Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://us-east-2.protection.sophos.com/?d=beehiiv.com&u=aHR0cHM6Ly9saW5rLm1haWwuYmVlaGlpdi5jb20vbHMvY2xpY2s_dXBuPXUwMDEublhka2JOSUpSeEZBS3VJWUJaMjU1N3l4Ujd6TmpDcFhIYW5SQnlyQXY3ZHMzMDZEQ091c3dBUU0yYzhiZFN4b1BudElFVWpoUzJhdzI1aDJUcWNiZVVCdXQ3WEhqcHZMejN4aS0yRnBZN2NYb3RNbXNIRlVyUkd5RDAzTGhIZms2a2E1ZGZ

Overview

General Information

Sample URL:https://us-east-2.protection.sophos.com/?d=beehiiv.com&u=aHR0cHM6Ly9saW5rLm1haWwuYmVlaGlpdi5jb20vbHMvY2xpY2s_dXBuPXUwMDEublhka2JOSUpSeEZBS3VJWUJaMjU1N3l4Ujd6TmpDcFhIYW5SQnlyQXY3ZHMzMDZEQ091c3dBUU0yYzh
Analysis ID:1466847
Infos:

Detection

Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected phishing page
Antivirus / Scanner detection for submitted sample
Phishing site detected (based on image similarity)
Phishing site detected (based on logo match)
Detected non-DNS traffic on DNS port
Detected suspicious crossdomain redirect
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 6188 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 3628 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2504 --field-trial-handle=2440,i,2675776248829222074,16697926183258974734,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 3664 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://us-east-2.protection.sophos.com/?d=beehiiv.com&u=aHR0cHM6Ly9saW5rLm1haWwuYmVlaGlpdi5jb20vbHMvY2xpY2s_dXBuPXUwMDEublhka2JOSUpSeEZBS3VJWUJaMjU1N3l4Ujd6TmpDcFhIYW5SQnlyQXY3ZHMzMDZEQ091c3dBUU0yYzhiZFN4b1BudElFVWpoUzJhdzI1aDJUcWNiZVVCdXQ3WEhqcHZMejN4aS0yRnBZN2NYb3RNbXNIRlVyUkd5RDAzTGhIZms2a2E1ZGZEVFpCSlVkWnpOandHYUJsR0x3U1B4MlN1TVNIWEl5ZlI3YVdDNW1aeFNQLTJCUWFOUmpzMlpwblRwbmxpLTJGX245c19sZUtscWNRUnJvOGtNTXJocHFZOENpeTQ4MnhLUmJTM1NZcE16TVUtMkY5c0VvdjNqMExCNE1kOVZ3WUJvOEY2bEhJTllZbE90LTJGcjRQd1FwOXdCVmFuUXpmRy0yQnZlaFF5WVBjamlVbFpSN3VSaHJFbWFrLTJCYXY5T2RyYldyREphTmo3ck1iNmlhckR2Rjh1d2xPeDZ5VFY5ODFHLTJGejZiRDczakVOVHk4M0pXa2kzVzNTSzRBRURwQjd3dEg4blRyZ203ZjYxaEg2enlzYjFLYVl0S0pyWUJjU2QxNTN2SDQ5eDlTeW5acVZ0TGdqN2RrWU1FRkE1NzV6WWF6b2UwQmw2UnVUM1RHTkJiU2JpOHhUNUFnRGJMUjY4TlU1ay0yRmtDVFJtOHJrWWRMSDBNRGgtMkY3c1J6dVE4TEJxeDBvQzZ6WXVFQk0xRVFBdGI3eGxMZVEtMkJ5SEtiOE4yVHV0TFdpVEk4amc4b3U5MTkxRlM5SDEyLTJCbnJpT0hESVo2Nk1yd3pIeTRScFBQWlAtMkJ0Y1NscGt2Z01HT2F5Nmx6UGlCdE1MeGRrODI5eGU3TThFT1VLRDR2UHIxZFdYZ3c3MjFQQjFNa3k=&i=NWNiNGNiOGY1NWZlOGIxMTAwZmUxN2Uy&t=YUVvbWN0aDQzMW4yV29uam9nK2tUNmU1dStvM2VicUNJeENiWDR5Zk1nTT0=&h=ddfea45e1610491898abc824d1dabad5&s=AVNPUEhUT0NFTkNSWVBUSVaKXvCVdmaYUeJ4sMCGgh9xhnT0RF3qCfPvI6ciaUbnMg" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: https://us-east-2.protection.sophos.com/?d=beehiiv.com&u=aHR0cHM6Ly9saW5rLm1haWwuYmVlaGlpdi5jb20vbHMvY2xpY2s_dXBuPXUwMDEublhka2JOSUpSeEZBS3VJWUJaMjU1N3l4Ujd6TmpDcFhIYW5SQnlyQXY3ZHMzMDZEQ091c3dBUU0yYzhiZFN4b1BudElFVWpoUzJhdzI1aDJUcWNiZVVCdXQ3WEhqcHZMejN4aS0yRnBZN2NYb3RNbXNIRlVyUkd5RDAzTGhIZms2a2E1ZGZEVFpCSlVkWnpOandHYUJsR0x3U1B4MlN1TVNIWEl5ZlI3YVdDNW1aeFNQLTJCUWFOUmpzMlpwblRwbmxpLTJGX245c19sZUtscWNRUnJvOGtNTXJocHFZOENpeTQ4MnhLUmJTM1NZcE16TVUtMkY5c0VvdjNqMExCNE1kOVZ3WUJvOEY2bEhJTllZbE90LTJGcjRQd1FwOXdCVmFuUXpmRy0yQnZlaFF5WVBjamlVbFpSN3VSaHJFbWFrLTJCYXY5T2RyYldyREphTmo3ck1iNmlhckR2Rjh1d2xPeDZ5VFY5ODFHLTJGejZiRDczakVOVHk4M0pXa2kzVzNTSzRBRURwQjd3dEg4blRyZ203ZjYxaEg2enlzYjFLYVl0S0pyWUJjU2QxNTN2SDQ5eDlTeW5acVZ0TGdqN2RrWU1FRkE1NzV6WWF6b2UwQmw2UnVUM1RHTkJiU2JpOHhUNUFnRGJMUjY4TlU1ay0yRmtDVFJtOHJrWWRMSDBNRGgtMkY3c1J6dVE4TEJxeDBvQzZ6WXVFQk0xRVFBdGI3eGxMZVEtMkJ5SEtiOE4yVHV0TFdpVEk4amc4b3U5MTkxRlM5SDEyLTJCbnJpT0hESVo2Nk1yd3pIeTRScFBQWlAtMkJ0Y1NscGt2Z01HT2F5Nmx6UGlCdE1MeGRrODI5eGU3TThFT1VLRDR2UHIxZFdYZ3c3MjFQQjFNa3k=&i=NWNiNGNiOGY1NWZlOGIxMTAwZmUxN2Uy&t=YUVvbWN0aDQzMW4yV29uam9nK2tUNmU1dStvM2VicUNJeENiWDR5Zk1nTT0=&h=ddfea45e1610491898abc824d1dabad5&s=AVNPUEhUT0NFTkNSWVBUSVaKXvCVdmaYUeJ4sMCGgh9xhnT0RF3qCfPvI6ciaUbnMgSlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing

barindex
AI detected phishing page
Source: https://aatfinancialservices.comLLM: Score: 9 brands: Microsoft Reasons: The URL 'https://aatfinancialservices.com' does not match the legitimate domain for Microsoft, which is 'microsoft.com'. The page displays a CAPTCHA with the Microsoft logo, which is a common social engineering technique used in phishing attacks to gain user trust. The domain name 'aatfinancialservices.com' is unrelated to Microsoft, raising suspicion. The presence of a CAPTCHA alone is not inherently suspicious, but in this context, it appears to be used to mislead users. The combination of these factors strongly indicates that this is a phishing site. DOM: 0.0.pages.csv
Phishing site detected (based on image similarity)
Source: https://aatfinancialservices.com/ghan01122/?utm_source=hins-newsletter-3552d1.beehiiv.com&utm_medium=newsletter&utm_campaign=iuyiMatcher: Found strong image similarity, brand: MICROSOFT
Phishing site detected (based on logo match)
Source: https://aatfinancialservices.com/ghan01122/?utm_source=hins-newsletter-3552d1.beehiiv.com&utm_medium=newsletter&utm_campaign=iuyiMatcher: Template: microsoft matched
Source: https://aatfinancialservices.com/ghan01122/?utm_source=hins-newsletter-3552d1.beehiiv.com&utm_medium=newsletter&utm_campaign=iuyiHTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 23.43.61.160:443 -> 192.168.2.5:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.43.61.160:443 -> 192.168.2.5:49717 version: TLS 1.2
Source: global trafficTCP traffic: 192.168.2.5:60771 -> 1.1.1.1:53
Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: us-east-2.protection.sophos.com to https://link.mail.beehiiv.com/ls/click?upn=u001.nxdkbnijrxfakuiybz2557yxr7znjcpxhanrbyrav7ds306dcouswaqm2c8bdsxopntieujhs2aw25h2tqcbeubut7xhjpvlz3xi-2fpy7cxotmmshfurrgyd03lhhfk6ka5dfdtzbjudzznjwgablglwspx2sumshxiyfr7awc5mzxsp-2bqanrjs2zpntpnli-2f_n9s_leklqcqrro8kmmrhpqy8ciy482xkrbs3sypmzmu-2f9seov3j0lb4md9vwybo8f6lhinyylot-2fr4pwqp9wbvanqzfg-2bvehqyypcjiulzr7urhremak-2bav9odrbwrdjanj7rmb6iardvf8uwlox6ytv981g-2fz6bd73jenty83jwki3w3sk4aedpb7wth8ntrgm7f61hh6zysb1kaytkjrybcsd153vh49x9synzqvtlgj7dkymefa575zyazoe0bl6rut3tgnbbsbi8xt5agdblr68nu5k-2fkctrm8rkydlh0mdh-2f7srzuq8lbqx0oc6zyuebm1eqatb7xlleq-2byhkb8n2tutlwiti8jg8ou9191fs9h12-2bnriohdiz66mrwzhy4rpppzp-2btcslpkvgmgoay6lzpibtmlxdk829xe7m8eoukd4vpr1dwxgw721pb1mky
Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: link.mail.beehiiv.com to https://aatfinancialservices.com/ghan01122?utm_source=hins-newsletter-3552d1.beehiiv.com&utm_medium=newsletter&utm_campaign=iuyi
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /?d=beehiiv.com&u=aHR0cHM6Ly9saW5rLm1haWwuYmVlaGlpdi5jb20vbHMvY2xpY2s_dXBuPXUwMDEublhka2JOSUpSeEZBS3VJWUJaMjU1N3l4Ujd6TmpDcFhIYW5SQnlyQXY3ZHMzMDZEQ091c3dBUU0yYzhiZFN4b1BudElFVWpoUzJhdzI1aDJUcWNiZVVCdXQ3WEhqcHZMejN4aS0yRnBZN2NYb3RNbXNIRlVyUkd5RDAzTGhIZms2a2E1ZGZEVFpCSlVkWnpOandHYUJsR0x3U1B4MlN1TVNIWEl5ZlI3YVdDNW1aeFNQLTJCUWFOUmpzMlpwblRwbmxpLTJGX245c19sZUtscWNRUnJvOGtNTXJocHFZOENpeTQ4MnhLUmJTM1NZcE16TVUtMkY5c0VvdjNqMExCNE1kOVZ3WUJvOEY2bEhJTllZbE90LTJGcjRQd1FwOXdCVmFuUXpmRy0yQnZlaFF5WVBjamlVbFpSN3VSaHJFbWFrLTJCYXY5T2RyYldyREphTmo3ck1iNmlhckR2Rjh1d2xPeDZ5VFY5ODFHLTJGejZiRDczakVOVHk4M0pXa2kzVzNTSzRBRURwQjd3dEg4blRyZ203ZjYxaEg2enlzYjFLYVl0S0pyWUJjU2QxNTN2SDQ5eDlTeW5acVZ0TGdqN2RrWU1FRkE1NzV6WWF6b2UwQmw2UnVUM1RHTkJiU2JpOHhUNUFnRGJMUjY4TlU1ay0yRmtDVFJtOHJrWWRMSDBNRGgtMkY3c1J6dVE4TEJxeDBvQzZ6WXVFQk0xRVFBdGI3eGxMZVEtMkJ5SEtiOE4yVHV0TFdpVEk4amc4b3U5MTkxRlM5SDEyLTJCbnJpT0hESVo2Nk1yd3pIeTRScFBQWlAtMkJ0Y1NscGt2Z01HT2F5Nmx6UGlCdE1MeGRrODI5eGU3TThFT1VLRDR2UHIxZFdYZ3c3MjFQQjFNa3k=&i=NWNiNGNiOGY1NWZlOGIxMTAwZmUxN2Uy&t=YUVvbWN0aDQzMW4yV29uam9nK2tUNmU1dStvM2VicUNJeENiWDR5Zk1nTT0=&h=ddfea45e1610491898abc824d1dabad5&s=AVNPUEhUT0NFTkNSWVBUSVaKXvCVdmaYUeJ4sMCGgh9xhnT0RF3qCfPvI6ciaUbnMg HTTP/1.1Host: us-east-2.protection.sophos.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ls/click?upn=u001.nXdkbNIJRxFAKuIYBZ2557yxR7zNjCpXHanRByrAv7ds306DCOuswAQM2c8bdSxoPntIEUjhS2aw25h2TqcbeUBut7XHjpvLz3xi-2FpY7cXotMmsHFUrRGyD03LhHfk6ka5dfDTZBJUdZzNjwGaBlGLwSPx2SuMSHXIyfR7aWC5mZxSP-2BQaNRjs2ZpnTpnli-2F_n9s_leKlqcQRro8kMMrhpqY8Ciy482xKRbS3SYpMzMU-2F9sEov3j0LB4Md9VwYBo8F6lHINYYlOt-2Fr4PwQp9wBVanQzfG-2BvehQyYPcjiUlZR7uRhrEmak-2Bav9OdrbWrDJaNj7rMb6iarDvF8uwlOx6yTV981G-2Fz6bD73jENTy83JWki3W3SK4AEDpB7wtH8nTrgm7f61hH6zysb1KaYtKJrYBcSd153vH49x9SynZqVtLgj7dkYMEFA575zYazoe0Bl6RuT3TGNBbSbi8xT5AgDbLR68NU5k-2FkCTRm8rkYdLH0MDh-2F7sRzuQ8LBqx0oC6zYuEBM1EQAtb7xlLeQ-2ByHKb8N2TutLWiTI8jg8ou9191FS9H12-2BnriOHDIZ66MrwzHy4RpPPZP-2BtcSlpkvgMGOay6lzPiBtMLxdk829xe7M8EOUKD4vPr1dWXgw721PB1Mky HTTP/1.1Host: link.mail.beehiiv.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ghan01122?utm_source=hins-newsletter-3552d1.beehiiv.com&utm_medium=newsletter&utm_campaign=iuyi HTTP/1.1Host: aatfinancialservices.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /ghan01122/?utm_source=hins-newsletter-3552d1.beehiiv.com&utm_medium=newsletter&utm_campaign=iuyi HTTP/1.1Host: aatfinancialservices.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: aatfinancialservices.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://aatfinancialservices.com/ghan01122/?utm_source=hins-newsletter-3552d1.beehiiv.com&utm_medium=newsletter&utm_campaign=iuyiAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2019/09/cropped-favicon-32x32.png HTTP/1.1Host: www.aatfinancialservices.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://aatfinancialservices.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2019/09/cropped-favicon-32x32.png HTTP/1.1Host: www.aatfinancialservices.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: chromecache_60.2.drString found in binary or memory: <base href="https://www.facebook.com/"> <!-- This sets the base URL for all relative URLs --> equals www.facebook.com (Facebook)
Source: global trafficDNS traffic detected: DNS query: us-east-2.protection.sophos.com
Source: global trafficDNS traffic detected: DNS query: link.mail.beehiiv.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: aatfinancialservices.com
Source: global trafficDNS traffic detected: DNS query: www.aatfinancialservices.com
Source: chromecache_60.2.drString found in binary or memory: https://twilight.ucinyaph.com/7hhI8/
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60774
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60774 -> 443
Source: unknownHTTPS traffic detected: 23.43.61.160:443 -> 192.168.2.5:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.43.61.160:443 -> 192.168.2.5:49717 version: TLS 1.2
Source: classification engineClassification label: mal64.phis.win@17/11@12/6
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2504 --field-trial-handle=2440,i,2675776248829222074,16697926183258974734,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://us-east-2.protection.sophos.com/?d=beehiiv.com&u=aHR0cHM6Ly9saW5rLm1haWwuYmVlaGlpdi5jb20vbHMvY2xpY2s_dXBuPXUwMDEublhka2JOSUpSeEZBS3VJWUJaMjU1N3l4Ujd6TmpDcFhIYW5SQnlyQXY3ZHMzMDZEQ091c3dBUU0yYzhiZFN4b1BudElFVWpoUzJhdzI1aDJUcWNiZVVCdXQ3WEhqcHZMejN4aS0yRnBZN2NYb3RNbXNIRlVyUkd5RDAzTGhIZms2a2E1ZGZEVFpCSlVkWnpOandHYUJsR0x3U1B4MlN1TVNIWEl5ZlI3YVdDNW1aeFNQLTJCUWFOUmpzMlpwblRwbmxpLTJGX245c19sZUtscWNRUnJvOGtNTXJocHFZOENpeTQ4MnhLUmJTM1NZcE16TVUtMkY5c0VvdjNqMExCNE1kOVZ3WUJvOEY2bEhJTllZbE90LTJGcjRQd1FwOXdCVmFuUXpmRy0yQnZlaFF5WVBjamlVbFpSN3VSaHJFbWFrLTJCYXY5T2RyYldyREphTmo3ck1iNmlhckR2Rjh1d2xPeDZ5VFY5ODFHLTJGejZiRDczakVOVHk4M0pXa2kzVzNTSzRBRURwQjd3dEg4blRyZ203ZjYxaEg2enlzYjFLYVl0S0pyWUJjU2QxNTN2SDQ5eDlTeW5acVZ0TGdqN2RrWU1FRkE1NzV6WWF6b2UwQmw2UnVUM1RHTkJiU2JpOHhUNUFnRGJMUjY4TlU1ay0yRmtDVFJtOHJrWWRMSDBNRGgtMkY3c1J6dVE4TEJxeDBvQzZ6WXVFQk0xRVFBdGI3eGxMZVEtMkJ5SEtiOE4yVHV0TFdpVEk4amc4b3U5MTkxRlM5SDEyLTJCbnJpT0hESVo2Nk1yd3pIeTRScFBQWlAtMkJ0Y1NscGt2Z01HT2F5Nmx6UGlCdE1MeGRrODI5eGU3TThFT1VLRDR2UHIxZFdYZ3c3MjFQQjFNa3k=&i=NWNiNGNiOGY1NWZlOGIxMTAwZmUxN2Uy&t=YUVvbWN0aDQzMW4yV29uam9nK2tUNmU1dStvM2VicUNJeENiWDR5Zk1nTT0=&h=ddfea45e1610491898abc824d1dabad5&s=AVNPUEhUT0NFTkNSWVBUSVaKXvCVdmaYUeJ4sMCGgh9xhnT0RF3qCfPvI6ciaUbnMg"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2504 --field-trial-handle=2440,i,2675776248829222074,16697926183258974734,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Google Drive.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: C:\Program Files\Google\Chrome\Application\chrome.exeAutomated click: Confirm
Source: C:\Program Files\Google\Chrome\Application\chrome.exeAutomated click: Confirm
Source: C:\Program Files\Google\Chrome\Application\chrome.exeAutomated click: Confirm
Source: C:\Program Files\Google\Chrome\Application\chrome.exeAutomated click: Confirm
Source: C:\Program Files\Google\Chrome\Application\chrome.exeAutomated click: Confirm
Source: C:\Program Files\Google\Chrome\Application\chrome.exeAutomated click: Confirm
Source: C:\Program Files\Google\Chrome\Application\chrome.exeAutomated click: Confirm
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder		1
Process Injection		1
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder		1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://us-east-2.protection.sophos.com/?d=beehiiv.com&u=aHR0cHM6Ly9saW5rLm1haWwuYmVlaGlpdi5jb20vbHMvY2xpY2s_dXBuPXUwMDEublhka2JOSUpSeEZBS3VJWUJaMjU1N3l4Ujd6TmpDcFhIYW5SQnlyQXY3ZHMzMDZEQ091c3dBUU0yYzhiZFN4b1BudElFVWpoUzJhdzI1aDJUcWNiZVVCdXQ3WEhqcHZMejN4aS0yRnBZN2NYb3RNbXNIRlVyUkd5RDAzTGhIZms2a2E1ZGZEVFpCSlVkWnpOandHYUJsR0x3U1B4MlN1TVNIWEl5ZlI3YVdDNW1aeFNQLTJCUWFOUmpzMlpwblRwbmxpLTJGX245c19sZUtscWNRUnJvOGtNTXJocHFZOENpeTQ4MnhLUmJTM1NZcE16TVUtMkY5c0VvdjNqMExCNE1kOVZ3WUJvOEY2bEhJTllZbE90LTJGcjRQd1FwOXdCVmFuUXpmRy0yQnZlaFF5WVBjamlVbFpSN3VSaHJFbWFrLTJCYXY5T2RyYldyREphTmo3ck1iNmlhckR2Rjh1d2xPeDZ5VFY5ODFHLTJGejZiRDczakVOVHk4M0pXa2kzVzNTSzRBRURwQjd3dEg4blRyZ203ZjYxaEg2enlzYjFLYVl0S0pyWUJjU2QxNTN2SDQ5eDlTeW5acVZ0TGdqN2RrWU1FRkE1NzV6WWF6b2UwQmw2UnVUM1RHTkJiU2JpOHhUNUFnRGJMUjY4TlU1ay0yRmtDVFJtOHJrWWRMSDBNRGgtMkY3c1J6dVE4TEJxeDBvQzZ6WXVFQk0xRVFBdGI3eGxMZVEtMkJ5SEtiOE4yVHV0TFdpVEk4amc4b3U5MTkxRlM5SDEyLTJCbnJpT0hESVo2Nk1yd3pIeTRScFBQWlAtMkJ0Y1NscGt2Z01HT2F5Nmx6UGlCdE1MeGRrODI5eGU3TThFT1VLRDR2UHIxZFdYZ3c3MjFQQjFNa3k=&i=NWNiNGNiOGY1NWZlOGIxMTAwZmUxN2Uy&t=YUVvbWN0aDQzMW4yV29uam9nK2tUNmU1dStvM2VicUNJeENiWDR5Zk1nTT0=&h=ddfea45e1610491898abc824d1dabad5&s=AVNPUEhUT0NFTkNSWVBUSVaKXvCVdmaYUeJ4sMCGgh9xhnT0RF3qCfPvI6ciaUbnMg0%Avira URL Cloudsafe
https://us-east-2.protection.sophos.com/?d=beehiiv.com&u=aHR0cHM6Ly9saW5rLm1haWwuYmVlaGlpdi5jb20vbHMvY2xpY2s_dXBuPXUwMDEublhka2JOSUpSeEZBS3VJWUJaMjU1N3l4Ujd6TmpDcFhIYW5SQnlyQXY3ZHMzMDZEQ091c3dBUU0yYzhiZFN4b1BudElFVWpoUzJhdzI1aDJUcWNiZVVCdXQ3WEhqcHZMejN4aS0yRnBZN2NYb3RNbXNIRlVyUkd5RDAzTGhIZms2a2E1ZGZEVFpCSlVkWnpOandHYUJsR0x3U1B4MlN1TVNIWEl5ZlI3YVdDNW1aeFNQLTJCUWFOUmpzMlpwblRwbmxpLTJGX245c19sZUtscWNRUnJvOGtNTXJocHFZOENpeTQ4MnhLUmJTM1NZcE16TVUtMkY5c0VvdjNqMExCNE1kOVZ3WUJvOEY2bEhJTllZbE90LTJGcjRQd1FwOXdCVmFuUXpmRy0yQnZlaFF5WVBjamlVbFpSN3VSaHJFbWFrLTJCYXY5T2RyYldyREphTmo3ck1iNmlhckR2Rjh1d2xPeDZ5VFY5ODFHLTJGejZiRDczakVOVHk4M0pXa2kzVzNTSzRBRURwQjd3dEg4blRyZ203ZjYxaEg2enlzYjFLYVl0S0pyWUJjU2QxNTN2SDQ5eDlTeW5acVZ0TGdqN2RrWU1FRkE1NzV6WWF6b2UwQmw2UnVUM1RHTkJiU2JpOHhUNUFnRGJMUjY4TlU1ay0yRmtDVFJtOHJrWWRMSDBNRGgtMkY3c1J6dVE4TEJxeDBvQzZ6WXVFQk0xRVFBdGI3eGxMZVEtMkJ5SEtiOE4yVHV0TFdpVEk4amc4b3U5MTkxRlM5SDEyLTJCbnJpT0hESVo2Nk1yd3pIeTRScFBQWlAtMkJ0Y1NscGt2Z01HT2F5Nmx6UGlCdE1MeGRrODI5eGU3TThFT1VLRDR2UHIxZFdYZ3c3MjFQQjFNa3k=&i=NWNiNGNiOGY1NWZlOGIxMTAwZmUxN2Uy&t=YUVvbWN0aDQzMW4yV29uam9nK2tUNmU1dStvM2VicUNJeENiWDR5Zk1nTT0=&h=ddfea45e1610491898abc824d1dabad5&s=AVNPUEhUT0NFTkNSWVBUSVaKXvCVdmaYUeJ4sMCGgh9xhnT0RF3qCfPvI6ciaUbnMg100%SlashNextCredential Stealing type: Phishing & Social Engineering

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://aatfinancialservices.com/favicon.ico0%Avira URL Cloudsafe
https://www.aatfinancialservices.com/wp-content/uploads/2019/09/cropped-favicon-32x32.png0%Avira URL Cloudsafe
https://link.mail.beehiiv.com/ls/click?upn=u001.nXdkbNIJRxFAKuIYBZ2557yxR7zNjCpXHanRByrAv7ds306DCOuswAQM2c8bdSxoPntIEUjhS2aw25h2TqcbeUBut7XHjpvLz3xi-2FpY7cXotMmsHFUrRGyD03LhHfk6ka5dfDTZBJUdZzNjwGaBlGLwSPx2SuMSHXIyfR7aWC5mZxSP-2BQaNRjs2ZpnTpnli-2F_n9s_leKlqcQRro8kMMrhpqY8Ciy482xKRbS3SYpMzMU-2F9sEov3j0LB4Md9VwYBo8F6lHINYYlOt-2Fr4PwQp9wBVanQzfG-2BvehQyYPcjiUlZR7uRhrEmak-2Bav9OdrbWrDJaNj7rMb6iarDvF8uwlOx6yTV981G-2Fz6bD73jENTy83JWki3W3SK4AEDpB7wtH8nTrgm7f61hH6zysb1KaYtKJrYBcSd153vH49x9SynZqVtLgj7dkYMEFA575zYazoe0Bl6RuT3TGNBbSbi8xT5AgDbLR68NU5k-2FkCTRm8rkYdLH0MDh-2F7sRzuQ8LBqx0oC6zYuEBM1EQAtb7xlLeQ-2ByHKb8N2TutLWiTI8jg8ou9191FS9H12-2BnriOHDIZ66MrwzHy4RpPPZP-2BtcSlpkvgMGOay6lzPiBtMLxdk829xe7M8EOUKD4vPr1dWXgw721PB1Mky0%Avira URL Cloudsafe
https://twilight.ucinyaph.com/7hhI8/0%Avira URL Cloudsafe
https://aatfinancialservices.com/ghan01122?utm_source=hins-newsletter-3552d1.beehiiv.com&utm_medium=newsletter&utm_campaign=iuyi0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
d1nhsro6ypf0az.cloudfront.net
18.172.153.4
truefalse
    		unknown
    link.mail.beehiiv.com
    		104.18.68.40
    		truefalse
      		unknown
      www.google.com
      		216.58.206.36
      		truefalse
        		unknown
        aatfinancialservices.com
        		66.70.176.204
        		truetrue
          		unknown
          fp2e7a.wpc.phicdn.net
          		192.229.221.95
          		truefalse
            		unknown
            us-east-2.protection.sophos.com
            		unknown
            		unknownfalse
              		unknown
              www.aatfinancialservices.com
              		unknown
              		unknownfalse
                		unknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                https://link.mail.beehiiv.com/ls/click?upn=u001.nXdkbNIJRxFAKuIYBZ2557yxR7zNjCpXHanRByrAv7ds306DCOuswAQM2c8bdSxoPntIEUjhS2aw25h2TqcbeUBut7XHjpvLz3xi-2FpY7cXotMmsHFUrRGyD03LhHfk6ka5dfDTZBJUdZzNjwGaBlGLwSPx2SuMSHXIyfR7aWC5mZxSP-2BQaNRjs2ZpnTpnli-2F_n9s_leKlqcQRro8kMMrhpqY8Ciy482xKRbS3SYpMzMU-2F9sEov3j0LB4Md9VwYBo8F6lHINYYlOt-2Fr4PwQp9wBVanQzfG-2BvehQyYPcjiUlZR7uRhrEmak-2Bav9OdrbWrDJaNj7rMb6iarDvF8uwlOx6yTV981G-2Fz6bD73jENTy83JWki3W3SK4AEDpB7wtH8nTrgm7f61hH6zysb1KaYtKJrYBcSd153vH49x9SynZqVtLgj7dkYMEFA575zYazoe0Bl6RuT3TGNBbSbi8xT5AgDbLR68NU5k-2FkCTRm8rkYdLH0MDh-2F7sRzuQ8LBqx0oC6zYuEBM1EQAtb7xlLeQ-2ByHKb8N2TutLWiTI8jg8ou9191FS9H12-2BnriOHDIZ66MrwzHy4RpPPZP-2BtcSlpkvgMGOay6lzPiBtMLxdk829xe7M8EOUKD4vPr1dWXgw721PB1Mkyfalse
                • Avira URL Cloud: safe
                		unknown
                https://aatfinancialservices.com/ghan01122/?utm_source=hins-newsletter-3552d1.beehiiv.com&utm_medium=newsletter&utm_campaign=iuyitrue
                  		unknown
                  https://www.aatfinancialservices.com/wp-content/uploads/2019/09/cropped-favicon-32x32.pngfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://aatfinancialservices.com/favicon.icotrue
                  • Avira URL Cloud: safe
                  		unknown
                  https://aatfinancialservices.com/ghan01122?utm_source=hins-newsletter-3552d1.beehiiv.com&utm_medium=newsletter&utm_campaign=iuyitrue
                  • Avira URL Cloud: safe
                  		unknown

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  https://twilight.ucinyaph.com/7hhI8/chromecache_60.2.drfalse
                  • Avira URL Cloud: safe
                  		unknown

                  World Map of Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public IPs

                  IPDomainCountryFlagASNASN NameMalicious
                  66.70.176.204
                  		aatfinancialservices.comCanada
                  		16276OVHFRtrue
                  239.255.255.250
                  		unknownReserved
                  		unknownunknownfalse
                  18.172.153.4
                  		d1nhsro6ypf0az.cloudfront.netUnited States
                  		3MIT-GATEWAYSUSfalse
                  104.18.68.40
                  		link.mail.beehiiv.comUnited States
                  		13335CLOUDFLARENETUSfalse
                  216.58.206.36
                  		www.google.comUnited States
                  		15169GOOGLEUSfalse

                  Private

                  IP
                  192.168.2.5

                  General Information

                  Joe Sandbox version:40.0.0 Tourmaline
                  Analysis ID:1466847
                  Start date and time:2024-07-03 14:04:00 +02:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:0h 3m 7s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:browseurl.jbs
                  Sample URL:https://us-east-2.protection.sophos.com/?d=beehiiv.com&u=aHR0cHM6Ly9saW5rLm1haWwuYmVlaGlpdi5jb20vbHMvY2xpY2s_dXBuPXUwMDEublhka2JOSUpSeEZBS3VJWUJaMjU1N3l4Ujd6TmpDcFhIYW5SQnlyQXY3ZHMzMDZEQ091c3dBUU0yYzhiZFN4b1BudElFVWpoUzJhdzI1aDJUcWNiZVVCdXQ3WEhqcHZMejN4aS0yRnBZN2NYb3RNbXNIRlVyUkd5RDAzTGhIZms2a2E1ZGZEVFpCSlVkWnpOandHYUJsR0x3U1B4MlN1TVNIWEl5ZlI3YVdDNW1aeFNQLTJCUWFOUmpzMlpwblRwbmxpLTJGX245c19sZUtscWNRUnJvOGtNTXJocHFZOENpeTQ4MnhLUmJTM1NZcE16TVUtMkY5c0VvdjNqMExCNE1kOVZ3WUJvOEY2bEhJTllZbE90LTJGcjRQd1FwOXdCVmFuUXpmRy0yQnZlaFF5WVBjamlVbFpSN3VSaHJFbWFrLTJCYXY5T2RyYldyREphTmo3ck1iNmlhckR2Rjh1d2xPeDZ5VFY5ODFHLTJGejZiRDczakVOVHk4M0pXa2kzVzNTSzRBRURwQjd3dEg4blRyZ203ZjYxaEg2enlzYjFLYVl0S0pyWUJjU2QxNTN2SDQ5eDlTeW5acVZ0TGdqN2RrWU1FRkE1NzV6WWF6b2UwQmw2UnVUM1RHTkJiU2JpOHhUNUFnRGJMUjY4TlU1ay0yRmtDVFJtOHJrWWRMSDBNRGgtMkY3c1J6dVE4TEJxeDBvQzZ6WXVFQk0xRVFBdGI3eGxMZVEtMkJ5SEtiOE4yVHV0TFdpVEk4amc4b3U5MTkxRlM5SDEyLTJCbnJpT0hESVo2Nk1yd3pIeTRScFBQWlAtMkJ0Y1NscGt2Z01HT2F5Nmx6UGlCdE1MeGRrODI5eGU3TThFT1VLRDR2UHIxZFdYZ3c3MjFQQjFNa3k=&i=NWNiNGNiOGY1NWZlOGIxMTAwZmUxN2Uy&t=YUVvbWN0aDQzMW4yV29uam9nK2tUNmU1dStvM2VicUNJeENiWDR5Zk1nTT0=&h=ddfea45e1610491898abc824d1dabad5&s=AVNPUEhUT0NFTkNSWVBUSVaKXvCVdmaYUeJ4sMCGgh9xhnT0RF3qCfPvI6ciaUbnMg
                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                  Number of analysed new started processes analysed:8
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • EGA enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Detection:MAL
                  Classification:mal64.phis.win@17/11@12/6

                  Warnings

                  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                  • Excluded IPs from analysis (whitelisted): 216.58.212.142, 64.233.167.84, 172.217.18.99, 34.104.35.123, 40.68.123.157, 93.184.221.240, 192.229.221.95, 52.165.164.15, 20.166.126.56, 13.85.23.206, 13.95.31.18, 131.107.255.255, 142.250.185.195
                  • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, wu.azureedge.net, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
                  • Not all processes where analyzed, report is missing behavior information
                  • Report size getting too big, too many NtSetInformationFile calls found.
                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                  • VT rate limit hit for: https://us-east-2.protection.sophos.com/?d=beehiiv.com&u=aHR0cHM6Ly9saW5rLm1haWwuYmVlaGlpdi5jb20vbHMvY2xpY2s_dXBuPXUwMDEublhka2JOSUpSeEZBS3VJWUJaMjU1N3l4Ujd6TmpDcFhIYW5SQnlyQXY3ZHMzMDZEQ091c3dBUU0yYzhiZFN4b1BudElFVWpoUzJhdzI1aDJUcWNiZVVCdXQ3WEhqcHZMejN4aS0yRnBZN2NYb3RNbXNIRlVyUkd5RDAzTGhIZms2a2E1ZGZEVFpCSlVkWnpOandHYUJsR0x3U1B4MlN1TVNIWEl5ZlI3YVdDNW1aeFNQLTJCUWFOUmpzMlpwblRwbmxpLTJGX245c19sZUtscWNRUnJvOGtNTXJocHFZOENpeTQ4MnhLUmJTM1NZcE16TVUtMkY5c0VvdjNqMExCNE1kOVZ3WUJvOEY2bEhJTllZbE90LTJGcjRQd1FwOXdCVmFuUXpmRy0yQnZlaFF5WVBjamlVbFpSN3VSaHJFbWFrLTJCYXY5T2RyYldyREphTmo3ck1iNmlhckR2Rjh1d2xPeDZ5VFY5ODFHLTJGejZiRDczakVOVHk4M0pXa2kzVzNTSzRBRURwQjd3dEg4blRyZ203ZjYxaEg2enlzYjFLYVl0S0pyWUJjU2QxNTN2SDQ5eDlTeW5acVZ0TGdqN2RrWU1FRkE1NzV6WWF6b2UwQmw2UnVUM1RHTkJiU2JpOHhUNUFnRGJMUjY4TlU1ay0yRmtDVFJtOHJrWWRMSDBNRGgtMkY3c1J6dVE4TEJxeDBvQzZ6WXVFQk0xRVFBdGI3eGxMZVEtMkJ5SEtiOE4yVHV0TFdpVEk4amc4b3U5MTkxRlM5SDEyLTJCbnJpT0hESVo2Nk1yd3pIeTRScFBQWlAtMkJ0Y1NscGt2Z01HT2F5Nmx6UGlCdE1MeGRrODI5eGU3TThFT1VLRDR2UHIxZFd

                  Simulations

                  Behavior and APIs

                  No simulations

                  LLM Input / Output

                  InputOutput
                  URL: https://aatfinancialservices.com/ghan01122/?utm_source=hins-newsletter-3552d1.beehiiv.com&utm_medium=newsletter&utm_campaign=iuyi Model: Perplexity: mixtral-8x7b-instruct
                  {"loginform": false,"urgency": false,"captcha": true,"reasons": ["The webpage contains a CAPTCHA mechanism, which is a form of anti-robot detection.","The text does not create a sense of urgency, as it is related to a robot verification.","No login form was found on the webpage."]}
                  Title: Security Verification OCR: Microsoft I am not a robot C)
                  URL: https://aatfinancialservices.com Model: gpt-4o
                  ```json{  "phishing_score": 9,  "brands": "Microsoft",  "phishing": true,  "suspicious_domain": true,  "has_prominent_loginform": false,  "has_captcha": true,  "setechniques": true,  "has_suspicious_link": true,  "legitmate_domain": "microsoft.com",  "reasons": "The URL 'https://aatfinancialservices.com' does not match the legitimate domain for Microsoft, which is 'microsoft.com'. The page displays a CAPTCHA with the Microsoft logo, which is a common social engineering technique used in phishing attacks to gain user trust. The domain name 'aatfinancialservices.com' is unrelated to Microsoft, raising suspicion. The presence of a CAPTCHA alone is not inherently suspicious, but in this context, it appears to be used to mislead users. The combination of these factors strongly indicates that this is a phishing site."}

                  Joe Sandbox View / Context

                  IPs

                  No context

                  Domains

                  No context

                  ASNs

                  No context

                  JA3 Fingerprints

                  No context

                  Dropped Files

                  No context

                  Created / dropped Files

                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 11:04:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                  Category:dropped
                  Size (bytes):2677
                  Entropy (8bit):3.9808738118741944
                  Encrypted:false
                  SSDEEP:48:8jd9Tlt8HRidAKZdA19ehwiZUklqehHy+3:8/vmoy
                  MD5:E1FFBC4484D4E635F5A9C60018F54E90
                  SHA1:E7B9CFCB9AF8A959757ABDA397E59C796DEFE9B6
                  SHA-256:89741F5ABF8C8943E5C6ED1165521D99DDF76774F1F785DD68D3F77F6024A5DE
                  SHA-512:3D5990B26E78AAD1FAA9FE6B9DBA5C0A54564A118EB81D16D652824734B9A35E34FDB444B3B49AC22C9544DDC504CE6461A0E490BBB091DB238271D97A22638F
                  Malicious:false
                  Reputation:low
                  Preview:L..................F.@.. ...$+.,.....@77A...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.`....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.`....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.`....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.`..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.`...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............a._.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 11:04:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                  Category:dropped
                  Size (bytes):2679
                  Entropy (8bit):3.9988047567929934
                  Encrypted:false
                  SSDEEP:48:8ud9Tlt8HRidAKZdA1weh/iZUkAQkqehYy+2:8kvk9Qdy
                  MD5:DB8F61DCF9BC7F90C6DDBEC629724E44
                  SHA1:9C29929B6803FA9031EA0B671FD649369F7608A7
                  SHA-256:021CC84A38057C5D2A0056A13DA057F9E00329735281C46DB9C9F47356FA29D1
                  SHA-512:D4F958BB54D64FF93333AD82DB9208B493C070C453C411A76B2184507EF9FC6AE96019A2B6E0E9D34DB08397C73E7528EF0D6D8EE69861264754586ACD3CDA3B
                  Malicious:false
                  Reputation:low
                  Preview:L..................F.@.. ...$+.,....].(7A...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.`....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.`....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.`....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.`..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.`...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............a._.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                  Category:dropped
                  Size (bytes):2693
                  Entropy (8bit):4.0080902257066375
                  Encrypted:false
                  SSDEEP:48:8x2d9TltsHRidAKZdA14tseh7sFiZUkmgqeh7s2y+BX:8x8vsnky
                  MD5:E32733ACB7351CDA57349DE2489492BB
                  SHA1:B6953300DF3F491ED43D51A314E19BABCFC5C69B
                  SHA-256:C806B7553E909587840486526F3111C0198E37D4BAB97A9D4A7EAAE94FD45101
                  SHA-512:B233C00D5BACFC101F332DA9AD3BA66A17ABB474860E2D9F52208032E11F3C5DA9CC672402F466F384A05050110313EA4DEC327C2FA801BBFE210B777C8945B0
                  Malicious:false
                  Reputation:low
                  Preview:L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.`....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.`....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.`....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.`..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............a._.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 11:04:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                  Category:dropped
                  Size (bytes):2681
                  Entropy (8bit):3.99578656667626
                  Encrypted:false
                  SSDEEP:48:8Hd9Tlt8HRidAKZdA1vehDiZUkwqehcy+R:8Tvvuy
                  MD5:9D8C9AE41951ECEA4D357F25167CF2B4
                  SHA1:C63F42524FDFE5A69BA5180A48D0ABE78C944965
                  SHA-256:6EBB5FD7FCEA49B39360CAE8BB950CEC50A057E858DD9FE8391991657A7F8739
                  SHA-512:6F7E51FD94916265B405839CB0E6D04D0FE49649DB91B626C3257145562704847364BF214AE33CC00C387098662980D2FA8CE68D433460C3691222E70675FA81
                  Malicious:false
                  Reputation:low
                  Preview:L..................F.@.. ...$+.,.....-$7A...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.`....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.`....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.`....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.`..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.`...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............a._.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 11:04:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                  Category:dropped
                  Size (bytes):2681
                  Entropy (8bit):3.9844499069332215
                  Encrypted:false
                  SSDEEP:48:85d9Tlt8HRidAKZdA1hehBiZUk1W1qehyy+C:8JvP9Sy
                  MD5:5C68AC9838B0578B2BC767D273FDABE2
                  SHA1:F9DA05C0BAD7CBCED2F063D3F989DDD1794384B2
                  SHA-256:66311C1A9DAA708C841DD7CBC3F21FB06178981C92E15AFCBECE332CA16F8B08
                  SHA-512:3262D8D8D5DAC80E29E5A6024E74FA0ABD4DE882A3DFA1870B8243491EDEABAED60A64CB145BCF8C9AD3B180E2B4FDEF98421C9ACB71F1F9E2F4D87609843306
                  Malicious:false
                  Reputation:low
                  Preview:L..................F.@.. ...$+.,......07A...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.`....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.`....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.`....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.`..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.`...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............a._.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 11:04:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                  Category:dropped
                  Size (bytes):2683
                  Entropy (8bit):3.9950320590453408
                  Encrypted:false
                  SSDEEP:48:80d9Tlt8HRidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbky+yT+:8mvHT/TbxWOvTbky7T
                  MD5:FE5B89DBE079278A324715FD925E1505
                  SHA1:0D82FADD639DAB019ADB22234B249151868C8C2B
                  SHA-256:A9D9874680A0B2EE56DE9F408B78B6A326CC61EB0E80830FDD6F779200B023B2
                  SHA-512:62AB21D48A9E9D808DC16E722C1BC1A2667045B064C648BFB3FAA4D512E4F895AF0F72E431DC82937D609B2A49AA7082CE8416C1E94119059684ECB649F4B7AB
                  Malicious:false
                  Reputation:low
                  Preview:L..................F.@.. ...$+.,....S..7A...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.`....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.`....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.`....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.`..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.`...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............a._.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                  Chrome Cache Entry: 59

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):809
                  Entropy (8bit):7.663299837754997
                  Encrypted:false
                  SSDEEP:24:2ne/Kw02Xir4MoizAhCXTYuBg9F6pFSFgPMCD1:2GzMoizAQt9bSFgV1
                  MD5:671FBA9A8BD618E3A78BA795ED8DDABA
                  SHA1:067638A901F28A90CEE1D95599558CED0692C45A
                  SHA-256:879565E64A6D2DC0DEDEF5E923FA2C6F4728C4081DA9CBECA2B20B3F36742C82
                  SHA-512:FEE0322A7723F61AD6DE85F1317E8515BD11E330F6AAAE5E83C337F8D910ABAF1076D47241D60874CA86B6B78B33C29A2191A3CAD28C7BDEBC6E8ACF5311E7FA
                  Malicious:false
                  Reputation:low
                  Preview:.PNG........IHDR... ... .....szz.....pHYs..........+......IDATX..._h.U..._b....R..Qc.....".}.......E...(.P,.....".....((.MQ\.X.b..U4.t.R...jZC..0...%;.k<..{.....9.{.vZ...ag.%]m...{...ei&...>..h...jg..o-.Ax'...q.>.N..@ ....n.K...Y..Of..W. ...b,..6..B.>..*{.../.>..j.8.G...G..q....X..U.V. ...8..jG.<jy..=.OJH.......p.O...!.,5..U.w..$F.....#>.x%.`........O.>...clz.....q.d...o....q..5...y;;..-\v?.....}8...u-....;..wzq../w.......^..A.=..-8..h...*.m........'.w.w...ZJ..c.3x....3....A...0>>xdR...[...G.......... .N....JUr.-.&.3.[nt80WxL..b...k3.......{G.9......3[Fvn.wq..U.?9.g.......G../.\rf....t......$..>\..._?........>n?.DL..T...s....Y...B.U.0...Ek..q.@.....Y.:.B...w.(.~....X.....q..M.;...0..G1....9._*T..Z%.[r.. ...r...cW.Z...p....2.-T.3-`.\..........a=......IEND.B`.

                  Chrome Cache Entry: 60

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:HTML document, ASCII text, with very long lines (64323), with CRLF line terminators
                  Category:downloaded
                  Size (bytes):560212
                  Entropy (8bit):6.010281504487722
                  Encrypted:false
                  SSDEEP:12288:FVn3uQcb0NOJhrBnCyAbTlRT1nqZoT2eDKOrj3mjx7mbxwu/AXcXM:kba8+TlnV6It2jx7E7//M
                  MD5:259E87A5DD21890E707257A577C6AEA1
                  SHA1:C771FB39D260C727CBEC797E20C363A7024F2226
                  SHA-256:7703C9EE1F33F6DAFD36D8FC6FF491C05B396FC1F696036055176B128137AFF0
                  SHA-512:15A1983E07EE6C8E150DA0B65C952FD98F35BF0DB63580C64B3805BF03ED490B7E4F234BBDEF032B96D501B65D8D57717C6A400000824F8B9539ED3A430C465C
                  Malicious:false
                  Reputation:low
                  URL:https://aatfinancialservices.com/ghan01122/?utm_source=hins-newsletter-3552d1.beehiiv.com&utm_medium=newsletter&utm_campaign=iuyi
                  Preview:..<html><head><meta charset='utf-8'/><style id='basic-html-wysiwyg-editor-css'>table {.. border-top: 1px solid #ccc;.. border-left: 1px solid #ccc;..}.... table td,.. table th {.. border-bottom: 1px solid #ccc;.. border-right: 1px solid #ccc;.. padding: 3px 5px;.. }.... table th {.. border-bottom: 2px solid #ccc;.. text-align: center;.. }....blockquote {.. display: block;.. border-left: 8px solid #d0e5f2;.. padding: 5px 10px;.. margin: 10px 0;.. line-height: 1.4;.. font-size: 100%;.. background-color: #f1f1f1;..}....code {.. display: inline-block;.. background-color: #f1f1f1;.. border-radius: 3px;.. padding: 3px 5px;.. margin: 0 3px;..}....pre code {.. display: block;..}....ul, ol {.. margin: 10px 0 10px 20px;..}..</style></head><body>...... <meta charset="UTF-8">.. <base href="https://www.facebook.com/"> This sets the base URL for all relative URLs -->.. <meta name="viewport" cont

                  Chrome Cache Entry: 61

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                  Category:downloaded
                  Size (bytes):809
                  Entropy (8bit):7.663299837754997
                  Encrypted:false
                  SSDEEP:24:2ne/Kw02Xir4MoizAhCXTYuBg9F6pFSFgPMCD1:2GzMoizAQt9bSFgV1
                  MD5:671FBA9A8BD618E3A78BA795ED8DDABA
                  SHA1:067638A901F28A90CEE1D95599558CED0692C45A
                  SHA-256:879565E64A6D2DC0DEDEF5E923FA2C6F4728C4081DA9CBECA2B20B3F36742C82
                  SHA-512:FEE0322A7723F61AD6DE85F1317E8515BD11E330F6AAAE5E83C337F8D910ABAF1076D47241D60874CA86B6B78B33C29A2191A3CAD28C7BDEBC6E8ACF5311E7FA
                  Malicious:false
                  Reputation:low
                  URL:https://www.aatfinancialservices.com/wp-content/uploads/2019/09/cropped-favicon-32x32.png
                  Preview:.PNG........IHDR... ... .....szz.....pHYs..........+......IDATX..._h.U..._b....R..Qc.....".}.......E...(.P,.....".....((.MQ\.X.b..U4.t.R...jZC..0...%;.k<..{.....9.{.vZ...ag.%]m...{...ei&...>..h...jg..o-.Ax'...q.>.N..@ ....n.K...Y..Of..W. ...b,..6..B.>..*{.../.>..j.8.G...G..q....X..U.V. ...8..jG.<jy..=.OJH.......p.O...!.,5..U.w..$F.....#>.x%.`........O.>...clz.....q.d...o....q..5...y;;..-\v?.....}8...u-....;..wzq../w.......^..A.=..-8..h...*.m........'.w.w...ZJ..c.3x....3....A...0>>xdR...[...G.......... .N....JUr.-.&.3.[nt80WxL..b...k3.......{G.9......3[Fvn.wq..U.?9.g.......G../.\rf....t......$..>\..._?........>n?.DL..T...s....Y...B.U.0...Ek..q.@.....Y.:.B...w.(.~....X.....q..M.;...0..G1....9._*T..Z%.[r.. ...r...cW.Z...p....2.-T.3-`.\..........a=......IEND.B`.

                  Static File Info

                  No static file info

                  Network Behavior

                  Network Port Distribution

                  TCP Packets

                  TimestampSource PortDest PortSource IPDest IP
                  Jul 3, 2024 14:04:45.083293915 CEST49674443192.168.2.523.1.237.91
                  Jul 3, 2024 14:04:45.083295107 CEST49675443192.168.2.523.1.237.91
                  Jul 3, 2024 14:04:45.192671061 CEST49673443192.168.2.523.1.237.91
                  Jul 3, 2024 14:04:54.688647032 CEST49675443192.168.2.523.1.237.91
                  Jul 3, 2024 14:04:54.721237898 CEST49674443192.168.2.523.1.237.91
                  Jul 3, 2024 14:04:54.798028946 CEST49673443192.168.2.523.1.237.91
                  Jul 3, 2024 14:04:55.295756102 CEST49709443192.168.2.518.172.153.4
                  Jul 3, 2024 14:04:55.295809031 CEST4434970918.172.153.4192.168.2.5
                  Jul 3, 2024 14:04:55.295875072 CEST49709443192.168.2.518.172.153.4
                  Jul 3, 2024 14:04:55.296466112 CEST49710443192.168.2.518.172.153.4
                  Jul 3, 2024 14:04:55.296474934 CEST4434971018.172.153.4192.168.2.5
                  Jul 3, 2024 14:04:55.296542883 CEST49710443192.168.2.518.172.153.4
                  Jul 3, 2024 14:04:55.296891928 CEST49709443192.168.2.518.172.153.4
                  Jul 3, 2024 14:04:55.296909094 CEST4434970918.172.153.4192.168.2.5
                  Jul 3, 2024 14:04:55.297086000 CEST49710443192.168.2.518.172.153.4
                  Jul 3, 2024 14:04:55.297097921 CEST4434971018.172.153.4192.168.2.5
                  Jul 3, 2024 14:04:55.987860918 CEST4434971018.172.153.4192.168.2.5
                  Jul 3, 2024 14:04:55.987910032 CEST4434970918.172.153.4192.168.2.5
                  Jul 3, 2024 14:04:55.997070074 CEST49709443192.168.2.518.172.153.4
                  Jul 3, 2024 14:04:55.997091055 CEST4434970918.172.153.4192.168.2.5
                  Jul 3, 2024 14:04:55.997503042 CEST49710443192.168.2.518.172.153.4
                  Jul 3, 2024 14:04:55.997510910 CEST4434971018.172.153.4192.168.2.5
                  Jul 3, 2024 14:04:55.998068094 CEST4434970918.172.153.4192.168.2.5
                  Jul 3, 2024 14:04:55.998123884 CEST49709443192.168.2.518.172.153.4
                  Jul 3, 2024 14:04:55.998508930 CEST4434971018.172.153.4192.168.2.5
                  Jul 3, 2024 14:04:55.998564005 CEST49710443192.168.2.518.172.153.4
                  Jul 3, 2024 14:04:56.002178907 CEST49709443192.168.2.518.172.153.4
                  Jul 3, 2024 14:04:56.002243042 CEST4434970918.172.153.4192.168.2.5
                  Jul 3, 2024 14:04:56.005702972 CEST49710443192.168.2.518.172.153.4
                  Jul 3, 2024 14:04:56.005769968 CEST4434971018.172.153.4192.168.2.5
                  Jul 3, 2024 14:04:56.006201982 CEST49709443192.168.2.518.172.153.4
                  Jul 3, 2024 14:04:56.006211996 CEST4434970918.172.153.4192.168.2.5
                  Jul 3, 2024 14:04:56.047849894 CEST49710443192.168.2.518.172.153.4
                  Jul 3, 2024 14:04:56.047868967 CEST4434971018.172.153.4192.168.2.5
                  Jul 3, 2024 14:04:56.047883034 CEST49709443192.168.2.518.172.153.4
                  Jul 3, 2024 14:04:56.094711065 CEST49710443192.168.2.518.172.153.4
                  Jul 3, 2024 14:04:56.438318014 CEST4434970323.1.237.91192.168.2.5
                  Jul 3, 2024 14:04:56.438426018 CEST49703443192.168.2.523.1.237.91
                  Jul 3, 2024 14:04:56.585846901 CEST4434970918.172.153.4192.168.2.5
                  Jul 3, 2024 14:04:56.585927010 CEST4434970918.172.153.4192.168.2.5
                  Jul 3, 2024 14:04:56.586112976 CEST49709443192.168.2.518.172.153.4
                  Jul 3, 2024 14:04:56.590141058 CEST49709443192.168.2.518.172.153.4
                  Jul 3, 2024 14:04:56.590173960 CEST4434970918.172.153.4192.168.2.5
                  Jul 3, 2024 14:04:56.619497061 CEST49713443192.168.2.5104.18.68.40
                  Jul 3, 2024 14:04:56.619538069 CEST44349713104.18.68.40192.168.2.5
                  Jul 3, 2024 14:04:56.619683981 CEST49713443192.168.2.5104.18.68.40
                  Jul 3, 2024 14:04:56.620170116 CEST49713443192.168.2.5104.18.68.40
                  Jul 3, 2024 14:04:56.620184898 CEST44349713104.18.68.40192.168.2.5
                  Jul 3, 2024 14:04:57.080100060 CEST44349713104.18.68.40192.168.2.5
                  Jul 3, 2024 14:04:57.080363035 CEST49713443192.168.2.5104.18.68.40
                  Jul 3, 2024 14:04:57.080403090 CEST44349713104.18.68.40192.168.2.5
                  Jul 3, 2024 14:04:57.081384897 CEST44349713104.18.68.40192.168.2.5
                  Jul 3, 2024 14:04:57.081450939 CEST49713443192.168.2.5104.18.68.40
                  Jul 3, 2024 14:04:57.506841898 CEST49713443192.168.2.5104.18.68.40
                  Jul 3, 2024 14:04:57.507016897 CEST44349713104.18.68.40192.168.2.5
                  Jul 3, 2024 14:04:57.507164955 CEST49713443192.168.2.5104.18.68.40
                  Jul 3, 2024 14:04:57.507191896 CEST44349713104.18.68.40192.168.2.5
                  Jul 3, 2024 14:04:57.549738884 CEST49713443192.168.2.5104.18.68.40
                  Jul 3, 2024 14:04:57.551714897 CEST49714443192.168.2.5216.58.206.36
                  Jul 3, 2024 14:04:57.551757097 CEST44349714216.58.206.36192.168.2.5
                  Jul 3, 2024 14:04:57.551815987 CEST49714443192.168.2.5216.58.206.36
                  Jul 3, 2024 14:04:57.552206039 CEST49714443192.168.2.5216.58.206.36
                  Jul 3, 2024 14:04:57.552220106 CEST44349714216.58.206.36192.168.2.5
                  Jul 3, 2024 14:04:57.662585974 CEST44349713104.18.68.40192.168.2.5
                  Jul 3, 2024 14:04:57.662692070 CEST44349713104.18.68.40192.168.2.5
                  Jul 3, 2024 14:04:57.662769079 CEST49713443192.168.2.5104.18.68.40
                  Jul 3, 2024 14:04:57.707022905 CEST49713443192.168.2.5104.18.68.40
                  Jul 3, 2024 14:04:57.707045078 CEST44349713104.18.68.40192.168.2.5
                  Jul 3, 2024 14:04:57.852679014 CEST49715443192.168.2.523.43.61.160
                  Jul 3, 2024 14:04:57.852720022 CEST4434971523.43.61.160192.168.2.5
                  Jul 3, 2024 14:04:57.852855921 CEST49715443192.168.2.523.43.61.160
                  Jul 3, 2024 14:04:57.854928017 CEST49715443192.168.2.523.43.61.160
                  Jul 3, 2024 14:04:57.854942083 CEST4434971523.43.61.160192.168.2.5
                  Jul 3, 2024 14:04:57.924499989 CEST49716443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:57.924540043 CEST4434971666.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:57.924861908 CEST49716443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:57.925175905 CEST49716443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:57.925192118 CEST4434971666.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:58.193717957 CEST44349714216.58.206.36192.168.2.5
                  Jul 3, 2024 14:04:58.202850103 CEST49714443192.168.2.5216.58.206.36
                  Jul 3, 2024 14:04:58.202868938 CEST44349714216.58.206.36192.168.2.5
                  Jul 3, 2024 14:04:58.203844070 CEST44349714216.58.206.36192.168.2.5
                  Jul 3, 2024 14:04:58.203931093 CEST49714443192.168.2.5216.58.206.36
                  Jul 3, 2024 14:04:58.205527067 CEST49714443192.168.2.5216.58.206.36
                  Jul 3, 2024 14:04:58.205598116 CEST44349714216.58.206.36192.168.2.5
                  Jul 3, 2024 14:04:58.252834082 CEST49714443192.168.2.5216.58.206.36
                  Jul 3, 2024 14:04:58.252845049 CEST44349714216.58.206.36192.168.2.5
                  Jul 3, 2024 14:04:58.299444914 CEST49714443192.168.2.5216.58.206.36
                  Jul 3, 2024 14:04:58.429794073 CEST4434971666.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:58.430474043 CEST49716443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:58.430490971 CEST4434971666.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:58.431484938 CEST4434971666.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:58.431543112 CEST49716443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:58.432694912 CEST49716443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:58.432758093 CEST4434971666.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:58.433265924 CEST49716443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:58.433276892 CEST4434971666.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:58.484523058 CEST4434971523.43.61.160192.168.2.5
                  Jul 3, 2024 14:04:58.484626055 CEST49715443192.168.2.523.43.61.160
                  Jul 3, 2024 14:04:58.485161066 CEST49716443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:58.492847919 CEST49715443192.168.2.523.43.61.160
                  Jul 3, 2024 14:04:58.492861986 CEST4434971523.43.61.160192.168.2.5
                  Jul 3, 2024 14:04:58.493107080 CEST4434971523.43.61.160192.168.2.5
                  Jul 3, 2024 14:04:58.533395052 CEST49715443192.168.2.523.43.61.160
                  Jul 3, 2024 14:04:58.547260046 CEST4434971666.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:58.547319889 CEST4434971666.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:58.547461033 CEST49716443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:58.584919930 CEST49716443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:58.584949970 CEST4434971666.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:58.588860989 CEST49715443192.168.2.523.43.61.160
                  Jul 3, 2024 14:04:58.636497021 CEST4434971523.43.61.160192.168.2.5
                  Jul 3, 2024 14:04:58.792167902 CEST4434971523.43.61.160192.168.2.5
                  Jul 3, 2024 14:04:58.792260885 CEST4434971523.43.61.160192.168.2.5
                  Jul 3, 2024 14:04:58.792330980 CEST49715443192.168.2.523.43.61.160
                  Jul 3, 2024 14:04:58.792397022 CEST49715443192.168.2.523.43.61.160
                  Jul 3, 2024 14:04:58.792413950 CEST4434971523.43.61.160192.168.2.5
                  Jul 3, 2024 14:04:58.792432070 CEST49715443192.168.2.523.43.61.160
                  Jul 3, 2024 14:04:58.792438030 CEST4434971523.43.61.160192.168.2.5
                  Jul 3, 2024 14:04:58.824337959 CEST49717443192.168.2.523.43.61.160
                  Jul 3, 2024 14:04:58.824366093 CEST4434971723.43.61.160192.168.2.5
                  Jul 3, 2024 14:04:58.824532986 CEST49717443192.168.2.523.43.61.160
                  Jul 3, 2024 14:04:58.824825048 CEST49717443192.168.2.523.43.61.160
                  Jul 3, 2024 14:04:58.824837923 CEST4434971723.43.61.160192.168.2.5
                  Jul 3, 2024 14:04:59.039622068 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:59.039670944 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:59.039884090 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:59.040096045 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:59.040111065 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:59.478971004 CEST4434971723.43.61.160192.168.2.5
                  Jul 3, 2024 14:04:59.479067087 CEST49717443192.168.2.523.43.61.160
                  Jul 3, 2024 14:04:59.481019020 CEST49717443192.168.2.523.43.61.160
                  Jul 3, 2024 14:04:59.481029987 CEST4434971723.43.61.160192.168.2.5
                  Jul 3, 2024 14:04:59.481285095 CEST4434971723.43.61.160192.168.2.5
                  Jul 3, 2024 14:04:59.482848883 CEST49717443192.168.2.523.43.61.160
                  Jul 3, 2024 14:04:59.510176897 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:59.510648012 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:59.510667086 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:59.511024952 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:59.512356997 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:59.512412071 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:59.512950897 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:59.528496981 CEST4434971723.43.61.160192.168.2.5
                  Jul 3, 2024 14:04:59.560492039 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:59.623065948 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:59.623087883 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:59.623152971 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:59.623168945 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:59.666208982 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:59.709712982 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:59.709723949 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:59.709816933 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:59.710068941 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:59.710128069 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:59.710998058 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:59.711085081 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:59.712493896 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:59.712568045 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:59.719182968 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:59.719257116 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:59.750087976 CEST4434971723.43.61.160192.168.2.5
                  Jul 3, 2024 14:04:59.750154018 CEST4434971723.43.61.160192.168.2.5
                  Jul 3, 2024 14:04:59.750247955 CEST49717443192.168.2.523.43.61.160
                  Jul 3, 2024 14:04:59.756850958 CEST49717443192.168.2.523.43.61.160
                  Jul 3, 2024 14:04:59.756874084 CEST4434971723.43.61.160192.168.2.5
                  Jul 3, 2024 14:04:59.756892920 CEST49717443192.168.2.523.43.61.160
                  Jul 3, 2024 14:04:59.756900072 CEST4434971723.43.61.160192.168.2.5
                  Jul 3, 2024 14:04:59.796552896 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:59.796616077 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:59.796925068 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:59.796998978 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:59.797758102 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:59.797818899 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:59.798629999 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:59.798695087 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:59.799529076 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:59.799598932 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:59.800342083 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:59.800415039 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:59.806291103 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:59.806369066 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:59.883138895 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:59.883215904 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:59.883407116 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:59.883476973 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:59.884087086 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:59.884160042 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:59.884680033 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:59.884737968 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:59.884924889 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:59.884998083 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:59.885693073 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:59.885754108 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:59.885878086 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:59.885934114 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:59.886682987 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:59.886745930 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:59.887404919 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:59.887470961 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:59.887708902 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:59.887769938 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:59.888555050 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:59.888621092 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:59.892817020 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:59.892875910 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:59.893095970 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:59.893153906 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:59.893376112 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:59.893443108 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:59.970320940 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:59.970402956 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:59.970501900 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:59.970556021 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:59.970789909 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:59.970859051 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:59.971249104 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:59.971303940 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:59.971612930 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:59.971663952 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:59.971672058 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:59.971678019 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:59.971714020 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:59.972034931 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:59.972101927 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:59.972440004 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:59.972491026 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:59.972501040 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:59.972505093 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:59.972536087 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:59.972551107 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:59.975378036 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:59.975445986 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:59.975765944 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:59.975832939 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:59.975838900 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:59.975895882 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:59.976022005 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:59.976085901 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:59.981293917 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:59.981353998 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:59.981514931 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:59.981594086 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:04:59.981781960 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:04:59.981848955 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:00.057076931 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:00.057168007 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:00.057216883 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:00.057281971 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:00.057442904 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:00.057503939 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:00.057847977 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:00.057914019 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:00.058104038 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:00.058151960 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:00.058182001 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:00.058188915 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:00.058223009 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:00.058242083 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:00.058629990 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:00.058696985 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:00.058979988 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:00.059048891 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:00.059303999 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:00.059350014 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:00.059376001 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:00.059381962 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:00.059408903 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:00.059427977 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:00.059926987 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:00.059973955 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:00.059981108 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:00.059988976 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:00.060046911 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:00.060451984 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:00.060640097 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:00.062833071 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:00.067815065 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:00.067898035 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:00.068130016 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:00.068197012 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:00.068447113 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:00.068511009 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:00.143764019 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:00.143827915 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:00.143997908 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:00.144064903 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:00.144210100 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:00.144284964 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:00.144668102 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:00.144707918 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:00.144728899 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:00.144737959 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:00.144778967 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:00.144789934 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:00.145180941 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:00.145263910 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:00.145270109 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:00.145279884 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:00.145318031 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:00.145338058 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:00.145770073 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:00.145828009 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:00.145999908 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:00.146054029 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:00.146184921 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:00.146240950 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:00.146598101 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:00.146652937 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:00.146657944 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:00.146697044 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:00.146742105 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:00.229073048 CEST49718443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:00.229108095 CEST4434971866.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:00.751207113 CEST49719443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:00.751238108 CEST4434971966.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:00.751307011 CEST49719443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:00.752454042 CEST49719443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:00.752466917 CEST4434971966.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:01.221379042 CEST4434971966.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:01.266577959 CEST49719443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:01.552355051 CEST49719443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:01.552373886 CEST4434971966.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:01.552825928 CEST4434971966.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:01.557140112 CEST49719443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:01.557216883 CEST4434971966.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:01.557835102 CEST49719443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:01.600505114 CEST4434971966.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:02.399382114 CEST4434971966.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:02.399985075 CEST49719443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:02.400026083 CEST4434971966.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:02.400093079 CEST49719443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:02.641935110 CEST49720443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:02.641968966 CEST4434972066.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:02.642051935 CEST49720443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:02.642301083 CEST49720443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:02.642314911 CEST4434972066.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:03.111717939 CEST4434972066.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:03.112169027 CEST49720443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:03.112191916 CEST4434972066.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:03.113301039 CEST4434972066.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:03.113385916 CEST49720443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:03.117616892 CEST49720443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:03.117682934 CEST4434972066.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:03.117813110 CEST49720443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:03.117821932 CEST4434972066.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:03.172832012 CEST49720443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:03.225838900 CEST4434972066.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:03.225990057 CEST4434972066.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:03.226212978 CEST49720443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:03.226526976 CEST49720443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:03.226546049 CEST4434972066.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:03.419934034 CEST49721443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:03.419960022 CEST4434972166.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:03.420110941 CEST49721443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:03.420480013 CEST49721443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:03.420492887 CEST4434972166.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:03.892242908 CEST4434972166.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:03.892550945 CEST49721443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:03.892565012 CEST4434972166.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:03.893574953 CEST4434972166.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:03.893656969 CEST49721443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:03.894068003 CEST49721443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:03.894123077 CEST4434972166.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:03.894263983 CEST49721443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:03.938958883 CEST49721443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:03.938966036 CEST4434972166.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:03.985888004 CEST49721443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:04.003756046 CEST4434972166.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:04.003825903 CEST4434972166.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:04.005290985 CEST49721443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:04.005578041 CEST49721443192.168.2.566.70.176.204
                  Jul 3, 2024 14:05:04.005588055 CEST4434972166.70.176.204192.168.2.5
                  Jul 3, 2024 14:05:08.115849018 CEST44349714216.58.206.36192.168.2.5
                  Jul 3, 2024 14:05:08.115919113 CEST44349714216.58.206.36192.168.2.5
                  Jul 3, 2024 14:05:08.115963936 CEST49714443192.168.2.5216.58.206.36
                  Jul 3, 2024 14:05:09.378757954 CEST49714443192.168.2.5216.58.206.36
                  Jul 3, 2024 14:05:09.378798962 CEST44349714216.58.206.36192.168.2.5
                  Jul 3, 2024 14:05:10.415158987 CEST6077153192.168.2.51.1.1.1
                  Jul 3, 2024 14:05:10.420154095 CEST53607711.1.1.1192.168.2.5
                  Jul 3, 2024 14:05:10.420217991 CEST6077153192.168.2.51.1.1.1
                  Jul 3, 2024 14:05:10.420264959 CEST6077153192.168.2.51.1.1.1
                  Jul 3, 2024 14:05:10.425154924 CEST53607711.1.1.1192.168.2.5
                  Jul 3, 2024 14:05:10.889221907 CEST53607711.1.1.1192.168.2.5
                  Jul 3, 2024 14:05:10.889945030 CEST6077153192.168.2.51.1.1.1
                  Jul 3, 2024 14:05:10.897464991 CEST53607711.1.1.1192.168.2.5
                  Jul 3, 2024 14:05:10.897521973 CEST6077153192.168.2.51.1.1.1
                  Jul 3, 2024 14:05:26.015393972 CEST4434971018.172.153.4192.168.2.5
                  Jul 3, 2024 14:05:26.015481949 CEST4434971018.172.153.4192.168.2.5
                  Jul 3, 2024 14:05:26.015602112 CEST49710443192.168.2.518.172.153.4
                  Jul 3, 2024 14:05:27.545665026 CEST49710443192.168.2.518.172.153.4
                  Jul 3, 2024 14:05:27.545703888 CEST4434971018.172.153.4192.168.2.5
                  Jul 3, 2024 14:05:57.596813917 CEST60774443192.168.2.5216.58.206.36
                  Jul 3, 2024 14:05:57.596847057 CEST44360774216.58.206.36192.168.2.5
                  Jul 3, 2024 14:05:57.596926928 CEST60774443192.168.2.5216.58.206.36
                  Jul 3, 2024 14:05:57.597196102 CEST60774443192.168.2.5216.58.206.36
                  Jul 3, 2024 14:05:57.597208977 CEST44360774216.58.206.36192.168.2.5
                  Jul 3, 2024 14:05:58.225924969 CEST44360774216.58.206.36192.168.2.5
                  Jul 3, 2024 14:05:58.226300955 CEST60774443192.168.2.5216.58.206.36
                  Jul 3, 2024 14:05:58.226339102 CEST44360774216.58.206.36192.168.2.5
                  Jul 3, 2024 14:05:58.226759911 CEST44360774216.58.206.36192.168.2.5
                  Jul 3, 2024 14:05:58.227364063 CEST60774443192.168.2.5216.58.206.36
                  Jul 3, 2024 14:05:58.227432013 CEST44360774216.58.206.36192.168.2.5
                  Jul 3, 2024 14:05:58.282751083 CEST60774443192.168.2.5216.58.206.36
                  Jul 3, 2024 14:06:08.141401052 CEST44360774216.58.206.36192.168.2.5
                  Jul 3, 2024 14:06:08.141472101 CEST44360774216.58.206.36192.168.2.5
                  Jul 3, 2024 14:06:08.141537905 CEST60774443192.168.2.5216.58.206.36
                  Jul 3, 2024 14:06:09.381803989 CEST60774443192.168.2.5216.58.206.36
                  Jul 3, 2024 14:06:09.381875038 CEST44360774216.58.206.36192.168.2.5

                  UDP Packets

                  TimestampSource PortDest PortSource IPDest IP
                  Jul 3, 2024 14:04:53.136900902 CEST53566471.1.1.1192.168.2.5
                  Jul 3, 2024 14:04:53.219727993 CEST53616991.1.1.1192.168.2.5
                  Jul 3, 2024 14:04:54.198633909 CEST53540001.1.1.1192.168.2.5
                  Jul 3, 2024 14:04:55.276238918 CEST5711653192.168.2.51.1.1.1
                  Jul 3, 2024 14:04:55.276336908 CEST6423953192.168.2.51.1.1.1
                  Jul 3, 2024 14:04:55.284672976 CEST53571161.1.1.1192.168.2.5
                  Jul 3, 2024 14:04:55.302196980 CEST53642391.1.1.1192.168.2.5
                  Jul 3, 2024 14:04:56.600892067 CEST5313453192.168.2.51.1.1.1
                  Jul 3, 2024 14:04:56.601685047 CEST5627653192.168.2.51.1.1.1
                  Jul 3, 2024 14:04:56.608251095 CEST53531341.1.1.1192.168.2.5
                  Jul 3, 2024 14:04:56.618746042 CEST53562761.1.1.1192.168.2.5
                  Jul 3, 2024 14:04:57.541435957 CEST6516653192.168.2.51.1.1.1
                  Jul 3, 2024 14:04:57.541837931 CEST6268853192.168.2.51.1.1.1
                  Jul 3, 2024 14:04:57.548856020 CEST53651661.1.1.1192.168.2.5
                  Jul 3, 2024 14:04:57.548892975 CEST53626881.1.1.1192.168.2.5
                  Jul 3, 2024 14:04:57.711715937 CEST6354253192.168.2.51.1.1.1
                  Jul 3, 2024 14:04:57.712070942 CEST5770953192.168.2.51.1.1.1
                  Jul 3, 2024 14:04:57.910550117 CEST53635421.1.1.1192.168.2.5
                  Jul 3, 2024 14:04:57.923841000 CEST53577091.1.1.1192.168.2.5
                  Jul 3, 2024 14:05:02.404454947 CEST5274553192.168.2.51.1.1.1
                  Jul 3, 2024 14:05:02.404866934 CEST5452253192.168.2.51.1.1.1
                  Jul 3, 2024 14:05:02.596935034 CEST53527451.1.1.1192.168.2.5
                  Jul 3, 2024 14:05:02.694188118 CEST53545221.1.1.1192.168.2.5
                  Jul 3, 2024 14:05:03.231333971 CEST5750653192.168.2.51.1.1.1
                  Jul 3, 2024 14:05:03.231746912 CEST6028853192.168.2.51.1.1.1
                  Jul 3, 2024 14:05:03.241683006 CEST53602881.1.1.1192.168.2.5
                  Jul 3, 2024 14:05:03.419424057 CEST53575061.1.1.1192.168.2.5
                  Jul 3, 2024 14:05:10.414737940 CEST53641471.1.1.1192.168.2.5
                  Jul 3, 2024 14:05:11.510801077 CEST53612811.1.1.1192.168.2.5
                  Jul 3, 2024 14:05:30.558811903 CEST53557931.1.1.1192.168.2.5
                  Jul 3, 2024 14:05:52.817826986 CEST53525551.1.1.1192.168.2.5
                  Jul 3, 2024 14:05:53.427829027 CEST53654661.1.1.1192.168.2.5

                  ICMP Packets

                  TimestampSource IPDest IPChecksumCodeType
                  Jul 3, 2024 14:04:55.302299023 CEST192.168.2.51.1.1.1c26f(Port unreachable)Destination Unreachable
                  Jul 3, 2024 14:05:02.694250107 CEST192.168.2.51.1.1.1c24c(Port unreachable)Destination Unreachable

                  DNS Queries

                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                  Jul 3, 2024 14:04:55.276238918 CEST192.168.2.51.1.1.10x96dcStandard query (0)us-east-2.protection.sophos.comA (IP address)IN (0x0001)false
                  Jul 3, 2024 14:04:55.276336908 CEST192.168.2.51.1.1.10xdc12Standard query (0)us-east-2.protection.sophos.com65IN (0x0001)false
                  Jul 3, 2024 14:04:56.600892067 CEST192.168.2.51.1.1.10x681dStandard query (0)link.mail.beehiiv.comA (IP address)IN (0x0001)false
                  Jul 3, 2024 14:04:56.601685047 CEST192.168.2.51.1.1.10xee65Standard query (0)link.mail.beehiiv.com65IN (0x0001)false
                  Jul 3, 2024 14:04:57.541435957 CEST192.168.2.51.1.1.10xedc5Standard query (0)www.google.comA (IP address)IN (0x0001)false
                  Jul 3, 2024 14:04:57.541837931 CEST192.168.2.51.1.1.10xaa1cStandard query (0)www.google.com65IN (0x0001)false
                  Jul 3, 2024 14:04:57.711715937 CEST192.168.2.51.1.1.10x9c44Standard query (0)aatfinancialservices.comA (IP address)IN (0x0001)false
                  Jul 3, 2024 14:04:57.712070942 CEST192.168.2.51.1.1.10x8c29Standard query (0)aatfinancialservices.com65IN (0x0001)false
                  Jul 3, 2024 14:05:02.404454947 CEST192.168.2.51.1.1.10xa194Standard query (0)www.aatfinancialservices.comA (IP address)IN (0x0001)false
                  Jul 3, 2024 14:05:02.404866934 CEST192.168.2.51.1.1.10x20aaStandard query (0)www.aatfinancialservices.com65IN (0x0001)false
                  Jul 3, 2024 14:05:03.231333971 CEST192.168.2.51.1.1.10x23d7Standard query (0)www.aatfinancialservices.comA (IP address)IN (0x0001)false
                  Jul 3, 2024 14:05:03.231746912 CEST192.168.2.51.1.1.10x316eStandard query (0)www.aatfinancialservices.com65IN (0x0001)false

                  DNS Answers

                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                  Jul 3, 2024 14:04:55.284672976 CEST1.1.1.1192.168.2.50x96dcNo error (0)us-east-2.protection.sophos.comd1nhsro6ypf0az.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                  Jul 3, 2024 14:04:55.284672976 CEST1.1.1.1192.168.2.50x96dcNo error (0)d1nhsro6ypf0az.cloudfront.net18.172.153.4A (IP address)IN (0x0001)false
                  Jul 3, 2024 14:04:55.284672976 CEST1.1.1.1192.168.2.50x96dcNo error (0)d1nhsro6ypf0az.cloudfront.net18.172.153.78A (IP address)IN (0x0001)false
                  Jul 3, 2024 14:04:55.284672976 CEST1.1.1.1192.168.2.50x96dcNo error (0)d1nhsro6ypf0az.cloudfront.net18.172.153.42A (IP address)IN (0x0001)false
                  Jul 3, 2024 14:04:55.284672976 CEST1.1.1.1192.168.2.50x96dcNo error (0)d1nhsro6ypf0az.cloudfront.net18.172.153.36A (IP address)IN (0x0001)false
                  Jul 3, 2024 14:04:55.302196980 CEST1.1.1.1192.168.2.50xdc12No error (0)us-east-2.protection.sophos.comd1nhsro6ypf0az.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                  Jul 3, 2024 14:04:56.608251095 CEST1.1.1.1192.168.2.50x681dNo error (0)link.mail.beehiiv.com104.18.68.40A (IP address)IN (0x0001)false
                  Jul 3, 2024 14:04:56.608251095 CEST1.1.1.1192.168.2.50x681dNo error (0)link.mail.beehiiv.com104.18.69.40A (IP address)IN (0x0001)false
                  Jul 3, 2024 14:04:56.618746042 CEST1.1.1.1192.168.2.50xee65No error (0)link.mail.beehiiv.com65IN (0x0001)false
                  Jul 3, 2024 14:04:57.548856020 CEST1.1.1.1192.168.2.50xedc5No error (0)www.google.com216.58.206.36A (IP address)IN (0x0001)false
                  Jul 3, 2024 14:04:57.548892975 CEST1.1.1.1192.168.2.50xaa1cNo error (0)www.google.com65IN (0x0001)false
                  Jul 3, 2024 14:04:57.910550117 CEST1.1.1.1192.168.2.50x9c44No error (0)aatfinancialservices.com66.70.176.204A (IP address)IN (0x0001)false
                  Jul 3, 2024 14:05:02.596935034 CEST1.1.1.1192.168.2.50xa194No error (0)www.aatfinancialservices.comaatfinancialservices.comCNAME (Canonical name)IN (0x0001)false
                  Jul 3, 2024 14:05:02.596935034 CEST1.1.1.1192.168.2.50xa194No error (0)aatfinancialservices.com66.70.176.204A (IP address)IN (0x0001)false
                  Jul 3, 2024 14:05:02.694188118 CEST1.1.1.1192.168.2.50x20aaNo error (0)www.aatfinancialservices.comaatfinancialservices.comCNAME (Canonical name)IN (0x0001)false
                  Jul 3, 2024 14:05:03.241683006 CEST1.1.1.1192.168.2.50x316eNo error (0)www.aatfinancialservices.comaatfinancialservices.comCNAME (Canonical name)IN (0x0001)false
                  Jul 3, 2024 14:05:03.419424057 CEST1.1.1.1192.168.2.50x23d7No error (0)www.aatfinancialservices.comaatfinancialservices.comCNAME (Canonical name)IN (0x0001)false
                  Jul 3, 2024 14:05:03.419424057 CEST1.1.1.1192.168.2.50x23d7No error (0)aatfinancialservices.com66.70.176.204A (IP address)IN (0x0001)false
                  Jul 3, 2024 14:05:06.652587891 CEST1.1.1.1192.168.2.50xacc1No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                  Jul 3, 2024 14:05:06.652587891 CEST1.1.1.1192.168.2.50xacc1No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false

                  HTTP Request Dependency Graph

                  • us-east-2.protection.sophos.com
                  • link.mail.beehiiv.com
                  • aatfinancialservices.com
                  • fs.microsoft.com
                  • https:
                    • www.aatfinancialservices.com

                  HTTPS Proxied Packets

                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  0192.168.2.54970918.172.153.44433628C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  2024-07-03 12:04:56 UTC1853OUTGET /?d=beehiiv.com&u=aHR0cHM6Ly9saW5rLm1haWwuYmVlaGlpdi5jb20vbHMvY2xpY2s_dXBuPXUwMDEublhka2JOSUpSeEZBS3VJWUJaMjU1N3l4Ujd6TmpDcFhIYW5SQnlyQXY3ZHMzMDZEQ091c3dBUU0yYzhiZFN4b1BudElFVWpoUzJhdzI1aDJUcWNiZVVCdXQ3WEhqcHZMejN4aS0yRnBZN2NYb3RNbXNIRlVyUkd5RDAzTGhIZms2a2E1ZGZEVFpCSlVkWnpOandHYUJsR0x3U1B4MlN1TVNIWEl5ZlI3YVdDNW1aeFNQLTJCUWFOUmpzMlpwblRwbmxpLTJGX245c19sZUtscWNRUnJvOGtNTXJocHFZOENpeTQ4MnhLUmJTM1NZcE16TVUtMkY5c0VvdjNqMExCNE1kOVZ3WUJvOEY2bEhJTllZbE90LTJGcjRQd1FwOXdCVmFuUXpmRy0yQnZlaFF5WVBjamlVbFpSN3VSaHJFbWFrLTJCYXY5T2RyYldyREphTmo3ck1iNmlhckR2Rjh1d2xPeDZ5VFY5ODFHLTJGejZiRDczakVOVHk4M0pXa2kzVzNTSzRBRURwQjd3dEg4blRyZ203ZjYxaEg2enlzYjFLYVl0S0pyWUJjU2QxNTN2SDQ5eDlTeW5acVZ0TGdqN2RrWU1FRkE1NzV6WWF6b2UwQmw2UnVUM1RHTkJiU2JpOHhUNUFnRGJMUjY4TlU1ay0yRmtDVFJtOHJrWWRMSDBNRGgtMkY3c1J6dVE4TEJxeDBvQzZ6WXVFQk0xRVFBdGI3eGxMZVEtMkJ5SEtiOE4yVHV0TFdpVEk4amc4b3U5MTkxRlM5SDEyLTJCbnJpT0hESVo2Nk1yd3pIeTRScFBQWlAtMkJ0Y1NscGt2Z01HT2F5Nmx6UGlCdE1MeGRrODI5eGU3TThFT1VLRDR2UHIxZFdYZ3c3MjFQQjFNa3k=&i=NWNiNGNiOGY1NWZlOGIxMTAwZmUxN2Uy&t=YUVv [TRUNCATED]
                  Host: us-east-2.protection.sophos.com
                  Connection: keep-alive
                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                  sec-ch-ua-mobile: ?0
                  sec-ch-ua-platform: "Windows"
                  Upgrade-Insecure-Requests: 1
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                  Sec-Fetch-Site: none
                  Sec-Fetch-Mode: navigate
                  Sec-Fetch-User: ?1
                  Sec-Fetch-Dest: document
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  2024-07-03 12:04:56 UTC1315INHTTP/1.1 302 Found
                  Content-Type: text/html
                  Content-Length: 0
                  Connection: close
                  Date: Wed, 03 Jul 2024 12:04:56 GMT
                  x-amzn-RequestId: 5afc42d1-acda-42f9-b538-5b8dc59e20ac
                  Referrer-Policy: no-referrer
                  X-Robots-Tag: noindex, nofollow
                  x-amz-apigw-id: aVawWGHuiYcErWQ=
                  Location: https://link.mail.beehiiv.com/ls/click?upn=u001.nXdkbNIJRxFAKuIYBZ2557yxR7zNjCpXHanRByrAv7ds306DCOuswAQM2c8bdSxoPntIEUjhS2aw25h2TqcbeUBut7XHjpvLz3xi-2FpY7cXotMmsHFUrRGyD03LhHfk6ka5dfDTZBJUdZzNjwGaBlGLwSPx2SuMSHXIyfR7aWC5mZxSP-2BQaNRjs2ZpnTpnli-2F_n9s_leKlqcQRro8kMMrhpqY8Ciy482xKRbS3SYpMzMU-2F9sEov3j0LB4Md9VwYBo8F6lHINYYlOt-2Fr4PwQp9wBVanQzfG-2BvehQyYPcjiUlZR7uRhrEmak-2Bav9OdrbWrDJaNj7rMb6iarDvF8uwlOx6yTV981G-2Fz6bD73jENTy83JWki3W3SK4AEDpB7wtH8nTrgm7f61hH6zysb1KaYtKJrYBcSd153vH49x9SynZqVtLgj7dkYMEFA575zYazoe0Bl6RuT3TGNBbSbi8xT5AgDbLR68NU5k-2FkCTRm8rkYdLH0MDh-2F7sRzuQ8LBqx0oC6zYuEBM1EQAtb7xlLeQ-2ByHKb8N2TutLWiTI8jg8ou9191FS9H12-2BnriOHDIZ66MrwzHy4RpPPZP-2BtcSlpkvgMGOay6lzPiBtMLxdk829xe7M8EOUKD4vPr1dWXgw721PB1Mky
                  X-Amzn-Trace-Id: Root=1-66853e68-54e3441734f7a3e917b63202;Parent=2a73f9d426cae846;Sampled=0;lineage=2ebe4394:0
                  X-Cache: Miss from cloudfront
                  Via: 1.1 0a817a6f6857cf3eedfb0006771e08f6.cloudfront.net (CloudFront)
                  X-Amz-Cf-Pop: LHR50-P5
                  X-Amz-Cf-Id: AVPhg4APkrMSXvg8K_rDz9FxS-10ZWaenSBdYUNG_CCHjBN2IoTa3Q==


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  1192.168.2.549713104.18.68.404433628C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  2024-07-03 12:04:57 UTC1353OUTGET /ls/click?upn=u001.nXdkbNIJRxFAKuIYBZ2557yxR7zNjCpXHanRByrAv7ds306DCOuswAQM2c8bdSxoPntIEUjhS2aw25h2TqcbeUBut7XHjpvLz3xi-2FpY7cXotMmsHFUrRGyD03LhHfk6ka5dfDTZBJUdZzNjwGaBlGLwSPx2SuMSHXIyfR7aWC5mZxSP-2BQaNRjs2ZpnTpnli-2F_n9s_leKlqcQRro8kMMrhpqY8Ciy482xKRbS3SYpMzMU-2F9sEov3j0LB4Md9VwYBo8F6lHINYYlOt-2Fr4PwQp9wBVanQzfG-2BvehQyYPcjiUlZR7uRhrEmak-2Bav9OdrbWrDJaNj7rMb6iarDvF8uwlOx6yTV981G-2Fz6bD73jENTy83JWki3W3SK4AEDpB7wtH8nTrgm7f61hH6zysb1KaYtKJrYBcSd153vH49x9SynZqVtLgj7dkYMEFA575zYazoe0Bl6RuT3TGNBbSbi8xT5AgDbLR68NU5k-2FkCTRm8rkYdLH0MDh-2F7sRzuQ8LBqx0oC6zYuEBM1EQAtb7xlLeQ-2ByHKb8N2TutLWiTI8jg8ou9191FS9H12-2BnriOHDIZ66MrwzHy4RpPPZP-2BtcSlpkvgMGOay6lzPiBtMLxdk829xe7M8EOUKD4vPr1dWXgw721PB1Mky HTTP/1.1
                  Host: link.mail.beehiiv.com
                  Connection: keep-alive
                  Upgrade-Insecure-Requests: 1
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                  Sec-Fetch-Site: none
                  Sec-Fetch-Mode: navigate
                  Sec-Fetch-User: ?1
                  Sec-Fetch-Dest: document
                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                  sec-ch-ua-mobile: ?0
                  sec-ch-ua-platform: "Windows"
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  2024-07-03 12:04:57 UTC665INHTTP/1.1 302 Found
                  Date: Wed, 03 Jul 2024 12:04:57 GMT
                  Content-Type: text/html; charset=utf-8
                  Transfer-Encoding: chunked
                  Connection: close
                  Location: https://aatfinancialservices.com/ghan01122?utm_source=hins-newsletter-3552d1.beehiiv.com&utm_medium=newsletter&utm_campaign=iuyi
                  X-Robots-Tag: noindex, nofollow
                  CF-Cache-Status: DYNAMIC
                  Set-Cookie: __cf_bm=9ypHgry6fMOW.M5xyoRUXdqrjkumZGK64Q2RBSvkVA4-1720008297-1.0.1.1-uCVE7VJLRsfr0.NQ46NISJjRfluBOk9P2uvvq5i826b9THvz7qlVAPL4RTWMfePDN9YCzrzGH7xlV9s5HlN02g; path=/; expires=Wed, 03-Jul-24 12:34:57 GMT; domain=.beehiiv.com; HttpOnly; Secure; SameSite=None
                  Server: cloudflare
                  CF-RAY: 89d6bdb3bc8b41e1-EWR
                  2024-07-03 12:04:57 UTC165INData Raw: 39 66 0d 0a 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 61 74 66 69 6e 61 6e 63 69 61 6c 73 65 72 76 69 63 65 73 2e 63 6f 6d 2f 67 68 61 6e 30 31 31 32 32 3f 75 74 6d 5f 73 6f 75 72 63 65 3d 68 69 6e 73 2d 6e 65 77 73 6c 65 74 74 65 72 2d 33 35 35 32 64 31 2e 62 65 65 68 69 69 76 2e 63 6f 6d 26 61 6d 70 3b 75 74 6d 5f 6d 65 64 69 75 6d 3d 6e 65 77 73 6c 65 74 74 65 72 26 61 6d 70 3b 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 69 75 79 69 22 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a 0d 0a
                  Data Ascii: 9f<a href="https://aatfinancialservices.com/ghan01122?utm_source=hins-newsletter-3552d1.beehiiv.com&amp;utm_medium=newsletter&amp;utm_campaign=iuyi">Found</a>.
                  2024-07-03 12:04:57 UTC5INData Raw: 30 0d 0a 0d 0a
                  Data Ascii: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  2192.168.2.54971666.70.176.2044433628C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  2024-07-03 12:04:58 UTC762OUTGET /ghan01122?utm_source=hins-newsletter-3552d1.beehiiv.com&utm_medium=newsletter&utm_campaign=iuyi HTTP/1.1
                  Host: aatfinancialservices.com
                  Connection: keep-alive
                  Upgrade-Insecure-Requests: 1
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                  Sec-Fetch-Site: none
                  Sec-Fetch-Mode: navigate
                  Sec-Fetch-User: ?1
                  Sec-Fetch-Dest: document
                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                  sec-ch-ua-mobile: ?0
                  sec-ch-ua-platform: "Windows"
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  2024-07-03 12:04:58 UTC342INHTTP/1.1 301 Moved Permanently
                  Date: Wed, 03 Jul 2024 12:04:58 GMT
                  Server: Apache
                  X-Frame-Options: SAMEORIGIN
                  Location: https://aatfinancialservices.com/ghan01122/?utm_source=hins-newsletter-3552d1.beehiiv.com&utm_medium=newsletter&utm_campaign=iuyi
                  Content-Length: 345
                  Connection: close
                  Content-Type: text/html; charset=iso-8859-1
                  2024-07-03 12:04:58 UTC345INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 61 74 66 69 6e 61 6e 63 69 61 6c 73 65 72 76 69 63 65 73 2e 63 6f 6d 2f 67 68 61 6e 30 31 31 32 32 2f 3f 75 74 6d 5f 73 6f 75 72 63 65 3d 68 69 6e 73 2d 6e 65 77 73 6c 65 74 74 65 72 2d 33 35 35 32 64 31 2e
                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://aatfinancialservices.com/ghan01122/?utm_source=hins-newsletter-3552d1.


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  3192.168.2.54971523.43.61.160443
                  TimestampBytes transferredDirectionData
                  2024-07-03 12:04:58 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                  Connection: Keep-Alive
                  Accept: */*
                  Accept-Encoding: identity
                  User-Agent: Microsoft BITS/7.8
                  Host: fs.microsoft.com
                  2024-07-03 12:04:58 UTC467INHTTP/1.1 200 OK
                  Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                  Content-Type: application/octet-stream
                  ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                  Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                  Server: ECAcc (lpl/EF06)
                  X-CID: 11
                  X-Ms-ApiVersion: Distribute 1.2
                  X-Ms-Region: prod-neu-z1
                  Cache-Control: public, max-age=101058
                  Date: Wed, 03 Jul 2024 12:04:58 GMT
                  Connection: close
                  X-CID: 2


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  4192.168.2.54971723.43.61.160443
                  TimestampBytes transferredDirectionData
                  2024-07-03 12:04:59 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                  Connection: Keep-Alive
                  Accept: */*
                  Accept-Encoding: identity
                  If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                  Range: bytes=0-2147483646
                  User-Agent: Microsoft BITS/7.8
                  Host: fs.microsoft.com
                  2024-07-03 12:04:59 UTC535INHTTP/1.1 200 OK
                  Content-Type: application/octet-stream
                  Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                  ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                  ApiVersion: Distribute 1.1
                  Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                  X-Azure-Ref: 0WwMRYwAAAABe7whxSEuqSJRuLqzPsqCaTE9OMjFFREdFMTcxNQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y=
                  Cache-Control: public, max-age=101084
                  Date: Wed, 03 Jul 2024 12:04:59 GMT
                  Content-Length: 55
                  Connection: close
                  X-CID: 2
                  2024-07-03 12:04:59 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                  Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  5192.168.2.54971866.70.176.2044433628C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  2024-07-03 12:04:59 UTC763OUTGET /ghan01122/?utm_source=hins-newsletter-3552d1.beehiiv.com&utm_medium=newsletter&utm_campaign=iuyi HTTP/1.1
                  Host: aatfinancialservices.com
                  Connection: keep-alive
                  Upgrade-Insecure-Requests: 1
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                  Sec-Fetch-Site: none
                  Sec-Fetch-Mode: navigate
                  Sec-Fetch-User: ?1
                  Sec-Fetch-Dest: document
                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                  sec-ch-ua-mobile: ?0
                  sec-ch-ua-platform: "Windows"
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  2024-07-03 12:04:59 UTC270INHTTP/1.1 200 OK
                  Date: Wed, 03 Jul 2024 12:04:59 GMT
                  Server: Apache
                  X-Frame-Options: SAMEORIGIN
                  Last-Modified: Tue, 02 Jul 2024 22:46:29 GMT
                  Accept-Ranges: bytes
                  Content-Length: 560212
                  X-Content-Type-Options: nosniff
                  Connection: close
                  Content-Type: text/html
                  2024-07-03 12:04:59 UTC7922INData Raw: 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 27 75 74 66 2d 38 27 2f 3e 3c 73 74 79 6c 65 20 69 64 3d 27 62 61 73 69 63 2d 68 74 6d 6c 2d 77 79 73 69 77 79 67 2d 65 64 69 74 6f 72 2d 63 73 73 27 3e 74 61 62 6c 65 20 7b 0d 0a 20 20 20 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 63 3b 0d 0a 20 20 20 20 62 6f 72 64 65 72 2d 6c 65 66 74 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 63 3b 0d 0a 7d 0d 0a 0d 0a 20 20 20 20 74 61 62 6c 65 20 74 64 2c 0d 0a 20 20 20 20 74 61 62 6c 65 20 74 68 20 7b 0d 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 63 3b 0d 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 69 67 68 74 3a 20 31 70
                  Data Ascii: <html><head><meta charset='utf-8'/><style id='basic-html-wysiwyg-editor-css'>table { border-top: 1px solid #ccc; border-left: 1px solid #ccc;} table td, table th { border-bottom: 1px solid #ccc; border-right: 1p
                  2024-07-03 12:04:59 UTC8000INData Raw: 51 32 49 50 2b 49 55 32 63 66 75 64 41 59 56 77 53 32 52 61 55 43 4d 69 36 6c 56 31 4d 2b 33 4c 4c 75 58 2f 39 2b 6a 69 65 77 4c 2f 56 6f 42 38 63 54 2b 4a 55 6d 2b 67 50 4d 70 77 2f 35 6a 33 70 77 48 42 4d 6c 65 6f 68 35 41 34 2f 54 31 48 47 36 51 33 6b 42 36 2f 63 62 43 35 6f 53 6e 4e 65 47 75 72 32 41 62 65 35 6a 70 78 64 77 43 4b 4b 59 6f 66 54 46 76 64 4a 48 6c 7a 32 61 69 55 39 45 41 35 6d 47 70 50 49 65 4e 72 2f 33 30 64 73 55 6e 73 69 2b 73 48 74 78 42 6f 49 71 30 31 63 56 47 45 43 4c 43 31 55 39 73 68 4b 6b 4d 45 2b 69 64 62 44 4a 6e 33 71 67 53 76 4a 59 36 71 62 79 37 58 77 5a 68 2b 31 33 5a 48 30 78 76 49 47 46 30 7a 37 59 43 39 69 72 45 4a 6d 74 36 49 46 55 6f 44 77 7a 55 68 6a 6f 70 4a 37 47 71 6e 58 62 66 50 47 49 45 31 4f 66 62 43 58 7a 41
                  Data Ascii: Q2IP+IU2cfudAYVwS2RaUCMi6lV1M+3LLuX/9+jiewL/VoB8cT+JUm+gPMpw/5j3pwHBMleoh5A4/T1HG6Q3kB6/cbC5oSnNeGur2Abe5jpxdwCKKYofTFvdJHlz2aiU9EA5mGpPIeNr/30dsUnsi+sHtxBoIq01cVGECLC1U9shKkME+idbDJn3qgSvJY6qby7XwZh+13ZH0xvIGF0z7YC9irEJmt6IFUoDwzUhjopJ7GqnXbfPGIE1OfbCXzA
                  2024-07-03 12:04:59 UTC8000INData Raw: 30 62 48 35 6c 75 4a 4b 4f 31 45 70 56 35 50 50 69 53 72 56 67 2b 58 30 2f 68 54 62 6c 2f 6a 58 4b 4c 38 6b 4f 38 79 6e 55 74 6c 6a 52 58 6f 76 32 6d 41 53 4e 4d 75 37 56 57 65 68 76 5a 61 34 47 37 41 39 67 39 31 4c 73 37 70 74 63 30 41 2f 45 39 41 41 44 38 58 58 51 38 31 5a 33 41 2b 6e 33 4a 64 4b 72 43 41 32 59 2f 53 4c 34 42 7a 36 44 56 76 41 49 79 38 4f 35 6a 44 31 76 37 7a 6e 72 34 66 77 4f 35 49 66 42 6f 63 4f 6d 45 61 66 72 75 6b 36 6f 51 35 38 35 67 4d 34 31 4a 42 72 76 49 34 38 73 30 64 59 4f 57 50 71 43 35 61 52 46 79 32 6b 6d 61 7a 33 74 4d 4d 37 46 75 4c 2f 53 37 76 2b 71 59 76 2b 5a 75 67 54 75 76 7a 4e 5a 54 2b 51 53 37 6b 59 30 48 6f 49 42 42 73 70 56 76 4b 77 70 54 41 55 51 63 37 47 65 35 37 36 43 61 64 64 62 77 71 49 76 77 79 41 33 31 49
                  Data Ascii: 0bH5luJKO1EpV5PPiSrVg+X0/hTbl/jXKL8kO8ynUtljRXov2mASNMu7VWehvZa4G7A9g91Ls7ptc0A/E9AAD8XXQ81Z3A+n3JdKrCA2Y/SL4Bz6DVvAIy8O5jD1v7znr4fwO5IfBocOmEafruk6oQ585gM41JBrvI48s0dYOWPqC5aRFy2kmaz3tMM7FuL/S7v+qYv+ZugTuvzNZT+QS7kY0HoIBBspVvKwpTAUQc7Ge576CaddbwqIvwyA31I
                  2024-07-03 12:04:59 UTC8000INData Raw: 2f 74 42 70 76 32 45 49 45 70 4b 6a 71 73 47 5a 6d 75 42 4e 58 59 76 4a 38 70 76 2f 4e 78 36 6c 6c 45 62 53 34 6f 51 76 68 32 76 54 79 74 4a 44 4c 46 33 6c 6c 4a 59 42 72 55 59 5a 35 6a 7a 55 38 33 61 76 49 55 72 51 63 78 50 48 52 31 57 4e 61 5a 41 59 41 4f 5a 52 35 33 66 63 72 39 4a 50 55 6c 56 58 55 76 57 6c 73 5a 30 7a 52 31 45 37 6a 6e 72 53 75 38 4e 46 55 48 79 35 73 58 4b 38 4e 6e 49 53 45 47 52 62 63 72 73 34 72 55 45 79 59 66 61 50 34 38 65 59 64 37 33 71 66 46 2f 53 78 74 35 65 5a 66 70 54 6e 32 2f 52 4d 4b 2f 50 45 70 2f 38 7a 6c 6a 57 7a 37 2b 34 4a 41 53 51 63 6f 50 72 76 6d 51 62 50 6c 39 4c 71 56 69 6a 71 36 67 46 69 79 69 4b 47 63 4c 2b 76 36 76 44 5a 6b 56 39 72 58 65 6d 63 77 73 37 46 76 72 2b 44 5a 6b 71 6f 6e 6c 7a 4a 46 47 75 74 45 73
                  Data Ascii: /tBpv2EIEpKjqsGZmuBNXYvJ8pv/Nx6llEbS4oQvh2vTytJDLF3llJYBrUYZ5jzU83avIUrQcxPHR1WNaZAYAOZR53fcr9JPUlVXUvWlsZ0zR1E7jnrSu8NFUHy5sXK8NnISEGRbcrs4rUEyYfaP48eYd73qfF/Sxt5eZfpTn2/RMK/PEp/8zljWz7+4JASQcoPrvmQbPl9LqVijq6gFiyiKGcL+v6vDZkV9rXemcws7Fvr+DZkqonlzJFGutEs
                  2024-07-03 12:04:59 UTC8000INData Raw: 54 54 50 59 63 58 4d 4b 38 56 43 75 37 61 78 6e 48 75 34 4f 49 71 5a 30 33 58 62 2f 2b 6d 53 4f 44 50 68 57 50 75 6e 30 74 44 76 56 67 6e 4a 33 73 4f 75 39 78 6f 56 52 71 77 70 45 73 42 52 6c 31 48 55 6b 4e 73 76 4e 4a 47 4c 31 45 31 67 50 48 37 75 38 59 6c 37 48 4e 55 31 69 51 72 62 43 51 68 52 6b 52 67 2b 65 55 68 71 5a 64 52 38 2f 56 67 70 75 71 6d 50 72 4f 56 4b 30 6e 4c 53 66 64 4b 50 30 37 64 39 65 59 69 57 58 55 39 43 76 64 73 6c 72 54 52 31 66 64 65 53 32 64 2b 78 69 6b 4c 62 34 76 63 51 35 34 6a 44 38 6b 37 6f 2b 34 4a 72 48 2b 57 41 74 2b 61 4c 66 4c 69 2f 66 34 6b 77 41 44 77 36 70 6e 70 37 75 7a 6f 4d 4f 6b 4a 48 43 51 63 57 33 69 4d 38 72 42 31 6a 36 31 54 7a 49 66 72 66 44 46 73 65 38 4d 76 30 47 32 67 75 6a 46 65 2b 5a 61 37 58 49 31 6b 63
                  Data Ascii: TTPYcXMK8VCu7axnHu4OIqZ03Xb/+mSODPhWPun0tDvVgnJ3sOu9xoVRqwpEsBRl1HUkNsvNJGL1E1gPH7u8Yl7HNU1iQrbCQhRkRg+eUhqZdR8/VgpuqmPrOVK0nLSfdKP07d9eYiWXU9CvdslrTR1fdeS2d+xikLb4vcQ54jD8k7o+4JrH+WAt+aLfLi/f4kwADw6pnp7uzoMOkJHCQcW3iM8rB1j61TzIfrfDFse8Mv0G2gujFe+Za7XI1kc
                  2024-07-03 12:04:59 UTC8000INData Raw: 34 78 37 68 32 6d 79 4e 33 51 73 6b 38 41 61 78 4d 77 44 41 6a 48 64 4b 49 34 62 45 4f 48 7a 57 5a 39 2f 65 58 4e 64 75 35 42 47 72 55 4f 36 46 36 71 44 53 48 30 77 57 54 6e 73 50 77 39 4f 73 33 38 65 76 6e 57 43 62 6c 74 69 50 79 77 51 47 2f 38 4e 63 51 66 55 6c 39 35 36 34 33 57 76 48 74 66 37 65 76 56 52 78 71 5a 61 36 31 63 53 51 64 6a 30 35 68 74 4d 68 36 44 45 67 52 54 52 52 7a 43 37 43 30 55 64 6d 30 62 34 6e 58 59 46 34 39 56 35 30 38 4e 6d 72 38 50 41 65 58 74 6a 71 67 46 67 75 4f 48 6d 58 76 42 77 33 56 37 4e 37 7a 61 2f 49 69 48 66 59 47 4b 6f 4c 36 38 33 73 57 77 39 32 2b 42 76 63 47 58 42 4c 59 4e 66 44 79 46 5a 52 49 39 66 5a 70 31 6b 77 6e 79 72 46 44 57 56 6c 51 43 4a 77 45 6b 74 43 30 61 35 4a 41 66 57 65 5a 44 66 45 70 5a 71 58 6f 38 61
                  Data Ascii: 4x7h2myN3Qsk8AaxMwDAjHdKI4bEOHzWZ9/eXNdu5BGrUO6F6qDSH0wWTnsPw9Os38evnWCbltiPywQG/8NcQfUl95643WvHtf7evVRxqZa61cSQdj05htMh6DEgRTRRzC7C0Udm0b4nXYF49V508Nmr8PAeXtjqgFguOHmXvBw3V7N7za/IiHfYGKoL683sWw92+BvcGXBLYNfDyFZRI9fZp1kwnyrFDWVlQCJwEktC0a5JAfWeZDfEpZqXo8a
                  2024-07-03 12:04:59 UTC8000INData Raw: 71 66 79 42 66 71 46 6d 65 77 42 6a 62 68 74 46 7a 31 57 4f 73 47 77 59 7a 6a 46 36 43 57 72 70 63 6c 73 41 59 68 53 2b 41 64 41 55 79 7a 2f 73 32 7a 73 30 70 31 48 31 34 43 34 65 52 76 4a 67 31 46 53 43 59 2f 2b 5a 74 66 4f 37 64 41 2f 4c 62 4b 55 39 52 49 2f 6c 4a 41 58 51 41 4d 41 41 41 76 67 46 37 6a 4a 32 73 6d 67 75 4f 77 4a 34 46 39 6f 63 65 2f 57 68 69 4c 41 4e 75 49 4a 36 56 33 50 73 38 52 58 39 4a 66 44 4a 34 72 61 49 48 78 75 41 68 5a 47 70 64 6f 33 72 6b 2b 75 67 31 55 44 4b 53 79 36 77 47 32 48 53 50 4e 2b 72 64 53 38 4e 73 56 32 2b 4a 69 6b 4d 45 59 4d 57 6c 47 63 51 71 34 47 4e 75 49 4b 4b 6c 52 59 45 31 79 36 76 6f 75 41 49 71 4b 6b 74 6a 39 33 45 79 68 59 69 4e 79 67 30 62 65 70 69 64 2f 7a 66 68 4d 36 2b 4c 59 55 63 48 6e 66 6c 71 69 48
                  Data Ascii: qfyBfqFmewBjbhtFz1WOsGwYzjF6CWrpclsAYhS+AdAUyz/s2zs0p1H14C4eRvJg1FSCY/+ZtfO7dA/LbKU9RI/lJAXQAMAAAvgF7jJ2smguOwJ4F9oce/WhiLANuIJ6V3Ps8RX9JfDJ4raIHxuAhZGpdo3rk+ug1UDKSy6wG2HSPN+rdS8NsV2+JikMEYMWlGcQq4GNuIKKlRYE1y6vouAIqKktj93EyhYiNyg0bepid/zfhM6+LYUcHnflqiH
                  2024-07-03 12:04:59 UTC8000INData Raw: 32 2b 4c 35 39 6a 71 70 73 46 46 78 6e 73 68 6a 6c 65 2b 58 51 52 42 6e 46 69 32 44 6a 73 70 6b 68 67 4d 35 6a 4e 71 6a 51 31 4d 61 7a 49 54 43 6f 70 58 56 51 47 43 53 53 77 6a 69 33 6f 53 6c 78 7a 79 47 35 4b 33 48 71 64 63 65 38 6f 31 72 2f 48 31 47 4d 79 43 2b 43 61 72 58 39 6a 79 4e 2b 77 79 52 6f 66 71 56 30 2f 2b 33 50 6c 55 6e 39 74 6a 4c 71 38 6d 6d 2b 6a 54 42 64 38 79 45 77 45 2b 33 61 4a 4e 75 36 46 37 36 43 33 33 48 5a 75 65 63 4c 4f 68 30 36 4e 2f 59 49 41 41 43 41 41 53 55 52 42 56 4f 79 6a 53 49 4c 71 6f 46 67 42 68 34 30 44 64 62 64 64 4b 65 7a 57 75 77 31 57 45 56 76 6d 68 78 64 41 7a 79 52 2f 47 36 77 58 48 57 62 54 55 75 73 73 4a 66 6b 62 47 2f 63 66 43 77 6e 63 42 42 72 74 61 2f 46 77 7a 55 4e 53 6d 32 61 64 71 38 4c 6a 78 6e 72 62 72
                  Data Ascii: 2+L59jqpsFFxnshjle+XQRBnFi2DjspkhgM5jNqjQ1MazITCopXVQGCSSwji3oSlxzyG5K3Hqdce8o1r/H1GMyC+CarX9jyN+wyRofqV0/+3PlUn9tjLq8mm+jTBd8yEwE+3aJNu6F76C33HZuecLOh06N/YIAACAASURBVOyjSILqoFgBh40DdbddKezWuw1WEVvmhxdAzyR/G6wXHWbTUussJfkbG/cfCwncBBrta/FwzUNSm2adq8Ljxnrbr
                  2024-07-03 12:04:59 UTC8000INData Raw: 67 6d 6d 61 6f 77 2f 58 7a 75 31 50 57 5a 52 55 36 54 46 68 59 41 4a 70 69 36 2b 37 77 6e 67 61 30 75 6b 41 6b 6d 6c 39 36 37 63 77 45 6a 67 66 75 6a 56 6c 58 70 50 4f 75 64 62 50 56 61 66 62 67 74 33 74 62 53 6b 65 63 4f 4a 76 58 44 71 49 50 41 2b 55 6c 63 7a 36 6e 38 56 42 79 61 50 64 66 63 43 55 45 49 43 57 7a 72 6b 2f 70 33 55 6e 76 78 53 57 44 5a 61 5a 67 75 68 37 49 36 4e 6a 71 66 43 55 6e 67 33 50 41 5a 2b 4a 72 66 30 66 41 37 45 74 6a 32 64 6c 37 4d 48 6d 76 68 62 77 4f 6e 6e 55 4e 51 45 78 48 73 41 79 55 74 71 67 74 62 43 57 76 67 32 76 43 75 78 43 57 30 46 64 57 51 77 41 42 2b 4b 61 47 35 6a 55 35 6a 43 57 7a 4c 51 78 77 68 54 43 57 42 39 2b 6e 4c 6b 4e 42 52 64 77 44 62 59 46 65 4f 41 64 72 6c 77 74 63 68 4e 66 6c 62 6e 50 42 56 38 47 53 66 76
                  Data Ascii: gmmaow/Xzu1PWZRU6TFhYAJpi6+7wnga0ukAkml967cwEjgfujVlXpPOudbPVafbgt3tbSkecOJvXDqIPA+Ulcz6n8VByaPdfcCUEICWzrk/p3UnvxSWDZaZguh7I6NjqfCUng3PAZ+Jrf0fA7Etj2dl7MHmvhbwOnnUNQExHsAyUtqgtbCWvg2vCuxCW0FdWQwAB+KaG5jU5jCWzLQxwhTCWB9+nLkNBRdwDbYFeOAdrlwtchNflbnPBV8GSfv
                  2024-07-03 12:04:59 UTC8000INData Raw: 44 4b 72 53 6c 73 70 68 57 77 4b 59 39 4f 43 2b 47 4b 79 54 55 64 4c 57 79 69 74 59 6e 4b 47 56 59 41 61 4a 59 56 48 49 79 65 54 4b 6a 6d 46 6c 70 44 45 72 32 6d 67 6e 66 39 75 30 37 56 4c 49 37 76 31 47 75 56 53 6e 6c 6f 6c 6a 49 32 59 73 31 57 6f 6a 61 72 57 74 33 43 56 66 4c 75 57 7a 51 2b 53 78 75 6d 4a 6b 68 4c 53 6e 53 53 73 6a 47 4a 31 4e 66 4c 55 4e 6d 47 56 34 63 6f 58 70 59 37 46 6f 69 4f 48 62 33 32 76 30 6b 47 48 7a 74 39 70 5a 71 4e 44 45 72 65 6a 37 58 51 37 69 69 6d 63 71 34 54 64 7a 6f 42 36 50 5a 5a 5a 42 35 30 50 74 59 42 68 52 44 55 53 57 42 4b 65 4a 50 34 64 63 56 6e 53 32 2f 2f 53 33 6a 37 7a 64 50 55 4b 52 4c 59 74 71 4c 57 39 5a 50 62 59 59 4f 37 34 39 4c 30 6e 4b 46 70 74 41 36 70 33 45 52 6a 65 75 6a 5a 66 33 37 33 33 37 58 38 71
                  Data Ascii: DKrSlsphWwKY9OC+GKyTUdLWyitYnKGVYAaJYVHIyeTKjmFlpDEr2mgnf9u07VLI7v1GuVSnloljI2Ys1WojarWt3CVfLuWzQ+SxumJkhLSnSSsjGJ1NfLUNmGV4coXpY7FoiOHb32v0kGHzt9pZqNDErej7XQ7iimcq4TdzoB6PZZZB50PtYBhRDUSWBKeJP4dcVnS2//S3j7zdPUKRLYtqLW9ZPbYYO749L0nKFptA6p3ERjeujZf37337X8q


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  6192.168.2.54971966.70.176.2044433628C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  2024-07-03 12:05:01 UTC700OUTGET /favicon.ico HTTP/1.1
                  Host: aatfinancialservices.com
                  Connection: keep-alive
                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                  sec-ch-ua-mobile: ?0
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  sec-ch-ua-platform: "Windows"
                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                  Sec-Fetch-Site: same-origin
                  Sec-Fetch-Mode: no-cors
                  Sec-Fetch-Dest: image
                  Referer: https://aatfinancialservices.com/ghan01122/?utm_source=hins-newsletter-3552d1.beehiiv.com&utm_medium=newsletter&utm_campaign=iuyi
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  2024-07-03 12:05:02 UTC395INHTTP/1.1 302 Found
                  Date: Wed, 03 Jul 2024 12:05:01 GMT
                  Server: Apache
                  X-Powered-By: PHP/8.3.8
                  Link: <https://www.aatfinancialservices.com/wp-json/>; rel="https://api.w.org/"
                  X-Redirect-By: WordPress
                  Location: https://www.aatfinancialservices.com/wp-content/uploads/2019/09/cropped-favicon-32x32.png
                  Connection: close
                  Transfer-Encoding: chunked
                  Content-Type: text/html; charset=UTF-8


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  7192.168.2.54972066.70.176.2044433628C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  2024-07-03 12:05:03 UTC647OUTGET /wp-content/uploads/2019/09/cropped-favicon-32x32.png HTTP/1.1
                  Host: www.aatfinancialservices.com
                  Connection: keep-alive
                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                  sec-ch-ua-mobile: ?0
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  sec-ch-ua-platform: "Windows"
                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                  Sec-Fetch-Site: same-site
                  Sec-Fetch-Mode: no-cors
                  Sec-Fetch-Dest: image
                  Referer: https://aatfinancialservices.com/
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  2024-07-03 12:05:03 UTC267INHTTP/1.1 200 OK
                  Date: Wed, 03 Jul 2024 12:05:03 GMT
                  Server: Apache
                  X-Frame-Options: SAMEORIGIN
                  Last-Modified: Thu, 31 Aug 2023 21:53:28 GMT
                  Accept-Ranges: bytes
                  Content-Length: 809
                  X-Content-Type-Options: nosniff
                  Connection: close
                  Content-Type: image/png
                  2024-07-03 12:05:03 UTC809INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 02 db 49 44 41 54 58 85 c5 d7 5f 68 1c 55 14 06 f0 5f 62 ac 12 d2 92 c6 52 82 e8 aa 51 63 9a 1d 16 89 a2 22 b1 7d 11 b4 15 fc 83 da 87 15 45 04 91 cc 8b 28 f8 50 2c 88 8f e2 93 0f dd 22 88 88 e8 fa a0 28 28 01 4d 51 5c 89 58 d1 62 0c b3 55 34 85 74 a8 52 83 84 12 6a 5a 43 c8 fa 30 13 1a ad 25 3b b3 6b 3c b0 dc 7b 86 b9 df f9 ee 39 df 9c 7b 97 76 5a 10 16 04 61 67 96 25 5d 6d 0a bc 05 7b f0 a1 a8 b2 92 65 69 26 b6 17 08 3e 8c 17 68 bc 1f 97 6a 67 b3 2e 6f 2d 03 41 78 27 9e c1 83 71 e9 8b 3e 9c 4e 7f 1b 40 20 08 f7 e0 00 6e 8d 4b b5 eb d0 59 a8 d6 4f 66 85 c9 57 82 20 bc 0d ef 62 2c 2e d5 36
                  Data Ascii: PNGIHDR szzpHYs+IDATX_hU_bRQc"}E(P,"((MQ\XbU4tRjZC0%;k<{9{vZag%]m{ei&>hjg.o-Ax'q>N@ nKYOfW b,.6


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  8192.168.2.54972166.70.176.2044433628C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  2024-07-03 12:05:03 UTC404OUTGET /wp-content/uploads/2019/09/cropped-favicon-32x32.png HTTP/1.1
                  Host: www.aatfinancialservices.com
                  Connection: keep-alive
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  Accept: */*
                  Sec-Fetch-Site: none
                  Sec-Fetch-Mode: cors
                  Sec-Fetch-Dest: empty
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  2024-07-03 12:05:03 UTC267INHTTP/1.1 200 OK
                  Date: Wed, 03 Jul 2024 12:05:03 GMT
                  Server: Apache
                  X-Frame-Options: SAMEORIGIN
                  Last-Modified: Thu, 31 Aug 2023 21:53:28 GMT
                  Accept-Ranges: bytes
                  Content-Length: 809
                  X-Content-Type-Options: nosniff
                  Connection: close
                  Content-Type: image/png
                  2024-07-03 12:05:03 UTC809INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 02 db 49 44 41 54 58 85 c5 d7 5f 68 1c 55 14 06 f0 5f 62 ac 12 d2 92 c6 52 82 e8 aa 51 63 9a 1d 16 89 a2 22 b1 7d 11 b4 15 fc 83 da 87 15 45 04 91 cc 8b 28 f8 50 2c 88 8f e2 93 0f dd 22 88 88 e8 fa a0 28 28 01 4d 51 5c 89 58 d1 62 0c b3 55 34 85 74 a8 52 83 84 12 6a 5a 43 c8 fa 30 13 1a ad 25 3b b3 6b 3c b0 dc 7b 86 b9 df f9 ee 39 df 9c 7b 97 76 5a 10 16 04 61 67 96 25 5d 6d 0a bc 05 7b f0 a1 a8 b2 92 65 69 26 b6 17 08 3e 8c 17 68 bc 1f 97 6a 67 b3 2e 6f 2d 03 41 78 27 9e c1 83 71 e9 8b 3e 9c 4e 7f 1b 40 20 08 f7 e0 00 6e 8d 4b b5 eb d0 59 a8 d6 4f 66 85 c9 57 82 20 bc 0d ef 62 2c 2e d5 36
                  Data Ascii: PNGIHDR szzpHYs+IDATX_hU_bRQc"}E(P,"((MQ\XbU4tRjZC0%;k<{9{vZag%]m{ei&>hjg.o-Ax'q>N@ nKYOfW b,.6


                  Statistics

                  CPU Usage

                  Click to jump to process

                  Memory Usage

                  Click to jump to process

                  Behavior

                  Click to jump to process

                  System Behavior

                  General

                  Target ID:0
                  Start time:08:04:45
                  Start date:03/07/2024
                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                  Imagebase:0x7ff715980000
                  File size:3'242'272 bytes
                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:low
                  Has exited:false

                  General

                  Target ID:2
                  Start time:08:04:51
                  Start date:03/07/2024
                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2504 --field-trial-handle=2440,i,2675776248829222074,16697926183258974734,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                  Imagebase:0x7ff715980000
                  File size:3'242'272 bytes
                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:low
                  Has exited:false

                  General

                  Target ID:3
                  Start time:08:04:54
                  Start date:03/07/2024
                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://us-east-2.protection.sophos.com/?d=beehiiv.com&u=aHR0cHM6Ly9saW5rLm1haWwuYmVlaGlpdi5jb20vbHMvY2xpY2s_dXBuPXUwMDEublhka2JOSUpSeEZBS3VJWUJaMjU1N3l4Ujd6TmpDcFhIYW5SQnlyQXY3ZHMzMDZEQ091c3dBUU0yYzhiZFN4b1BudElFVWpoUzJhdzI1aDJUcWNiZVVCdXQ3WEhqcHZMejN4aS0yRnBZN2NYb3RNbXNIRlVyUkd5RDAzTGhIZms2a2E1ZGZEVFpCSlVkWnpOandHYUJsR0x3U1B4MlN1TVNIWEl5ZlI3YVdDNW1aeFNQLTJCUWFOUmpzMlpwblRwbmxpLTJGX245c19sZUtscWNRUnJvOGtNTXJocHFZOENpeTQ4MnhLUmJTM1NZcE16TVUtMkY5c0VvdjNqMExCNE1kOVZ3WUJvOEY2bEhJTllZbE90LTJGcjRQd1FwOXdCVmFuUXpmRy0yQnZlaFF5WVBjamlVbFpSN3VSaHJFbWFrLTJCYXY5T2RyYldyREphTmo3ck1iNmlhckR2Rjh1d2xPeDZ5VFY5ODFHLTJGejZiRDczakVOVHk4M0pXa2kzVzNTSzRBRURwQjd3dEg4blRyZ203ZjYxaEg2enlzYjFLYVl0S0pyWUJjU2QxNTN2SDQ5eDlTeW5acVZ0TGdqN2RrWU1FRkE1NzV6WWF6b2UwQmw2UnVUM1RHTkJiU2JpOHhUNUFnRGJMUjY4TlU1ay0yRmtDVFJtOHJrWWRMSDBNRGgtMkY3c1J6dVE4TEJxeDBvQzZ6WXVFQk0xRVFBdGI3eGxMZVEtMkJ5SEtiOE4yVHV0TFdpVEk4amc4b3U5MTkxRlM5SDEyLTJCbnJpT0hESVo2Nk1yd3pIeTRScFBQWlAtMkJ0Y1NscGt2Z01HT2F5Nmx6UGlCdE1MeGRrODI5eGU3TThFT1VLRDR2UHIxZFdYZ3c3MjFQQjFNa3k=&i=NWNiNGNiOGY1NWZlOGIxMTAwZmUxN2Uy&t=YUVvbWN0aDQzMW4yV29uam9nK2tUNmU1dStvM2VicUNJeENiWDR5Zk1nTT0=&h=ddfea45e1610491898abc824d1dabad5&s=AVNPUEhUT0NFTkNSWVBUSVaKXvCVdmaYUeJ4sMCGgh9xhnT0RF3qCfPvI6ciaUbnMg"
                  Imagebase:0x7ff715980000
                  File size:3'242'272 bytes
                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:low
                  Has exited:true

                  Disassembly

                  No disassembly