Edit tour

Windows Analysis Report
http://www.preferredfederalretirement.com/lists/lt.php?tid=cU9XVlEFBVFdBx4CVFNVFAEFB1UeAwsPUhgLBABTU1YJAlICUAdJVlFTVVUGBFcUUAdUVB5VX1pVGABXUQ4cUwpQUwZdUQcHUgZXSgIEAlhWAVIDHlVYC1UYDFUFBRxaD1dUGlMGDAdSVAoCBgIFXw

Overview

General Information

Sample URL:	http://www.preferredfederalretirement.com/lists/lt.php?tid=cU9XVlEFBVFdBx4CVFNVFAEFB1UeAwsPUhgLBABTU1YJAlICUAdJVlFTVVUGBFcUUAdUVB5VX1pVGABXUQ4cUwpQUwZdUQcHUgZXSgIEAlhWAVIDHlVYC1UYDFUFBRxaD1dUGlMGDAdSV
Analysis ID:	1465762
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Detected non-DNS traffic on DNS port

Classification

Process Tree

System is w10x64

chrome.exe (PID: 4080 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1668 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 --field-trial-handle=2288,i,18175630192459344383,1899549445800956136,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6428 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.preferredfederalretirement.com/lists/lt.php?tid=cU9XVlEFBVFdBx4CVFNVFAEFB1UeAwsPUhgLBABTU1YJAlICUAdJVlFTVVUGBFcUUAdUVB5VX1pVGABXUQ4cUwpQUwZdUQcHUgZXSgIEAlhWAVIDHlVYC1UYDFUFBRxaD1dUGlMGDAdSVAoCBgIFXw" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://federalfinancialnewsnetwork.net/machform/view.php?id=14648

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49751 version: TLS 1.2

Source: global traffic

TCP traffic: 192.168.2.4:57291 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.164.97
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.164.97
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /lists/lt.php?tid=cU9XVlEFBVFdBx4CVFNVFAEFB1UeAwsPUhgLBABTU1YJAlICUAdJVlFTVVUGBFcUUAdUVB5VX1pVGABXUQ4cUwpQUwZdUQcHUgZXSgIEAlhWAVIDHlVYC1UYDFUFBRxaD1dUGlMGDAdSVAoCBgIFXw HTTP/1.1Host: www.preferredfederalretirement.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /machform/view.php?id=14648 HTTP/1.1Host: federalfinancialnewsnetwork.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /machform/data/form_14648/css/view.css?bdffc4 HTTP/1.1Host: federalfinancialnewsnetwork.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://federalfinancialnewsnetwork.net/machform/view.php?id=14648Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=7e0dc557097e3e196f2ce35b948c5db5; mf_has_cookie=1
Source: global traffic	HTTP traffic detected: GET /machform/view.mobile.css?bdffc4 HTTP/1.1Host: federalfinancialnewsnetwork.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://federalfinancialnewsnetwork.net/machform/view.php?id=14648Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=7e0dc557097e3e196f2ce35b948c5db5; mf_has_cookie=1
Source: global traffic	HTTP traffic detected: GET /machform/js/jquery.min.js?bdffc4 HTTP/1.1Host: federalfinancialnewsnetwork.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://federalfinancialnewsnetwork.net/machform/view.php?id=14648Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=7e0dc557097e3e196f2ce35b948c5db5; mf_has_cookie=1
Source: global traffic	HTTP traffic detected: GET /machform/js/jquery-ui-1.12/effect.js?bdffc4 HTTP/1.1Host: federalfinancialnewsnetwork.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://federalfinancialnewsnetwork.net/machform/view.php?id=14648Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=7e0dc557097e3e196f2ce35b948c5db5; mf_has_cookie=1
Source: global traffic	HTTP traffic detected: GET /machform/view.js?bdffc4 HTTP/1.1Host: federalfinancialnewsnetwork.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://federalfinancialnewsnetwork.net/machform/view.php?id=14648Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=7e0dc557097e3e196f2ce35b948c5db5; mf_has_cookie=1
Source: global traffic	HTTP traffic detected: GET /machform/images/form_resources/grey-mild.png HTTP/1.1Host: federalfinancialnewsnetwork.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://federalfinancialnewsnetwork.net/machform/data/form_14648/css/view.css?bdffc4Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=7e0dc557097e3e196f2ce35b948c5db5; mf_has_cookie=1
Source: global traffic	HTTP traffic detected: GET /machform/images/machform.png HTTP/1.1Host: federalfinancialnewsnetwork.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://federalfinancialnewsnetwork.net/machform/data/form_14648/css/view.css?bdffc4Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=7e0dc557097e3e196f2ce35b948c5db5; mf_has_cookie=1
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: federalfinancialnewsnetwork.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://federalfinancialnewsnetwork.net/machform/view.php?id=14648Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=7e0dc557097e3e196f2ce35b948c5db5; mf_has_cookie=1
Source: global traffic	HTTP traffic detected: GET /machform/images/form_resources/grey-mild.png HTTP/1.1Host: federalfinancialnewsnetwork.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=7e0dc557097e3e196f2ce35b948c5db5; mf_has_cookie=1
Source: global traffic	HTTP traffic detected: GET /machform/images/machform.png HTTP/1.1Host: federalfinancialnewsnetwork.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=7e0dc557097e3e196f2ce35b948c5db5; mf_has_cookie=1
Source: global traffic	HTTP traffic detected: GET /lists/lt.php?tid=cU9XVlEFBVFdBx4CVFNVFAEFB1UeAwsPUhgLBABTU1YJAlICUAdJVlFTVVUGBFcUUAdUVB5VX1pVGABXUQ4cUwpQUwZdUQcHUgZXSgIEAlhWAVIDHlVYC1UYDFUFBRxaD1dUGlMGDAdSVAoCBgIFXw HTTP/1.1Host: www.preferredfederalretirement.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.preferredfederalretirement.com
Source: global traffic	DNS traffic detected: DNS query: federalfinancialnewsnetwork.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 1271Connection: closeDate: Mon, 01 Jul 2024 23:49:19 GMTServer: ApacheX-Frame-Options: deny

Source: chromecache_107.2.dr	String found in binary or memory: http://api.jqueryui.com/category/effects-core/
Source: chromecache_107.2.dr	String found in binary or memory: http://jquery.org/license
Source: chromecache_107.2.dr	String found in binary or memory: http://jqueryui.com
Source: chromecache_107.2.dr	String found in binary or memory: http://jqueryui.com/effect/
Source: chromecache_107.2.dr	String found in binary or memory: http://jsfiddle.net/JZSMt/3/
Source: chromecache_107.2.dr	String found in binary or memory: http://www.robertpenner.com/easing)
Source: chromecache_107.2.dr	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=107380
Source: chromecache_107.2.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=561664
Source: chromecache_107.2.dr	String found in binary or memory: https://code.google.com/p/maashaack/source/browse/packages/graphics/trunk/src/graphics/colors/HUE2RG
Source: chromecache_107.2.dr	String found in binary or memory: https://github.com/jquery/jquery-color

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57295
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 57295 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49751 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@23/20@10/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 --field-trial-handle=2288,i,18175630192459344383,1899549445800956136,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.preferredfederalretirement.com/lists/lt.php?tid=cU9XVlEFBVFdBx4CVFNVFAEFB1UeAwsPUhgLBABTU1YJAlICUAdJVlFTVVUGBFcUUAdUVB5VX1pVGABXUQ4cUwpQUwZdUQcHUgZXSgIEAlhWAVIDHlVYC1UYDFUFBRxaD1dUGlMGDAdSVAoCBgIFXw"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 --field-trial-handle=2288,i,18175630192459344383,1899549445800956136,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://www.preferredfederalretirement.com/lists/lt.php?tid=cU9XVlEFBVFdBx4CVFNVFAEFB1UeAwsPUhgLBABTU1YJAlICUAdJVlFTVVUGBFcUUAdUVB5VX1pVGABXUQ4cUwpQUwZdUQcHUgZXSgIEAlhWAVIDHlVYC1UYDFUFBRxaD1dUGlMGDAdSVAoCBgIFXw	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://jquery.org/license	0%	URL Reputation	safe
http://jqueryui.com	0%	URL Reputation	safe
http://jqueryui.com/effect/	0%	Avira URL Cloud	safe
https://federalfinancialnewsnetwork.net/machform/view.js?bdffc4	0%	Avira URL Cloud	safe
https://federalfinancialnewsnetwork.net/machform/data/form_14648/css/view.css?bdffc4	0%	Avira URL Cloud	safe
https://www.preferredfederalretirement.com/lists/lt.php?tid=cU9XVlEFBVFdBx4CVFNVFAEFB1UeAwsPUhgLBABTU1YJAlICUAdJVlFTVVUGBFcUUAdUVB5VX1pVGABXUQ4cUwpQUwZdUQcHUgZXSgIEAlhWAVIDHlVYC1UYDFUFBRxaD1dUGlMGDAdSVAoCBgIFXw	0%	Avira URL Cloud	safe
https://federalfinancialnewsnetwork.net/machform/js/jquery.min.js?bdffc4	0%	Avira URL Cloud	safe
https://federalfinancialnewsnetwork.net/machform/images/machform.png	0%	Avira URL Cloud	safe
https://bugs.webkit.org/show_bug.cgi?id=107380	0%	Avira URL Cloud	safe
http://api.jqueryui.com/category/effects-core/	0%	Avira URL Cloud	safe
https://federalfinancialnewsnetwork.net/machform/images/form_resources/grey-mild.png	0%	Avira URL Cloud	safe
https://federalfinancialnewsnetwork.net/machform/view.mobile.css?bdffc4	0%	Avira URL Cloud	safe
https://code.google.com/p/maashaack/source/browse/packages/graphics/trunk/src/graphics/colors/HUE2RG	0%	Avira URL Cloud	safe
https://federalfinancialnewsnetwork.net/favicon.ico	0%	Avira URL Cloud	safe
http://jsfiddle.net/JZSMt/3/	0%	Avira URL Cloud	safe
https://github.com/jquery/jquery-color	0%	Avira URL Cloud	safe
https://federalfinancialnewsnetwork.net/machform/js/jquery-ui-1.12/effect.js?bdffc4	0%	Avira URL Cloud	safe
http://www.robertpenner.com/easing)	0%	Avira URL Cloud	safe
https://bugzilla.mozilla.org/show_bug.cgi?id=561664	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
www.preferredfederalretirement.com	3.232.182.1	true	false	unknown
federalfinancialnewsnetwork.net	74.208.236.15	true	false	unknown
www.google.com	142.250.184.196	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://federalfinancialnewsnetwork.net/machform/images/form_resources/grey-mild.png	false	Avira URL Cloud: safe	unknown
https://federalfinancialnewsnetwork.net/machform/view.js?bdffc4	false	Avira URL Cloud: safe	unknown
https://www.preferredfederalretirement.com/lists/lt.php?tid=cU9XVlEFBVFdBx4CVFNVFAEFB1UeAwsPUhgLBABTU1YJAlICUAdJVlFTVVUGBFcUUAdUVB5VX1pVGABXUQ4cUwpQUwZdUQcHUgZXSgIEAlhWAVIDHlVYC1UYDFUFBRxaD1dUGlMGDAdSVAoCBgIFXw	false	Avira URL Cloud: safe	unknown
https://federalfinancialnewsnetwork.net/machform/view.mobile.css?bdffc4	false	Avira URL Cloud: safe	unknown
https://federalfinancialnewsnetwork.net/machform/data/form_14648/css/view.css?bdffc4	false	Avira URL Cloud: safe	unknown
https://federalfinancialnewsnetwork.net/machform/js/jquery.min.js?bdffc4	false	Avira URL Cloud: safe	unknown
https://federalfinancialnewsnetwork.net/machform/images/machform.png	false	Avira URL Cloud: safe	unknown
http://www.preferredfederalretirement.com/lists/lt.php?tid=cU9XVlEFBVFdBx4CVFNVFAEFB1UeAwsPUhgLBABTU1YJAlICUAdJVlFTVVUGBFcUUAdUVB5VX1pVGABXUQ4cUwpQUwZdUQcHUgZXSgIEAlhWAVIDHlVYC1UYDFUFBRxaD1dUGlMGDAdSVAoCBgIFXw	false		unknown
https://federalfinancialnewsnetwork.net/favicon.ico	false	Avira URL Cloud: safe	unknown
https://federalfinancialnewsnetwork.net/machform/js/jquery-ui-1.12/effect.js?bdffc4	false	Avira URL Cloud: safe	unknown
https://federalfinancialnewsnetwork.net/machform/view.php?id=14648	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://jqueryui.com/effect/	chromecache_107.2.dr	false	Avira URL Cloud: safe	unknown
http://jquery.org/license	chromecache_107.2.dr	false	URL Reputation: safe	unknown
https://bugs.webkit.org/show_bug.cgi?id=107380	chromecache_107.2.dr	false	Avira URL Cloud: safe	unknown
http://api.jqueryui.com/category/effects-core/	chromecache_107.2.dr	false	Avira URL Cloud: safe	unknown
https://code.google.com/p/maashaack/source/browse/packages/graphics/trunk/src/graphics/colors/HUE2RG	chromecache_107.2.dr	false	Avira URL Cloud: safe	unknown
http://jqueryui.com	chromecache_107.2.dr	false	URL Reputation: safe	unknown
http://jsfiddle.net/JZSMt/3/	chromecache_107.2.dr	false	Avira URL Cloud: safe	unknown
https://github.com/jquery/jquery-color	chromecache_107.2.dr	false	Avira URL Cloud: safe	unknown
http://www.robertpenner.com/easing)	chromecache_107.2.dr	false	Avira URL Cloud: safe	unknown
https://bugzilla.mozilla.org/show_bug.cgi?id=561664	chromecache_107.2.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.184.196	www.google.com	United States	15169	GOOGLEUS	false
3.232.182.1	www.preferredfederalretirement.com	United States	14618	AMAZON-AESUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
74.208.236.15	federalfinancialnewsnetwork.net	United States	8560	ONEANDONE-ASBrauerstrasse48DE	false

Private

IP
192.168.2.16
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1465762
Start date and time:	2024-07-02 01:48:20 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 59s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://www.preferredfederalretirement.com/lists/lt.php?tid=cU9XVlEFBVFdBx4CVFNVFAEFB1UeAwsPUhgLBABTU1YJAlICUAdJVlFTVVUGBFcUUAdUVB5VX1pVGABXUQ4cUwpQUwZdUQcHUgZXSgIEAlhWAVIDHlVYC1UYDFUFBRxaD1dUGlMGDAdSVAoCBgIFXw
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@23/20@10/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.23.99, 142.250.186.46, 74.125.133.84, 34.104.35.123, 142.250.181.234, 142.250.186.74, 216.58.206.42, 216.58.212.170, 142.250.186.42, 216.58.212.138, 142.250.185.202, 142.250.186.170, 142.250.186.138, 172.217.23.106, 142.250.185.138, 216.58.206.74, 142.250.185.234, 142.250.185.106, 142.250.185.170, 142.250.185.74, 20.12.23.50, 93.184.221.240, 192.229.221.95, 13.85.23.206, 13.95.31.18, 142.250.185.67
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: http://www.preferredfederalretirement.com/lists/lt.php?tid=cU9XVlEFBVFdBx4CVFNVFAEFB1UeAwsPUhgLBABTU1YJAlICUAdJVlFTVVUGBFcUUAdUVB5VX1pVGABXUQ4cUwpQUwZdUQcHUgZXSgIEAlhWAVIDHlVYC1UYDFUFBRxaD1dUGlMGDAdSVAoCBgIFXw

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Input	Output
URL: https://federalfinancialnewsnetwork.net/machform/view.php?id=14648 Model: Perplexity: mixtral-8x7b-instruct	{"loginform": false,"urgency": false,"captcha": false,"reasons": ["The webpage does not contain a login form, as there are no explicit requests for sensitive information such as passwords, email addresses, usernames, phone numbers or credit card numbers.","The text does not create a sense of urgency, as there are no phrases that suggest immediate action is required or that there are limited time offers.","The webpage does not contain a CAPTCHA or any other anti-robot detection mechanism."]}
Title: Federal Employee eBook Request Form OCR: MachForm Federal Employee eBook Request Form Please complete the form below and we will email you our eBook First Name * Last Name * State * Email * Phone * Extension if any Age * Cell Phone (optional) Submit

Input

Output

URL: https://federalfinancialnewsnetwork.net/machform/view.php?id=14648 Model: Perplexity: mixtral-8x7b-instruct

{"loginform": false,"urgency": false,"captcha": false,"reasons": ["The webpage does not contain a login form, as there are no explicit requests for sensitive information such as passwords, email addresses, usernames, phone numbers or credit card numbers.","The text does not create a sense of urgency, as there are no phrases that suggest immediate action is required or that there are limited time offers.","The webpage does not contain a CAPTCHA or any other anti-robot detection mechanism."]}

Title: Federal Employee eBook Request Form OCR: MachForm Federal Employee eBook Request Form Please complete the form below and we will email you our eBook First Name * Last Name * State * Email * Phone * Extension if any Age * Cell Phone (optional) Submit

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 106

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	8950
Entropy (8bit):	5.141392948422684
Encrypted:	false
SSDEEP:	192:k1O/B1wfKl1nivxFW4TtoEeXXT5x5Df53lWsSJbRTzESIzLGdxgecrV9jzyiGDsZ:5HozYYF2v
MD5:	430EFBA4D0274A2CA17CDF87E81B3B54
SHA1:	623B0EE401201078D2B78A6031004EB2035F9364
SHA-256:	F033C5ABEF82C0843B366B9FB1482167F6809C51ADFE4BEB610671BBC5E65C57
SHA-512:	04D0F45D47499F93BA2C2807F50294B2965BE576D163DB0E4234B2634CBECCD7932E8F49D78E169A0853EF416D9178EF12F6B6FCABC15D3B209836D4FB2FB0B4
Malicious:	false
Reputation:	low
URL:	https://federalfinancialnewsnetwork.net/machform/view.mobile.css?bdffc4
Preview:	@media only screen and (max-width : 480px) {..html{...background: none;...background-image: none !important;..}..#main_body{...margin: 0 !important;..}..#form_container,#footer{...width: 100% !important;...padding: 0px !important;...margin: 0 auto !important;..}..#form_container{...box-shadow: none !important;...border: none !important;..}..#form_container:before,#form_container:after{...display: none !important;..}..form.appnitro,.embed form.appnitro{...margin: 15px 15px 0 15px;..}..#top,#bottom,h1{...display: none;..}..#li_resume_email{...width: 99%;..}..#main_body #element_resume_email{...width: 70%;..}..#main_body form li{...padding: 4px 2px 2px;..}...no_guidelines form li,.appnitro li{...width: 99%;..}..#main_body form li.column_2,..#main_body form li.column_3,..#main_body form li.column_4,..#main_body form li.column_5,..#main_body form li.column_6{...width: 99% !important;...float: none;..}....#main_body input.text{...padding: 5px 3px;..}..#main_body input.medium{...width:70%;..}

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	40997
Entropy (8bit):	5.113153571834635
Encrypted:	false
SSDEEP:	768:8gehqEvSQHB99OyKwMQ4i72mH5guT5JbijkrDASg7y8DQemHFgymTpHl:An7KwMYjHJ5Jbijkrkz78emHFgymTFl
MD5:	9D3AC0A26061CB0D6979FF7B27FEB281
SHA1:	6AB8A3A530E3E81C0C1CBF83F66ECDE277B4A202
SHA-256:	01A98D8F1C110708E03C959CAB5ED0BFAE07CB4C6FBDE366DDDDAC1CA71EEE4B
SHA-512:	16D3C54974AAA00E4622F02581A5D1180986597E2A5933437246E988E5B260FBE5FCF2B831A6CF0FA388E7BF0D2131CEFB4AD9341B8F2DB4E80B5AFEF3D4305A
Malicious:	false
Reputation:	low
URL:	https://federalfinancialnewsnetwork.net/machform/js/jquery-ui-1.12/effect.js?bdffc4
Preview:	/! jQuery UI - v1.12.1 - 2017-09-11. http://jqueryui.com.* Includes: effect.js.* Copyright jQuery Foundation and other contributors; Licensed MIT /..(function( factory ) {..if ( typeof define === "function" && define.amd ) {....// AMD. Register as an anonymous module....define([ "jquery" ], factory );..} else {....// Browser globals...factory( jQuery );..}.}(function( $ ) {..$.ui = $.ui \|\| {};..var version = $.ui.version = "1.12.1";.../!. * jQuery UI Effects 1.12.1. * http://jqueryui.com. . Copyright jQuery Foundation and other contributors. * Released under the MIT license.. * http://jquery.org/license. */..//>>label: Effects Core.//>>group: Effects.// jscs:disable maximumLineLength.//>>description: Extends the internal jQuery effects. Includes morphing and easing. Required by all other effects..// jscs:enable maximumLineLength.//>>docs: http://api.jqueryui.com/category/effects-core/.//>>demos: http://jqueryui.com/effect/....var dataSpace = "ui-effects-",..dataSpaceStyle = "ui-

Chrome Cache Entry: 108

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 111 x 40, 8-bit/color RGBA, interlaced
Category:	downloaded
Size (bytes):	1999
Entropy (8bit):	7.375558516016921
Encrypted:	false
SSDEEP:	48:yiwitNn2cuKaJ3ClYnrE2jURpFe2+kDW6z1+kZmdVV:yU2DK1lYnrE2KpL+kDWLkcdVV
MD5:	8F217500ED775DBAE67E47A74ABB7DD4
SHA1:	EF741E4385F28460D99F9EF8AF3F1C42DCF8C794
SHA-256:	C93D16C41461795EB205A1C08BD089AC97842F4AA8924E7E7B699274B52957FC
SHA-512:	9409B8AD74B48AD8CED340444A6BCA5A16BD010105D6D0BFFA78542A15F734BF6B29ED40D994A5460806F9C2A4C923D1C6788208611CB7DC1923FA672A863C25
Malicious:	false
Reputation:	low
URL:	https://federalfinancialnewsnetwork.net/machform/images/machform.png
Preview:	.PNG........IHDR...o...(........"....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Macintosh" xmpMM:InstanceID="xmp.iid:CA35E1D0013311E1B58E992925A5DFC0" xmpMM:DocumentID="xmp.did:CA35E1D1013311E1B58E992925A5DFC0"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:CA35E1CE013311E1B58E992925A5DFC0" stRef:documentID="xmp.did:CA35E1CF013311E1B58E992925A5DFC0"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.]....CIDATx.b...?.9...L...w...P...3@..P...X.:....X.J....'.q....1##.~.. F....Z.( .......(.`.9.......4....G.."[#5.....`

Chrome Cache Entry: 109

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 100 x 100, 4-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	2994
Entropy (8bit):	7.932735144101721
Encrypted:	false
SSDEEP:	48:ksGSSX+aW7kN55XwzBhbzaTU6kOFTKVYdM/M1cGW19/n60vJpyTMVJAKzyu:ksBy+TkNPAXbeTUUBYYdl1qvfyYQKz
MD5:	C956A6B9EE268D052C6D24FE7C9F2FD5
SHA1:	53CF394849D41652C135A7BDD0D73DAA3D2FEDF2
SHA-256:	5D15C34BCAB3EC651017CADE9933E95C42C71BA23E7385444AFDF102123A19D4
SHA-512:	2A2621E641B9DA2DD91A78D2CFD4600E023C73E512FFE6F3AA5A59CBC6A297E5C3AC217B483E7E3D13A42AF2C6671E7AE2937B66D1A7F536A14045BED762828D
Malicious:	false
Reputation:	low
URL:	https://federalfinancialnewsnetwork.net/machform/images/form_resources/grey-mild.png
Preview:	.PNG........IHDR...d...d.......g....PLTE................t.....^IDATX.<T....s.............3.~....C1`.&.l[.Ed.%P...zO...v[z.3.......^\|..fF...u..~...........u.......O..O.U.en@l\.'`.lb.#.p...^}.H..Y..7.;v..<..._ ..L=9.6U.@..'..o.t`...&..$.~4.`...tU.....cs.#M%.6.o...;..\F.Y1./a..x......y....l.@.....=.P%Y J_!...t..M.dP..a..M.....n..p.C.&..I.=........s+..G)..7.O?{..n.v.......,{....v.:q.}7xc..c.m;...........b"..1..l...5.C.M. w.P.v$ .lY.&.P.).D.7#..._.....%.qZt....aV.........r...<...Z.C..}E.Fb..Uq1.G.....!.o.l..f...r\|.. ..w.l...L.3....#.@..l.-.?4.1O:.....)....I%.~.>.... JF..\M.L.t....0.DE...n.`!.......ic....g..(.W......D......1....W...g.232A..e .5w...H............@..^..I..Y.P..rd......e$6..ld.,....R..A......]...y..\|......H.PN..L..P.l."-F.t.....y.....R ;..53.0....z\|............z..b..0............-....Tg>.....L.x..r...T.....S...sM....I.v.i.......xe...1...!e.A..OGm...'.......$.**.R............3...j.Z..!...8.k.h./...4.og.E.E....}....k"I.......c.

Chrome Cache Entry: 110

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	52658
Entropy (8bit):	5.405929440830425
Encrypted:	false
SSDEEP:	768:XDFvwm4SMAFDaAw/XkZLxuvuAKOZndtMT3zTwZbCOBf:V5K/XkZLxuvuAKOZndtMT3zTwCO5
MD5:	F4F92AD193314E83D409EDD386F47AFB
SHA1:	19E66850D04681731C150A1B44074304BFA30397
SHA-256:	C17C8D456B4C1B087D55DF661E8E2080C41D895A8992B3AB5A82388CDEC66A72
SHA-512:	24AED520D2A95F6EFD4B65EA29853B248263B673026F3E5E978D8230A1CCD5FE1CC8E075813E74553FDB3CA6E931EC2B1FECFD01465C1BE6CB5E21EC413AED9E
Malicious:	false
Reputation:	low
URL:	https://federalfinancialnewsnetwork.net/machform/data/form_14648/css/view.css?bdffc4
Preview:	html{..background: url('../../../images/form_resources/grey-mild.png') repeat scroll 0 0 #ececec;.}..#main_body.{..font-family:"Lucida Grande", Tahoma, Arial, Verdana, sans-serif;..font-size:small;..margin:20px 0 50px;..text-align:center;.}..#form_container.{..background:#fff;..border: none;..border-radius: 10px;..margin:0 auto;..text-align:left;..width:640px;..box-shadow: 0 0 3px rgba(0, 0, 0, 0.4);.}..#top.{..display:block;..height:10px;..margin:10px auto 0;..width:650px;.}..#footer.{..clear:both;..color:#999999;..text-align:center;..width:640px;..padding-bottom: 15px;..font-size: 85%;.}..#footer a{..color:#999999;..text-decoration: none;..border-bottom: 1px dotted #999999;.}..#bottom.{..display:block;..height:10px;..margin:0 auto;..width:650px;.}..form.appnitro.{..margin:20px 20px 0;..padding:0 0 20px;.}../** Logo Section ***/.#main_body h1.{...margin:0;..padding:0;..text-decoration:none;..text-indent:-8000px;..color: #fff;..border-radius: 8px 8px 0 0;..background-color: #52525

Chrome Cache Entry: 111

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	220
Entropy (8bit):	5.104339282284394
Encrypted:	false
SSDEEP:	6:r4jHE3d0aoN06TyaWop1fzLzKWuYb3NG2upROtGn:rUE3YfeyzLzKWVNG2ootGn
MD5:	B83B37B477E3F4F87859968CFD7DBC1D
SHA1:	D7562F6AED1C7EBE63996E66E9B342203DB68D75
SHA-256:	532EB46F1142E3CB14EA6AE00364CE5795153D470D1A118EB91452CF16D33B02
SHA-512:	F0DE3EEC0BC04BC35911BAFCB2D4B5727446E660FDD1BC32D190F9963B976938875C380510F2D6E1F2253AF5047DEA8AA2E2ACC42A22A73171B81A2BB8C79C6A
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISawn--zopGQyQWhIFDSIFcZUSBQ062hxcEgUNDdEfTRIFDaRs3FoSBQ0dSf29EgUN8JCGbBIFDagfjQgSBQ1zUvZBEgUN4Q8jbxIFDWTjXNYSBQ2JWnQAEgUN7lysCBIFDV-WWEsSBQ36w4if?alt=proto
Preview:	CqIBCgsNIgVxlRoECAMYAQoLDTraHFwaBAgFGAEKCw0N0R9NGgQIIRgBCgsNpGzcWhoECCIYAQoLDR1J/b0aBAgjGAEKCw3wkIZsGgQICRgBCgsNqB+NCBoECAsYAQoLDXNS9kEaBAh7GAEKCw3hDyNvGgQIfBgBCgcNZONc1hoACgcNiVp0ABoACgcN7lysCBoACgcNX5ZYSxoACgcN+sOInxoA

Chrome Cache Entry: 112

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 100 x 100, 4-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	2994
Entropy (8bit):	7.932735144101721
Encrypted:	false
SSDEEP:	48:ksGSSX+aW7kN55XwzBhbzaTU6kOFTKVYdM/M1cGW19/n60vJpyTMVJAKzyu:ksBy+TkNPAXbeTUUBYYdl1qvfyYQKz
MD5:	C956A6B9EE268D052C6D24FE7C9F2FD5
SHA1:	53CF394849D41652C135A7BDD0D73DAA3D2FEDF2
SHA-256:	5D15C34BCAB3EC651017CADE9933E95C42C71BA23E7385444AFDF102123A19D4
SHA-512:	2A2621E641B9DA2DD91A78D2CFD4600E023C73E512FFE6F3AA5A59CBC6A297E5C3AC217B483E7E3D13A42AF2C6671E7AE2937B66D1A7F536A14045BED762828D
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...d...d.......g....PLTE................t.....^IDATX.<T....s.............3.~....C1`.&.l[.Ed.%P...zO...v[z.3.......^\|..fF...u..~...........u.......O..O.U.en@l\.'`.lb.#.p...^}.H..Y..7.;v..<..._ ..L=9.6U.@..'..o.t`...&..$.~4.`...tU.....cs.#M%.6.o...;..\F.Y1./a..x......y....l.@.....=.P%Y J_!...t..M.dP..a..M.....n..p.C.&..I.=........s+..G)..7.O?{..n.v.......,{....v.:q.}7xc..c.m;...........b"..1..l...5.C.M. w.P.v$ .lY.&.P.).D.7#..._.....%.qZt....aV.........r...<...Z.C..}E.Fb..Uq1.G.....!.o.l..f...r\|.. ..w.l...L.3....#.@..l.-.?4.1O:.....)....I%.~.>.... JF..\M.L.t....0.DE...n.`!.......ic....g..(.W......D......1....W...g.232A..e .5w...H............@..^..I..Y.P..rd......e$6..ld.,....R..A......]...y..\|......H.PN..L..P.l."-F.t.....y.....R ;..53.0....z\|............z..b..0............-....Tg>.....L.x..r...T.....S...sM....I.v.i.......xe...1...!e.A..OGm...'.......$.**.R............3...j.Z..!...8.k.h./...4.og.E.E....}....k"I.......c.

Chrome Cache Entry: 113

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	23523
Entropy (8bit):	5.071969940951042
Encrypted:	false
SSDEEP:	384:v5dTLX6EZ/NcPwZ3sitQViUi/sycGuU4/gOIz5YcJc3JyDsY2q:vvLKEDawZ3sitQViUi/sycNUn3KcJ7X
MD5:	4DAC285DDACB0E7C8EFE38DB9CADA4DA
SHA1:	093C915F23CB0435CB883C1C986ACF32C08FE069
SHA-256:	BC4852F6A3956AFBD3EE6B8EECB9E3C4A81BBB1BF493AF5F2D69ABC57D36B68E
SHA-512:	8E12296FE6BE4143E410854E9933480867A714E9143B0F7945891527BC4BABD55753A20777645418996FA57991457FBCF87E07AC3EDF43CFD846E110CFB142F1
Malicious:	false
Reputation:	low
URL:	https://federalfinancialnewsnetwork.net/machform/view.js?bdffc4
Preview:	$(function(){...$("form.appnitro").data('active_element','');..var field_highlight_color = $("form.appnitro").data('highlightcolor');....//attach event handler to all form fields, to highlight the selected list (except for matrix field) ..$("form.appnitro :input").on('click focus',function(){...var current_li = $(this).closest("li").not('.matrix').not('.buttons').not('.signature');...$("form.appnitro").data('active_element',current_li.attr('id'));.......if(current_li.hasClass('highlighted') != true){....$("form.appnitro li.highlighted").removeClass('highlighted'); //remove any previous highlight........if(field_highlight_color != '' && field_highlight_color != 'transparent'){.....if(current_li.attr('id') == $("form.appnitro").data('active_element')){......current_li.addClass('highlighted').css('background-color','');......current_li.siblings().not('#li_resume_email').css('background-color',''); //remove the remaining color style.....}else{......current_li.css('background-color','');...

Chrome Cache Entry: 114

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	1271
Entropy (8bit):	4.374523692836198
Encrypted:	false
SSDEEP:	24:hYUYjMjIONtU3c2N8v5K+Riff0R/womM7xtE/bN2Oc8:uM8/sO8v4+kiwtmE/b1
MD5:	29811A4928BFC805CB6BA88E3D030540
SHA1:	E9B28C51AD902A7C7F23B9B5AB189CA8647D9B3D
SHA-256:	AB5FC6E036DD1743C60B18D7627BA59AF68B36D6E98BE3C973718234983A2A3E
SHA-512:	F4F713D3110DBCC41317022CDC88391270170441DEB3BD9AC41480F815829D1E9CDB69D9B216C8857901D7DDC290FC21E6384B97A52E8F07D576F521093D5246
Malicious:	false
Reputation:	low
URL:	https://federalfinancialnewsnetwork.net/favicon.ico
Preview:	<!DOCTYPE html>.<html>. <head>. <meta charset="utf-8">. <style type="text/css">. html, body, #partner, iframe {. height:100%;. width:100%;. margin:0;. padding:0;. border:0;. outline:0;. font-size:100%;. vertical-align:baseline;. background:transparent;. }. body {. overflow:hidden;. }. </style>. <meta content="NOW" name="expires">. <meta content="index, follow, all" name="GOOGLEBOT">. <meta content="index, follow, all" name="robots">. Following Meta-Tag fixes scaling-issues on mobile devices -->. <meta content="width=device-width; initial-scale=1.0; maximum-scale=1.0; user-scalable=0;" name="viewport">. </head>. <body>. <div id="partner">. </div>. <script type="text/javascript">. document.write(. '<script type="text/javascript" language="JavaScript"'.

Chrome Cache Entry: 115

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	downloaded
Size (bytes):	81678
Entropy (8bit):	5.2918747029661475
Encrypted:	false
SSDEEP:	1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mF:DIh8GgP3hujzwbhd3k
MD5:	A64E7780F05A830761EC3E36F0C90D21
SHA1:	81E04530ED24F31F1432FB0A72ADB29BF9E944AF
SHA-256:	9FA16BF43ADAB83925068CFE9B80E9B3EF6C3F264791429FA10E3D32C2D51E14
SHA-512:	7653D88C3D10093AEB7DBAC693835EF6F6BBFD2813204A959CAFB4F430A50F81B4D938836C2708E7C3A9EC9851BF236C6AB033F737453BACE708F03CB6BA26D8
Malicious:	false
Reputation:	low
URL:	https://federalfinancialnewsnetwork.net/machform/js/jquery.min.js?bdffc4
Preview:	/! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

Chrome Cache Entry: 116

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 111 x 40, 8-bit/color RGBA, interlaced
Category:	dropped
Size (bytes):	1999
Entropy (8bit):	7.375558516016921
Encrypted:	false
SSDEEP:	48:yiwitNn2cuKaJ3ClYnrE2jURpFe2+kDW6z1+kZmdVV:yU2DK1lYnrE2KpL+kDWLkcdVV
MD5:	8F217500ED775DBAE67E47A74ABB7DD4
SHA1:	EF741E4385F28460D99F9EF8AF3F1C42DCF8C794
SHA-256:	C93D16C41461795EB205A1C08BD089AC97842F4AA8924E7E7B699274B52957FC
SHA-512:	9409B8AD74B48AD8CED340444A6BCA5A16BD010105D6D0BFFA78542A15F734BF6B29ED40D994A5460806F9C2A4C923D1C6788208611CB7DC1923FA672A863C25
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...o...(........"....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Macintosh" xmpMM:InstanceID="xmp.iid:CA35E1D0013311E1B58E992925A5DFC0" xmpMM:DocumentID="xmp.did:CA35E1D1013311E1B58E992925A5DFC0"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:CA35E1CE013311E1B58E992925A5DFC0" stRef:documentID="xmp.did:CA35E1CF013311E1B58E992925A5DFC0"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.]....CIDATx.b...?.9...L...w...P...3@..P...X.:....X.J....'.q....1##.~.. F....Z.( .......(.`.9.......4....G.."[#5.....`

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 2, 2024 01:49:03.094284058 CEST	49678	443	192.168.2.4	104.46.162.224
Jul 2, 2024 01:49:04.469172955 CEST	49675	443	192.168.2.4	173.222.162.32
Jul 2, 2024 01:49:13.650310040 CEST	49735	80	192.168.2.4	3.232.182.1
Jul 2, 2024 01:49:13.650767088 CEST	49736	80	192.168.2.4	3.232.182.1
Jul 2, 2024 01:49:13.655102968 CEST	80	49735	3.232.182.1	192.168.2.4
Jul 2, 2024 01:49:13.655528069 CEST	80	49736	3.232.182.1	192.168.2.4
Jul 2, 2024 01:49:13.655631065 CEST	49735	80	192.168.2.4	3.232.182.1
Jul 2, 2024 01:49:13.655631065 CEST	49736	80	192.168.2.4	3.232.182.1
Jul 2, 2024 01:49:13.658394098 CEST	49736	80	192.168.2.4	3.232.182.1
Jul 2, 2024 01:49:13.663145065 CEST	80	49736	3.232.182.1	192.168.2.4
Jul 2, 2024 01:49:14.070146084 CEST	49675	443	192.168.2.4	173.222.162.32
Jul 2, 2024 01:49:14.135552883 CEST	80	49736	3.232.182.1	192.168.2.4
Jul 2, 2024 01:49:14.177566051 CEST	49736	80	192.168.2.4	3.232.182.1
Jul 2, 2024 01:49:14.193355083 CEST	49738	443	192.168.2.4	3.232.182.1
Jul 2, 2024 01:49:14.193392992 CEST	443	49738	3.232.182.1	192.168.2.4
Jul 2, 2024 01:49:14.193451881 CEST	49738	443	192.168.2.4	3.232.182.1
Jul 2, 2024 01:49:14.194185972 CEST	49738	443	192.168.2.4	3.232.182.1
Jul 2, 2024 01:49:14.194200993 CEST	443	49738	3.232.182.1	192.168.2.4
Jul 2, 2024 01:49:14.808696985 CEST	443	49738	3.232.182.1	192.168.2.4
Jul 2, 2024 01:49:14.809209108 CEST	49738	443	192.168.2.4	3.232.182.1
Jul 2, 2024 01:49:14.809243917 CEST	443	49738	3.232.182.1	192.168.2.4
Jul 2, 2024 01:49:14.810293913 CEST	443	49738	3.232.182.1	192.168.2.4
Jul 2, 2024 01:49:14.810364962 CEST	49738	443	192.168.2.4	3.232.182.1
Jul 2, 2024 01:49:14.811734915 CEST	49738	443	192.168.2.4	3.232.182.1
Jul 2, 2024 01:49:14.811803102 CEST	443	49738	3.232.182.1	192.168.2.4
Jul 2, 2024 01:49:14.812319994 CEST	49738	443	192.168.2.4	3.232.182.1
Jul 2, 2024 01:49:14.812328100 CEST	443	49738	3.232.182.1	192.168.2.4
Jul 2, 2024 01:49:14.858364105 CEST	49738	443	192.168.2.4	3.232.182.1
Jul 2, 2024 01:49:15.151716948 CEST	443	49738	3.232.182.1	192.168.2.4
Jul 2, 2024 01:49:15.151799917 CEST	443	49738	3.232.182.1	192.168.2.4
Jul 2, 2024 01:49:15.151856899 CEST	49738	443	192.168.2.4	3.232.182.1
Jul 2, 2024 01:49:15.154328108 CEST	49738	443	192.168.2.4	3.232.182.1
Jul 2, 2024 01:49:15.154350042 CEST	443	49738	3.232.182.1	192.168.2.4
Jul 2, 2024 01:49:15.354427099 CEST	49740	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:15.354468107 CEST	443	49740	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:15.354533911 CEST	49740	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:15.355088949 CEST	49740	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:15.355103016 CEST	443	49740	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:16.048818111 CEST	443	49740	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:16.076311111 CEST	49740	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:16.076327085 CEST	443	49740	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:16.078022003 CEST	443	49740	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:16.078088999 CEST	49740	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:16.084598064 CEST	49740	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:16.084686041 CEST	443	49740	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:16.085485935 CEST	49740	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:16.085494041 CEST	443	49740	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:16.139100075 CEST	49740	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:16.307003975 CEST	49741	443	192.168.2.4	142.250.184.196
Jul 2, 2024 01:49:16.307043076 CEST	443	49741	142.250.184.196	192.168.2.4
Jul 2, 2024 01:49:16.307219028 CEST	49741	443	192.168.2.4	142.250.184.196
Jul 2, 2024 01:49:16.311650038 CEST	49741	443	192.168.2.4	142.250.184.196
Jul 2, 2024 01:49:16.311666965 CEST	443	49741	142.250.184.196	192.168.2.4
Jul 2, 2024 01:49:16.513401031 CEST	49742	443	192.168.2.4	184.28.90.27
Jul 2, 2024 01:49:16.513437986 CEST	443	49742	184.28.90.27	192.168.2.4
Jul 2, 2024 01:49:16.513535023 CEST	49742	443	192.168.2.4	184.28.90.27
Jul 2, 2024 01:49:16.515764952 CEST	49742	443	192.168.2.4	184.28.90.27
Jul 2, 2024 01:49:16.515779018 CEST	443	49742	184.28.90.27	192.168.2.4
Jul 2, 2024 01:49:16.527520895 CEST	443	49740	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:16.527556896 CEST	443	49740	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:16.527575970 CEST	443	49740	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:16.527652979 CEST	49740	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:16.527664900 CEST	443	49740	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:16.527797937 CEST	49740	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:16.527803898 CEST	443	49740	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:16.527848005 CEST	443	49740	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:16.529329062 CEST	49740	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:16.529336929 CEST	443	49740	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:16.529365063 CEST	49740	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:16.577956915 CEST	49743	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:16.577971935 CEST	443	49743	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:16.578126907 CEST	49743	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:16.579679966 CEST	49744	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:16.579765081 CEST	443	49744	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:16.579840899 CEST	49745	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:16.579862118 CEST	49744	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:16.579900026 CEST	443	49745	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:16.580161095 CEST	49745	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:16.580739021 CEST	49746	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:16.580749035 CEST	443	49746	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:16.580852032 CEST	49746	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:16.581990957 CEST	49743	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:16.581994057 CEST	49747	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:16.582004070 CEST	443	49743	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:16.582017899 CEST	443	49747	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:16.582340956 CEST	49744	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:16.582379103 CEST	443	49744	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:16.582413912 CEST	49747	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:16.582658052 CEST	49745	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:16.582679033 CEST	443	49745	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:16.583000898 CEST	49746	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:16.583009958 CEST	49747	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:16.583013058 CEST	443	49746	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:16.583038092 CEST	443	49747	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:16.967709064 CEST	443	49741	142.250.184.196	192.168.2.4
Jul 2, 2024 01:49:16.971656084 CEST	49741	443	192.168.2.4	142.250.184.196
Jul 2, 2024 01:49:16.971673012 CEST	443	49741	142.250.184.196	192.168.2.4
Jul 2, 2024 01:49:16.973459959 CEST	443	49741	142.250.184.196	192.168.2.4
Jul 2, 2024 01:49:16.973619938 CEST	49741	443	192.168.2.4	142.250.184.196
Jul 2, 2024 01:49:17.169161081 CEST	443	49742	184.28.90.27	192.168.2.4
Jul 2, 2024 01:49:17.169244051 CEST	49742	443	192.168.2.4	184.28.90.27
Jul 2, 2024 01:49:17.171838045 CEST	49742	443	192.168.2.4	184.28.90.27
Jul 2, 2024 01:49:17.171847105 CEST	443	49742	184.28.90.27	192.168.2.4
Jul 2, 2024 01:49:17.172080040 CEST	443	49742	184.28.90.27	192.168.2.4
Jul 2, 2024 01:49:17.220331907 CEST	49742	443	192.168.2.4	184.28.90.27
Jul 2, 2024 01:49:17.251568079 CEST	443	49743	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.252177954 CEST	49743	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.252192974 CEST	443	49743	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.252676010 CEST	443	49743	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.253349066 CEST	49743	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.253431082 CEST	443	49743	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.253684044 CEST	49743	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.255110025 CEST	443	49746	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.255462885 CEST	49746	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.255491972 CEST	443	49746	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.255671978 CEST	443	49744	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.255856991 CEST	49744	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.255902052 CEST	443	49744	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.256381989 CEST	443	49744	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.256521940 CEST	443	49746	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.256577015 CEST	49746	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.256939888 CEST	49744	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.257035017 CEST	443	49744	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.257725954 CEST	49746	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.257786036 CEST	443	49746	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.258213997 CEST	49744	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.258255959 CEST	49746	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.258265972 CEST	443	49746	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.258280993 CEST	443	49745	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.258658886 CEST	49745	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.258667946 CEST	443	49745	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.259670973 CEST	443	49745	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.259723902 CEST	49745	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.260288000 CEST	49745	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.260349035 CEST	443	49745	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.260440111 CEST	49745	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.260447979 CEST	443	49745	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.264498949 CEST	443	49742	184.28.90.27	192.168.2.4
Jul 2, 2024 01:49:17.290333986 CEST	443	49747	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.290585995 CEST	49747	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.290622950 CEST	443	49747	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.292068005 CEST	443	49747	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.292133093 CEST	49747	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.292684078 CEST	49747	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.292768955 CEST	443	49747	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.292962074 CEST	49747	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.292979002 CEST	443	49747	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.300497055 CEST	443	49743	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.300509930 CEST	443	49744	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.306265116 CEST	49746	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.306265116 CEST	49745	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.343872070 CEST	49747	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.390073061 CEST	49741	443	192.168.2.4	142.250.184.196
Jul 2, 2024 01:49:17.390307903 CEST	443	49741	142.250.184.196	192.168.2.4
Jul 2, 2024 01:49:17.396281958 CEST	443	49743	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.396311998 CEST	443	49743	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.396332026 CEST	443	49743	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.396364927 CEST	49743	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.396378040 CEST	443	49743	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.396400928 CEST	49743	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.396426916 CEST	49743	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.399311066 CEST	443	49744	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.399338961 CEST	443	49744	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.399362087 CEST	443	49744	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.399395943 CEST	49744	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.399420977 CEST	443	49744	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.399442911 CEST	443	49744	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.399471045 CEST	49744	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.399516106 CEST	49744	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.407298088 CEST	443	49746	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.407320023 CEST	443	49746	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.407327890 CEST	443	49746	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.407341003 CEST	443	49746	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.407366991 CEST	49746	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.407370090 CEST	443	49746	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.407393932 CEST	443	49746	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.407414913 CEST	49746	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.407414913 CEST	49746	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.407433987 CEST	49746	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.410352945 CEST	49744	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.410382032 CEST	443	49744	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.413439989 CEST	443	49745	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.413458109 CEST	443	49745	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.413465977 CEST	443	49745	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.413475037 CEST	443	49745	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.413496017 CEST	443	49745	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.413513899 CEST	49745	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.413522959 CEST	443	49745	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.413542986 CEST	49745	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.413563013 CEST	49745	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.432461977 CEST	49741	443	192.168.2.4	142.250.184.196
Jul 2, 2024 01:49:17.432476997 CEST	443	49741	142.250.184.196	192.168.2.4
Jul 2, 2024 01:49:17.473938942 CEST	49741	443	192.168.2.4	142.250.184.196
Jul 2, 2024 01:49:17.652144909 CEST	443	49742	184.28.90.27	192.168.2.4
Jul 2, 2024 01:49:17.652220011 CEST	443	49742	184.28.90.27	192.168.2.4
Jul 2, 2024 01:49:17.652270079 CEST	49742	443	192.168.2.4	184.28.90.27
Jul 2, 2024 01:49:17.652637959 CEST	443	49743	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.652652025 CEST	443	49743	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.652683973 CEST	443	49743	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.652695894 CEST	49743	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.652750969 CEST	49743	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.652755976 CEST	443	49743	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.652796984 CEST	49743	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.652890921 CEST	49742	443	192.168.2.4	184.28.90.27
Jul 2, 2024 01:49:17.652904987 CEST	443	49742	184.28.90.27	192.168.2.4
Jul 2, 2024 01:49:17.653105974 CEST	443	49746	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.653116941 CEST	443	49746	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.653155088 CEST	443	49746	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.653171062 CEST	49746	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.653208017 CEST	443	49746	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.653223991 CEST	49746	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.653249025 CEST	49746	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.653620005 CEST	443	49746	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.653624058 CEST	443	49745	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.653634071 CEST	443	49745	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.653636932 CEST	443	49746	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.653673887 CEST	443	49745	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.653712988 CEST	49746	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.653712988 CEST	49745	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.653712988 CEST	49746	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.653722048 CEST	443	49746	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.653733969 CEST	443	49745	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.653752089 CEST	49745	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.653786898 CEST	49746	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.653860092 CEST	49745	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.654381037 CEST	443	49745	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.654414892 CEST	443	49743	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.654441118 CEST	443	49743	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.654448986 CEST	49745	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.654448986 CEST	443	49745	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.654501915 CEST	49743	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.654509068 CEST	443	49743	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.654511929 CEST	49745	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.654565096 CEST	49743	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.656008959 CEST	443	49747	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.656037092 CEST	443	49747	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.656047106 CEST	443	49747	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.656074047 CEST	443	49747	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.656083107 CEST	443	49747	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.656091928 CEST	443	49747	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.656085014 CEST	49747	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.656151056 CEST	49747	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.656151056 CEST	49747	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.656196117 CEST	443	49747	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.656219959 CEST	443	49747	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.656250954 CEST	49747	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.656265020 CEST	443	49747	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.656289101 CEST	49747	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.656299114 CEST	443	49747	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.656337976 CEST	49747	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.656924009 CEST	443	49743	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.656965017 CEST	49743	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.656970978 CEST	443	49743	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.656991959 CEST	443	49743	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.657011986 CEST	49743	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.657042980 CEST	49743	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.658588886 CEST	443	49746	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.658605099 CEST	443	49746	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.658641100 CEST	49746	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.658651114 CEST	443	49746	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.658685923 CEST	49746	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.658698082 CEST	49746	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.661351919 CEST	443	49746	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.661381006 CEST	443	49746	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.661407948 CEST	49746	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.661416054 CEST	443	49746	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.661454916 CEST	49746	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.662131071 CEST	443	49746	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.662175894 CEST	443	49746	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.662216902 CEST	49746	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.688668966 CEST	49745	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.688709974 CEST	443	49745	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.700548887 CEST	49743	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.700561047 CEST	443	49743	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.715050936 CEST	49746	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.715071917 CEST	443	49746	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.739475965 CEST	49747	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.739523888 CEST	443	49747	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.976814032 CEST	49748	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.976866007 CEST	443	49748	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.976923943 CEST	49748	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.977763891 CEST	49749	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.977818966 CEST	443	49749	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.977889061 CEST	49749	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.980562925 CEST	49748	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.980578899 CEST	443	49748	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:17.981247902 CEST	49749	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:17.981281996 CEST	443	49749	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:18.073539972 CEST	49751	443	192.168.2.4	184.28.90.27
Jul 2, 2024 01:49:18.073568106 CEST	443	49751	184.28.90.27	192.168.2.4
Jul 2, 2024 01:49:18.073627949 CEST	49751	443	192.168.2.4	184.28.90.27
Jul 2, 2024 01:49:18.074681997 CEST	49751	443	192.168.2.4	184.28.90.27
Jul 2, 2024 01:49:18.074695110 CEST	443	49751	184.28.90.27	192.168.2.4
Jul 2, 2024 01:49:18.649322033 CEST	443	49748	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:18.649610043 CEST	49748	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:18.649633884 CEST	443	49748	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:18.650103092 CEST	443	49748	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:18.650513887 CEST	49748	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:18.650513887 CEST	49748	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:18.650530100 CEST	443	49748	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:18.650608063 CEST	443	49748	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:18.665077925 CEST	443	49749	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:18.665291071 CEST	49749	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:18.665323973 CEST	443	49749	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:18.665663004 CEST	443	49749	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:18.666111946 CEST	49749	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:18.666111946 CEST	49749	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:18.666165113 CEST	443	49749	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:18.666220903 CEST	443	49749	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:18.705883980 CEST	49748	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:18.705889940 CEST	49749	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:18.719201088 CEST	443	49751	184.28.90.27	192.168.2.4
Jul 2, 2024 01:49:18.719269991 CEST	49751	443	192.168.2.4	184.28.90.27
Jul 2, 2024 01:49:18.720532894 CEST	49751	443	192.168.2.4	184.28.90.27
Jul 2, 2024 01:49:18.720542908 CEST	443	49751	184.28.90.27	192.168.2.4
Jul 2, 2024 01:49:18.720748901 CEST	443	49751	184.28.90.27	192.168.2.4
Jul 2, 2024 01:49:18.721865892 CEST	49751	443	192.168.2.4	184.28.90.27
Jul 2, 2024 01:49:18.768496037 CEST	443	49751	184.28.90.27	192.168.2.4
Jul 2, 2024 01:49:18.788103104 CEST	443	49748	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:18.788127899 CEST	443	49748	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:18.788233042 CEST	49748	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:18.788249969 CEST	443	49748	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:18.788472891 CEST	49748	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:18.788532972 CEST	443	49748	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:18.788614988 CEST	443	49748	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:18.789046049 CEST	49748	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:18.789057016 CEST	443	49748	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:18.789084911 CEST	49748	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:18.809230089 CEST	443	49749	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:18.809252024 CEST	443	49749	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:18.809322119 CEST	49749	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:18.809349060 CEST	443	49749	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:18.809834957 CEST	49749	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:18.809883118 CEST	443	49749	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:18.809951067 CEST	49749	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:18.997719049 CEST	443	49751	184.28.90.27	192.168.2.4
Jul 2, 2024 01:49:18.997767925 CEST	443	49751	184.28.90.27	192.168.2.4
Jul 2, 2024 01:49:18.998583078 CEST	49751	443	192.168.2.4	184.28.90.27
Jul 2, 2024 01:49:18.998583078 CEST	49751	443	192.168.2.4	184.28.90.27
Jul 2, 2024 01:49:18.998608112 CEST	49751	443	192.168.2.4	184.28.90.27
Jul 2, 2024 01:49:18.998625040 CEST	443	49751	184.28.90.27	192.168.2.4
Jul 2, 2024 01:49:19.109196901 CEST	49752	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:19.109239101 CEST	443	49752	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:19.109535933 CEST	49752	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:19.111654997 CEST	49752	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:19.111670017 CEST	443	49752	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:19.138315916 CEST	80	49736	3.232.182.1	192.168.2.4
Jul 2, 2024 01:49:19.138367891 CEST	49736	80	192.168.2.4	3.232.182.1
Jul 2, 2024 01:49:19.202406883 CEST	49736	80	192.168.2.4	3.232.182.1
Jul 2, 2024 01:49:19.207094908 CEST	80	49736	3.232.182.1	192.168.2.4
Jul 2, 2024 01:49:19.276813984 CEST	49753	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:19.276871920 CEST	443	49753	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:19.276921988 CEST	49754	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:19.276951075 CEST	443	49754	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:19.276973963 CEST	49753	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:19.277024984 CEST	49754	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:19.277333021 CEST	49754	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:19.277365923 CEST	443	49754	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:19.277506113 CEST	49753	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:19.277530909 CEST	443	49753	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:19.854459047 CEST	443	49752	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:19.855329037 CEST	49752	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:19.855355978 CEST	443	49752	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:19.856838942 CEST	443	49752	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:19.856892109 CEST	49752	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:19.857939959 CEST	49752	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:19.858033895 CEST	443	49752	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:19.858130932 CEST	49752	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:19.858139038 CEST	443	49752	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:19.908315897 CEST	49752	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:19.954092979 CEST	443	49753	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:19.997251987 CEST	443	49754	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:20.000436068 CEST	49753	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:20.000478983 CEST	443	49753	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:20.000632048 CEST	49754	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:20.000650883 CEST	443	49754	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:20.001784086 CEST	443	49753	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:20.001856089 CEST	49753	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:20.002515078 CEST	443	49752	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:20.002594948 CEST	443	49752	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:20.002644062 CEST	49752	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:20.003087997 CEST	49753	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:20.003163099 CEST	443	49753	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:20.004026890 CEST	49753	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:20.004045010 CEST	443	49753	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:20.004731894 CEST	443	49754	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:20.004865885 CEST	49754	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:20.008294106 CEST	49754	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:20.008469105 CEST	49754	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:20.008477926 CEST	443	49754	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:20.009583950 CEST	49752	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:20.009604931 CEST	443	49752	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:20.048954010 CEST	49753	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:20.048954010 CEST	49754	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:20.048999071 CEST	443	49754	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:20.095818043 CEST	49754	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:20.178352118 CEST	443	49753	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:20.178375006 CEST	443	49753	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:20.178438902 CEST	49753	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:20.178462029 CEST	443	49753	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:20.178481102 CEST	443	49753	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:20.178527117 CEST	49753	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:20.178559065 CEST	49753	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:20.178965092 CEST	49753	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:20.178996086 CEST	443	49753	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:20.184660912 CEST	443	49754	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:20.184708118 CEST	443	49754	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:20.184856892 CEST	443	49754	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:20.184916973 CEST	49754	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:20.185529947 CEST	49754	443	192.168.2.4	74.208.236.15
Jul 2, 2024 01:49:20.185550928 CEST	443	49754	74.208.236.15	192.168.2.4
Jul 2, 2024 01:49:25.194492102 CEST	49672	443	192.168.2.4	173.222.162.32
Jul 2, 2024 01:49:25.194529057 CEST	443	49672	173.222.162.32	192.168.2.4
Jul 2, 2024 01:49:25.195664883 CEST	49672	443	192.168.2.4	173.222.162.32
Jul 2, 2024 01:49:25.195676088 CEST	443	49672	173.222.162.32	192.168.2.4
Jul 2, 2024 01:49:27.022962093 CEST	443	49741	142.250.184.196	192.168.2.4
Jul 2, 2024 01:49:27.023032904 CEST	443	49741	142.250.184.196	192.168.2.4
Jul 2, 2024 01:49:27.023080111 CEST	49741	443	192.168.2.4	142.250.184.196
Jul 2, 2024 01:49:28.158607960 CEST	49741	443	192.168.2.4	142.250.184.196
Jul 2, 2024 01:49:28.158631086 CEST	443	49741	142.250.184.196	192.168.2.4
Jul 2, 2024 01:49:35.182300091 CEST	57291	53	192.168.2.4	1.1.1.1
Jul 2, 2024 01:49:35.187191963 CEST	53	57291	1.1.1.1	192.168.2.4
Jul 2, 2024 01:49:35.187253952 CEST	57291	53	192.168.2.4	1.1.1.1
Jul 2, 2024 01:49:35.187338114 CEST	57291	53	192.168.2.4	1.1.1.1
Jul 2, 2024 01:49:35.192181110 CEST	53	57291	1.1.1.1	192.168.2.4
Jul 2, 2024 01:49:35.674848080 CEST	53	57291	1.1.1.1	192.168.2.4
Jul 2, 2024 01:49:35.695805073 CEST	57291	53	192.168.2.4	1.1.1.1
Jul 2, 2024 01:49:35.703424931 CEST	53	57291	1.1.1.1	192.168.2.4
Jul 2, 2024 01:49:35.703483105 CEST	57291	53	192.168.2.4	1.1.1.1
Jul 2, 2024 01:49:58.655909061 CEST	49735	80	192.168.2.4	3.232.182.1
Jul 2, 2024 01:49:58.660778046 CEST	80	49735	3.232.182.1	192.168.2.4
Jul 2, 2024 01:50:14.158844948 CEST	49735	80	192.168.2.4	3.232.182.1
Jul 2, 2024 01:50:14.469786882 CEST	49735	80	192.168.2.4	3.232.182.1
Jul 2, 2024 01:50:14.659475088 CEST	80	49735	3.232.182.1	192.168.2.4
Jul 2, 2024 01:50:14.659574032 CEST	49735	80	192.168.2.4	3.232.182.1
Jul 2, 2024 01:50:14.660455942 CEST	80	49735	3.232.182.1	192.168.2.4
Jul 2, 2024 01:50:16.302474022 CEST	57295	443	192.168.2.4	142.250.184.196
Jul 2, 2024 01:50:16.302525043 CEST	443	57295	142.250.184.196	192.168.2.4
Jul 2, 2024 01:50:16.305931091 CEST	57295	443	192.168.2.4	142.250.184.196
Jul 2, 2024 01:50:16.306498051 CEST	57295	443	192.168.2.4	142.250.184.196
Jul 2, 2024 01:50:16.306524992 CEST	443	57295	142.250.184.196	192.168.2.4
Jul 2, 2024 01:50:16.949738979 CEST	443	57295	142.250.184.196	192.168.2.4
Jul 2, 2024 01:50:16.953741074 CEST	57295	443	192.168.2.4	142.250.184.196
Jul 2, 2024 01:50:16.953779936 CEST	443	57295	142.250.184.196	192.168.2.4
Jul 2, 2024 01:50:16.954118013 CEST	443	57295	142.250.184.196	192.168.2.4
Jul 2, 2024 01:50:16.959727049 CEST	57295	443	192.168.2.4	142.250.184.196
Jul 2, 2024 01:50:16.959795952 CEST	443	57295	142.250.184.196	192.168.2.4
Jul 2, 2024 01:50:17.014982939 CEST	57295	443	192.168.2.4	142.250.184.196
Jul 2, 2024 01:50:22.030844927 CEST	49723	80	192.168.2.4	2.16.164.97
Jul 2, 2024 01:50:22.035878897 CEST	80	49723	2.16.164.97	192.168.2.4
Jul 2, 2024 01:50:22.035940886 CEST	49723	80	192.168.2.4	2.16.164.97
Jul 2, 2024 01:50:26.873363018 CEST	443	57295	142.250.184.196	192.168.2.4
Jul 2, 2024 01:50:26.873428106 CEST	443	57295	142.250.184.196	192.168.2.4
Jul 2, 2024 01:50:26.873893023 CEST	57295	443	192.168.2.4	142.250.184.196
Jul 2, 2024 01:50:28.162863970 CEST	57295	443	192.168.2.4	142.250.184.196
Jul 2, 2024 01:50:28.162872076 CEST	443	57295	142.250.184.196	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 2, 2024 01:49:11.846658945 CEST	53	62926	1.1.1.1	192.168.2.4
Jul 2, 2024 01:49:11.847990036 CEST	53	65300	1.1.1.1	192.168.2.4
Jul 2, 2024 01:49:12.932938099 CEST	53	55048	1.1.1.1	192.168.2.4
Jul 2, 2024 01:49:13.598752975 CEST	50408	53	192.168.2.4	1.1.1.1
Jul 2, 2024 01:49:13.598892927 CEST	63085	53	192.168.2.4	1.1.1.1
Jul 2, 2024 01:49:13.645967007 CEST	53	50408	1.1.1.1	192.168.2.4
Jul 2, 2024 01:49:13.648850918 CEST	53	63085	1.1.1.1	192.168.2.4
Jul 2, 2024 01:49:14.138432980 CEST	55178	53	192.168.2.4	1.1.1.1
Jul 2, 2024 01:49:14.138562918 CEST	65178	53	192.168.2.4	1.1.1.1
Jul 2, 2024 01:49:14.192823887 CEST	53	65178	1.1.1.1	192.168.2.4
Jul 2, 2024 01:49:14.192924976 CEST	53	55178	1.1.1.1	192.168.2.4
Jul 2, 2024 01:49:15.159252882 CEST	56467	53	192.168.2.4	1.1.1.1
Jul 2, 2024 01:49:15.159864902 CEST	62467	53	192.168.2.4	1.1.1.1
Jul 2, 2024 01:49:15.336738110 CEST	53	62467	1.1.1.1	192.168.2.4
Jul 2, 2024 01:49:15.353770018 CEST	53	56467	1.1.1.1	192.168.2.4
Jul 2, 2024 01:49:16.254327059 CEST	58610	53	192.168.2.4	1.1.1.1
Jul 2, 2024 01:49:16.254920959 CEST	54661	53	192.168.2.4	1.1.1.1
Jul 2, 2024 01:49:16.304627895 CEST	53	58610	1.1.1.1	192.168.2.4
Jul 2, 2024 01:49:16.304727077 CEST	53	54661	1.1.1.1	192.168.2.4
Jul 2, 2024 01:49:17.986221075 CEST	53	58351	1.1.1.1	192.168.2.4
Jul 2, 2024 01:49:19.222151995 CEST	61509	53	192.168.2.4	1.1.1.1
Jul 2, 2024 01:49:19.222487926 CEST	52452	53	192.168.2.4	1.1.1.1
Jul 2, 2024 01:49:19.236243010 CEST	53	61509	1.1.1.1	192.168.2.4
Jul 2, 2024 01:49:19.279301882 CEST	53	52452	1.1.1.1	192.168.2.4
Jul 2, 2024 01:49:30.117383003 CEST	53	53857	1.1.1.1	192.168.2.4
Jul 2, 2024 01:49:33.615220070 CEST	138	138	192.168.2.4	192.168.2.255
Jul 2, 2024 01:49:35.181770086 CEST	53	51207	1.1.1.1	192.168.2.4
Jul 2, 2024 01:50:11.801306009 CEST	53	51630	1.1.1.1	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Jul 2, 2024 01:49:19.279366970 CEST	192.168.2.4	1.1.1.1	c23e	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jul 2, 2024 01:49:13.598752975 CEST	192.168.2.4	1.1.1.1	0x6959	Standard query (0)	www.preferredfederalretirement.com	A (IP address)	IN (0x0001)	false
Jul 2, 2024 01:49:13.598892927 CEST	192.168.2.4	1.1.1.1	0x38f1	Standard query (0)	www.preferredfederalretirement.com	65	IN (0x0001)	false
Jul 2, 2024 01:49:14.138432980 CEST	192.168.2.4	1.1.1.1	0xc907	Standard query (0)	www.preferredfederalretirement.com	A (IP address)	IN (0x0001)	false
Jul 2, 2024 01:49:14.138562918 CEST	192.168.2.4	1.1.1.1	0x2d79	Standard query (0)	www.preferredfederalretirement.com	65	IN (0x0001)	false
Jul 2, 2024 01:49:15.159252882 CEST	192.168.2.4	1.1.1.1	0x484b	Standard query (0)	federalfinancialnewsnetwork.net	A (IP address)	IN (0x0001)	false
Jul 2, 2024 01:49:15.159864902 CEST	192.168.2.4	1.1.1.1	0x2927	Standard query (0)	federalfinancialnewsnetwork.net	65	IN (0x0001)	false
Jul 2, 2024 01:49:16.254327059 CEST	192.168.2.4	1.1.1.1	0xb98a	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jul 2, 2024 01:49:16.254920959 CEST	192.168.2.4	1.1.1.1	0xd871	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jul 2, 2024 01:49:19.222151995 CEST	192.168.2.4	1.1.1.1	0xb90c	Standard query (0)	federalfinancialnewsnetwork.net	A (IP address)	IN (0x0001)	false
Jul 2, 2024 01:49:19.222487926 CEST	192.168.2.4	1.1.1.1	0xab98	Standard query (0)	federalfinancialnewsnetwork.net	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jul 2, 2024 01:49:13.645967007 CEST	1.1.1.1	192.168.2.4	0x6959	No error (0)	www.preferredfederalretirement.com		3.232.182.1	A (IP address)	IN (0x0001)	false
Jul 2, 2024 01:49:14.192924976 CEST	1.1.1.1	192.168.2.4	0xc907	No error (0)	www.preferredfederalretirement.com		3.232.182.1	A (IP address)	IN (0x0001)	false
Jul 2, 2024 01:49:15.353770018 CEST	1.1.1.1	192.168.2.4	0x484b	No error (0)	federalfinancialnewsnetwork.net		74.208.236.15	A (IP address)	IN (0x0001)	false
Jul 2, 2024 01:49:16.304627895 CEST	1.1.1.1	192.168.2.4	0xb98a	No error (0)	www.google.com		142.250.184.196	A (IP address)	IN (0x0001)	false
Jul 2, 2024 01:49:16.304727077 CEST	1.1.1.1	192.168.2.4	0xd871	No error (0)	www.google.com			65	IN (0x0001)	false
Jul 2, 2024 01:49:19.236243010 CEST	1.1.1.1	192.168.2.4	0xb90c	No error (0)	federalfinancialnewsnetwork.net		74.208.236.15	A (IP address)	IN (0x0001)	false
Jul 2, 2024 01:49:27.919962883 CEST	1.1.1.1	192.168.2.4	0x1117	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 2, 2024 01:49:27.919962883 CEST	1.1.1.1	192.168.2.4	0x1117	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.preferredfederalretirement.com

federalfinancialnewsnetwork.net

https:

fs.microsoft.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49736	3.232.182.1	80	1668	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 01:49:13.658394098 CEST	616	OUT	GET /lists/lt.php?tid=cU9XVlEFBVFdBx4CVFNVFAEFB1UeAwsPUhgLBABTU1YJAlICUAdJVlFTVVUGBFcUUAdUVB5VX1pVGABXUQ4cUwpQUwZdUQcHUgZXSgIEAlhWAVIDHlVYC1UYDFUFBRxaD1dUGlMGDAdSVAoCBgIFXw HTTP/1.1 Host: www.preferredfederalretirement.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jul 2, 2024 01:49:14.135552883 CEST	879	IN	HTTP/1.1 301 Moved Permanently Date: Mon, 01 Jul 2024 23:49:14 GMT Server: Apache/2.4.58 () OpenSSL/1.0.2k-fips Location: https://www.preferredfederalretirement.com/lists/lt.php?tid=cU9XVlEFBVFdBx4CVFNVFAEFB1UeAwsPUhgLBABTU1YJAlICUAdJVlFTVVUGBFcUUAdUVB5VX1pVGABXUQ4cUwpQUwZdUQcHUgZXSgIEAlhWAVIDHlVYC1UYDFUFBRxaD1dUGlMGDAdSVAoCBgIFXw Content-Length: 418 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 70 72 65 66 65 72 72 65 64 66 65 64 65 72 61 6c 72 65 74 69 72 65 6d 65 6e 74 2e 63 6f 6d 2f 6c 69 73 74 73 2f 6c 74 2e 70 68 70 3f 74 69 64 3d 63 55 39 58 56 6c 45 46 42 56 46 64 42 78 34 43 56 46 4e 56 46 41 45 46 42 31 55 65 41 77 73 50 55 68 67 4c 42 41 42 54 55 31 59 4a 41 6c 49 43 55 41 64 4a 56 6c 46 54 56 56 55 47 42 46 63 55 55 41 64 55 56 42 35 56 58 31 70 56 47 41 42 58 55 51 34 63 55 77 70 51 55 77 5a 64 55 51 63 48 55 67 5a 58 53 [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://www.preferredfederalretirement.com/lists/lt.php?tid=cU9XVlEFBVFdBx4CVFNVFAEFB1UeAwsPUhgLBABTU1YJAlICUAdJVlFTVVUGBFcUUAdUVB5VX1pVGABXUQ4cUwpQUwZdUQcHUgZXSgIEAlhWAVIDHlVYC1UYDFUFBRxaD1dUGlMGDAdSVAoCBgIFXw">here</a>.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49735	3.232.182.1	80	1668	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 01:49:58.655909061 CEST	6	OUT	Data Raw: 00 Data Ascii:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49738	3.232.182.1	443	1668	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-01 23:49:14 UTC	844	OUT	GET /lists/lt.php?tid=cU9XVlEFBVFdBx4CVFNVFAEFB1UeAwsPUhgLBABTU1YJAlICUAdJVlFTVVUGBFcUUAdUVB5VX1pVGABXUQ4cUwpQUwZdUQcHUgZXSgIEAlhWAVIDHlVYC1UYDFUFBRxaD1dUGlMGDAdSVAoCBgIFXw HTTP/1.1 Host: www.preferredfederalretirement.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-01 23:49:15 UTC	512	IN	HTTP/1.1 303 See Other Date: Mon, 01 Jul 2024 23:49:14 GMT Server: Apache/2.4.58 () OpenSSL/1.0.2k-fips X-Powered-By: PHP/5.4.16 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: PHPSESSID=3901s81hmeaodo78dvk96j0v43; path=/ Upgrade: h2,h2c Connection: Upgrade, close Location: https://federalfinancialnewsnetwork.net/machform/view.php?id=14648 Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49740	74.208.236.15	443	1668	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-01 23:49:16 UTC	700	OUT	GET /machform/view.php?id=14648 HTTP/1.1 Host: federalfinancialnewsnetwork.net Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-01 23:49:16 UTC	470	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Date: Mon, 01 Jul 2024 23:49:16 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=7e0dc557097e3e196f2ce35b948c5db5; path=/; secure; SameSite=None Set-Cookie: mf_has_cookie=1; expires=Tue, 02-Jul-2024 23:49:16 GMT; Max-Age=86400; path=/; secure; SameSite=None
2024-07-01 23:49:16 UTC	6003	IN	Data Raw: 31 37 36 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 Data Ascii: 1766<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/ht

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49742	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-07-01 23:49:17 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-07-01 23:49:17 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=231587 Date: Mon, 01 Jul 2024 23:49:17 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49743	74.208.236.15	443	1668	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-01 23:49:17 UTC	700	OUT	GET /machform/data/form_14648/css/view.css?bdffc4 HTTP/1.1 Host: federalfinancialnewsnetwork.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://federalfinancialnewsnetwork.net/machform/view.php?id=14648 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=7e0dc557097e3e196f2ce35b948c5db5; mf_has_cookie=1
2024-07-01 23:49:17 UTC	234	IN	HTTP/1.1 200 OK Content-Type: text/css Content-Length: 52658 Connection: close Date: Mon, 01 Jul 2024 23:49:17 GMT Server: Apache Last-Modified: Sat, 22 Jun 2024 14:38:04 GMT ETag: "cdb2-61b7b7eea6195" Accept-Ranges: bytes
2024-07-01 23:49:17 UTC	16150	IN	Data Raw: 68 74 6d 6c 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 27 2e 2e 2f 2e 2e 2f 2e 2e 2f 69 6d 61 67 65 73 2f 66 6f 72 6d 5f 72 65 73 6f 75 72 63 65 73 2f 67 72 65 79 2d 6d 69 6c 64 2e 70 6e 67 27 29 20 72 65 70 65 61 74 20 73 63 72 6f 6c 6c 20 30 20 30 20 23 65 63 65 63 65 63 3b 0a 7d 0a 0a 23 6d 61 69 6e 5f 62 6f 64 79 0a 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 4c 75 63 69 64 61 20 47 72 61 6e 64 65 22 2c 20 54 61 68 6f 6d 61 2c 20 41 72 69 61 6c 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 73 6d 61 6c 6c 3b 0a 09 6d 61 72 67 69 6e 3a 32 30 70 78 20 30 20 35 30 70 78 3b 0a 09 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 0a 7d 0a 0a 23 66 6f 72 6d 5f 63 6f 6e 74 61 69 6e Data Ascii: html{background: url('../../../images/form_resources/grey-mild.png') repeat scroll 0 0 #ececec;}#main_body{font-family:"Lucida Grande", Tahoma, Arial, Verdana, sans-serif;font-size:small;margin:20px 0 50px;text-align:center;}#form_contain
2024-07-01 23:49:17 UTC	16384	IN	Data Raw: 20 73 70 61 6e 2e 72 69 67 68 74 7b 0a 09 77 69 64 74 68 3a 20 34 39 25 3b 0a 09 66 6c 6f 61 74 3a 20 72 69 67 68 74 3b 0a 7d 0a 23 6d 61 69 6e 5f 62 6f 64 79 20 66 6f 72 6d 20 6c 69 2e 61 64 64 72 65 73 73 20 2a 20 7b 0a 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 7d 0a 23 6d 61 69 6e 5f 62 6f 64 79 20 6c 69 2e 61 64 64 72 65 73 73 20 69 6e 70 75 74 2e 6c 61 72 67 65 7b 0a 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 7d 0a 23 6d 61 69 6e 5f 62 6f 64 79 20 6c 69 2e 61 64 64 72 65 73 73 20 2e 72 69 67 68 74 2e 73 74 61 74 65 5f 6c 69 73 74 20 69 6e 70 75 74 2e 6c 61 72 67 65 7b 0a 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 7d 0a 23 6d 61 69 6e 5f 62 6f 64 79 20 6c 69 2e 61 64 64 72 65 73 73 20 73 65 6c 65 63 74 2e 6c 61 72 67 65 Data Ascii: span.right{width: 49%;float: right;}#main_body form li.address * {box-sizing: border-box;}#main_body li.address input.large{width: 100%;}#main_body li.address .right.state_list input.large{width: 100%;}#main_body li.address select.large
2024-07-01 23:49:17 UTC	16384	IN	Data Raw: 61 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 28 2d 38 64 65 67 29 20 73 6b 65 77 28 2d 34 64 65 67 29 3b 0a 7d 0a 0a 0a 0a 2f 2a 2a 2a 20 53 48 41 44 4f 57 20 50 52 4f 4a 45 43 54 49 4f 4e 20 4c 45 4e 47 54 48 20 2a 2a 2a 2f 0a 0a 2e 52 57 53 6d 61 6c 6c 3a 62 65 66 6f 72 65 2c 20 2e 52 57 53 6d 61 6c 6c 3a 61 66 74 65 72 20 7b 0a 09 77 69 64 74 68 3a 20 31 35 30 70 78 3b 0a 7d 0a 0a 2e 73 6d 61 6c 6c 42 6f 78 2e 52 57 53 6d 61 6c 6c 3a 62 65 66 6f 72 65 2c 20 2e 73 6d 61 6c 6c 42 6f 78 2e 52 57 53 6d 61 6c 6c 3a 61 66 74 65 72 20 7b 0a 09 77 69 64 74 68 3a 20 33 30 70 78 3b 0a 7d 0a 0a 2e 52 57 4d 65 64 69 75 6d 3a 62 65 66 6f 72 65 2c 20 2e 52 57 4d 65 64 69 75 6d 3a 61 66 74 65 72 20 7b 0a 09 77 69 64 74 68 3a 20 32 35 30 70 78 3b 0a 7d 0a 0a 2e 73 6d Data Ascii: ansform: rotate(-8deg) skew(-4deg);}/* SHADOW PROJECTION LENGTH */.RWSmall:before, .RWSmall:after {width: 150px;}.smallBox.RWSmall:before, .smallBox.RWSmall:after {width: 30px;}.RWMedium:before, .RWMedium:after {width: 250px;}.sm
2024-07-01 23:49:17 UTC	3740	IN	Data Raw: 61 64 6f 77 3a 20 30 20 34 30 70 78 20 31 35 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 36 29 3b 0a 7d 0a 0a 2e 46 4e 6f 72 6d 61 6c 3a 62 65 66 6f 72 65 2c 20 2e 46 4e 6f 72 6d 61 6c 2e 73 61 66 61 72 69 20 2e 62 65 66 6f 72 65 20 7b 0a 09 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 35 30 70 78 20 35 30 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 35 29 3b 0a 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 35 30 70 78 20 35 30 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 35 29 3b 0a 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 35 30 70 78 20 35 30 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 35 29 3b 0a 7d 0a 0a 2e 46 Data Ascii: adow: 0 40px 15px rgba(0, 0, 0, 0.6);}.FNormal:before, .FNormal.safari .before {-moz-box-shadow: 0 50px 50px rgba(255, 255, 255, 0.5);-webkit-box-shadow: 0 50px 50px rgba(255, 255, 255, 0.5);box-shadow: 0 50px 50px rgba(255, 255, 255, 0.5);}.F

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49744	74.208.236.15	443	1668	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-01 23:49:17 UTC	687	OUT	GET /machform/view.mobile.css?bdffc4 HTTP/1.1 Host: federalfinancialnewsnetwork.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://federalfinancialnewsnetwork.net/machform/view.php?id=14648 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=7e0dc557097e3e196f2ce35b948c5db5; mf_has_cookie=1
2024-07-01 23:49:17 UTC	233	IN	HTTP/1.1 200 OK Content-Type: text/css Content-Length: 8950 Connection: close Date: Mon, 01 Jul 2024 23:49:17 GMT Server: Apache Last-Modified: Mon, 20 Nov 2023 18:37:50 GMT ETag: "22f6-60a99c880e4dd" Accept-Ranges: bytes
2024-07-01 23:49:17 UTC	8950	IN	Data Raw: 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 20 3a 20 34 38 30 70 78 29 20 7b 0a 09 68 74 6d 6c 7b 0a 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 6e 6f 6e 65 3b 0a 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 7d 0a 09 23 6d 61 69 6e 5f 62 6f 64 79 7b 0a 09 09 6d 61 72 67 69 6e 3a 20 30 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 7d 0a 09 23 66 6f 72 6d 5f 63 6f 6e 74 61 69 6e 65 72 2c 23 66 6f 6f 74 65 72 7b 0a 09 09 77 69 64 74 68 3a 20 31 30 30 25 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 09 70 61 64 64 69 6e 67 3a 20 30 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 09 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 20 21 69 6d 70 6f 72 74 Data Ascii: @media only screen and (max-width : 480px) {html{background: none;background-image: none !important;}#main_body{margin: 0 !important;}#form_container,#footer{width: 100% !important;padding: 0px !important;margin: 0 auto !import

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49746	74.208.236.15	443	1668	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-01 23:49:17 UTC	674	OUT	GET /machform/js/jquery.min.js?bdffc4 HTTP/1.1 Host: federalfinancialnewsnetwork.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://federalfinancialnewsnetwork.net/machform/view.php?id=14648 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=7e0dc557097e3e196f2ce35b948c5db5; mf_has_cookie=1
2024-07-01 23:49:17 UTC	242	IN	HTTP/1.1 200 OK Content-Type: text/javascript Content-Length: 89501 Connection: close Date: Mon, 01 Jul 2024 23:49:17 GMT Server: Apache Last-Modified: Mon, 20 Nov 2023 18:36:53 GMT ETag: "15d9d-60a99c5231f00" Accept-Ranges: bytes
2024-07-01 23:49:17 UTC	16142	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 36 2e 30 20 7c 20 28 63 29 20 4f 70 65 6e 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 Data Ascii: /! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQu
2024-07-01 23:49:17 UTC	16384	IN	Data Raw: 75 72 6e 21 30 7d 69 66 28 75 3d 5b 6d 3f 63 2e 66 69 72 73 74 43 68 69 6c 64 3a 63 2e 6c 61 73 74 43 68 69 6c 64 5d 2c 6d 26 26 70 29 7b 64 3d 28 73 3d 28 72 3d 28 69 3d 28 6f 3d 28 61 3d 63 29 5b 53 5d 7c 7c 28 61 5b 53 5d 3d 7b 7d 29 29 5b 61 2e 75 6e 69 71 75 65 49 44 5d 7c 7c 28 6f 5b 61 2e 75 6e 69 71 75 65 49 44 5d 3d 7b 7d 29 29 5b 68 5d 7c 7c 5b 5d 29 5b 30 5d 3d 3d 3d 6b 26 26 72 5b 31 5d 29 26 26 72 5b 32 5d 2c 61 3d 73 26 26 63 2e 63 68 69 6c 64 4e 6f 64 65 73 5b 73 5d 3b 77 68 69 6c 65 28 61 3d 2b 2b 73 26 26 61 26 26 61 5b 6c 5d 7c 7c 28 64 3d 73 3d 30 29 7c 7c 75 2e 70 6f 70 28 29 29 69 66 28 31 3d 3d 3d 61 2e 6e 6f 64 65 54 79 70 65 26 26 2b 2b 64 26 26 61 3d 3d 3d 65 29 7b 69 5b 68 5d 3d 5b 6b 2c 73 2c 64 5d 3b 62 72 65 61 6b 7d 7d 65 6c Data Ascii: urn!0}if(u=[m?c.firstChild:c.lastChild],m&&p){d=(s=(r=(i=(o=(a=c)[S]\|\|(a[S]={}))[a.uniqueID]\|\|(o[a.uniqueID]={}))[h]\|\|[])[0]===k&&r[1])&&r[2],a=s&&c.childNodes[s];while(a=++s&&a&&a[l]\|\|(d=s=0)\|\|u.pop())if(1===a.nodeType&&++d&&a===e){i[h]=[k,s,d];break}}el
2024-07-01 23:49:17 UTC	16384	IN	Data Raw: 75 6c 6c 29 3a 28 6c 3d 74 2c 74 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 72 65 74 75 72 6e 20 6c 2e 63 61 6c 6c 28 53 28 65 29 2c 6e 29 7d 29 29 2c 74 29 29 66 6f 72 28 3b 73 3c 75 3b 73 2b 2b 29 74 28 65 5b 73 5d 2c 6e 2c 61 3f 72 3a 72 2e 63 61 6c 6c 28 65 5b 73 5d 2c 73 2c 74 28 65 5b 73 5d 2c 6e 29 29 29 3b 72 65 74 75 72 6e 20 69 3f 65 3a 6c 3f 74 2e 63 61 6c 6c 28 65 29 3a 75 3f 74 28 65 5b 30 5d 2c 6e 29 3a 6f 7d 2c 5f 3d 2f 5e 2d 6d 73 2d 2f 2c 7a 3d 2f 2d 28 5b 61 2d 7a 5d 29 2f 67 3b 66 75 6e 63 74 69 6f 6e 20 55 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 74 2e 74 6f 55 70 70 65 72 43 61 73 65 28 29 7d 66 75 6e 63 74 69 6f 6e 20 58 28 65 29 7b 72 65 74 75 72 6e 20 65 2e 72 65 70 6c 61 63 65 28 5f 2c 22 6d 73 2d 22 29 2e 72 65 70 6c 61 63 Data Ascii: ull):(l=t,t=function(e,t,n){return l.call(S(e),n)})),t))for(;s<u;s++)t(e[s],n,a?r:r.call(e[s],s,t(e[s],n)));return i?e:l?t.call(e):u?t(e[0],n):o},_=/^-ms-/,z=/-([a-z])/g;function U(e,t){return t.toUpperCase()}function X(e){return e.replace(_,"ms-").replac
2024-07-01 23:49:17 UTC	16384	IN	Data Raw: 6c 65 6e 67 74 68 3b 72 3c 69 3b 72 2b 2b 29 73 3d 6f 5b 72 5d 2c 75 3d 61 5b 72 5d 2c 76 6f 69 64 20 30 2c 22 69 6e 70 75 74 22 3d 3d 3d 28 6c 3d 75 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 26 26 70 65 2e 74 65 73 74 28 73 2e 74 79 70 65 29 3f 75 2e 63 68 65 63 6b 65 64 3d 73 2e 63 68 65 63 6b 65 64 3a 22 69 6e 70 75 74 22 21 3d 3d 6c 26 26 22 74 65 78 74 61 72 65 61 22 21 3d 3d 6c 7c 7c 28 75 2e 64 65 66 61 75 6c 74 56 61 6c 75 65 3d 73 2e 64 65 66 61 75 6c 74 56 61 6c 75 65 29 3b 69 66 28 74 29 69 66 28 6e 29 66 6f 72 28 6f 3d 6f 7c 7c 76 65 28 65 29 2c 61 3d 61 7c 7c 76 65 28 63 29 2c 72 3d 30 2c 69 3d 6f 2e 6c 65 6e 67 74 68 3b 72 3c 69 3b 72 2b 2b 29 4c 65 28 6f 5b 72 5d 2c 61 5b 72 5d 29 3b 65 6c 73 65 20 4c 65 28 65 Data Ascii: length;r<i;r++)s=o[r],u=a[r],void 0,"input"===(l=u.nodeName.toLowerCase())&&pe.test(s.type)?u.checked=s.checked:"input"!==l&&"textarea"!==l\|\|(u.defaultValue=s.defaultValue);if(t)if(n)for(o=o\|\|ve(e),a=a\|\|ve(c),r=0,i=o.length;r<i;r++)Le(o[r],a[r]);else Le(e
2024-07-01 23:49:17 UTC	16384	IN	Data Raw: 74 22 29 29 2e 76 61 6c 75 65 3d 22 74 22 2c 74 74 2e 74 79 70 65 3d 22 72 61 64 69 6f 22 2c 79 2e 72 61 64 69 6f 56 61 6c 75 65 3d 22 74 22 3d 3d 3d 74 74 2e 76 61 6c 75 65 3b 76 61 72 20 63 74 2c 66 74 3d 53 2e 65 78 70 72 2e 61 74 74 72 48 61 6e 64 6c 65 3b 53 2e 66 6e 2e 65 78 74 65 6e 64 28 7b 61 74 74 72 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 24 28 74 68 69 73 2c 53 2e 61 74 74 72 2c 65 2c 74 2c 31 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 29 7d 2c 72 65 6d 6f 76 65 41 74 74 72 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 65 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 29 7b 53 2e 72 65 6d 6f 76 65 41 74 74 72 28 74 68 69 73 2c 65 29 7d 29 7d 7d 29 2c 53 2e 65 78 74 65 6e 64 28 7b 61 74 74 Data Ascii: t")).value="t",tt.type="radio",y.radioValue="t"===tt.value;var ct,ft=S.expr.attrHandle;S.fn.extend({attr:function(e,t){return $(this,S.attr,e,t,1<arguments.length)},removeAttr:function(e){return this.each(function(){S.removeAttr(this,e)})}}),S.extend({att

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49745	74.208.236.15	443	1668	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-01 23:49:17 UTC	685	OUT	GET /machform/js/jquery-ui-1.12/effect.js?bdffc4 HTTP/1.1 Host: federalfinancialnewsnetwork.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://federalfinancialnewsnetwork.net/machform/view.php?id=14648 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=7e0dc557097e3e196f2ce35b948c5db5; mf_has_cookie=1
2024-07-01 23:49:17 UTC	241	IN	HTTP/1.1 200 OK Content-Type: text/javascript Content-Length: 40997 Connection: close Date: Mon, 01 Jul 2024 23:49:17 GMT Server: Apache Last-Modified: Mon, 20 Nov 2023 18:37:13 GMT ETag: "a025-60a99c6487647" Accept-Ranges: bytes
2024-07-01 23:49:17 UTC	16143	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 55 49 20 2d 20 76 31 2e 31 32 2e 31 20 2d 20 32 30 31 37 2d 30 39 2d 31 31 0a 2a 20 68 74 74 70 3a 2f 2f 6a 71 75 65 72 79 75 69 2e 63 6f 6d 0a 2a 20 49 6e 63 6c 75 64 65 73 3a 20 65 66 66 65 63 74 2e 6a 73 0a 2a 20 43 6f 70 79 72 69 67 68 74 20 6a 51 75 65 72 79 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 3b 20 4c 69 63 65 6e 73 65 64 20 4d 49 54 20 2a 2f 0a 0a 28 66 75 6e 63 74 69 6f 6e 28 20 66 61 63 74 6f 72 79 20 29 20 7b 0a 09 69 66 20 28 20 74 79 70 65 6f 66 20 64 65 66 69 6e 65 20 3d 3d 3d 20 22 66 75 6e 63 74 69 6f 6e 22 20 26 26 20 64 65 66 69 6e 65 2e 61 6d 64 20 29 20 7b 0a 0a 09 09 2f 2f 20 41 4d 44 2e 20 52 65 67 69 73 74 65 72 20 61 73 20 61 6e 20 61 Data Ascii: /! jQuery UI - v1.12.1 - 2017-09-11 http://jqueryui.com* Includes: effect.js* Copyright jQuery Foundation and other contributors; Licensed MIT */(function( factory ) {if ( typeof define === "function" && define.amd ) {// AMD. Register as an a
2024-07-01 23:49:17 UTC	16384	IN	Data Raw: 64 43 6f 6c 6f 72 20 21 3d 3d 20 22 74 72 61 6e 73 70 61 72 65 6e 74 22 20 3f 0a 09 09 09 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 43 6f 6c 6f 72 20 3a 0a 09 09 09 09 09 09 09 22 5f 64 65 66 61 75 6c 74 22 20 29 3b 0a 09 09 09 09 09 7d 0a 0a 09 09 09 09 09 76 61 6c 75 65 20 3d 20 76 61 6c 75 65 2e 74 6f 52 67 62 61 53 74 72 69 6e 67 28 29 3b 0a 09 09 09 09 7d 0a 09 09 09 09 74 72 79 20 7b 0a 09 09 09 09 09 65 6c 65 6d 2e 73 74 79 6c 65 5b 20 68 6f 6f 6b 20 5d 20 3d 20 76 61 6c 75 65 3b 0a 09 09 09 09 7d 20 63 61 74 63 68 20 28 20 65 20 29 20 7b 0a 0a 09 09 09 09 09 2f 2f 20 57 72 61 70 70 65 64 20 74 6f 20 70 72 65 76 65 6e 74 20 49 45 20 66 72 6f 6d 20 74 68 72 6f 77 69 6e 67 20 65 72 72 6f 72 73 20 6f 6e 20 22 69 6e 76 61 6c 69 64 22 20 76 61 6c 75 65 Data Ascii: dColor !== "transparent" ?backgroundColor :"_default" );}value = value.toRgbaString();}try {elem.style[ hook ] = value;} catch ( e ) {// Wrapped to prevent IE from throwing errors on "invalid" value
2024-07-01 23:49:17 UTC	8470	IN	Data Raw: 6e 73 2e 63 6f 6d 70 6c 65 74 65 3b 0a 0a 09 72 65 74 75 72 6e 20 65 66 66 65 63 74 3b 0a 7d 0a 0a 66 75 6e 63 74 69 6f 6e 20 73 74 61 6e 64 61 72 64 41 6e 69 6d 61 74 69 6f 6e 4f 70 74 69 6f 6e 28 20 6f 70 74 69 6f 6e 20 29 20 7b 0a 0a 09 2f 2f 20 56 61 6c 69 64 20 73 74 61 6e 64 61 72 64 20 73 70 65 65 64 73 20 28 6e 6f 74 68 69 6e 67 2c 20 6e 75 6d 62 65 72 2c 20 6e 61 6d 65 64 20 73 70 65 65 64 29 0a 09 69 66 20 28 20 21 6f 70 74 69 6f 6e 20 7c 7c 20 74 79 70 65 6f 66 20 6f 70 74 69 6f 6e 20 3d 3d 3d 20 22 6e 75 6d 62 65 72 22 20 7c 7c 20 24 2e 66 78 2e 73 70 65 65 64 73 5b 20 6f 70 74 69 6f 6e 20 5d 20 29 20 7b 0a 09 09 72 65 74 75 72 6e 20 74 72 75 65 3b 0a 09 7d 0a 0a 09 2f 2f 20 49 6e 76 61 6c 69 64 20 73 74 72 69 6e 67 73 20 2d 20 74 72 65 61 74 Data Ascii: ns.complete;return effect;}function standardAnimationOption( option ) {// Valid standard speeds (nothing, number, named speed)if ( !option \|\| typeof option === "number" \|\| $.fx.speeds[ option ] ) {return true;}// Invalid strings - treat

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49747	74.208.236.15	443	1668	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-01 23:49:17 UTC	665	OUT	GET /machform/view.js?bdffc4 HTTP/1.1 Host: federalfinancialnewsnetwork.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://federalfinancialnewsnetwork.net/machform/view.php?id=14648 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=7e0dc557097e3e196f2ce35b948c5db5; mf_has_cookie=1
2024-07-01 23:49:17 UTC	241	IN	HTTP/1.1 200 OK Content-Type: text/javascript Content-Length: 23523 Connection: close Date: Mon, 01 Jul 2024 23:49:17 GMT Server: Apache Last-Modified: Mon, 20 Nov 2023 18:56:29 GMT ETag: "5be3-60a9a0b2cfd8f" Accept-Ranges: bytes
2024-07-01 23:49:17 UTC	16143	IN	Data Raw: 24 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 0a 09 24 28 22 66 6f 72 6d 2e 61 70 70 6e 69 74 72 6f 22 29 2e 64 61 74 61 28 27 61 63 74 69 76 65 5f 65 6c 65 6d 65 6e 74 27 2c 27 27 29 3b 0a 09 76 61 72 20 66 69 65 6c 64 5f 68 69 67 68 6c 69 67 68 74 5f 63 6f 6c 6f 72 20 3d 20 24 28 22 66 6f 72 6d 2e 61 70 70 6e 69 74 72 6f 22 29 2e 64 61 74 61 28 27 68 69 67 68 6c 69 67 68 74 63 6f 6c 6f 72 27 29 3b 0a 09 0a 09 2f 2f 61 74 74 61 63 68 20 65 76 65 6e 74 20 68 61 6e 64 6c 65 72 20 74 6f 20 61 6c 6c 20 66 6f 72 6d 20 66 69 65 6c 64 73 2c 20 74 6f 20 68 69 67 68 6c 69 67 68 74 20 74 68 65 20 73 65 6c 65 63 74 65 64 20 6c 69 73 74 20 28 65 78 63 65 70 74 20 66 6f 72 20 6d 61 74 72 69 78 20 66 69 65 6c 64 29 20 0a 09 24 28 22 66 6f 72 6d 2e 61 70 70 6e 69 74 72 6f Data Ascii: $(function(){$("form.appnitro").data('active_element','');var field_highlight_color = $("form.appnitro").data('highlightcolor');//attach event handler to all form fields, to highlight the selected list (except for matrix field) $("form.appnitro
2024-07-01 23:49:17 UTC	7380	IN	Data Raw: 65 6c 0a 09 24 28 27 66 6f 72 6d 2e 61 70 70 6e 69 74 72 6f 20 6c 61 62 65 6c 27 29 2e 63 6c 69 63 6b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 29 3b 0a 0a 09 2f 2f 72 65 6d 6f 76 65 20 74 72 61 63 6b 20 73 65 74 74 69 6e 67 73 20 66 72 6f 6d 20 76 69 64 65 6f 6a 73 2c 20 69 74 27 73 20 6e 6f 74 20 62 65 69 6e 67 20 75 73 65 64 20 61 6e 64 20 6e 6f 74 20 61 63 63 65 73 73 69 62 6c 65 0a 09 24 28 22 2e 76 6a 73 2d 74 65 78 74 2d 74 72 61 63 6b 2d 73 65 74 74 69 6e 67 73 22 29 2e 72 65 6d 6f 76 65 28 29 3b 0a 0a 7d 29 3b 0a 0a 2f 2a 2a 20 50 61 79 6d 65 6e 74 20 46 75 6e 63 74 69 6f 6e 73 20 2a 2a 2f 0a 66 75 6e 63 74 69 6f 6e 20 63 61 6c 63 75 6c 61 74 65 5f 74 6f 74 61 6c 5f 70 61 79 6d 65 6e 74 28 29 7b 0a 09 76 61 72 20 74 6f 74 61 6c 5f 70 61 79 6d 65 6e Data Ascii: el$('form.appnitro label').click(function(){});//remove track settings from videojs, it's not being used and not accessible$(".vjs-text-track-settings").remove();});/ Payment Functions /function calculate_total_payment(){var total_paymen

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49748	74.208.236.15	443	1668	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-01 23:49:18 UTC	764	OUT	GET /machform/images/form_resources/grey-mild.png HTTP/1.1 Host: federalfinancialnewsnetwork.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://federalfinancialnewsnetwork.net/machform/data/form_14648/css/view.css?bdffc4 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=7e0dc557097e3e196f2ce35b948c5db5; mf_has_cookie=1
2024-07-01 23:49:18 UTC	233	IN	HTTP/1.1 200 OK Content-Type: image/png Content-Length: 2994 Connection: close Date: Mon, 01 Jul 2024 23:49:18 GMT Server: Apache Last-Modified: Mon, 20 Nov 2023 18:33:03 GMT ETag: "bb2-60a99b76de4f9" Accept-Ranges: bytes
2024-07-01 23:49:18 UTC	2994	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 64 00 00 00 64 04 03 00 00 00 82 cc 88 67 00 00 00 0f 50 4c 54 45 f2 f2 f2 ec ec ec f4 f4 f4 f0 f0 f0 ee ee ee cf 74 bf 97 00 00 0b 5e 49 44 41 54 58 c3 3c 54 8b cd ee 2a 0c 73 12 06 08 8f 01 d2 b4 03 84 d2 01 a0 ed fe 33 dd 7e ff 95 0e ea 43 31 60 cb 26 02 6c 5b a6 45 64 e3 25 50 97 01 b0 7a 4f 1a a5 05 76 5b 7a 9a 33 93 9b 87 ab ac ea c0 5e 7c 80 f9 66 46 b9 ad f8 75 ce c1 7e dc 2e a7 9e dc e3 c3 c2 c7 f1 94 f7 75 f5 d3 08 ac c1 b4 19 4f 1e e6 4f f7 55 e0 65 6e 40 6c 5c e0 27 60 b5 6c 62 b6 23 f6 70 2e 0d ee 5e 7d 17 48 a9 db 59 90 dc 37 0b 3b 76 e0 e6 3c f1 d1 9d 9d 5f 20 a9 03 4c 3d 39 80 36 55 91 40 09 b9 27 81 e0 6f e8 9a af 74 60 e9 04 d5 26 0d ef 24 85 7e 34 e7 60 c9 b0 9f d3 74 55 cf db be Data Ascii: PNGIHDRddgPLTEt^IDATX<T*s3~C1`&l[Ed%PzOv[z3^\|fFu~.uOOUen@l\'`lb#p.^}HY7;v<_ L=96U@'ot`&$~4`tU

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49749	74.208.236.15	443	1668	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-01 23:49:18 UTC	748	OUT	GET /machform/images/machform.png HTTP/1.1 Host: federalfinancialnewsnetwork.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://federalfinancialnewsnetwork.net/machform/data/form_14648/css/view.css?bdffc4 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=7e0dc557097e3e196f2ce35b948c5db5; mf_has_cookie=1
2024-07-01 23:49:18 UTC	233	IN	HTTP/1.1 200 OK Content-Type: image/png Content-Length: 1999 Connection: close Date: Mon, 01 Jul 2024 23:49:18 GMT Server: Apache Last-Modified: Mon, 20 Nov 2023 18:33:16 GMT ETag: "7cf-60a99b826e550" Accept-Ranges: bytes
2024-07-01 23:49:18 UTC	1999	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 6f 00 00 00 28 08 06 00 00 01 87 9f 94 22 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 22 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 30 2d 63 30 36 30 20 36 31 2e 31 33 34 37 37 37 2c 20 32 30 31 30 2f 30 32 2f 31 32 2d 31 37 3a 33 32 3a 30 30 20 20 Data Ascii: PNGIHDRo("tEXtSoftwareAdobe ImageReadyqe<"iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49751	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-07-01 23:49:18 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-07-01 23:49:18 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=231596 Date: Mon, 01 Jul 2024 23:49:18 GMT Content-Length: 55 Connection: close X-CID: 2
2024-07-01 23:49:18 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49752	74.208.236.15	443	1668	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-01 23:49:19 UTC	713	OUT	GET /favicon.ico HTTP/1.1 Host: federalfinancialnewsnetwork.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://federalfinancialnewsnetwork.net/machform/view.php?id=14648 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=7e0dc557097e3e196f2ce35b948c5db5; mf_has_cookie=1
2024-07-01 23:49:19 UTC	168	IN	HTTP/1.1 404 Not Found Content-Type: text/html Content-Length: 1271 Connection: close Date: Mon, 01 Jul 2024 23:49:19 GMT Server: Apache X-Frame-Options: deny
2024-07-01 23:49:19 UTC	1271	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 68 74 6d 6c 2c 20 62 6f 64 79 2c 20 23 70 61 72 74 6e 65 72 2c 20 69 66 72 61 6d 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 30 3b 0a 20 20 20 Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <style type="text/css"> html, body, #partner, iframe { height:100%; width:100%; margin:0; padding:0; border:0;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49753	74.208.236.15	443	1668	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-01 23:49:19 UTC	468	OUT	GET /machform/images/form_resources/grey-mild.png HTTP/1.1 Host: federalfinancialnewsnetwork.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=7e0dc557097e3e196f2ce35b948c5db5; mf_has_cookie=1
2024-07-01 23:49:20 UTC	233	IN	HTTP/1.1 200 OK Content-Type: image/png Content-Length: 2994 Connection: close Date: Mon, 01 Jul 2024 23:49:20 GMT Server: Apache Last-Modified: Mon, 20 Nov 2023 18:33:03 GMT ETag: "bb2-60a99b76de4f9" Accept-Ranges: bytes
2024-07-01 23:49:20 UTC	2994	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 64 00 00 00 64 04 03 00 00 00 82 cc 88 67 00 00 00 0f 50 4c 54 45 f2 f2 f2 ec ec ec f4 f4 f4 f0 f0 f0 ee ee ee cf 74 bf 97 00 00 0b 5e 49 44 41 54 58 c3 3c 54 8b cd ee 2a 0c 73 12 06 08 8f 01 d2 b4 03 84 d2 01 a0 ed fe 33 dd 7e ff 95 0e ea 43 31 60 cb 26 02 6c 5b a6 45 64 e3 25 50 97 01 b0 7a 4f 1a a5 05 76 5b 7a 9a 33 93 9b 87 ab ac ea c0 5e 7c 80 f9 66 46 b9 ad f8 75 ce c1 7e dc 2e a7 9e dc e3 c3 c2 c7 f1 94 f7 75 f5 d3 08 ac c1 b4 19 4f 1e e6 4f f7 55 e0 65 6e 40 6c 5c e0 27 60 b5 6c 62 b6 23 f6 70 2e 0d ee 5e 7d 17 48 a9 db 59 90 dc 37 0b 3b 76 e0 e6 3c f1 d1 9d 9d 5f 20 a9 03 4c 3d 39 80 36 55 91 40 09 b9 27 81 e0 6f e8 9a af 74 60 e9 04 d5 26 0d ef 24 85 7e 34 e7 60 c9 b0 9f d3 74 55 cf db be Data Ascii: PNGIHDRddgPLTEt^IDATX<T*s3~C1`&l[Ed%PzOv[z3^\|fFu~.uOOUen@l\'`lb#p.^}HY7;v<_ L=96U@'ot`&$~4`tU

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49754	74.208.236.15	443	1668	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-01 23:49:20 UTC	452	OUT	GET /machform/images/machform.png HTTP/1.1 Host: federalfinancialnewsnetwork.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=7e0dc557097e3e196f2ce35b948c5db5; mf_has_cookie=1
2024-07-01 23:49:20 UTC	233	IN	HTTP/1.1 200 OK Content-Type: image/png Content-Length: 1999 Connection: close Date: Mon, 01 Jul 2024 23:49:20 GMT Server: Apache Last-Modified: Mon, 20 Nov 2023 18:33:16 GMT ETag: "7cf-60a99b826e550" Accept-Ranges: bytes
2024-07-01 23:49:20 UTC	1999	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 6f 00 00 00 28 08 06 00 00 01 87 9f 94 22 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 22 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 30 2d 63 30 36 30 20 36 31 2e 31 33 34 37 37 37 2c 20 32 30 31 30 2f 30 32 2f 31 32 2d 31 37 3a 33 32 3a 30 30 20 20 Data Ascii: PNGIHDRo("tEXtSoftwareAdobe ImageReadyqe<"iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 4080, Parent PID: 6048

General

Target ID:	0
Start time:	19:49:06
Start date:	01/07/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 1668, Parent PID: 4080

General

Target ID:	2
Start time:	19:49:10
Start date:	01/07/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 --field-trial-handle=2288,i,18175630192459344383,1899549445800956136,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6428, Parent PID: 6048

General

Target ID:	3
Start time:	19:49:12
Start date:	01/07/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.preferredfederalretirement.com/lists/lt.php?tid=cU9XVlEFBVFdBx4CVFNVFAEFB1UeAwsPUhgLBABTU1YJAlICUAdJVlFTVVUGBFcUUAdUVB5VX1pVGABXUQ4cUwpQUwZdUQcHUgZXSgIEAlhWAVIDHlVYC1UYDFUFBRxaD1dUGlMGDAdSVAoCBgIFXw"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://www.preferredfederalretirement.com/lists/lt.php?tid=cU9XVlEFBVFdBx4CVFNVFAEFB1UeAwsPUhgLBABTU1YJAlICUAdJVlFTVVUGBFcUUAdUVB5VX1pVGABXUQ4cUwpQUwZdUQcHUgZXSgIEAlhWAVIDHlVYC1UYDFUFBRxaD1dUGlMGDAdSVAoCBgIFXw

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 106

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 110

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 114

Chrome Cache Entry: 115

Chrome Cache Entry: 116

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 4080, Parent PID: 6048

Windows Analysis Report
http://www.preferredfederalretirement.com/lists/lt.php?tid=cU9XVlEFBVFdBx4CVFNVFAEFB1UeAwsPUhgLBABTU1YJAlICUAdJVlFTVVUGBFcUUAdUVB5VX1pVGABXUQ4cUwpQUwZdUQcHUgZXSgIEAlhWAVIDHlVYC1UYDFUFBRxaD1dUGlMGDAdSVAoCBgIFXw