Edit tour

Windows Analysis Report
https://clickme.thryv.com/ls/click?upn=u001.riIXj-2FK9449T8JPCKPEBGl7md7eSLoaMD-2FecZnz-2BWDJq4zY5WLup-2Frvbd1WDLSEr3pyLZbFbrlzTtDKDGGnJXA-3D-3DFP6L_jzclrAiO28PBUU1ZLf2yC1YJEF5Rt8zDnz4yKbEuFqXf3c0fVOhzL2fXxOYix3CjCrzlLwoIPSXb9PavK50mtpdK-2FWF7thydb3q6E5ptEQici6-2FjXDBSYHl5N6-2FtCG0egLwOtm2qkg4ep64aT

Overview

General Information

Sample URL:	https://clickme.thryv.com/ls/click?upn=u001.riIXj-2FK9449T8JPCKPEBGl7md7eSLoaMD-2FecZnz-2BWDJq4zY5WLup-2Frvbd1WDLSEr3pyLZbFbrlzTtDKDGGnJXA-3D-3DFP6L_jzclrAiO28PBUU1ZLf2yC1YJEF5Rt8zDnz4yKbEuFqXf3c0fVOh
Analysis ID:	1676578
Infos:

Detection

Score:	0
Range:	0 - 100
Confidence:	80%

Signatures

URL contains potential PII (phishing indication)

Classification

Process Tree

System is w10x64

chrome.exe (PID: 3952 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 344 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1980,i,11718107789620206541,6931811344591321819,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2008 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6296 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://clickme.thryv.com/ls/click?upn=u001.riIXj-2FK9449T8JPCKPEBGl7md7eSLoaMD-2FecZnz-2BWDJq4zY5WLup-2Frvbd1WDLSEr3pyLZbFbrlzTtDKDGGnJXA-3D-3DFP6L_jzclrAiO28PBUU1ZLf2yC1YJEF5Rt8zDnz4yKbEuFqXf3c0fVOhzL2fXxOYix3CjCrzlLwoIPSXb9PavK50mtpdK-2FWF7thydb3q6E5ptEQici6-2FjXDBSYHl5N6-2FtCG0egLwOtm2qkg4ep64aTiSO4gpUJEi0OPKPHBjhHalHr4xXyWDsO-2Bd5Hm1QCTFxyzNc8yeTWjFDz4TvWKhDDplNgoJGIsUyVTJPZz7RYwZors8SJkRZ-2BEjrbeKaOAuL-2BV23lb0rcvtDcF9W6EPaS6PPFlcJb4pmi8NXkbBGTJ9lmClb1YKN0fJzSav8qw3cx8E-2BFbgPNa3X-2BwvoYJ-2BC9tZKtuitHAQkCJ6Db03ysCt2aG0-3D#Cjami.bogle@coastalfinanceco.com" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Joe Sandbox Signatures

• Phishing
• Compliance
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://clickme.thryv.com/ls/click?upn=u001.riIXj-2FK9449T8JPCKPEBGl7md7eSLoaMD-2FecZnz-2BWDJq4zY5WLup-2Frvbd1WDLSEr3pyLZbFbrlzTtDKDGGnJXA-3D-3DFP6L_jzclrAiO28PBUU1ZLf2yC1YJEF5Rt8zDnz4yKbEuFqXf3c0fVOhzL2fXxOYix3CjCrzlLwoIPSXb9PavK50mtpdK-2FWF7thydb3q6E5ptEQici6-2FjXDBSYHl5N6-2FtCG0egLwOtm2qkg4ep64aTiSO4gpUJEi0OPKPHBjhHalHr4xXyWDsO-2Bd5Hm1QCTFxyzNc8yeTWjFDz4TvWKhDDplNgoJGIsUyVTJPZz7RYwZors8SJkRZ-2BEjrbeKaOAuL-2BV23lb0rcvtDcF9W6EPaS6PPFlcJb4pmi8NXkbBGTJ9lmClb1YKN0fJzSav8qw3cx8E-2BFbgPNa3X-2BwvoYJ-2BC9tZKtuitHAQkCJ6Db03ysCt2aG0-3D#Cjami.bogle@coastalfinanceco.com

Sample URL: PII: Cjami.bogle@coastalfinanceco.com

Source: https://dreadpiratedragon.com/cg/index.html#Cjami.bogle@coastalfinanceco.com

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 142.250.69.4:443 -> 192.168.2.6:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.65.25.18:443 -> 192.168.2.6:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.65.25.18:443 -> 192.168.2.6:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.65.25.18:443 -> 192.168.2.6:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.185.121.155:443 -> 192.168.2.6:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.185.121.155:443 -> 192.168.2.6:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.185.121.155:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.185.121.155:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.185.121.155:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.185.121.155:443 -> 192.168.2.6:49713 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.178.49.195
Source: unknown	TCP traffic detected without corresponding DNS query: 192.178.49.195
Source: unknown	TCP traffic detected without corresponding DNS query: 192.178.49.195
Source: unknown	TCP traffic detected without corresponding DNS query: 192.178.49.195
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 192.178.49.195

Source: global traffic

HTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: clickme.thryv.com
Source: global traffic	DNS traffic detected: DNS query: dreadpiratedragon.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704

Source: unknown	HTTPS traffic detected: 142.250.69.4:443 -> 192.168.2.6:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.65.25.18:443 -> 192.168.2.6:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.65.25.18:443 -> 192.168.2.6:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.65.25.18:443 -> 192.168.2.6:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.185.121.155:443 -> 192.168.2.6:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.185.121.155:443 -> 192.168.2.6:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.185.121.155:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.185.121.155:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.185.121.155:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.185.121.155:443 -> 192.168.2.6:49713 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@24/18@8/4

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1980,i,11718107789620206541,6931811344591321819,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2008 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://clickme.thryv.com/ls/click?upn=u001.riIXj-2FK9449T8JPCKPEBGl7md7eSLoaMD-2FecZnz-2BWDJq4zY5WLup-2Frvbd1WDLSEr3pyLZbFbrlzTtDKDGGnJXA-3D-3DFP6L_jzclrAiO28PBUU1ZLf2yC1YJEF5Rt8zDnz4yKbEuFqXf3c0fVOhzL2fXxOYix3CjCrzlLwoIPSXb9PavK50mtpdK-2FWF7thydb3q6E5ptEQici6-2FjXDBSYHl5N6-2FtCG0egLwOtm2qkg4ep64aTiSO4gpUJEi0OPKPHBjhHalHr4xXyWDsO-2Bd5Hm1QCTFxyzNc8yeTWjFDz4TvWKhDDplNgoJGIsUyVTJPZz7RYwZors8SJkRZ-2BEjrbeKaOAuL-2BV23lb0rcvtDcF9W6EPaS6PPFlcJb4pmi8NXkbBGTJ9lmClb1YKN0fJzSav8qw3cx8E-2BFbgPNa3X-2BwvoYJ-2BC9tZKtuitHAQkCJ6Db03ysCt2aG0-3D#Cjami.bogle@coastalfinanceco.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1980,i,11718107789620206541,6931811344591321819,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2008 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://clickme.thryv.com/ls/click?upn=u001.riIXj-2FK9449T8JPCKPEBGl7md7eSLoaMD-2FecZnz-2BWDJq4zY5WLup-2Frvbd1WDLSEr3pyLZbFbrlzTtDKDGGnJXA-3D-3DFP6L_jzclrAiO28PBUU1ZLf2yC1YJEF5Rt8zDnz4yKbEuFqXf3c0fVOhzL2fXxOYix3CjCrzlLwoIPSXb9PavK50mtpdK-2FWF7thydb3q6E5ptEQici6-2FjXDBSYHl5N6-2FtCG0egLwOtm2qkg4ep64aTiSO4gpUJEi0OPKPHBjhHalHr4xXyWDsO-2Bd5Hm1QCTFxyzNc8yeTWjFDz4TvWKhDDplNgoJGIsUyVTJPZz7RYwZors8SJkRZ-2BEjrbeKaOAuL-2BV23lb0rcvtDcF9W6EPaS6PPFlcJb4pmi8NXkbBGTJ9lmClb1YKN0fJzSav8qw3cx8E-2BFbgPNa3X-2BwvoYJ-2BC9tZKtuitHAQkCJ6Db03ysCt2aG0-3D#Cjami.bogle@coastalfinanceco.com	0%	Avira URL Cloud	safe

Name	IP	Active	Malicious	Reputation
dreadpiratedragon.com	192.185.121.155	true	false	unknown
www.google.com	142.250.69.4	true	false	high
d1rsqi0l6b7evg.cloudfront.net	18.65.25.18	true	false	unknown
clickme.thryv.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Reputation
http://c.pki.goog/r/r4.crl	false	high
https://dreadpiratedragon.com/cg/index.html#	false	unknown
https://dreadpiratedragon.com/cg/index.html#Cjami.bogle@coastalfinanceco.com	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.69.4	www.google.com	United States	15169	GOOGLEUS	false
192.185.121.155	dreadpiratedragon.com	United States	46606	UNIFIEDLAYER-AS-1US	false
18.65.25.18	d1rsqi0l6b7evg.cloudfront.net	United States	3	MIT-GATEWAYSUS	false

Private

IP
192.168.2.6

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1676578
Start date and time:	2025-04-28 20:21:21 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 16s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://clickme.thryv.com/ls/click?upn=u001.riIXj-2FK9449T8JPCKPEBGl7md7eSLoaMD-2FecZnz-2BWDJq4zY5WLup-2Frvbd1WDLSEr3pyLZbFbrlzTtDKDGGnJXA-3D-3DFP6L_jzclrAiO28PBUU1ZLf2yC1YJEF5Rt8zDnz4yKbEuFqXf3c0fVOhzL2fXxOYix3CjCrzlLwoIPSXb9PavK50mtpdK-2FWF7thydb3q6E5ptEQici6-2FjXDBSYHl5N6-2FtCG0egLwOtm2qkg4ep64aTiSO4gpUJEi0OPKPHBjhHalHr4xXyWDsO-2Bd5Hm1QCTFxyzNc8yeTWjFDz4TvWKhDDplNgoJGIsUyVTJPZz7RYwZors8SJkRZ-2BEjrbeKaOAuL-2BV23lb0rcvtDcF9W6EPaS6PPFlcJb4pmi8NXkbBGTJ9lmClb1YKN0fJzSav8qw3cx8E-2BFbgPNa3X-2BwvoYJ-2BC9tZKtuitHAQkCJ6Db03ysCt2aG0-3D#Cjami.bogle@coastalfinanceco.com
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@24/18@8/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe, svchost.exe, TextInputHost.exe
Excluded IPs from analysis (whitelisted): 142.250.68.227, 142.250.68.238, 142.250.141.84, 199.232.214.172, 192.178.49.206
Excluded domains from analysis (whitelisted): clients2.google.com, edgedl.me.gvt1.com, accounts.google.com, redirector.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, c.pki.goog, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
VT rate limit hit for: https://clickme.thryv.com/ls/click?upn=u001.riIXj-2FK9449T8JPCKPEBGl7md7eSLoaMD-2FecZnz-2BWDJq4zY5WLup-2Frvbd1WDLSEr3pyLZbFbrlzTtDKDGGnJXA-3D-3DFP6L_jzclrAiO28PBUU1ZLf2yC1YJEF5Rt8zDnz4yKbEuFqXf3c0fVOhzL2fXxOYix3CjCrzlLwoIPSXb9PavK50mtpdK-2FWF7thydb3q6E5ptEQici6-2FjXDBSYHl5N6-2FtCG0egLwOtm2qkg4ep64aTiSO4gpUJEi0OPKPHBjhHalHr4xXyWDsO-2Bd5Hm1QCTFxyzNc8yeTWjFDz4TvWKhDDplNgoJGIsUyVTJPZz7RYwZors8SJkRZ-2BEjrbeKaOAuL-2BV23lb0rcvtDcF9W6EPaS6PPFlcJb4pmi8NXkbBGTJ9lmClb1YKN0fJzSav8qw3cx8E-2BFbgPNa3X-2BwvoYJ-2BC9tZKtuitHAQkCJ6Db03ysCt2aG0-3D#Cjami.bogle@coastalfinanceco.com

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 868x169, components 3
Category:	dropped
Size (bytes):	4335
Entropy (8bit):	5.483603315043782
Encrypted:	false
SSDEEP:	48:Ivi3ZsdwUKPGIhuF/ig2BamU/CSkMKisRHcfZakyWr9A9RSxNRXbRzwn:HpowU4ovDPCSrKishcxjyWrCCb+n
MD5:	DE6ECBBB2471827D90BF32C47A0CBC45
SHA1:	FFEAAFE8B9CA2752908C5D4E95E4803EF7FFDD18
SHA-256:	5CAE6C33F0F9D4449CE8539A60E7D40EBA2DDC75979FC26284854A29C36D08CB
SHA-512:	FAF0F054EF55B3362BA26615BC670DCC0471D660BBFBC4D086CE8CB143D31235AFC4AD4332FB669CAB4ED422C99FE67AB31D8E955D9B18F21A4CFDD33090D496
Malicious:	false
Reputation:	low
Preview:	......JFIF.....H.H.....C..............................................!........."$".$.......C.........................................................................d..........................................:..............................!..16FQt.....aq..AV..&..................................'....................R........Q.!13...............?..X..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Chrome Cache Entry: 58

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 97 x 97, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	2672
Entropy (8bit):	7.864218635615192
Encrypted:	false
SSDEEP:	48:TlCtqLaLvN6P+NsI1hmhzoioE0jAoeZBrnFIVVbtdoV0GdXSnZ9wKS6Ei3:ItqLaLVvk9X08n3nWV5+B1SnZ9wKfD3
MD5:	F851DB995B0253A71D638F779BE88330
SHA1:	5F5319E016676E6B92F7E597B837677DDF52C0A5
SHA-256:	2C024E287D53DCC084B60B01A69990C369E758DC7C91B0FE4791F02D18AAE61A
SHA-512:	AB09FAECBB8C24ACADE89EFC25515C2B25C12C378144180E5B807309F793720E30BCE75A604515181554068FE4BAAD34E4EE050A6B5C5F9485D1E4712B9EC724
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...a...a.......?.....sBIT.....O....`PLTEf.....^^.77...zz\|....uu.-&.{W.........A-. ..3&.iH.RB.......\@....//.............`.....t.__...3j&.....pHYs...........~.....tEXtCreation Time.03/04/09.......tEXtSoftware.Adobe Fireworks CS4......]IDATh....z....1.H....m....[....t...6..........]].S.SY.C..z.O..................g^tf.e:0[...^..B19.m9......5(.....p......Z..1.E.}....Z.Q..R...w........C.......;..ZH..j8stB0....t..._4M.D{..c.U..:...w....&.q...f..+..F..b.7...H...P........u.s..D....?.n.S.H...su....K.!R;DN..BA._..K,..]/....(o.}..~...v.Gke.~.66.+..#6.SW.N..w9.&.}..m...j...kW.....0E.{.........8...!2NT.....AU../.kUu...D._..w.[..........]%@.cm.(.UU..L_.%....XWU..3[.T...m. J...T.9@..Of.b....C\|Ukk/..R8.H.>p.V....R.....e.Es$...=@x...A...?.$..=.....T<..`j..o4.B..b.......]...h.M.p....<z.:.@H.....y..N.........."..0T.....X..71.4...k..$...V.Tx^...s...}..1../.7.`s+..6..W!..!.zR....V....I..N...}7}...X-.2T.........6).V........`6+.Y..6t'".U/.#>F..80.

Chrome Cache Entry: 59

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 868 x 4
Category:	downloaded
Size (bytes):	120
Entropy (8bit):	6.060493667147718
Encrypted:	false
SSDEEP:	3:CcnebN95vXG5Z1CK/7kCfrpvsdhyt86psoPHHn:tQG5Z1Dn+Wy6pseH
MD5:	DC8055F43FBB4A4B6DFB298EC35188F2
SHA1:	1FFC540743DE1CDB929D9D1218978005141E8D9D
SHA-256:	B857737891B84293B3DF526B48CE3D54FDCC5789C250EADFF9DD38E3C2C68CAF
SHA-512:	2CC173EFBA132E4352582F000F226E86A9A898B8A3AC1BA9633B2F19838B618EE3047555928E5258CC97E514D6F96ADF86391F7C6104288F1A61543E93B13518
Malicious:	false
Reputation:	low
URL:	https://dreadpiratedragon.com/cgi-sys/images/404mid.gif
Preview:	GIF89ad.................!.......,....d.....I...............H....................D..VL*.....J.T..P.j......-...;

Chrome Cache Entry: 60

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 868x169, components 3
Category:	downloaded
Size (bytes):	4335
Entropy (8bit):	5.483603315043782
Encrypted:	false
SSDEEP:	48:Ivi3ZsdwUKPGIhuF/ig2BamU/CSkMKisRHcfZakyWr9A9RSxNRXbRzwn:HpowU4ovDPCSrKishcxjyWrCCb+n
MD5:	DE6ECBBB2471827D90BF32C47A0CBC45
SHA1:	FFEAAFE8B9CA2752908C5D4E95E4803EF7FFDD18
SHA-256:	5CAE6C33F0F9D4449CE8539A60E7D40EBA2DDC75979FC26284854A29C36D08CB
SHA-512:	FAF0F054EF55B3362BA26615BC670DCC0471D660BBFBC4D086CE8CB143D31235AFC4AD4332FB669CAB4ED422C99FE67AB31D8E955D9B18F21A4CFDD33090D496
Malicious:	false
Reputation:	low
URL:	https://dreadpiratedragon.com/cgi-sys/images/404top_w.jpg
Preview:	......JFIF.....H.H.....C..............................................!........."$".$.......C.........................................................................d..........................................:..............................!..16FQt.....aq..AV..&..................................'....................R........Q.!13...............?..X..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Chrome Cache Entry: 61

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 868 x 14
Category:	downloaded
Size (bytes):	537
Entropy (8bit):	6.848296452361371
Encrypted:	false
SSDEEP:	12:BDGHgnth2eq8ExIFDW+ax8+RorOwL+8Cu2uPhNWnyRmK3Fd7HRa:lGHith7rEAW+a0W8GChUnyRmoy
MD5:	54EB288427ACF79ED320EFD4916FE0B7
SHA1:	67BA813FF74D52035D70FCDA58B57563F01FB829
SHA-256:	70E4A5F9F7D98C1564B17ECC69196FED4F74FE5AFB2C61B4FB7045DD3309DC4F
SHA-512:	C7C00A268ADA15FC6B19F64860DD5CE92FA69E6B64E2D7B3ADA02B74E6CC3C4EB4466BBA443752A76F4EE908FA93F3683C6256F7A473B05C86ECAEBBCAC125E1
Malicious:	false
Reputation:	low
URL:	https://dreadpiratedragon.com/cgi-sys/images/404bottom.gif
Preview:	GIF89ad......6e............\|.....m.....\.......Nw................X..s........d.................{..~.....k.....c..Y......................................................................................!.......,....d......@.AB,...r.l:..tJ.Z..v..z..xL....z]T...\|N.....~.....OnB.............Un.............S......................................f..............D.........f..............D.#p.........E......H...2..............@....#..... C..I...(S.\...0c.I...8s.....6.*.d.......(ph.DC...8..Z...X.j....`..K...S9X Q"I..;

Chrome Cache Entry: 62

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 868 x 14
Category:	dropped
Size (bytes):	537
Entropy (8bit):	6.848296452361371
Encrypted:	false
SSDEEP:	12:BDGHgnth2eq8ExIFDW+ax8+RorOwL+8Cu2uPhNWnyRmK3Fd7HRa:lGHith7rEAW+a0W8GChUnyRmoy
MD5:	54EB288427ACF79ED320EFD4916FE0B7
SHA1:	67BA813FF74D52035D70FCDA58B57563F01FB829
SHA-256:	70E4A5F9F7D98C1564B17ECC69196FED4F74FE5AFB2C61B4FB7045DD3309DC4F
SHA-512:	C7C00A268ADA15FC6B19F64860DD5CE92FA69E6B64E2D7B3ADA02B74E6CC3C4EB4466BBA443752A76F4EE908FA93F3683C6256F7A473B05C86ECAEBBCAC125E1
Malicious:	false
Reputation:	low
Preview:	GIF89ad......6e............\|.....m.....\.......Nw................X..s........d.................{..~.....k.....c..Y......................................................................................!.......,....d......@.AB,...r.l:..tJ.Z..v..z..xL....z]T...\|N.....~.....OnB.............Un.............S......................................f..............D.........f..............D.#p.........E......H...2..............@....#..... C..I...(S.\...0c.I...8s.....6.*.d.......(ph.DC...8..Z...X.j....`..K...S9X Q"I..;

Chrome Cache Entry: 63

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 868 x 4
Category:	dropped
Size (bytes):	120
Entropy (8bit):	6.060493667147718
Encrypted:	false
SSDEEP:	3:CcnebN95vXG5Z1CK/7kCfrpvsdhyt86psoPHHn:tQG5Z1Dn+Wy6pseH
MD5:	DC8055F43FBB4A4B6DFB298EC35188F2
SHA1:	1FFC540743DE1CDB929D9D1218978005141E8D9D
SHA-256:	B857737891B84293B3DF526B48CE3D54FDCC5789C250EADFF9DD38E3C2C68CAF
SHA-512:	2CC173EFBA132E4352582F000F226E86A9A898B8A3AC1BA9633B2F19838B618EE3047555928E5258CC97E514D6F96ADF86391F7C6104288F1A61543E93B13518
Malicious:	false
Reputation:	low
Preview:	GIF89ad.................!.......,....d.....I...............H....................D..VL*.....J.T..P.j......-...;

Chrome Cache Entry: 64

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 97 x 97, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	2672
Entropy (8bit):	7.864218635615192
Encrypted:	false
SSDEEP:	48:TlCtqLaLvN6P+NsI1hmhzoioE0jAoeZBrnFIVVbtdoV0GdXSnZ9wKS6Ei3:ItqLaLVvk9X08n3nWV5+B1SnZ9wKfD3
MD5:	F851DB995B0253A71D638F779BE88330
SHA1:	5F5319E016676E6B92F7E597B837677DDF52C0A5
SHA-256:	2C024E287D53DCC084B60B01A69990C369E758DC7C91B0FE4791F02D18AAE61A
SHA-512:	AB09FAECBB8C24ACADE89EFC25515C2B25C12C378144180E5B807309F793720E30BCE75A604515181554068FE4BAAD34E4EE050A6B5C5F9485D1E4712B9EC724
Malicious:	false
Reputation:	low
URL:	https://dreadpiratedragon.com/cgi-sys/images/x.png
Preview:	.PNG........IHDR...a...a.......?.....sBIT.....O....`PLTEf.....^^.77...zz\|....uu.-&.{W.........A-. ..3&.iH.RB.......\@....//.............`.....t.__...3j&.....pHYs...........~.....tEXtCreation Time.03/04/09.......tEXtSoftware.Adobe Fireworks CS4......]IDATh....z....1.H....m....[....t...6..........]].S.SY.C..z.O..................g^tf.e:0[...^..B19.m9......5(.....p......Z..1.E.}....Z.Q..R...w........C.......;..ZH..j8stB0....t..._4M.D{..c.U..:...w....&.q...f..+..F..b.7...H...P........u.s..D....?.n.S.H...su....K.!R;DN..BA._..K,..]/....(o.}..~...v.Gke.~.66.+..#6.SW.N..w9.&.}..m...j...kW.....0E.{.........8...!2NT.....AU../.kUu...D._..w.[..........]%@.cm.(.UU..L_.%....XWU..3[.T...m. J...T.9@..Of.b....C\|Ukk/..R8.H.>p.V....R.....e.Es$...=@x...A...?.$..=.....T<..`j..o4.B..b.......]...h.M.p....<z.:.@H.....y..N.........."..0T.....X..71.4...k..$...V.Tx^...s...}..1../.7.`s+..6..W!..!.zR....V....I..N...}7}...X-.2T.........6).V........`6+.Y..6t'".U/.#>F..80.

Chrome Cache Entry: 65

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 11816
Category:	downloaded
Size (bytes):	4677
Entropy (8bit):	7.946065353100574
Encrypted:	false
SSDEEP:	96:bZ/NwFlux9fPOlplZDCxX44cnBn4PxuyjWe8zngjoNRc/YrdgN:bZ/CQZOLUcFleWJMUraYrdgN
MD5:	E6AAE2410885DF2F2629465B60A2691D
SHA1:	859D3D883FB8CA2AADEDF5753ABCD7ACCE922479
SHA-256:	A113D210F17827A95D9D1EEE68BF4E0AA8BD39D67DF1D9420FF5E9C0F49B1D48
SHA-512:	77CFA85A05295F3E1D239AE09D6EC80B7D038A0466276B7D5586E614035BABFAA7FAC4B965643EF18C38648ED68BACBFB510BCF06AC578BCFE2C11F7892544AD
Malicious:	false
Reputation:	low
URL:	https://dreadpiratedragon.com/cg/index.html
Preview:	...........Rms......sg...J&av.......$...Nm.Rm.H.I...n..M...=._c.pw...~y...........3(\.........G...(z}.......[8....32qQt.....j.E..l0;.....h.Q....o.A....q...K......./^..z..P....P.`..1P.P...%J^Vy..g::<.s.}........k9=.v.].....I.v.s8w..>....;.]........N......p..3x.y......v...G......e...).e.,...v.&FV..I...Jq....M3H.......hp8(...a{.8jo..t..EI......6.....q^..>.Y.Z...Q.....H.].rBis_.4.:...Jar..!c...(.j...):....{{.d!5........D.h4..+....k5.y...U...D$w..Z.}Y....QO.,..5..I>.i6...<..]2X.pCM.....e^...Wh.2...\|~..l'....\|..v,.....sT.Wd....G.'.8R.....F......O.......E..>.......8....V..?\....~..[..K..J.z.....p...=4.LB)..Y....y..u.F......M.........Y.....b....;...C..d.5.[.&TW...Rd.{/_..l..y.o...Y'.+....G.;G.....\...?z..JL.9..~"...P..,E....O.$.}..(..O.W...<...2X!.SS..Q..rx......O....x."..#.D.J...M...A.P.!3-.u.H.2..6....?.....<g...R.;1<.]..........9....G..$.Vp...0s.B.Q.=.f.%a..fQmB<.q..MZq..0&....V....k....I&;..A...}m.D3.q..Icy+!Ef.}.~...`.i....../~].B......&.

Chrome Cache Entry: 66

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 11816
Category:	downloaded
Size (bytes):	4677
Entropy (8bit):	7.946065353100574
Encrypted:	false
SSDEEP:	96:bZ/NwFlux9fPOlplZDCxX44cnBn4PxuyjWe8zngjoNRc/YrdgN:bZ/CQZOLUcFleWJMUraYrdgN
MD5:	E6AAE2410885DF2F2629465B60A2691D
SHA1:	859D3D883FB8CA2AADEDF5753ABCD7ACCE922479
SHA-256:	A113D210F17827A95D9D1EEE68BF4E0AA8BD39D67DF1D9420FF5E9C0F49B1D48
SHA-512:	77CFA85A05295F3E1D239AE09D6EC80B7D038A0466276B7D5586E614035BABFAA7FAC4B965643EF18C38648ED68BACBFB510BCF06AC578BCFE2C11F7892544AD
Malicious:	false
Reputation:	low
URL:	https://dreadpiratedragon.com/favicon.ico
Preview:	...........Rms......sg...J&av.......$...Nm.Rm.H.I...n..M...=._c.pw...~y...........3(\.........G...(z}.......[8....32qQt.....j.E..l0;.....h.Q....o.A....q...K......./^..z..P....P.`..1P.P...%J^Vy..g::<.s.}........k9=.v.].....I.v.s8w..>....;.]........N......p..3x.y......v...G......e...).e.,...v.&FV..I...Jq....M3H.......hp8(...a{.8jo..t..EI......6.....q^..>.Y.Z...Q.....H.].rBis_.4.:...Jar..!c...(.j...):....{{.d!5........D.h4..+....k5.y...U...D$w..Z.}Y....QO.,..5..I>.i6...<..]2X.pCM.....e^...Wh.2...\|~..l'....\|..v,.....sT.Wd....G.'.8R.....F......O.......E..>.......8....V..?\....~..[..K..J.z.....p...=4.LB)..Y....y..u.F......M.........Y.....b....;...C..d.5.[.&TW...Rd.{/_..l..y.o...Y'.+....G.;G.....\...?z..JL.9..~"...P..,E....O.$.}..(..O.W...<...2X!.SS..Q..rx......O....x."..#.D.J...M...A.P.!3-.u.H.2..6....?.....<g...R.;1<.]..........9....G..$.Vp...0s.B.Q.=.f.%a..fQmB<.q..MZq..0&....V....k....I&;..A...}m.D3.q..Icy+!Ef.}.~...`.i....../~].B......&.

Chrome Cache Entry: 67

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 2782
Category:	downloaded
Size (bytes):	1191
Entropy (8bit):	7.796270292729931
Encrypted:	false
SSDEEP:	24:XcZ+V72kAJOJMbpIYwbu7xzHfOHSyW3BgOk0o8fG+ITcIlp4ezR1ZO5:XcZKAeYpIrqzHfkSLHkbH4sRjO5
MD5:	DE892F8C9F4F88B59E09D5F162C5E1F2
SHA1:	1D257DA4E5DDE3A5817F2F41F047BAFD49B646A3
SHA-256:	70C74579F4A1E433CC33E298EA1C08073BFFCDFB6D6DD36163C942B2C8FE4381
SHA-512:	84006416B70DFE6B8CBA6F5EAA0F618406D8404A9FE0E04680BAC3D63F43294F7514A1777D1882A19574331599E4A3E4BC4B6298822535C7283CC1557A2024DC
Malicious:	false
Reputation:	low
URL:	https://dreadpiratedragon.com/cgi-sys/js/simple-expand.min.js
Preview:	...........RMo.8...W.a..";.."C...b.m...=.=0..bC.^rl'p..wHJ....\|.8.o.{.lfVOV..d.w..w..Im........5..5.+W......>..rl.n.:.4vr.Rp..+..7W.w.@Wp.b..w.x).....~....#...7.\|.+.F.C.K...C++L.].A.w.a...H7....X+t.5\...d.j.3...$k. l...JX.xH....,...1$..f{...sR/..`.=..nQ \.1....yV..k..H^...3.. .....9<.:=.......R.`..F.{ZV....3.w.pm..P."..Ed...J......x..[.T4E.\.^`..-.K-Q...:...<....C.6N.E..Y...p.M..X9.....n.....{..M5..i....H.^W.o.{ ..He.._.e....'...........}.....W..X..T.T..Om...y..~.+{..y.;.wv...y.#.[.....y.3.e..56}i.}7..._.,.......24..X;8O........{....;F....L..Hx.Z..g..$..}....w......4P2..'<...O="]b....K2.....b.o.8&.,........g..b../b...2.........lS..~-u.s..@.CKq9.J%.vVl..$[.l......T._.....}....O...s$IGL.C#k.2..e2.5...B..Wz...?h..NV.>.Jy1.....J...^.z..}.(D....F:.x&...F...td..+A.N..-.*..X9......K.C./...I..N...{.8A.E.\|..7...5B.e9L-..r....ErnB6....P7......i.JX..U.l....W..0%.......LF......F.r/K\....[..g@......p....t...T_5P=\|$,A.K=...l.2..~.Ky.9..I.

Total Packets: 99
• 443 (HTTPS)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 28, 2025 20:22:24.726658106 CEST	49678	443	192.168.2.6	20.42.65.91
Apr 28, 2025 20:22:27.132788897 CEST	49678	443	192.168.2.6	20.42.65.91
Apr 28, 2025 20:22:31.945346117 CEST	49678	443	192.168.2.6	20.42.65.91
Apr 28, 2025 20:22:32.960990906 CEST	49672	443	192.168.2.6	204.79.197.203
Apr 28, 2025 20:22:35.620682001 CEST	49701	80	192.168.2.6	192.178.49.195
Apr 28, 2025 20:22:35.768862963 CEST	80	49701	192.178.49.195	192.168.2.6
Apr 28, 2025 20:22:35.768951893 CEST	49701	80	192.168.2.6	192.178.49.195
Apr 28, 2025 20:22:35.769143105 CEST	49701	80	192.168.2.6	192.178.49.195
Apr 28, 2025 20:22:35.919981956 CEST	80	49701	192.178.49.195	192.168.2.6
Apr 28, 2025 20:22:35.920149088 CEST	80	49701	192.178.49.195	192.168.2.6
Apr 28, 2025 20:22:35.961445093 CEST	49701	80	192.168.2.6	192.178.49.195
Apr 28, 2025 20:22:37.887325048 CEST	49704	443	192.168.2.6	142.250.69.4
Apr 28, 2025 20:22:38.035145998 CEST	443	49704	142.250.69.4	192.168.2.6
Apr 28, 2025 20:22:38.035247087 CEST	49704	443	192.168.2.6	142.250.69.4
Apr 28, 2025 20:22:38.035557985 CEST	49704	443	192.168.2.6	142.250.69.4
Apr 28, 2025 20:22:38.185008049 CEST	443	49704	142.250.69.4	192.168.2.6
Apr 28, 2025 20:22:38.199150085 CEST	443	49704	142.250.69.4	192.168.2.6
Apr 28, 2025 20:22:38.199167967 CEST	443	49704	142.250.69.4	192.168.2.6
Apr 28, 2025 20:22:38.199229956 CEST	49704	443	192.168.2.6	142.250.69.4
Apr 28, 2025 20:22:38.201483011 CEST	49704	443	192.168.2.6	142.250.69.4
Apr 28, 2025 20:22:38.349836111 CEST	443	49704	142.250.69.4	192.168.2.6
Apr 28, 2025 20:22:38.399095058 CEST	49704	443	192.168.2.6	142.250.69.4
Apr 28, 2025 20:22:40.378689051 CEST	49705	443	192.168.2.6	18.65.25.18
Apr 28, 2025 20:22:40.397838116 CEST	49706	443	192.168.2.6	18.65.25.18
Apr 28, 2025 20:22:40.482076883 CEST	49707	443	192.168.2.6	18.65.25.18
Apr 28, 2025 20:22:40.526726007 CEST	443	49705	18.65.25.18	192.168.2.6
Apr 28, 2025 20:22:40.526808977 CEST	49705	443	192.168.2.6	18.65.25.18
Apr 28, 2025 20:22:40.527060986 CEST	49705	443	192.168.2.6	18.65.25.18
Apr 28, 2025 20:22:40.545663118 CEST	443	49706	18.65.25.18	192.168.2.6
Apr 28, 2025 20:22:40.545893908 CEST	49706	443	192.168.2.6	18.65.25.18
Apr 28, 2025 20:22:40.546118021 CEST	49706	443	192.168.2.6	18.65.25.18
Apr 28, 2025 20:22:40.630167961 CEST	443	49707	18.65.25.18	192.168.2.6
Apr 28, 2025 20:22:40.630527973 CEST	49707	443	192.168.2.6	18.65.25.18
Apr 28, 2025 20:22:40.630527973 CEST	49707	443	192.168.2.6	18.65.25.18
Apr 28, 2025 20:22:40.675781012 CEST	443	49705	18.65.25.18	192.168.2.6
Apr 28, 2025 20:22:40.676315069 CEST	443	49705	18.65.25.18	192.168.2.6
Apr 28, 2025 20:22:40.676327944 CEST	443	49705	18.65.25.18	192.168.2.6
Apr 28, 2025 20:22:40.676338911 CEST	443	49705	18.65.25.18	192.168.2.6
Apr 28, 2025 20:22:40.676354885 CEST	443	49705	18.65.25.18	192.168.2.6
Apr 28, 2025 20:22:40.676372051 CEST	49705	443	192.168.2.6	18.65.25.18
Apr 28, 2025 20:22:40.676410913 CEST	49705	443	192.168.2.6	18.65.25.18
Apr 28, 2025 20:22:40.677778959 CEST	443	49705	18.65.25.18	192.168.2.6
Apr 28, 2025 20:22:40.679315090 CEST	49705	443	192.168.2.6	18.65.25.18
Apr 28, 2025 20:22:40.679498911 CEST	49705	443	192.168.2.6	18.65.25.18
Apr 28, 2025 20:22:40.679681063 CEST	49705	443	192.168.2.6	18.65.25.18
Apr 28, 2025 20:22:40.693777084 CEST	443	49706	18.65.25.18	192.168.2.6
Apr 28, 2025 20:22:40.694266081 CEST	443	49706	18.65.25.18	192.168.2.6
Apr 28, 2025 20:22:40.694278955 CEST	443	49706	18.65.25.18	192.168.2.6
Apr 28, 2025 20:22:40.694288969 CEST	443	49706	18.65.25.18	192.168.2.6
Apr 28, 2025 20:22:40.694302082 CEST	443	49706	18.65.25.18	192.168.2.6
Apr 28, 2025 20:22:40.694343090 CEST	49706	443	192.168.2.6	18.65.25.18
Apr 28, 2025 20:22:40.694376945 CEST	49706	443	192.168.2.6	18.65.25.18
Apr 28, 2025 20:22:40.695262909 CEST	443	49706	18.65.25.18	192.168.2.6
Apr 28, 2025 20:22:40.695744038 CEST	49706	443	192.168.2.6	18.65.25.18
Apr 28, 2025 20:22:40.778338909 CEST	443	49707	18.65.25.18	192.168.2.6
Apr 28, 2025 20:22:40.778575897 CEST	443	49707	18.65.25.18	192.168.2.6
Apr 28, 2025 20:22:40.778589964 CEST	443	49707	18.65.25.18	192.168.2.6
Apr 28, 2025 20:22:40.778601885 CEST	443	49707	18.65.25.18	192.168.2.6
Apr 28, 2025 20:22:40.778614998 CEST	443	49707	18.65.25.18	192.168.2.6
Apr 28, 2025 20:22:40.778635979 CEST	49707	443	192.168.2.6	18.65.25.18
Apr 28, 2025 20:22:40.778677940 CEST	49707	443	192.168.2.6	18.65.25.18
Apr 28, 2025 20:22:40.779705048 CEST	443	49707	18.65.25.18	192.168.2.6
Apr 28, 2025 20:22:40.780085087 CEST	49707	443	192.168.2.6	18.65.25.18
Apr 28, 2025 20:22:40.827749014 CEST	443	49705	18.65.25.18	192.168.2.6
Apr 28, 2025 20:22:40.827761889 CEST	443	49705	18.65.25.18	192.168.2.6
Apr 28, 2025 20:22:40.827771902 CEST	443	49705	18.65.25.18	192.168.2.6
Apr 28, 2025 20:22:40.827781916 CEST	443	49705	18.65.25.18	192.168.2.6
Apr 28, 2025 20:22:40.827827930 CEST	49705	443	192.168.2.6	18.65.25.18
Apr 28, 2025 20:22:40.828022003 CEST	49705	443	192.168.2.6	18.65.25.18
Apr 28, 2025 20:22:40.843941927 CEST	443	49706	18.65.25.18	192.168.2.6
Apr 28, 2025 20:22:40.843952894 CEST	443	49706	18.65.25.18	192.168.2.6
Apr 28, 2025 20:22:40.844382048 CEST	443	49706	18.65.25.18	192.168.2.6
Apr 28, 2025 20:22:40.844433069 CEST	49706	443	192.168.2.6	18.65.25.18
Apr 28, 2025 20:22:40.874149084 CEST	443	49705	18.65.25.18	192.168.2.6
Apr 28, 2025 20:22:40.927733898 CEST	443	49707	18.65.25.18	192.168.2.6
Apr 28, 2025 20:22:40.927747011 CEST	443	49707	18.65.25.18	192.168.2.6
Apr 28, 2025 20:22:40.927803993 CEST	443	49707	18.65.25.18	192.168.2.6
Apr 28, 2025 20:22:40.927921057 CEST	49707	443	192.168.2.6	18.65.25.18
Apr 28, 2025 20:22:40.975954056 CEST	443	49705	18.65.25.18	192.168.2.6
Apr 28, 2025 20:22:41.102977037 CEST	443	49705	18.65.25.18	192.168.2.6
Apr 28, 2025 20:22:41.103003979 CEST	443	49705	18.65.25.18	192.168.2.6
Apr 28, 2025 20:22:41.103075981 CEST	49705	443	192.168.2.6	18.65.25.18
Apr 28, 2025 20:22:41.362992048 CEST	49708	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:41.538572073 CEST	443	49708	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:41.538671017 CEST	49708	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:41.538906097 CEST	49708	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:41.546447992 CEST	49678	443	192.168.2.6	20.42.65.91
Apr 28, 2025 20:22:41.714224100 CEST	443	49708	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:41.720007896 CEST	443	49708	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:41.720022917 CEST	443	49708	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:41.720035076 CEST	443	49708	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:41.720089912 CEST	49708	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:41.721678972 CEST	49708	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:41.721859932 CEST	49708	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:41.722017050 CEST	49708	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:41.897679090 CEST	443	49708	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:41.897710085 CEST	443	49708	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:41.897770882 CEST	49708	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:41.898050070 CEST	443	49708	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:41.898535967 CEST	49708	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:41.908473969 CEST	443	49708	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:41.908493042 CEST	443	49708	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:41.908505917 CEST	443	49708	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:41.908519030 CEST	443	49708	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:41.908554077 CEST	49708	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:41.908617973 CEST	49708	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:41.964658022 CEST	49708	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:41.964797020 CEST	49708	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:42.113893986 CEST	443	49708	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:42.139784098 CEST	443	49708	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:42.140047073 CEST	443	49708	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:42.150171041 CEST	443	49708	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:42.150186062 CEST	443	49708	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:42.150197029 CEST	443	49708	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:42.150252104 CEST	49708	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:42.152636051 CEST	443	49708	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:42.152877092 CEST	49708	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:42.463087082 CEST	49708	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:42.463149071 CEST	49708	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:42.463187933 CEST	49708	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:42.617639065 CEST	49709	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:42.639311075 CEST	443	49708	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:42.648139954 CEST	443	49708	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:42.648155928 CEST	443	49708	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:42.648169041 CEST	443	49708	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:42.648186922 CEST	443	49708	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:42.648216009 CEST	49708	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:42.648277998 CEST	49708	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:42.648822069 CEST	443	49708	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:42.665050983 CEST	49710	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:42.665400982 CEST	49708	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:42.665954113 CEST	49711	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:42.667620897 CEST	49712	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:42.739315987 CEST	49713	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:42.792699099 CEST	443	49709	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:42.792776108 CEST	49709	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:42.793045998 CEST	49709	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:42.840624094 CEST	443	49710	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:42.840893030 CEST	49710	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:42.841160059 CEST	49710	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:42.841217041 CEST	443	49711	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:42.841269016 CEST	49711	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:42.841418982 CEST	49711	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:42.842750072 CEST	443	49712	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:42.842843056 CEST	49712	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:42.842942953 CEST	49712	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:42.853928089 CEST	443	49708	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:42.853964090 CEST	443	49708	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:42.853979111 CEST	443	49708	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:42.853991985 CEST	443	49708	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:42.854022026 CEST	49708	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:42.854094028 CEST	49708	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:42.914504051 CEST	443	49713	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:42.914604902 CEST	49713	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:42.915107965 CEST	49713	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:42.970786095 CEST	443	49709	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:42.973896027 CEST	443	49709	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:42.973912001 CEST	443	49709	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:42.973925114 CEST	443	49709	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:42.973978043 CEST	49709	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:42.974395990 CEST	49709	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:42.974534988 CEST	49709	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:42.974587917 CEST	49710	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:42.974678040 CEST	49711	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:42.974740028 CEST	49712	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:42.975001097 CEST	49709	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:42.975025892 CEST	49709	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:42.975042105 CEST	49709	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:42.975076914 CEST	49709	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:43.020066977 CEST	443	49710	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:43.020083904 CEST	443	49711	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:43.020721912 CEST	443	49712	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:43.022893906 CEST	443	49711	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:43.022914886 CEST	443	49711	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:43.022928953 CEST	443	49711	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:43.022960901 CEST	49711	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:43.023051977 CEST	49711	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:43.023117065 CEST	49711	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:43.023945093 CEST	443	49710	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:43.023961067 CEST	443	49710	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:43.023998022 CEST	49710	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:43.024017096 CEST	443	49710	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:43.024056911 CEST	49710	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:43.024056911 CEST	49710	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:43.024552107 CEST	443	49712	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:43.024564981 CEST	443	49712	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:43.024575949 CEST	443	49712	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:43.024621010 CEST	49712	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:43.024621010 CEST	49712	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:43.024668932 CEST	49712	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:43.090209007 CEST	443	49713	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:43.093265057 CEST	443	49713	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:43.093280077 CEST	443	49713	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:43.093291044 CEST	443	49713	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:43.093333960 CEST	49713	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:43.093779087 CEST	49713	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:43.149621964 CEST	443	49709	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:43.150094986 CEST	443	49710	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:43.150187016 CEST	49710	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:43.150233030 CEST	443	49709	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:43.150255919 CEST	443	49711	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:43.150268078 CEST	443	49712	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:43.150307894 CEST	49711	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:43.150331020 CEST	49712	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:43.150544882 CEST	443	49709	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:43.150593996 CEST	49709	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:43.150685072 CEST	49709	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:43.150698900 CEST	443	49709	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:43.157079935 CEST	443	49709	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:43.157099009 CEST	443	49709	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:43.157111883 CEST	443	49709	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:43.157147884 CEST	49709	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:43.157180071 CEST	49709	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:43.158236027 CEST	443	49709	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:43.158250093 CEST	443	49709	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:43.158262968 CEST	443	49709	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:43.158276081 CEST	443	49709	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:43.158288956 CEST	49709	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:43.158320904 CEST	49709	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:43.269399881 CEST	443	49713	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:43.269417048 CEST	443	49713	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:43.269479990 CEST	49713	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:43.326175928 CEST	443	49709	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:43.365668058 CEST	443	49709	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:43.367325068 CEST	49709	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:45.221827030 CEST	49715	443	192.168.2.6	172.202.163.200
Apr 28, 2025 20:22:45.383522987 CEST	443	49715	172.202.163.200	192.168.2.6
Apr 28, 2025 20:22:45.383647919 CEST	49715	443	192.168.2.6	172.202.163.200
Apr 28, 2025 20:22:45.386522055 CEST	49715	443	192.168.2.6	172.202.163.200
Apr 28, 2025 20:22:45.549035072 CEST	443	49715	172.202.163.200	192.168.2.6
Apr 28, 2025 20:22:45.549052000 CEST	443	49715	172.202.163.200	192.168.2.6
Apr 28, 2025 20:22:45.549149990 CEST	49715	443	192.168.2.6	172.202.163.200
Apr 28, 2025 20:22:45.557236910 CEST	49715	443	192.168.2.6	172.202.163.200
Apr 28, 2025 20:22:45.716775894 CEST	443	49715	172.202.163.200	192.168.2.6
Apr 28, 2025 20:22:45.717319965 CEST	443	49715	172.202.163.200	192.168.2.6
Apr 28, 2025 20:22:45.717375994 CEST	49715	443	192.168.2.6	172.202.163.200
Apr 28, 2025 20:22:45.741935015 CEST	49715	443	192.168.2.6	172.202.163.200
Apr 28, 2025 20:22:45.741971016 CEST	49715	443	192.168.2.6	172.202.163.200
Apr 28, 2025 20:22:45.742502928 CEST	49715	443	192.168.2.6	172.202.163.200
Apr 28, 2025 20:22:45.900008917 CEST	443	49715	172.202.163.200	192.168.2.6
Apr 28, 2025 20:22:45.900316000 CEST	443	49715	172.202.163.200	192.168.2.6
Apr 28, 2025 20:22:45.901118040 CEST	443	49715	172.202.163.200	192.168.2.6
Apr 28, 2025 20:22:45.901144028 CEST	443	49715	172.202.163.200	192.168.2.6
Apr 28, 2025 20:22:45.901160955 CEST	49715	443	192.168.2.6	172.202.163.200
Apr 28, 2025 20:22:45.901165962 CEST	443	49715	172.202.163.200	192.168.2.6
Apr 28, 2025 20:22:45.901201963 CEST	49715	443	192.168.2.6	172.202.163.200
Apr 28, 2025 20:22:45.901232958 CEST	443	49715	172.202.163.200	192.168.2.6
Apr 28, 2025 20:22:45.901245117 CEST	443	49715	172.202.163.200	192.168.2.6
Apr 28, 2025 20:22:45.901257038 CEST	443	49715	172.202.163.200	192.168.2.6
Apr 28, 2025 20:22:45.901268959 CEST	443	49715	172.202.163.200	192.168.2.6
Apr 28, 2025 20:22:45.901281118 CEST	443	49715	172.202.163.200	192.168.2.6
Apr 28, 2025 20:22:45.901289940 CEST	49715	443	192.168.2.6	172.202.163.200
Apr 28, 2025 20:22:45.901293039 CEST	443	49715	172.202.163.200	192.168.2.6
Apr 28, 2025 20:22:45.901305914 CEST	443	49715	172.202.163.200	192.168.2.6
Apr 28, 2025 20:22:45.901328087 CEST	443	49715	172.202.163.200	192.168.2.6
Apr 28, 2025 20:22:45.901350021 CEST	49715	443	192.168.2.6	172.202.163.200
Apr 28, 2025 20:22:45.901372910 CEST	49715	443	192.168.2.6	172.202.163.200
Apr 28, 2025 20:22:46.060178041 CEST	443	49715	172.202.163.200	192.168.2.6
Apr 28, 2025 20:22:46.060197115 CEST	443	49715	172.202.163.200	192.168.2.6
Apr 28, 2025 20:22:46.060214996 CEST	443	49715	172.202.163.200	192.168.2.6
Apr 28, 2025 20:22:46.060239077 CEST	443	49715	172.202.163.200	192.168.2.6
Apr 28, 2025 20:22:46.060250998 CEST	443	49715	172.202.163.200	192.168.2.6
Apr 28, 2025 20:22:46.060261965 CEST	49715	443	192.168.2.6	172.202.163.200
Apr 28, 2025 20:22:46.060270071 CEST	443	49715	172.202.163.200	192.168.2.6
Apr 28, 2025 20:22:46.060293913 CEST	49715	443	192.168.2.6	172.202.163.200
Apr 28, 2025 20:22:46.060311079 CEST	443	49715	172.202.163.200	192.168.2.6
Apr 28, 2025 20:22:46.060323954 CEST	443	49715	172.202.163.200	192.168.2.6
Apr 28, 2025 20:22:46.060338020 CEST	49715	443	192.168.2.6	172.202.163.200
Apr 28, 2025 20:22:46.060353994 CEST	49715	443	192.168.2.6	172.202.163.200
Apr 28, 2025 20:22:46.113627911 CEST	49715	443	192.168.2.6	172.202.163.200
Apr 28, 2025 20:22:46.271791935 CEST	443	49715	172.202.163.200	192.168.2.6
Apr 28, 2025 20:22:46.271840096 CEST	49715	443	192.168.2.6	172.202.163.200
Apr 28, 2025 20:22:47.855963945 CEST	443	49708	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:47.856198072 CEST	443	49708	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:47.856261015 CEST	49708	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:47.856261015 CEST	49708	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:47.856293917 CEST	49708	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:47.856386900 CEST	443	49708	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:47.856538057 CEST	49708	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:48.031368017 CEST	443	49708	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:48.031428099 CEST	49708	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:48.192054033 CEST	443	49704	142.250.69.4	192.168.2.6
Apr 28, 2025 20:22:48.192118883 CEST	49704	443	192.168.2.6	142.250.69.4
Apr 28, 2025 20:22:48.327385902 CEST	443	49709	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:48.327657938 CEST	443	49709	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:48.327665091 CEST	49709	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:48.327701092 CEST	49709	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:48.327730894 CEST	443	49709	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:48.327765942 CEST	49709	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:48.504717112 CEST	443	49709	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:48.504765034 CEST	49709	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:48.635119915 CEST	49704	443	192.168.2.6	142.250.69.4
Apr 28, 2025 20:22:48.782738924 CEST	443	49704	142.250.69.4	192.168.2.6
Apr 28, 2025 20:22:53.343405008 CEST	49716	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:53.518785954 CEST	443	49716	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:53.518955946 CEST	49716	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:53.529397964 CEST	49716	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:53.704722881 CEST	443	49716	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:53.706192017 CEST	443	49716	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:53.711049080 CEST	49716	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:22:53.886946917 CEST	443	49716	192.185.121.155	192.168.2.6
Apr 28, 2025 20:22:53.930334091 CEST	49716	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:23:22.488086939 CEST	49717	443	192.168.2.6	172.202.163.200
Apr 28, 2025 20:23:22.647413969 CEST	443	49717	172.202.163.200	192.168.2.6
Apr 28, 2025 20:23:22.647504091 CEST	49717	443	192.168.2.6	172.202.163.200
Apr 28, 2025 20:23:22.648153067 CEST	49717	443	192.168.2.6	172.202.163.200
Apr 28, 2025 20:23:22.807214022 CEST	443	49717	172.202.163.200	192.168.2.6
Apr 28, 2025 20:23:22.807238102 CEST	443	49717	172.202.163.200	192.168.2.6
Apr 28, 2025 20:23:22.807348013 CEST	49717	443	192.168.2.6	172.202.163.200
Apr 28, 2025 20:23:22.810523987 CEST	49717	443	192.168.2.6	172.202.163.200
Apr 28, 2025 20:23:22.973196030 CEST	443	49717	172.202.163.200	192.168.2.6
Apr 28, 2025 20:23:22.973220110 CEST	443	49717	172.202.163.200	192.168.2.6
Apr 28, 2025 20:23:22.973453045 CEST	49717	443	192.168.2.6	172.202.163.200
Apr 28, 2025 20:23:22.974379063 CEST	49717	443	192.168.2.6	172.202.163.200
Apr 28, 2025 20:23:22.974534988 CEST	49717	443	192.168.2.6	172.202.163.200
Apr 28, 2025 20:23:22.974534988 CEST	49717	443	192.168.2.6	172.202.163.200
Apr 28, 2025 20:23:23.133805990 CEST	443	49717	172.202.163.200	192.168.2.6
Apr 28, 2025 20:23:23.133820057 CEST	443	49717	172.202.163.200	192.168.2.6
Apr 28, 2025 20:23:23.135035038 CEST	443	49717	172.202.163.200	192.168.2.6
Apr 28, 2025 20:23:23.135046959 CEST	443	49717	172.202.163.200	192.168.2.6
Apr 28, 2025 20:23:23.135059118 CEST	443	49717	172.202.163.200	192.168.2.6
Apr 28, 2025 20:23:23.135073900 CEST	443	49717	172.202.163.200	192.168.2.6
Apr 28, 2025 20:23:23.135087013 CEST	443	49717	172.202.163.200	192.168.2.6
Apr 28, 2025 20:23:23.135101080 CEST	443	49717	172.202.163.200	192.168.2.6
Apr 28, 2025 20:23:23.135113001 CEST	443	49717	172.202.163.200	192.168.2.6
Apr 28, 2025 20:23:23.135126114 CEST	443	49717	172.202.163.200	192.168.2.6
Apr 28, 2025 20:23:23.135132074 CEST	49717	443	192.168.2.6	172.202.163.200
Apr 28, 2025 20:23:23.135139942 CEST	443	49717	172.202.163.200	192.168.2.6
Apr 28, 2025 20:23:23.135154009 CEST	443	49717	172.202.163.200	192.168.2.6
Apr 28, 2025 20:23:23.135165930 CEST	443	49717	172.202.163.200	192.168.2.6
Apr 28, 2025 20:23:23.135178089 CEST	49717	443	192.168.2.6	172.202.163.200
Apr 28, 2025 20:23:23.135221958 CEST	49717	443	192.168.2.6	172.202.163.200
Apr 28, 2025 20:23:23.293732882 CEST	443	49717	172.202.163.200	192.168.2.6
Apr 28, 2025 20:23:23.293797016 CEST	443	49717	172.202.163.200	192.168.2.6
Apr 28, 2025 20:23:23.293834925 CEST	443	49717	172.202.163.200	192.168.2.6
Apr 28, 2025 20:23:23.293868065 CEST	443	49717	172.202.163.200	192.168.2.6
Apr 28, 2025 20:23:23.293901920 CEST	443	49717	172.202.163.200	192.168.2.6
Apr 28, 2025 20:23:23.293914080 CEST	49717	443	192.168.2.6	172.202.163.200
Apr 28, 2025 20:23:23.293914080 CEST	49717	443	192.168.2.6	172.202.163.200
Apr 28, 2025 20:23:23.293936968 CEST	443	49717	172.202.163.200	192.168.2.6
Apr 28, 2025 20:23:23.293972015 CEST	443	49717	172.202.163.200	192.168.2.6
Apr 28, 2025 20:23:23.294008017 CEST	443	49717	172.202.163.200	192.168.2.6
Apr 28, 2025 20:23:23.294025898 CEST	49717	443	192.168.2.6	172.202.163.200
Apr 28, 2025 20:23:23.294043064 CEST	443	49717	172.202.163.200	192.168.2.6
Apr 28, 2025 20:23:23.294054031 CEST	49717	443	192.168.2.6	172.202.163.200
Apr 28, 2025 20:23:23.294078112 CEST	443	49717	172.202.163.200	192.168.2.6
Apr 28, 2025 20:23:23.294111967 CEST	443	49717	172.202.163.200	192.168.2.6
Apr 28, 2025 20:23:23.294147015 CEST	443	49717	172.202.163.200	192.168.2.6
Apr 28, 2025 20:23:23.294188976 CEST	49717	443	192.168.2.6	172.202.163.200
Apr 28, 2025 20:23:23.294188976 CEST	49717	443	192.168.2.6	172.202.163.200
Apr 28, 2025 20:23:23.326351881 CEST	49717	443	192.168.2.6	172.202.163.200
Apr 28, 2025 20:23:23.485249996 CEST	443	49717	172.202.163.200	192.168.2.6
Apr 28, 2025 20:23:23.485374928 CEST	49717	443	192.168.2.6	172.202.163.200
Apr 28, 2025 20:23:25.852528095 CEST	49706	443	192.168.2.6	18.65.25.18
Apr 28, 2025 20:23:25.930526018 CEST	49707	443	192.168.2.6	18.65.25.18
Apr 28, 2025 20:23:26.000207901 CEST	443	49706	18.65.25.18	192.168.2.6
Apr 28, 2025 20:23:26.078391075 CEST	443	49707	18.65.25.18	192.168.2.6
Apr 28, 2025 20:23:26.118108988 CEST	49705	443	192.168.2.6	18.65.25.18
Apr 28, 2025 20:23:26.267838955 CEST	443	49705	18.65.25.18	192.168.2.6
Apr 28, 2025 20:23:28.274355888 CEST	49713	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:23:28.454375029 CEST	443	49713	192.185.121.155	192.168.2.6
Apr 28, 2025 20:23:36.086922884 CEST	49701	80	192.168.2.6	192.178.49.195
Apr 28, 2025 20:23:36.235025883 CEST	80	49701	192.178.49.195	192.168.2.6
Apr 28, 2025 20:23:36.235119104 CEST	49701	80	192.168.2.6	192.178.49.195
Apr 28, 2025 20:23:37.806283951 CEST	49719	443	192.168.2.6	142.250.69.4
Apr 28, 2025 20:23:37.954191923 CEST	443	49719	142.250.69.4	192.168.2.6
Apr 28, 2025 20:23:37.954427004 CEST	49719	443	192.168.2.6	142.250.69.4
Apr 28, 2025 20:23:37.954713106 CEST	49719	443	192.168.2.6	142.250.69.4
Apr 28, 2025 20:23:38.102385044 CEST	443	49719	142.250.69.4	192.168.2.6
Apr 28, 2025 20:23:38.118371964 CEST	443	49719	142.250.69.4	192.168.2.6
Apr 28, 2025 20:23:38.121277094 CEST	49719	443	192.168.2.6	142.250.69.4
Apr 28, 2025 20:23:38.273169041 CEST	443	49719	142.250.69.4	192.168.2.6
Apr 28, 2025 20:23:38.888356924 CEST	49716	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:23:39.063410997 CEST	443	49716	192.185.121.155	192.168.2.6
Apr 28, 2025 20:23:41.650553942 CEST	49706	443	192.168.2.6	18.65.25.18
Apr 28, 2025 20:23:41.650600910 CEST	49707	443	192.168.2.6	18.65.25.18
Apr 28, 2025 20:23:41.798525095 CEST	443	49706	18.65.25.18	192.168.2.6
Apr 28, 2025 20:23:41.798600912 CEST	49706	443	192.168.2.6	18.65.25.18
Apr 28, 2025 20:23:41.798829079 CEST	443	49707	18.65.25.18	192.168.2.6
Apr 28, 2025 20:23:41.798866987 CEST	49707	443	192.168.2.6	18.65.25.18
Apr 28, 2025 20:23:43.635489941 CEST	49713	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:23:43.811630011 CEST	443	49713	192.185.121.155	192.168.2.6
Apr 28, 2025 20:23:43.811703920 CEST	443	49713	192.185.121.155	192.168.2.6
Apr 28, 2025 20:23:43.811733007 CEST	49713	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:23:43.811743021 CEST	443	49713	192.185.121.155	192.168.2.6
Apr 28, 2025 20:23:43.811777115 CEST	49713	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:23:43.811804056 CEST	49713	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:23:48.155936956 CEST	443	49719	142.250.69.4	192.168.2.6
Apr 28, 2025 20:23:48.155996084 CEST	49719	443	192.168.2.6	142.250.69.4
Apr 28, 2025 20:23:48.636887074 CEST	49719	443	192.168.2.6	142.250.69.4
Apr 28, 2025 20:23:48.785044909 CEST	443	49719	142.250.69.4	192.168.2.6
Apr 28, 2025 20:23:54.636557102 CEST	49716	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:23:54.813667059 CEST	443	49716	192.185.121.155	192.168.2.6
Apr 28, 2025 20:23:54.813688993 CEST	443	49716	192.185.121.155	192.168.2.6
Apr 28, 2025 20:23:54.813745975 CEST	443	49716	192.185.121.155	192.168.2.6
Apr 28, 2025 20:23:54.813816071 CEST	49716	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:23:54.813816071 CEST	49716	443	192.168.2.6	192.185.121.155
Apr 28, 2025 20:23:54.813857079 CEST	49716	443	192.168.2.6	192.185.121.155

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 28, 2025 20:22:34.533205032 CEST	53	50839	1.1.1.1	192.168.2.6
Apr 28, 2025 20:22:34.598530054 CEST	53	51859	1.1.1.1	192.168.2.6
Apr 28, 2025 20:22:35.561592102 CEST	53	50455	1.1.1.1	192.168.2.6
Apr 28, 2025 20:22:37.745007992 CEST	53072	53	192.168.2.6	1.1.1.1
Apr 28, 2025 20:22:37.745323896 CEST	60226	53	192.168.2.6	1.1.1.1
Apr 28, 2025 20:22:37.885690928 CEST	53	53072	1.1.1.1	192.168.2.6
Apr 28, 2025 20:22:37.886151075 CEST	53	60226	1.1.1.1	192.168.2.6
Apr 28, 2025 20:22:40.216188908 CEST	64790	53	192.168.2.6	1.1.1.1
Apr 28, 2025 20:22:40.216340065 CEST	60147	53	192.168.2.6	1.1.1.1
Apr 28, 2025 20:22:40.362457991 CEST	53	60147	1.1.1.1	192.168.2.6
Apr 28, 2025 20:22:40.377994061 CEST	53	64790	1.1.1.1	192.168.2.6
Apr 28, 2025 20:22:41.109294891 CEST	52829	53	192.168.2.6	1.1.1.1
Apr 28, 2025 20:22:41.109639883 CEST	59717	53	192.168.2.6	1.1.1.1
Apr 28, 2025 20:22:41.352791071 CEST	53	59717	1.1.1.1	192.168.2.6
Apr 28, 2025 20:22:41.362278938 CEST	53	52829	1.1.1.1	192.168.2.6
Apr 28, 2025 20:22:42.475300074 CEST	51042	53	192.168.2.6	1.1.1.1
Apr 28, 2025 20:22:42.475500107 CEST	59404	53	192.168.2.6	1.1.1.1
Apr 28, 2025 20:22:42.616717100 CEST	53	51042	1.1.1.1	192.168.2.6
Apr 28, 2025 20:22:42.616856098 CEST	53	59404	1.1.1.1	192.168.2.6
Apr 28, 2025 20:22:52.478630066 CEST	53	55214	1.1.1.1	192.168.2.6
Apr 28, 2025 20:23:11.540930986 CEST	53	51710	1.1.1.1	192.168.2.6
Apr 28, 2025 20:23:20.674021006 CEST	138	138	192.168.2.6	192.168.2.255
Apr 28, 2025 20:23:33.953869104 CEST	53	59549	1.1.1.1	192.168.2.6
Apr 28, 2025 20:23:34.088140965 CEST	53	58142	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 28, 2025 20:22:37.745007992 CEST	192.168.2.6	1.1.1.1	0x1b42	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 28, 2025 20:22:37.745323896 CEST	192.168.2.6	1.1.1.1	0xd806	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 28, 2025 20:22:40.216188908 CEST	192.168.2.6	1.1.1.1	0x8d4c	Standard query (0)	clickme.thryv.com	A (IP address)	IN (0x0001)	false
Apr 28, 2025 20:22:40.216340065 CEST	192.168.2.6	1.1.1.1	0xa640	Standard query (0)	clickme.thryv.com	65	IN (0x0001)	false
Apr 28, 2025 20:22:41.109294891 CEST	192.168.2.6	1.1.1.1	0x2322	Standard query (0)	dreadpiratedragon.com	A (IP address)	IN (0x0001)	false
Apr 28, 2025 20:22:41.109639883 CEST	192.168.2.6	1.1.1.1	0x4e64	Standard query (0)	dreadpiratedragon.com	65	IN (0x0001)	false
Apr 28, 2025 20:22:42.475300074 CEST	192.168.2.6	1.1.1.1	0x202b	Standard query (0)	dreadpiratedragon.com	A (IP address)	IN (0x0001)	false
Apr 28, 2025 20:22:42.475500107 CEST	192.168.2.6	1.1.1.1	0x1538	Standard query (0)	dreadpiratedragon.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 28, 2025 20:22:37.885690928 CEST	1.1.1.1	192.168.2.6	0x1b42	No error (0)	www.google.com		142.250.69.4	A (IP address)	IN (0x0001)	false
Apr 28, 2025 20:22:37.886151075 CEST	1.1.1.1	192.168.2.6	0xd806	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 28, 2025 20:22:40.362457991 CEST	1.1.1.1	192.168.2.6	0xa640	No error (0)	clickme.thryv.com	d1rsqi0l6b7evg.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 28, 2025 20:22:40.377994061 CEST	1.1.1.1	192.168.2.6	0x8d4c	No error (0)	clickme.thryv.com	d1rsqi0l6b7evg.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 28, 2025 20:22:40.377994061 CEST	1.1.1.1	192.168.2.6	0x8d4c	No error (0)	d1rsqi0l6b7evg.cloudfront.net		18.65.25.18	A (IP address)	IN (0x0001)	false
Apr 28, 2025 20:22:40.377994061 CEST	1.1.1.1	192.168.2.6	0x8d4c	No error (0)	d1rsqi0l6b7evg.cloudfront.net		18.65.25.55	A (IP address)	IN (0x0001)	false
Apr 28, 2025 20:22:40.377994061 CEST	1.1.1.1	192.168.2.6	0x8d4c	No error (0)	d1rsqi0l6b7evg.cloudfront.net		18.65.25.60	A (IP address)	IN (0x0001)	false
Apr 28, 2025 20:22:40.377994061 CEST	1.1.1.1	192.168.2.6	0x8d4c	No error (0)	d1rsqi0l6b7evg.cloudfront.net		18.65.25.118	A (IP address)	IN (0x0001)	false
Apr 28, 2025 20:22:41.362278938 CEST	1.1.1.1	192.168.2.6	0x2322	No error (0)	dreadpiratedragon.com		192.185.121.155	A (IP address)	IN (0x0001)	false
Apr 28, 2025 20:22:42.616717100 CEST	1.1.1.1	192.168.2.6	0x202b	No error (0)	dreadpiratedragon.com		192.185.121.155	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

c.pki.goog

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.6	49701	192.178.49.195	80

Timestamp	Bytes transferred	Direction	Data
Apr 28, 2025 20:22:35.769143105 CEST	200	OUT	GET /r/r4.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Apr 28, 2025 20:22:35.920149088 CEST	1242	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="cacerts" Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]} Content-Length: 530 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Mon, 28 Apr 2025 18:20:42 GMT Expires: Mon, 28 Apr 2025 19:10:42 GMT Cache-Control: public, max-age=3000 Age: 113 Last-Modified: Thu, 03 Apr 2025 14:18:00 GMT Content-Type: application/pkix-crl Vary: Accept-Encoding Data Raw: 30 82 02 0e 30 82 01 93 02 01 01 30 0a 06 08 2a 86 48 ce 3d 04 03 03 30 47 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 22 30 20 06 03 55 04 0a 13 19 47 6f 6f 67 6c 65 20 54 72 75 73 74 20 53 65 72 76 69 63 65 73 20 4c 4c 43 31 14 30 12 06 03 55 04 03 13 0b 47 54 53 20 52 6f 6f 74 20 52 34 17 0d 32 35 30 34 30 33 30 38 30 30 30 30 5a 17 0d 32 36 30 32 32 38 30 37 35 39 35 39 5a 30 81 e9 30 2f 02 10 6e 47 a9 ce 4f 46 c2 3d e2 49 ea cc 38 94 53 73 17 0d 31 39 30 39 33 30 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 01 f0 9c 5b 70 05 a6 dc 86 e2 f9 9e f3 17 0d 32 30 30 31 33 31 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 01 fe a5 81 44 7e 3b fd 3b b8 1c 24 98 17 0d 32 33 30 36 31 33 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 02 16 68 25 e1 70 04 40 61 24 91 f5 40 17 0d 32 35 30 34 30 33 30 38 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 02 00 8e b2 58 e7 b5 94 0c 1f f9 00 44 17 0d 32 35 30 [TRUNCATED] Data Ascii: 000H=0G10UUS1"0 UGoogle Trust Services LLC10UGTS Root R4250403080000Z260228075959Z00/nGOF=I8Ss190930000000Z00U0,[p200131000000Z00U0,D~;;$230613000000Z00U0,h%p@a$@250403080000Z00U0,XD250403080000Z00U/0-0U0U#0LtI6>j0H=i0f1>2en:IN@g=;bQZ~`NX1?^4y[$\4{;$zDeU6O

HTTPS Connections

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Apr 28, 2025 20:22:38.199167967 CEST	142.250.69.4	443	192.168.2.6	49704	CN=www.google.com CN=WE2, O=Google Trust Services, C=US CN=GTS Root R4, O=Google Trust Services LLC, C=US	CN=WE2, O=Google Trust Services, C=US CN=GTS Root R4, O=Google Trust Services LLC, C=US CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE	Mon Mar 31 10:56:27 CEST 2025 Wed Dec 13 10:00:00 CET 2023 Wed Nov 15 04:43:21 CET 2023	Mon Jun 23 10:56:26 CEST 2025 Tue Feb 20 15:00:00 CET 2029 Fri Jan 28 01:00:42 CET 2028	771,49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-10-13-65281-5-23-27-35-18-16-11,29-23-24,0	79acd086da6b0918ce6a69cc19f68c3c
					CN=WE2, O=Google Trust Services, C=US	CN=GTS Root R4, O=Google Trust Services LLC, C=US	Wed Dec 13 10:00:00 CET 2023	Tue Feb 20 15:00:00 CET 2029
					CN=GTS Root R4, O=Google Trust Services LLC, C=US	CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE	Wed Nov 15 04:43:21 CET 2023	Fri Jan 28 01:00:42 CET 2028
Apr 28, 2025 20:22:40.676354885 CEST	18.65.25.18	443	192.168.2.6	49705	CN=clickme.thryv.com CN=Amazon RSA 2048 M03, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Amazon RSA 2048 M03, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Sat Jun 08 02:00:00 CEST 2024 Wed Aug 24 00:26:04 CEST 2022 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009	Mon Jul 07 01:59:59 CEST 2025 Sat Aug 24 00:26:04 CEST 2030 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034	771,49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,11-65281-27-0-23-5-35-10-16-13-18,29-23-24,0	fd467de2cd0e1fd8b34b4cbd48b1e1b1
					CN=Amazon RSA 2048 M03, O=Amazon, C=US	CN=Amazon Root CA 1, O=Amazon, C=US	Wed Aug 24 00:26:04 CEST 2022	Sat Aug 24 00:26:04 CEST 2030
					CN=Amazon Root CA 1, O=Amazon, C=US	CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	Mon May 25 14:00:00 CEST 2015	Thu Dec 31 02:00:00 CET 2037
					CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Wed Sep 02 02:00:00 CEST 2009	Wed Jun 28 19:39:16 CEST 2034
Apr 28, 2025 20:22:40.694302082 CEST	18.65.25.18	443	192.168.2.6	49706	CN=clickme.thryv.com CN=Amazon RSA 2048 M03, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Amazon RSA 2048 M03, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Sat Jun 08 02:00:00 CEST 2024 Wed Aug 24 00:26:04 CEST 2022 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009	Mon Jul 07 01:59:59 CEST 2025 Sat Aug 24 00:26:04 CEST 2030 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034	771,49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,16-0-11-10-65281-27-5-13-23-18-35,29-23-24,0	937571ac561f65e8edd90beaa4d39b27
					CN=Amazon RSA 2048 M03, O=Amazon, C=US	CN=Amazon Root CA 1, O=Amazon, C=US	Wed Aug 24 00:26:04 CEST 2022	Sat Aug 24 00:26:04 CEST 2030
					CN=Amazon Root CA 1, O=Amazon, C=US	CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	Mon May 25 14:00:00 CEST 2015	Thu Dec 31 02:00:00 CET 2037
					CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Wed Sep 02 02:00:00 CEST 2009	Wed Jun 28 19:39:16 CEST 2034
Apr 28, 2025 20:22:40.778614998 CEST	18.65.25.18	443	192.168.2.6	49707	CN=clickme.thryv.com CN=Amazon RSA 2048 M03, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Amazon RSA 2048 M03, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Sat Jun 08 02:00:00 CEST 2024 Wed Aug 24 00:26:04 CEST 2022 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009	Mon Jul 07 01:59:59 CEST 2025 Sat Aug 24 00:26:04 CEST 2030 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034	771,49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-65281-18-5-16-27-10-35-23-13-11,29-23-24,0	58a7531ac329fda61d272a2405578365
					CN=Amazon RSA 2048 M03, O=Amazon, C=US	CN=Amazon Root CA 1, O=Amazon, C=US	Wed Aug 24 00:26:04 CEST 2022	Sat Aug 24 00:26:04 CEST 2030
					CN=Amazon Root CA 1, O=Amazon, C=US	CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	Mon May 25 14:00:00 CEST 2015	Thu Dec 31 02:00:00 CET 2037
					CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Wed Sep 02 02:00:00 CEST 2009	Wed Jun 28 19:39:16 CEST 2034
Apr 28, 2025 20:22:41.720035076 CEST	192.185.121.155	443	192.168.2.6	49708	CN=dreadpiratedragon.com CN=R10, O=Let's Encrypt, C=US	CN=R10, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US	Sat Mar 22 12:49:24 CET 2025 Wed Mar 13 01:00:00 CET 2024	Fri Jun 20 13:49:23 CEST 2025 Sat Mar 13 00:59:59 CET 2027	771,49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,5-18-65281-16-0-23-35-27-10-11-13,29-23-24,0	ec2fc3b39717dcf2a478c2fe213c8b88
Apr 28, 2025 20:22:41.720035076 CEST	192.185.121.155	443	192.168.2.6	49708	CN=R10, O=Let's Encrypt, C=US	CN=ISRG Root X1, O=Internet Security Research Group, C=US	Wed Mar 13 01:00:00 CET 2024	Sat Mar 13 00:59:59 CET 2027		ec2fc3b39717dcf2a478c2fe213c8b88
Apr 28, 2025 20:22:42.973925114 CEST	192.185.121.155	443	192.168.2.6	49709	CN=dreadpiratedragon.com CN=R10, O=Let's Encrypt, C=US	CN=R10, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US	Sat Mar 22 12:49:24 CET 2025 Wed Mar 13 01:00:00 CET 2024	Fri Jun 20 13:49:23 CEST 2025 Sat Mar 13 00:59:59 CET 2027	771,49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,65281-10-0-18-16-13-5-27-11-23-35,29-23-24,0	05cd0546e40b99ca4f8b503a279cf8cd
Apr 28, 2025 20:22:42.973925114 CEST	192.185.121.155	443	192.168.2.6	49709	CN=R10, O=Let's Encrypt, C=US	CN=ISRG Root X1, O=Internet Security Research Group, C=US	Wed Mar 13 01:00:00 CET 2024	Sat Mar 13 00:59:59 CET 2027		05cd0546e40b99ca4f8b503a279cf8cd
Apr 28, 2025 20:22:43.022928953 CEST	192.185.121.155	443	192.168.2.6	49711	CN=dreadpiratedragon.com CN=R10, O=Let's Encrypt, C=US	CN=R10, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US	Sat Mar 22 12:49:24 CET 2025 Wed Mar 13 01:00:00 CET 2024	Fri Jun 20 13:49:23 CEST 2025 Sat Mar 13 00:59:59 CET 2027	771,49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,23-10-0-65281-5-35-27-13-11-16-18,29-23-24,0	af06b38b85d3f0a679ef347952cf3ed3
Apr 28, 2025 20:22:43.022928953 CEST	192.185.121.155	443	192.168.2.6	49711	CN=R10, O=Let's Encrypt, C=US	CN=ISRG Root X1, O=Internet Security Research Group, C=US	Wed Mar 13 01:00:00 CET 2024	Sat Mar 13 00:59:59 CET 2027		af06b38b85d3f0a679ef347952cf3ed3
Apr 28, 2025 20:22:43.024017096 CEST	192.185.121.155	443	192.168.2.6	49710	CN=dreadpiratedragon.com CN=R10, O=Let's Encrypt, C=US	CN=R10, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US	Sat Mar 22 12:49:24 CET 2025 Wed Mar 13 01:00:00 CET 2024	Fri Jun 20 13:49:23 CEST 2025 Sat Mar 13 00:59:59 CET 2027	771,49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,23-27-13-5-11-18-65281-0-10-16-35,29-23-24,0	fd5198cba0e81c657e530d9b0bc9fa80
Apr 28, 2025 20:22:43.024017096 CEST	192.185.121.155	443	192.168.2.6	49710	CN=R10, O=Let's Encrypt, C=US	CN=ISRG Root X1, O=Internet Security Research Group, C=US	Wed Mar 13 01:00:00 CET 2024	Sat Mar 13 00:59:59 CET 2027		fd5198cba0e81c657e530d9b0bc9fa80
Apr 28, 2025 20:22:43.024575949 CEST	192.185.121.155	443	192.168.2.6	49712	CN=dreadpiratedragon.com CN=R10, O=Let's Encrypt, C=US	CN=R10, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US	Sat Mar 22 12:49:24 CET 2025 Wed Mar 13 01:00:00 CET 2024	Fri Jun 20 13:49:23 CEST 2025 Sat Mar 13 00:59:59 CET 2027	771,49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,18-11-10-65281-5-16-27-35-0-23-13,29-23-24,0	95950ccb973f267352aefd6cd8f1cab9
Apr 28, 2025 20:22:43.024575949 CEST	192.185.121.155	443	192.168.2.6	49712	CN=R10, O=Let's Encrypt, C=US	CN=ISRG Root X1, O=Internet Security Research Group, C=US	Wed Mar 13 01:00:00 CET 2024	Sat Mar 13 00:59:59 CET 2027		95950ccb973f267352aefd6cd8f1cab9
Apr 28, 2025 20:22:43.093291044 CEST	192.185.121.155	443	192.168.2.6	49713	CN=dreadpiratedragon.com CN=R10, O=Let's Encrypt, C=US	CN=R10, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US	Sat Mar 22 12:49:24 CET 2025 Wed Mar 13 01:00:00 CET 2024	Fri Jun 20 13:49:23 CEST 2025 Sat Mar 13 00:59:59 CET 2027	771,49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-16-35-13-18-23-65281-27-10-5-11,29-23-24,0	265af1d2bdacf1101d3c0befe767ce7d
Apr 28, 2025 20:22:43.093291044 CEST	192.185.121.155	443	192.168.2.6	49713	CN=R10, O=Let's Encrypt, C=US	CN=ISRG Root X1, O=Internet Security Research Group, C=US	Wed Mar 13 01:00:00 CET 2024	Sat Mar 13 00:59:59 CET 2027		265af1d2bdacf1101d3c0befe767ce7d

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

Target ID:	1
Start time:	14:22:29
Start date:	28/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff63b000000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	14:22:32
Start date:	28/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1980,i,11718107789620206541,6931811344591321819,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2008 /prefetch:3
Imagebase:	0x7ff63b000000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	6
Start time:	14:22:39
Start date:	28/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://clickme.thryv.com/ls/click?upn=u001.riIXj-2FK9449T8JPCKPEBGl7md7eSLoaMD-2FecZnz-2BWDJq4zY5WLup-2Frvbd1WDLSEr3pyLZbFbrlzTtDKDGGnJXA-3D-3DFP6L_jzclrAiO28PBUU1ZLf2yC1YJEF5Rt8zDnz4yKbEuFqXf3c0fVOhzL2fXxOYix3CjCrzlLwoIPSXb9PavK50mtpdK-2FWF7thydb3q6E5ptEQici6-2FjXDBSYHl5N6-2FtCG0egLwOtm2qkg4ep64aTiSO4gpUJEi0OPKPHBjhHalHr4xXyWDsO-2Bd5Hm1QCTFxyzNc8yeTWjFDz4TvWKhDDplNgoJGIsUyVTJPZz7RYwZors8SJkRZ-2BEjrbeKaOAuL-2BV23lb0rcvtDcF9W6EPaS6PPFlcJb4pmi8NXkbBGTJ9lmClb1YKN0fJzSav8qw3cx8E-2BFbgPNa3X-2BwvoYJ-2BC9tZKtuitHAQkCJ6Db03ysCt2aG0-3D#Cjami.bogle@coastalfinanceco.com"
Imagebase:	0x7ff63b000000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 57

Chrome Cache Entry: 58

Chrome Cache Entry: 59

Chrome Cache Entry: 60

Chrome Cache Entry: 61

Chrome Cache Entry: 62

Chrome Cache Entry: 63

Chrome Cache Entry: 64

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Connections

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 3952, Parent PID: 368

General

File Activities

File Opened

File Created