Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
LACTALIS SECURED 03-13-2024.htm

Overview

General Information

Sample name:	LACTALIS SECURED 03-13-2024.htm
Analysis ID:	1408667
MD5:	3ab12f62fd8ade43ee8e5c5834df09ee
SHA1:	4b62208cdbbf39e15594f4e47c67efe36220436f
SHA256:	2fb0961295b950ab1d5f2f8f7a5e1d3bd0d05085e8db0dbc129f73d2488afff2
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Phishing site detected (based on image similarity)

Phishing site detected (based on logo match)

Detected clear text password fields (password is not hidden)

HTML body contains low number of good links

IP address seen in connection with other malware

Invalid T&C link found

JA3 SSL client fingerprint seen in connection with other malware

No HTML title found

Classification

×

Process Tree

System is w10x64

chrome.exe (PID: 1364 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\LACTALIS SECURED 03-13-2024.htm MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7232 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1988,i,3153800486124712002,7715303740752761237,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://axfdemax.za.com/sass/flsks/likey/sffsdf/index.html

SlashNext: Label: Credential Stealing type: Phishing & Social Engineering

Phishing

Phishing site detected (based on image similarity)

Source: https://axfdemax.za.com/sass/flsks/likey/sffsdf/index.html

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site detected (based on logo match)

Source: https://axfdemax.za.com/sass/flsks/likey/sffsdf/index.html

Matcher: Template: microsoft matched

Source: https://axfdemax.za.com/sass/flsks/likey/sffsdf/index.html

HTTP Parser: <input type="text"... for password input

Source: https://axfdemax.za.com/sass/flsks/likey/sffsdf/index.html

HTTP Parser: Number of links: 0

Source: https://axfdemax.za.com/sass/flsks/likey/sffsdf/index.html

HTTP Parser: Invalid link: Privacy statement

Source: https://axfdemax.za.com/sass/flsks/likey/sffsdf/index.html

HTTP Parser: HTML title missing

Source: LACTALIS SECURED 03-13-2024.htm	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/LACTALIS%20SECURED%2003-13-2024.htm	HTTP Parser: No favicon

Source: https://axfdemax.za.com/sass/flsks/likey/sffsdf/index.html

HTTP Parser: No <meta name="author".. found

Source: https://axfdemax.za.com/sass/flsks/likey/sffsdf/index.html

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49756 version: TLS 1.2

Source: Joe Sandbox View

IP Address: 239.255.255.250 239.255.255.250

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /sass/flsks/likey/sffsdf/index.html HTTP/1.1Host: axfdemax.za.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: objectAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=d+FFmycfvRdO1B9&MD=mrFoy4z2 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=d+FFmycfvRdO1B9&MD=mrFoy4z2 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: unknown

DNS traffic detected: queries for: axfdemax.za.com

Source: chromecache_61.2.dr	String found in binary or memory: https://axfdemax.za.com/sass/flsks/likey/sffsdf/575455.ico
Source: chromecache_61.2.dr	String found in binary or memory: https://axfdemax.za.com/sass/flsks/likey/sffsdf/gh78.php?usLetter=
Source: LACTALIS SECURED 03-13-2024.htm	String found in binary or memory: https://axfdemax.za.com/sass/flsks/likey/sffsdf/index.html

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756

Source: unknown	HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49756 version: TLS 1.2

Source: classification engine

Classification label: mal56.phis.winHTM@26/4@4/4

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\LACTALIS SECURED 03-13-2024.htm
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1988,i,3153800486124712002,7715303740752761237,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1988,i,3153800486124712002,7715303740752761237,262144 /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://axfdemax.za.com/sass/flsks/likey/sffsdf/index.html	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering
https://axfdemax.za.com/sass/flsks/likey/sffsdf/gh78.php?usLetter=	0%	Avira URL Cloud	safe
https://axfdemax.za.com/sass/flsks/likey/sffsdf/575455.ico	0%	Avira URL Cloud	safe
file:///C:/Users/user/Desktop/LACTALIS%20SECURED%2003-13-2024.htm	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
www.google.com	142.251.41.4	true	false		high
axfdemax.za.com	23.237.26.135	true	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://axfdemax.za.com/sass/flsks/likey/sffsdf/index.html	true	SlashNext: Credential Stealing type: Phishing & Social Engineering	unknown
file:///C:/Users/user/Desktop/LACTALIS%20SECURED%2003-13-2024.htm	false	Avira URL Cloud: safe	low

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://axfdemax.za.com/sass/flsks/likey/sffsdf/gh78.php?usLetter=	chromecache_61.2.dr	false	Avira URL Cloud: safe	unknown
https://axfdemax.za.com/sass/flsks/likey/sffsdf/575455.ico	chromecache_61.2.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
23.237.26.135	axfdemax.za.com	United States		174	COGENT-174US	false
239.255.255.250	unknown	Reserved		unknown	unknown	false
142.251.41.4	www.google.com	United States		15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1408667
Start date and time:	2024-03-13 22:27:22 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 24s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	LACTALIS SECURED 03-13-2024.htm
Detection:	MAL
Classification:	mal56.phis.winHTM@26/4@4/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .htm

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.251.35.174, 142.250.65.227, 172.253.115.84, 34.104.35.123, 142.251.41.10, 142.251.40.202, 142.250.65.202, 142.250.80.42, 142.250.65.170, 142.250.80.106, 142.250.81.234, 142.250.176.202, 142.251.32.106, 142.250.80.74, 142.250.72.106, 172.217.165.138, 142.250.80.10, 142.250.65.234, 142.250.64.106, 142.251.40.234, 142.251.40.106, 142.251.35.170, 142.251.40.170, 142.251.40.138, 72.21.81.240, 192.229.211.108, 142.251.40.163, 142.250.176.206
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, update.googleapis.com, clients.l.google.com, optimizationguide-pa.googleapis.com
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: LACTALIS SECURED 03-13-2024.htm

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
23.237.26.135	https://link.mail.beehiiv.com/ls/click?upn=fBLT-2BLuQl3NwiQlY-2FUB-2F7yZK63rzVbOt6SRjyVrBIqFzFDo8M-2Fg4Bo4-2BO4hpom8z7ZLuxy2QxlYMgW1Gzy6pwCm23aez0vVyhBm7eCGwE0WdMbo1BXh-2BFRtbcaklbKh26FDy0n-2FdQ9t7RCwaH39WupxeBlLns-2FCYgl5f1ctJEhM-3DLmFo_AmeWD5ZsKC-2B3ZheZjnDpbUkAKgKl5WpTuOJCpyDqXRc8K-2FlFlJ4-2Bn1zDfmQE1bOIB5-2BmaBYS52bqAMuImdaBWt-2B7NcvDjHLSjDEqun4F40VGOju6f5eraMm-2BmA2cI4TwN5m-2FdXmsuh3AvB8I3hqCf5Su72C52AB82bXT78OFaGhLdykrKPYdzAmNePbUMkJfeZ1o1xXkpY533PpjggEufwqS96U2lHFtuM0AF0XznjCWvz2-2FAJxdv2yOU4Rja8sE1aVzAzUItssHkUW9tujzTKsHooxa0T1wqU-2BXsNw6IZYMBuNd2XQD3BPavL2FyKwgqOl-2BNlCpAsuRQyxxqbQ0sxmCsvEzI2nw166vYROKCjGmPPQtR1NyNiLpj317EtiqLrlvsktdS8N6bgTfK0t-2FA2HLcAR1clK9xdGWlVkoBfmmnRGIBboAePQ8ToZagwj4auB1PmTKZ9aQMtFdh-2FNJV17VPUH2ibgU2d8MV21fLKU-3D#/?/#/?/bfariss@onedigital.com	Get hash	malicious	Unknown	Browse
23.237.26.135	https://link.mail.beehiiv.com/ls/click?upn=fBLT-2BLuQl3NwiQlY-2FUB-2F7yZK63rzVbOt6SRjyVrBIqFzFDo8M-2Fg4Bo4-2BO4hpom8z7ZLuxy2QxlYMgW1Gzy6pwCm23aez0vVyhBm7eCGwE0WdMbo1BXh-2BFRtbcaklbKh26FDy0n-2FdQ9t7RCwaH39WupxeBlLns-2FCYgl5f1ctJEhM-3DLmFo_AmeWD5ZsKC-2B3ZheZjnDpbUkAKgKl5WpTuOJCpyDqXRc8K-2FlFlJ4-2Bn1zDfmQE1bOIB5-2BmaBYS52bqAMuImdaBWt-2B7NcvDjHLSjDEqun4F40VGOju6f5eraMm-2BmA2cI4TwN5m-2FdXmsuh3AvB8I3hqCf5Su72C52AB82bXT78OFaGhLdykrKPYdzAmNePbUMkJfeZ1o1xXkpY533PpjggEufwqS96U2lHFtuM0AF0XznjCWvz2-2FAJxdv2yOU4Rja8sE1aVzAzUItssHkUW9tujzTKsHooxa0T1wqU-2BXsNw6IZYMBuNd2XQD3BPavL2FyKwgqOl-2BNlCpAsuRQyxxqbQ0sxmCsvEzI2nw166vYROKCjGmPPQtR1NyNiLpj317EtiqLrlvsktdS8N6bgTfK0t-2FA2HLcAR1clK9xdGWlVkoBfmmnRGIBboAePQ8ToZagwj4auB1PmTKZ9aQMtFdh-2FNJV17VPUH2ibgU2d8MV21fLKU-3D#/?/%23/?/marketing@virtualintelligencebriefing.com	Get hash	malicious	Unknown	Browse
239.255.255.250	https://www.trumark.tszc.hu	Get hash	malicious	Unknown	Browse
	https://lookerstudio.google.com/s/l3M3K3X4dgg	Get hash	malicious	HTMLPhisher	Browse
	https://trumarkonline-org.icu/tru/tru/	Get hash	malicious	Unknown	Browse
	https://us-west-2.protection.sophos.com/?d=t.co&u=aHR0cHM6Ly90LmNvLzF2akR0Slo3NWI=&i=NjJiNDVkNjkyZTg3NzAxMTg5MDc0MzYw&t=NVVQVlp5aWhKZm8xN21JSVhsSjlLYThvQzBqeXYwNGFoZ3ljZThpcUxtQT0=&h=4bbc9376ec464f81990368c3ba6663ee&s=AVNPUEhUT0NFTkNSWVBUSVYwN3vOuG7LsRoI7ywcaEgqWjLPEyhZz7ZbnUDwgkgdUA	Get hash	malicious	HTMLPhisher	Browse
	https://www.thedmgusa.com/	Get hash	malicious	Unknown	Browse
	https://trk.klclick3.com/wf/open?upn=u001.k5ke7y0TXSePxGzgFDUu1pu1W-2F9bNDflzxKX2RSayyGarrIbRvlAdjzbMk9m3gUBU96D27MXhjWhk-2F-2Fm9jO0XJptK9POdfbiKg5PyYV25BK6HCg6Y8PqEtWWmXbhhQc3HU10QkSmOBH-2BXcz1eD7Ovi6mh9YtbZIpnaMrtqvutQxrXwjEHEHSsPkG1IOz3BITIPGkYEgfzOZ5S0M9E-2FcilKkwlRMNGY5qBCE25AFuk6JXsNPXlJiBh6ExiwJbgAYv2OyCKR8KH91lHeFsOcv9y010rKZT4RqvhhTTzDTeGZeD-2BccnPDz-2BUTm1EpmnWJA41PFQX6zzQznXFFhiKWD5JxJJZrdSsSwffO2N-2FJcjTd1D0Pacle1VPahrzpjP53Kmjswtp3yK1Y8JfsvvFn3VyZ-2F9MNgyNPqurvaULVSEcgGXK-2F-2FP-2Bv91EZtkyAF9eOGpCyAS-2BFqz0rciyz40X8hhOu1eCeFfCzFhu8ihQ-2BEJa-2BU-3D	Get hash	malicious	Unknown	Browse
	https://ln.run/85lqv	Get hash	malicious	Unknown	Browse
	https://ncv.microsoft.com/LIwsxDzYT5	Get hash	malicious	Unknown	Browse
	https://drive.google.com/file/d/1pYrpqsBlixPX09xmQVGWsYgO-44VNt0c/view?usp=drive_web	Get hash	malicious	Quasar	Browse
	http://costcowholesale-mycashbackreward.com/	Get hash	malicious	Unknown	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
COGENT-174US	SecuriteInfo.com.Win64.DropperX-gen.10232.23831.exe	Get hash	malicious	Unknown	Browse	38.54.57.26
	pUQL9ZI8ks.elf	Get hash	malicious	Mirai	Browse	38.79.210.239
	SecuriteInfo.com.Linux.Siggen.9999.29772.19360.elf	Get hash	malicious	Mirai	Browse	206.185.207.246
	mips-20240313-0840.elf	Get hash	malicious	Mirai, Moobot	Browse	38.197.168.234
	arm-20240313-0840.elf	Get hash	malicious	Mirai, Moobot	Browse	167.141.118.220
	TJoFRT42dh.elf	Get hash	malicious	Mirai	Browse	38.33.63.167
	ox0CSfGwkZ.elf	Get hash	malicious	Mirai	Browse	149.123.129.5
	ZlC15kDKk5.elf	Get hash	malicious	Mirai	Browse	38.155.239.85
	QXp14SFCPn.elf	Get hash	malicious	Mirai	Browse	38.217.98.237
	9b7samXJWK.elf	Get hash	malicious	Mirai	Browse	149.53.234.158

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	https://www.trumark.tszc.hu	Get hash	malicious	Unknown	Browse	13.85.23.86 23.51.58.94 20.114.59.183
	https://lookerstudio.google.com/s/l3M3K3X4dgg	Get hash	malicious	HTMLPhisher	Browse	13.85.23.86 23.51.58.94 20.114.59.183
	https://trumarkonline-org.icu/tru/tru/	Get hash	malicious	Unknown	Browse	13.85.23.86 23.51.58.94 20.114.59.183
	https://us-west-2.protection.sophos.com/?d=t.co&u=aHR0cHM6Ly90LmNvLzF2akR0Slo3NWI=&i=NjJiNDVkNjkyZTg3NzAxMTg5MDc0MzYw&t=NVVQVlp5aWhKZm8xN21JSVhsSjlLYThvQzBqeXYwNGFoZ3ljZThpcUxtQT0=&h=4bbc9376ec464f81990368c3ba6663ee&s=AVNPUEhUT0NFTkNSWVBUSVYwN3vOuG7LsRoI7ywcaEgqWjLPEyhZz7ZbnUDwgkgdUA	Get hash	malicious	HTMLPhisher	Browse	13.85.23.86 23.51.58.94 20.114.59.183
	https://trk.klclick3.com/wf/open?upn=u001.k5ke7y0TXSePxGzgFDUu1pu1W-2F9bNDflzxKX2RSayyGarrIbRvlAdjzbMk9m3gUBU96D27MXhjWhk-2F-2Fm9jO0XJptK9POdfbiKg5PyYV25BK6HCg6Y8PqEtWWmXbhhQc3HU10QkSmOBH-2BXcz1eD7Ovi6mh9YtbZIpnaMrtqvutQxrXwjEHEHSsPkG1IOz3BITIPGkYEgfzOZ5S0M9E-2FcilKkwlRMNGY5qBCE25AFuk6JXsNPXlJiBh6ExiwJbgAYv2OyCKR8KH91lHeFsOcv9y010rKZT4RqvhhTTzDTeGZeD-2BccnPDz-2BUTm1EpmnWJA41PFQX6zzQznXFFhiKWD5JxJJZrdSsSwffO2N-2FJcjTd1D0Pacle1VPahrzpjP53Kmjswtp3yK1Y8JfsvvFn3VyZ-2F9MNgyNPqurvaULVSEcgGXK-2F-2FP-2Bv91EZtkyAF9eOGpCyAS-2BFqz0rciyz40X8hhOu1eCeFfCzFhu8ihQ-2BEJa-2BU-3D	Get hash	malicious	Unknown	Browse	13.85.23.86 23.51.58.94 20.114.59.183
	https://ln.run/85lqv	Get hash	malicious	Unknown	Browse	13.85.23.86 23.51.58.94 20.114.59.183
	https://ncv.microsoft.com/LIwsxDzYT5	Get hash	malicious	Unknown	Browse	13.85.23.86 23.51.58.94 20.114.59.183
	https://drive.google.com/file/d/1pYrpqsBlixPX09xmQVGWsYgO-44VNt0c/view?usp=drive_web	Get hash	malicious	Quasar	Browse	13.85.23.86 23.51.58.94 20.114.59.183
	http://link.naver.com	Get hash	malicious	Unknown	Browse	13.85.23.86 23.51.58.94 20.114.59.183
	https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:2fbb59a5-45e3-4bc2-91f7-1018be0086b6	Get hash	malicious	Unknown	Browse	13.85.23.86 23.51.58.94 20.114.59.183

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 61

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (59092), with CRLF line terminators
Category:	downloaded
Size (bytes):	469857
Entropy (8bit):	6.0480763355182425
Encrypted:	false
SSDEEP:	12288:WN8JoPrA6XGXJf8+fkO/82O+qndAcgdC6geE:3oPUtXdifnyCWE
MD5:	3C3E3411BB3EDB643692E0AF136C9D11
SHA1:	E49CE48A7099942530C6A9FC384593F54F5AC8C6
SHA-256:	BAF7BCB51B00502F8180DB46630B2AC7F1F8A1BD1A0A0BFF378E6A8E3DAFFC6A
SHA-512:	943950777CC880CE4112DA536D3BBE1EA814D2B255AE9B418A0E3F5D2FECA38E3E35696DEC7B2694F9CDB93CBCC47EED1219A8786F99A634B1995D0FB6F74FEB
Malicious:	false
Reputation:	low
URL:	https://axfdemax.za.com/sass/flsks/likey/sffsdf/index.html
Preview:	<html lang="en">....<head>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" />.. <meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate" />.. <meta http-equiv="Pragma" content="no-cache" />.. <meta http-equiv="Expires" content="0" />.. <meta name="title" content="eStatements 575455" />.. <meta name="application-name" content="eStatements 575455" />.. <meta name="mobile-web-app-capable" content="yes" />.. <meta name="apple-mobile-web-app-capable" content="yes" />.. <meta name="apple-mobile-web-app-title" content="Mobile rules" />.. <link rel="icon" href="https://axfdemax.za.com/sass/flsks/likey/sffsdf/575455.ico" type="image/x-icon"/>.... <style>.. [class~=logoico]{width:300pt;}[class~=pdfico]{width:90.5pt; padding-left: 9%;padding-top: 20%;}#btnNextLink{background-color:#0067b8;}input[type="text"]:focus{border-bottom-width:1.5pt;}#btnNextL

Chrome Cache Entry: 62

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	28
Entropy (8bit):	4.182005814760213
Encrypted:	false
SSDEEP:	3:9WIKL:9WIKL
MD5:	0D7D875E3EE5B0909656624C1ACE2072
SHA1:	F69555A08E55A8F6B5FDF71BDBE6C0EC9D201F3E
SHA-256:	6FA71577AEECEC6AC1C3B517F7A605FE0637762A12C38B60C231E0FE47525857
SHA-512:	A1954F5AADDA84F8F442D4C9BAF6BE8495681386824B320B3FF073D26AD19ABB84F4FE81057FB1B95D871C94629E589DC0FAF8889887BEE33F738C695CA4E2FD
Malicious:	false
Reputation:	moderate, very likely benign file
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwnTr_dQ4Z8xvRIFDfv5GBsSBQ06Bmvc?alt=proto
Preview:	ChIKBw37+RgbGgAKBw06BmvcGgA=

Static File Info

General

File type:	ASCII text, with no line terminators
Entropy (8bit):	4.736303832554428
TrID:
File name:	LACTALIS SECURED 03-13-2024.htm
File size:	127 bytes
MD5:	3ab12f62fd8ade43ee8e5c5834df09ee
SHA1:	4b62208cdbbf39e15594f4e47c67efe36220436f
SHA256:	2fb0961295b950ab1d5f2f8f7a5e1d3bd0d05085e8db0dbc129f73d2488afff2
SHA512:	a0970f1a979797f59441ebf8a47a4396ed7de1ce6982014e006dd90aac2de2daf27160b07268e04009824ad3efd69c30d14de57a94c2e74c633828bc041ef15c
SSDEEP:	3:1GR9YjF2DQyyWWkJoOA1aQF/cUi3sN+0irJqRAdsRIJIKHPp:IYjF4TohaQ/U3tZrJqLR03Pp
TLSH:	7AB02B21B2C9D400C42C09908261892CC023E10CCA4091C4C8C0F4649C242F07C0850B
File Content Preview:	<object data="https://axfdemax.za.com/sass/flsks/likey/sffsdf/index.html" width="100%" height="100%" type="text/html"></object>

File Icon


Icon Hash:	173149cccc490307

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 13, 2024 22:28:08.194046021 CET	49675	443	192.168.2.4	173.222.162.32
Mar 13, 2024 22:28:16.672477961 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:16.672508001 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:16.672573090 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:16.673121929 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:16.673137903 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:16.783999920 CET	49733	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:16.784040928 CET	443	49733	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:16.784106016 CET	49733	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:16.784347057 CET	49733	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:16.784364939 CET	443	49733	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:16.956918001 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:16.957115889 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:16.957132101 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:16.958571911 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:16.958632946 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:16.961167097 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:16.961368084 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:16.961569071 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:16.961579084 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.005721092 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.061146975 CET	443	49733	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.061331987 CET	49733	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.061352015 CET	443	49733	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.064966917 CET	443	49733	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.065040112 CET	49733	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.065344095 CET	49733	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.065515041 CET	443	49733	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.145167112 CET	49733	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.145184040 CET	443	49733	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.203011990 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.203073025 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.203094006 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.203547001 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.203564882 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.254143953 CET	49733	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.254159927 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.332026005 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.332056046 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.332113981 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.332149029 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.332195044 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.332206011 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.332233906 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.332261086 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.332269907 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.332303047 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.332303047 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.332408905 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.332461119 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.332504034 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.332504034 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.332534075 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.332606077 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.460954905 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.461074114 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.461133957 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.461155891 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.461170912 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.461251020 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.461266994 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.461338043 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.461469889 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.461554050 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.461559057 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.461577892 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.461630106 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.461630106 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.461723089 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.461832047 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.462292910 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.462372065 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.506500959 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.506599903 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.590439081 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.590529919 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.590981007 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.591068029 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.591459036 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.591547966 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.591860056 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.591962099 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.592912912 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.592987061 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.593301058 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.593372107 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.593702078 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.593836069 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.597285986 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.597357035 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.597543001 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.597625971 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.597676992 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.597733974 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.597879887 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.597933054 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.597991943 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.598073959 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.598208904 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.598269939 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.635252953 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.635354042 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.635432959 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.635495901 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.721040964 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.721276045 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.721415043 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.721539021 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.721550941 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.721673012 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.721888065 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.722009897 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.722259045 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.722333908 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.722409010 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.722491980 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.722714901 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.722790003 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.723123074 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.723197937 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.723774910 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.723898888 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.724136114 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.724211931 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.725285053 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.725385904 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.725428104 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.725502968 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.725624084 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.725693941 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.726114035 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.726207018 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.726479053 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.726538897 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.729033947 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.729116917 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.729346991 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.729414940 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.729593039 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.729672909 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.729775906 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.729839087 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.730072021 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.730151892 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.730555058 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.730663061 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.730912924 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.731007099 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.731153965 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.731216908 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.731486082 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.731566906 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.731586933 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.731643915 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.731774092 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.731849909 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.764409065 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.764671087 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.764746904 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.764822960 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.764890909 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.764981031 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.765114069 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.765182018 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.801680088 CET	49675	443	192.168.2.4	173.222.162.32
Mar 13, 2024 22:28:17.805128098 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.805255890 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.805273056 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.805294037 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.805346012 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.805363894 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.805607080 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.805619955 CET	443	49732	23.237.26.135	192.168.2.4
Mar 13, 2024 22:28:17.805670977 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:17.805670977 CET	49732	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:28:20.915751934 CET	49741	443	192.168.2.4	142.251.41.4
Mar 13, 2024 22:28:20.915821075 CET	443	49741	142.251.41.4	192.168.2.4
Mar 13, 2024 22:28:20.915899992 CET	49741	443	192.168.2.4	142.251.41.4
Mar 13, 2024 22:28:20.916315079 CET	49741	443	192.168.2.4	142.251.41.4
Mar 13, 2024 22:28:20.916347027 CET	443	49741	142.251.41.4	192.168.2.4
Mar 13, 2024 22:28:21.121428967 CET	443	49741	142.251.41.4	192.168.2.4
Mar 13, 2024 22:28:21.122764111 CET	49741	443	192.168.2.4	142.251.41.4
Mar 13, 2024 22:28:21.122800112 CET	443	49741	142.251.41.4	192.168.2.4
Mar 13, 2024 22:28:21.124450922 CET	443	49741	142.251.41.4	192.168.2.4
Mar 13, 2024 22:28:21.124783993 CET	49741	443	192.168.2.4	142.251.41.4
Mar 13, 2024 22:28:21.128792048 CET	49741	443	192.168.2.4	142.251.41.4
Mar 13, 2024 22:28:21.128890038 CET	443	49741	142.251.41.4	192.168.2.4
Mar 13, 2024 22:28:21.177170038 CET	49741	443	192.168.2.4	142.251.41.4
Mar 13, 2024 22:28:21.177189112 CET	443	49741	142.251.41.4	192.168.2.4
Mar 13, 2024 22:28:21.224031925 CET	49741	443	192.168.2.4	142.251.41.4
Mar 13, 2024 22:28:21.389341116 CET	49742	443	192.168.2.4	23.51.58.94
Mar 13, 2024 22:28:21.389379978 CET	443	49742	23.51.58.94	192.168.2.4
Mar 13, 2024 22:28:21.389466047 CET	49742	443	192.168.2.4	23.51.58.94
Mar 13, 2024 22:28:21.393732071 CET	49742	443	192.168.2.4	23.51.58.94
Mar 13, 2024 22:28:21.393767118 CET	443	49742	23.51.58.94	192.168.2.4
Mar 13, 2024 22:28:21.579983950 CET	443	49742	23.51.58.94	192.168.2.4
Mar 13, 2024 22:28:21.580070019 CET	49742	443	192.168.2.4	23.51.58.94
Mar 13, 2024 22:28:21.588035107 CET	49742	443	192.168.2.4	23.51.58.94
Mar 13, 2024 22:28:21.588051081 CET	443	49742	23.51.58.94	192.168.2.4
Mar 13, 2024 22:28:21.588275909 CET	443	49742	23.51.58.94	192.168.2.4
Mar 13, 2024 22:28:21.630274057 CET	49742	443	192.168.2.4	23.51.58.94
Mar 13, 2024 22:28:21.748810053 CET	49742	443	192.168.2.4	23.51.58.94
Mar 13, 2024 22:28:21.792279005 CET	443	49742	23.51.58.94	192.168.2.4
Mar 13, 2024 22:28:21.836915970 CET	443	49742	23.51.58.94	192.168.2.4
Mar 13, 2024 22:28:21.837030888 CET	443	49742	23.51.58.94	192.168.2.4
Mar 13, 2024 22:28:21.837131977 CET	49742	443	192.168.2.4	23.51.58.94
Mar 13, 2024 22:28:21.837400913 CET	49742	443	192.168.2.4	23.51.58.94
Mar 13, 2024 22:28:21.837418079 CET	443	49742	23.51.58.94	192.168.2.4
Mar 13, 2024 22:28:21.837430954 CET	49742	443	192.168.2.4	23.51.58.94
Mar 13, 2024 22:28:21.837438107 CET	443	49742	23.51.58.94	192.168.2.4
Mar 13, 2024 22:28:21.891663074 CET	49743	443	192.168.2.4	23.51.58.94
Mar 13, 2024 22:28:21.891741037 CET	443	49743	23.51.58.94	192.168.2.4
Mar 13, 2024 22:28:21.891828060 CET	49743	443	192.168.2.4	23.51.58.94
Mar 13, 2024 22:28:21.892663956 CET	49743	443	192.168.2.4	23.51.58.94
Mar 13, 2024 22:28:21.892704964 CET	443	49743	23.51.58.94	192.168.2.4
Mar 13, 2024 22:28:22.073986053 CET	443	49743	23.51.58.94	192.168.2.4
Mar 13, 2024 22:28:22.074065924 CET	49743	443	192.168.2.4	23.51.58.94
Mar 13, 2024 22:28:22.075295925 CET	49743	443	192.168.2.4	23.51.58.94
Mar 13, 2024 22:28:22.075318098 CET	443	49743	23.51.58.94	192.168.2.4
Mar 13, 2024 22:28:22.075572968 CET	443	49743	23.51.58.94	192.168.2.4
Mar 13, 2024 22:28:22.076777935 CET	49743	443	192.168.2.4	23.51.58.94
Mar 13, 2024 22:28:22.120260000 CET	443	49743	23.51.58.94	192.168.2.4
Mar 13, 2024 22:28:22.249285936 CET	443	49743	23.51.58.94	192.168.2.4
Mar 13, 2024 22:28:22.249648094 CET	443	49743	23.51.58.94	192.168.2.4
Mar 13, 2024 22:28:22.249789953 CET	49743	443	192.168.2.4	23.51.58.94
Mar 13, 2024 22:28:22.250613928 CET	49743	443	192.168.2.4	23.51.58.94
Mar 13, 2024 22:28:22.250643969 CET	443	49743	23.51.58.94	192.168.2.4
Mar 13, 2024 22:28:22.250670910 CET	49743	443	192.168.2.4	23.51.58.94
Mar 13, 2024 22:28:22.250684023 CET	443	49743	23.51.58.94	192.168.2.4
Mar 13, 2024 22:28:30.967354059 CET	49747	443	192.168.2.4	13.85.23.86
Mar 13, 2024 22:28:30.967432976 CET	443	49747	13.85.23.86	192.168.2.4
Mar 13, 2024 22:28:30.967570066 CET	49747	443	192.168.2.4	13.85.23.86
Mar 13, 2024 22:28:30.968946934 CET	49747	443	192.168.2.4	13.85.23.86
Mar 13, 2024 22:28:30.968985081 CET	443	49747	13.85.23.86	192.168.2.4
Mar 13, 2024 22:28:31.099483013 CET	443	49741	142.251.41.4	192.168.2.4
Mar 13, 2024 22:28:31.099530935 CET	443	49741	142.251.41.4	192.168.2.4
Mar 13, 2024 22:28:31.099720955 CET	49741	443	192.168.2.4	142.251.41.4
Mar 13, 2024 22:28:31.392843962 CET	443	49747	13.85.23.86	192.168.2.4
Mar 13, 2024 22:28:31.392951012 CET	49747	443	192.168.2.4	13.85.23.86
Mar 13, 2024 22:28:31.421416998 CET	49741	443	192.168.2.4	142.251.41.4
Mar 13, 2024 22:28:31.421454906 CET	443	49741	142.251.41.4	192.168.2.4
Mar 13, 2024 22:28:31.426413059 CET	49747	443	192.168.2.4	13.85.23.86
Mar 13, 2024 22:28:31.426446915 CET	443	49747	13.85.23.86	192.168.2.4
Mar 13, 2024 22:28:31.426825047 CET	443	49747	13.85.23.86	192.168.2.4
Mar 13, 2024 22:28:31.474489927 CET	49747	443	192.168.2.4	13.85.23.86
Mar 13, 2024 22:28:32.254240036 CET	49747	443	192.168.2.4	13.85.23.86
Mar 13, 2024 22:28:32.296264887 CET	443	49747	13.85.23.86	192.168.2.4
Mar 13, 2024 22:28:32.527241945 CET	443	49747	13.85.23.86	192.168.2.4
Mar 13, 2024 22:28:32.527262926 CET	443	49747	13.85.23.86	192.168.2.4
Mar 13, 2024 22:28:32.527270079 CET	443	49747	13.85.23.86	192.168.2.4
Mar 13, 2024 22:28:32.527278900 CET	443	49747	13.85.23.86	192.168.2.4
Mar 13, 2024 22:28:32.527318954 CET	443	49747	13.85.23.86	192.168.2.4
Mar 13, 2024 22:28:32.527333021 CET	49747	443	192.168.2.4	13.85.23.86
Mar 13, 2024 22:28:32.527362108 CET	443	49747	13.85.23.86	192.168.2.4
Mar 13, 2024 22:28:32.527410984 CET	49747	443	192.168.2.4	13.85.23.86
Mar 13, 2024 22:28:32.527738094 CET	443	49747	13.85.23.86	192.168.2.4
Mar 13, 2024 22:28:32.527796030 CET	443	49747	13.85.23.86	192.168.2.4
Mar 13, 2024 22:28:32.527800083 CET	49747	443	192.168.2.4	13.85.23.86
Mar 13, 2024 22:28:32.527950048 CET	49747	443	192.168.2.4	13.85.23.86
Mar 13, 2024 22:28:32.823210955 CET	49747	443	192.168.2.4	13.85.23.86
Mar 13, 2024 22:28:32.823240042 CET	443	49747	13.85.23.86	192.168.2.4
Mar 13, 2024 22:28:32.823271036 CET	49747	443	192.168.2.4	13.85.23.86
Mar 13, 2024 22:28:32.823287964 CET	443	49747	13.85.23.86	192.168.2.4
Mar 13, 2024 22:29:02.152229071 CET	49733	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:29:02.152244091 CET	443	49733	23.237.26.135	192.168.2.4
Mar 13, 2024 22:29:10.234699011 CET	49756	443	192.168.2.4	20.114.59.183
Mar 13, 2024 22:29:10.234796047 CET	443	49756	20.114.59.183	192.168.2.4
Mar 13, 2024 22:29:10.234900951 CET	49756	443	192.168.2.4	20.114.59.183
Mar 13, 2024 22:29:10.235308886 CET	49756	443	192.168.2.4	20.114.59.183
Mar 13, 2024 22:29:10.235344887 CET	443	49756	20.114.59.183	192.168.2.4
Mar 13, 2024 22:29:10.739008904 CET	443	49756	20.114.59.183	192.168.2.4
Mar 13, 2024 22:29:10.739098072 CET	49756	443	192.168.2.4	20.114.59.183
Mar 13, 2024 22:29:10.742901087 CET	49756	443	192.168.2.4	20.114.59.183
Mar 13, 2024 22:29:10.742919922 CET	443	49756	20.114.59.183	192.168.2.4
Mar 13, 2024 22:29:10.743136883 CET	443	49756	20.114.59.183	192.168.2.4
Mar 13, 2024 22:29:10.755448103 CET	49756	443	192.168.2.4	20.114.59.183
Mar 13, 2024 22:29:10.796272993 CET	443	49756	20.114.59.183	192.168.2.4
Mar 13, 2024 22:29:11.232904911 CET	443	49756	20.114.59.183	192.168.2.4
Mar 13, 2024 22:29:11.232927084 CET	443	49756	20.114.59.183	192.168.2.4
Mar 13, 2024 22:29:11.232942104 CET	443	49756	20.114.59.183	192.168.2.4
Mar 13, 2024 22:29:11.233145952 CET	49756	443	192.168.2.4	20.114.59.183
Mar 13, 2024 22:29:11.233206034 CET	443	49756	20.114.59.183	192.168.2.4
Mar 13, 2024 22:29:11.233267069 CET	49756	443	192.168.2.4	20.114.59.183
Mar 13, 2024 22:29:11.233323097 CET	443	49756	20.114.59.183	192.168.2.4
Mar 13, 2024 22:29:11.233351946 CET	443	49756	20.114.59.183	192.168.2.4
Mar 13, 2024 22:29:11.233388901 CET	443	49756	20.114.59.183	192.168.2.4
Mar 13, 2024 22:29:11.233515024 CET	49756	443	192.168.2.4	20.114.59.183
Mar 13, 2024 22:29:11.233577967 CET	49756	443	192.168.2.4	20.114.59.183
Mar 13, 2024 22:29:11.239989042 CET	49756	443	192.168.2.4	20.114.59.183
Mar 13, 2024 22:29:11.240052938 CET	443	49756	20.114.59.183	192.168.2.4
Mar 13, 2024 22:29:11.240087986 CET	49756	443	192.168.2.4	20.114.59.183
Mar 13, 2024 22:29:11.240106106 CET	443	49756	20.114.59.183	192.168.2.4
Mar 13, 2024 22:29:17.569545984 CET	49733	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:29:17.569713116 CET	443	49733	23.237.26.135	192.168.2.4
Mar 13, 2024 22:29:17.569777966 CET	49733	443	192.168.2.4	23.237.26.135
Mar 13, 2024 22:29:20.491775036 CET	49758	443	192.168.2.4	142.251.41.4
Mar 13, 2024 22:29:20.491806030 CET	443	49758	142.251.41.4	192.168.2.4
Mar 13, 2024 22:29:20.491862059 CET	49758	443	192.168.2.4	142.251.41.4
Mar 13, 2024 22:29:20.492201090 CET	49758	443	192.168.2.4	142.251.41.4
Mar 13, 2024 22:29:20.492216110 CET	443	49758	142.251.41.4	192.168.2.4
Mar 13, 2024 22:29:20.679990053 CET	443	49758	142.251.41.4	192.168.2.4
Mar 13, 2024 22:29:20.680232048 CET	49758	443	192.168.2.4	142.251.41.4
Mar 13, 2024 22:29:20.680257082 CET	443	49758	142.251.41.4	192.168.2.4
Mar 13, 2024 22:29:20.680715084 CET	443	49758	142.251.41.4	192.168.2.4
Mar 13, 2024 22:29:20.681580067 CET	49758	443	192.168.2.4	142.251.41.4
Mar 13, 2024 22:29:20.681660891 CET	443	49758	142.251.41.4	192.168.2.4
Mar 13, 2024 22:29:20.724817991 CET	49758	443	192.168.2.4	142.251.41.4
Mar 13, 2024 22:29:30.673808098 CET	443	49758	142.251.41.4	192.168.2.4
Mar 13, 2024 22:29:30.673959970 CET	443	49758	142.251.41.4	192.168.2.4
Mar 13, 2024 22:29:30.674024105 CET	49758	443	192.168.2.4	142.251.41.4
Mar 13, 2024 22:29:30.678746939 CET	49758	443	192.168.2.4	142.251.41.4
Mar 13, 2024 22:29:30.678764105 CET	443	49758	142.251.41.4	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 13, 2024 22:28:16.355983973 CET	53	53192	1.1.1.1	192.168.2.4
Mar 13, 2024 22:28:16.356357098 CET	53	55306	1.1.1.1	192.168.2.4
Mar 13, 2024 22:28:16.406660080 CET	64137	53	192.168.2.4	1.1.1.1
Mar 13, 2024 22:28:16.406969070 CET	57318	53	192.168.2.4	1.1.1.1
Mar 13, 2024 22:28:16.604818106 CET	53	57318	1.1.1.1	192.168.2.4
Mar 13, 2024 22:28:16.671973944 CET	53	64137	1.1.1.1	192.168.2.4
Mar 13, 2024 22:28:17.001142025 CET	53	63305	1.1.1.1	192.168.2.4
Mar 13, 2024 22:28:18.021460056 CET	53	64188	1.1.1.1	192.168.2.4
Mar 13, 2024 22:28:20.438021898 CET	60329	53	192.168.2.4	1.1.1.1
Mar 13, 2024 22:28:20.438692093 CET	64921	53	192.168.2.4	1.1.1.1
Mar 13, 2024 22:28:20.526660919 CET	53	60329	1.1.1.1	192.168.2.4
Mar 13, 2024 22:28:20.527003050 CET	53	64921	1.1.1.1	192.168.2.4
Mar 13, 2024 22:28:29.308669090 CET	53	52245	1.1.1.1	192.168.2.4
Mar 13, 2024 22:28:35.252649069 CET	53	55524	1.1.1.1	192.168.2.4
Mar 13, 2024 22:28:36.096195936 CET	138	138	192.168.2.4	192.168.2.255
Mar 13, 2024 22:28:54.748758078 CET	53	51860	1.1.1.1	192.168.2.4
Mar 13, 2024 22:29:16.079639912 CET	53	53318	1.1.1.1	192.168.2.4
Mar 13, 2024 22:29:17.658519983 CET	53	63940	1.1.1.1	192.168.2.4
Mar 13, 2024 22:29:44.306117058 CET	53	57437	1.1.1.1	192.168.2.4
Mar 13, 2024 22:30:31.566021919 CET	53	58350	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 13, 2024 22:28:16.406660080 CET	192.168.2.4	1.1.1.1	0xbe15	Standard query (0)	axfdemax.za.com	A (IP address)	IN (0x0001)	false
Mar 13, 2024 22:28:16.406969070 CET	192.168.2.4	1.1.1.1	0x29b6	Standard query (0)	axfdemax.za.com	65	IN (0x0001)	false
Mar 13, 2024 22:28:20.438021898 CET	192.168.2.4	1.1.1.1	0x13d8	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Mar 13, 2024 22:28:20.438692093 CET	192.168.2.4	1.1.1.1	0x98f5	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Mar 13, 2024 22:28:16.671973944 CET	1.1.1.1	192.168.2.4	0xbe15	No error (0)	axfdemax.za.com		23.237.26.135	A (IP address)	IN (0x0001)	false
Mar 13, 2024 22:28:20.526660919 CET	1.1.1.1	192.168.2.4	0x13d8	No error (0)	www.google.com		142.251.41.4	A (IP address)	IN (0x0001)	false
Mar 13, 2024 22:28:20.527003050 CET	1.1.1.1	192.168.2.4	0x98f5	No error (0)	www.google.com			65	IN (0x0001)	false

HTTP Request Dependency Graph

axfdemax.za.com

fs.microsoft.com

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49732	23.237.26.135	443	7232	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-13 21:28:16 UTC	676	OUT	GET /sass/flsks/likey/sffsdf/index.html HTTP/1.1 Host: axfdemax.za.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: object Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-03-13 21:28:17 UTC	208	IN	HTTP/1.1 200 OK Date: Wed, 13 Mar 2024 21:28:17 GMT Server: Apache Last-Modified: Wed, 13 Mar 2024 05:29:32 GMT Accept-Ranges: bytes Content-Length: 469857 Connection: close Content-Type: text/html
2024-03-13 21:28:17 UTC	7984	IN	Data Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0d 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 2c 20 6e 6f 2d 73 74 6f 72 65 Data Ascii: <html lang="en"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /> <meta http-equiv="Cache-Control" content="no-cache, no-store
2024-03-13 21:28:17 UTC	8000	IN	Data Raw: 32 6b 39 4d 4d 76 42 69 42 65 2f 4b 36 4c 38 41 42 6b 79 44 4d 72 42 78 54 49 4e 77 67 44 69 32 7a 63 6a 7a 75 71 33 59 43 67 6b 37 44 52 75 43 4f 71 44 4c 41 42 49 35 64 55 58 4f 4d 59 41 54 49 73 67 33 59 31 68 45 53 42 2b 61 52 6b 74 74 38 51 7a 5a 34 45 6b 64 52 64 42 63 41 36 6c 41 4f 78 6a 43 5a 6b 49 4d 34 31 67 4a 46 72 4c 4f 51 50 41 43 77 35 61 49 77 4c 52 48 4c 52 4a 58 74 72 4f 48 69 6b 65 43 78 2b 30 47 39 66 6d 6f 51 57 48 47 53 44 33 58 57 6f 73 51 65 69 53 66 32 67 33 72 38 31 37 39 6f 4e 36 2f 4e 4e 55 31 57 2b 79 43 33 78 53 30 7a 41 50 52 42 4a 4a 2f 61 44 65 76 7a 58 76 32 67 33 72 38 31 4f 63 53 43 73 76 53 42 71 59 53 54 2b 30 47 39 66 6d 76 48 48 74 50 50 35 71 4b 61 62 6f 67 70 50 49 49 73 51 62 39 55 41 2f 51 65 4b 54 58 59 39 6f Data Ascii: 2k9MMvBiBe/K6L8ABkyDMrBxTINwgDi2zcjzuq3YCgk7DRuCOqDLABI5dUXOMYATIsg3Y1hESB+aRktt8QzZ4EkdRdBcA6lAOxjCZkIM41gJFrLOQPACw5aIwLRHLRJXtrOHikeCx+0G9fmoQWHGSD3XWosQeiSf2g3r8179oN6/NNU1W+yC3xS0zAPRBJJ/aDevzXv2g3r81OcSCsvSBqYST+0G9fmvHHtPP5qKabogpPIIsQb9UA/QeKTXY9o
2024-03-13 21:28:17 UTC	8000	IN	Data Raw: 55 55 6e 62 49 61 32 37 32 68 78 6c 4e 31 51 4d 65 36 30 36 47 46 42 70 32 6f 7a 49 56 7a 4e 57 6f 49 64 46 6e 46 53 35 74 61 4b 64 5a 7a 70 49 75 6f 6a 71 59 57 67 4b 70 64 61 65 4b 33 63 74 66 6f 71 63 64 73 37 2f 41 49 55 59 4b 4f 30 4f 37 4c 39 71 63 65 51 32 61 72 7a 2f 41 4e 52 54 6f 77 2b 31 47 4d 48 44 4e 52 2f 66 37 79 59 47 44 70 30 57 74 62 70 34 4a 62 5a 32 59 69 43 4a 57 64 65 4a 76 73 32 5a 4a 59 6f 4b 71 48 37 51 32 6e 78 66 2b 6f 65 75 73 49 7a 55 32 6b 78 62 67 50 70 44 63 64 53 53 45 78 36 56 52 67 2b 30 4c 41 53 4f 53 4f 68 7a 58 44 58 35 77 6e 78 38 47 44 65 32 59 5a 5a 63 66 64 43 7a 56 32 67 78 62 7a 42 65 2b 2f 65 55 58 4f 62 59 70 30 67 76 65 66 41 70 4f 34 61 5a 63 43 53 42 36 57 51 7a 4f 78 6e 55 61 64 79 50 2f 77 43 4e 78 33 32 Data Ascii: UUnbIa272hxlN1QMe606GFBp2ozIVzNWoIdFnFS5taKdZzpIuojqYWgKpdaeK3ctfoqcds7/AIUYKO0O7L9qceQ2arz/ANRTow+1GMHDNR/f7yYGDp0Wtbp4JbZ2YiCJWdeJvs2ZJYoKqH7Q2nxf+oeusIzU2kxbgPpDcdSSEx6VRg+0LASOSOhzXDX5wnx8GDe2YZZcfdCzV2gxbzBe+/eUXObYp0gvefApO4aZcCSB6WQzOxnUadyP/wCNx32
2024-03-13 21:28:17 UTC	8000	IN	Data Raw: 52 68 6d 56 50 6a 34 66 55 53 74 6a 6c 56 51 69 49 48 39 45 71 55 4d 6b 2b 32 45 74 71 78 4a 71 59 36 73 54 48 45 37 57 62 6d 4a 57 47 59 71 71 62 6c 78 74 62 57 55 66 71 5a 5a 55 31 34 64 4c 61 49 42 32 41 71 4d 35 48 72 41 51 4c 46 4a 50 73 72 53 4e 6d 34 71 70 77 78 4a 76 65 5a 75 45 41 2f 46 31 67 62 46 33 66 61 53 6a 44 4d 4b 38 6a 51 32 73 74 2f 59 6e 47 35 61 34 2f 77 44 54 4b 70 34 73 6e 61 42 35 78 43 42 78 6c 58 6d 35 77 38 6f 57 66 61 4b 70 41 50 45 66 4e 48 76 59 48 6b 47 47 48 7a 45 4c 64 75 58 76 4d 53 79 65 6f 69 79 58 36 57 54 39 6a 56 6c 56 64 43 61 37 45 56 62 58 4a 67 33 6a 56 5a 62 69 36 77 4f 72 68 66 70 5a 4b 68 79 39 2b 6f 70 77 65 6f 51 66 37 50 64 30 2b 53 4f 48 6a 35 50 32 56 50 49 71 70 6d 74 4c 47 56 6a 71 64 52 4a 6c 47 6d 59 Data Ascii: RhmVPj4fUStjlVQiIH9EqUMk+2EtqxJqY6sTHE7WbmJWGYqqblxtbWUfqZZU14dLaIB2AqM5HrAQLFJPsrSNm4qpwxJveZuEA/F1gbF3faSjDMK8jQ2st/YnG5a4/wDTKp4snaB5xCBxlXm5w8oWfaKpAPEfNHvYHkGGHzELduXvMSyeoiyX6WT9jVlVdCa7EVbXJg3jVZbi6wOrhfpZKhy9+opweoQf7Pd0+SOHj5P2VPIqpmtLGVjqdRJlGmY
2024-03-13 21:28:17 UTC	8000	IN	Data Raw: 2b 79 44 33 67 57 57 73 41 61 41 44 79 55 46 75 54 54 74 41 4a 70 79 43 59 46 78 30 75 67 2b 7a 48 65 6a 61 77 57 67 7a 59 58 35 78 64 51 46 4e 32 46 65 41 64 53 74 58 4d 69 34 75 50 6d 6a 6e 43 4f 67 39 46 71 35 67 49 73 50 4c 6b 56 42 77 52 4c 51 65 58 4f 66 46 65 67 64 42 36 49 66 67 41 4e 35 48 4f 4f 53 7a 41 36 44 30 55 4b 63 32 6e 53 43 33 5a 67 33 41 50 6c 6f 73 64 6d 42 72 49 52 77 4e 50 4a 70 38 67 67 6e 4e 4d 6b 7a 70 72 4f 71 67 53 79 50 39 68 4e 37 42 4e 2f 47 65 61 44 34 57 66 65 2b 59 52 6c 37 5a 76 42 50 4b 4e 55 56 4c 44 78 45 61 44 58 77 55 37 49 38 6a 76 62 4e 77 30 43 34 4a 30 57 58 61 48 77 57 51 4f 51 6b 77 46 34 74 4a 46 77 59 38 45 7a 30 31 58 39 69 31 6c 6b 41 54 61 4c 61 7a 50 4e 59 34 51 66 73 67 2b 55 6f 62 73 75 35 79 79 47 68 Data Ascii: +yD3gWWsAaADyUFuTTtAJpyCYFx0ug+zHejawWgzYX5xdQFN2FeAdStXMi4uPmjnCOg9Fq5gIsPLkVBwRLQeXOfFegdB6IfgAN5HOOSzA6D0UKc2nSC3Zg3APlosdmBrIRwNPJp8ggnNMkzprOqgSyP9hN7BN/GeaD4Wfe+YRl7ZvBPKNUVLDxEaDXwU7I8jvbNw0C4J0WXaHwWQOQkwF4tJFwY8Ez01X9i1lkATaLazPNY4Qfsg+Uobsu5yyGh
2024-03-13 21:28:17 UTC	8000	IN	Data Raw: 5a 58 52 54 79 66 54 59 75 48 46 67 61 75 2b 66 2f 4b 41 71 59 77 43 38 2b 51 4f 71 51 7a 58 63 66 74 4e 39 59 52 4f 74 58 63 44 71 64 65 71 71 50 69 37 46 76 4a 73 63 6f 78 6f 4d 79 53 50 47 56 67 34 30 44 6e 50 67 53 6d 71 32 75 34 6b 33 37 37 33 58 76 61 48 54 46 35 6d 4f 35 4e 2f 6a 55 56 7a 48 4d 2f 48 74 41 4d 6d 49 31 6b 70 74 5a 6e 6e 7a 4d 4f 31 7a 69 38 43 4f 39 46 71 39 5a 2f 43 36 38 63 70 55 56 62 57 35 68 55 6f 30 61 68 42 4e 67 64 54 6f 6d 77 38 5a 50 74 45 39 51 63 4f 4e 32 2b 70 55 58 46 76 62 57 46 72 47 45 56 77 6d 33 39 47 70 56 61 33 74 6d 33 4d 66 47 56 55 4c 61 50 61 58 45 55 36 37 34 71 6b 51 66 76 4a 46 79 6a 61 79 75 63 51 77 47 71 36 4f 4b 39 31 76 78 2f 6a 34 74 58 52 54 6d 7a 70 4c 6b 6d 66 55 38 59 31 68 44 2b 4b 65 2b 53 45 Data Ascii: ZXRTyfTYuHFgau+f/KAqYwC8+QOqQzXcftN9YROtXcDqdeqqPi7FvJscoxoMySPGVg40DnPgSmq2u4k3773XvaHTF5mO5N/jUVzHM/HtAMmI1kptZnnzMO1zi8CO9Fq9Z/C68cpUVbW5hUo0ahBNgdTomw8ZPtE9QcON2+pUXFvbWFrGEVwm39GpVa3tm3MfGVULaPaXEU674qkQfvJFyjayucQwGq6OK91vx/j4tXRTmzpLkmfU8Y1hD+Ke+SE
2024-03-13 21:28:17 UTC	8000	IN	Data Raw: 33 33 58 56 6a 50 6b 71 6f 56 47 4b 69 64 43 74 31 32 4d 64 58 77 56 4a 72 6e 45 79 30 54 4e 2b 53 63 47 33 32 56 50 78 57 43 71 38 4c 54 65 6d 59 6a 77 54 4e 33 52 42 78 77 74 47 54 71 30 52 48 4a 54 4e 74 45 32 6b 4d 47 37 6a 67 77 7a 55 32 35 4c 6b 5a 55 2f 55 30 4e 69 30 72 73 35 38 5a 6a 73 35 6a 61 65 62 6c 7a 51 34 44 74 50 7a 56 71 4e 32 65 45 72 30 63 50 52 44 35 45 41 54 36 4a 6a 5a 70 55 79 39 6d 50 4a 64 77 41 38 66 50 78 55 76 62 46 34 72 43 6d 6d 77 55 79 33 6c 45 4a 76 47 62 78 39 43 35 50 69 36 5a 4a 57 49 44 6a 54 45 64 45 6c 46 72 67 34 6b 67 32 46 2f 46 4f 46 33 41 2b 6d 44 59 32 53 66 56 59 79 48 51 42 7a 38 56 4d 64 78 37 51 4b 66 4a 30 4a 66 61 48 69 41 42 4f 74 35 4e 30 75 34 4e 35 4e 4e 78 47 6e 44 50 69 6d 38 35 73 56 51 5a 35 70 Data Ascii: 33XVjPkqoVGKidCt12MdXwVJrnEy0TN+ScG32VPxWCq8LTemYjwTN3RBxwtGTq0RHJTNtE2kMG7jgwzU25LkZU/U0Ni0rs58Zjs5jaeblzQ4DtPzVqN2eEr0cPRD5EAT6JjZpUy9mPJdwA8fPxUvbF4rCmmwUy3lEJvGbx9C5Pi6ZJWIDjTEdElFrg4kg2F/FOF3A+mDY2SfVYyHQBz8VMdx7QKfJ0JfaHiABOt5N0u4N5NNxGnDPim85sVQZ5p
2024-03-13 21:28:17 UTC	8000	IN	Data Raw: 6f 44 33 70 53 70 41 6c 6f 67 54 2b 67 6b 33 4e 71 5a 64 51 66 77 7a 4a 61 51 59 74 43 35 73 49 4c 31 4e 6a 53 72 65 38 7a 61 6d 70 67 57 31 67 31 35 41 61 43 4e 64 56 58 50 4b 4e 74 61 75 4d 7a 51 4d 4c 33 48 36 53 49 34 74 62 71 62 4e 36 32 53 34 6a 46 43 76 32 62 58 45 47 51 4c 4b 76 4f 7a 65 79 57 4d 70 5a 6f 31 37 71 54 77 4f 30 45 6b 67 39 56 32 49 71 43 78 6b 4c 32 37 41 59 6b 34 6a 44 55 58 6d 38 74 42 36 51 70 6c 61 79 57 41 39 52 7a 30 55 50 62 76 4d 46 55 77 2b 45 6f 68 37 59 39 77 58 4b 6d 56 6f 68 72 52 33 4c 6a 35 75 4b 64 4d 4c 6b 78 50 78 44 41 41 36 33 4b 36 62 4f 4d 68 70 63 43 65 58 39 55 37 63 58 38 42 38 45 79 63 79 65 34 46 78 2b 53 64 34 38 4f 65 77 4a 64 61 45 65 75 2b 35 6a 58 6f 6b 74 2f 45 58 45 77 66 54 56 4b 4c 57 46 35 6b 38 Data Ascii: oD3pSpAlogT+gk3NqZdQfwzJaQYtC5sIL1NjSre8zampgW1g15AaCNdVXPKNtauMzQML3H6SI4tbqbN62S4jFCv2bXEGQLKvOzeyWMpZo17qTwO0Ekg9V2IqCxkL27AYk4jDUXm8tB6QplayWA9Rz0UPbvMFUw+Eoh7Y9wXKmVohrR3Lj5uKdMLkxPxDAA63K6bOMhpcCeX9U7cX8B8Eycye4Fx+Sd48OewJdaEeu+5jXokt/EXEwfTVKLWF5k8
2024-03-13 21:28:17 UTC	8000	IN	Data Raw: 64 46 69 6c 33 59 44 61 31 2b 50 72 73 61 61 68 4d 6b 43 7a 6c 6c 79 34 66 62 59 61 31 73 74 50 6d 4f 4c 46 44 42 4f 63 30 2f 59 31 56 56 4e 75 64 72 63 52 68 38 52 55 61 31 37 68 63 6a 77 56 6b 36 77 64 6a 4d 76 6d 53 51 57 63 6c 56 72 62 37 49 75 30 72 31 48 6d 64 53 54 33 4c 4e 67 69 6e 4f 6e 32 47 32 35 4b 67 33 73 50 74 52 58 78 65 4b 59 48 50 4a 6c 77 35 36 61 4b 33 2b 7a 39 63 31 63 4e 54 63 62 38 54 52 7a 6c 55 6c 32 45 79 38 59 66 46 73 45 33 44 74 41 56 64 4c 5a 6b 52 68 61 51 36 41 44 35 49 50 4d 53 54 70 45 78 32 6d 47 4d 38 6a 73 71 6b 38 32 6b 58 56 5a 64 74 58 41 4e 72 45 6b 57 42 74 4b 73 35 6e 37 66 37 75 2b 42 65 43 54 31 30 56 57 74 75 58 74 48 62 67 6e 6b 62 79 71 38 4e 71 78 30 30 37 73 70 39 74 58 69 2b 44 48 4f 67 2f 62 50 4f 36 6e Data Ascii: dFil3YDa1+PrsaahMkCzlly4fbYa1stPmOLFDBOc0/Y1VVNudrcRh8RUa17hcjwVk6wdjMvmSQWclVrb7Iu0r1HmdST3LNginOn2G25Kg3sPtRXxeKYHPJlw56aK3+z9c1cNTcb8TRzlUl2Ey8YfFsE3DtAVdLZkRhaQ6AD5IPMSTpEx2mGM8jsqk82kXVZdtXANrEkWBtKs5n7f7u+BeCT10VWtuXtHbgnkbyq8Nqx007sp9tXi+DHOg/bPO6n
2024-03-13 21:28:17 UTC	8000	IN	Data Raw: 46 6c 47 4c 6d 6b 34 76 70 37 36 6c 44 49 6d 4f 37 4a 75 68 30 30 4b 48 4b 72 56 41 74 74 4a 73 55 4d 79 63 65 79 63 4c 2f 44 72 79 55 59 34 6d 71 34 59 6b 33 4e 6e 58 68 53 6e 6d 54 50 6f 48 54 39 33 6b 6f 73 78 4c 41 4d 55 37 2b 62 6e 7a 51 4a 58 70 42 51 6b 6d 50 72 4a 4b 70 34 57 58 35 63 6c 49 57 58 31 49 63 30 2f 67 62 68 52 72 6c 41 34 57 73 6a 58 71 70 44 79 30 79 57 33 6b 38 2b 71 43 63 55 34 37 48 70 4a 64 44 33 6f 6d 57 41 6f 56 46 73 50 70 35 66 30 52 71 43 4e 51 52 35 4c 69 5a 49 4b 47 54 6b 57 49 2b 61 4f 50 59 76 41 30 34 53 46 43 2b 62 77 63 54 70 39 75 44 33 71 5a 73 30 2b 71 66 34 46 51 35 6d 7a 5a 78 48 54 33 72 64 36 32 34 61 6b 69 44 70 32 61 30 48 69 70 46 61 53 4b 59 37 37 66 4a 52 39 73 34 30 77 32 33 4c 77 6c 53 4b 78 70 34 47 67 Data Ascii: FlGLmk4vp76lDImO7Juh00KHKrVAttJsUMyceycL/DryUY4mq4Yk3NnXhSnmTPoHT93kosxLAMU7+bnzQJXpBQkmPrJKp4WX5clIWX1Ic0/gbhRrlA4WsjXqpDy0yW3k8+qCcU47HpJdD3omWAoVFsPp5f0RqCNQR5LiZIKGTkWI+aOPYvA04SFC+bwcTp9uD3qZs0+qf4FQ5mzZxHT3rd624akiDp2a0HipFaSKY77fJR9s40w23LwlSKxp4Gg

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49742	23.51.58.94	443

Timestamp	Bytes transferred	Direction	Data
2024-03-13 21:28:21 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-03-13 21:28:21 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/079C) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=79097 Date: Wed, 13 Mar 2024 21:28:21 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49743	23.51.58.94	443

Timestamp	Bytes transferred	Direction	Data
2024-03-13 21:28:22 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-03-13 21:28:22 UTC	455	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0778) X-CID: 11 Cache-Control: public, max-age=79049 Date: Wed, 13 Mar 2024 21:28:22 GMT Content-Length: 55 Connection: close X-CID: 2
2024-03-13 21:28:22 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49747	13.85.23.86	443

Timestamp	Bytes transferred	Direction	Data
2024-03-13 21:28:32 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=d+FFmycfvRdO1B9&MD=mrFoy4z2 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-03-13 21:28:32 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 48ab11a0-b3f0-45a7-85ef-a2a6446d3b80 MS-RequestId: e516f943-d139-423b-98bc-ec6d1e478677 MS-CV: aKhfw5OxtkuhIAy2.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 13 Mar 2024 21:28:32 GMT Connection: close Content-Length: 24490
2024-03-13 21:28:32 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-03-13 21:28:32 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49756	20.114.59.183	443

Timestamp	Bytes transferred	Direction	Data
2024-03-13 21:29:10 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=d+FFmycfvRdO1B9&MD=mrFoy4z2 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-03-13 21:29:11 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160" MS-CorrelationId: 10e3da4a-0496-4355-a70f-d5998d15cb8b MS-RequestId: 9a5e8f7f-a711-4cbe-b3e6-bddf4ef89a79 MS-CV: 9DHtin7SVkKMcVRP.0 X-Microsoft-SLSClientCache: 2160 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 13 Mar 2024 21:29:10 GMT Connection: close Content-Length: 25457
2024-03-13 21:29:11 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2024-03-13 21:29:11 UTC	9633	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 1364, Parent PID: 1816

General

Target ID:	0
Start time:	22:28:11
Start date:	13/03/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\LACTALIS SECURED 03-13-2024.htm
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 7232, Parent PID: 1364

General

Target ID:	2
Start time:	22:28:14
Start date:	13/03/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1988,i,3153800486124712002,7715303740752761237,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly