Edit tour

Windows Analysis Report
http://ynlyce.com

Overview

General Information

Sample URL:	http://ynlyce.com
Analysis ID:	1644311
Infos:

Detection

Score:	56
Range:	0 - 100
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Creates files inside the system directory

Deletes files inside the Windows folder

Detected suspicious crossdomain redirect

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5840 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 2588 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2056,i,2299731630484019641,637105831372448406,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2088 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6628 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://ynlyce.com" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

• AV Detection
• Compliance
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://ynlyce.com

Avira URL Cloud: detection malicious, Label: phishing

Antivirus detection for URL or domain

Source: https://arvest.click/login/css/MyFontsWebfontsKit.css	Avira URL Cloud: Label: malware
Source: https://arvest.click/login/css/24WEB057%20Dec%20TP%20Ads%20for%20Web_MainNav_NewYearPlan.png	Avira URL Cloud: Label: malware
Source: https://arvest.click/login/css/24WEB057%20Dec%20TP%20Ads%20for%20Web_MainNav_Consumer.png	Avira URL Cloud: Label: malware
Source: https://arvest.click/login/css/layout2.css	Avira URL Cloud: Label: malware
Source: https://arvest.click/login/css/arvest-logo.png	Avira URL Cloud: Label: malware
Source: https://ynlyce.com/	Avira URL Cloud: Label: phishing
Source: https://arvest.click/login/css/login-arrow-icon.png	Avira URL Cloud: Label: malware
Source: https://arvest.click/login/css/Small_Business_Checking_2_mainnav.png	Avira URL Cloud: Label: malware
Source: https://arvest.click/login/	Avira URL Cloud: Label: malware
Source: https://arvest.click/login/css/2024_ACC_3X_Holiday_Rewards_Main%20Nav.png	Avira URL Cloud: Label: malware
Source: https://arvest.click/login/css/FDIC-new-logo.png	Avira URL Cloud: Label: malware
Source: https://arvest.click/login/css/24WEB057%20Dec%20TP%20Ads%20for%20Web_MainNav_Mortgage.png	Avira URL Cloud: Label: malware
Source: https://arvest.click/login/css/bootstrap_custom.css	Avira URL Cloud: Label: malware

Source: unknown	HTTPS traffic detected: 142.250.65.228:443 -> 192.168.2.6:49702 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 91.212.166.88:443 -> 192.168.2.6:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 91.212.166.119:443 -> 192.168.2.6:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 91.212.166.119:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 91.212.166.119:443 -> 192.168.2.6:49717 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

HTTP traffic: Redirect from: ynlyce.com to https://arvest.click/login/

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.176.221
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.176.221
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.176.221
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.40.135
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.176.221
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.215
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: ynlyce.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /login/ HTTP/1.1Host: arvest.clickConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /login/css/MyFontsWebfontsKit.css HTTP/1.1Host: arvest.clickConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://arvest.click/login/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /login/css/bootstrap_custom.css HTTP/1.1Host: arvest.clickConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://arvest.click/login/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /login/css/layout2.css HTTP/1.1Host: arvest.clickConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://arvest.click/login/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /login/css/2024_ACC_3X_Holiday_Rewards_Main%20Nav.png HTTP/1.1Host: arvest.clickConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://arvest.click/login/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /login/css/arvest-logo.png HTTP/1.1Host: arvest.clickConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://arvest.click/login/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /login/css/Small_Business_Checking_2_mainnav.png HTTP/1.1Host: arvest.clickConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://arvest.click/login/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /login/css/24WEB057%20Dec%20TP%20Ads%20for%20Web_MainNav_Consumer.png HTTP/1.1Host: arvest.clickConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://arvest.click/login/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /login/css/arvest-logo.png HTTP/1.1Host: arvest.clickConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /login/css/2024_ACC_3X_Holiday_Rewards_Main%20Nav.png HTTP/1.1Host: arvest.clickConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /login/css/24WEB057%20Dec%20TP%20Ads%20for%20Web_MainNav_Mortgage.png HTTP/1.1Host: arvest.clickConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://arvest.click/login/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /login/css/Small_Business_Checking_2_mainnav.png HTTP/1.1Host: arvest.clickConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /login/css/FDIC-new-logo.png HTTP/1.1Host: arvest.clickConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://arvest.click/login/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /login/css/24WEB057%20Dec%20TP%20Ads%20for%20Web_MainNav_Consumer.png HTTP/1.1Host: arvest.clickConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /login/css/24WEB057%20Dec%20TP%20Ads%20for%20Web_MainNav_NewYearPlan.png HTTP/1.1Host: arvest.clickConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://arvest.click/login/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /login/css/FDIC-new-logo.png HTTP/1.1Host: arvest.clickConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /login/css/login-arrow-icon.png HTTP/1.1Host: arvest.clickConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://arvest.click/login/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /login/css/24WEB057%20Dec%20TP%20Ads%20for%20Web_MainNav_Mortgage.png HTTP/1.1Host: arvest.clickConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /login/css/login-arrow-icon.png HTTP/1.1Host: arvest.clickConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /login/css/24WEB057%20Dec%20TP%20Ads%20for%20Web_MainNav_NewYearPlan.png HTTP/1.1Host: arvest.clickConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: ynlyce.com
Source: global traffic	DNS traffic detected: DNS query: arvest.click
Source: global traffic	DNS traffic detected: DNS query: e2c53.gcp.gvt2.com
Source: global traffic	DNS traffic detected: DNS query: beacons.gcp.gvt2.com

Source: chromecache_69.4.dr, chromecache_80.4.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: chromecache_69.4.dr, chromecache_80.4.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: chromecache_69.4.dr, chromecache_80.4.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: chromecache_69.4.dr, chromecache_80.4.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: chromecache_69.4.dr, chromecache_80.4.dr	String found in binary or memory: http://cv.iptc.org/newscodes/digitalsourcetype/trainedAlgorithmicMedia
Source: chromecache_69.4.dr, chromecache_80.4.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: chromecache_69.4.dr, chromecache_80.4.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: chromecache_69.4.dr, chromecache_80.4.dr	String found in binary or memory: http://pki-crl.symauth.com/ca_7a5c3a0c73117406add19312bc1bc23f/LatestCRL.crl07
Source: chromecache_69.4.dr, chromecache_80.4.dr	String found in binary or memory: http://pki-ocsp.symauth.com0
Source: chromecache_70.4.dr	String found in binary or memory: http://www.myfonts.com/fonts/bitstream/futura/bold/
Source: chromecache_70.4.dr	String found in binary or memory: http://www.myfonts.com/fonts/bitstream/futura/book/
Source: chromecache_70.4.dr	String found in binary or memory: http://www.myfonts.com/fonts/bitstream/futura/medium/
Source: chromecache_70.4.dr	String found in binary or memory: http://www.myfonts.com/viewlicense?type=web&buildid=2546231
Source: chromecache_81.4.dr	String found in binary or memory: https://applink.bakerhillsolutions.net/ArvestPublicMR/B2BApp.aspx
Source: chromecache_81.4.dr	String found in binary or memory: https://arvest.cardmanager.com/
Source: chromecache_81.4.dr	String found in binary or memory: https://ecash.arvest.com/CorporateBankingWeb/Core/Signin.aspx
Source: chromecache_81.4.dr	String found in binary or memory: https://homeloan.arvest.com/login
Source: chromecache_81.4.dr	String found in binary or memory: https://locations.arvest.com/
Source: chromecache_81.4.dr	String found in binary or memory: https://mymortgage.arvest.com/sign-up
Source: chromecache_81.4.dr	String found in binary or memory: https://orderpoint.deluxe.com/personal-checks/welcome.htm
Source: chromecache_81.4.dr	String found in binary or memory: https://rdc.arvest.com/ArvestBankDefault.aspx
Source: chromecache_81.4.dr	String found in binary or memory: https://sso.arvest.com/idp/startSSO.ping?PartnerSpId=urn%3Abki%3Aservicingdigital%3Arwa%3Aarvest&amp
Source: chromecache_81.4.dr	String found in binary or memory: https://www.centresuite.com/Centre/Public/Logon/Index?ReturnUrl=/Centre/?arvest&arvest

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49686 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49681 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49681
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702

Source: unknown	HTTPS traffic detected: 142.250.65.228:443 -> 192.168.2.6:49702 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 91.212.166.88:443 -> 192.168.2.6:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 91.212.166.119:443 -> 192.168.2.6:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 91.212.166.119:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 91.212.166.119:443 -> 192.168.2.6:49717 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir5840_2024653378

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir5840_2024653378

Jump to behavior

Source: classification engine

Classification label: mal56.win@24/32@22/4

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2056,i,2299731630484019641,637105831372448406,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2088 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://ynlyce.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2056,i,2299731630484019641,637105831372448406,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2088 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://ynlyce.com	100%	Avira URL Cloud	phishing

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://arvest.click/login/css/MyFontsWebfontsKit.css	100%	Avira URL Cloud	malware
https://arvest.cardmanager.com/	0%	Avira URL Cloud	safe
https://arvest.click/login/css/24WEB057%20Dec%20TP%20Ads%20for%20Web_MainNav_NewYearPlan.png	100%	Avira URL Cloud	malware
http://cv.iptc.org/newscodes/digitalsourcetype/trainedAlgorithmicMedia	0%	Avira URL Cloud	safe
https://homeloan.arvest.com/login	0%	Avira URL Cloud	safe
https://arvest.click/login/css/24WEB057%20Dec%20TP%20Ads%20for%20Web_MainNav_Consumer.png	100%	Avira URL Cloud	malware
https://arvest.click/login/css/layout2.css	100%	Avira URL Cloud	malware
https://sso.arvest.com/idp/startSSO.ping?PartnerSpId=urn%3Abki%3Aservicingdigital%3Arwa%3Aarvest&amp	0%	Avira URL Cloud	safe
https://ecash.arvest.com/CorporateBankingWeb/Core/Signin.aspx	0%	Avira URL Cloud	safe
https://applink.bakerhillsolutions.net/ArvestPublicMR/B2BApp.aspx	0%	Avira URL Cloud	safe
https://arvest.click/login/css/arvest-logo.png	100%	Avira URL Cloud	malware
https://mymortgage.arvest.com/sign-up	0%	Avira URL Cloud	safe
https://rdc.arvest.com/ArvestBankDefault.aspx	0%	Avira URL Cloud	safe
https://ynlyce.com/	100%	Avira URL Cloud	phishing
https://arvest.click/login/css/login-arrow-icon.png	100%	Avira URL Cloud	malware
https://arvest.click/login/css/Small_Business_Checking_2_mainnav.png	100%	Avira URL Cloud	malware
https://arvest.click/login/	100%	Avira URL Cloud	malware
https://arvest.click/login/css/2024_ACC_3X_Holiday_Rewards_Main%20Nav.png	100%	Avira URL Cloud	malware
https://arvest.click/login/css/FDIC-new-logo.png	100%	Avira URL Cloud	malware
https://locations.arvest.com/	0%	Avira URL Cloud	safe
https://arvest.click/login/css/24WEB057%20Dec%20TP%20Ads%20for%20Web_MainNav_Mortgage.png	100%	Avira URL Cloud	malware
https://arvest.click/login/css/bootstrap_custom.css	100%	Avira URL Cloud	malware

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
e2c53.gcp.gvt2.com	35.217.93.191	true	false	high
ynlyce.com	91.212.166.88	true	false	unknown
arvest.click	91.212.166.119	true	false	unknown
beacons-handoff.gcp.gvt2.com	142.251.116.94	true	false	high
www.google.com	142.250.65.228	true	false	high
beacons.gcp.gvt2.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://arvest.click/login/css/24WEB057%20Dec%20TP%20Ads%20for%20Web_MainNav_Consumer.png	true	Avira URL Cloud: malware	unknown
https://arvest.click/login/css/layout2.css	true	Avira URL Cloud: malware	unknown
https://arvest.click/login/css/MyFontsWebfontsKit.css	true	Avira URL Cloud: malware	unknown
https://arvest.click/login/css/24WEB057%20Dec%20TP%20Ads%20for%20Web_MainNav_NewYearPlan.png	true	Avira URL Cloud: malware	unknown
https://arvest.click/login/css/arvest-logo.png	true	Avira URL Cloud: malware	unknown
https://arvest.click/login/css/login-arrow-icon.png	false	Avira URL Cloud: malware	unknown
https://ynlyce.com/	true	Avira URL Cloud: phishing	unknown
https://arvest.click/login/css/2024_ACC_3X_Holiday_Rewards_Main%20Nav.png	false	Avira URL Cloud: malware	unknown
https://arvest.click/login/css/Small_Business_Checking_2_mainnav.png	false	Avira URL Cloud: malware	unknown
https://arvest.click/login/css/FDIC-new-logo.png	false	Avira URL Cloud: malware	unknown
https://arvest.click/login/	false	Avira URL Cloud: malware	unknown
https://arvest.click/login/css/24WEB057%20Dec%20TP%20Ads%20for%20Web_MainNav_Mortgage.png	false	Avira URL Cloud: malware	unknown
https://arvest.click/login/css/bootstrap_custom.css	false	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://pki-crl.symauth.com/ca_7a5c3a0c73117406add19312bc1bc23f/LatestCRL.crl07	chromecache_69.4.dr, chromecache_80.4.dr	false		high
http://cv.iptc.org/newscodes/digitalsourcetype/trainedAlgorithmicMedia	chromecache_69.4.dr, chromecache_80.4.dr	false	Avira URL Cloud: safe	unknown
https://ecash.arvest.com/CorporateBankingWeb/Core/Signin.aspx	chromecache_81.4.dr	false	Avira URL Cloud: safe	unknown
https://sso.arvest.com/idp/startSSO.ping?PartnerSpId=urn%3Abki%3Aservicingdigital%3Arwa%3Aarvest&amp	chromecache_81.4.dr	false	Avira URL Cloud: safe	unknown
https://orderpoint.deluxe.com/personal-checks/welcome.htm	chromecache_81.4.dr	false		high
https://arvest.cardmanager.com/	chromecache_81.4.dr	false	Avira URL Cloud: safe	unknown
https://homeloan.arvest.com/login	chromecache_81.4.dr	false	Avira URL Cloud: safe	unknown
https://www.centresuite.com/Centre/Public/Logon/Index?ReturnUrl=/Centre/?arvest&arvest	chromecache_81.4.dr	false		high
http://www.myfonts.com/fonts/bitstream/futura/medium/	chromecache_70.4.dr	false		high
http://www.myfonts.com/fonts/bitstream/futura/book/	chromecache_70.4.dr	false		high
https://applink.bakerhillsolutions.net/ArvestPublicMR/B2BApp.aspx	chromecache_81.4.dr	false	Avira URL Cloud: safe	unknown
https://mymortgage.arvest.com/sign-up	chromecache_81.4.dr	false	Avira URL Cloud: safe	unknown
https://rdc.arvest.com/ArvestBankDefault.aspx	chromecache_81.4.dr	false	Avira URL Cloud: safe	unknown
http://pki-ocsp.symauth.com0	chromecache_69.4.dr, chromecache_80.4.dr	false		high
http://www.myfonts.com/fonts/bitstream/futura/bold/	chromecache_70.4.dr	false		high
http://www.myfonts.com/viewlicense?type=web&buildid=2546231	chromecache_70.4.dr	false		high
https://locations.arvest.com/	chromecache_81.4.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
91.212.166.88	ynlyce.com	United Kingdom	35819	MOBILY-ASEtihadEtisalatCompanyMobilySA	false
142.250.65.228	www.google.com	United States	15169	GOOGLEUS	false
91.212.166.119	arvest.click	United Kingdom	35819	MOBILY-ASEtihadEtisalatCompanyMobilySA	false

Private

IP
192.168.2.6

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1644311
Start date and time:	2025-03-20 13:38:58 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 7s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://ynlyce.com
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	15
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.win@24/32@22/4

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe, TextInputHost.exe
Excluded IPs from analysis (whitelisted): 142.250.80.35, 142.250.80.46, 172.253.115.84, 142.251.40.238, 142.251.41.14, 199.232.210.172, 142.250.80.78, 142.251.40.206, 142.251.32.110, 199.232.214.172, 142.251.40.227, 142.251.35.174, 192.178.155.84, 142.250.64.110, 184.31.69.3, 20.109.210.53
Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, accounts.google.com, redirector.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
VT rate limit hit for: http://ynlyce.com

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 66

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 38 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	437
Entropy (8bit):	7.301920754808577
Encrypted:	false
SSDEEP:	12:6v/7s/NTBmRIahtoLsncnUuesWqU8zaAPtsj2EyX39eBzaQDUQhTec:5GRIahtoacnTe3qU8OASj2bX39eBJVh3
MD5:	A1DA7C1767B0E724DAEE1C3EF5464222
SHA1:	3A166572760D23E3FEF34BAD4FD3B41DC9714B01
SHA-256:	F058EDFA0CBD7A48A750657262FAB23056F86733A582C09EBE357E3EE5F92EBA
SHA-512:	580966E0EA787C697AD1011346784794AE7C1291A2E49040457C52441760917A5CB374995BC457849C0E9EBF2F41FC1CEF49642C37318B66AB3B2DCD772B78C1
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...&.........z.......sBIT....\|.d....lIDATH..U.q.0.\2..L. t.....A..#.\.].W.%P.....t..l.6....\xdg....eY.".....$..h..h....q.V./.2O?...DN...O...P.a.VpH."....F.s.......opp.....g(.N.}..]..{......W..@b.....U."s..d...l..'y.{.$..&6...ZI.M.#..%.z.B..".L.H...a.j.V....Qn..p...K..X3......A!t.......^.^....T........!..x.I..7.2.....T*\|..D..?.w.w......SvD.Y.9.$3...._..-GR.../...q..`[$v....F..w.3.a4t./..x.;......IEND.B`.

Chrome Cache Entry: 67

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (7960), with CRLF line terminators
Category:	downloaded
Size (bytes):	31484
Entropy (8bit):	5.07758748858107
Encrypted:	false
SSDEEP:	768:Njr6KZt/VQoTkTBmTR8chcdJa43TaTC4b1RskYKxe6HZdZ9H3lbOkx:Nxrzx
MD5:	2813B7ACCA19AC5662C7E24834F3B7D0
SHA1:	2AE12C06218EA60AAD500FFAB0D224BBDCF5A392
SHA-256:	ACEF8EACD3E56B92CE009215839581D09B67D9C2380523D92A0F40A09E4F2F9E
SHA-512:	B6AF2B170E66EA9B62CA1BA46A76139693A9D85DF49774A9533337FBC0649F3F123D807C508F3D76911927C110830EC70179B6879B3FA649A16E8C51181D78FC
Malicious:	false
Reputation:	low
URL:	https://arvest.click/login/css/layout2.css
Preview:	*{-webkit-tap-highlight-color: rgba(0,0,0,0)}.iosPhone,.iosPhone a{color: #cc0000}a:hover{text-decoration: underline}h1,h2,h3{font-family: FuturaBT-Book}h2{font-size: 1.7rem;margin: 8px 0}h3{font-size: 1.7rem;margin: 6px 0}h2.sub-header{margin: 0;padding: 11px 0;font-size: 1.7rem;line-height: 1.2;color: #00457c;font-family: FuturaBT-Medium}h2.sub-header.two-line{line-height: 22px;padding: 15px 0}img{vertical-align: baseline}table td{vertical-align: top}caption{text-align: left;font-weight: bold}a[type="application/pdf"]{background: url(/images/tiny/file_pdf.png) no-repeat right 0 rgba(0,0,0,0);background-clip: border-box;padding-right: 18px;padding-top: 2px}.tel{white-space: nowrap;color: inherit}.linkreg{color: #1A6AC0;font-size: 75%;left: 1px;position: relative;vertical-align: super}.FuturaBT-Book{font-family: FuturaBT-Book !important}.FuturaBT-Bold{font-family: FuturaBT-Bold}.FuturaBT-Medium,.icon-button-row,.pag-menu,.bank-landing-content p{font-family: FuturaBT-Medium}.container-m

Chrome Cache Entry: 68

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 217 x 234, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	64027
Entropy (8bit):	7.982826499272069
Encrypted:	false
SSDEEP:	1536:TGc1raBcKE4HBDuE9Ma7zfzrTn+Va51rTyfat:nrMcKE4BCQ/77zP+I51rGfat
MD5:	2A9E091041F9B263B3C01479E26937A9
SHA1:	BCD81AC3ADBF7BB7B3E26E78D1E80843F66F7620
SHA-256:	DF334B281323563E41794CB5FA8D849C0A2BD29BE192B97AEDAD8DA5D8B2F9B3
SHA-512:	3037A75EF57FEF41C78334C1D8A1125FA066BE8532F2E754FDC7247D5C9B875252AE5D1E7A38B3F7D8A25659C106EE3DC04C7DE812F9CCB72CF09532DB4E8F6A
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR............./P.u....pHYs...........~... .IDATx..g.dw...;9V.7...s ..a.......].....X..W........l.0.8@_.Kk....Y.%9..06;w...7..:..C......Y.B~....s..s..<..p..$...f.E..A9?M..ae,4E".`.~..n......F7R.?s..J..."...".g-I N.$Q............K.."0.....1q.s<.h8!i].D..]..}L4tH.4GG...[.Z.'.B....mvy..oQ..r......^.Q.LS....%....Q.W......;......QD7R.zu4Y..)....+.k.....m~Bbf)e......C...%....A."..1C.q.yD....Q..]...?..~..1.O!\|..(.G..\...........>._z.s........Z....y;.\|e...\|J.P....I.............9s.y..O!...9...c.2...[.)W'....-..f.......b:...,s.uH...0v.(N...Y...t..:dM.K7..#..=..i..$..US.$Q`.Elv\|......Q.(..E..Z.[/...m~D..R..S=u..W.I......#Z.M\|..&J..O.XE.Lf./.1.X.r....#..g..mv?.........6..v..?bu....$=.E....,R.P.M...r....fR.........l..N- .._....%I..T..4Ue..\|.v.;.G.T. BS.g.{..jn. .........$..L.\.."...{..e.C..m..!;.7i.7I.X..Q./&..*.....o..T'g....)....(....D&.......q.......:<^..MIq..Q...<x.bu.I.y...<.YI..%8^H..(.D.%DIL..8A.^..q.d[.{.c..x.F~.(.h...DI.......@.Pe.r.d

Chrome Cache Entry: 69

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 218 x 234, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	70110
Entropy (8bit):	7.870803000434455
Encrypted:	false
SSDEEP:	1536:+XGiMOy25DBQaGcEsGLWbbGKBcgtQxT1m5pJ+rGc46gNNt0:+Zz3Zb5TMWHhfs1EpJ+r74w
MD5:	26D5DEB98A97A3C668E43F7C07659D93
SHA1:	8638C42486549B79B59B709C2D180D6D2DB24BC7
SHA-256:	835304C2063BCEA09D0388C8193144C575BCF82E1DE352786376DFBCB7A04F14
SHA-512:	BA85D3333A0D2C6588317A28285BA26C25890800CFE618E5E71279D4B518EEFAB87682FF8587BDCD6AC68417C2C23BECA641B68FE4A1B2C1DB37595C21171392
Malicious:	false
Reputation:	low
URL:	https://arvest.click/login/css/Small_Business_Checking_2_mainnav.png
Preview:	.PNG........IHDR..............g[v..,bcaBX..,bjumb....jumdc2pa.........8.q.c2pa...,<jumb...Gjumdc2ma.........8.q.urn:uuid:99e0ac7d-9171-40ec-b5f8-8a02762c4689.....jumb...)jumdc2as.........8.q.c2pa.assertions.....jumb...&jumdcbor.........8.q.c2pa.actions.....cbor.gactions..factionkc2pa.editedmsoftwareAgentmAdobe FireflyqdigitalSourceTypexFhttp://cv.iptc.org/newscodes/digitalsourcetype/trainedAlgorithmicMedia....jumb...(jumdcbor.........8.q.c2pa.hash.data....{cbor.jexclusions..estart.!flength.,ndnamenjumbf manifestcalgfsha256dhashX ..AT<...8....}..?R!....\|q.q...cpadH............jumb...$jumdc2cl.........8.q.c2pa.claim.....cbor.hdc:titleoGenerated Imageidc:formatiimage/pngjinstanceIDx,xmp:iid:562221e1-8e78-473e-af51-5dbf25e03470oclaim_generatorx6Adobe_Illustrator/28.0 adobe_c2pa/0.7.6 c2pa-rs/0.25.2tclaim_generator_info..dnameqAdobe Illustratorgversiond28.0.isignaturex.self#jumbf=c2pa.signaturejassertions..curlx'self#jumbf=c2pa.assertions/c2pa.actionsdhashX .f.j..\|`..9...#A..]+...F."d.+

Chrome Cache Entry: 70

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with CRLF line terminators
Category:	downloaded
Size (bytes):	1630
Entropy (8bit):	5.363052639173395
Encrypted:	false
SSDEEP:	48:qpgudYibiLcadNPQVYJLoi0HVMJLPJWVAs:qp7YiugaXPQVti0HVoJWVz
MD5:	77D4F9083E96C07AB6C556C30F87B457
SHA1:	C570366506491F8045C055DD69314E0F05A3F764
SHA-256:	411D22640C2C8DCD4C3E557A363BA5C787457F9A383B0A8F5E7E06638E544757
SHA-512:	2C3162167F56B9E4DCB8DAD98354DEF0E732A01ED3E8021E74114CAC02491A2059AE92CC52E1F8170E9D795B765CA076AF296C7A3731C684E9024F89419736AF
Malicious:	false
Reputation:	low
URL:	https://arvest.click/login/css/MyFontsWebfontsKit.css
Preview:	/* @license.. * MyFonts Webfont Build ID 2546231, 2013-05-02T12:57:30-0400.. .. The fonts listed in this notice are subject to the End User License.. * Agreement(s) entered into by the website owner. All other parties are.. * explicitly restricted from using the Licensed Webfonts(s)... .. You may obtain a valid license at the URLs below... .. Webfont: Futura Book by Bitstream.. * URL: http://www.myfonts.com/fonts/bitstream/futura/book/.. .. Webfont: Futura Medium by Bitstream.. * URL: http://www.myfonts.com/fonts/bitstream/futura/medium/.. .. Webfont: Futura Bold by Bitstream.. * URL: http://www.myfonts.com/fonts/bitstream/futura/bold/.. .. .. * License: http://www.myfonts.com/viewlicense?type=web&buildid=2546231.. * Webfonts copyright: Copyright 1990-2003 Bitstream Inc. All rights reserved... .. . 2013 MyFonts Inc../....../ @import must be at top of file, otherwise CSS will not work /../..@import url("//hello.myfonts.net/count/26da37");..*/....@font-face {font

Chrome Cache Entry: 71

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 217 x 234, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	53802
Entropy (8bit):	7.98755598851025
Encrypted:	false
SSDEEP:	1536:tjzTiD66UE5EBlCEAY4u2U+mFAy/m2Hl5O:tjzunexF21Um2HlM
MD5:	7FABB0F897718722208D158D61A669EB
SHA1:	7536859B68EA3001B06F779F3C8699D0532A6560
SHA-256:	45B0FBBDA2BBE5A6758A181246D0E467F355661B5C3CE92826C6959EF4487CDA
SHA-512:	F2935B220433FD63B5DA913D837741EE5B6BEAE0065C6BEDB5869994F46E1DC7AE9B881F5E2F75AA9CAC39ED2637856C8E60A4B07A72059DAA5ED8D8A0EC6C4E
Malicious:	false
Reputation:	low
URL:	https://arvest.click/login/css/24WEB057%20Dec%20TP%20Ads%20for%20Web_MainNav_Mortgage.png
Preview:	.PNG........IHDR............./P.u....pHYs...........~... .IDATx..Y.%.y....Z.~...m.g.g..C......2-...R.Z.a..a+.._...?....VH.,.I..,..h.. .....f......{.V....CV.s.=...;#n..u...2...}......Z.<._.Z...c-.h....c....Zg...6Q...B.W.....>..&...3.j.`.!..S...F....`.8........6hk.DJ..^..7..>By..7..k....l......./>....~.V..........].._.k.w.sg...N.h^....ZM...u.....!.s.............c...>....!+c...BJ. .....4....kS}im@..r.x.5.Q.\.y...qJ.{H99.......v7.G......R.R...B../......x......si.E..W.......Xkr......b....(/@.u.........\|..H...c.4..h....;;...{.4..Z 5....L.R>...,.p'..R...@J.1..=w.Q....i.I...{.!h7...C.4c..xJN1....8&..S.b.5..R..HP..R..().}.?........17?.P....I.<....6K@..).+...W.We..x..'a.?i.}...Oy..]a0(.Y..+.ex......b..:..Z.O1X...z...H+_...D9.Is.X....sq.../vz........p....).....X6.....@...A.H&..z.\j..\7%q......JJ6..J&*..ivx.....f-...1..hH.{S.=.r...k..(BII......."?...sru..+.I...:^...2.4....w.........Y......f..9_H...Q0...p..+...........!.BH.p.....@...(b..&n....&3..............

Chrome Cache Entry: 72

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 15 x 10, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	271
Entropy (8bit):	6.86725341208933
Encrypted:	false
SSDEEP:	6:6v/lhPf/nDsp02FVDl5gxPfq0btfy1mpontnMmXNgFpTlloajp:6v/7nIlx8ThGeonpdgFbr
MD5:	5B7B9D12E8761792332BA60DC88D4A0F
SHA1:	9460DECF6B3018147C938608402E9F0245755D77
SHA-256:	01D1A470C25A6F60C6FA9E7DE42B0158533A7BF3DE3C0D7C2687F5A5A8269377
SHA-512:	2B0582AC577F9A0E73B1940E5E5442C73EDFC4A2013CA66E7DD8533A24B6EAFF0C1C6B2FCBB49BD7026177AC8EFD14FA72B70BA1E9F944CBE878A04A267A4F45
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............k.......tEXtSoftware.Adobe ImageReadyq.e<....IDATx..1..@.E'.X.Xy.C....z.=...r..@.....1. ..O.+#..K^....%..F...P&xb~fC.-ox.)..3.H:l}.;.f.....0..Lz7&..d..9.....<.9.r..}.....=...9..%,].q...l.`..T.....5.5g.Z67.9..~........Y.....IEND.B`.

Chrome Cache Entry: 73

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 217 x 234, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	53690
Entropy (8bit):	7.987771135090186
Encrypted:	false
SSDEEP:	1536:3eY+Kq29lvw2J0hCCuhmL9PBQ6Y6JWzDHzyi0WeFe:uY+89lenL9PWHnHzWWeI
MD5:	B847164BB49A4688BC586001DE918AB6
SHA1:	73EB14BCB8D59C116E10B1E3B6760921E4E63BC1
SHA-256:	2973667045A623C972AE370E95BB245312E1B094B985B0282F06C7550BCC5710
SHA-512:	F00F4E4A36A1D0D2016241E32B5AA1345AC23AE6EF84972CC261E8263CE8219C65143C21FCA71E7116E4F811F567CBCBF019EBBFAB07D511E895C439EA5D75B1
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR............./P.u....pHYs...........~... .IDATx...G.-Iz...2........v..=..P....E/2$Bb. .."..V{i.....v...L.6....D.$D....@..`03..n.<..qUi..2.......N..w.9u..\|.....o....u..S. ....XC....D.a..l7<{v.....7\]....S~...fy.....:...!`...@.....c...m[...%G.%w....5......\....Xo.g...'.W,.3B..9=.5...>.D.g-..X.X-.lv;V.."B....C$.A.!!....@L.}.\.lx....~...?\|H..1.c,..X.......#...0....X.;~...=NN....SV.9?./q......r...w..7.p....AH..$..0....1......H..18.").$L...MR...........w..i..m,s.p..#.5...p..BL.X..I.Iy.......". ...I..]K.v.kL.."!E.!1.~.3c..'....cb.A....>.b.H~DL....>...K...1.=u... .`E.3.W.....I......uV.'QoJ...g..r.^.^.Y..B....lvxc9.:....>.:Q].k..PD.....X;...j.......3.xp....&qr...)E\|..\.Z.i....F.>F...ZcH)....Mc.>`l.\|L`.....b.n..06....q..MI.I...WU!.%....6..6..u.#J.1.2....PK....0y.H.....u.+.......Y.u.dLF..Y...cT&...".p...)....B..,...la<. 3....^y...F".PiR.....s..c...d.a.`..D....e..=[.3..8w....5.k../.?.......,...T.%.1.c...........2g.......a...4Y?.?I..h....+..Y.....:^.

Chrome Cache Entry: 74

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 217 x 234, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	53690
Entropy (8bit):	7.987771135090186
Encrypted:	false
SSDEEP:	1536:3eY+Kq29lvw2J0hCCuhmL9PBQ6Y6JWzDHzyi0WeFe:uY+89lenL9PWHnHzWWeI
MD5:	B847164BB49A4688BC586001DE918AB6
SHA1:	73EB14BCB8D59C116E10B1E3B6760921E4E63BC1
SHA-256:	2973667045A623C972AE370E95BB245312E1B094B985B0282F06C7550BCC5710
SHA-512:	F00F4E4A36A1D0D2016241E32B5AA1345AC23AE6EF84972CC261E8263CE8219C65143C21FCA71E7116E4F811F567CBCBF019EBBFAB07D511E895C439EA5D75B1
Malicious:	false
Reputation:	low
URL:	https://arvest.click/login/css/24WEB057%20Dec%20TP%20Ads%20for%20Web_MainNav_Consumer.png
Preview:	.PNG........IHDR............./P.u....pHYs...........~... .IDATx...G.-Iz...2........v..=..P....E/2$Bb. .."..V{i.....v...L.6....D.$D....@..`03..n.<..qUi..2.......N..w.9u..\|.....o....u..S. ....XC....D.a..l7<{v.....7\]....S~...fy.....:...!`...@.....c...m[...%G.%w....5......\....Xo.g...'.W,.3B..9=.5...>.D.g-..X.X-.lv;V.."B....C$.A.!!....@L.}.\.lx....~...?\|H..1.c,..X.......#...0....X.;~...=NN....SV.9?./q......r...w..7.p....AH..$..0....1......H..18.").$L...MR...........w..i..m,s.p..#.5...p..BL.X..I.Iy.......". ...I..]K.v.kL.."!E.!1.~.3c..'....cb.A....>.b.H~DL....>...K...1.=u... .`E.3.W.....I......uV.'QoJ...g..r.^.^.Y..B....lvxc9.:....>.:Q].k..PD.....X;...j.......3.xp....&qr...)E\|..\.Z.i....F.>F...ZcH)....Mc.>`l.\|L`.....b.n..06....q..MI.I...WU!.%....6..6..u.#J.1.2....PK....0y.H.....u.+.......Y.u.dLF..Y...cT&...".p...)....B..,...la<. 3....^y...F".PiR.....s..c...d.a.`..D....e..=[.3..8w....5.k../.?.......,...T.%.1.c...........2g.......a...4Y?.?I..h....+..Y.....:^.

Chrome Cache Entry: 75

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 201 x 69, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	4092
Entropy (8bit):	7.936349351238386
Encrypted:	false
SSDEEP:	96:T+Q2VWLOznXwIWWnWjHWlD3OEyEir2HvD322v4wvz3sA9g/d:iQ2Pjw6nWKtAaPfv4y8Mg/d
MD5:	F6AC29E98162F51A7782EB78160DD31C
SHA1:	32EFFA4F9335E1D4308256FB20FD61C381A6F83B
SHA-256:	8D8F81B3DEB15A8D8A4D940347FB3322CA6D49640E7CE14514CCBE07862A1ABA
SHA-512:	A78B8CF525456C8D532E45D6717E950C5ED051108E1DE7BD8767FFC4573F612030B1DABC637D8166398CB6AE106C163A3978624EB97BC73E19A1BC46DA7760DF
Malicious:	false
Reputation:	low
URL:	https://arvest.click/login/css/arvest-logo.png
Preview:	.PNG........IHDR.......E...........tEXtSoftware.Adobe ImageReadyq.e<....IDATx..]........(G90"M......D..OA. 6...... .E......A..D@..bA..+.P...@.EH...."......e\|o.l9o............f.)..rbt...>..CU`K..atl..S...u.;C.........1....c..CTF..h.F..........H ..O.v..;....8...p...h`C.<.._..}.z(vIW...c...g...2...ek8.Sc...=`.p.p!p..ZL.o..B...\|..45.....V...L.4..i.=.8J..D..]9..B.......;..........>.x.......n.>.v(o].o._..o.p.p..>..&..\..w"......2._......v.Z.7.......\>............_i.sb.BR%....g....s........R..,u.hx.f.....a.mHU*......p\|-p.M.Z..P.?p..p....A.F..@`...4...u...c.o.g._ry..t.!..B._...S...p1...7.g'.....$%8....]..ji.y;N.....?.\|.XN...;...6......7.m...J.g!.!....0..>`..yof.].3...t.jG..+....P......ELz.G.Kl,.P...~.-.p.&p.p....B`.....-..).....g8<.k....u.s...P.B.8`^....a...M.W1i..,$.......Pb.L}5!.A...$.^.D..6....$.IWt..$.....(J!Y.P@.v...!Av.Y.t....tW.i..I@...a......r.o.1y=`o5.F.v!).xm..Br.Q(....r8_...i....p........IsKL.V8.(9I.B..H.8.Is../y...].mq?`.Br..4...>IL..-.

Chrome Cache Entry: 76

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 217 x 234, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	53802
Entropy (8bit):	7.98755598851025
Encrypted:	false
SSDEEP:	1536:tjzTiD66UE5EBlCEAY4u2U+mFAy/m2Hl5O:tjzunexF21Um2HlM
MD5:	7FABB0F897718722208D158D61A669EB
SHA1:	7536859B68EA3001B06F779F3C8699D0532A6560
SHA-256:	45B0FBBDA2BBE5A6758A181246D0E467F355661B5C3CE92826C6959EF4487CDA
SHA-512:	F2935B220433FD63B5DA913D837741EE5B6BEAE0065C6BEDB5869994F46E1DC7AE9B881F5E2F75AA9CAC39ED2637856C8E60A4B07A72059DAA5ED8D8A0EC6C4E
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR............./P.u....pHYs...........~... .IDATx..Y.%.y....Z.~...m.g.g..C......2-...R.Z.a..a+.._...?....VH.,.I..,..h.. .....f......{.V....CV.s.=...;#n..u...2...}......Z.<._.Z...c-.h....c....Zg...6Q...B.W.....>..&...3.j.`.!..S...F....`.8........6hk.DJ..^..7..>By..7..k....l......./>....~.V..........].._.k.w.sg...N.h^....ZM...u.....!.s.............c...>....!+c...BJ. .....4....kS}im@..r.x.5.Q.\.y...qJ.{H99.......v7.G......R.R...B../......x......si.E..W.......Xkr......b....(/@.u.........\|..H...c.4..h....;;...{.4..Z 5....L.R>...,.p'..R...@J.1..=w.Q....i.I...{.!h7...C.4c..xJN1....8&..S.b.5..R..HP..R..().}.?........17?.P....I.<....6K@..).+...W.We..x..'a.?i.}...Oy..]a0(.Y..+.ex......b..:..Z.O1X...z...H+_...D9.Is.X....sq.../vz........p....).....X6.....@...A.H&..z.\j..\7%q......JJ6..J&*..ivx.....f-...1..hH.{S.=.r...k..(BII......."?...sru..+.I...:^...2.4....w.........Y......f..9_H...Q0...p..+...........!.BH.p.....@...(b..&n....&3..............

Chrome Cache Entry: 77

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 217 x 234, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	64027
Entropy (8bit):	7.982826499272069
Encrypted:	false
SSDEEP:	1536:TGc1raBcKE4HBDuE9Ma7zfzrTn+Va51rTyfat:nrMcKE4BCQ/77zP+I51rGfat
MD5:	2A9E091041F9B263B3C01479E26937A9
SHA1:	BCD81AC3ADBF7BB7B3E26E78D1E80843F66F7620
SHA-256:	DF334B281323563E41794CB5FA8D849C0A2BD29BE192B97AEDAD8DA5D8B2F9B3
SHA-512:	3037A75EF57FEF41C78334C1D8A1125FA066BE8532F2E754FDC7247D5C9B875252AE5D1E7A38B3F7D8A25659C106EE3DC04C7DE812F9CCB72CF09532DB4E8F6A
Malicious:	false
Reputation:	low
URL:	https://arvest.click/login/css/2024_ACC_3X_Holiday_Rewards_Main%20Nav.png
Preview:	.PNG........IHDR............./P.u....pHYs...........~... .IDATx..g.dw...;9V.7...s ..a.......].....X..W........l.0.8@_.Kk....Y.%9..06;w...7..:..C......Y.B~....s..s..<..p..$...f.E..A9?M..ae,4E".`.~..n......F7R.?s..J..."...".g-I N.$Q............K.."0.....1q.s<.h8!i].D..]..}L4tH.4GG...[.Z.'.B....mvy..oQ..r......^.Q.LS....%....Q.W......;......QD7R.zu4Y..)....+.k.....m~Bbf)e......C...%....A."..1C.q.yD....Q..]...?..~..1.O!\|..(.G..\...........>._z.s........Z....y;.\|e...\|J.P....I.............9s.y..O!...9...c.2...[.)W'....-..f.......b:...,s.uH...0v.(N...Y...t..:dM.K7..#..=..i..$..US.$Q`.Elv\|......Q.(..E..Z.[/...m~D..R..S=u..W.I......#Z.M\|..&J..O.XE.Lf./.1.X.r....#..g..mv?.........6..v..?bu....$=.E....,R.P.M...r....fR.........l..N- .._....%I..T..4Ue..\|.v.;.G.T. BS.g.{..jn. .........$..L.\.."...{..e.C..m..!;.7i.7I.X..Q./&..*.....o..T'g....)....(....D&.......q.......:<^..MIq..Q...<x.bu.I.y...<.YI..%8^H..(.D.%DIL..8A.^..q.d[.{.c..x.F~.(.h...DI.......@.Pe.r.d

Chrome Cache Entry: 78

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 201 x 69, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4092
Entropy (8bit):	7.936349351238386
Encrypted:	false
SSDEEP:	96:T+Q2VWLOznXwIWWnWjHWlD3OEyEir2HvD322v4wvz3sA9g/d:iQ2Pjw6nWKtAaPfv4y8Mg/d
MD5:	F6AC29E98162F51A7782EB78160DD31C
SHA1:	32EFFA4F9335E1D4308256FB20FD61C381A6F83B
SHA-256:	8D8F81B3DEB15A8D8A4D940347FB3322CA6D49640E7CE14514CCBE07862A1ABA
SHA-512:	A78B8CF525456C8D532E45D6717E950C5ED051108E1DE7BD8767FFC4573F612030B1DABC637D8166398CB6AE106C163A3978624EB97BC73E19A1BC46DA7760DF
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......E...........tEXtSoftware.Adobe ImageReadyq.e<....IDATx..]........(G90"M......D..OA. 6...... .E......A..D@..bA..+.P...@.EH...."......e\|o.l9o............f.)..rbt...>..CU`K..atl..S...u.;C.........1....c..CTF..h.F..........H ..O.v..;....8...p...h`C.<.._..}.z(vIW...c...g...2...ek8.Sc...=`.p.p!p..ZL.o..B...\|..45.....V...L.4..i.=.8J..D..]9..B.......;..........>.x.......n.>.v(o].o._..o.p.p..>..&..\..w"......2._......v.Z.7.......\>............_i.sb.BR%....g....s........R..,u.hx.f.....a.mHU*......p\|-p.M.Z..P.?p..p....A.F..@`...4...u...c.o.g._ry..t.!..B._...S...p1...7.g'.....$%8....]..ji.y;N.....?.\|.XN...;...6......7.m...J.g!.!....0..>`..yof.].3...t.jG..+....P......ELz.G.Kl,.P...~.-.p.&p.p....B`.....-..).....g8<.k....u.s...P.B.8`^....a...M.W1i..,$.......Pb.L}5!.A...$.^.D..6....$.IWt..$.....(J!Y.P@.v...!Av.Y.t....tW.i..I@...a......r.o.1y=`o5.F.v!).xm..Br.Q(....r8_...i....p........IsKL.V8.(9I.B..H.8.Is../y...].mq?`.Br..4...>IL..-.

Chrome Cache Entry: 79

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 217 x 234, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	55947
Entropy (8bit):	7.989838143166923
Encrypted:	false
SSDEEP:	1536:ILCpCwzuehBOTS3uC/lFJ0KcKmBsq78775jrNamXSD:ICCUqSe6PJcKcsE8BjM2o
MD5:	A33D50312113C762748A9E1980729848
SHA1:	B23DAF3A67D7D72062AF876D5511A12E20F8E62E
SHA-256:	D8A6D0056AEFB4DEB8A4B5133FED654D77B5F12FBB92555A466F5994BA9D6C47
SHA-512:	4E6C9256E0EDB00F886FB989D2B5C4F582A190682162B01B9C8E6790F7C79AF36699416C739815585213B76550B30ED0D322740B146CF5D24A4128DEEFC64E0F
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR............./P.u....pHYs...........~... .IDATx.t...%Yv..9..x..U.T..6=....h8.4....Z.i....2m.e.2...`.h.6`....C.$.e..$..EQ$..#R..>=.3..^Y....r..p...&.P./_../..\|...{B..u.@....@..A..."...D....Q@.{...}....a...........?..n.e...,...@].vv....0..c......f{....Q..i........uU..AD...s.7k...`.f.=.Z.a. .....B.(]...h...Q...+.........J)Di.R.s. ...B.Y.$"Rd..W.....B:...!....B:...x...Z.=.Y.u.......I&.Ji.....R..t...... ...5..".u...........o..$.>.".......=}.....b.....-...!...f..m.....-..:.g<...K.*./_.....B.8....X.SW3.v....z..%".........@<J4.V.C...P.........,I(y....xr"........k.k\.esy.....VW...g..u.V..-..q....4.; .. I0.{T:..g.:V...N...h..r\..!.\|<.....>....M.].X@<.TT>Eq0J@.BIV.E.......CS.(.....NN.....T>~H._L.(........-...u44...... .5.t..T..s...-.k'..pq..y%..v\|....1..n.U..6..0.3.n.....F........$......A...,.n,.=9....d.....g.........5JC..y!...!D..A.!L.+..... .o..5)M...@.m..-.f.z.d.Y..._...T.....>`{...hTZ.R.1QH..REC.!F.g......`D.q%.M..1......R..!..LY..._<...F..

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 218 x 234, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	70110
Entropy (8bit):	7.870803000434455
Encrypted:	false
SSDEEP:	1536:+XGiMOy25DBQaGcEsGLWbbGKBcgtQxT1m5pJ+rGc46gNNt0:+Zz3Zb5TMWHhfs1EpJ+r74w
MD5:	26D5DEB98A97A3C668E43F7C07659D93
SHA1:	8638C42486549B79B59B709C2D180D6D2DB24BC7
SHA-256:	835304C2063BCEA09D0388C8193144C575BCF82E1DE352786376DFBCB7A04F14
SHA-512:	BA85D3333A0D2C6588317A28285BA26C25890800CFE618E5E71279D4B518EEFAB87682FF8587BDCD6AC68417C2C23BECA641B68FE4A1B2C1DB37595C21171392
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR..............g[v..,bcaBX..,bjumb....jumdc2pa.........8.q.c2pa...,<jumb...Gjumdc2ma.........8.q.urn:uuid:99e0ac7d-9171-40ec-b5f8-8a02762c4689.....jumb...)jumdc2as.........8.q.c2pa.assertions.....jumb...&jumdcbor.........8.q.c2pa.actions.....cbor.gactions..factionkc2pa.editedmsoftwareAgentmAdobe FireflyqdigitalSourceTypexFhttp://cv.iptc.org/newscodes/digitalsourcetype/trainedAlgorithmicMedia....jumb...(jumdcbor.........8.q.c2pa.hash.data....{cbor.jexclusions..estart.!flength.,ndnamenjumbf manifestcalgfsha256dhashX ..AT<...8....}..?R!....\|q.q...cpadH............jumb...$jumdc2cl.........8.q.c2pa.claim.....cbor.hdc:titleoGenerated Imageidc:formatiimage/pngjinstanceIDx,xmp:iid:562221e1-8e78-473e-af51-5dbf25e03470oclaim_generatorx6Adobe_Illustrator/28.0 adobe_c2pa/0.7.6 c2pa-rs/0.25.2tclaim_generator_info..dnameqAdobe Illustratorgversiond28.0.isignaturex.self#jumbf=c2pa.signaturejassertions..curlx'self#jumbf=c2pa.assertions/c2pa.actionsdhashX .f.j..\|`..9...#A..]+...F."d.+

Chrome Cache Entry: 81

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (670)
Category:	downloaded
Size (bytes):	32488
Entropy (8bit):	4.2382211202510796
Encrypted:	false
SSDEEP:	384:3AdEmEKgBi85OulUeo50q+mTGADKLSMSRl0:QdUKgZswU950q+mqADKLSMh
MD5:	91545FCD4401DE4B9EA5ED520FA862FB
SHA1:	764B3E83EE35BEC5FB5AE03E353F59E1FB0C73AC
SHA-256:	D9D036C95D20DE1EAA81585849F9FA5020A3B294BF39FC19F55D8B94E65B049F
SHA-512:	C049958B3A7C8AA8F22F43406B67D5AF53B0AE82BAB8D2B85B7EFA76AFBE0564820A561CB8C859EBD76872E0DA3C81BF346FB0B87BA98E757F6D4F223D6371A6
Malicious:	false
Reputation:	low
URL:	https://arvest.click/login/
Preview:	<!DOCTYPE html>.<html lang="en" class="js">. <head>. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">. <meta http-equiv="X-UA-Compatible" content="IE=edge">. <meta name="viewport" id="myViewport" content="width=device-width, initial-scale=1.0">. <meta name="format-detection" content="telephone=no">. <title>Personal: Arvast Online Portal: Online Portal</title>. <link rel="stylesheet" href="./css/MyFontsWebfontsKit.css">. <link rel="stylesheet" href="./css/bootstrap_custom.css">. <link rel="stylesheet" href="./css/layout2.css">. <style></style>. <script>. if( /Android\|webOS\|iPhone\|iPad\|iPod\|BlackBerry\|IEMobile\|Opera Mini/i.test(navigator.userAgent) ) {. window.location.href = "./mobile/";. }. </script>. </head>. <body class="personalSignonLogonIndex" >. <div class="outer-wrap">. </div>. end outer-wrap -->. <header class="header-container">. <div clas

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 217 x 234, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	55947
Entropy (8bit):	7.989838143166923
Encrypted:	false
SSDEEP:	1536:ILCpCwzuehBOTS3uC/lFJ0KcKmBsq78775jrNamXSD:ICCUqSe6PJcKcsE8BjM2o
MD5:	A33D50312113C762748A9E1980729848
SHA1:	B23DAF3A67D7D72062AF876D5511A12E20F8E62E
SHA-256:	D8A6D0056AEFB4DEB8A4B5133FED654D77B5F12FBB92555A466F5994BA9D6C47
SHA-512:	4E6C9256E0EDB00F886FB989D2B5C4F582A190682162B01B9C8E6790F7C79AF36699416C739815585213B76550B30ED0D322740B146CF5D24A4128DEEFC64E0F
Malicious:	false
Reputation:	low
URL:	https://arvest.click/login/css/24WEB057%20Dec%20TP%20Ads%20for%20Web_MainNav_NewYearPlan.png
Preview:	.PNG........IHDR............./P.u....pHYs...........~... .IDATx.t...%Yv..9..x..U.T..6=....h8.4....Z.i....2m.e.2...`.h.6`....C.$.e..$..EQ$..#R..>=.3..^Y....r..p...&.P./_../..\|...{B..u.@....@..A..."...D....Q@.{...}....a...........?..n.e...,...@].vv....0..c......f{....Q..i........uU..AD...s.7k...`.f.=.Z.a. .....B.(]...h...Q...+.........J)Di.R.s. ...B.Y.$"Rd..W.....B:...!....B:...x...Z.=.Y.u.......I&.Ji.....R..t...... ...5..".u...........o..$.>.".......=}.....b.....-...!...f..m.....-..:.g<...K.*./_.....B.8....X.SW3.v....z..%".........@<J4.V.C...P.........,I(y....xr"........k.k\.esy.....VW...g..u.V..-..q....4.; .. I0.{T:..g.:V...N...h..r\..!.\|<.....>....M.].X@<.TT>Eq0J@.BIV.E.......CS.(.....NN.....T>~H._L.(........-...u44...... .5.t..T..s...-.k'..pq..y%..v\|....1..n.U..6..0.3.n.....F........$......A...,.n,.=9....d.....g.........5JC..y!...!D..A.!L.+..... .o..5)M...@.m..-.f.z.d.Y..._...T.....>`{...hTZ.R.1QH..REC.!F.g......`D.q%.M..1......R..!..LY..._<...F..

Chrome Cache Entry: 83

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 38 x 16, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	437
Entropy (8bit):	7.301920754808577
Encrypted:	false
SSDEEP:	12:6v/7s/NTBmRIahtoLsncnUuesWqU8zaAPtsj2EyX39eBzaQDUQhTec:5GRIahtoacnTe3qU8OASj2bX39eBJVh3
MD5:	A1DA7C1767B0E724DAEE1C3EF5464222
SHA1:	3A166572760D23E3FEF34BAD4FD3B41DC9714B01
SHA-256:	F058EDFA0CBD7A48A750657262FAB23056F86733A582C09EBE357E3EE5F92EBA
SHA-512:	580966E0EA787C697AD1011346784794AE7C1291A2E49040457C52441760917A5CB374995BC457849C0E9EBF2F41FC1CEF49642C37318B66AB3B2DCD772B78C1
Malicious:	false
Reputation:	low
URL:	https://arvest.click/login/css/FDIC-new-logo.png
Preview:	.PNG........IHDR...&.........z.......sBIT....\|.d....lIDATH..U.q.0.\2..L. t.....A..#.\.].W.%P.....t..l.6....\xdg....eY.".....$..h..h....q.V./.2O?...DN...O...P.a.VpH."....F.s.......opp.....g(.N.}..]..{......W..@b.....U."s..d...l..'y.{.$..&6...ZI.M.#..%.z.B..".L.H...a.j.V....Qn..p...K..X3......A!t.......^.^....T........!..x.I..7.2.....T*\|..D..?.w.w......SvD.Y.9.$3...._..-GR.../...q..`[$v....F..w.3.a4t./..x.;......IEND.B`.

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 15 x 10, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	271
Entropy (8bit):	6.86725341208933
Encrypted:	false
SSDEEP:	6:6v/lhPf/nDsp02FVDl5gxPfq0btfy1mpontnMmXNgFpTlloajp:6v/7nIlx8ThGeonpdgFbr
MD5:	5B7B9D12E8761792332BA60DC88D4A0F
SHA1:	9460DECF6B3018147C938608402E9F0245755D77
SHA-256:	01D1A470C25A6F60C6FA9E7DE42B0158533A7BF3DE3C0D7C2687F5A5A8269377
SHA-512:	2B0582AC577F9A0E73B1940E5E5442C73EDFC4A2013CA66E7DD8533A24B6EAFF0C1C6B2FCBB49BD7026177AC8EFD14FA72B70BA1E9F944CBE878A04A267A4F45
Malicious:	false
Reputation:	low
URL:	https://arvest.click/login/css/login-arrow-icon.png
Preview:	.PNG........IHDR.............k.......tEXtSoftware.Adobe ImageReadyq.e<....IDATx..1..@.E'.X.Xy.C....z.=...r..@.....1. ..O.+#..K^....%..F...P&xb~fC.-ox.)..3.H:l}.;.f.....0..Lz7&..d..9.....<.9.r..}.....=...9..%,].q...l.`..T.....5.5g.Z67.9..~........Y.....IEND.B`.

Chrome Cache Entry: 85

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (7997), with CRLF line terminators
Category:	downloaded
Size (bytes):	84190
Entropy (8bit):	5.069412791698771
Encrypted:	false
SSDEEP:	768:Fuo+NXjKlnTRQCYP8ctm7QHRSznz0+ycRZVxdb/rAqegh2+d8tX2y5dAn22PrvzU:lMQy5dAnbPrMTz2p3F8U5XSBr
MD5:	0348E5620A47EEB5A28791B0F4E50F82
SHA1:	CA44A6277230E9721876B3E73CC514721366F5FD
SHA-256:	119E2B0991AA96C19A5D22C6629B4B1926710647E348672C84ABD4F033E84A29
SHA-512:	20E6DF4795DE55E7C390F9E68C8E80160FDEA89347A95C4C31CDE70557F14B79D0DCB8A6E11F27D1C22E0153D72012429B343A22AAEC070899DCEE3B8DD08E64
Malicious:	false
Reputation:	low
URL:	https://arvest.click/login/css/bootstrap_custom.css
Preview:	/!.. Custom bootstrap build.. * Contains:.. * normalize/scaffolding.. * core css (sans tables/buttons).. * utility classes.. //! normalize.css v3.0.1 \| MIT License \| git.io/normalize */html{font-family: sans-serif;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%}body{margin: 0}article,aside,details,figcaption,figure,footer,header,hgroup,main,nav,section,summary{display: block}audio,canvas,progress,video{display: inline-block;vertical-align: baseline}audio:not([controls]){display: none;height: 0}[hidden],template{display: none}a{background: transparent}a:active,a:hover{outline: 0}abbr[title]{border-bottom: 1px dotted}b,strong{font-weight: bold}dfn{font-style: italic}h1{font-size: 2em;margin: .67em 0}mark{background: #ff0;color: #000}small{font-size: 80%}sub,sup{font-size: 75%;line-height: 0;position: relative;vertical-align: baseline}sup{top: -0.5em}sub{bottom: -0.25em}img{border: 0}svg:not(:root){overflow: hidden}figure{margin: 1em 40px}hr{-moz-box-sizing: conten

Static File Info

⊘No static file info

Network Behavior

Download Network PCAP: filtered – full

Network Port Distribution

Total Packets: 361
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 20, 2025 13:39:50.939980984 CET	49672	443	192.168.2.6	204.79.197.203
Mar 20, 2025 13:39:51.252202034 CET	49672	443	192.168.2.6	204.79.197.203
Mar 20, 2025 13:39:51.861697912 CET	49672	443	192.168.2.6	204.79.197.203
Mar 20, 2025 13:39:53.064800978 CET	49672	443	192.168.2.6	204.79.197.203
Mar 20, 2025 13:39:55.471059084 CET	49672	443	192.168.2.6	204.79.197.203
Mar 20, 2025 13:40:00.378057003 CET	49672	443	192.168.2.6	204.79.197.203
Mar 20, 2025 13:40:01.038543940 CET	49678	443	192.168.2.6	20.42.65.91
Mar 20, 2025 13:40:01.424093008 CET	49678	443	192.168.2.6	20.42.65.91
Mar 20, 2025 13:40:02.111644983 CET	49678	443	192.168.2.6	20.42.65.91
Mar 20, 2025 13:40:03.352850914 CET	49678	443	192.168.2.6	20.42.65.91
Mar 20, 2025 13:40:05.848622084 CET	49678	443	192.168.2.6	20.42.65.91
Mar 20, 2025 13:40:07.355122089 CET	49702	443	192.168.2.6	142.250.65.228
Mar 20, 2025 13:40:07.355159044 CET	443	49702	142.250.65.228	192.168.2.6
Mar 20, 2025 13:40:07.355492115 CET	49702	443	192.168.2.6	142.250.65.228
Mar 20, 2025 13:40:07.355745077 CET	49702	443	192.168.2.6	142.250.65.228
Mar 20, 2025 13:40:07.355756998 CET	443	49702	142.250.65.228	192.168.2.6
Mar 20, 2025 13:40:07.554383039 CET	443	49702	142.250.65.228	192.168.2.6
Mar 20, 2025 13:40:07.554732084 CET	49702	443	192.168.2.6	142.250.65.228
Mar 20, 2025 13:40:07.556344032 CET	49702	443	192.168.2.6	142.250.65.228
Mar 20, 2025 13:40:07.556354046 CET	443	49702	142.250.65.228	192.168.2.6
Mar 20, 2025 13:40:07.556595087 CET	443	49702	142.250.65.228	192.168.2.6
Mar 20, 2025 13:40:07.597126007 CET	49702	443	192.168.2.6	142.250.65.228
Mar 20, 2025 13:40:08.241210938 CET	49703	80	192.168.2.6	91.212.166.88
Mar 20, 2025 13:40:08.241410971 CET	49704	80	192.168.2.6	91.212.166.88
Mar 20, 2025 13:40:08.350219011 CET	49705	443	192.168.2.6	91.212.166.88
Mar 20, 2025 13:40:08.350258112 CET	443	49705	91.212.166.88	192.168.2.6
Mar 20, 2025 13:40:08.350553036 CET	49705	443	192.168.2.6	91.212.166.88
Mar 20, 2025 13:40:08.350553036 CET	49705	443	192.168.2.6	91.212.166.88
Mar 20, 2025 13:40:08.350589037 CET	443	49705	91.212.166.88	192.168.2.6
Mar 20, 2025 13:40:08.436479092 CET	80	49703	91.212.166.88	192.168.2.6
Mar 20, 2025 13:40:08.436573982 CET	49703	80	192.168.2.6	91.212.166.88
Mar 20, 2025 13:40:08.440958023 CET	80	49704	91.212.166.88	192.168.2.6
Mar 20, 2025 13:40:08.441061020 CET	49704	80	192.168.2.6	91.212.166.88
Mar 20, 2025 13:40:08.763124943 CET	443	49705	91.212.166.88	192.168.2.6
Mar 20, 2025 13:40:08.763279915 CET	49705	443	192.168.2.6	91.212.166.88
Mar 20, 2025 13:40:08.764321089 CET	49705	443	192.168.2.6	91.212.166.88
Mar 20, 2025 13:40:08.764328957 CET	443	49705	91.212.166.88	192.168.2.6
Mar 20, 2025 13:40:08.764575005 CET	443	49705	91.212.166.88	192.168.2.6
Mar 20, 2025 13:40:08.765433073 CET	49705	443	192.168.2.6	91.212.166.88
Mar 20, 2025 13:40:08.812324047 CET	443	49705	91.212.166.88	192.168.2.6
Mar 20, 2025 13:40:09.302710056 CET	443	49705	91.212.166.88	192.168.2.6
Mar 20, 2025 13:40:09.302793026 CET	443	49705	91.212.166.88	192.168.2.6
Mar 20, 2025 13:40:09.303087950 CET	49705	443	192.168.2.6	91.212.166.88
Mar 20, 2025 13:40:09.304419041 CET	49705	443	192.168.2.6	91.212.166.88
Mar 20, 2025 13:40:09.304419041 CET	49705	443	192.168.2.6	91.212.166.88
Mar 20, 2025 13:40:09.304435968 CET	443	49705	91.212.166.88	192.168.2.6
Mar 20, 2025 13:40:09.304548025 CET	49705	443	192.168.2.6	91.212.166.88
Mar 20, 2025 13:40:09.424422026 CET	49706	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:09.424477100 CET	443	49706	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:09.424540997 CET	49706	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:09.425024986 CET	49706	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:09.425038099 CET	443	49706	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:09.842073917 CET	443	49706	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:09.842144966 CET	49706	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:09.843492031 CET	49706	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:09.843503952 CET	443	49706	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:09.843772888 CET	443	49706	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:09.844118118 CET	49706	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:09.884331942 CET	443	49706	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:09.989747047 CET	49672	443	192.168.2.6	204.79.197.203
Mar 20, 2025 13:40:10.449580908 CET	443	49706	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:10.449645042 CET	443	49706	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:10.449687958 CET	443	49706	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:10.449769020 CET	49706	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:10.449810982 CET	443	49706	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:10.449852943 CET	49706	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:10.449865103 CET	49706	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:10.449954033 CET	443	49706	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:10.450005054 CET	443	49706	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:10.450051069 CET	49706	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:10.450057983 CET	443	49706	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:10.451046944 CET	49706	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:10.491729021 CET	49706	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:10.520291090 CET	49707	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:10.520345926 CET	443	49707	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:10.520426989 CET	49707	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:10.520728111 CET	49708	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:10.520785093 CET	443	49708	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:10.520919085 CET	49708	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:10.521001101 CET	49708	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:10.521001101 CET	49707	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:10.521012068 CET	443	49708	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:10.521014929 CET	443	49707	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:10.521364927 CET	49709	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:10.521420956 CET	443	49709	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:10.521562099 CET	49709	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:10.521775007 CET	49710	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:10.521836996 CET	443	49710	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:10.521874905 CET	49709	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:10.521888018 CET	49710	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:10.521888018 CET	443	49709	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:10.522234917 CET	49710	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:10.522253990 CET	443	49710	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:10.522391081 CET	49711	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:10.522406101 CET	443	49711	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:10.522476912 CET	49711	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:10.522680998 CET	49711	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:10.522695065 CET	443	49711	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:10.581046104 CET	443	49706	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:10.581115961 CET	443	49706	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:10.581270933 CET	49706	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:10.583615065 CET	49706	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:10.583636999 CET	443	49706	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:10.663225889 CET	49678	443	192.168.2.6	20.42.65.91
Mar 20, 2025 13:40:10.936439037 CET	443	49709	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:10.936841965 CET	49709	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:10.936873913 CET	443	49709	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:10.937084913 CET	49709	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:10.937091112 CET	443	49709	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:10.940253019 CET	443	49708	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:10.940558910 CET	49708	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:10.940577030 CET	443	49708	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:10.940684080 CET	49708	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:10.940690041 CET	443	49708	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:10.945846081 CET	443	49707	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:10.946038008 CET	49707	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:10.946073055 CET	443	49707	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:10.946131945 CET	49707	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:10.946137905 CET	443	49707	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:10.957499981 CET	443	49711	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:10.957725048 CET	49711	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:10.957760096 CET	443	49711	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:10.957943916 CET	49711	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:10.957952023 CET	443	49711	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:10.968108892 CET	443	49710	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:10.968378067 CET	49710	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:10.968414068 CET	443	49710	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:10.968616962 CET	49710	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:10.968622923 CET	443	49710	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.329042912 CET	443	49709	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.329071045 CET	443	49709	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.329127073 CET	49709	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:11.329134941 CET	443	49709	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.329181910 CET	49709	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:11.331980944 CET	49709	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:11.332003117 CET	443	49709	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.391483068 CET	443	49710	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.391516924 CET	443	49710	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.391582012 CET	443	49710	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.391630888 CET	49710	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:11.391669989 CET	49710	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:11.528954029 CET	443	49708	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.528983116 CET	443	49708	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.528999090 CET	443	49708	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.529124975 CET	49708	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:11.529144049 CET	443	49708	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.529196978 CET	49708	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:11.529233932 CET	443	49708	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.529253006 CET	443	49708	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.529289961 CET	49708	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:11.529295921 CET	443	49708	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.529320002 CET	49708	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:11.539576054 CET	443	49707	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.539597988 CET	443	49707	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.539757967 CET	443	49707	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.539772034 CET	49707	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:11.539793968 CET	443	49707	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.539843082 CET	49707	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:11.539983988 CET	49707	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:11.540194035 CET	443	49707	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.540232897 CET	443	49707	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.540258884 CET	443	49707	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.540288925 CET	49707	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:11.540288925 CET	49707	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:11.540899038 CET	49707	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:11.551192045 CET	443	49711	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.551255941 CET	443	49711	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.551301003 CET	443	49711	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.551322937 CET	49711	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:11.551333904 CET	443	49711	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.551377058 CET	49711	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:11.551496983 CET	49711	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:11.551645994 CET	443	49711	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.551687002 CET	443	49711	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.551708937 CET	49711	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:11.551714897 CET	443	49711	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.551753044 CET	49711	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:11.551768064 CET	49711	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:11.582535982 CET	49708	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:11.609311104 CET	49710	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:11.609337091 CET	443	49710	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.609949112 CET	49707	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:11.609968901 CET	443	49707	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.615040064 CET	49714	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:11.615076065 CET	443	49714	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.615139008 CET	49714	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:11.615396976 CET	49714	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:11.615406990 CET	443	49714	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.725728035 CET	443	49708	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.725754023 CET	443	49708	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.725816965 CET	49708	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:11.725828886 CET	443	49708	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.725886106 CET	49708	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:11.726649046 CET	443	49708	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.726669073 CET	443	49708	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.726725101 CET	49708	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:11.726731062 CET	443	49708	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.726788044 CET	49708	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:11.727138042 CET	443	49708	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.727155924 CET	443	49708	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.727206945 CET	49708	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:11.727211952 CET	443	49708	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.727257967 CET	49708	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:11.737452984 CET	49715	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:11.737493992 CET	443	49715	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.737581015 CET	49715	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:11.737723112 CET	49715	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:11.737734079 CET	443	49715	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.748354912 CET	443	49711	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.748408079 CET	443	49711	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.748506069 CET	49711	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:11.748517990 CET	443	49711	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.748622894 CET	49711	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:11.748972893 CET	443	49711	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.749030113 CET	443	49711	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.749063015 CET	49711	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:11.749069929 CET	443	49711	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.749111891 CET	49711	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:11.749161005 CET	443	49711	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.749278069 CET	49711	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:11.749475956 CET	49711	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:11.749485016 CET	443	49711	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.753134012 CET	49716	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:11.753177881 CET	443	49716	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.753312111 CET	49716	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:11.753626108 CET	49716	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:11.753645897 CET	443	49716	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.754020929 CET	49717	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:11.754065037 CET	443	49717	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.754158974 CET	49717	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:11.754225016 CET	49717	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:11.754235029 CET	443	49717	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.762480021 CET	443	49708	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.762563944 CET	49708	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:11.762572050 CET	443	49708	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.762584925 CET	443	49708	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.762650967 CET	49708	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:11.762881994 CET	49708	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:11.762892962 CET	443	49708	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:11.762943029 CET	49708	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:11.762959003 CET	49708	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.029972076 CET	443	49714	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.032123089 CET	49714	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.032146931 CET	443	49714	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.032285929 CET	49714	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.032290936 CET	443	49714	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.149689913 CET	443	49715	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.149770021 CET	49715	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.155843973 CET	443	49716	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.169994116 CET	443	49717	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.170082092 CET	49717	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.170793056 CET	49716	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.170820951 CET	443	49716	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.170958996 CET	49715	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.170978069 CET	443	49715	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.171226025 CET	49717	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.171237946 CET	443	49717	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.171246052 CET	443	49715	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.171255112 CET	49716	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.171260118 CET	443	49716	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.171612978 CET	49715	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.171992064 CET	443	49717	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.172203064 CET	49717	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.212331057 CET	443	49717	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.212348938 CET	443	49715	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.542411089 CET	443	49715	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.542439938 CET	443	49715	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.542505980 CET	443	49715	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.542514086 CET	49715	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.542603016 CET	49715	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.543638945 CET	49715	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.543673038 CET	443	49715	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.622091055 CET	443	49714	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.622159958 CET	443	49714	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.622204065 CET	443	49714	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.622236013 CET	49714	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.622288942 CET	443	49714	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.622323036 CET	49714	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.622345924 CET	49714	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.622644901 CET	443	49714	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.622709990 CET	443	49714	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.622739077 CET	49714	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.622755051 CET	443	49714	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.622795105 CET	49714	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.674298048 CET	49714	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.740605116 CET	443	49716	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.740613937 CET	443	49716	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.740637064 CET	443	49716	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.740704060 CET	49716	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.740737915 CET	443	49716	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.740813971 CET	49716	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.741226912 CET	443	49716	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.741262913 CET	443	49716	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.741297007 CET	49716	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.741307974 CET	443	49716	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.741337061 CET	49716	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.756860018 CET	443	49717	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.756928921 CET	443	49717	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.756972075 CET	443	49717	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.756995916 CET	49717	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.757015944 CET	443	49717	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.757050991 CET	49717	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.757232904 CET	49717	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.757553101 CET	443	49717	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.757595062 CET	443	49717	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.757661104 CET	49717	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.757661104 CET	49717	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.757668018 CET	443	49717	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.783708096 CET	49716	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.799415112 CET	49717	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.818933964 CET	443	49714	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.819026947 CET	443	49714	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.819061041 CET	49714	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.819086075 CET	443	49714	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.819104910 CET	49714	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.819123030 CET	49714	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.819778919 CET	443	49714	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.819823980 CET	443	49714	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.819864988 CET	49714	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.819870949 CET	443	49714	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.819925070 CET	49714	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.819925070 CET	49714	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.819957972 CET	443	49714	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.820022106 CET	49714	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.820031881 CET	443	49714	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.820147038 CET	443	49714	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.820197105 CET	49714	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.820493937 CET	49714	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.820508003 CET	443	49714	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.825140953 CET	49719	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.825171947 CET	443	49719	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.825258017 CET	49719	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.825685024 CET	49720	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.825709105 CET	443	49720	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.825798988 CET	49720	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.825850964 CET	49719	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.825870037 CET	443	49719	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.825993061 CET	49720	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.826008081 CET	443	49720	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.937592983 CET	443	49716	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.937634945 CET	443	49716	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.937706947 CET	443	49716	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.937725067 CET	49716	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.937725067 CET	49716	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.937751055 CET	443	49716	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.937768936 CET	49716	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.937798977 CET	49716	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.937808037 CET	443	49716	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.937860012 CET	49716	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.938524961 CET	49716	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.938536882 CET	443	49716	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.942059994 CET	49721	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.942091942 CET	443	49721	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.942167997 CET	49721	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.942384005 CET	49721	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.942399979 CET	443	49721	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.944793940 CET	49722	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.944813967 CET	443	49722	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.945118904 CET	49722	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.945118904 CET	49722	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.945149899 CET	443	49722	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.956124067 CET	443	49717	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.956195116 CET	443	49717	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.956239939 CET	49717	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.956248999 CET	443	49717	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.956274033 CET	49717	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.956283092 CET	49717	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.956984043 CET	443	49717	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.957046986 CET	443	49717	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.957115889 CET	49717	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.957115889 CET	49717	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.957122087 CET	443	49717	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.957206964 CET	443	49717	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:12.957362890 CET	49717	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.957654953 CET	49717	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:12.957676888 CET	443	49717	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:13.234188080 CET	443	49719	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:13.234464884 CET	49719	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:13.234486103 CET	443	49719	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:13.234638929 CET	49719	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:13.234643936 CET	443	49719	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:13.264533997 CET	443	49720	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:13.264812946 CET	49720	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:13.264846087 CET	443	49720	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:13.264956951 CET	49720	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:13.264962912 CET	443	49720	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:13.351080894 CET	443	49721	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:13.351594925 CET	49721	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:13.351610899 CET	443	49721	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:13.351774931 CET	49721	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:13.351779938 CET	443	49721	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:13.352390051 CET	443	49722	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:13.352771044 CET	49722	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:13.352771044 CET	49722	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:13.352792025 CET	443	49722	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:13.352814913 CET	443	49722	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:13.742782116 CET	443	49721	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:13.742860079 CET	443	49721	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:13.743068933 CET	49721	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:13.744163990 CET	49721	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:13.744179964 CET	443	49721	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:13.746356964 CET	49723	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:13.746412992 CET	443	49723	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:13.746646881 CET	49723	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:13.746776104 CET	49723	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:13.746788025 CET	443	49723	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:13.747894049 CET	49724	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:13.747941971 CET	443	49724	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:13.748008013 CET	49724	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:13.748112917 CET	49724	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:13.748121977 CET	443	49724	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:13.820679903 CET	443	49719	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:13.820765972 CET	443	49719	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:13.820810080 CET	443	49719	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:13.820832014 CET	49719	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:13.820857048 CET	443	49719	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:13.820890903 CET	49719	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:13.820909023 CET	49719	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:13.821098089 CET	443	49719	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:13.821145058 CET	443	49719	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:13.821168900 CET	49719	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:13.821177006 CET	443	49719	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:13.821204901 CET	49719	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:13.861828089 CET	49719	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:13.897389889 CET	443	49720	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:13.897420883 CET	443	49720	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:13.897442102 CET	443	49720	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:13.897509098 CET	49720	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:13.897540092 CET	443	49720	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:13.897557020 CET	49720	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:13.897593021 CET	49720	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:13.897886992 CET	443	49720	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:13.897906065 CET	443	49720	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:13.897954941 CET	49720	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:13.897963047 CET	443	49720	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:13.897974968 CET	49720	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:13.938244104 CET	443	49722	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:13.938273907 CET	443	49722	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:13.938288927 CET	443	49722	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:13.938334942 CET	49722	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:13.938354969 CET	443	49722	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:13.938399076 CET	49722	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:13.938533068 CET	49722	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:13.938790083 CET	443	49722	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:13.938834906 CET	443	49722	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:13.938853979 CET	49722	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:13.938862085 CET	443	49722	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:13.938996077 CET	49722	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:13.939938068 CET	49720	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:13.986884117 CET	49722	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.017549038 CET	443	49719	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.017616987 CET	443	49719	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.017637968 CET	49719	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.017654896 CET	443	49719	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.017694950 CET	49719	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.017714024 CET	49719	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.017736912 CET	443	49719	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.017791033 CET	49719	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.017800093 CET	443	49719	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.017908096 CET	443	49719	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.017966032 CET	49719	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.018510103 CET	49719	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.018522978 CET	443	49719	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.022118092 CET	49725	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.022142887 CET	443	49725	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.022213936 CET	49725	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.022505045 CET	49726	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.022527933 CET	443	49726	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.022634983 CET	49726	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.022680044 CET	49725	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.022691965 CET	443	49725	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.022780895 CET	49726	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.022793055 CET	443	49726	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.108688116 CET	443	49720	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.108727932 CET	443	49720	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.108776093 CET	443	49720	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.108788013 CET	49720	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.108809948 CET	49720	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.108819962 CET	443	49720	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.108849049 CET	49720	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.108872890 CET	49720	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.108939886 CET	443	49720	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.108992100 CET	443	49720	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.109038115 CET	49720	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.109038115 CET	49720	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.109045029 CET	443	49720	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.109101057 CET	443	49720	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.109113932 CET	49720	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.109131098 CET	443	49720	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.109154940 CET	49720	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.109179020 CET	49720	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.109184027 CET	443	49720	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.109294891 CET	443	49720	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.109380960 CET	49720	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.109725952 CET	49720	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.109738111 CET	443	49720	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.133879900 CET	443	49722	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.133904934 CET	443	49722	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.133950949 CET	49722	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.133969069 CET	443	49722	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.133996010 CET	49722	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.134008884 CET	49722	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.134048939 CET	443	49722	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.134099960 CET	49722	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.134105921 CET	443	49722	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.134131908 CET	443	49722	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.134172916 CET	49722	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.134283066 CET	49722	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.134294987 CET	443	49722	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.149303913 CET	443	49723	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.149655104 CET	49723	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.149655104 CET	49723	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.149687052 CET	443	49723	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.149708033 CET	443	49723	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.164381981 CET	443	49724	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.164576054 CET	49724	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.164589882 CET	443	49724	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.164691925 CET	49724	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.164705038 CET	443	49724	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.428344011 CET	443	49725	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.428653955 CET	49725	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.428680897 CET	443	49725	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.428875923 CET	49725	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.428884029 CET	443	49725	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.431092978 CET	443	49726	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.431250095 CET	49726	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.431277990 CET	443	49726	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.431461096 CET	49726	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.431468010 CET	443	49726	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.556041956 CET	443	49724	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.556221008 CET	443	49724	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.556406975 CET	49724	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.556884050 CET	49724	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.556907892 CET	443	49724	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.736702919 CET	443	49723	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.736738920 CET	443	49723	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.736757994 CET	443	49723	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.736825943 CET	49723	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.736855030 CET	443	49723	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.736874104 CET	49723	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.736998081 CET	49723	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.737118959 CET	443	49723	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.737135887 CET	443	49723	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.737195969 CET	49723	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.737195969 CET	49723	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.737205029 CET	443	49723	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.783894062 CET	49723	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.823694944 CET	443	49725	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.823776960 CET	443	49725	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.823985100 CET	49725	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.824947119 CET	49725	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.824974060 CET	443	49725	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.828380108 CET	49727	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.828402042 CET	443	49727	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.828479052 CET	49727	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.828636885 CET	49727	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.828649998 CET	443	49727	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.933527946 CET	443	49723	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.933553934 CET	443	49723	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.933621883 CET	443	49723	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.933655977 CET	49723	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.933655977 CET	49723	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.933670044 CET	443	49723	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.933685064 CET	49723	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.933696032 CET	443	49723	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.933743954 CET	49723	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.934273958 CET	49723	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.934283972 CET	443	49723	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.937530994 CET	49728	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.937582016 CET	443	49728	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:14.937654018 CET	49728	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.937825918 CET	49728	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:14.937845945 CET	443	49728	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:15.018969059 CET	443	49726	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:15.019032955 CET	443	49726	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:15.019076109 CET	443	49726	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:15.019104004 CET	49726	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:15.019140959 CET	443	49726	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:15.019162893 CET	49726	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:15.019197941 CET	49726	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:15.019257069 CET	443	49726	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:15.019301891 CET	443	49726	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:15.019316912 CET	49726	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:15.019330025 CET	443	49726	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:15.019365072 CET	49726	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:15.065095901 CET	49726	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:15.216145039 CET	443	49726	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:15.216214895 CET	443	49726	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:15.216298103 CET	49726	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:15.216298103 CET	49726	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:15.216341972 CET	443	49726	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:15.216362000 CET	443	49726	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:15.216417074 CET	49726	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:15.216428041 CET	443	49726	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:15.216445923 CET	49726	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:15.216519117 CET	443	49726	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:15.216599941 CET	49726	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:15.216599941 CET	49726	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:15.216770887 CET	49726	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:15.216789007 CET	443	49726	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:15.275141001 CET	443	49727	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:15.275427103 CET	49727	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:15.275460005 CET	443	49727	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:15.275599003 CET	49727	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:15.275604010 CET	443	49727	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:15.290918112 CET	80	49689	23.203.176.221	192.168.2.6
Mar 20, 2025 13:40:15.291053057 CET	49689	80	192.168.2.6	23.203.176.221
Mar 20, 2025 13:40:15.347014904 CET	443	49728	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:15.347341061 CET	49728	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:15.347377062 CET	443	49728	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:15.347517014 CET	49728	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:15.347527027 CET	443	49728	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:15.697710037 CET	443	49727	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:15.699470043 CET	443	49727	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:15.699672937 CET	49727	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:15.699861050 CET	49727	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:15.699878931 CET	443	49727	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:15.935666084 CET	443	49728	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:15.935692072 CET	443	49728	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:15.935707092 CET	443	49728	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:15.935935974 CET	49728	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:15.935961008 CET	443	49728	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:15.935976982 CET	443	49728	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:15.936016083 CET	443	49728	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:15.936119080 CET	49728	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:15.936129093 CET	443	49728	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:15.936170101 CET	49728	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:15.987230062 CET	49728	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:16.134341002 CET	443	49728	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:16.134366989 CET	443	49728	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:16.134412050 CET	443	49728	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:16.134442091 CET	49728	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:16.134469032 CET	443	49728	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:16.134490967 CET	49728	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:16.134505987 CET	443	49728	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:16.134634972 CET	49728	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:16.134661913 CET	49728	443	192.168.2.6	91.212.166.119
Mar 20, 2025 13:40:16.134675026 CET	443	49728	91.212.166.119	192.168.2.6
Mar 20, 2025 13:40:17.564944983 CET	443	49702	142.250.65.228	192.168.2.6
Mar 20, 2025 13:40:17.565072060 CET	443	49702	142.250.65.228	192.168.2.6
Mar 20, 2025 13:40:17.565434933 CET	49702	443	192.168.2.6	142.250.65.228
Mar 20, 2025 13:40:18.192461014 CET	80	49684	23.203.176.221	192.168.2.6
Mar 20, 2025 13:40:18.192586899 CET	49684	80	192.168.2.6	23.203.176.221
Mar 20, 2025 13:40:18.192667961 CET	49684	80	192.168.2.6	23.203.176.221
Mar 20, 2025 13:40:18.282295942 CET	80	49684	23.203.176.221	192.168.2.6
Mar 20, 2025 13:40:19.207663059 CET	49702	443	192.168.2.6	142.250.65.228
Mar 20, 2025 13:40:19.207684040 CET	443	49702	142.250.65.228	192.168.2.6
Mar 20, 2025 13:40:20.268244982 CET	49678	443	192.168.2.6	20.42.65.91
Mar 20, 2025 13:40:44.507167101 CET	49686	443	192.168.2.6	23.33.40.135
Mar 20, 2025 13:40:44.507496119 CET	49689	80	192.168.2.6	23.203.176.221
Mar 20, 2025 13:40:53.440329075 CET	49703	80	192.168.2.6	91.212.166.88
Mar 20, 2025 13:40:53.455785990 CET	49704	80	192.168.2.6	91.212.166.88
Mar 20, 2025 13:40:53.635994911 CET	80	49703	91.212.166.88	192.168.2.6
Mar 20, 2025 13:40:53.652926922 CET	80	49704	91.212.166.88	192.168.2.6
Mar 20, 2025 13:41:07.316570997 CET	49735	443	192.168.2.6	142.250.65.228
Mar 20, 2025 13:41:07.316617012 CET	443	49735	142.250.65.228	192.168.2.6
Mar 20, 2025 13:41:07.316736937 CET	49735	443	192.168.2.6	142.250.65.228
Mar 20, 2025 13:41:07.317040920 CET	49735	443	192.168.2.6	142.250.65.228
Mar 20, 2025 13:41:07.317055941 CET	443	49735	142.250.65.228	192.168.2.6
Mar 20, 2025 13:41:08.643032074 CET	80	49703	91.212.166.88	192.168.2.6
Mar 20, 2025 13:41:08.643143892 CET	49703	80	192.168.2.6	91.212.166.88
Mar 20, 2025 13:41:08.644761086 CET	80	49704	91.212.166.88	192.168.2.6
Mar 20, 2025 13:41:08.644812107 CET	49704	80	192.168.2.6	91.212.166.88
Mar 20, 2025 13:41:09.207695007 CET	49703	80	192.168.2.6	91.212.166.88
Mar 20, 2025 13:41:09.207727909 CET	49704	80	192.168.2.6	91.212.166.88
Mar 20, 2025 13:41:09.237102985 CET	80	49703	91.212.166.88	192.168.2.6
Mar 20, 2025 13:41:09.237210035 CET	49703	80	192.168.2.6	91.212.166.88
Mar 20, 2025 13:41:09.238991976 CET	80	49704	91.212.166.88	192.168.2.6
Mar 20, 2025 13:41:09.239064932 CET	49704	80	192.168.2.6	91.212.166.88
Mar 20, 2025 13:41:09.784024954 CET	49703	80	192.168.2.6	91.212.166.88
Mar 20, 2025 13:41:09.799616098 CET	49704	80	192.168.2.6	91.212.166.88
Mar 20, 2025 13:41:09.845649958 CET	80	49703	91.212.166.88	192.168.2.6
Mar 20, 2025 13:41:09.845832109 CET	49703	80	192.168.2.6	91.212.166.88
Mar 20, 2025 13:41:09.845879078 CET	80	49704	91.212.166.88	192.168.2.6
Mar 20, 2025 13:41:09.845964909 CET	49704	80	192.168.2.6	91.212.166.88
Mar 20, 2025 13:41:10.540030956 CET	443	49735	142.250.65.228	192.168.2.6
Mar 20, 2025 13:41:10.540442944 CET	49735	443	192.168.2.6	142.250.65.228
Mar 20, 2025 13:41:10.540461063 CET	443	49735	142.250.65.228	192.168.2.6
Mar 20, 2025 13:41:10.666784048 CET	443	49681	2.23.227.215	192.168.2.6
Mar 20, 2025 13:41:10.666809082 CET	443	49681	2.23.227.215	192.168.2.6
Mar 20, 2025 13:41:10.666990995 CET	49681	443	192.168.2.6	2.23.227.215
Mar 20, 2025 13:41:10.940252066 CET	49703	80	192.168.2.6	91.212.166.88
Mar 20, 2025 13:41:10.971465111 CET	49704	80	192.168.2.6	91.212.166.88
Mar 20, 2025 13:41:11.028525114 CET	80	49703	91.212.166.88	192.168.2.6
Mar 20, 2025 13:41:11.028716087 CET	49703	80	192.168.2.6	91.212.166.88
Mar 20, 2025 13:41:11.061861038 CET	80	49704	91.212.166.88	192.168.2.6
Mar 20, 2025 13:41:11.061940908 CET	49704	80	192.168.2.6	91.212.166.88
Mar 20, 2025 13:41:11.135909081 CET	80	49703	91.212.166.88	192.168.2.6
Mar 20, 2025 13:41:11.168045044 CET	80	49704	91.212.166.88	192.168.2.6
Mar 20, 2025 13:41:20.529911041 CET	443	49735	142.250.65.228	192.168.2.6
Mar 20, 2025 13:41:20.529983044 CET	443	49735	142.250.65.228	192.168.2.6
Mar 20, 2025 13:41:20.530112982 CET	49735	443	192.168.2.6	142.250.65.228
Mar 20, 2025 13:41:21.207865000 CET	49735	443	192.168.2.6	142.250.65.228
Mar 20, 2025 13:41:21.207904100 CET	443	49735	142.250.65.228	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 20, 2025 13:40:02.926810026 CET	53	57817	1.1.1.1	192.168.2.6
Mar 20, 2025 13:40:02.942796946 CET	53	54133	1.1.1.1	192.168.2.6
Mar 20, 2025 13:40:03.519201994 CET	53	50114	1.1.1.1	192.168.2.6
Mar 20, 2025 13:40:03.683063984 CET	53	54404	1.1.1.1	192.168.2.6
Mar 20, 2025 13:40:07.254448891 CET	62424	53	192.168.2.6	1.1.1.1
Mar 20, 2025 13:40:07.254684925 CET	58148	53	192.168.2.6	1.1.1.1
Mar 20, 2025 13:40:07.353420973 CET	53	58148	1.1.1.1	192.168.2.6
Mar 20, 2025 13:40:07.353512049 CET	53	62424	1.1.1.1	192.168.2.6
Mar 20, 2025 13:40:08.080890894 CET	59722	53	192.168.2.6	1.1.1.1
Mar 20, 2025 13:40:08.081037045 CET	49182	53	192.168.2.6	1.1.1.1
Mar 20, 2025 13:40:08.092035055 CET	54575	53	192.168.2.6	1.1.1.1
Mar 20, 2025 13:40:08.092205048 CET	56680	53	192.168.2.6	1.1.1.1
Mar 20, 2025 13:40:08.206321001 CET	53	59722	1.1.1.1	192.168.2.6
Mar 20, 2025 13:40:08.246064901 CET	53	49182	1.1.1.1	192.168.2.6
Mar 20, 2025 13:40:08.348953009 CET	53	56680	1.1.1.1	192.168.2.6
Mar 20, 2025 13:40:08.349132061 CET	53	54575	1.1.1.1	192.168.2.6
Mar 20, 2025 13:40:09.305524111 CET	53594	53	192.168.2.6	1.1.1.1
Mar 20, 2025 13:40:09.305732012 CET	53094	53	192.168.2.6	1.1.1.1
Mar 20, 2025 13:40:09.414257050 CET	53	53594	1.1.1.1	192.168.2.6
Mar 20, 2025 13:40:09.423727036 CET	53	53094	1.1.1.1	192.168.2.6
Mar 20, 2025 13:40:11.626880884 CET	64448	53	192.168.2.6	1.1.1.1
Mar 20, 2025 13:40:11.627017021 CET	54885	53	192.168.2.6	1.1.1.1
Mar 20, 2025 13:40:11.727741957 CET	53	54885	1.1.1.1	192.168.2.6
Mar 20, 2025 13:40:11.736964941 CET	53	64448	1.1.1.1	192.168.2.6
Mar 20, 2025 13:40:20.666731119 CET	53	51991	1.1.1.1	192.168.2.6
Mar 20, 2025 13:40:39.430687904 CET	53	54175	1.1.1.1	192.168.2.6
Mar 20, 2025 13:40:57.602953911 CET	138	138	192.168.2.6	192.168.2.255
Mar 20, 2025 13:41:02.527488947 CET	53	56416	1.1.1.1	192.168.2.6
Mar 20, 2025 13:41:02.650173903 CET	53	60860	1.1.1.1	192.168.2.6
Mar 20, 2025 13:41:05.307457924 CET	53	61315	1.1.1.1	192.168.2.6
Mar 20, 2025 13:41:05.664447069 CET	53	56409	1.1.1.1	192.168.2.6
Mar 20, 2025 13:41:05.710793018 CET	54679	53	192.168.2.6	1.1.1.1
Mar 20, 2025 13:41:05.710968018 CET	62571	53	192.168.2.6	1.1.1.1
Mar 20, 2025 13:41:05.807809114 CET	53	54679	1.1.1.1	192.168.2.6
Mar 20, 2025 13:41:05.808003902 CET	53	62571	1.1.1.1	192.168.2.6
Mar 20, 2025 13:41:06.722122908 CET	49987	53	192.168.2.6	1.1.1.1
Mar 20, 2025 13:41:06.822154999 CET	53	49987	1.1.1.1	192.168.2.6
Mar 20, 2025 13:41:08.753320932 CET	58471	53	192.168.2.6	1.1.1.1
Mar 20, 2025 13:41:09.752911091 CET	58471	53	192.168.2.6	1.1.1.1
Mar 20, 2025 13:41:10.768445969 CET	58471	53	192.168.2.6	1.1.1.1
Mar 20, 2025 13:41:10.866719961 CET	53	58471	1.1.1.1	192.168.2.6
Mar 20, 2025 13:41:12.784156084 CET	58471	53	192.168.2.6	1.1.1.1
Mar 20, 2025 13:41:12.881227970 CET	53	58471	1.1.1.1	192.168.2.6
Mar 20, 2025 13:41:16.784389019 CET	58471	53	192.168.2.6	1.1.1.1
Mar 20, 2025 13:41:16.881191015 CET	53	58471	1.1.1.1	192.168.2.6
Mar 20, 2025 13:41:21.210139036 CET	58486	53	192.168.2.6	1.1.1.1
Mar 20, 2025 13:41:21.210521936 CET	61656	53	192.168.2.6	1.1.1.1
Mar 20, 2025 13:41:21.308051109 CET	53	61656	1.1.1.1	192.168.2.6
Mar 20, 2025 13:41:21.308377028 CET	53	58486	1.1.1.1	192.168.2.6
Mar 20, 2025 13:41:22.221967936 CET	55442	53	192.168.2.6	1.1.1.1
Mar 20, 2025 13:41:22.222121000 CET	56932	53	192.168.2.6	1.1.1.1
Mar 20, 2025 13:41:22.319230080 CET	53	56932	1.1.1.1	192.168.2.6
Mar 20, 2025 13:41:22.323170900 CET	53	55442	1.1.1.1	192.168.2.6

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Mar 20, 2025 13:40:08.246700048 CET	192.168.2.6	1.1.1.1	c220	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 20, 2025 13:40:07.254448891 CET	192.168.2.6	1.1.1.1	0x68c7	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Mar 20, 2025 13:40:07.254684925 CET	192.168.2.6	1.1.1.1	0x5a42	Standard query (0)	www.google.com	65	IN (0x0001)	false
Mar 20, 2025 13:40:08.080890894 CET	192.168.2.6	1.1.1.1	0x2003	Standard query (0)	ynlyce.com	A (IP address)	IN (0x0001)	false
Mar 20, 2025 13:40:08.081037045 CET	192.168.2.6	1.1.1.1	0x60dc	Standard query (0)	ynlyce.com	65	IN (0x0001)	false
Mar 20, 2025 13:40:08.092035055 CET	192.168.2.6	1.1.1.1	0xae33	Standard query (0)	ynlyce.com	A (IP address)	IN (0x0001)	false
Mar 20, 2025 13:40:08.092205048 CET	192.168.2.6	1.1.1.1	0x7981	Standard query (0)	ynlyce.com	65	IN (0x0001)	false
Mar 20, 2025 13:40:09.305524111 CET	192.168.2.6	1.1.1.1	0x923	Standard query (0)	arvest.click	A (IP address)	IN (0x0001)	false
Mar 20, 2025 13:40:09.305732012 CET	192.168.2.6	1.1.1.1	0x481	Standard query (0)	arvest.click	65	IN (0x0001)	false
Mar 20, 2025 13:40:11.626880884 CET	192.168.2.6	1.1.1.1	0xb937	Standard query (0)	arvest.click	A (IP address)	IN (0x0001)	false
Mar 20, 2025 13:40:11.627017021 CET	192.168.2.6	1.1.1.1	0x87b4	Standard query (0)	arvest.click	65	IN (0x0001)	false
Mar 20, 2025 13:41:05.710793018 CET	192.168.2.6	1.1.1.1	0xe96f	Standard query (0)	e2c53.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 20, 2025 13:41:05.710968018 CET	192.168.2.6	1.1.1.1	0x4ab7	Standard query (0)	e2c53.gcp.gvt2.com	65	IN (0x0001)	false
Mar 20, 2025 13:41:06.722122908 CET	192.168.2.6	1.1.1.1	0x4475	Standard query (0)	e2c53.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 20, 2025 13:41:08.753320932 CET	192.168.2.6	1.1.1.1	0x35d6	Standard query (0)	e2c53.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 20, 2025 13:41:09.752911091 CET	192.168.2.6	1.1.1.1	0x35d6	Standard query (0)	e2c53.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 20, 2025 13:41:10.768445969 CET	192.168.2.6	1.1.1.1	0x35d6	Standard query (0)	e2c53.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 20, 2025 13:41:12.784156084 CET	192.168.2.6	1.1.1.1	0x35d6	Standard query (0)	e2c53.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 20, 2025 13:41:16.784389019 CET	192.168.2.6	1.1.1.1	0x35d6	Standard query (0)	e2c53.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 20, 2025 13:41:21.210139036 CET	192.168.2.6	1.1.1.1	0x811e	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 20, 2025 13:41:21.210521936 CET	192.168.2.6	1.1.1.1	0x9681	Standard query (0)	beacons.gcp.gvt2.com	65	IN (0x0001)	false
Mar 20, 2025 13:41:22.221967936 CET	192.168.2.6	1.1.1.1	0x58e3	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 20, 2025 13:41:22.222121000 CET	192.168.2.6	1.1.1.1	0xbfe8	Standard query (0)	beacons.gcp.gvt2.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Mar 20, 2025 13:40:07.353420973 CET	1.1.1.1	192.168.2.6	0x5a42	No error (0)	www.google.com			65	IN (0x0001)	false
Mar 20, 2025 13:40:07.353512049 CET	1.1.1.1	192.168.2.6	0x68c7	No error (0)	www.google.com		142.250.65.228	A (IP address)	IN (0x0001)	false
Mar 20, 2025 13:40:08.206321001 CET	1.1.1.1	192.168.2.6	0x2003	No error (0)	ynlyce.com		91.212.166.88	A (IP address)	IN (0x0001)	false
Mar 20, 2025 13:40:08.349132061 CET	1.1.1.1	192.168.2.6	0xae33	No error (0)	ynlyce.com		91.212.166.88	A (IP address)	IN (0x0001)	false
Mar 20, 2025 13:40:09.414257050 CET	1.1.1.1	192.168.2.6	0x923	No error (0)	arvest.click		91.212.166.119	A (IP address)	IN (0x0001)	false
Mar 20, 2025 13:40:11.736964941 CET	1.1.1.1	192.168.2.6	0xb937	No error (0)	arvest.click		91.212.166.119	A (IP address)	IN (0x0001)	false
Mar 20, 2025 13:41:05.807809114 CET	1.1.1.1	192.168.2.6	0xe96f	No error (0)	e2c53.gcp.gvt2.com		35.217.93.191	A (IP address)	IN (0x0001)	false
Mar 20, 2025 13:41:06.822154999 CET	1.1.1.1	192.168.2.6	0x4475	No error (0)	e2c53.gcp.gvt2.com		35.217.93.191	A (IP address)	IN (0x0001)	false
Mar 20, 2025 13:41:10.866719961 CET	1.1.1.1	192.168.2.6	0x35d6	No error (0)	e2c53.gcp.gvt2.com		35.217.93.191	A (IP address)	IN (0x0001)	false
Mar 20, 2025 13:41:12.881227970 CET	1.1.1.1	192.168.2.6	0x35d6	No error (0)	e2c53.gcp.gvt2.com		35.217.93.191	A (IP address)	IN (0x0001)	false
Mar 20, 2025 13:41:16.881191015 CET	1.1.1.1	192.168.2.6	0x35d6	No error (0)	e2c53.gcp.gvt2.com		35.217.93.191	A (IP address)	IN (0x0001)	false
Mar 20, 2025 13:41:21.308051109 CET	1.1.1.1	192.168.2.6	0x9681	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 20, 2025 13:41:21.308377028 CET	1.1.1.1	192.168.2.6	0x811e	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 20, 2025 13:41:21.308377028 CET	1.1.1.1	192.168.2.6	0x811e	No error (0)	beacons-handoff.gcp.gvt2.com		142.251.116.94	A (IP address)	IN (0x0001)	false
Mar 20, 2025 13:41:22.319230080 CET	1.1.1.1	192.168.2.6	0xbfe8	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 20, 2025 13:41:22.323170900 CET	1.1.1.1	192.168.2.6	0x58e3	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 20, 2025 13:41:22.323170900 CET	1.1.1.1	192.168.2.6	0x58e3	No error (0)	beacons-handoff.gcp.gvt2.com		142.250.114.94	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

ynlyce.com

arvest.click

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49703	91.212.166.88	80	2588	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Mar 20, 2025 13:40:53.440329075 CET	6	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49704	91.212.166.88	80	2588	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Mar 20, 2025 13:40:53.455785990 CET	6	OUT	Data Raw: 00 Data Ascii:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49705	91.212.166.88	443	2588	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-20 12:40:08 UTC	660	OUT	GET / HTTP/1.1 Host: ynlyce.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-20 12:40:09 UTC	216	IN	HTTP/1.1 302 Found Server: nginx Date: Thu, 20 Mar 2025 12:40:09 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: close Cache-Control: no-store Location: https://arvest.click/login/

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49706	91.212.166.119	443	2588	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-20 12:40:09 UTC	668	OUT	GET /login/ HTTP/1.1 Host: arvest.click Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-20 12:40:10 UTC	280	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 20 Mar 2025 12:40:10 GMT Content-Type: text/html Content-Length: 52602 Connection: close Vary: Accept-Encoding Last-Modified: Mon, 17 Feb 2025 18:35:57 GMT ETag: "cd7a-62e5acb89bd40" Accept-Ranges: bytes Vary: Accept-Encoding
2025-03-20 12:40:10 UTC	16104	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 63 6c 61 73 73 3d 22 6a 73 22 3e 0a 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 69 64 3d 22 6d 79 56 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 Data Ascii: <!DOCTYPE html><html lang="en" class="js"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" id="myViewport" content="width=device-w
2025-03-20 12:40:10 UTC	16384	IN	Data Raw: 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d 22 74 65 78 74 2d 72 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 76 65 73 74 2e 63 61 72 64 6d 61 6e 61 67 65 72 2e 63 6f 6d 2f 22 3e 4c 6f 67 20 49 6e 20 74 6f 20 59 6f 75 72 20 50 65 72 73 6f 6e 61 6c 20 41 63 63 6f 75 6e 74 3c 2f 61 3e 3c 2f 6c 69 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d 22 74 65 78 74 2d 72 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 65 6e 74 72 65 73 75 69 74 65 2e 63 6f 6d 2f 43 65 6e 74 72 65 2f 50 75 62 6c 69 63 2f 4c 6f 67 6f 6e 2f 49 6e 64 65 78 3f 52 65 74 75 72 Data Ascii: > <li><a class="text-red" href="https://arvest.cardmanager.com/">Log In to Your Personal Account</a></li> <li><a class="text-red" href="https://www.centresuite.com/Centre/Public/Logon/Index?Retur

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49709	91.212.166.119	443	2588	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-20 12:40:10 UTC	568	OUT	GET /login/css/MyFontsWebfontsKit.css HTTP/1.1 Host: arvest.click Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://arvest.click/login/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-20 12:40:11 UTC	323	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 20 Mar 2025 12:40:11 GMT Content-Type: text/css Content-Length: 1630 Last-Modified: Mon, 17 Feb 2025 18:35:57 GMT Connection: close Vary: Accept-Encoding ETag: "67b3818d-65e" Expires: Thu, 31 Dec 2037 23:55:55 GMT Cache-Control: max-age=315360000 Accept-Ranges: bytes
2025-03-20 12:40:11 UTC	1630	IN	Data Raw: 2f 2a 20 40 6c 69 63 65 6e 73 65 0d 0a 20 2a 20 4d 79 46 6f 6e 74 73 20 57 65 62 66 6f 6e 74 20 42 75 69 6c 64 20 49 44 20 32 35 34 36 32 33 31 2c 20 32 30 31 33 2d 30 35 2d 30 32 54 31 32 3a 35 37 3a 33 30 2d 30 34 30 30 0d 0a 20 2a 0d 0a 20 2a 20 54 68 65 20 66 6f 6e 74 73 20 6c 69 73 74 65 64 20 69 6e 20 74 68 69 73 20 6e 6f 74 69 63 65 20 61 72 65 20 73 75 62 6a 65 63 74 20 74 6f 20 74 68 65 20 45 6e 64 20 55 73 65 72 20 4c 69 63 65 6e 73 65 0d 0a 20 2a 20 41 67 72 65 65 6d 65 6e 74 28 73 29 20 65 6e 74 65 72 65 64 20 69 6e 74 6f 20 62 79 20 74 68 65 20 77 65 62 73 69 74 65 20 6f 77 6e 65 72 2e 20 41 6c 6c 20 6f 74 68 65 72 20 70 61 72 74 69 65 73 20 61 72 65 0d 0a 20 2a 20 65 78 70 6c 69 63 69 74 6c 79 20 72 65 73 74 72 69 63 74 65 64 20 66 72 6f 6d Data Ascii: /* @license * MyFonts Webfont Build ID 2546231, 2013-05-02T12:57:30-0400 * * The fonts listed in this notice are subject to the End User License * Agreement(s) entered into by the website owner. All other parties are * explicitly restricted from

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49708	91.212.166.119	443	2588	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-20 12:40:10 UTC	566	OUT	GET /login/css/bootstrap_custom.css HTTP/1.1 Host: arvest.click Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://arvest.click/login/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-20 12:40:11 UTC	326	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 20 Mar 2025 12:40:11 GMT Content-Type: text/css Content-Length: 84190 Last-Modified: Mon, 17 Feb 2025 18:35:57 GMT Connection: close Vary: Accept-Encoding ETag: "67b3818d-148de" Expires: Thu, 31 Dec 2037 23:55:55 GMT Cache-Control: max-age=315360000 Accept-Ranges: bytes
2025-03-20 12:40:11 UTC	16058	IN	Data Raw: 2f 2a 21 0d 0a 20 2a 20 43 75 73 74 6f 6d 20 62 6f 6f 74 73 74 72 61 70 20 62 75 69 6c 64 0d 0a 20 2a 20 43 6f 6e 74 61 69 6e 73 3a 0d 0a 20 2a 20 20 20 20 6e 6f 72 6d 61 6c 69 7a 65 2f 73 63 61 66 66 6f 6c 64 69 6e 67 0d 0a 20 2a 20 20 20 20 63 6f 72 65 20 63 73 73 20 28 73 61 6e 73 20 74 61 62 6c 65 73 2f 62 75 74 74 6f 6e 73 29 0d 0a 20 2a 20 20 20 20 75 74 69 6c 69 74 79 20 63 6c 61 73 73 65 73 0d 0a 20 2a 2f 2f 2a 21 20 6e 6f 72 6d 61 6c 69 7a 65 2e 63 73 73 20 76 33 2e 30 2e 31 20 7c 20 4d 49 54 20 4c 69 63 65 6e 73 65 20 7c 20 67 69 74 2e 69 6f 2f 6e 6f 72 6d 61 6c 69 7a 65 20 2a 2f 68 74 6d 6c 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 3b 2d 6d 73 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 20 31 30 30 25 3b Data Ascii: /! Custom bootstrap build * Contains: * normalize/scaffolding * core css (sans tables/buttons) * utility classes //! normalize.css v3.0.1 \| MIT License \| git.io/normalize */html{font-family: sans-serif;-ms-text-size-adjust: 100%;
2025-03-20 12:40:11 UTC	16384	IN	Data Raw: 6f 6c 2d 6c 67 2d 31 30 7b 77 69 64 74 68 3a 20 38 33 2e 33 33 33 33 33 33 33 33 25 7d 2e 63 6f 6c 2d 6c 67 2d 39 7b 77 69 64 74 68 3a 20 37 35 25 7d 2e 63 6f 6c 2d 6c 67 2d 38 7b 77 69 64 74 68 3a 20 36 36 2e 36 36 36 36 36 36 36 37 25 7d 2e 63 6f 6c 2d 6c 67 2d 37 7b 77 69 64 74 68 3a 20 35 38 2e 33 33 33 33 33 33 33 33 25 7d 2e 63 6f 6c 2d 6c 67 2d 36 7b 77 69 64 74 68 3a 20 35 30 25 7d 2e 63 6f 6c 2d 6c 67 2d 35 7b 77 69 64 74 68 3a 20 34 31 2e 36 36 36 36 36 36 36 37 25 7d 2e 63 6f 6c 2d 6c 67 2d 34 7b 77 69 64 74 68 3a 20 33 33 2e 33 33 33 33 33 33 33 33 25 7d 2e 63 6f 6c 2d 6c 67 2d 33 7b 77 69 64 74 68 3a 20 32 35 25 7d 2e 63 6f 6c 2d 6c 67 2d 32 7b 77 69 64 74 68 3a 20 31 36 2e 36 36 36 36 36 36 36 37 25 7d 2e 63 6f 6c 2d 6c 67 2d 31 7b 77 69 64 Data Ascii: ol-lg-10{width: 83.33333333%}.col-lg-9{width: 75%}.col-lg-8{width: 66.66666667%}.col-lg-7{width: 58.33333333%}.col-lg-6{width: 50%}.col-lg-5{width: 41.66666667%}.col-lg-4{width: 33.33333333%}.col-lg-3{width: 25%}.col-lg-2{width: 16.66666667%}.col-lg-1{wid
2025-03-20 12:40:11 UTC	16384	IN	Data Raw: 6d 3a 20 30 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 37 70 78 7d 7d 2e 66 6f 72 6d 2d 68 6f 72 69 7a 6f 6e 74 61 6c 20 2e 68 61 73 2d 66 65 65 64 62 61 63 6b 20 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 2d 66 65 65 64 62 61 63 6b 7b 74 6f 70 3a 20 30 3b 72 69 67 68 74 3a 20 39 70 78 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 20 32 36 30 70 78 29 7b 2e 66 6f 72 6d 2d 68 6f 72 69 7a 6f 6e 74 61 6c 20 2e 66 6f 72 6d 2d 67 72 6f 75 70 2d 6c 67 20 2e 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 7b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 31 34 2e 33 70 78 7d 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 20 32 36 30 70 78 29 7b 2e 66 6f 72 6d 2d 68 6f 72 69 7a 6f 6e 74 61 6c 20 2e 66 6f 72 6d 2d 67 72 6f 75 70 2d 73 6d 20 2e 63 6f 6e 74 72 6f 6c Data Ascii: m: 0;padding-top: 7px}}.form-horizontal .has-feedback .form-control-feedback{top: 0;right: 9px}@media (min-width: 260px){.form-horizontal .form-group-lg .control-label{padding-top: 14.3px}}@media (min-width: 260px){.form-horizontal .form-group-sm .control
2025-03-20 12:40:11 UTC	16384	IN	Data Raw: 32 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 37 35 3b 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 29 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 34 70 78 20 34 70 78 20 30 20 30 7d 2e 6e 61 76 2d 74 61 62 73 20 3e 20 6c 69 20 3e 20 61 3a 68 6f 76 65 72 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 65 65 65 20 23 65 65 65 20 23 64 64 64 7d 2e 6e 61 76 2d 74 61 62 73 20 3e 20 6c 69 2e 61 63 74 69 76 65 20 3e 20 61 2c 2e 6e 61 76 2d 74 61 62 73 20 3e 20 6c 69 2e 61 63 74 69 76 65 20 3e 20 61 3a 68 6f 76 65 72 2c 2e 6e 61 76 2d 74 61 62 73 20 3e 20 6c 69 2e 61 63 74 69 76 65 20 3e 20 61 3a 66 6f 63 75 73 7b 63 6f 6c 6f 72 3a 20 23 35 35 35 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 Data Ascii: 2px;line-height: 1.75;border: 1px solid rgba(0,0,0,0);border-radius: 4px 4px 0 0}.nav-tabs > li > a:hover{border-color: #eee #eee #ddd}.nav-tabs > li.active > a,.nav-tabs > li.active > a:hover,.nav-tabs > li.active > a:focus{color: #555;background-color:
2025-03-20 12:40:11 UTC	16384	IN	Data Raw: 20 33 70 78 3b 62 6f 72 64 65 72 2d 74 6f 70 2d 6c 65 66 74 2d 72 61 64 69 75 73 3a 20 33 70 78 7d 2e 70 61 6e 65 6c 20 3e 20 2e 6c 69 73 74 2d 67 72 6f 75 70 3a 6c 61 73 74 2d 63 68 69 6c 64 20 2e 6c 69 73 74 2d 67 72 6f 75 70 2d 69 74 65 6d 3a 6c 61 73 74 2d 63 68 69 6c 64 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 30 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 72 69 67 68 74 2d 72 61 64 69 75 73 3a 20 33 70 78 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 6c 65 66 74 2d 72 61 64 69 75 73 3a 20 33 70 78 7d 2e 70 61 6e 65 6c 2d 68 65 61 64 69 6e 67 20 2b 20 2e 6c 69 73 74 2d 67 72 6f 75 70 20 2e 6c 69 73 74 2d 67 72 6f 75 70 2d 69 74 65 6d 3a 66 69 72 73 74 2d 63 68 69 6c 64 7b 62 6f 72 64 65 72 2d 74 6f 70 2d 77 69 64 74 68 3a 20 30 7d 2e 6c 69 73 Data Ascii: 3px;border-top-left-radius: 3px}.panel > .list-group:last-child .list-group-item:last-child{border-bottom: 0;border-bottom-right-radius: 3px;border-bottom-left-radius: 3px}.panel-heading + .list-group .list-group-item:first-child{border-top-width: 0}.lis
2025-03-20 12:40:11 UTC	2596	IN	Data Raw: 20 62 6c 6f 63 6b 20 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 40 6d 65 64 69 61 20 28 6d 61 78 2d 77 69 64 74 68 3a 20 32 35 39 70 78 29 7b 2e 76 69 73 69 62 6c 65 2d 78 73 2d 69 6e 6c 69 6e 65 7b 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 40 6d 65 64 69 61 20 28 6d 61 78 2d 77 69 64 74 68 3a 20 32 35 39 70 78 29 7b 2e 76 69 73 69 62 6c 65 2d 78 73 2d 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7b 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 20 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 20 32 36 30 70 78 29 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 20 39 35 39 70 78 29 7b 2e 76 69 73 69 62 6c 65 2d 73 6d 7b 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 20 21 69 Data Ascii: block !important}}@media (max-width: 259px){.visible-xs-inline{display: inline !important}}@media (max-width: 259px){.visible-xs-inline-block{display: inline-block !important}}@media (min-width: 260px) and (max-width: 959px){.visible-sm{display: block !i

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49707	91.212.166.119	443	2588	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-20 12:40:10 UTC	557	OUT	GET /login/css/layout2.css HTTP/1.1 Host: arvest.click Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://arvest.click/login/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-20 12:40:11 UTC	325	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 20 Mar 2025 12:40:11 GMT Content-Type: text/css Content-Length: 31484 Last-Modified: Mon, 17 Feb 2025 18:35:57 GMT Connection: close Vary: Accept-Encoding ETag: "67b3818d-7afc" Expires: Thu, 31 Dec 2037 23:55:55 GMT Cache-Control: max-age=315360000 Accept-Ranges: bytes
2025-03-20 12:40:11 UTC	16059	IN	Data Raw: 2a 7b 2d 77 65 62 6b 69 74 2d 74 61 70 2d 68 69 67 68 6c 69 67 68 74 2d 63 6f 6c 6f 72 3a 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 29 7d 2e 69 6f 73 50 68 6f 6e 65 2c 2e 69 6f 73 50 68 6f 6e 65 20 61 7b 63 6f 6c 6f 72 3a 20 23 63 63 30 30 30 30 7d 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 7d 68 31 2c 68 32 2c 68 33 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 46 75 74 75 72 61 42 54 2d 42 6f 6f 6b 7d 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 37 72 65 6d 3b 6d 61 72 67 69 6e 3a 20 38 70 78 20 30 7d 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 37 72 65 6d 3b 6d 61 72 67 69 6e 3a 20 36 70 78 20 30 7d 68 32 2e 73 75 62 2d 68 65 61 64 65 72 7b 6d 61 72 67 69 6e 3a 20 30 3b 70 61 64 64 69 6e 67 3a Data Ascii: *{-webkit-tap-highlight-color: rgba(0,0,0,0)}.iosPhone,.iosPhone a{color: #cc0000}a:hover{text-decoration: underline}h1,h2,h3{font-family: FuturaBT-Book}h2{font-size: 1.7rem;margin: 8px 0}h3{font-size: 1.7rem;margin: 6px 0}h2.sub-header{margin: 0;padding:
2025-03-20 12:40:11 UTC	15425	IN	Data Raw: 67 29 20 6e 6f 2d 72 65 70 65 61 74 20 6c 65 66 74 20 74 6f 70 20 23 30 30 33 31 36 32 7d 2e 63 6f 70 79 72 69 67 68 74 7b 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 31 70 78 7d 2e 63 6f 70 79 72 69 67 68 74 2d 6c 65 66 74 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 7d 2e 63 6f 6e 74 61 69 6e 65 72 20 2e 63 6f 70 79 72 69 67 68 74 2d 72 69 67 68 74 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 20 72 69 67 68 74 7d 2e 63 6f 70 79 72 69 67 68 74 2d 72 69 67 68 74 20 69 6d 67 2c 2e 63 6f 70 79 72 69 67 68 74 2d 72 69 67 68 74 20 73 70 61 6e 7b 70 6f 73 69 74 69 6f Data Ascii: g) no-repeat left top #003162}.copyright{overflow: hidden;color: #ffffff;text-align: center;font-size: 1rem;line-height: 21px}.copyright-left{text-align: left}.container .copyright-right{text-align: right}.copyright-right img,.copyright-right span{positio

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49711	91.212.166.119	443	2588	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-20 12:40:10 UTC	634	OUT	GET /login/css/2024_ACC_3X_Holiday_Rewards_Main%20Nav.png HTTP/1.1 Host: arvest.click Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://arvest.click/login/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-20 12:40:11 UTC	303	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 20 Mar 2025 12:40:11 GMT Content-Type: image/png Content-Length: 64027 Last-Modified: Mon, 17 Feb 2025 18:35:56 GMT Connection: close ETag: "67b3818c-fa1b" Expires: Thu, 31 Dec 2037 23:55:55 GMT Cache-Control: max-age=315360000 Accept-Ranges: bytes
2025-03-20 12:40:11 UTC	16081	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 d9 00 00 00 ea 08 06 00 00 00 2f 50 e0 75 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 20 00 49 44 41 54 78 9c d4 bc 67 ac 64 77 9a de f7 3b 39 56 8e 37 87 be dd b7 73 20 d9 c3 61 18 0e c9 dd d9 9d 81 ac 5d ed c8 1a c8 d6 2a 58 86 c3 57 1b 02 fc 95 f2 17 03 06 6c 18 30 0c 38 40 5f 0c 4b 6b 01 86 ac dd 59 ed a4 25 39 c3 e1 30 36 3b 77 df ee db 37 e7 ba 95 c3 a9 3a f9 f8 43 dd ee 19 2e b9 da 99 59 ed 42 7e 81 8b 02 ee a9 aa 73 fe ff 73 de f0 3c ef f3 96 70 d0 1c 24 dd c1 88 66 a7 45 ad b6 41 39 3f 4d da ce 61 65 2c 34 45 22 8e 60 b3 7e c0 e8 b8 8e 6e 19 f8 a3 1e ae d7 46 37 52 9c 3f 73 8d e9 4a 91 a1 1f 22 0a 02 ba 22 f1 67 2d 49 20 4e 12 24 51 f8 b7 fe ef ff 8f d6 e8 fb f4 bd Data Ascii: PNGIHDR/PupHYs~ IDATxgdw;9V7s a]*XWl08@_KkY%906;w7:C.YB~ss<p$fEA9?Mae,4E"`~nF7R?sJ""g-I N$Q
2025-03-20 12:40:11 UTC	16384	IN	Data Raw: ad d5 b9 b8 ba c5 d5 27 5e 22 f7 7a 34 9b 75 24 49 21 f2 5d 7e ef 37 ff 67 de b9 7e 0f 3f ce 16 34 aa d8 c5 ef ed 31 38 d8 e3 a8 33 61 eb a5 06 f3 93 5d f6 3f bc 81 28 80 69 9a 4c 0f bb a8 56 1d a3 b1 4e 69 f3 3c 0f 5f fb 01 46 a5 81 a0 17 51 05 81 d0 9b 51 2a e8 c4 41 8f 71 a7 cb e8 64 97 d5 e5 16 9f fe 99 7f 8b 4a ab c9 c9 d1 2e fd f1 88 de 89 83 a4 67 8c c3 85 1e b2 60 2b 04 64 08 ae 80 13 e4 b8 93 00 d7 8d 49 92 14 d3 50 68 d6 2c 74 51 a5 a2 cb 18 62 c6 52 b3 42 a5 58 a4 3b 99 93 c5 39 29 02 2b eb 4b a8 92 80 1f f8 0c 86 33 a4 3c a7 50 54 99 fa 11 bd 79 44 38 4a 99 cd 3d 20 a1 56 d1 17 60 20 a9 cc f9 ad 16 13 3f 61 ee a7 9c 5f 5f 03 29 a6 54 5d 61 ad d5 22 1a df 20 ce 45 cc e2 2a b1 6c 61 56 96 d8 14 d7 50 bb 1f 21 bf f2 dc 33 14 b4 85 15 fc 68 96 d2 Data Ascii: '^"z4u$I!]~7g~?4183a]?(iLVNi<_FQQAqdJ.g`+dIPh,tQbRBX;9)+K3<PTyD8J= V` ?a__)T]a" ElaVP!3h
2025-03-20 12:40:11 UTC	16384	IN	Data Raw: 1a 3e 96 13 20 9d 1a ed ba c7 ff f2 af fe 25 89 aa 32 1a 74 b9 72 f9 7d be f3 dd ef f0 f6 fa 55 b6 f6 7b 50 e4 b4 7c 9f 41 96 82 49 a9 38 0e c9 20 65 32 0a 49 8d a6 e5 fa 1c 5b 98 46 79 8a ba f2 08 27 63 c6 69 4a 9e 65 8c c6 31 53 ae 4d 73 b9 8d 2d 61 63 fb 00 57 09 02 c7 66 b9 e2 31 5f af 92 18 4d 6f 12 73 30 4e 19 16 86 65 df 66 be ea 61 8f b7 28 92 88 ea d4 1c 51 b7 43 3a 2e f0 2a 3e a8 04 39 33 4f 1e 97 2e e7 22 4e 48 27 13 8a 2c 23 49 73 6c df a7 db ed 32 88 0b ee 3f d6 64 65 a1 85 28 52 86 fd 31 77 0e 47 9c 7f fa 1c 49 27 62 b0 d7 e1 91 d5 59 5e fe e8 06 93 ac a0 38 f2 94 65 79 88 ef b9 c4 61 42 a3 5e a1 dd aa e3 0a 58 58 9a 45 39 2e e9 11 70 d1 75 1c 1c d7 61 e9 d4 1a 97 5f 7b 8b 7b 1b f7 d8 d8 d8 20 35 82 6a dd c7 ad 97 2d f8 b0 d3 a5 36 35 4d 16 Data Ascii: > %2tr}U{P\|AI8 e2I[Fy'ciJe1SMs-acWf1_Mos0Nefa(QC:.*>93O."NH',#Isl2?de(R1wGI'bY^8eyaB^XXE9.pua_{{ 5j-65M
2025-03-20 12:40:11 UTC	15178	IN	Data Raw: 72 38 89 c9 29 d9 da f7 98 04 09 bd b1 8f 3f 23 ed 96 80 a5 eb 74 ea 15 b2 12 26 b3 e1 b9 55 73 09 e2 94 ba 6b 71 30 f6 28 81 23 47 16 68 36 2b 9c 3f b5 cc ca da 02 96 ae d3 9c ef 92 e4 19 79 59 70 b8 db c7 71 4d 0c 43 22 4d 1d d3 d4 19 4d 42 1c 5d a1 82 e3 e1 14 c3 30 48 f3 82 24 49 68 d5 5c 4e 9e 58 60 73 1a 32 dc 3b 64 b9 53 65 f5 f4 45 74 d3 52 9e 20 33 0d 5a 89 86 2e 25 69 9e b3 db ef f1 ff fe da af b2 7c 74 91 ac 88 49 d2 10 b4 02 b7 d2 a4 d2 68 70 ed e3 ab a4 d3 11 f3 2b 2b 14 65 81 2e 0d 1c c7 21 d7 24 c3 fd 5d e2 30 41 97 92 fb 1b 87 78 7e c4 e9 e3 0b 24 69 c6 38 8c 91 a5 ce 97 5f fd 1a f7 6e 7d cc 47 1f 7c 80 6e 57 f9 ec e7 3e c7 8b 9f fd 3c dd ee 1c a3 c1 3e 37 ae bc c3 eb af bf c9 bd f5 2d d6 d7 37 69 b8 16 65 e8 23 35 05 55 8f 7b 07 3c f9 cc Data Ascii: r8)?#t&Uskq0(#Gh6+?yYpqMC"MMB]0H$Ih\NX`s2;dSeEtR 3Z.%i\|tIhp++e.!$]0Ax~$i8_n}G\|nW><>7-7ie#5U{<

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49710	91.212.166.119	443	2588	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-20 12:40:10 UTC	607	OUT	GET /login/css/arvest-logo.png HTTP/1.1 Host: arvest.click Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://arvest.click/login/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-20 12:40:11 UTC	301	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 20 Mar 2025 12:40:11 GMT Content-Type: image/png Content-Length: 4092 Last-Modified: Mon, 17 Feb 2025 18:35:57 GMT Connection: close ETag: "67b3818d-ffc" Expires: Thu, 31 Dec 2037 23:55:55 GMT Cache-Control: max-age=315360000 Accept-Ranges: bytes
2025-03-20 12:40:11 UTC	4092	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 c9 00 00 00 45 08 06 00 00 00 e0 b4 c2 a6 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 0f 9e 49 44 41 54 78 da ec 5d 07 98 17 c5 15 9f e3 e0 28 47 39 30 22 4d 04 05 02 16 04 05 44 c1 92 4f 41 b0 20 36 a2 10 01 e5 03 cf 20 b1 45 85 a0 89 9a 80 09 41 a5 08 44 40 e1 0b 62 41 b1 a4 2b 06 50 f1 02 16 40 05 45 48 e2 81 85 d8 10 94 22 f5 9f f7 d8 f7 c7 65 7c 6f eb 6c 39 6f 7f df f7 fb ee fe bb b3 b3 b3 b3 fb 66 e6 95 99 29 c8 e5 72 2a 62 74 02 b6 02 3e a6 e2 43 55 60 4b ba ef 61 74 6c 1f f0 53 e0 fb c0 75 f4 3b 43 b2 a8 0e dc 05 cc a5 b9 90 05 31 08 c9 c3 c0 63 81 1d 43 54 46 13 e0 68 e0 46 e0 7f 80 eb 81 9f 03 b7 02 8b 80 f5 48 20 da Data Ascii: PNGIHDREtEXtSoftwareAdobe ImageReadyqe<IDATx](G90"MDOA 6 EAD@bA+P@EH"e\|ol9of)r*bt>CU`KatlSu;C1cCTFhFH

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	49714	91.212.166.119	443	2588	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-20 12:40:12 UTC	629	OUT	GET /login/css/Small_Business_Checking_2_mainnav.png HTTP/1.1 Host: arvest.click Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://arvest.click/login/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-20 12:40:12 UTC	304	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 20 Mar 2025 12:40:12 GMT Content-Type: image/png Content-Length: 70110 Last-Modified: Mon, 17 Feb 2025 18:35:57 GMT Connection: close ETag: "67b3818d-111de" Expires: Thu, 31 Dec 2037 23:55:55 GMT Cache-Control: max-age=315360000 Accept-Ranges: bytes
2025-03-20 12:40:12 UTC	16080	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 da 00 00 00 ea 08 06 00 00 00 c4 67 5b 76 00 00 2c 62 63 61 42 58 00 00 2c 62 6a 75 6d 62 00 00 00 1e 6a 75 6d 64 63 32 70 61 00 11 00 10 80 00 00 aa 00 38 9b 71 03 63 32 70 61 00 00 00 2c 3c 6a 75 6d 62 00 00 00 47 6a 75 6d 64 63 32 6d 61 00 11 00 10 80 00 00 aa 00 38 9b 71 03 75 72 6e 3a 75 75 69 64 3a 39 39 65 30 61 63 37 64 2d 39 31 37 31 2d 34 30 65 63 2d 62 35 66 38 2d 38 61 30 32 37 36 32 63 34 36 38 39 00 00 00 01 a6 6a 75 6d 62 00 00 00 29 6a 75 6d 64 63 32 61 73 00 11 00 10 80 00 00 aa 00 38 9b 71 03 63 32 70 61 2e 61 73 73 65 72 74 69 6f 6e 73 00 00 00 00 ca 6a 75 6d 62 00 00 00 26 6a 75 6d 64 63 62 6f 72 00 11 00 10 80 00 00 aa 00 38 9b 71 03 63 32 70 61 2e 61 63 74 69 6f 6e 73 00 00 00 Data Ascii: PNGIHDRg[v,bcaBX,bjumbjumdc2pa8qc2pa,<jumbGjumdc2ma8qurn:uuid:99e0ac7d-9171-40ec-b5f8-8a02762c4689jumb)jumdc2as8qc2pa.assertionsjumb&jumdcbor8qc2pa.actions
2025-03-20 12:40:12 UTC	16384	IN	Data Raw: 46 35 e1 e9 88 29 51 4a c3 54 4d 8b 05 ab 2d ad 16 52 49 98 5a 66 2a 5e 06 ac 0a 75 52 72 28 a3 09 e3 9e ed f6 23 0e 69 e4 7a b7 61 bb dd 71 79 ff 2e 97 ee 92 2e f7 d8 6e 25 73 38 9d c9 29 73 48 d7 4c 69 c7 22 9c b1 1e ee 63 8d c7 59 4b ca 11 a5 2a d3 74 4d ab 95 f1 b8 65 73 f5 11 1a cb 9d 7b af b1 58 df c5 fa 81 92 26 c2 f1 86 30 ed 51 d6 b3 6f 8a ee b8 a4 1c 8e 4c e9 23 c6 f1 86 12 5f e6 ec dc b0 49 1b a6 9b 0d 97 97 17 1c 0f 47 a6 e9 48 29 85 65 d7 b1 30 70 be ec e8 bc e3 cb af bd c2 17 5f bd e4 f3 8f ee 50 72 c6 ae 1d a5 29 72 e7 e8 8c e6 7c e1 b8 bb 9e 18 34 7c 34 46 7e f8 e4 0a ef 3a 6e 76 7b a6 29 80 b6 33 1b dc 93 4b e2 3b df 4f 1c af fe 80 f3 bb ff f6 3c db 63 56 8c 7c a2 5a 29 35 53 ed e7 a7 40 ac b5 92 72 22 c4 44 48 81 18 22 e3 34 72 38 1e 45 Data Ascii: F5)QJTM-RIZf^uRr(#izaqy..n%s8)sHLi"cYKtMes{X&0QoL#_IGH)e0p_Pr)r\|4\|4F~:nv{)3K;O<cV\|Z)5S@r"DH"4r8E
2025-03-20 12:40:12 UTC	16384	IN	Data Raw: 18 79 ee 9d df e0 1f ff 37 ff 2d 0f 0f 8f 41 45 ee 3f 3a e4 f4 f8 08 e3 35 87 a7 87 bc fa 4b ff 80 f9 6c ca 62 b1 a4 70 05 d6 5a 9c 93 0b fb f8 fc 98 37 de f8 32 b7 ae 5e 11 7b 07 ad 99 6d ed 50 58 cb 72 71 21 16 e9 ab a5 b4 fa 46 33 0c 21 87 b0 18 7a 1f f0 21 cb b9 52 62 e8 7b 26 a5 08 62 49 b2 c9 f4 71 54 4e 78 ea 52 72 21 08 16 93 49 04 a4 44 bb 5e b3 6a 1a a6 b5 d8 5e b4 7d 47 d7 0f f4 5e ec 28 64 be d6 04 2f d9 da f2 d8 47 5c 67 99 4d 66 94 65 c1 68 75 31 0c 3d de f7 2c da 96 a6 ed 30 88 95 41 df 49 ae bb f5 21 60 13 74 7d 8b f7 81 21 c1 d0 7b 4e cf ce 58 2e 97 24 e3 68 16 e2 32 bb 6e 3b b4 91 6a 32 44 b1 ff 2a ad 24 2b da 2c da 4b 51 4a bf cf ac 91 91 b6 15 f2 9a 53 6b 11 43 8e b0 2d 24 c8 38 51 3f 04 7c df e1 aa 99 2c 2d 36 c0 ac c5 2a b3 d9 18 8d Data Ascii: y7-AE?:5KlbpZ72^{mPXrq!F3!z!Rb{&bIqTNxRr!ID^j^}G^(d/G\gMfehu1=,0AI!`t}!{NX.$h2n;j2D$+,KQJSkC-$8Q?\|,-6
2025-03-20 12:40:12 UTC	16384	IN	Data Raw: ca 4a 89 84 cb 8b 1c d1 1f 43 e3 65 9c 90 57 3e 47 9f a0 e0 33 42 a6 67 1d 5b a6 98 e4 77 0b f0 ec f9 f7 f8 57 db 1d e9 b0 27 8e 3b 42 ec d1 65 a4 2e 0c b6 2e 38 4c 91 59 59 53 36 2b 51 26 b7 05 aa ac 29 8a 52 4a 14 2b aa 80 2a fa bc 9f 9a 80 94 33 af c5 56 10 a3 5c c9 6e 12 11 ac 71 8e 14 e2 69 ff a3 b4 a6 ef 0e ec b6 1b bc 3f 10 fa 37 9c cd 37 b8 d1 60 8b 73 bc 0f a4 78 c1 34 f6 94 e5 12 ab cb 6c 7b e1 d4 d3 b8 e0 d1 99 99 91 44 fe 21 b7 1e 47 a5 84 3c 5c 21 37 e4 47 53 e8 f1 97 4c 48 b3 c6 73 18 30 45 91 97 cd 2a f3 d5 c5 62 73 0a 31 48 19 04 84 0c 93 82 9f 44 49 d2 cc d0 39 09 26 46 47 1a d7 a8 dd b7 b0 7f 01 61 4d 2a 2c 81 15 21 5a 94 e9 a5 b4 4c 91 e4 44 3d 72 0a 4b 1c 47 5c ff c0 e1 60 78 b1 de e0 9c 67 df f5 b8 10 79 ef e9 63 2c d0 f7 23 db ae a7 Data Ascii: JCeW>G3Bg[wW';Be..8LYYS6+Q&)RJ+3V\nqi?77`sx4l{D!G<\!7GSLHs0Ebs1HDI9&FGaM*,!ZLD=rKG\`xgyc,#
2025-03-20 12:40:12 UTC	4878	IN	Data Raw: 97 1c bb 7d db ad 17 18 da b3 5d 3f 8f 8f 0d f3 f5 65 6e 76 b5 5c 64 82 b9 74 2d a7 2e d8 25 32 23 cb 8e fd e6 97 1f ba e8 7a 64 3c 7d aa f3 f3 eb b9 47 f6 7c 64 d7 92 d7 dc 73 f7 bb 2e 08 0d ba 77 ee f1 b1 e1 25 0f cd 6a b9 c8 ae bb b7 fd 6a 18 da f2 ac 23 c8 0f 77 df 27 be c0 c4 d4 1c 0d ab cd be c7 9e ba e4 45 bf 14 f6 3e 78 ff 92 24 c8 c4 d4 1c 13 53 73 1c 38 78 84 87 f7 7d e3 8a 62 9a d7 82 e5 17 7d f9 17 b7 d2 b1 57 ba 46 e9 46 ef 58 e2 fa 1d 3e fa bc ac 37 7e 7b ff 05 bb ce a5 b0 7d eb 6d 6f c8 53 b8 1c b2 18 f8 52 7f ef c6 86 b1 91 d7 7c fe 0c e3 63 c3 6f 5a 31 ba fb 7d 5e eb 1a 5f 2f 56 6d 47 cb 32 3a fb 1e 93 3b c1 1b 69 a1 d9 b2 79 13 3f 3a f0 97 3c f9 f4 f7 39 90 c6 3c dd 4f d2 4f 7f ee ab 6c d9 bc e9 aa 7d 51 59 52 a0 fb fd 2f 77 43 5f c9 1a Data Ascii: }]?env\dt-.%2#zd<}G\|ds.w%jj#w'E>x$Ss8x}b}WFFX>7~{}moSR\|coZ1}^_/VmG2:;iy?:<9<OOl}QYR/wC_

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	49716	91.212.166.119	443	2588	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-20 12:40:12 UTC	650	OUT	GET /login/css/24WEB057%20Dec%20TP%20Ads%20for%20Web_MainNav_Consumer.png HTTP/1.1 Host: arvest.click Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://arvest.click/login/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-20 12:40:12 UTC	303	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 20 Mar 2025 12:40:12 GMT Content-Type: image/png Content-Length: 53690 Last-Modified: Mon, 17 Feb 2025 18:35:56 GMT Connection: close ETag: "67b3818c-d1ba" Expires: Thu, 31 Dec 2037 23:55:55 GMT Cache-Control: max-age=315360000 Accept-Ranges: bytes
2025-03-20 12:40:12 UTC	16081	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 d9 00 00 00 ea 08 06 00 00 00 2f 50 e0 75 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 20 00 49 44 41 54 78 9c a4 bd 47 b0 2d 49 7a df f7 fb 32 b3 aa 8e bb f6 99 ee d7 76 a6 07 3d 06 18 50 10 08 09 00 45 2f 32 24 42 62 80 20 83 a2 22 14 c2 56 7b 69 a5 0d 03 1b 85 76 da 92 a1 9d 4c 84 36 92 a8 08 2e 44 17 24 44 90 04 a9 00 40 12 c0 60 30 33 dd d3 6e da 3c 7f dd 71 55 69 b4 f8 32 b3 ea dc f7 06 18 84 4e c7 ed 77 ef 39 75 aa d2 7c e6 ff d9 94 ff e9 6f ff 0f a9 9d 75 08 10 53 04 20 fa 88 18 c1 58 43 08 11 ef 07 44 84 61 f0 dc 6c 37 3c 7b 76 c9 c5 c5 05 cf af 37 5c 5d df f0 f4 c9 53 7e f0 f0 19 66 79 c4 f1 f1 11 c6 3a 86 10 f1 21 60 8c 01 11 40 10 11 ac b5 18 63 b0 d6 e2 9c a3 6d Data Ascii: PNGIHDR/PupHYs~ IDATxG-Iz2v=PE/2$Bb "V{ivL6.D$D@`03n<qUi2Nw9u\|ouS XCDal7<{v7\]S~fy:!`@cm
2025-03-20 12:40:12 UTC	16384	IN	Data Raw: b2 79 fa 98 7e 7d a3 95 dc c6 d0 3a c3 d1 bc e3 6c b9 e4 de e9 09 47 8b 19 9b cd 86 f5 7e 47 d7 39 1a 67 f0 fb 2d bb bd e7 e6 7a cd d1 72 86 4d 03 c7 ab 39 11 78 f4 f0 29 fb ab a7 c4 e0 81 48 3b 5f d2 b4 73 c2 10 b0 4d 43 c9 dd bc 3d 95 17 51 c3 68 8f 99 49 6e e3 cb 84 9c b6 42 d4 ac 99 18 23 8e 7c 84 8c 18 43 74 96 d8 6b 95 ae 35 23 b3 30 dd 44 e0 f8 68 95 03 cf 25 d5 c6 60 4c 22 06 aa 57 b2 48 8a 44 ae 9e 76 ca 04 6d e3 58 2e 3a 1e 3f bb 64 b5 58 d6 1c c4 fd a0 4c a5 6e 5f 8d 8b f4 de 57 ed b1 db f7 6c f7 3d 36 05 8e 8e 4e 68 9b 86 7d 3f d0 ba 86 ab f5 26 37 a2 89 34 b6 a5 78 02 05 cd c5 33 c6 e0 b3 17 32 a6 48 23 ae c6 6d 24 33 60 59 a8 22 f1 43 8c dc 7d eb 4b c8 9f fa 4b 7c f7 d7 fe 6f 3c 60 73 42 34 b9 43 92 97 cc 7c 59 ad 24 20 84 44 df 7b 4d 96 6e Data Ascii: y~}:lG~G9g-zrM9x)H;_sMC=QhInB#\|Ctk5#0Dh%`L"WHDvmX.:?dXLn_Wl=6Nh}?&74x32H#m$3`Y"C}KK\|o<`sB4C\|Y$ D{Mn
2025-03-20 12:40:12 UTC	16384	IN	Data Raw: 26 29 a3 67 3b e4 08 b2 5e 8f 76 bb c5 dc 48 36 ca 1c a1 04 9d f9 98 8b b2 62 9e 6b 8a bc c4 d4 06 1d ab 85 d1 aa 54 7e 9a ec 95 1a 95 bf b9 95 0a ea 72 81 08 65 18 e1 19 97 45 c1 3c af c8 22 81 15 11 e8 94 bb 2f ac 72 72 3a e2 e1 d3 03 a4 96 7c eb 6b 6f 21 93 84 b9 05 7d 72 86 4a ae 21 a5 0d 58 a9 cf 93 9b 4c a6 08 25 18 8d 26 6c 5f dd 66 6f ff 90 17 5e bc 4b 55 96 1c 1e 1c 62 71 5c 8c a7 14 65 41 31 cb 83 e7 8b a5 0a f0 4d 53 22 36 b8 af 4f 6d bd ac 62 8c b1 a1 cc 0c aa 91 95 c1 b2 3f e9 c3 74 cc 6f 8c 4b 25 70 63 0e ea ad cb 1c 79 5e 91 24 82 8b dc 90 25 16 95 7a 8e 59 55 19 ac 71 24 51 4c e3 48 b5 e0 10 86 5b a3 11 5b d6 d6 11 07 5a 96 0b 27 b8 56 8a 5e 27 65 ff e4 0c f0 3e fb 59 1c 53 87 fe aa 08 78 9d 00 da ad 8c bc 28 17 37 2f d6 62 6a c3 b4 ce b9 Data Ascii: &)g;^vH6bkT~reE<"/rr:\|ko!}rJ!XL%&l_fo^KUbq\eA1MS"6Omb?toK%pcy^$%zYUq$QLH[[Z'V^'e>YSx(7/bj
2025-03-20 12:40:12 UTC	4841	IN	Data Raw: bc 03 87 d3 25 b9 e6 50 dd ab a8 a9 ae 04 30 19 82 59 2d b9 70 7b fc 70 7b fd 68 69 aa 87 c3 39 80 7d 0d 1f 31 07 a6 df ad db b5 0d 3b b7 db 58 19 c5 a1 31 bd a6 f1 e0 2e d6 f0 d0 f4 6d 55 e5 68 ef e8 96 a4 27 0e f7 1b 1a 4f e1 f8 1f ed 92 bf cb eb 68 ae ec 6b f8 88 3d 47 94 d2 e2 02 34 1e 7c 83 d5 55 bc fc 1b 0f be 91 b0 ae 62 95 25 56 7e 56 4b 2e 1a 0f ee 4a aa b3 25 65 76 51 6c 10 7d 40 e9 ff f4 6f f4 77 79 ab 72 fc 84 5d 12 ba d5 54 6f 82 d9 68 40 7b 67 37 5e 7a f3 9d b8 79 8a 1d cc 6a c9 85 d5 92 cb f2 89 e5 4c 33 61 cb 8e 03 cc ce 9a ea 4d cc f6 e3 27 ec 68 3e d3 26 b9 56 de 73 27 a2 ab a7 4f 62 a3 db eb c7 4b bf 79 87 fd bc 65 c7 01 38 9c a4 77 ac a9 de 84 d2 e2 02 a1 11 39 3a c5 e1 1d 4e 97 e4 a1 a1 0e 56 5a 5c 80 ba 5d db 50 51 56 02 b7 77 f2 c1 Data Ascii: %P0Y-p{p{hi9}1;X1.mUh'Ohk=G4\|Ub%V~VK.J%evQl}@owyr]Toh@{g7^zyjL3aM'h>&Vs'ObKye8w9:NVZ\]PQVw

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.6	49715	91.212.166.119	443	2588	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-20 12:40:12 UTC	401	OUT	GET /login/css/arvest-logo.png HTTP/1.1 Host: arvest.click Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-20 12:40:12 UTC	301	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 20 Mar 2025 12:40:12 GMT Content-Type: image/png Content-Length: 4092 Last-Modified: Mon, 17 Feb 2025 18:35:57 GMT Connection: close ETag: "67b3818d-ffc" Expires: Thu, 31 Dec 2037 23:55:55 GMT Cache-Control: max-age=315360000 Accept-Ranges: bytes
2025-03-20 12:40:12 UTC	4092	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 c9 00 00 00 45 08 06 00 00 00 e0 b4 c2 a6 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 0f 9e 49 44 41 54 78 da ec 5d 07 98 17 c5 15 9f e3 e0 28 47 39 30 22 4d 04 05 02 16 04 05 44 c1 92 4f 41 b0 20 36 a2 10 01 e5 03 cf 20 b1 45 85 a0 89 9a 80 09 41 a5 08 44 40 e1 0b 62 41 b1 a4 2b 06 50 f1 02 16 40 05 45 48 e2 81 85 d8 10 94 22 f5 9f f7 d8 f7 c7 65 7c 6f eb 6c 39 6f 7f df f7 fb ee fe bb b3 b3 b3 b3 fb 66 e6 95 99 29 c8 e5 72 2a 62 74 02 b6 02 3e a6 e2 43 55 60 4b ba ef 61 74 6c 1f f0 53 e0 fb c0 75 f4 3b 43 b2 a8 0e dc 05 cc a5 b9 90 05 31 08 c9 c3 c0 63 81 1d 43 54 46 13 e0 68 e0 46 e0 7f 80 eb 81 9f 03 b7 02 8b 80 f5 48 20 da Data Ascii: PNGIHDREtEXtSoftwareAdobe ImageReadyqe<IDATx](G90"MDOA 6 EAD@bA+P@EH"e\|ol9of)r*bt>CU`KatlSu;C1cCTFhFH

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.6	49717	91.212.166.119	443	2588	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-20 12:40:12 UTC	428	OUT	GET /login/css/2024_ACC_3X_Holiday_Rewards_Main%20Nav.png HTTP/1.1 Host: arvest.click Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-20 12:40:12 UTC	303	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 20 Mar 2025 12:40:12 GMT Content-Type: image/png Content-Length: 64027 Last-Modified: Mon, 17 Feb 2025 18:35:56 GMT Connection: close ETag: "67b3818c-fa1b" Expires: Thu, 31 Dec 2037 23:55:55 GMT Cache-Control: max-age=315360000 Accept-Ranges: bytes
2025-03-20 12:40:12 UTC	16081	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 d9 00 00 00 ea 08 06 00 00 00 2f 50 e0 75 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 20 00 49 44 41 54 78 9c d4 bc 67 ac 64 77 9a de f7 3b 39 56 8e 37 87 be dd b7 73 20 d9 c3 61 18 0e c9 dd d9 9d 81 ac 5d ed c8 1a c8 d6 2a 58 86 c3 57 1b 02 fc 95 f2 17 03 06 6c 18 30 0c 38 40 5f 0c 4b 6b 01 86 ac dd 59 ed a4 25 39 c3 e1 30 36 3b 77 df ee db 37 e7 ba 95 c3 a9 3a f9 f8 43 dd ee 19 2e b9 da 99 59 ed 42 7e 81 8b 02 ee a9 aa 73 fe ff 73 de f0 3c ef f3 96 70 d0 1c 24 dd c1 88 66 a7 45 ad b6 41 39 3f 4d da ce 61 65 2c 34 45 22 8e 60 b3 7e c0 e8 b8 8e 6e 19 f8 a3 1e ae d7 46 37 52 9c 3f 73 8d e9 4a 91 a1 1f 22 0a 02 ba 22 f1 67 2d 49 20 4e 12 24 51 f8 b7 fe ef ff 8f d6 e8 fb f4 bd Data Ascii: PNGIHDR/PupHYs~ IDATxgdw;9V7s a]*XWl08@_KkY%906;w7:C.YB~ss<p$fEA9?Mae,4E"`~nF7R?sJ""g-I N$Q
2025-03-20 12:40:12 UTC	16384	IN	Data Raw: ad d5 b9 b8 ba c5 d5 27 5e 22 f7 7a 34 9b 75 24 49 21 f2 5d 7e ef 37 ff 67 de b9 7e 0f 3f ce 16 34 aa d8 c5 ef ed 31 38 d8 e3 a8 33 61 eb a5 06 f3 93 5d f6 3f bc 81 28 80 69 9a 4c 0f bb a8 56 1d a3 b1 4e 69 f3 3c 0f 5f fb 01 46 a5 81 a0 17 51 05 81 d0 9b 51 2a e8 c4 41 8f 71 a7 cb e8 64 97 d5 e5 16 9f fe 99 7f 8b 4a ab c9 c9 d1 2e fd f1 88 de 89 83 a4 67 8c c3 85 1e b2 60 2b 04 64 08 ae 80 13 e4 b8 93 00 d7 8d 49 92 14 d3 50 68 d6 2c 74 51 a5 a2 cb 18 62 c6 52 b3 42 a5 58 a4 3b 99 93 c5 39 29 02 2b eb 4b a8 92 80 1f f8 0c 86 33 a4 3c a7 50 54 99 fa 11 bd 79 44 38 4a 99 cd 3d 20 a1 56 d1 17 60 20 a9 cc f9 ad 16 13 3f 61 ee a7 9c 5f 5f 03 29 a6 54 5d 61 ad d5 22 1a df 20 ce 45 cc e2 2a b1 6c 61 56 96 d8 14 d7 50 bb 1f 21 bf f2 dc 33 14 b4 85 15 fc 68 96 d2 Data Ascii: '^"z4u$I!]~7g~?4183a]?(iLVNi<_FQQAqdJ.g`+dIPh,tQbRBX;9)+K3<PTyD8J= V` ?a__)T]a" ElaVP!3h
2025-03-20 12:40:12 UTC	16384	IN	Data Raw: 1a 3e 96 13 20 9d 1a ed ba c7 ff f2 af fe 25 89 aa 32 1a 74 b9 72 f9 7d be f3 dd ef f0 f6 fa 55 b6 f6 7b 50 e4 b4 7c 9f 41 96 82 49 a9 38 0e c9 20 65 32 0a 49 8d a6 e5 fa 1c 5b 98 46 79 8a ba f2 08 27 63 c6 69 4a 9e 65 8c c6 31 53 ae 4d 73 b9 8d 2d 61 63 fb 00 57 09 02 c7 66 b9 e2 31 5f af 92 18 4d 6f 12 73 30 4e 19 16 86 65 df 66 be ea 61 8f b7 28 92 88 ea d4 1c 51 b7 43 3a 2e f0 2a 3e a8 04 39 33 4f 1e 97 2e e7 22 4e 48 27 13 8a 2c 23 49 73 6c df a7 db ed 32 88 0b ee 3f d6 64 65 a1 85 28 52 86 fd 31 77 0e 47 9c 7f fa 1c 49 27 62 b0 d7 e1 91 d5 59 5e fe e8 06 93 ac a0 38 f2 94 65 79 88 ef b9 c4 61 42 a3 5e a1 dd aa e3 0a 58 58 9a 45 39 2e e9 11 70 d1 75 1c 1c d7 61 e9 d4 1a 97 5f 7b 8b 7b 1b f7 d8 d8 d8 20 35 82 6a dd c7 ad 97 2d f8 b0 d3 a5 36 35 4d 16 Data Ascii: > %2tr}U{P\|AI8 e2I[Fy'ciJe1SMs-acWf1_Mos0Nefa(QC:.*>93O."NH',#Isl2?de(R1wGI'bY^8eyaB^XXE9.pua_{{ 5j-65M
2025-03-20 12:40:12 UTC	15178	IN	Data Raw: 72 38 89 c9 29 d9 da f7 98 04 09 bd b1 8f 3f 23 ed 96 80 a5 eb 74 ea 15 b2 12 26 b3 e1 b9 55 73 09 e2 94 ba 6b 71 30 f6 28 81 23 47 16 68 36 2b 9c 3f b5 cc ca da 02 96 ae d3 9c ef 92 e4 19 79 59 70 b8 db c7 71 4d 0c 43 22 4d 1d d3 d4 19 4d 42 1c 5d a1 82 e3 e1 14 c3 30 48 f3 82 24 49 68 d5 5c 4e 9e 58 60 73 1a 32 dc 3b 64 b9 53 65 f5 f4 45 74 d3 52 9e 20 33 0d 5a 89 86 2e 25 69 9e b3 db ef f1 ff fe da af b2 7c 74 91 ac 88 49 d2 10 b4 02 b7 d2 a4 d2 68 70 ed e3 ab a4 d3 11 f3 2b 2b 14 65 81 2e 0d 1c c7 21 d7 24 c3 fd 5d e2 30 41 97 92 fb 1b 87 78 7e c4 e9 e3 0b 24 69 c6 38 8c 91 a5 ce 97 5f fd 1a f7 6e 7d cc 47 1f 7c 80 6e 57 f9 ec e7 3e c7 8b 9f fd 3c dd ee 1c a3 c1 3e 37 ae bc c3 eb af bf c9 bd f5 2d d6 d7 37 69 b8 16 65 e8 23 35 05 55 8f 7b 07 3c f9 cc Data Ascii: r8)?#t&Uskq0(#Gh6+?yYpqMC"MMB]0H$Ih\NX`s2;dSeEtR 3Z.%i\|tIhp++e.!$]0Ax~$i8_n}G\|nW><>7-7ie#5U{<

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.6	49719	91.212.166.119	443	2588	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-20 12:40:13 UTC	650	OUT	GET /login/css/24WEB057%20Dec%20TP%20Ads%20for%20Web_MainNav_Mortgage.png HTTP/1.1 Host: arvest.click Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://arvest.click/login/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-20 12:40:13 UTC	303	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 20 Mar 2025 12:40:13 GMT Content-Type: image/png Content-Length: 53802 Last-Modified: Mon, 17 Feb 2025 18:35:56 GMT Connection: close ETag: "67b3818c-d22a" Expires: Thu, 31 Dec 2037 23:55:55 GMT Cache-Control: max-age=315360000 Accept-Ranges: bytes
2025-03-20 12:40:13 UTC	16081	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 d9 00 00 00 ea 08 06 00 00 00 2f 50 e0 75 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 20 00 49 44 41 54 78 9c cc bd 59 b0 25 c9 79 df f7 cb cc 5a ce 7e f7 a5 f7 6d a6 67 a6 67 1f 00 43 02 04 86 94 08 90 32 2d 2e a2 18 52 c8 5a 1c 61 d2 bb 14 61 2b fc e0 b0 5f f4 e0 17 3f c9 0f 0e c9 56 48 a6 2c d3 a2 49 8a 94 2c 8a a4 68 98 a4 20 12 00 81 19 0c 66 ef e9 9e de f7 bb 9e 7b cf 56 a7 96 cc f4 43 56 d5 a9 73 ee bd 3d 0d 1a 0c 3b 23 6e 9f d3 75 aa b2 b2 32 bf f5 ff 7d f9 95 b8 fe de 1f 5a a1 3c 94 5f c7 5a 8b 10 12 63 2d d6 68 ac 05 b0 18 63 b0 d6 a2 fc 90 5a 67 91 e1 de 36 51 bf 8b 0a 42 e6 57 cf b2 bc b4 8c 05 3e fc e4 26 a7 8e af 33 df 6a 00 60 8c 21 d1 86 d0 53 0c a2 88 46 18 Data Ascii: PNGIHDR/PupHYs~ IDATxY%yZ~mggC2-.RZaa+_?VH,I,h f{VCVs=;#nu2}Z<_Zc-hcZg6QBW>&3j`!SF
2025-03-20 12:40:13 UTC	16384	IN	Data Raw: 94 8c 8f f6 50 27 b7 40 e5 ae 86 ae 40 15 d7 ec 9f 2b 15 ea 9f 37 73 82 ab cc 80 8d ba 41 cd cc e5 56 90 86 fd 79 1b 29 2d 70 52 89 30 55 00 8e e3 21 1a 0b ae 8c 93 6c 6e 30 da 0a ff 18 83 93 1c c4 45 31 7b 82 85 db f4 6a a8 7a 7b a2 46 43 2b 4a 4f 05 8c d4 bb dd dc 3b dd dd 3d e2 4f 7f f0 09 69 aa b8 b0 b9 c6 64 34 20 2f 73 de bb 77 87 1f 7d 7c 87 07 87 e7 1c f5 27 bc 7f 67 9f 7c f1 3a 97 5f 7a 93 1c c5 a5 b5 25 1a 26 a1 bd 7d 9d a9 ec b2 77 ef 36 57 6e be 42 a7 bb 50 9f e7 e9 74 44 91 a5 f8 41 4c 1c 37 28 cb c2 f5 c9 e6 53 f1 2a 2a d5 97 f3 73 d1 68 0e d6 ad 2f f0 5c dd 50 3f ed 2f 48 0d 3f 5f 77 e5 69 c2 e0 e4 98 d1 f9 39 e3 f3 3e 65 96 d8 99 34 03 46 48 fc 76 9b f5 4b 97 58 5a 5f 23 32 09 14 e7 48 12 02 df 67 d8 4f d0 65 8b 22 4b e9 9f 3f c2 94 ab a8 Data Ascii: P'@@+7sAVy)-pR0U!ln0E1{jz{FC+JO;=Oid4 /sw}\|'g\|:_z%&}w6WnBPtDAL7(S**sh/\P?/H?_wi9>e4FHvKXZ_#2HgOe"K?
2025-03-20 12:40:14 UTC	16384	IN	Data Raw: 26 2b 14 86 92 ca 18 54 e0 71 f7 fc 2d 1e 1d 9f 73 ef f0 9c 4a 79 f6 3e 11 3e 7e 10 5a 1d 4b e9 bb 2c 19 d0 5d d9 24 9b 1c f1 d2 b3 37 88 23 9f 9d cb 5b 0e a2 b0 33 c3 86 84 66 0f ae c6 bf da ad bf 34 c3 71 37 ea f2 97 29 ab 89 c3 a5 fc c0 c5 af 72 21 b1 5d dc 98 16 62 a9 bb 9e a6 73 1e be 7b 87 f1 ac e6 17 3f f3 39 aa 62 86 0c 63 ae dd 7c 9a f1 f9 01 a6 56 04 a1 4f 55 e6 14 45 46 43 4e 96 d2 a7 2c 0b c2 30 e6 f5 37 df 24 8a 02 56 86 03 8c d6 1c 1f 9f e2 49 9f ba ae 88 a3 88 77 de 7b 84 31 da 0d 7c c1 53 25 79 56 a1 90 98 2c 25 10 56 af 70 3a 9f 23 3d 8f 76 2b 66 9e 97 28 5d 23 bd c0 3a 7b 56 9a 7e bf cb e9 d9 39 3b 3b db 3c 7c f4 88 2c 7d 87 dd eb d7 e9 ee ee 52 66 29 d9 2c 25 49 5a c4 49 42 55 3a de 9a 63 86 0b 4f 22 fd 90 e9 3c e3 e4 c4 5a 11 49 4f e2 Data Ascii: &+Tq-sJy>>~ZK,]$7#[3f4q7)r!]bs{?9bc\|VOUEFCN,07$VIw{1\|S%yV,%Vp:#=v+f(]#:{V~9;;<\|,}Rf),%IZIBU:cO"<ZIO
2025-03-20 12:40:14 UTC	4953	IN	Data Raw: d7 2d b4 3a 86 23 51 74 75 5f 44 60 20 84 da aa 4a 00 c0 8e 5d 07 50 5b 5d 89 93 87 f6 e4 fd 5d 20 38 88 c0 40 08 c0 c2 a8 e7 5c 52 30 21 db b1 eb 00 8e 1c 3f 9d f5 b9 df e7 c5 be 7f d8 86 a6 c6 7a f4 f4 f5 a3 79 db 6e 00 c0 48 ef a7 85 7a f4 63 e1 dc c5 5e 4d 80 88 10 35 d4 d5 e0 c8 f1 33 08 0c 84 e0 af f0 a2 b5 65 03 00 2c a8 3a 86 23 51 34 6f db ad 0f 0a 1e b7 0b b5 d5 95 08 47 a2 38 77 b1 17 3d 7d fd a8 ad ae cc f9 db 23 bf 3e 8d 8e 03 47 01 cc ff 7a ce 35 05 11 b2 8e ce a3 39 05 0c 00 02 c1 10 de fe e9 21 34 35 d6 17 e2 51 73 46 d3 a6 7a 9c bb d0 0b 4f b1 4b 1f b9 8f 1c 3f 8d 73 17 7b d1 50 57 a3 0b d9 42 e2 c8 f1 33 ba 80 b5 6d 6d 82 df e7 85 bf 82 1c 67 54 5b 5d 99 57 c0 18 33 a3 20 42 76 e4 f8 19 00 64 24 3c 7b 6c 3f fc be 72 84 23 51 1c 3c dc 85 Data Ascii: -:#Qtu_D` J]P[]] 8@\R0!?zynHzc^M53e,:#Q4oG8w=}#>Gz59!45QsFzOK?s{PWB3mmgT[]W3 Bvd$<{l?r#Q<

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.6	49720	91.212.166.119	443	2588	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-20 12:40:13 UTC	423	OUT	GET /login/css/Small_Business_Checking_2_mainnav.png HTTP/1.1 Host: arvest.click Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-20 12:40:13 UTC	304	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 20 Mar 2025 12:40:13 GMT Content-Type: image/png Content-Length: 70110 Last-Modified: Mon, 17 Feb 2025 18:35:57 GMT Connection: close ETag: "67b3818d-111de" Expires: Thu, 31 Dec 2037 23:55:55 GMT Cache-Control: max-age=315360000 Accept-Ranges: bytes
2025-03-20 12:40:13 UTC	16080	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 da 00 00 00 ea 08 06 00 00 00 c4 67 5b 76 00 00 2c 62 63 61 42 58 00 00 2c 62 6a 75 6d 62 00 00 00 1e 6a 75 6d 64 63 32 70 61 00 11 00 10 80 00 00 aa 00 38 9b 71 03 63 32 70 61 00 00 00 2c 3c 6a 75 6d 62 00 00 00 47 6a 75 6d 64 63 32 6d 61 00 11 00 10 80 00 00 aa 00 38 9b 71 03 75 72 6e 3a 75 75 69 64 3a 39 39 65 30 61 63 37 64 2d 39 31 37 31 2d 34 30 65 63 2d 62 35 66 38 2d 38 61 30 32 37 36 32 63 34 36 38 39 00 00 00 01 a6 6a 75 6d 62 00 00 00 29 6a 75 6d 64 63 32 61 73 00 11 00 10 80 00 00 aa 00 38 9b 71 03 63 32 70 61 2e 61 73 73 65 72 74 69 6f 6e 73 00 00 00 00 ca 6a 75 6d 62 00 00 00 26 6a 75 6d 64 63 62 6f 72 00 11 00 10 80 00 00 aa 00 38 9b 71 03 63 32 70 61 2e 61 63 74 69 6f 6e 73 00 00 00 Data Ascii: PNGIHDRg[v,bcaBX,bjumbjumdc2pa8qc2pa,<jumbGjumdc2ma8qurn:uuid:99e0ac7d-9171-40ec-b5f8-8a02762c4689jumb)jumdc2as8qc2pa.assertionsjumb&jumdcbor8qc2pa.actions
2025-03-20 12:40:13 UTC	16384	IN	Data Raw: 46 35 e1 e9 88 29 51 4a c3 54 4d 8b 05 ab 2d ad 16 52 49 98 5a 66 2a 5e 06 ac 0a 75 52 72 28 a3 09 e3 9e ed f6 23 0e 69 e4 7a b7 61 bb dd 71 79 ff 2e 97 ee 92 2e f7 d8 6e 25 73 38 9d c9 29 73 48 d7 4c 69 c7 22 9c b1 1e ee 63 8d c7 59 4b ca 11 a5 2a d3 74 4d ab 95 f1 b8 65 73 f5 11 1a cb 9d 7b af b1 58 df c5 fa 81 92 26 c2 f1 86 30 ed 51 d6 b3 6f 8a ee b8 a4 1c 8e 4c e9 23 c6 f1 86 12 5f e6 ec dc b0 49 1b a6 9b 0d 97 97 17 1c 0f 47 a6 e9 48 29 85 65 d7 b1 30 70 be ec e8 bc e3 cb af bd c2 17 5f bd e4 f3 8f ee 50 72 c6 ae 1d a5 29 72 e7 e8 8c e6 7c e1 b8 bb 9e 18 34 7c 34 46 7e f8 e4 0a ef 3a 6e 76 7b a6 29 80 b6 33 1b dc 93 4b e2 3b df 4f 1c af fe 80 f3 bb ff f6 3c db 63 56 8c 7c a2 5a 29 35 53 ed e7 a7 40 ac b5 92 72 22 c4 44 48 81 18 22 e3 34 72 38 1e 45 Data Ascii: F5)QJTM-RIZf^uRr(#izaqy..n%s8)sHLi"cYKtMes{X&0QoL#_IGH)e0p_Pr)r\|4\|4F~:nv{)3K;O<cV\|Z)5S@r"DH"4r8E
2025-03-20 12:40:14 UTC	16384	IN	Data Raw: 18 79 ee 9d df e0 1f ff 37 ff 2d 0f 0f 8f 41 45 ee 3f 3a e4 f4 f8 08 e3 35 87 a7 87 bc fa 4b ff 80 f9 6c ca 62 b1 a4 70 05 d6 5a 9c 93 0b fb f8 fc 98 37 de f8 32 b7 ae 5e 11 7b 07 ad 99 6d ed 50 58 cb 72 71 21 16 e9 ab a5 b4 fa 46 33 0c 21 87 b0 18 7a 1f f0 21 cb b9 52 62 e8 7b 26 a5 08 62 49 b2 c9 f4 71 54 4e 78 ea 52 72 21 08 16 93 49 04 a4 44 bb 5e b3 6a 1a a6 b5 d8 5e b4 7d 47 d7 0f f4 5e ec 28 64 be d6 04 2f d9 da f2 d8 47 5c 67 99 4d 66 94 65 c1 68 75 31 0c 3d de f7 2c da 96 a6 ed 30 88 95 41 df 49 ae bb f5 21 60 13 74 7d 8b f7 81 21 c1 d0 7b 4e cf ce 58 2e 97 24 e3 68 16 e2 32 bb 6e 3b b4 91 6a 32 44 b1 ff 2a ad 24 2b da 2c da 4b 51 4a bf cf ac 91 91 b6 15 f2 9a 53 6b 11 43 8e b0 2d 24 c8 38 51 3f 04 7c df e1 aa 99 2c 2d 36 c0 ac c5 2a b3 d9 18 8d Data Ascii: y7-AE?:5KlbpZ72^{mPXrq!F3!z!Rb{&bIqTNxRr!ID^j^}G^(d/G\gMfehu1=,0AI!`t}!{NX.$h2n;j2D$+,KQJSkC-$8Q?\|,-6
2025-03-20 12:40:14 UTC	16384	IN	Data Raw: ca 4a 89 84 cb 8b 1c d1 1f 43 e3 65 9c 90 57 3e 47 9f a0 e0 33 42 a6 67 1d 5b a6 98 e4 77 0b f0 ec f9 f7 f8 57 db 1d e9 b0 27 8e 3b 42 ec d1 65 a4 2e 0c b6 2e 38 4c 91 59 59 53 36 2b 51 26 b7 05 aa ac 29 8a 52 4a 14 2b aa 80 2a fa bc 9f 9a 80 94 33 af c5 56 10 a3 5c c9 6e 12 11 ac 71 8e 14 e2 69 ff a3 b4 a6 ef 0e ec b6 1b bc 3f 10 fa 37 9c cd 37 b8 d1 60 8b 73 bc 0f a4 78 c1 34 f6 94 e5 12 ab cb 6c 7b e1 d4 d3 b8 e0 d1 99 99 91 44 fe 21 b7 1e 47 a5 84 3c 5c 21 37 e4 47 53 e8 f1 97 4c 48 b3 c6 73 18 30 45 91 97 cd 2a f3 d5 c5 62 73 0a 31 48 19 04 84 0c 93 82 9f 44 49 d2 cc d0 39 09 26 46 47 1a d7 a8 dd b7 b0 7f 01 61 4d 2a 2c 81 15 21 5a 94 e9 a5 b4 4c 91 e4 44 3d 72 0a 4b 1c 47 5c ff c0 e1 60 78 b1 de e0 9c 67 df f5 b8 10 79 ef e9 63 2c d0 f7 23 db ae a7 Data Ascii: JCeW>G3Bg[wW';Be..8LYYS6+Q&)RJ+3V\nqi?77`sx4l{D!G<\!7GSLHs0Ebs1HDI9&FGaM*,!ZLD=rKG\`xgyc,#
2025-03-20 12:40:14 UTC	4878	IN	Data Raw: 97 1c bb 7d db ad 17 18 da b3 5d 3f 8f 8f 0d f3 f5 65 6e 76 b5 5c 64 82 b9 74 2d a7 2e d8 25 32 23 cb 8e fd e6 97 1f ba e8 7a 64 3c 7d aa f3 f3 eb b9 47 f6 7c 64 d7 92 d7 dc 73 f7 bb 2e 08 0d ba 77 ee f1 b1 e1 25 0f cd 6a b9 c8 ae bb b7 fd 6a 18 da f2 ac 23 c8 0f 77 df 27 be c0 c4 d4 1c 0d ab cd be c7 9e ba e4 45 bf 14 f6 3e 78 ff 92 24 c8 c4 d4 1c 13 53 73 1c 38 78 84 87 f7 7d e3 8a 62 9a d7 82 e5 17 7d f9 17 b7 d2 b1 57 ba 46 e9 46 ef 58 e2 fa 1d 3e fa bc ac 37 7e 7b ff 05 bb ce a5 b0 7d eb 6d 6f c8 53 b8 1c b2 18 f8 52 7f ef c6 86 b1 91 d7 7c fe 0c e3 63 c3 6f 5a 31 ba fb 7d 5e eb 1a 5f 2f 56 6d 47 cb 32 3a fb 1e 93 3b c1 1b 69 a1 d9 b2 79 13 3f 3a f0 97 3c f9 f4 f7 39 90 c6 3c dd 4f d2 4f 7f ee ab 6c d9 bc e9 aa 7d 51 59 52 a0 fb fd 2f 77 43 5f c9 1a Data Ascii: }]?env\dt-.%2#zd<}G\|ds.w%jj#w'E>x$Ss8x}b}WFFX>7~{}moSR\|coZ1}^_/VmG2:;iy?:<9<OOl}QYR/wC_

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.6	49721	91.212.166.119	443	2588	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-20 12:40:13 UTC	609	OUT	GET /login/css/FDIC-new-logo.png HTTP/1.1 Host: arvest.click Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://arvest.click/login/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-20 12:40:13 UTC	300	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 20 Mar 2025 12:40:13 GMT Content-Type: image/png Content-Length: 437 Last-Modified: Mon, 17 Feb 2025 18:35:57 GMT Connection: close ETag: "67b3818d-1b5" Expires: Thu, 31 Dec 2037 23:55:55 GMT Cache-Control: max-age=315360000 Accept-Ranges: bytes
2025-03-20 12:40:13 UTC	437	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 26 00 00 00 10 08 06 00 00 00 7a 1e 0d 1e 00 00 00 04 73 42 49 54 08 08 08 08 7c 08 64 88 00 00 01 6c 49 44 41 54 48 89 cd 55 c1 71 84 30 0c 5c 32 f7 cc 4c e8 20 74 00 1d 84 fb e7 41 07 c7 23 ff 5c 2a c8 5d 07 57 02 25 50 02 e9 c0 d7 01 74 00 15 6c 1e 36 13 a3 13 98 5c 78 64 67 f4 90 b4 96 65 59 b6 22 92 f8 07 88 01 24 00 cc 68 d8 01 68 02 8b 2a 00 e5 82 bf 71 9c 56 d8 2f 00 32 4f 3f fa 1b bb 44 4e 00 0a 00 4f 9e bd 03 50 83 61 9c 56 70 48 b2 22 19 93 84 93 46 f8 73 cf 17 8c f9 10 a8 d6 6f 70 70 d5 8b 03 bc 0a c0 67 28 d8 4e b1 7d 09 bd 5d e0 bc 08 7b 0a a0 06 90 cf ec 57 c0 1e 40 62 80 bd e6 0c e3 b5 2a 55 84 22 73 9c 98 64 ad f8 f3 99 ab 6c 85 ad 27 79 14 7b 95 24 fb bf 26 36 8a 11 fe 5a 49 ec 4d Data Ascii: PNGIHDR&zsBIT\|dlIDATHUq0\2L tA#\]W%Ptl6\xdgeY"$hhqV/2O?DNOPaVpH"Fsoppg(N}]{W@b*U"sdl'y{$&6ZIM

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.6	49722	91.212.166.119	443	2588	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-20 12:40:13 UTC	444	OUT	GET /login/css/24WEB057%20Dec%20TP%20Ads%20for%20Web_MainNav_Consumer.png HTTP/1.1 Host: arvest.click Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-20 12:40:13 UTC	303	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 20 Mar 2025 12:40:13 GMT Content-Type: image/png Content-Length: 53690 Last-Modified: Mon, 17 Feb 2025 18:35:56 GMT Connection: close ETag: "67b3818c-d1ba" Expires: Thu, 31 Dec 2037 23:55:55 GMT Cache-Control: max-age=315360000 Accept-Ranges: bytes
2025-03-20 12:40:13 UTC	16081	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 d9 00 00 00 ea 08 06 00 00 00 2f 50 e0 75 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 20 00 49 44 41 54 78 9c a4 bd 47 b0 2d 49 7a df f7 fb 32 b3 aa 8e bb f6 99 ee d7 76 a6 07 3d 06 18 50 10 08 09 00 45 2f 32 24 42 62 80 20 83 a2 22 14 c2 56 7b 69 a5 0d 03 1b 85 76 da 92 a1 9d 4c 84 36 92 a8 08 2e 44 17 24 44 90 04 a9 00 40 12 c0 60 30 33 dd d3 6e da 3c 7f dd 71 55 69 b4 f8 32 b3 ea dc f7 06 18 84 4e c7 ed 77 ef 39 75 aa d2 7c e6 ff d9 94 ff e9 6f ff 0f a9 9d 75 08 10 53 04 20 fa 88 18 c1 58 43 08 11 ef 07 44 84 61 f0 dc 6c 37 3c 7b 76 c9 c5 c5 05 cf af 37 5c 5d df f0 f4 c9 53 7e f0 f0 19 66 79 c4 f1 f1 11 c6 3a 86 10 f1 21 60 8c 01 11 40 10 11 ac b5 18 63 b0 d6 e2 9c a3 6d Data Ascii: PNGIHDR/PupHYs~ IDATxG-Iz2v=PE/2$Bb "V{ivL6.D$D@`03n<qUi2Nw9u\|ouS XCDal7<{v7\]S~fy:!`@cm
2025-03-20 12:40:13 UTC	16384	IN	Data Raw: b2 79 fa 98 7e 7d a3 95 dc c6 d0 3a c3 d1 bc e3 6c b9 e4 de e9 09 47 8b 19 9b cd 86 f5 7e 47 d7 39 1a 67 f0 fb 2d bb bd e7 e6 7a cd d1 72 86 4d 03 c7 ab 39 11 78 f4 f0 29 fb ab a7 c4 e0 81 48 3b 5f d2 b4 73 c2 10 b0 4d 43 c9 dd bc 3d 95 17 51 c3 68 8f 99 49 6e e3 cb 84 9c b6 42 d4 ac 99 18 23 8e 7c 84 8c 18 43 74 96 d8 6b 95 ae 35 23 b3 30 dd 44 e0 f8 68 95 03 cf 25 d5 c6 60 4c 22 06 aa 57 b2 48 8a 44 ae 9e 76 ca 04 6d e3 58 2e 3a 1e 3f bb 64 b5 58 d6 1c c4 fd a0 4c a5 6e 5f 8d 8b f4 de 57 ed b1 db f7 6c f7 3d 36 05 8e 8e 4e 68 9b 86 7d 3f d0 ba 86 ab f5 26 37 a2 89 34 b6 a5 78 02 05 cd c5 33 c6 e0 b3 17 32 a6 48 23 ae c6 6d 24 33 60 59 a8 22 f1 43 8c dc 7d eb 4b c8 9f fa 4b 7c f7 d7 fe 6f 3c 60 73 42 34 b9 43 92 97 cc 7c 59 ad 24 20 84 44 df 7b 4d 96 6e Data Ascii: y~}:lG~G9g-zrM9x)H;_sMC=QhInB#\|Ctk5#0Dh%`L"WHDvmX.:?dXLn_Wl=6Nh}?&74x32H#m$3`Y"C}KK\|o<`sB4C\|Y$ D{Mn
2025-03-20 12:40:14 UTC	16384	IN	Data Raw: 26 29 a3 67 3b e4 08 b2 5e 8f 76 bb c5 dc 48 36 ca 1c a1 04 9d f9 98 8b b2 62 9e 6b 8a bc c4 d4 06 1d ab 85 d1 aa 54 7e 9a ec 95 1a 95 bf b9 95 0a ea 72 81 08 65 18 e1 19 97 45 c1 3c af c8 22 81 15 11 e8 94 bb 2f ac 72 72 3a e2 e1 d3 03 a4 96 7c eb 6b 6f 21 93 84 b9 05 7d 72 86 4a ae 21 a5 0d 58 a9 cf 93 9b 4c a6 08 25 18 8d 26 6c 5f dd 66 6f ff 90 17 5e bc 4b 55 96 1c 1e 1c 62 71 5c 8c a7 14 65 41 31 cb 83 e7 8b a5 0a f0 4d 53 22 36 b8 af 4f 6d bd ac 62 8c b1 a1 cc 0c aa 91 95 c1 b2 3f e9 c3 74 cc 6f 8c 4b 25 70 63 0e ea ad cb 1c 79 5e 91 24 82 8b dc 90 25 16 95 7a 8e 59 55 19 ac 71 24 51 4c e3 48 b5 e0 10 86 5b a3 11 5b d6 d6 11 07 5a 96 0b 27 b8 56 8a 5e 27 65 ff e4 0c f0 3e fb 59 1c 53 87 fe aa 08 78 9d 00 da ad 8c bc 28 17 37 2f d6 62 6a c3 b4 ce b9 Data Ascii: &)g;^vH6bkT~reE<"/rr:\|ko!}rJ!XL%&l_fo^KUbq\eA1MS"6Omb?toK%pcy^$%zYUq$QLH[[Z'V^'e>YSx(7/bj
2025-03-20 12:40:14 UTC	4841	IN	Data Raw: bc 03 87 d3 25 b9 e6 50 dd ab a8 a9 ae 04 30 19 82 59 2d b9 70 7b fc 70 7b fd 68 69 aa 87 c3 39 80 7d 0d 1f 31 07 a6 df ad db b5 0d 3b b7 db 58 19 c5 a1 31 bd a6 f1 e0 2e d6 f0 d0 f4 6d 55 e5 68 ef e8 96 a4 27 0e f7 1b 1a 4f e1 f8 1f ed 92 bf cb eb 68 ae ec 6b f8 88 3d 47 94 d2 e2 02 34 1e 7c 83 d5 55 bc fc 1b 0f be 91 b0 ae 62 95 25 56 7e 56 4b 2e 1a 0f ee 4a aa b3 25 65 76 51 6c 10 7d 40 e9 ff f4 6f f4 77 79 ab 72 fc 84 5d 12 ba d5 54 6f 82 d9 68 40 7b 67 37 5e 7a f3 9d b8 79 8a 1d cc 6a c9 85 d5 92 cb f2 89 e5 4c 33 61 cb 8e 03 cc ce 9a ea 4d cc f6 e3 27 ec 68 3e d3 26 b9 56 de 73 27 a2 ab a7 4f 62 a3 db eb c7 4b bf 79 87 fd bc 65 c7 01 38 9c a4 77 ac a9 de 84 d2 e2 02 a1 11 39 3a c5 e1 1d 4e 97 e4 a1 a1 0e 56 5a 5c 80 ba 5d db 50 51 56 02 b7 77 f2 c1 Data Ascii: %P0Y-p{p{hi9}1;X1.mUh'Ohk=G4\|Ub%V~VK.J%evQl}@owyr]Toh@{g7^zyjL3aM'h>&Vs'ObKye8w9:NVZ\]PQVw

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.6	49723	91.212.166.119	443	2588	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-20 12:40:14 UTC	653	OUT	GET /login/css/24WEB057%20Dec%20TP%20Ads%20for%20Web_MainNav_NewYearPlan.png HTTP/1.1 Host: arvest.click Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://arvest.click/login/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-20 12:40:14 UTC	303	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 20 Mar 2025 12:40:14 GMT Content-Type: image/png Content-Length: 55947 Last-Modified: Mon, 17 Feb 2025 18:35:56 GMT Connection: close ETag: "67b3818c-da8b" Expires: Thu, 31 Dec 2037 23:55:55 GMT Cache-Control: max-age=315360000 Accept-Ranges: bytes
2025-03-20 12:40:14 UTC	16081	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 d9 00 00 00 ea 08 06 00 00 00 2f 50 e0 75 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 20 00 49 44 41 54 78 9c 74 bd f9 8f 25 59 76 df f7 39 f7 de 88 78 ef e5 9e 95 55 bd 54 f7 f4 36 3d 9c e6 cc f4 68 38 dc 34 14 c9 11 05 5a 96 69 09 12 0c c8 32 6d d8 b0 65 0b 32 0c d8 12 60 ff 68 03 36 60 d8 fe 0f 0c 43 80 24 d8 80 65 cb 02 24 8a 96 45 51 24 b5 91 23 52 1a ce 3e 3d d3 33 bd d6 5e 59 95 cb cb b7 c4 72 17 ff 70 97 88 ec 26 b3 50 99 2f 5f be 17 2f e2 dc b3 7c cf f7 9c 7b 42 b6 db 75 00 40 80 00 e0 81 40 f0 01 41 e2 f3 02 22 8a 80 a0 44 11 88 7f 13 51 40 c0 7b 8f b5 03 7d d7 e2 fa 8e 61 bb e2 e2 f1 03 1e bc fd 1d 2e 1e 3f a0 db 6e e9 ac 65 b5 da b0 e9 2c a2 0c 8e 40 5d 19 76 76 Data Ascii: PNGIHDR/PupHYs~ IDATxt%Yv9xUT6=h84Zi2me2`h6`C$e$EQ$#R>=3^Yrp&P/_/\|{Bu@@A"DQ@{}a.?ne,@]vv
2025-03-20 12:40:14 UTC	16384	IN	Data Raw: 79 ea 26 fb 37 6f f2 f8 87 bf 8d 90 03 ce 0e 9f 70 72 78 8c d4 39 45 21 30 c6 f0 e8 d1 13 c6 d3 31 3b 57 6f 10 32 8d cc 4a 32 99 51 cc f6 08 c0 fc d1 2d fe e4 fd 0f c8 84 e7 5b 5f bc ca bf fa f0 11 e7 eb 25 8c a7 8c 87 43 be f9 d6 9b 34 ab 25 a3 f1 70 6b 93 b7 8d cd a5 d7 e1 5d e0 6b 97 f9 7b 5c ba d1 ff 8d 9b fd 12 fa b6 ad 8a 97 4c 52 07 bb 57 31 76 13 7f 3d 53 9c 1f 7f ca fd 87 b7 30 8d 65 3c 28 19 4d 4a 28 20 68 83 6f 2b d0 01 53 5b 42 88 f3 b3 d4 1a 3d 98 30 3f 3b 67 30 ec 28 77 af a2 91 e8 d1 94 ce 34 9f 03 04 03 81 22 cf c9 77 0e d2 2f 0b 8c 69 2f 81 a6 82 e9 f4 20 be d1 6d ab dc 7f 3f 97 90 c3 f4 fe 03 3d ff f5 e2 f9 bb f4 b5 a2 03 92 ce 3a 6a 03 a7 eb 8e e5 a6 a1 ee 62 82 a5 35 06 6b 0d 84 48 11 89 a5 35 c3 6b 8b b3 06 e5 33 a2 a1 5c d4 ce 68 dd Data Ascii: y&7oprx9E!01;Wo2J2Q-[_%C4%pk]k{\LRW1v=S0e<(MJ( ho+S[B=0?;g0(w4"w/i/ m?=:jb5kH5k3\h
2025-03-20 12:40:14 UTC	16384	IN	Data Raw: ca 32 d9 0d a2 28 47 69 aa 79 c5 ec e8 88 db 0f ee 33 5f ae b8 be db 33 b8 25 57 ad c7 66 05 6f 3d b8 c9 ab 37 66 b8 76 c3 2b a7 15 7f f7 6b 0f d9 f5 8e cb cb 0e a3 35 fd 30 90 25 9a 96 d6 46 1c a0 b5 58 b5 b7 29 64 31 22 0b e6 cc 4b 75 1f 82 c7 22 ec f8 5e 69 56 47 47 1c 1d ad b8 76 ed 1a 75 5d 51 96 d5 b4 63 73 2e d2 ee c5 58 d4 3b 91 e2 68 9b 25 db 40 e9 9a 46 76 cd c8 59 1d 85 a6 43 27 06 4f bd 3b 98 dc 78 e7 a4 1b 8a 51 aa 52 92 76 85 41 fe 5c 4c 6c 23 a3 35 d1 f9 69 c6 aa e7 75 da bd 7a da a6 61 f0 03 b1 ac e9 87 01 36 5b e6 8b 85 7c 3f 13 98 95 0b ac b5 cc 17 4b ac 54 9e 98 d0 42 39 00 e3 2e c1 24 ad 92 52 f2 eb a2 ae 99 af 96 cc 97 35 36 b3 78 e7 69 f7 2d db cb 35 cd 66 43 50 0a a3 ed a4 08 8d 90 c2 e4 fc d4 26 32 42 ec 7a 3c 54 29 fb 8a f1 b7 a4 Data Ascii: 2(Giy3_3%Wfo=7fv+k50%FX)d1"Ku"^iVGGvu]Qcs.X;h%@FvYC'O;xQRvA\Ll#5iuza6[\|?KTB9.$R56xi-5fCP&2Bz<T)
2025-03-20 12:40:14 UTC	7098	IN	Data Raw: 75 c5 e9 43 66 f5 5a 21 75 91 fd cd ac e0 7c 8a a2 32 63 88 c6 ef 2d 50 bc 4e 21 ac e6 0e ad a8 b6 33 43 4d 15 e7 64 73 b1 7d 8b 1f db b7 f8 31 91 99 c2 bf fe f1 06 86 df bf 81 7f fd 60 14 57 6f dc 64 17 18 6c d1 b0 78 58 04 2d 42 17 40 27 71 b2 88 56 2c f4 81 aa b1 d0 08 16 7e ae 15 6d 8b 81 aa 00 e2 94 4f 03 85 3c d3 e3 73 f9 1c 73 2f d1 0b a8 cb 66 91 2b 70 f5 46 05 14 85 ed 20 b0 da 9d c8 4f e5 a0 69 2a 1c 2e 2f dc 2e 0d 0d be b5 68 bc 79 05 8d eb dd 78 e4 c6 08 1e bb 37 89 eb 77 f3 f8 f3 d8 7d dc b8 57 c0 e4 54 5e ec 4b d4 2c 2c 6a 91 50 19 b9 01 84 26 e2 ac de 75 58 2d 0a 1e 5d dd 80 f5 5f 6a 42 cb 9a 46 78 1b dc 70 3a 6c b0 59 c8 a4 cd 3a 05 7b 36 0f c5 b8 8f f1 7b 77 f0 c9 ed 4f 90 cf de 87 81 3c 54 15 b0 db 6c b0 58 2d dc 03 bc 38 07 a1 75 25 26 Data Ascii: uCfZ!u\|2c-PN!3CMds}1`WodlxX-B@'qV,~mO<ss/f+pF Oi*./.hyx7w}WT^K,,jP&uX-]_jBFxp:lY:{6{wO<TlX-8u%&

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.6	49724	91.212.166.119	443	2588	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-20 12:40:14 UTC	403	OUT	GET /login/css/FDIC-new-logo.png HTTP/1.1 Host: arvest.click Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-20 12:40:14 UTC	300	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 20 Mar 2025 12:40:14 GMT Content-Type: image/png Content-Length: 437 Last-Modified: Mon, 17 Feb 2025 18:35:57 GMT Connection: close ETag: "67b3818d-1b5" Expires: Thu, 31 Dec 2037 23:55:55 GMT Cache-Control: max-age=315360000 Accept-Ranges: bytes
2025-03-20 12:40:14 UTC	437	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 26 00 00 00 10 08 06 00 00 00 7a 1e 0d 1e 00 00 00 04 73 42 49 54 08 08 08 08 7c 08 64 88 00 00 01 6c 49 44 41 54 48 89 cd 55 c1 71 84 30 0c 5c 32 f7 cc 4c e8 20 74 00 1d 84 fb e7 41 07 c7 23 ff 5c 2a c8 5d 07 57 02 25 50 02 e9 c0 d7 01 74 00 15 6c 1e 36 13 a3 13 98 5c 78 64 67 f4 90 b4 96 65 59 b6 22 92 f8 07 88 01 24 00 cc 68 d8 01 68 02 8b 2a 00 e5 82 bf 71 9c 56 d8 2f 00 32 4f 3f fa 1b bb 44 4e 00 0a 00 4f 9e bd 03 50 83 61 9c 56 70 48 b2 22 19 93 84 93 46 f8 73 cf 17 8c f9 10 a8 d6 6f 70 70 d5 8b 03 bc 0a c0 67 28 d8 4e b1 7d 09 bd 5d e0 bc 08 7b 0a a0 06 90 cf ec 57 c0 1e 40 62 80 bd e6 0c e3 b5 2a 55 84 22 73 9c 98 64 ad f8 f3 99 ab 6c 85 ad 27 79 14 7b 95 24 fb bf 26 36 8a 11 fe 5a 49 ec 4d Data Ascii: PNGIHDR&zsBIT\|dlIDATHUq0\2L tA#\]W%Ptl6\xdgeY"$hhqV/2O?DNOPaVpH"Fsoppg(N}]{W@b*U"sdl'y{$&6ZIM

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.6	49725	91.212.166.119	443	2588	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-20 12:40:14 UTC	612	OUT	GET /login/css/login-arrow-icon.png HTTP/1.1 Host: arvest.click Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://arvest.click/login/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-20 12:40:14 UTC	300	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 20 Mar 2025 12:40:14 GMT Content-Type: image/png Content-Length: 271 Last-Modified: Mon, 17 Feb 2025 18:35:57 GMT Connection: close ETag: "67b3818d-10f" Expires: Thu, 31 Dec 2037 23:55:55 GMT Cache-Control: max-age=315360000 Accept-Ranges: bytes
2025-03-20 12:40:14 UTC	271	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 0f 00 00 00 0a 08 06 00 00 00 6b 1b 04 f9 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 00 b1 49 44 41 54 78 da 8c 90 31 0e 82 40 10 45 27 98 58 d8 58 79 14 43 8f b5 16 96 7a 01 3d 11 a5 16 72 01 0e 40 cf 0d b8 83 95 31 b1 20 98 f1 4f f8 2b 23 c1 c0 4b 5e d8 d9 fd 9f 25 88 aa 46 f0 06 cf 50 26 78 62 7e 66 43 aa 2d 6f 78 1c 29 1e 98 33 d2 48 3a 6c 7d 81 3b 19 66 0b af cc b5 d8 f5 30 d3 8e 17 4c 7a 37 26 dc 0f 64 e1 b3 cd 39 cc dd e1 03 c6 3c 8b 39 07 72 e6 c5 bf 7d 01 0b 17 ba c3 3d 9f 81 82 39 e9 97 cd 25 2c 5d b8 71 eb 92 e7 f2 af 6c ae 60 a5 bf 54 dc 97 b1 b2 b9 86 35 8b 35 67 99 5a 36 37 f0 39 f0 e7 bf 7e 04 18 00 bf d5 c4 d4 Data Ascii: PNGIHDRktEXtSoftwareAdobe ImageReadyqe<IDATx1@E'XXyCz=r@1 O+#K^%FP&xb~fC-ox)3H:l};f0Lz7&d9<9r}=9%,]ql`T55gZ679~

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.6	49726	91.212.166.119	443	2588	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-20 12:40:14 UTC	444	OUT	GET /login/css/24WEB057%20Dec%20TP%20Ads%20for%20Web_MainNav_Mortgage.png HTTP/1.1 Host: arvest.click Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-20 12:40:15 UTC	303	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 20 Mar 2025 12:40:14 GMT Content-Type: image/png Content-Length: 53802 Last-Modified: Mon, 17 Feb 2025 18:35:56 GMT Connection: close ETag: "67b3818c-d22a" Expires: Thu, 31 Dec 2037 23:55:55 GMT Cache-Control: max-age=315360000 Accept-Ranges: bytes
2025-03-20 12:40:15 UTC	16081	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 d9 00 00 00 ea 08 06 00 00 00 2f 50 e0 75 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 20 00 49 44 41 54 78 9c cc bd 59 b0 25 c9 79 df f7 cb cc 5a ce 7e f7 a5 f7 6d a6 67 a6 67 1f 00 43 02 04 86 94 08 90 32 2d 2e a2 18 52 c8 5a 1c 61 d2 bb 14 61 2b fc e0 b0 5f f4 e0 17 3f c9 0f 0e c9 56 48 a6 2c d3 a2 49 8a 94 2c 8a a4 68 98 a4 20 12 00 81 19 0c 66 ef e9 9e de f7 bb 9e 7b cf 56 a7 96 cc f4 43 56 d5 a9 73 ee bd 3d 0d 1a 0c 3b 23 6e 9f d3 75 aa b2 b2 32 bf f5 ff 7d f9 95 b8 fe de 1f 5a a1 3c 94 5f c7 5a 8b 10 12 63 2d d6 68 ac 05 b0 18 63 b0 d6 a2 fc 90 5a 67 91 e1 de 36 51 bf 8b 0a 42 e6 57 cf b2 bc b4 8c 05 3e fc e4 26 a7 8e af 33 df 6a 00 60 8c 21 d1 86 d0 53 0c a2 88 46 18 Data Ascii: PNGIHDR/PupHYs~ IDATxY%yZ~mggC2-.RZaa+_?VH,I,h f{VCVs=;#nu2}Z<_Zc-hcZg6QBW>&3j`!SF
2025-03-20 12:40:15 UTC	16384	IN	Data Raw: 94 8c 8f f6 50 27 b7 40 e5 ae 86 ae 40 15 d7 ec 9f 2b 15 ea 9f 37 73 82 ab cc 80 8d ba 41 cd cc e5 56 90 86 fd 79 1b 29 2d 70 52 89 30 55 00 8e e3 21 1a 0b ae 8c 93 6c 6e 30 da 0a ff 18 83 93 1c c4 45 31 7b 82 85 db f4 6a a8 7a 7b a2 46 43 2b 4a 4f 05 8c d4 bb dd dc 3b dd dd 3d e2 4f 7f f0 09 69 aa b8 b0 b9 c6 64 34 20 2f 73 de bb 77 87 1f 7d 7c 87 07 87 e7 1c f5 27 bc 7f 67 9f 7c f1 3a 97 5f 7a 93 1c c5 a5 b5 25 1a 26 a1 bd 7d 9d a9 ec b2 77 ef 36 57 6e be 42 a7 bb 50 9f e7 e9 74 44 91 a5 f8 41 4c 1c 37 28 cb c2 f5 c9 e6 53 f1 2a 2a d5 97 f3 73 d1 68 0e d6 ad 2f f0 5c dd 50 3f ed 2f 48 0d 3f 5f 77 e5 69 c2 e0 e4 98 d1 f9 39 e3 f3 3e 65 96 d8 99 34 03 46 48 fc 76 9b f5 4b 97 58 5a 5f 23 32 09 14 e7 48 12 02 df 67 d8 4f d0 65 8b 22 4b e9 9f 3f c2 94 ab a8 Data Ascii: P'@@+7sAVy)-pR0U!ln0E1{jz{FC+JO;=Oid4 /sw}\|'g\|:_z%&}w6WnBPtDAL7(S**sh/\P?/H?_wi9>e4FHvKXZ_#2HgOe"K?
2025-03-20 12:40:15 UTC	16384	IN	Data Raw: 26 2b 14 86 92 ca 18 54 e0 71 f7 fc 2d 1e 1d 9f 73 ef f0 9c 4a 79 f6 3e 11 3e 7e 10 5a 1d 4b e9 bb 2c 19 d0 5d d9 24 9b 1c f1 d2 b3 37 88 23 9f 9d cb 5b 0e a2 b0 33 c3 86 84 66 0f ae c6 bf da ad bf 34 c3 71 37 ea f2 97 29 ab 89 c3 a5 fc c0 c5 af 72 21 b1 5d dc 98 16 62 a9 bb 9e a6 73 1e be 7b 87 f1 ac e6 17 3f f3 39 aa 62 86 0c 63 ae dd 7c 9a f1 f9 01 a6 56 04 a1 4f 55 e6 14 45 46 43 4e 96 d2 a7 2c 0b c2 30 e6 f5 37 df 24 8a 02 56 86 03 8c d6 1c 1f 9f e2 49 9f ba ae 88 a3 88 77 de 7b 84 31 da 0d 7c c1 53 25 79 56 a1 90 98 2c 25 10 56 af 70 3a 9f 23 3d 8f 76 2b 66 9e 97 28 5d 23 bd c0 3a 7b 56 9a 7e bf cb e9 d9 39 3b 3b db 3c 7c f4 88 2c 7d 87 dd eb d7 e9 ee ee 52 66 29 d9 2c 25 49 5a c4 49 42 55 3a de 9a 63 86 0b 4f 22 fd 90 e9 3c e3 e4 c4 5a 11 49 4f e2 Data Ascii: &+Tq-sJy>>~ZK,]$7#[3f4q7)r!]bs{?9bc\|VOUEFCN,07$VIw{1\|S%yV,%Vp:#=v+f(]#:{V~9;;<\|,}Rf),%IZIBU:cO"<ZIO
2025-03-20 12:40:15 UTC	4953	IN	Data Raw: d7 2d b4 3a 86 23 51 74 75 5f 44 60 20 84 da aa 4a 00 c0 8e 5d 07 50 5b 5d 89 93 87 f6 e4 fd 5d 20 38 88 c0 40 08 c0 c2 a8 e7 5c 52 30 21 db b1 eb 00 8e 1c 3f 9d f5 b9 df e7 c5 be 7f d8 86 a6 c6 7a f4 f4 f5 a3 79 db 6e 00 c0 48 ef a7 85 7a f4 63 e1 dc c5 5e 4d 80 88 10 35 d4 d5 e0 c8 f1 33 08 0c 84 e0 af f0 a2 b5 65 03 00 2c a8 3a 86 23 51 34 6f db ad 0f 0a 1e b7 0b b5 d5 95 08 47 a2 38 77 b1 17 3d 7d fd a8 ad ae cc f9 db 23 bf 3e 8d 8e 03 47 01 cc ff 7a ce 35 05 11 b2 8e ce a3 39 05 0c 00 02 c1 10 de fe e9 21 34 35 d6 17 e2 51 73 46 d3 a6 7a 9c bb d0 0b 4f b1 4b 1f b9 8f 1c 3f 8d 73 17 7b d1 50 57 a3 0b d9 42 e2 c8 f1 33 ba 80 b5 6d 6d 82 df e7 85 bf 82 1c 67 54 5b 5d 99 57 c0 18 33 a3 20 42 76 e4 f8 19 00 64 24 3c 7b 6c 3f fc be 72 84 23 51 1c 3c dc 85 Data Ascii: -:#Qtu_D` J]P[]] 8@\R0!?zynHzc^M53e,:#Q4oG8w=}#>Gz59!45QsFzOK?s{PWB3mmgT[]W3 Bvd$<{l?r#Q<

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.6	49727	91.212.166.119	443	2588	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-20 12:40:15 UTC	406	OUT	GET /login/css/login-arrow-icon.png HTTP/1.1 Host: arvest.click Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-20 12:40:15 UTC	300	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 20 Mar 2025 12:40:15 GMT Content-Type: image/png Content-Length: 271 Last-Modified: Mon, 17 Feb 2025 18:35:57 GMT Connection: close ETag: "67b3818d-10f" Expires: Thu, 31 Dec 2037 23:55:55 GMT Cache-Control: max-age=315360000 Accept-Ranges: bytes
2025-03-20 12:40:15 UTC	271	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 0f 00 00 00 0a 08 06 00 00 00 6b 1b 04 f9 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 00 b1 49 44 41 54 78 da 8c 90 31 0e 82 40 10 45 27 98 58 d8 58 79 14 43 8f b5 16 96 7a 01 3d 11 a5 16 72 01 0e 40 cf 0d b8 83 95 31 b1 20 98 f1 4f f8 2b 23 c1 c0 4b 5e d8 d9 fd 9f 25 88 aa 46 f0 06 cf 50 26 78 62 7e 66 43 aa 2d 6f 78 1c 29 1e 98 33 d2 48 3a 6c 7d 81 3b 19 66 0b af cc b5 d8 f5 30 d3 8e 17 4c 7a 37 26 dc 0f 64 e1 b3 cd 39 cc dd e1 03 c6 3c 8b 39 07 72 e6 c5 bf 7d 01 0b 17 ba c3 3d 9f 81 82 39 e9 97 cd 25 2c 5d b8 71 eb 92 e7 f2 af 6c ae 60 a5 bf 54 dc 97 b1 b2 b9 86 35 8b 35 67 99 5a 36 37 f0 39 f0 e7 bf 7e 04 18 00 bf d5 c4 d4 Data Ascii: PNGIHDRktEXtSoftwareAdobe ImageReadyqe<IDATx1@E'XXyCz=r@1 O+#K^%FP&xb~fC-ox)3H:l};f0Lz7&d9<9r}=9%,]ql`T55gZ679~

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.6	49728	91.212.166.119	443	2588	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-20 12:40:15 UTC	447	OUT	GET /login/css/24WEB057%20Dec%20TP%20Ads%20for%20Web_MainNav_NewYearPlan.png HTTP/1.1 Host: arvest.click Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-20 12:40:15 UTC	303	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 20 Mar 2025 12:40:15 GMT Content-Type: image/png Content-Length: 55947 Last-Modified: Mon, 17 Feb 2025 18:35:56 GMT Connection: close ETag: "67b3818c-da8b" Expires: Thu, 31 Dec 2037 23:55:55 GMT Cache-Control: max-age=315360000 Accept-Ranges: bytes
2025-03-20 12:40:15 UTC	16081	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 d9 00 00 00 ea 08 06 00 00 00 2f 50 e0 75 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 20 00 49 44 41 54 78 9c 74 bd f9 8f 25 59 76 df f7 39 f7 de 88 78 ef e5 9e 95 55 bd 54 f7 f4 36 3d 9c e6 cc f4 68 38 dc 34 14 c9 11 05 5a 96 69 09 12 0c c8 32 6d d8 b0 65 0b 32 0c d8 12 60 ff 68 03 36 60 d8 fe 0f 0c 43 80 24 d8 80 65 cb 02 24 8a 96 45 51 24 b5 91 23 52 1a ce 3e 3d d3 33 bd d6 5e 59 95 cb cb b7 c4 72 17 ff 70 97 88 ec 26 b3 50 99 2f 5f be 17 2f e2 dc b3 7c cf f7 9c 7b 42 b6 db 75 00 40 80 00 e0 81 40 f0 01 41 e2 f3 02 22 8a 80 a0 44 11 88 7f 13 51 40 c0 7b 8f b5 03 7d d7 e2 fa 8e 61 bb e2 e2 f1 03 1e bc fd 1d 2e 1e 3f a0 db 6e e9 ac 65 b5 da b0 e9 2c a2 0c 8e 40 5d 19 76 76 Data Ascii: PNGIHDR/PupHYs~ IDATxt%Yv9xUT6=h84Zi2me2`h6`C$e$EQ$#R>=3^Yrp&P/_/\|{Bu@@A"DQ@{}a.?ne,@]vv
2025-03-20 12:40:15 UTC	16384	IN	Data Raw: 79 ea 26 fb 37 6f f2 f8 87 bf 8d 90 03 ce 0e 9f 70 72 78 8c d4 39 45 21 30 c6 f0 e8 d1 13 c6 d3 31 3b 57 6f 10 32 8d cc 4a 32 99 51 cc f6 08 c0 fc d1 2d fe e4 fd 0f c8 84 e7 5b 5f bc ca bf fa f0 11 e7 eb 25 8c a7 8c 87 43 be f9 d6 9b 34 ab 25 a3 f1 70 6b 93 b7 8d cd a5 d7 e1 5d e0 6b 97 f9 7b 5c ba d1 ff 8d 9b fd 12 fa b6 ad 8a 97 4c 52 07 bb 57 31 76 13 7f 3d 53 9c 1f 7f ca fd 87 b7 30 8d 65 3c 28 19 4d 4a 28 20 68 83 6f 2b d0 01 53 5b 42 88 f3 b3 d4 1a 3d 98 30 3f 3b 67 30 ec 28 77 af a2 91 e8 d1 94 ce 34 9f 03 04 03 81 22 cf c9 77 0e d2 2f 0b 8c 69 2f 81 a6 82 e9 f4 20 be d1 6d ab dc 7f 3f 97 90 c3 f4 fe 03 3d ff f5 e2 f9 bb f4 b5 a2 03 92 ce 3a 6a 03 a7 eb 8e e5 a6 a1 ee 62 82 a5 35 06 6b 0d 84 48 11 89 a5 35 c3 6b 8b b3 06 e5 33 a2 a1 5c d4 ce 68 dd Data Ascii: y&7oprx9E!01;Wo2J2Q-[_%C4%pk]k{\LRW1v=S0e<(MJ( ho+S[B=0?;g0(w4"w/i/ m?=:jb5kH5k3\h
2025-03-20 12:40:16 UTC	16384	IN	Data Raw: ca 32 d9 0d a2 28 47 69 aa 79 c5 ec e8 88 db 0f ee 33 5f ae b8 be db 33 b8 25 57 ad c7 66 05 6f 3d b8 c9 ab 37 66 b8 76 c3 2b a7 15 7f f7 6b 0f d9 f5 8e cb cb 0e a3 35 fd 30 90 25 9a 96 d6 46 1c a0 b5 58 b5 b7 29 64 31 22 0b e6 cc 4b 75 1f 82 c7 22 ec f8 5e 69 56 47 47 1c 1d ad b8 76 ed 1a 75 5d 51 96 d5 b4 63 73 2e d2 ee c5 58 d4 3b 91 e2 68 9b 25 db 40 e9 9a 46 76 cd c8 59 1d 85 a6 43 27 06 4f bd 3b 98 dc 78 e7 a4 1b 8a 51 aa 52 92 76 85 41 fe 5c 4c 6c 23 a3 35 d1 f9 69 c6 aa e7 75 da bd 7a da a6 61 f0 03 b1 ac e9 87 01 36 5b e6 8b 85 7c 3f 13 98 95 0b ac b5 cc 17 4b ac 54 9e 98 d0 42 39 00 e3 2e c1 24 ad 92 52 f2 eb a2 ae 99 af 96 cc 97 35 36 b3 78 e7 69 f7 2d db cb 35 cd 66 43 50 0a a3 ed a4 08 8d 90 c2 e4 fc d4 26 32 42 ec 7a 3c 54 29 fb 8a f1 b7 a4 Data Ascii: 2(Giy3_3%Wfo=7fv+k50%FX)d1"Ku"^iVGGvu]Qcs.X;h%@FvYC'O;xQRvA\Ll#5iuza6[\|?KTB9.$R56xi-5fCP&2Bz<T)
2025-03-20 12:40:16 UTC	7098	IN	Data Raw: 75 c5 e9 43 66 f5 5a 21 75 91 fd cd ac e0 7c 8a a2 32 63 88 c6 ef 2d 50 bc 4e 21 ac e6 0e ad a8 b6 33 43 4d 15 e7 64 73 b1 7d 8b 1f db b7 f8 31 91 99 c2 bf fe f1 06 86 df bf 81 7f fd 60 14 57 6f dc 64 17 18 6c d1 b0 78 58 04 2d 42 17 40 27 71 b2 88 56 2c f4 81 aa b1 d0 08 16 7e ae 15 6d 8b 81 aa 00 e2 94 4f 03 85 3c d3 e3 73 f9 1c 73 2f d1 0b a8 cb 66 91 2b 70 f5 46 05 14 85 ed 20 b0 da 9d c8 4f e5 a0 69 2a 1c 2e 2f dc 2e 0d 0d be b5 68 bc 79 05 8d eb dd 78 e4 c6 08 1e bb 37 89 eb 77 f3 f8 f3 d8 7d dc b8 57 c0 e4 54 5e ec 4b d4 2c 2c 6a 91 50 19 b9 01 84 26 e2 ac de 75 58 2d 0a 1e 5d dd 80 f5 5f 6a 42 cb 9a 46 78 1b dc 70 3a 6c b0 59 c8 a4 cd 3a 05 7b 36 0f c5 b8 8f f1 7b 77 f0 c9 ed 4f 90 cf de 87 81 3c 54 15 b0 db 6c b0 58 2d dc 03 bc 38 07 a1 75 25 26 Data Ascii: uCfZ!u\|2c-PN!3CMds}1`WodlxX-B@'qV,~mO<ss/f+pF Oi*./.hyx7w}WT^K,,jP&uX-]_jBFxp:lY:{6{wO<TlX-8u%&

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 5840, Parent PID: 3372

Function Logs

General

Target ID:	1
Start time:	08:39:54
Start date:	20/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff63b000000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

File Activities

File Opened

Show Windows behavior

Registry Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

COM Activities

WMI Operations

Show Windows behavior

Process Activities

Process Created

Process Terminated

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Windows UI Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Token Activities

Token Adjusted

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 2588, Parent PID: 5840

Function Logs

General

Target ID:	4
Start time:	08:40:01
Start date:	20/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2056,i,2299731630484019641,637105831372448406,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2088 /prefetch:3
Imagebase:	0x7ff63b000000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

File Activities

File Opened

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6628, Parent PID: 3372

Function Logs

General

Target ID:	11
Start time:	08:40:07
Start date:	20/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://ynlyce.com"
Imagebase:	0x7ff63b000000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

File Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://ynlyce.com

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Chrome Cache Entry: 70

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Chrome Cache Entry: 73

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Chrome Cache Entry: 83

Chrome Cache Entry: 84

Chrome Cache Entry: 85

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

Windows Analysis Report
http://ynlyce.com