyxxqbQ0sxmCsvEzI2nw166vYROKCjGmPPQtR1NyNiLpj317EtiqLrlvsktdS8N6bgTfK0t-2FA2HLcAR1clK9xdGWlVkoBfmmnRGIBboAePQ8ToZagwj4auB1PmTKZ9aQMtFdh-2FNJV17VPUH2ibgU2d8MV21fLKU-3D#/?/#/?/bfariss@onedigital.com MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: https://link.mail.beehiiv.com/ls/click?upn=fBLT-2BLuQl3NwiQlY-2FUB-2F7yZK63rzVbOt6SRjyVrBIqFzFDo8M-2Fg4Bo4-2BO4hpom8z7ZLuxy2QxlYMgW1Gzy6pwCm23aez0vVyhBm7eCGwE0WdMbo1BXh-2BFRtbcaklbKh26FDy0n-2FdQ9t7RCwaH39WupxeBlLns-2FCYgl5f1ctJEhM-3DLmFo_AmeWD5ZsKC-2B3ZheZjnDpbUkAKgKl5WpTuOJCpyDqXRc8K-2FlFlJ4-2Bn1zDfmQE1bOIB5-2BmaBYS52bqAMuImdaBWt-2B7NcvDjHLSjDEqun4F40VGOju6f5eraMm-2BmA2cI4TwN5m-2FdXmsuh3AvB8I3hqCf5Su72C52AB82bXT78OFaGhLdykrKPYdzAmNePbUMkJfeZ1o1xXkpY533PpjggEufwqS96U2lHFtuM0AF0XznjCWvz2-2FAJxdv2yOU4Rja8sE1aVzAzUItssHkUW9tujzTKsHooxa0T1wqU-2BXsNw6IZYMBuNd2XQD3BPavL2FyKwgqOl-2BNlCpAsuRQyxxqbQ0sxmCsvEzI2nw166vYROKCjGmPPQtR1NyNiLpj317EtiqLrlvsktdS8N6bgTfK0t-2FA2HLcAR1clK9xdGWlVkoBfmmnRGIBboAePQ8ToZagwj4auB1PmTKZ9aQMtFdh-2FNJV17VPUH2ibgU2d8MV21fLKU-3D#/?/#/?/bfariss@onedigital.comAvira URL Cloud: detection malicious, Label: phishing
Source: https://link.mail.beehiiv.com/ls/click?upn=fBLT-2BLuQl3NwiQlY-2FUB-2F7yZK63rzVbOt6SRjyVrBIqFzFDo8M-2Fg4Bo4-2BO4hpom8z7ZLuxy2QxlYMgW1Gzy6pwCm23aez0vVyhBm7eCGwE0WdMbo1BXh-2BFRtbcaklbKh26FDy0n-2FdQ9t7RCwaH39WupxeBlLns-2FCYgl5f1ctJEhM-3DLmFo_AmeWD5ZsKC-2B3ZheZjnDpbUkAKgKl5WpTuOJCpyDqXRc8K-2FlFlJ4-2Bn1zDfmQE1bOIB5-2BmaBYS52bqAMuImdaBWt-2B7NcvDjHLSjDEqun4F40VGOju6f5eraMm-2BmA2cI4TwN5m-2FdXmsuh3AvB8I3hqCf5Su72C52AB82bXT78OFaGhLdykrKPYdzAmNePbUMkJfeZ1o1xXkpY533PpjggEufwqS96U2lHFtuM0AF0XznjCWvz2-2FAJxdv2yOU4Rja8sE1aVzAzUItssHkUW9tujzTKsHooxa0T1wqU-2BXsNw6IZYMBuNd2XQD3BPavL2FyKwgqOl-2BNlCpAsuRQyxxqbQ0sxmCsvEzI2nw166vYROKCjGmPPQtR1NyNiLpj317EtiqLrlvsktdS8N6bgTfK0t-2FA2HLcAR1clK9xdGWlVkoBfmmnRGIBboAePQ8ToZagwj4auB1PmTKZ9aQMtFdh-2FNJV17VPUH2ibgU2d8MV21fLKU-3D#/?/#/?/bfariss@onedigital.comSlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering
Antivirus detection for URL or domain
Source: https://djdhde.mypi.co/sss/?utm_source=capils-newsletter.beehiiv.com&utm_medium=newsletter&utm_campaign=new-postAvira URL Cloud: Label: malware
Source: https://djdhde.mypi.co/sss?utm_source=capils-newsletter.beehiiv.com&utm_medium=newsletter&utm_campaign=new-postAvira URL Cloud: Label: malware
Source: https://link.mail.beehiiv.com/ls/click?upn=fBLT-2BLuQl3NwiQlY-2FUB-2F7yZK63rzVbOt6SRjyVrBIqFzFDo8M-2Fg4Bo4-2BO4hpom8z7ZLuxy2QxlYMgW1Gzy6pwCm23aez0vVyhBm7eCGwE0WdMbo1BXh-2BFRtbcaklbKh26FDy0n-2FdQ9t7RCwaH39WupxeBlLns-2FCYgl5f1ctJEhM-3DLmFo_AmeWD5ZsKC-2B3ZheZjnDpbUkAKgKl5WpTuOJCpyDqXRc8K-2FlFlJ4-2Bn1zDfmQE1bOIB5-2BmaBYS52bqAMuImdaBWt-2B7NcvDjHLSjDEqun4F40VGOju6f5eraMm-2BmA2cI4TwN5m-2FdXmsuh3AvB8I3hqCf5Su72C52AB82bXT78OFaGhLdykrKPYdzAmNePbUMkJfeZ1o1xXkpY533PpjggEufwqS96U2lHFtuM0AF0XznjCWvz2-2FAJxdv2yOU4Rja8sE1aVzAzUItssHkUW9tujzTKsHooxa0T1wqU-2BXsNw6IZYMBuNd2XQD3BPavL2FyKwgqOl-2BNlCpAsuRQyxxqbQ0sxmCsvEzI2nw166vYROKCjGmPPQtR1NyNiLpj317EtiqLrlvsktdS8N6bgTfK0t-2FA2HLcAR1clK9xdGWlVkoBfmmnRGIBboAePQ8ToZagwj4auB1PmTKZ9aQMtFdh-2FNJV17VPUH2ibgU2d8MV21fLKU-3DAvira URL Cloud: Label: phishing
Source: https://link.mail.beehiiv.com/ls/click?upn=fBLT-2BLuQl3NwiQlY-2FUB-2F7yZK63rzVbOt6SRjyVrBIqFzFDo8M-2Fg4Bo4-2BO4hpom8z7ZLuxy2QxlYMgW1Gzy6pwCm23aez0vVyhBm7eCGwE0WdMbo1BXh-2BFRtbcaklbKh26FDy0n-2FdQ9t7RCwaH39WupxeBlLns-2FCYgl5f1ctJEhM-3DLmFo_AmeWD5ZsKC-2B3ZheZjnDpbUkAKgKl5WpTuOJCpyDqXRc8K-2FlFlJ4-2Bn1zDfmQE1bOIB5-2BmaBYS52bqAMuImdaBWt-2B7NcvDjHLSjDEqun4F40VGOju6f5eraMm-2BmA2cI4TwN5m-2FdXmsuh3AvB8I3hqCf5Su72C52AB82bXT78OFaGhLdykrKPYdzAmNePbUMkJfeZ1o1xXkpY533PpjggEufwqS96U2lHFtuM0AF0XznjCWvz2-2FAJxdv2yOU4Rja8sE1aVzAzUItssHkUW9tujzTKsHooxa0T1wqU-2BXsNw6IZYMBuNd2XQD3BPavL2FyKwgqOl-2BNlCpAsuRQyxxqbQ0sxmCsvEzI2nw166vYROKCjGmPPQtR1NyNiLpj317EtiqLrlvsktdS8N6bgTfK0t-2FA2HLcAR1clK9xdGWlVkoBfmmnRGIBboAePQ8ToZagwj4auB1PmTKZ9aQMtFdh-2FNJV17VPUH2ibgU2d8MV21fLKU-3D#/?/#/?/bfariss@onedigital.comSample URL: PII: bfariss@onedigital.com
Source: unknownHTTPS traffic detected: 23.36.173.151:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.36.173.151:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 23.36.173.151
Source: unknownTCP traffic detected without corresponding DNS query: 23.36.173.151
Source: unknownTCP traffic detected without corresponding DNS query: 23.36.173.151
Source: unknownTCP traffic detected without corresponding DNS query: 23.36.173.151
Source: unknownTCP traffic detected without corresponding DNS query: 23.36.173.151
Source: unknownTCP traffic detected without corresponding DNS query: 23.36.173.151
Source: unknownTCP traffic detected without corresponding DNS query: 23.36.173.151
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 23.36.173.151
Source: unknownTCP traffic detected without corresponding DNS query: 23.36.173.151
Source: unknownTCP traffic detected without corresponding DNS query: 23.36.173.151
Source: unknownTCP traffic detected without corresponding DNS query: 23.36.173.151
Source: unknownTCP traffic detected without corresponding DNS query: 23.36.173.151
Source: unknownTCP traffic detected without corresponding DNS query: 23.36.173.151
Source: unknownTCP traffic detected without corresponding DNS query: 23.36.173.151
Source: unknownTCP traffic detected without corresponding DNS query: 23.36.173.151
Source: unknownTCP traffic detected without corresponding DNS query: 23.36.173.151
Source: unknownTCP traffic detected without corresponding DNS query: 23.36.173.151
Source: unknownTCP traffic detected without corresponding DNS query: 23.36.173.151
Source: unknownTCP traffic detected without corresponding DNS query: 23.36.173.151
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.243.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.243.112
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-117.0.5938.132Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ls/click?upn=fBLT-2BLuQl3NwiQlY-2FUB-2F7yZK63rzVbOt6SRjyVrBIqFzFDo8M-2Fg4Bo4-2BO4hpom8z7ZLuxy2QxlYMgW1Gzy6pwCm23aez0vVyhBm7eCGwE0WdMbo1BXh-2BFRtbcaklbKh26FDy0n-2FdQ9t7RCwaH39WupxeBlLns-2FCYgl5f1ctJEhM-3DLmFo_AmeWD5ZsKC-2B3ZheZjnDpbUkAKgKl5WpTuOJCpyDqXRc8K-2FlFlJ4-2Bn1zDfmQE1bOIB5-2BmaBYS52bqAMuImdaBWt-2B7NcvDjHLSjDEqun4F40VGOju6f5eraMm-2BmA2cI4TwN5m-2FdXmsuh3AvB8I3hqCf5Su72C52AB82bXT78OFaGhLdykrKPYdzAmNePbUMkJfeZ1o1xXkpY533PpjggEufwqS96U2lHFtuM0AF0XznjCWvz2-2FAJxdv2yOU4Rja8sE1aVzAzUItssHkUW9tujzTKsHooxa0T1wqU-2BXsNw6IZYMBuNd2XQD3BPavL2FyKwgqOl-2BNlCpAsuRQyxxqbQ0sxmCsvEzI2nw166vYROKCjGmPPQtR1NyNiLpj317EtiqLrlvsktdS8N6bgTfK0t-2FA2HLcAR1clK9xdGWlVkoBfmmnRGIBboAePQ8ToZagwj4auB1PmTKZ9aQMtFdh-2FNJV17VPUH2ibgU2d8MV21fLKU-3D HTTP/1.1Host: link.mail.beehiiv.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /sss?utm_source=capils-newsletter.beehiiv.com&utm_medium=newsletter&utm_campaign=new-post HTTP/1.1Host: djdhde.mypi.coConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /sss/?utm_source=capils-newsletter.beehiiv.com&utm_medium=newsletter&utm_campaign=new-post HTTP/1.1Host: djdhde.mypi.coConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /1c59/bfariss@onedigital.com HTTP/1.1Host: 95mc5.zal0.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://djdhde.mypi.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: unknownDNS traffic detected: queries for: clients2.google.com
Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 08 Feb 2024 03:12:14 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JvzAOwjrvKCevnRIYGcOt%2F%2BKGLoq%2FdcbLo4As7kws%2FEH5EFlag3L9wq0cSK2TCUcWjCAAX3hxavpwx6efifO%2FHXPXGytwHYunzVN1%2BI8vxxvV%2BkUX14%2FWvtDv9gCorDxvg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8520b099a823243d-ATLalt-svc: h3=":443"; ma=86400
Source: chromecache_41.2.drString found in binary or memory: https://95mc5.zal0.com/1c59/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 23.36.173.151:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.36.173.151:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_BITS_5764_1804990316Jump to behavior
Source: classification engineClassification label: mal56.win@19/2@14/9
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 --field-trial-handle=2492,i,5070101363910953062,9900782759702370279,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "https://link.mail.beehiiv.com/ls/click?upn=fBLT-2BLuQl3NwiQlY-2FUB-2F7yZK63rzVbOt6SRjyVrBIqFzFDo8M-2Fg4Bo4-2BO4hpom8z7ZLuxy2QxlYMgW1Gzy6pwCm23aez0vVyhBm7eCGwE0WdMbo1BXh-2BFRtbcaklbKh26FDy0n-2FdQ9t7RCwaH39WupxeBlLns-2FCYgl5f1ctJEhM-3DLmFo_AmeWD5ZsKC-2B3ZheZjnDpbUkAKgKl5WpTuOJCpyDqXRc8K-2FlFlJ4-2Bn1zDfmQE1bOIB5-2BmaBYS52bqAMuImdaBWt-2B7NcvDjHLSjDEqun4F40VGOju6f5eraMm-2BmA2cI4TwN5m-2FdXmsuh3AvB8I3hqCf5Su72C52AB82bXT78OFaGhLdykrKPYdzAmNePbUMkJfeZ1o1xXkpY533PpjggEufwqS96U2lHFtuM0AF0XznjCWvz2-2FAJxdv2yOU4Rja8sE1aVzAzUItssHkUW9tujzTKsHooxa0T1wqU-2BXsNw6IZYMBuNd2XQD3BPavL2FyKwgqOl-2BNlCpAsuRQyxxqbQ0sxmCsvEzI2nw166vYROKCjGmPPQtR1NyNiLpj317EtiqLrlvsktdS8N6bgTfK0t-2FA2HLcAR1clK9xdGWlVkoBfmmnRGIBboAePQ8ToZagwj4auB1PmTKZ9aQMtFdh-2FNJV17VPUH2ibgU2d8MV21fLKU-3D#/?/#/?/bfariss@onedigital.com
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 --field-trial-handle=2492,i,5070101363910953062,9900782759702370279,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media4
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://link.mail.beehiiv.com/ls/click?upn=fBLT-2BLuQl3NwiQlY-2FUB-2F7yZK63rzVbOt6SRjyVrBIqFzFDo8M-2Fg4Bo4-2BO4hpom8z7ZLuxy2QxlYMgW1Gzy6pwCm23aez0vVyhBm7eCGwE0WdMbo1BXh-2BFRtbcaklbKh26FDy0n-2FdQ9t7RCwaH39WupxeBlLns-2FCYgl5f1ctJEhM-3DLmFo_AmeWD5ZsKC-2B3ZheZjnDpbUkAKgKl5WpTuOJCpyDqXRc8K-2FlFlJ4-2Bn1zDfmQE1bOIB5-2BmaBYS52bqAMuImdaBWt-2B7NcvDjHLSjDEqun4F40VGOju6f5eraMm-2BmA2cI4TwN5m-2FdXmsuh3AvB8I3hqCf5Su72C52AB82bXT78OFaGhLdykrKPYdzAmNePbUMkJfeZ1o1xXkpY533PpjggEufwqS96U2lHFtuM0AF0XznjCWvz2-2FAJxdv2yOU4Rja8sE1aVzAzUItssHkUW9tujzTKsHooxa0T1wqU-2BXsNw6IZYMBuNd2XQD3BPavL2FyKwgqOl-2BNlCpAsuRQyxxqbQ0sxmCsvEzI2nw166vYROKCjGmPPQtR1NyNiLpj317EtiqLrlvsktdS8N6bgTfK0t-2FA2HLcAR1clK9xdGWlVkoBfmmnRGIBboAePQ8ToZagwj4auB1PmTKZ9aQMtFdh-2FNJV17VPUH2ibgU2d8MV21fLKU-3D#/?/#/?/bfariss@onedigital.com100%Avira URL Cloudphishing
https://link.mail.beehiiv.com/ls/click?upn=fBLT-2BLuQl3NwiQlY-2FUB-2F7yZK63rzVbOt6SRjyVrBIqFzFDo8M-2Fg4Bo4-2BO4hpom8z7ZLuxy2QxlYMgW1Gzy6pwCm23aez0vVyhBm7eCGwE0WdMbo1BXh-2BFRtbcaklbKh26FDy0n-2FdQ9t7RCwaH39WupxeBlLns-2FCYgl5f1ctJEhM-3DLmFo_AmeWD5ZsKC-2B3ZheZjnDpbUkAKgKl5WpTuOJCpyDqXRc8K-2FlFlJ4-2Bn1zDfmQE1bOIB5-2BmaBYS52bqAMuImdaBWt-2B7NcvDjHLSjDEqun4F40VGOju6f5eraMm-2BmA2cI4TwN5m-2FdXmsuh3AvB8I3hqCf5Su72C52AB82bXT78OFaGhLdykrKPYdzAmNePbUMkJfeZ1o1xXkpY533PpjggEufwqS96U2lHFtuM0AF0XznjCWvz2-2FAJxdv2yOU4Rja8sE1aVzAzUItssHkUW9tujzTKsHooxa0T1wqU-2BXsNw6IZYMBuNd2XQD3BPavL2FyKwgqOl-2BNlCpAsuRQyxxqbQ0sxmCsvEzI2nw166vYROKCjGmPPQtR1NyNiLpj317EtiqLrlvsktdS8N6bgTfK0t-2FA2HLcAR1clK9xdGWlVkoBfmmnRGIBboAePQ8ToZagwj4auB1PmTKZ9aQMtFdh-2FNJV17VPUH2ibgU2d8MV21fLKU-3D#/?/#/?/bfariss@onedigital.com3%VirustotalBrowse
https://link.mail.beehiiv.com/ls/click?upn=fBLT-2BLuQl3NwiQlY-2FUB-2F7yZK63rzVbOt6SRjyVrBIqFzFDo8M-2Fg4Bo4-2BO4hpom8z7ZLuxy2QxlYMgW1Gzy6pwCm23aez0vVyhBm7eCGwE0WdMbo1BXh-2BFRtbcaklbKh26FDy0n-2FdQ9t7RCwaH39WupxeBlLns-2FCYgl5f1ctJEhM-3DLmFo_AmeWD5ZsKC-2B3ZheZjnDpbUkAKgKl5WpTuOJCpyDqXRc8K-2FlFlJ4-2Bn1zDfmQE1bOIB5-2BmaBYS52bqAMuImdaBWt-2B7NcvDjHLSjDEqun4F40VGOju6f5eraMm-2BmA2cI4TwN5m-2FdXmsuh3AvB8I3hqCf5Su72C52AB82bXT78OFaGhLdykrKPYdzAmNePbUMkJfeZ1o1xXkpY533PpjggEufwqS96U2lHFtuM0AF0XznjCWvz2-2FAJxdv2yOU4Rja8sE1aVzAzUItssHkUW9tujzTKsHooxa0T1wqU-2BXsNw6IZYMBuNd2XQD3BPavL2FyKwgqOl-2BNlCpAsuRQyxxqbQ0sxmCsvEzI2nw166vYROKCjGmPPQtR1NyNiLpj317EtiqLrlvsktdS8N6bgTfK0t-2FA2HLcAR1clK9xdGWlVkoBfmmnRGIBboAePQ8ToZagwj4auB1PmTKZ9aQMtFdh-2FNJV17VPUH2ibgU2d8MV21fLKU-3D#/?/#/?/bfariss@onedigital.com100%SlashNextCredential Stealing type: Phishing & Social Engineering

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
95mc5.zal0.com0%VirustotalBrowse
fp2e7a.wpc.phicdn.net0%VirustotalBrowse
windowsupdatebg.s.llnwi.net0%VirustotalBrowse
link.mail.beehiiv.com1%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
https://djdhde.mypi.co/sss/?utm_source=capils-newsletter.beehiiv.com&utm_medium=newsletter&utm_campaign=new-post100%Avira URL Cloudmalware
https://95mc5.zal0.com/1c59/0%Avira URL Cloudsafe
https://95mc5.zal0.com/1c59/bfariss@onedigital.com0%Avira URL Cloudsafe
https://djdhde.mypi.co/sss?utm_source=capils-newsletter.beehiiv.com&utm_medium=newsletter&utm_campaign=new-post100%Avira URL Cloudmalware
https://link.mail.beehiiv.com/ls/click?upn=fBLT-2BLuQl3NwiQlY-2FUB-2F7yZK63rzVbOt6SRjyVrBIqFzFDo8M-2Fg4Bo4-2BO4hpom8z7ZLuxy2QxlYMgW1Gzy6pwCm23aez0vVyhBm7eCGwE0WdMbo1BXh-2BFRtbcaklbKh26FDy0n-2FdQ9t7RCwaH39WupxeBlLns-2FCYgl5f1ctJEhM-3DLmFo_AmeWD5ZsKC-2B3ZheZjnDpbUkAKgKl5WpTuOJCpyDqXRc8K-2FlFlJ4-2Bn1zDfmQE1bOIB5-2BmaBYS52bqAMuImdaBWt-2B7NcvDjHLSjDEqun4F40VGOju6f5eraMm-2BmA2cI4TwN5m-2FdXmsuh3AvB8I3hqCf5Su72C52AB82bXT78OFaGhLdykrKPYdzAmNePbUMkJfeZ1o1xXkpY533PpjggEufwqS96U2lHFtuM0AF0XznjCWvz2-2FAJxdv2yOU4Rja8sE1aVzAzUItssHkUW9tujzTKsHooxa0T1wqU-2BXsNw6IZYMBuNd2XQD3BPavL2FyKwgqOl-2BNlCpAsuRQyxxqbQ0sxmCsvEzI2nw166vYROKCjGmPPQtR1NyNiLpj317EtiqLrlvsktdS8N6bgTfK0t-2FA2HLcAR1clK9xdGWlVkoBfmmnRGIBboAePQ8ToZagwj4auB1PmTKZ9aQMtFdh-2FNJV17VPUH2ibgU2d8MV21fLKU-3D100%Avira URL Cloudphishing
https://djdhde.mypi.co/sss/?utm_source=capils-newsletter.beehiiv.com&utm_medium=newsletter&utm_campaign=new-post1%VirustotalBrowse
https://95mc5.zal0.com/1c59/0%VirustotalBrowse
https://djdhde.mypi.co/sss?utm_source=capils-newsletter.beehiiv.com&utm_medium=newsletter&utm_campaign=new-post1%VirustotalBrowse
https://link.mail.beehiiv.com/ls/click?upn=fBLT-2BLuQl3NwiQlY-2FUB-2F7yZK63rzVbOt6SRjyVrBIqFzFDo8M-2Fg4Bo4-2BO4hpom8z7ZLuxy2QxlYMgW1Gzy6pwCm23aez0vVyhBm7eCGwE0WdMbo1BXh-2BFRtbcaklbKh26FDy0n-2FdQ9t7RCwaH39WupxeBlLns-2FCYgl5f1ctJEhM-3DLmFo_AmeWD5ZsKC-2B3ZheZjnDpbUkAKgKl5WpTuOJCpyDqXRc8K-2FlFlJ4-2Bn1zDfmQE1bOIB5-2BmaBYS52bqAMuImdaBWt-2B7NcvDjHLSjDEqun4F40VGOju6f5eraMm-2BmA2cI4TwN5m-2FdXmsuh3AvB8I3hqCf5Su72C52AB82bXT78OFaGhLdykrKPYdzAmNePbUMkJfeZ1o1xXkpY533PpjggEufwqS96U2lHFtuM0AF0XznjCWvz2-2FAJxdv2yOU4Rja8sE1aVzAzUItssHkUW9tujzTKsHooxa0T1wqU-2BXsNw6IZYMBuNd2XQD3BPavL2FyKwgqOl-2BNlCpAsuRQyxxqbQ0sxmCsvEzI2nw166vYROKCjGmPPQtR1NyNiLpj317EtiqLrlvsktdS8N6bgTfK0t-2FA2HLcAR1clK9xdGWlVkoBfmmnRGIBboAePQ8ToZagwj4auB1PmTKZ9aQMtFdh-2FNJV17VPUH2ibgU2d8MV21fLKU-3D3%VirustotalBrowse

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
95mc5.zal0.com
104.21.42.31
truefalseunknown
djdhde.mypi.co
23.237.26.135
truefalse
    		unknown
    a.nel.cloudflare.com
    		35.190.80.1
    		truefalse
      		high
      accounts.google.com
      		173.194.219.84
      		truefalse
        		high
        link.mail.beehiiv.com
        		104.18.68.40
        		truefalseunknown
        www.google.com
        		74.125.138.99
        		truefalse
          		high
          clients.l.google.com
          		142.250.105.138
          		truefalse
            		high
            fp2e7a.wpc.phicdn.net
            		192.229.211.108
            		truefalseunknown
            windowsupdatebg.s.llnwi.net
            		69.164.42.0
            		truefalseunknown
            clients2.google.com
            		unknown
            		unknownfalse
              		high

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              https://djdhde.mypi.co/sss/?utm_source=capils-newsletter.beehiiv.com&utm_medium=newsletter&utm_campaign=new-postfalse
              • 1%, Virustotal, Browse
              • Avira URL Cloud: malware
              		unknown
              https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1false
                		high
                https://95mc5.zal0.com/1c59/bfariss@onedigital.comfalse
                • Avira URL Cloud: safe
                		unknown
                https://djdhde.mypi.co/sss?utm_source=capils-newsletter.beehiiv.com&utm_medium=newsletter&utm_campaign=new-postfalse
                • 1%, Virustotal, Browse
                • Avira URL Cloud: malware
                		unknown
                https://link.mail.beehiiv.com/ls/click?upn=fBLT-2BLuQl3NwiQlY-2FUB-2F7yZK63rzVbOt6SRjyVrBIqFzFDo8M-2Fg4Bo4-2BO4hpom8z7ZLuxy2QxlYMgW1Gzy6pwCm23aez0vVyhBm7eCGwE0WdMbo1BXh-2BFRtbcaklbKh26FDy0n-2FdQ9t7RCwaH39WupxeBlLns-2FCYgl5f1ctJEhM-3DLmFo_AmeWD5ZsKC-2B3ZheZjnDpbUkAKgKl5WpTuOJCpyDqXRc8K-2FlFlJ4-2Bn1zDfmQE1bOIB5-2BmaBYS52bqAMuImdaBWt-2B7NcvDjHLSjDEqun4F40VGOju6f5eraMm-2BmA2cI4TwN5m-2FdXmsuh3AvB8I3hqCf5Su72C52AB82bXT78OFaGhLdykrKPYdzAmNePbUMkJfeZ1o1xXkpY533PpjggEufwqS96U2lHFtuM0AF0XznjCWvz2-2FAJxdv2yOU4Rja8sE1aVzAzUItssHkUW9tujzTKsHooxa0T1wqU-2BXsNw6IZYMBuNd2XQD3BPavL2FyKwgqOl-2BNlCpAsuRQyxxqbQ0sxmCsvEzI2nw166vYROKCjGmPPQtR1NyNiLpj317EtiqLrlvsktdS8N6bgTfK0t-2FA2HLcAR1clK9xdGWlVkoBfmmnRGIBboAePQ8ToZagwj4auB1PmTKZ9aQMtFdh-2FNJV17VPUH2ibgU2d8MV21fLKU-3Dfalse
                • 3%, Virustotal, Browse
                • Avira URL Cloud: phishing
                		unknown
                https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardfalse
                  		high

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  https://95mc5.zal0.com/1c59/chromecache_41.2.drfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown

                  World Map of Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public IPs

                  IPDomainCountryFlagASNASN NameMalicious
                  104.21.42.31
                  		95mc5.zal0.comUnited States
                  		13335CLOUDFLARENETUSfalse
                  74.125.138.99
                  		www.google.comUnited States
                  		15169GOOGLEUSfalse
                  23.237.26.135
                  		djdhde.mypi.coUnited States
                  		174COGENT-174USfalse
                  239.255.255.250
                  		unknownReserved
                  		unknownunknownfalse
                  35.190.80.1
                  		a.nel.cloudflare.comUnited States
                  		15169GOOGLEUSfalse
                  104.18.68.40
                  		link.mail.beehiiv.comUnited States
                  		13335CLOUDFLARENETUSfalse
                  142.250.105.138
                  		clients.l.google.comUnited States
                  		15169GOOGLEUSfalse
                  173.194.219.84
                  		accounts.google.comUnited States
                  		15169GOOGLEUSfalse

                  Private

                  IP
                  192.168.2.4

                  General Information

                  Joe Sandbox version:40.0.0 Tourmaline
                  Analysis ID:1388791
                  Start date and time:2024-02-08 04:11:21 +01:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:0h 3m 5s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:browseurl.jbs
                  Sample URL:https://link.mail.beehiiv.com/ls/click?upn=fBLT-2BLuQl3NwiQlY-2FUB-2F7yZK63rzVbOt6SRjyVrBIqFzFDo8M-2Fg4Bo4-2BO4hpom8z7ZLuxy2QxlYMgW1Gzy6pwCm23aez0vVyhBm7eCGwE0WdMbo1BXh-2BFRtbcaklbKh26FDy0n-2FdQ9t7RCwaH39WupxeBlLns-2FCYgl5f1ctJEhM-3DLmFo_AmeWD5ZsKC-2B3ZheZjnDpbUkAKgKl5WpTuOJCpyDqXRc8K-2FlFlJ4-2Bn1zDfmQE1bOIB5-2BmaBYS52bqAMuImdaBWt-2B7NcvDjHLSjDEqun4F40VGOju6f5eraMm-2BmA2cI4TwN5m-2FdXmsuh3AvB8I3hqCf5Su72C52AB82bXT78OFaGhLdykrKPYdzAmNePbUMkJfeZ1o1xXkpY533PpjggEufwqS96U2lHFtuM0AF0XznjCWvz2-2FAJxdv2yOU4Rja8sE1aVzAzUItssHkUW9tujzTKsHooxa0T1wqU-2BXsNw6IZYMBuNd2XQD3BPavL2FyKwgqOl-2BNlCpAsuRQyxxqbQ0sxmCsvEzI2nw166vYROKCjGmPPQtR1NyNiLpj317EtiqLrlvsktdS8N6bgTfK0t-2FA2HLcAR1clK9xdGWlVkoBfmmnRGIBboAePQ8ToZagwj4auB1PmTKZ9aQMtFdh-2FNJV17VPUH2ibgU2d8MV21fLKU-3D#/?/#/?/bfariss@onedigital.com
                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                  Number of analysed new started processes analysed:8
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Detection:MAL
                  Classification:mal56.win@19/2@14/9
                  EGA Information:Failed
                  HCA Information:
                  • Successful, ratio: 100%
                  • Number of executed functions: 0
                  • Number of non-executed functions: 0

                  Warnings

                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                  • Excluded IPs from analysis (whitelisted): 74.125.138.94, 34.104.35.123, 20.12.23.50, 69.164.42.0, 192.229.211.108, 20.3.187.198, 20.166.126.56, 13.85.23.86, 64.233.177.94, 52.165.165.26
                  • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, wu-bg-shim.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, glb.sls.prod.dcat.dsp.trafficmanager.net
                  • Not all processes where analyzed, report is missing behavior information
                  • Report size getting too big, too many NtOpenFile calls found.
                  • Report size getting too big, too many NtSetInformationFile calls found.

                  Simulations

                  Behavior and APIs

                  No simulations

                  Joe Sandbox View / Context

                  IPs

                  No context

                  Domains

                  No context

                  ASNs

                  No context

                  JA3 Fingerprints

                  No context

                  Dropped Files

                  No context

                  Created / dropped Files

                  Chrome Cache Entry: 41

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:HTML document, ASCII text, with CRLF line terminators
                  Category:downloaded
                  Size (bytes):232
                  Entropy (8bit):4.979386507392717
                  Encrypted:false
                  SSDEEP:6:OK7XnfIuPxm9/UAY8SYfmFr7VddQezMcGh:OEfIuZY/Ur8hfQr7VbHzMbh
                  MD5:DB43D1E8377836DCC645F300AC0C490F
                  SHA1:9694476AA14218476EDC612069E060DCFDD87657
                  SHA-256:9A97CD4AA6A50586ECEB5D58FCBE19E163FA61BE60AA5D65C472C70227E8FB54
                  SHA-512:F138AEA35636B83E3F967227F46DD570F359E23487B889F5FD8F1DA027FC5E08C4AE267E5FFD6DD922A0D069B0C359061007EAF38E84F71478FA4D95ECE4ADF3
                  Malicious:false
                  Reputation:low
                  URL:https://djdhde.mypi.co/sss/?utm_source=capils-newsletter.beehiiv.com&utm_medium=newsletter&utm_campaign=new-post
                  Preview:....<html>.. <body></body>.. <script>.. var u = window.location.href.lastIndexOf("/") + 1;.. var d = window.location.href.substring(u);.. window.location.replace("https://95mc5.zal0.com/1c59/" + d);.. </script>..</html>

                  Static File Info

                  No static file info

                  Network Behavior

                  Network Port Distribution

                  TCP Packets

                  TimestampSource PortDest PortSource IPDest IP
                  Feb 8, 2024 04:12:04.103586912 CET49678443192.168.2.4104.46.162.224
                  Feb 8, 2024 04:12:05.119160891 CET49675443192.168.2.4173.222.162.32
                  Feb 8, 2024 04:12:09.621867895 CET49730443192.168.2.4142.250.105.138
                  Feb 8, 2024 04:12:09.621953964 CET44349730142.250.105.138192.168.2.4
                  Feb 8, 2024 04:12:09.622057915 CET49730443192.168.2.4142.250.105.138
                  Feb 8, 2024 04:12:09.622698069 CET49730443192.168.2.4142.250.105.138
                  Feb 8, 2024 04:12:09.622733116 CET44349730142.250.105.138192.168.2.4
                  Feb 8, 2024 04:12:09.623259068 CET49731443192.168.2.4173.194.219.84
                  Feb 8, 2024 04:12:09.623342991 CET44349731173.194.219.84192.168.2.4
                  Feb 8, 2024 04:12:09.623421907 CET49731443192.168.2.4173.194.219.84
                  Feb 8, 2024 04:12:09.624066114 CET49731443192.168.2.4173.194.219.84
                  Feb 8, 2024 04:12:09.624100924 CET44349731173.194.219.84192.168.2.4
                  Feb 8, 2024 04:12:09.840646029 CET44349730142.250.105.138192.168.2.4
                  Feb 8, 2024 04:12:09.840934992 CET49730443192.168.2.4142.250.105.138
                  Feb 8, 2024 04:12:09.840945959 CET44349730142.250.105.138192.168.2.4
                  Feb 8, 2024 04:12:09.841334105 CET44349730142.250.105.138192.168.2.4
                  Feb 8, 2024 04:12:09.841389894 CET49730443192.168.2.4142.250.105.138
                  Feb 8, 2024 04:12:09.842293024 CET44349730142.250.105.138192.168.2.4
                  Feb 8, 2024 04:12:09.842339993 CET49730443192.168.2.4142.250.105.138
                  Feb 8, 2024 04:12:09.843339920 CET44349731173.194.219.84192.168.2.4
                  Feb 8, 2024 04:12:09.843499899 CET49730443192.168.2.4142.250.105.138
                  Feb 8, 2024 04:12:09.843560934 CET44349730142.250.105.138192.168.2.4
                  Feb 8, 2024 04:12:09.843717098 CET49731443192.168.2.4173.194.219.84
                  Feb 8, 2024 04:12:09.843750000 CET44349731173.194.219.84192.168.2.4
                  Feb 8, 2024 04:12:09.843940020 CET49730443192.168.2.4142.250.105.138
                  Feb 8, 2024 04:12:09.843946934 CET44349730142.250.105.138192.168.2.4
                  Feb 8, 2024 04:12:09.845195055 CET44349731173.194.219.84192.168.2.4
                  Feb 8, 2024 04:12:09.845256090 CET49731443192.168.2.4173.194.219.84
                  Feb 8, 2024 04:12:09.846260071 CET49731443192.168.2.4173.194.219.84
                  Feb 8, 2024 04:12:09.846349001 CET44349731173.194.219.84192.168.2.4
                  Feb 8, 2024 04:12:09.846416950 CET49731443192.168.2.4173.194.219.84
                  Feb 8, 2024 04:12:09.883697987 CET49730443192.168.2.4142.250.105.138
                  Feb 8, 2024 04:12:09.893906116 CET44349731173.194.219.84192.168.2.4
                  Feb 8, 2024 04:12:09.899439096 CET49731443192.168.2.4173.194.219.84
                  Feb 8, 2024 04:12:09.899494886 CET44349731173.194.219.84192.168.2.4
                  Feb 8, 2024 04:12:09.946316957 CET49731443192.168.2.4173.194.219.84
                  Feb 8, 2024 04:12:10.051759958 CET44349730142.250.105.138192.168.2.4
                  Feb 8, 2024 04:12:10.052129984 CET44349730142.250.105.138192.168.2.4
                  Feb 8, 2024 04:12:10.052189112 CET49730443192.168.2.4142.250.105.138
                  Feb 8, 2024 04:12:10.052453041 CET49730443192.168.2.4142.250.105.138
                  Feb 8, 2024 04:12:10.052465916 CET44349730142.250.105.138192.168.2.4
                  Feb 8, 2024 04:12:10.079988956 CET44349731173.194.219.84192.168.2.4
                  Feb 8, 2024 04:12:10.080061913 CET49731443192.168.2.4173.194.219.84
                  Feb 8, 2024 04:12:10.080118895 CET44349731173.194.219.84192.168.2.4
                  Feb 8, 2024 04:12:10.080734015 CET44349731173.194.219.84192.168.2.4
                  Feb 8, 2024 04:12:10.080908060 CET49731443192.168.2.4173.194.219.84
                  Feb 8, 2024 04:12:10.099354029 CET49731443192.168.2.4173.194.219.84
                  Feb 8, 2024 04:12:10.099416971 CET44349731173.194.219.84192.168.2.4
                  Feb 8, 2024 04:12:10.991323948 CET49734443192.168.2.4104.18.68.40
                  Feb 8, 2024 04:12:10.991384029 CET44349734104.18.68.40192.168.2.4
                  Feb 8, 2024 04:12:10.991456032 CET49734443192.168.2.4104.18.68.40
                  Feb 8, 2024 04:12:10.992276907 CET49735443192.168.2.4104.18.68.40
                  Feb 8, 2024 04:12:10.992346048 CET44349735104.18.68.40192.168.2.4
                  Feb 8, 2024 04:12:10.992415905 CET49735443192.168.2.4104.18.68.40
                  Feb 8, 2024 04:12:10.994038105 CET49734443192.168.2.4104.18.68.40
                  Feb 8, 2024 04:12:10.994066954 CET44349734104.18.68.40192.168.2.4
                  Feb 8, 2024 04:12:10.994525909 CET49735443192.168.2.4104.18.68.40
                  Feb 8, 2024 04:12:10.994568110 CET44349735104.18.68.40192.168.2.4
                  Feb 8, 2024 04:12:11.237373114 CET44349734104.18.68.40192.168.2.4
                  Feb 8, 2024 04:12:11.237822056 CET49734443192.168.2.4104.18.68.40
                  Feb 8, 2024 04:12:11.237852097 CET44349734104.18.68.40192.168.2.4
                  Feb 8, 2024 04:12:11.238656044 CET44349735104.18.68.40192.168.2.4
                  Feb 8, 2024 04:12:11.238862038 CET49735443192.168.2.4104.18.68.40
                  Feb 8, 2024 04:12:11.238890886 CET44349735104.18.68.40192.168.2.4
                  Feb 8, 2024 04:12:11.238950968 CET44349734104.18.68.40192.168.2.4
                  Feb 8, 2024 04:12:11.239021063 CET49734443192.168.2.4104.18.68.40
                  Feb 8, 2024 04:12:11.239777088 CET44349735104.18.68.40192.168.2.4
                  Feb 8, 2024 04:12:11.239839077 CET49735443192.168.2.4104.18.68.40
                  Feb 8, 2024 04:12:11.240250111 CET49734443192.168.2.4104.18.68.40
                  Feb 8, 2024 04:12:11.240315914 CET44349734104.18.68.40192.168.2.4
                  Feb 8, 2024 04:12:11.240358114 CET49735443192.168.2.4104.18.68.40
                  Feb 8, 2024 04:12:11.240420103 CET44349735104.18.68.40192.168.2.4
                  Feb 8, 2024 04:12:11.240571976 CET49734443192.168.2.4104.18.68.40
                  Feb 8, 2024 04:12:11.240586042 CET44349734104.18.68.40192.168.2.4
                  Feb 8, 2024 04:12:11.279725075 CET49735443192.168.2.4104.18.68.40
                  Feb 8, 2024 04:12:11.279745102 CET44349735104.18.68.40192.168.2.4
                  Feb 8, 2024 04:12:11.295248985 CET49734443192.168.2.4104.18.68.40
                  Feb 8, 2024 04:12:11.325640917 CET49735443192.168.2.4104.18.68.40
                  Feb 8, 2024 04:12:11.558682919 CET44349734104.18.68.40192.168.2.4
                  Feb 8, 2024 04:12:11.558824062 CET44349734104.18.68.40192.168.2.4
                  Feb 8, 2024 04:12:11.559020042 CET49734443192.168.2.4104.18.68.40
                  Feb 8, 2024 04:12:11.564774990 CET49734443192.168.2.4104.18.68.40
                  Feb 8, 2024 04:12:11.564800024 CET44349734104.18.68.40192.168.2.4
                  Feb 8, 2024 04:12:11.984720945 CET49738443192.168.2.423.237.26.135
                  Feb 8, 2024 04:12:11.984755039 CET4434973823.237.26.135192.168.2.4
                  Feb 8, 2024 04:12:11.984833002 CET49738443192.168.2.423.237.26.135
                  Feb 8, 2024 04:12:11.985238075 CET49738443192.168.2.423.237.26.135
                  Feb 8, 2024 04:12:11.985250950 CET4434973823.237.26.135192.168.2.4
                  Feb 8, 2024 04:12:12.283696890 CET4434973823.237.26.135192.168.2.4
                  Feb 8, 2024 04:12:12.283984900 CET49738443192.168.2.423.237.26.135
                  Feb 8, 2024 04:12:12.284007072 CET4434973823.237.26.135192.168.2.4
                  Feb 8, 2024 04:12:12.284950018 CET4434973823.237.26.135192.168.2.4
                  Feb 8, 2024 04:12:12.285034895 CET49738443192.168.2.423.237.26.135
                  Feb 8, 2024 04:12:12.285998106 CET49738443192.168.2.423.237.26.135
                  Feb 8, 2024 04:12:12.286129951 CET4434973823.237.26.135192.168.2.4
                  Feb 8, 2024 04:12:12.286396980 CET49738443192.168.2.423.237.26.135
                  Feb 8, 2024 04:12:12.286401987 CET4434973823.237.26.135192.168.2.4
                  Feb 8, 2024 04:12:12.336169004 CET49738443192.168.2.423.237.26.135
                  Feb 8, 2024 04:12:12.564888000 CET4434973823.237.26.135192.168.2.4
                  Feb 8, 2024 04:12:12.565278053 CET4434973823.237.26.135192.168.2.4
                  Feb 8, 2024 04:12:12.565361977 CET49738443192.168.2.423.237.26.135
                  Feb 8, 2024 04:12:12.565840960 CET49738443192.168.2.423.237.26.135
                  Feb 8, 2024 04:12:12.565862894 CET4434973823.237.26.135192.168.2.4
                  Feb 8, 2024 04:12:12.571787119 CET49739443192.168.2.423.237.26.135
                  Feb 8, 2024 04:12:12.571834087 CET4434973923.237.26.135192.168.2.4
                  Feb 8, 2024 04:12:12.571901083 CET49739443192.168.2.423.237.26.135
                  Feb 8, 2024 04:12:12.574157953 CET49739443192.168.2.423.237.26.135
                  Feb 8, 2024 04:12:12.574176073 CET4434973923.237.26.135192.168.2.4
                  Feb 8, 2024 04:12:12.874597073 CET4434973923.237.26.135192.168.2.4
                  Feb 8, 2024 04:12:12.874999046 CET49739443192.168.2.423.237.26.135
                  Feb 8, 2024 04:12:12.875025988 CET4434973923.237.26.135192.168.2.4
                  Feb 8, 2024 04:12:12.875771046 CET4434973923.237.26.135192.168.2.4
                  Feb 8, 2024 04:12:12.876693964 CET49739443192.168.2.423.237.26.135
                  Feb 8, 2024 04:12:12.876777887 CET4434973923.237.26.135192.168.2.4
                  Feb 8, 2024 04:12:12.877090931 CET49739443192.168.2.423.237.26.135
                  Feb 8, 2024 04:12:12.921900034 CET4434973923.237.26.135192.168.2.4
                  Feb 8, 2024 04:12:13.170092106 CET4434973923.237.26.135192.168.2.4
                  Feb 8, 2024 04:12:13.170166016 CET4434973923.237.26.135192.168.2.4
                  Feb 8, 2024 04:12:13.170209885 CET49739443192.168.2.423.237.26.135
                  Feb 8, 2024 04:12:13.192379951 CET49739443192.168.2.423.237.26.135
                  Feb 8, 2024 04:12:13.192397118 CET4434973923.237.26.135192.168.2.4
                  Feb 8, 2024 04:12:13.874396086 CET49740443192.168.2.4104.21.42.31
                  Feb 8, 2024 04:12:13.874480009 CET44349740104.21.42.31192.168.2.4
                  Feb 8, 2024 04:12:13.874563932 CET49740443192.168.2.4104.21.42.31
                  Feb 8, 2024 04:12:13.875902891 CET49741443192.168.2.4104.21.42.31
                  Feb 8, 2024 04:12:13.875992060 CET44349741104.21.42.31192.168.2.4
                  Feb 8, 2024 04:12:13.876079082 CET49741443192.168.2.4104.21.42.31
                  Feb 8, 2024 04:12:13.876540899 CET49740443192.168.2.4104.21.42.31
                  Feb 8, 2024 04:12:13.876578093 CET44349740104.21.42.31192.168.2.4
                  Feb 8, 2024 04:12:13.877007008 CET49741443192.168.2.4104.21.42.31
                  Feb 8, 2024 04:12:13.877043009 CET44349741104.21.42.31192.168.2.4
                  Feb 8, 2024 04:12:13.968333006 CET49742443192.168.2.474.125.138.99
                  Feb 8, 2024 04:12:13.968380928 CET4434974274.125.138.99192.168.2.4
                  Feb 8, 2024 04:12:13.968444109 CET49742443192.168.2.474.125.138.99
                  Feb 8, 2024 04:12:13.969075918 CET49742443192.168.2.474.125.138.99
                  Feb 8, 2024 04:12:13.969105959 CET4434974274.125.138.99192.168.2.4
                  Feb 8, 2024 04:12:14.158412933 CET44349741104.21.42.31192.168.2.4
                  Feb 8, 2024 04:12:14.158834934 CET49741443192.168.2.4104.21.42.31
                  Feb 8, 2024 04:12:14.158894062 CET44349741104.21.42.31192.168.2.4
                  Feb 8, 2024 04:12:14.159341097 CET44349740104.21.42.31192.168.2.4
                  Feb 8, 2024 04:12:14.160358906 CET44349741104.21.42.31192.168.2.4
                  Feb 8, 2024 04:12:14.160623074 CET49741443192.168.2.4104.21.42.31
                  Feb 8, 2024 04:12:14.161722898 CET49740443192.168.2.4104.21.42.31
                  Feb 8, 2024 04:12:14.161782980 CET44349740104.21.42.31192.168.2.4
                  Feb 8, 2024 04:12:14.162029982 CET49741443192.168.2.4104.21.42.31
                  Feb 8, 2024 04:12:14.162117958 CET44349741104.21.42.31192.168.2.4
                  Feb 8, 2024 04:12:14.162724972 CET44349740104.21.42.31192.168.2.4
                  Feb 8, 2024 04:12:14.162766933 CET49741443192.168.2.4104.21.42.31
                  Feb 8, 2024 04:12:14.162838936 CET49740443192.168.2.4104.21.42.31
                  Feb 8, 2024 04:12:14.164424896 CET49740443192.168.2.4104.21.42.31
                  Feb 8, 2024 04:12:14.164505005 CET44349740104.21.42.31192.168.2.4
                  Feb 8, 2024 04:12:14.201024055 CET4434974274.125.138.99192.168.2.4
                  Feb 8, 2024 04:12:14.201754093 CET49742443192.168.2.474.125.138.99
                  Feb 8, 2024 04:12:14.201771021 CET4434974274.125.138.99192.168.2.4
                  Feb 8, 2024 04:12:14.202825069 CET4434974274.125.138.99192.168.2.4
                  Feb 8, 2024 04:12:14.202909946 CET49742443192.168.2.474.125.138.99
                  Feb 8, 2024 04:12:14.204324007 CET49742443192.168.2.474.125.138.99
                  Feb 8, 2024 04:12:14.204389095 CET4434974274.125.138.99192.168.2.4
                  Feb 8, 2024 04:12:14.205946922 CET44349741104.21.42.31192.168.2.4
                  Feb 8, 2024 04:12:14.215626001 CET49741443192.168.2.4104.21.42.31
                  Feb 8, 2024 04:12:14.215661049 CET44349741104.21.42.31192.168.2.4
                  Feb 8, 2024 04:12:14.215730906 CET49740443192.168.2.4104.21.42.31
                  Feb 8, 2024 04:12:14.215785027 CET44349740104.21.42.31192.168.2.4
                  Feb 8, 2024 04:12:14.240837097 CET49743443192.168.2.423.36.173.151
                  Feb 8, 2024 04:12:14.240873098 CET4434974323.36.173.151192.168.2.4
                  Feb 8, 2024 04:12:14.241000891 CET49743443192.168.2.423.36.173.151
                  Feb 8, 2024 04:12:14.243120909 CET49743443192.168.2.423.36.173.151
                  Feb 8, 2024 04:12:14.243138075 CET4434974323.36.173.151192.168.2.4
                  Feb 8, 2024 04:12:14.244483948 CET49742443192.168.2.474.125.138.99
                  Feb 8, 2024 04:12:14.244524002 CET4434974274.125.138.99192.168.2.4
                  Feb 8, 2024 04:12:14.259903908 CET49740443192.168.2.4104.21.42.31
                  Feb 8, 2024 04:12:14.260001898 CET49741443192.168.2.4104.21.42.31
                  Feb 8, 2024 04:12:14.290340900 CET49742443192.168.2.474.125.138.99
                  Feb 8, 2024 04:12:14.487293005 CET4434974323.36.173.151192.168.2.4
                  Feb 8, 2024 04:12:14.490988016 CET49743443192.168.2.423.36.173.151
                  Feb 8, 2024 04:12:14.496977091 CET49743443192.168.2.423.36.173.151
                  Feb 8, 2024 04:12:14.496984005 CET4434974323.36.173.151192.168.2.4
                  Feb 8, 2024 04:12:14.497633934 CET4434974323.36.173.151192.168.2.4
                  Feb 8, 2024 04:12:14.548100948 CET49743443192.168.2.423.36.173.151
                  Feb 8, 2024 04:12:14.671595097 CET49743443192.168.2.423.36.173.151
                  Feb 8, 2024 04:12:14.713901043 CET4434974323.36.173.151192.168.2.4
                  Feb 8, 2024 04:12:14.732402086 CET49675443192.168.2.4173.222.162.32
                  Feb 8, 2024 04:12:14.790858030 CET4434974323.36.173.151192.168.2.4
                  Feb 8, 2024 04:12:14.790971994 CET4434974323.36.173.151192.168.2.4
                  Feb 8, 2024 04:12:14.791027069 CET49743443192.168.2.423.36.173.151
                  Feb 8, 2024 04:12:14.791059017 CET4434974323.36.173.151192.168.2.4
                  Feb 8, 2024 04:12:14.791090012 CET49743443192.168.2.423.36.173.151
                  Feb 8, 2024 04:12:14.791098118 CET4434974323.36.173.151192.168.2.4
                  Feb 8, 2024 04:12:14.791148901 CET49743443192.168.2.423.36.173.151
                  Feb 8, 2024 04:12:14.791153908 CET4434974323.36.173.151192.168.2.4
                  Feb 8, 2024 04:12:14.832453966 CET49744443192.168.2.423.36.173.151
                  Feb 8, 2024 04:12:14.832489014 CET4434974423.36.173.151192.168.2.4
                  Feb 8, 2024 04:12:14.832809925 CET49744443192.168.2.423.36.173.151
                  Feb 8, 2024 04:12:14.832809925 CET49744443192.168.2.423.36.173.151
                  Feb 8, 2024 04:12:14.832848072 CET4434974423.36.173.151192.168.2.4
                  Feb 8, 2024 04:12:14.902180910 CET44349741104.21.42.31192.168.2.4
                  Feb 8, 2024 04:12:14.902256012 CET44349741104.21.42.31192.168.2.4
                  Feb 8, 2024 04:12:14.903300047 CET49741443192.168.2.4104.21.42.31
                  Feb 8, 2024 04:12:14.903301001 CET49741443192.168.2.4104.21.42.31
                  Feb 8, 2024 04:12:15.075807095 CET4434974423.36.173.151192.168.2.4
                  Feb 8, 2024 04:12:15.075916052 CET49744443192.168.2.423.36.173.151
                  Feb 8, 2024 04:12:15.076972008 CET49744443192.168.2.423.36.173.151
                  Feb 8, 2024 04:12:15.076980114 CET4434974423.36.173.151192.168.2.4
                  Feb 8, 2024 04:12:15.077305079 CET4434974423.36.173.151192.168.2.4
                  Feb 8, 2024 04:12:15.078596115 CET49744443192.168.2.423.36.173.151
                  Feb 8, 2024 04:12:15.121912956 CET4434974423.36.173.151192.168.2.4
                  Feb 8, 2024 04:12:15.209304094 CET49741443192.168.2.4104.21.42.31
                  Feb 8, 2024 04:12:15.209367990 CET44349741104.21.42.31192.168.2.4
                  Feb 8, 2024 04:12:15.233856916 CET49745443192.168.2.435.190.80.1
                  Feb 8, 2024 04:12:15.233937025 CET4434974535.190.80.1192.168.2.4
                  Feb 8, 2024 04:12:15.234018087 CET49745443192.168.2.435.190.80.1
                  Feb 8, 2024 04:12:15.234988928 CET49745443192.168.2.435.190.80.1
                  Feb 8, 2024 04:12:15.235028982 CET4434974535.190.80.1192.168.2.4
                  Feb 8, 2024 04:12:15.321034908 CET4434974423.36.173.151192.168.2.4
                  Feb 8, 2024 04:12:15.321122885 CET4434974423.36.173.151192.168.2.4
                  Feb 8, 2024 04:12:15.321177006 CET49744443192.168.2.423.36.173.151
                  Feb 8, 2024 04:12:15.322710037 CET49744443192.168.2.423.36.173.151
                  Feb 8, 2024 04:12:15.322725058 CET4434974423.36.173.151192.168.2.4
                  Feb 8, 2024 04:12:15.322740078 CET49744443192.168.2.423.36.173.151
                  Feb 8, 2024 04:12:15.322746992 CET4434974423.36.173.151192.168.2.4
                  Feb 8, 2024 04:12:15.456152916 CET4434974535.190.80.1192.168.2.4
                  Feb 8, 2024 04:12:15.456617117 CET49745443192.168.2.435.190.80.1
                  Feb 8, 2024 04:12:15.456674099 CET4434974535.190.80.1192.168.2.4
                  Feb 8, 2024 04:12:15.458354950 CET4434974535.190.80.1192.168.2.4
                  Feb 8, 2024 04:12:15.458436012 CET49745443192.168.2.435.190.80.1
                  Feb 8, 2024 04:12:15.465311050 CET49745443192.168.2.435.190.80.1
                  Feb 8, 2024 04:12:15.465405941 CET4434974535.190.80.1192.168.2.4
                  Feb 8, 2024 04:12:15.465972900 CET49745443192.168.2.435.190.80.1
                  Feb 8, 2024 04:12:15.465991974 CET4434974535.190.80.1192.168.2.4
                  Feb 8, 2024 04:12:15.509691000 CET49745443192.168.2.435.190.80.1
                  Feb 8, 2024 04:12:15.681377888 CET4434974535.190.80.1192.168.2.4
                  Feb 8, 2024 04:12:15.681473017 CET4434974535.190.80.1192.168.2.4
                  Feb 8, 2024 04:12:15.681546926 CET49745443192.168.2.435.190.80.1
                  Feb 8, 2024 04:12:15.681642056 CET49745443192.168.2.435.190.80.1
                  Feb 8, 2024 04:12:15.681680918 CET4434974535.190.80.1192.168.2.4
                  Feb 8, 2024 04:12:15.682286024 CET49746443192.168.2.435.190.80.1
                  Feb 8, 2024 04:12:15.682306051 CET4434974635.190.80.1192.168.2.4
                  Feb 8, 2024 04:12:15.682358027 CET49746443192.168.2.435.190.80.1
                  Feb 8, 2024 04:12:15.683443069 CET49746443192.168.2.435.190.80.1
                  Feb 8, 2024 04:12:15.683455944 CET4434974635.190.80.1192.168.2.4
                  Feb 8, 2024 04:12:15.895258904 CET4434974635.190.80.1192.168.2.4
                  Feb 8, 2024 04:12:15.907594919 CET49746443192.168.2.435.190.80.1
                  Feb 8, 2024 04:12:15.907605886 CET4434974635.190.80.1192.168.2.4
                  Feb 8, 2024 04:12:15.907929897 CET4434974635.190.80.1192.168.2.4
                  Feb 8, 2024 04:12:15.908838034 CET49746443192.168.2.435.190.80.1
                  Feb 8, 2024 04:12:15.908899069 CET4434974635.190.80.1192.168.2.4
                  Feb 8, 2024 04:12:15.909315109 CET49746443192.168.2.435.190.80.1
                  Feb 8, 2024 04:12:15.949903011 CET4434974635.190.80.1192.168.2.4
                  Feb 8, 2024 04:12:16.127616882 CET4434974635.190.80.1192.168.2.4
                  Feb 8, 2024 04:12:16.127795935 CET4434974635.190.80.1192.168.2.4
                  Feb 8, 2024 04:12:16.127867937 CET49746443192.168.2.435.190.80.1
                  Feb 8, 2024 04:12:16.128238916 CET49746443192.168.2.435.190.80.1
                  Feb 8, 2024 04:12:16.128247023 CET4434974635.190.80.1192.168.2.4
                  Feb 8, 2024 04:12:24.183794975 CET4434974274.125.138.99192.168.2.4
                  Feb 8, 2024 04:12:24.183851957 CET4434974274.125.138.99192.168.2.4
                  Feb 8, 2024 04:12:24.183940887 CET49742443192.168.2.474.125.138.99
                  Feb 8, 2024 04:12:25.622462034 CET49742443192.168.2.474.125.138.99
                  Feb 8, 2024 04:12:25.622489929 CET4434974274.125.138.99192.168.2.4
                  Feb 8, 2024 04:12:26.231906891 CET44349735104.18.68.40192.168.2.4
                  Feb 8, 2024 04:12:26.231976986 CET44349735104.18.68.40192.168.2.4
                  Feb 8, 2024 04:12:26.232070923 CET49735443192.168.2.4104.18.68.40
                  Feb 8, 2024 04:12:27.457456112 CET49735443192.168.2.4104.18.68.40
                  Feb 8, 2024 04:12:27.457518101 CET44349735104.18.68.40192.168.2.4
                  Feb 8, 2024 04:12:29.136358976 CET44349740104.21.42.31192.168.2.4
                  Feb 8, 2024 04:12:29.136421919 CET44349740104.21.42.31192.168.2.4
                  Feb 8, 2024 04:12:29.136619091 CET49740443192.168.2.4104.21.42.31
                  Feb 8, 2024 04:12:29.620898008 CET49740443192.168.2.4104.21.42.31
                  Feb 8, 2024 04:12:29.620974064 CET44349740104.21.42.31192.168.2.4
                  Feb 8, 2024 04:13:14.109700918 CET49755443192.168.2.474.125.138.99
                  Feb 8, 2024 04:13:14.109787941 CET4434975574.125.138.99192.168.2.4
                  Feb 8, 2024 04:13:14.109877110 CET49755443192.168.2.474.125.138.99
                  Feb 8, 2024 04:13:14.110059977 CET49755443192.168.2.474.125.138.99
                  Feb 8, 2024 04:13:14.110080957 CET4434975574.125.138.99192.168.2.4
                  Feb 8, 2024 04:13:14.324820042 CET4434975574.125.138.99192.168.2.4
                  Feb 8, 2024 04:13:14.326495886 CET49755443192.168.2.474.125.138.99
                  Feb 8, 2024 04:13:14.326553106 CET4434975574.125.138.99192.168.2.4
                  Feb 8, 2024 04:13:14.327032089 CET4434975574.125.138.99192.168.2.4
                  Feb 8, 2024 04:13:14.331355095 CET49755443192.168.2.474.125.138.99
                  Feb 8, 2024 04:13:14.331444025 CET4434975574.125.138.99192.168.2.4
                  Feb 8, 2024 04:13:14.386006117 CET49755443192.168.2.474.125.138.99
                  Feb 8, 2024 04:13:23.055905104 CET4972380192.168.2.423.43.243.112
                  Feb 8, 2024 04:13:23.239734888 CET804972323.43.243.112192.168.2.4
                  Feb 8, 2024 04:13:23.239859104 CET4972380192.168.2.423.43.243.112
                  Feb 8, 2024 04:13:24.331103086 CET4434975574.125.138.99192.168.2.4
                  Feb 8, 2024 04:13:24.331163883 CET4434975574.125.138.99192.168.2.4
                  Feb 8, 2024 04:13:24.331257105 CET49755443192.168.2.474.125.138.99
                  Feb 8, 2024 04:13:25.619935036 CET49755443192.168.2.474.125.138.99
                  Feb 8, 2024 04:13:25.619968891 CET4434975574.125.138.99192.168.2.4

                  UDP Packets

                  TimestampSource PortDest PortSource IPDest IP
                  Feb 8, 2024 04:12:09.443917036 CET53532081.1.1.1192.168.2.4
                  Feb 8, 2024 04:12:09.502916098 CET6403453192.168.2.41.1.1.1
                  Feb 8, 2024 04:12:09.503159046 CET5062153192.168.2.41.1.1.1
                  Feb 8, 2024 04:12:09.504596949 CET5676653192.168.2.41.1.1.1
                  Feb 8, 2024 04:12:09.504837990 CET5658253192.168.2.41.1.1.1
                  Feb 8, 2024 04:12:09.620517015 CET53640341.1.1.1192.168.2.4
                  Feb 8, 2024 04:12:09.620563030 CET53506211.1.1.1192.168.2.4
                  Feb 8, 2024 04:12:09.621932983 CET53565821.1.1.1192.168.2.4
                  Feb 8, 2024 04:12:09.622057915 CET53567661.1.1.1192.168.2.4
                  Feb 8, 2024 04:12:10.231784105 CET53549751.1.1.1192.168.2.4
                  Feb 8, 2024 04:12:10.871884108 CET6189353192.168.2.41.1.1.1
                  Feb 8, 2024 04:12:10.872450113 CET6032453192.168.2.41.1.1.1
                  Feb 8, 2024 04:12:10.989728928 CET53618931.1.1.1192.168.2.4
                  Feb 8, 2024 04:12:10.990703106 CET53603241.1.1.1192.168.2.4
                  Feb 8, 2024 04:12:11.568206072 CET6539453192.168.2.41.1.1.1
                  Feb 8, 2024 04:12:11.568595886 CET6430353192.168.2.41.1.1.1
                  Feb 8, 2024 04:12:11.917548895 CET53653941.1.1.1192.168.2.4
                  Feb 8, 2024 04:12:12.165251970 CET53643031.1.1.1192.168.2.4
                  Feb 8, 2024 04:12:13.724823952 CET5441553192.168.2.41.1.1.1
                  Feb 8, 2024 04:12:13.725169897 CET5606553192.168.2.41.1.1.1
                  Feb 8, 2024 04:12:13.843189955 CET5600953192.168.2.41.1.1.1
                  Feb 8, 2024 04:12:13.843734980 CET5127753192.168.2.41.1.1.1
                  Feb 8, 2024 04:12:13.868684053 CET53544151.1.1.1192.168.2.4
                  Feb 8, 2024 04:12:13.873287916 CET53560651.1.1.1192.168.2.4
                  Feb 8, 2024 04:12:13.963557005 CET53560091.1.1.1192.168.2.4
                  Feb 8, 2024 04:12:13.965178013 CET53512771.1.1.1192.168.2.4
                  Feb 8, 2024 04:12:15.107882977 CET6445653192.168.2.41.1.1.1
                  Feb 8, 2024 04:12:15.108241081 CET6074753192.168.2.41.1.1.1
                  Feb 8, 2024 04:12:15.225311995 CET53644561.1.1.1192.168.2.4
                  Feb 8, 2024 04:12:15.225589037 CET53607471.1.1.1192.168.2.4
                  Feb 8, 2024 04:12:27.576915026 CET53544391.1.1.1192.168.2.4
                  Feb 8, 2024 04:12:34.626610994 CET138138192.168.2.4192.168.2.255
                  Feb 8, 2024 04:12:46.659281969 CET53519051.1.1.1192.168.2.4
                  Feb 8, 2024 04:13:09.286067963 CET53515451.1.1.1192.168.2.4
                  Feb 8, 2024 04:13:09.518475056 CET53628541.1.1.1192.168.2.4
                  Feb 8, 2024 04:13:37.299674034 CET53568971.1.1.1192.168.2.4

                  ICMP Packets

                  TimestampSource IPDest IPChecksumCodeType
                  Feb 8, 2024 04:12:12.165488958 CET192.168.2.41.1.1.1c221(Port unreachable)Destination Unreachable

                  DNS Queries

                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                  Feb 8, 2024 04:12:09.502916098 CET192.168.2.41.1.1.10xbae4Standard query (0)clients2.google.comA (IP address)IN (0x0001)false
                  Feb 8, 2024 04:12:09.503159046 CET192.168.2.41.1.1.10x132aStandard query (0)clients2.google.com65IN (0x0001)false
                  Feb 8, 2024 04:12:09.504596949 CET192.168.2.41.1.1.10x2d3dStandard query (0)accounts.google.comA (IP address)IN (0x0001)false
                  Feb 8, 2024 04:12:09.504837990 CET192.168.2.41.1.1.10x6138Standard query (0)accounts.google.com65IN (0x0001)false
                  Feb 8, 2024 04:12:10.871884108 CET192.168.2.41.1.1.10xa0d4Standard query (0)link.mail.beehiiv.comA (IP address)IN (0x0001)false
                  Feb 8, 2024 04:12:10.872450113 CET192.168.2.41.1.1.10xe84dStandard query (0)link.mail.beehiiv.com65IN (0x0001)false
                  Feb 8, 2024 04:12:11.568206072 CET192.168.2.41.1.1.10xb2d1Standard query (0)djdhde.mypi.coA (IP address)IN (0x0001)false
                  Feb 8, 2024 04:12:11.568595886 CET192.168.2.41.1.1.10xbccfStandard query (0)djdhde.mypi.co65IN (0x0001)false
                  Feb 8, 2024 04:12:13.724823952 CET192.168.2.41.1.1.10xaa1bStandard query (0)95mc5.zal0.comA (IP address)IN (0x0001)false
                  Feb 8, 2024 04:12:13.725169897 CET192.168.2.41.1.1.10x14adStandard query (0)95mc5.zal0.com65IN (0x0001)false
                  Feb 8, 2024 04:12:13.843189955 CET192.168.2.41.1.1.10x53aStandard query (0)www.google.comA (IP address)IN (0x0001)false
                  Feb 8, 2024 04:12:13.843734980 CET192.168.2.41.1.1.10x2c36Standard query (0)www.google.com65IN (0x0001)false
                  Feb 8, 2024 04:12:15.107882977 CET192.168.2.41.1.1.10x5098Standard query (0)a.nel.cloudflare.comA (IP address)IN (0x0001)false
                  Feb 8, 2024 04:12:15.108241081 CET192.168.2.41.1.1.10xe770Standard query (0)a.nel.cloudflare.com65IN (0x0001)false

                  DNS Answers

                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                  Feb 8, 2024 04:12:09.620517015 CET1.1.1.1192.168.2.40xbae4No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                  Feb 8, 2024 04:12:09.620517015 CET1.1.1.1192.168.2.40xbae4No error (0)clients.l.google.com142.250.105.138A (IP address)IN (0x0001)false
                  Feb 8, 2024 04:12:09.620517015 CET1.1.1.1192.168.2.40xbae4No error (0)clients.l.google.com142.250.105.113A (IP address)IN (0x0001)false
                  Feb 8, 2024 04:12:09.620517015 CET1.1.1.1192.168.2.40xbae4No error (0)clients.l.google.com142.250.105.101A (IP address)IN (0x0001)false
                  Feb 8, 2024 04:12:09.620517015 CET1.1.1.1192.168.2.40xbae4No error (0)clients.l.google.com142.250.105.100A (IP address)IN (0x0001)false
                  Feb 8, 2024 04:12:09.620517015 CET1.1.1.1192.168.2.40xbae4No error (0)clients.l.google.com142.250.105.139A (IP address)IN (0x0001)false
                  Feb 8, 2024 04:12:09.620517015 CET1.1.1.1192.168.2.40xbae4No error (0)clients.l.google.com142.250.105.102A (IP address)IN (0x0001)false
                  Feb 8, 2024 04:12:09.620563030 CET1.1.1.1192.168.2.40x132aNo error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                  Feb 8, 2024 04:12:09.622057915 CET1.1.1.1192.168.2.40x2d3dNo error (0)accounts.google.com173.194.219.84A (IP address)IN (0x0001)false
                  Feb 8, 2024 04:12:10.989728928 CET1.1.1.1192.168.2.40xa0d4No error (0)link.mail.beehiiv.com104.18.68.40A (IP address)IN (0x0001)false
                  Feb 8, 2024 04:12:10.989728928 CET1.1.1.1192.168.2.40xa0d4No error (0)link.mail.beehiiv.com104.18.69.40A (IP address)IN (0x0001)false
                  Feb 8, 2024 04:12:10.990703106 CET1.1.1.1192.168.2.40xe84dNo error (0)link.mail.beehiiv.com65IN (0x0001)false
                  Feb 8, 2024 04:12:11.917548895 CET1.1.1.1192.168.2.40xb2d1No error (0)djdhde.mypi.co23.237.26.135A (IP address)IN (0x0001)false
                  Feb 8, 2024 04:12:13.868684053 CET1.1.1.1192.168.2.40xaa1bNo error (0)95mc5.zal0.com104.21.42.31A (IP address)IN (0x0001)false
                  Feb 8, 2024 04:12:13.868684053 CET1.1.1.1192.168.2.40xaa1bNo error (0)95mc5.zal0.com172.67.199.185A (IP address)IN (0x0001)false
                  Feb 8, 2024 04:12:13.873287916 CET1.1.1.1192.168.2.40x14adNo error (0)95mc5.zal0.com65IN (0x0001)false
                  Feb 8, 2024 04:12:13.963557005 CET1.1.1.1192.168.2.40x53aNo error (0)www.google.com74.125.138.99A (IP address)IN (0x0001)false
                  Feb 8, 2024 04:12:13.963557005 CET1.1.1.1192.168.2.40x53aNo error (0)www.google.com74.125.138.105A (IP address)IN (0x0001)false
                  Feb 8, 2024 04:12:13.963557005 CET1.1.1.1192.168.2.40x53aNo error (0)www.google.com74.125.138.106A (IP address)IN (0x0001)false
                  Feb 8, 2024 04:12:13.963557005 CET1.1.1.1192.168.2.40x53aNo error (0)www.google.com74.125.138.147A (IP address)IN (0x0001)false
                  Feb 8, 2024 04:12:13.963557005 CET1.1.1.1192.168.2.40x53aNo error (0)www.google.com74.125.138.104A (IP address)IN (0x0001)false
                  Feb 8, 2024 04:12:13.963557005 CET1.1.1.1192.168.2.40x53aNo error (0)www.google.com74.125.138.103A (IP address)IN (0x0001)false
                  Feb 8, 2024 04:12:13.965178013 CET1.1.1.1192.168.2.40x2c36No error (0)www.google.com65IN (0x0001)false
                  Feb 8, 2024 04:12:15.225311995 CET1.1.1.1192.168.2.40x5098No error (0)a.nel.cloudflare.com35.190.80.1A (IP address)IN (0x0001)false
                  Feb 8, 2024 04:12:27.366760015 CET1.1.1.1192.168.2.40x6125No error (0)windowsupdatebg.s.llnwi.net69.164.42.0A (IP address)IN (0x0001)false
                  Feb 8, 2024 04:12:27.734215021 CET1.1.1.1192.168.2.40x9575No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                  Feb 8, 2024 04:12:27.734215021 CET1.1.1.1192.168.2.40x9575No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
                  Feb 8, 2024 04:12:40.643136978 CET1.1.1.1192.168.2.40xb4a2No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                  Feb 8, 2024 04:12:40.643136978 CET1.1.1.1192.168.2.40xb4a2No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
                  Feb 8, 2024 04:13:01.798568964 CET1.1.1.1192.168.2.40xdd34No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                  Feb 8, 2024 04:13:01.798568964 CET1.1.1.1192.168.2.40xdd34No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false

                  HTTP Request Dependency Graph

                  • clients2.google.com
                  • accounts.google.com
                  • link.mail.beehiiv.com
                  • djdhde.mypi.co
                  • https:
                    • 95mc5.zal0.com
                  • fs.microsoft.com
                  • a.nel.cloudflare.com

                  HTTPS Proxied Packets

                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  0192.168.2.449730142.250.105.1384431800C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  2024-02-08 03:12:09 UTC752OUTGET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1
                  Host: clients2.google.com
                  Connection: keep-alive
                  X-Goog-Update-Interactivity: fg
                  X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda
                  X-Goog-Update-Updater: chromecrx-117.0.5938.132
                  Sec-Fetch-Site: none
                  Sec-Fetch-Mode: no-cors
                  Sec-Fetch-Dest: empty
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  2024-02-08 03:12:10 UTC732INHTTP/1.1 200 OK
                  Content-Security-Policy: script-src 'report-sample' 'nonce-bgTeqHxUk3BJI3pv_RB74Q' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                  Pragma: no-cache
                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                  Date: Thu, 08 Feb 2024 03:12:09 GMT
                  Content-Type: text/xml; charset=UTF-8
                  X-Daynum: 6246
                  X-Daystart: 69129
                  X-Content-Type-Options: nosniff
                  X-Frame-Options: SAMEORIGIN
                  X-XSS-Protection: 1; mode=block
                  Server: GSE
                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                  Accept-Ranges: none
                  Vary: Accept-Encoding
                  Connection: close
                  Transfer-Encoding: chunked
                  2024-02-08 03:12:10 UTC520INData Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 32 34 36 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 36 39 31 32 39 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22
                  Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6246" elapsed_seconds="69129"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
                  2024-02-08 03:12:10 UTC200INData Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a
                  Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
                  2024-02-08 03:12:10 UTC5INData Raw: 30 0d 0a 0d 0a
                  Data Ascii: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  1192.168.2.449731173.194.219.844431800C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  2024-02-08 03:12:09 UTC680OUTPOST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1
                  Host: accounts.google.com
                  Connection: keep-alive
                  Content-Length: 1
                  Origin: https://www.google.com
                  Content-Type: application/x-www-form-urlencoded
                  Sec-Fetch-Site: none
                  Sec-Fetch-Mode: no-cors
                  Sec-Fetch-Dest: empty
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
                  2024-02-08 03:12:09 UTC1OUTData Raw: 20
                  Data Ascii:
                  2024-02-08 03:12:10 UTC1798INHTTP/1.1 200 OK
                  Content-Type: application/json; charset=utf-8
                  Access-Control-Allow-Origin: https://www.google.com
                  Access-Control-Allow-Credentials: true
                  X-Content-Type-Options: nosniff
                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                  Pragma: no-cache
                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                  Date: Thu, 08 Feb 2024 03:12:10 GMT
                  Strict-Transport-Security: max-age=31536000; includeSubDomains
                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                  Content-Security-Policy: script-src 'report-sample' 'nonce-KhXBsvPPyGQ9GKwbL9XgJg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self'
                  Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist
                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport
                  Cross-Origin-Opener-Policy: same-origin
                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
                  reporting-endpoints: default="/_/IdentityListAccountsHttp/web-reports?context=eJzjMtDikmLw1JBiOHxtB5Meyy0mIyCe2_2UaSEQH4x7znQUiHf4eLA4pc9gDQJiIW6Ort6J69gEOq51sAEAmLYWJg"
                  Server: ESF
                  X-XSS-Protection: 0
                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                  Accept-Ranges: none
                  Vary: Accept-Encoding
                  Connection: close
                  Transfer-Encoding: chunked
                  2024-02-08 03:12:10 UTC23INData Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a
                  Data Ascii: 11["gaia.l.a.r",[]]
                  2024-02-08 03:12:10 UTC5INData Raw: 30 0d 0a 0d 0a
                  Data Ascii: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  2192.168.2.449734104.18.68.404431800C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  2024-02-08 03:12:11 UTC1390OUTGET /ls/click?upn=fBLT-2BLuQl3NwiQlY-2FUB-2F7yZK63rzVbOt6SRjyVrBIqFzFDo8M-2Fg4Bo4-2BO4hpom8z7ZLuxy2QxlYMgW1Gzy6pwCm23aez0vVyhBm7eCGwE0WdMbo1BXh-2BFRtbcaklbKh26FDy0n-2FdQ9t7RCwaH39WupxeBlLns-2FCYgl5f1ctJEhM-3DLmFo_AmeWD5ZsKC-2B3ZheZjnDpbUkAKgKl5WpTuOJCpyDqXRc8K-2FlFlJ4-2Bn1zDfmQE1bOIB5-2BmaBYS52bqAMuImdaBWt-2B7NcvDjHLSjDEqun4F40VGOju6f5eraMm-2BmA2cI4TwN5m-2FdXmsuh3AvB8I3hqCf5Su72C52AB82bXT78OFaGhLdykrKPYdzAmNePbUMkJfeZ1o1xXkpY533PpjggEufwqS96U2lHFtuM0AF0XznjCWvz2-2FAJxdv2yOU4Rja8sE1aVzAzUItssHkUW9tujzTKsHooxa0T1wqU-2BXsNw6IZYMBuNd2XQD3BPavL2FyKwgqOl-2BNlCpAsuRQyxxqbQ0sxmCsvEzI2nw166vYROKCjGmPPQtR1NyNiLpj317EtiqLrlvsktdS8N6bgTfK0t-2FA2HLcAR1clK9xdGWlVkoBfmmnRGIBboAePQ8ToZagwj4auB1PmTKZ9aQMtFdh-2FNJV17VPUH2ibgU2d8MV21fLKU-3D HTTP/1.1
                  Host: link.mail.beehiiv.com
                  Connection: keep-alive
                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                  sec-ch-ua-mobile: ?0
                  sec-ch-ua-platform: "Windows"
                  Upgrade-Insecure-Requests: 1
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                  Sec-Fetch-Site: none
                  Sec-Fetch-Mode: navigate
                  Sec-Fetch-User: ?1
                  Sec-Fetch-Dest: document
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  2024-02-08 03:12:11 UTC644INHTTP/1.1 302 Found
                  Date: Thu, 08 Feb 2024 03:12:11 GMT
                  Content-Type: text/html; charset=utf-8
                  Transfer-Encoding: chunked
                  Connection: close
                  Location: https://djdhde.mypi.co/sss?utm_source=capils-newsletter.beehiiv.com&utm_medium=newsletter&utm_campaign=new-post
                  X-Robots-Tag: noindex, nofollow
                  CF-Cache-Status: DYNAMIC
                  Set-Cookie: __cf_bm=VMw8XAEupyMOVEEpCasM8HkY0.05w4IFnSMuX.nympE-1707361931-1-AWPayZJyXqdG6lhvuYi5DmzfNrOZV+Kz1D4dIftsgUf9oeiuPJqiwadVKe/XuZyc7gJxSQHMqAGwmT7TmRsHgW4=; path=/; expires=Thu, 08-Feb-24 03:42:11 GMT; domain=.beehiiv.com; HttpOnly; Secure; SameSite=None
                  Server: cloudflare
                  CF-RAY: 8520b086881f6762-ATL
                  2024-02-08 03:12:11 UTC148INData Raw: 38 65 0d 0a 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 6a 64 68 64 65 2e 6d 79 70 69 2e 63 6f 2f 73 73 73 3f 75 74 6d 5f 73 6f 75 72 63 65 3d 63 61 70 69 6c 73 2d 6e 65 77 73 6c 65 74 74 65 72 2e 62 65 65 68 69 69 76 2e 63 6f 6d 26 61 6d 70 3b 75 74 6d 5f 6d 65 64 69 75 6d 3d 6e 65 77 73 6c 65 74 74 65 72 26 61 6d 70 3b 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 6e 65 77 2d 70 6f 73 74 22 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a 0d 0a
                  Data Ascii: 8e<a href="https://djdhde.mypi.co/sss?utm_source=capils-newsletter.beehiiv.com&amp;utm_medium=newsletter&amp;utm_campaign=new-post">Found</a>.
                  2024-02-08 03:12:11 UTC5INData Raw: 30 0d 0a 0d 0a
                  Data Ascii: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  3192.168.2.44973823.237.26.1354431800C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  2024-02-08 03:12:12 UTC745OUTGET /sss?utm_source=capils-newsletter.beehiiv.com&utm_medium=newsletter&utm_campaign=new-post HTTP/1.1
                  Host: djdhde.mypi.co
                  Connection: keep-alive
                  Upgrade-Insecure-Requests: 1
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                  Sec-Fetch-Site: none
                  Sec-Fetch-Mode: navigate
                  Sec-Fetch-User: ?1
                  Sec-Fetch-Dest: document
                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                  sec-ch-ua-mobile: ?0
                  sec-ch-ua-platform: "Windows"
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  2024-02-08 03:12:12 UTC296INHTTP/1.1 301 Moved Permanently
                  Date: Thu, 08 Feb 2024 03:12:12 GMT
                  Server: Apache
                  Location: https://djdhde.mypi.co/sss/?utm_source=capils-newsletter.beehiiv.com&utm_medium=newsletter&utm_campaign=new-post
                  Content-Length: 328
                  Connection: close
                  Content-Type: text/html; charset=iso-8859-1
                  2024-02-08 03:12:12 UTC328INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 6a 64 68 64 65 2e 6d 79 70 69 2e 63 6f 2f 73 73 73 2f 3f 75 74 6d 5f 73 6f 75 72 63 65 3d 63 61 70 69 6c 73 2d 6e 65 77 73 6c 65 74 74 65 72 2e 62 65 65 68 69 69 76 2e 63 6f 6d 26 61 6d 70 3b 75 74 6d 5f 6d
                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://djdhde.mypi.co/sss/?utm_source=capils-newsletter.beehiiv.com&amp;utm_m


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  4192.168.2.44973923.237.26.1354431800C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  2024-02-08 03:12:12 UTC746OUTGET /sss/?utm_source=capils-newsletter.beehiiv.com&utm_medium=newsletter&utm_campaign=new-post HTTP/1.1
                  Host: djdhde.mypi.co
                  Connection: keep-alive
                  Upgrade-Insecure-Requests: 1
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                  Sec-Fetch-Site: none
                  Sec-Fetch-Mode: navigate
                  Sec-Fetch-User: ?1
                  Sec-Fetch-Dest: document
                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                  sec-ch-ua-mobile: ?0
                  sec-ch-ua-platform: "Windows"
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  2024-02-08 03:12:13 UTC159INHTTP/1.1 200 OK
                  Date: Thu, 08 Feb 2024 03:12:13 GMT
                  Server: Apache
                  Connection: close
                  Transfer-Encoding: chunked
                  Content-Type: text/html; charset=UTF-8
                  2024-02-08 03:12:13 UTC243INData Raw: 65 38 0d 0a 0d 0a 0d 0a 3c 68 74 6d 6c 3e 0d 0a 20 20 3c 62 6f 64 79 3e 3c 2f 62 6f 64 79 3e 0d 0a 20 20 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 76 61 72 20 75 20 3d 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 2e 6c 61 73 74 49 6e 64 65 78 4f 66 28 22 2f 22 29 20 2b 20 31 3b 0d 0a 20 20 20 20 76 61 72 20 64 20 3d 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 2e 73 75 62 73 74 72 69 6e 67 28 75 29 3b 0d 0a 20 20 20 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 72 65 70 6c 61 63 65 28 22 68 74 74 70 73 3a 2f 2f 39 35 6d 63 35 2e 7a 61 6c 30 2e 63 6f 6d 2f 31 63 35 39 2f 22 20 2b 20 64 29 3b 0d 0a 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 74 6d 6c 3e 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: e8<html> <body></body> <script> var u = window.location.href.lastIndexOf("/") + 1; var d = window.location.href.substring(u); window.location.replace("https://95mc5.zal0.com/1c59/" + d); </script></html> 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  5192.168.2.449741104.21.42.314431800C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  2024-02-08 03:12:14 UTC704OUTGET /1c59/bfariss@onedigital.com HTTP/1.1
                  Host: 95mc5.zal0.com
                  Connection: keep-alive
                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                  sec-ch-ua-mobile: ?0
                  sec-ch-ua-platform: "Windows"
                  Upgrade-Insecure-Requests: 1
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                  Sec-Fetch-Site: cross-site
                  Sec-Fetch-Mode: navigate
                  Sec-Fetch-Dest: document
                  Referer: https://djdhde.mypi.co/
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  2024-02-08 03:12:14 UTC593INHTTP/1.1 404 Not Found
                  Date: Thu, 08 Feb 2024 03:12:14 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: close
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JvzAOwjrvKCevnRIYGcOt%2F%2BKGLoq%2FdcbLo4As7kws%2FEH5EFlag3L9wq0cSK2TCUcWjCAAX3hxavpwx6efifO%2FHXPXGytwHYunzVN1%2BI8vxxvV%2BkUX14%2FWvtDv9gCorDxvg%3D%3D"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 8520b099a823243d-ATL
                  alt-svc: h3=":443"; ma=86400
                  2024-02-08 03:12:14 UTC5INData Raw: 30 0d 0a 0d 0a
                  Data Ascii: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  6192.168.2.44974323.36.173.151443
                  TimestampBytes transferredDirectionData
                  2024-02-08 03:12:14 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                  Connection: Keep-Alive
                  Accept: */*
                  Accept-Encoding: identity
                  User-Agent: Microsoft BITS/7.8
                  Host: fs.microsoft.com
                  2024-02-08 03:12:14 UTC533INHTTP/1.1 200 OK
                  Content-Type: application/octet-stream
                  Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                  ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                  X-Ms-ApiVersion: Distribute 1.2
                  X-Ms-Region: prod-eus2-z1
                  Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                  X-MSEdge-Ref: Ref A: 8C857257FAFC4FD0BEE0CC4AFD10C4B7 Ref B: CHGEDGE1109 Ref C: 2024-02-07T04:17:16Z
                  Cache-Control: public, max-age=176725
                  Date: Thu, 08 Feb 2024 03:12:14 GMT
                  Connection: close
                  X-CID: 2


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  7192.168.2.44974423.36.173.151443
                  TimestampBytes transferredDirectionData
                  2024-02-08 03:12:15 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                  Connection: Keep-Alive
                  Accept: */*
                  Accept-Encoding: identity
                  If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                  Range: bytes=0-2147483646
                  User-Agent: Microsoft BITS/7.8
                  Host: fs.microsoft.com
                  2024-02-08 03:12:15 UTC499INHTTP/1.1 200 OK
                  Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                  ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                  Content-Type: application/octet-stream
                  ApiVersion: Distribute 1.1
                  Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                  x-azure-ref: 20230124T070847Z-nx8cantr796gx1cmcgrfhmv1vc000000040000000000135s
                  Cache-Control: public, max-age=172470
                  Date: Thu, 08 Feb 2024 03:12:15 GMT
                  Content-Length: 55
                  Connection: close
                  X-CID: 2
                  2024-02-08 03:12:15 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                  Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  8192.168.2.44974535.190.80.14431800C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  2024-02-08 03:12:15 UTC547OUTOPTIONS /report/v3?s=JvzAOwjrvKCevnRIYGcOt%2F%2BKGLoq%2FdcbLo4As7kws%2FEH5EFlag3L9wq0cSK2TCUcWjCAAX3hxavpwx6efifO%2FHXPXGytwHYunzVN1%2BI8vxxvV%2BkUX14%2FWvtDv9gCorDxvg%3D%3D HTTP/1.1
                  Host: a.nel.cloudflare.com
                  Connection: keep-alive
                  Origin: https://95mc5.zal0.com
                  Access-Control-Request-Method: POST
                  Access-Control-Request-Headers: content-type
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  2024-02-08 03:12:15 UTC336INHTTP/1.1 200 OK
                  Content-Length: 0
                  access-control-max-age: 86400
                  access-control-allow-methods: POST, OPTIONS
                  access-control-allow-origin: *
                  access-control-allow-headers: content-type, content-length
                  date: Thu, 08 Feb 2024 03:12:15 GMT
                  Via: 1.1 google
                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                  Connection: close


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  9192.168.2.44974635.190.80.14431800C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  2024-02-08 03:12:15 UTC490OUTPOST /report/v3?s=JvzAOwjrvKCevnRIYGcOt%2F%2BKGLoq%2FdcbLo4As7kws%2FEH5EFlag3L9wq0cSK2TCUcWjCAAX3hxavpwx6efifO%2FHXPXGytwHYunzVN1%2BI8vxxvV%2BkUX14%2FWvtDv9gCorDxvg%3D%3D HTTP/1.1
                  Host: a.nel.cloudflare.com
                  Connection: keep-alive
                  Content-Length: 436
                  Content-Type: application/reports+json
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  2024-02-08 03:12:15 UTC436OUTData Raw: 5b 7b 22 61 67 65 22 3a 32 30 34 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 31 31 37 38 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 64 6a 64 68 64 65 2e 6d 79 70 69 2e 63 6f 2f 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 30 34 2e 32 31 2e 34 32 2e 33 31 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 34 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 3a
                  Data Ascii: [{"age":204,"body":{"elapsed_time":1178,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://djdhde.mypi.co/","sampling_fraction":1.0,"server_ip":"104.21.42.31","status_code":404,"type":"http.error"},"type":"network-error","url":
                  2024-02-08 03:12:16 UTC168INHTTP/1.1 200 OK
                  Content-Length: 0
                  date: Thu, 08 Feb 2024 03:12:16 GMT
                  Via: 1.1 google
                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                  Connection: close


                  Statistics

                  CPU Usage

                  Click to jump to process

                  Memory Usage

                  Click to jump to process

                  Behavior

                  Click to jump to process

                  System Behavior

                  General

                  Target ID:0
                  Start time:04:12:06
                  Start date:08/02/2024
                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
                  Imagebase:0x7ff76e190000
                  File size:3'242'272 bytes
                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:low
                  Has exited:false

                  General

                  Target ID:2
                  Start time:04:12:07
                  Start date:08/02/2024
                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 --field-trial-handle=2492,i,5070101363910953062,9900782759702370279,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                  Imagebase:0x7ff76e190000
                  File size:3'242'272 bytes
                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:low
                  Has exited:false

                  General

                  Target ID:3
                  Start time:04:12:09
                  Start date:08/02/2024
                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" "https://link.mail.beehiiv.com/ls/click?upn=fBLT-2BLuQl3NwiQlY-2FUB-2F7yZK63rzVbOt6SRjyVrBIqFzFDo8M-2Fg4Bo4-2BO4hpom8z7ZLuxy2QxlYMgW1Gzy6pwCm23aez0vVyhBm7eCGwE0WdMbo1BXh-2BFRtbcaklbKh26FDy0n-2FdQ9t7RCwaH39WupxeBlLns-2FCYgl5f1ctJEhM-3DLmFo_AmeWD5ZsKC-2B3ZheZjnDpbUkAKgKl5WpTuOJCpyDqXRc8K-2FlFlJ4-2Bn1zDfmQE1bOIB5-2BmaBYS52bqAMuImdaBWt-2B7NcvDjHLSjDEqun4F40VGOju6f5eraMm-2BmA2cI4TwN5m-2FdXmsuh3AvB8I3hqCf5Su72C52AB82bXT78OFaGhLdykrKPYdzAmNePbUMkJfeZ1o1xXkpY533PpjggEufwqS96U2lHFtuM0AF0XznjCWvz2-2FAJxdv2yOU4Rja8sE1aVzAzUItssHkUW9tujzTKsHooxa0T1wqU-2BXsNw6IZYMBuNd2XQD3BPavL2FyKwgqOl-2BNlCpAsuRQyxxqbQ0sxmCsvEzI2nw166vYROKCjGmPPQtR1NyNiLpj317EtiqLrlvsktdS8N6bgTfK0t-2FA2HLcAR1clK9xdGWlVkoBfmmnRGIBboAePQ8ToZagwj4auB1PmTKZ9aQMtFdh-2FNJV17VPUH2ibgU2d8MV21fLKU-3D#/?/#/?/bfariss@onedigital.com
                  Imagebase:0x7ff76e190000
                  File size:3'242'272 bytes
                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:low
                  Has exited:true

                  Disassembly

                  No disassembly