Edit tour

Windows Analysis Report
PO#150623.html

Overview

General Information

Sample name:	PO#150623.html
Analysis ID:	1523599
MD5:	6b3be25530c0dcd4e4aea188e8e3e22c
SHA1:	4e054a8eb5687aa473e82ce9172667f088d73483
SHA256:	b38f81508623bbea36427906922014b617506704b5ebe3a76aae920c72ca2d4d
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

HTML document with suspicious name

HTML file submission containing password form

Detected hidden input values containing email addresses (often used in phishing pages)

Detected non-DNS traffic on DNS port

HTML body contains low number of good links

HTML title does not match URL

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

None HTTPS page querying sensitive user data (password, username or email)

Suspicious form URL found

Classification

Process Tree

System is w10x64

chrome.exe (PID: 4432 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\PO#150623.html" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2908 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 --field-trial-handle=2252,i,2106847254082382091,4944369899380202969,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: PO#150623.html

HTTP Parser: sc@attestationlegale.fr

Source: PO#150623.html	HTTP Parser: Number of links: 0
Source: file:///C:/Users/user/Desktop/PO%23150623.html	HTTP Parser: Number of links: 0

Source: PO#150623.html	HTTP Parser: Title: Shared File does not match URL
Source: file:///C:/Users/user/Desktop/PO%23150623.html	HTTP Parser: Title: Shared File does not match URL

Source: file:///C:/Users/user/Desktop/PO%23150623.html

HTTP Parser: Has password / email / username input fields

Source: PO#150623.html	HTTP Parser: Form action: https://grupopfp.com.br/exc.php
Source: file:///C:/Users/user/Desktop/PO%23150623.html	HTTP Parser: Form action: https://grupopfp.com.br/exc.php

Source: PO#150623.html	HTTP Parser: <input type="password" .../> found
Source: file:///C:/Users/user/Desktop/PO%23150623.html	HTTP Parser: <input type="password" .../> found

Source: PO#150623.html	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/PO%23150623.html	HTTP Parser: No favicon

Source: PO#150623.html	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/PO%23150623.html	HTTP Parser: No <meta name="author".. found

Source: PO#150623.html	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/PO%23150623.html	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:63220 version: TLS 1.2

Source: global traffic	TCP traffic: 192.168.2.4:63216 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.4:60407 -> 1.1.1.1:53

Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View	IP Address: 104.18.24.163 104.18.24.163

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.57.41
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.57.41
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197

Source: global traffic	HTTP traffic detected: GET /843426683ddbd46030d521670badac8c.jpg HTTP/1.1Host: i.gyazo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /40a8327b4278a35bc0c3d6a6d1a4a52d.png HTTP/1.1Host: i.gyazo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /40a8327b4278a35bc0c3d6a6d1a4a52d.png HTTP/1.1Host: i.gyazo.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: Gyazo_cfwoker=i
Source: global traffic	HTTP traffic detected: GET /843426683ddbd46030d521670badac8c.jpg HTTP/1.1Host: i.gyazo.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: Gyazo_cfwoker=i
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=A5oXPEzC8sWrgDY&MD=PgsMh2+o HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=A5oXPEzC8sWrgDY&MD=PgsMh2+o HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: i.gyazo.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: PO#150623.html	String found in binary or memory: https://grupopfp.com.br/exc.php
Source: PO#150623.html	String found in binary or memory: https://i.gyazo.com/40a8327b4278a35bc0c3d6a6d1a4a52d.png
Source: PO#150623.html	String found in binary or memory: https://i.gyazo.com/843426683ddbd46030d521670badac8c.jpg);

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 63220 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63220
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown	Network traffic detected: HTTP traffic on port 63219 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63219
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:63220 version: TLS 1.2

System Summary

HTML document with suspicious name

Source: Name includes: PO#150623.html

Initial sample: po#

Source: classification engine

Classification label: mal48.phis.winHTML@29/6@6/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\PO#150623.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 --field-trial-handle=2252,i,2106847254082382091,4944369899380202969,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 --field-trial-handle=2252,i,2106847254082382091,4944369899380202969,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Stealing of Sensitive Information

HTML file submission containing password form

Source: file:///C:/Users/user/Desktop/PO%23150623.html

HTTP Parser: file:///C:/Users/user/Desktop/PO%23150623.html

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Obfuscated Files or Information	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
i.gyazo.com	104.18.24.163	true	false	unknown
www.google.com	142.250.186.68	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown

Contacted URLs

Name	Malicious	Reputation
file:///C:/Users/user/Desktop/PO%23150623.html	true	unknown
https://i.gyazo.com/843426683ddbd46030d521670badac8c.jpg	false	unknown
https://i.gyazo.com/40a8327b4278a35bc0c3d6a6d1a4a52d.png	false	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://grupopfp.com.br/exc.php	PO#150623.html	false		unknown
https://i.gyazo.com/843426683ddbd46030d521670badac8c.jpg);	PO#150623.html	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.68	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.18.24.163	i.gyazo.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.4
192.168.2.5

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1523599
Start date and time:	2024-10-01 20:25:04 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 23s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowshtmlcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	PO#150623.html
Detection:	MAL
Classification:	mal48.phis.winHTML@29/6@6/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .html

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 74.125.71.84, 216.58.206.46, 172.217.18.3, 34.104.35.123, 172.217.18.106, 142.250.184.234, 142.250.184.202, 142.250.185.234, 142.250.186.74, 216.58.206.42, 142.250.185.74, 142.250.185.106, 216.58.212.138, 142.250.186.138, 172.217.16.138, 142.250.181.234, 142.250.185.202, 142.250.185.138, 216.58.206.74, 142.250.185.170, 217.20.57.34, 199.232.210.172, 192.229.221.95, 40.69.42.241, 20.242.39.171, 142.250.185.131, 142.250.184.238
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, update.googleapis.com, clients.l.google.com, optimizationguide-pa.googleapis.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: PO#150623.html

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Input	Output
URL: file:///C:/Users/user/Desktop/PO%23150623.html Model: jbxai	{ "brand":["Excel"], "contains_trigger_text":true, "trigger_text":"To view shared file, Please verify your Email.", "prominent_button_name":"View File Content", "text_input_field_labels":["sc@attestationlegale.fr", "Enter Password"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

Input

Output

URL: file:///C:/Users/user/Desktop/PO%23150623.html Model: jbxai

{
"brand":["Excel"],
"contains_trigger_text":true,
"trigger_text":"To view shared file,
 Please verify your Email.",
"prominent_button_name":"View File Content",
"text_input_field_labels":["sc@attestationlegale.fr",
"Enter Password"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
239.255.255.250	https://finalstepgetshere.com/uploads/beta111.zip	Get hash	malicious	LummaC, Go Injector, LummaC Stealer	Browse
	Translink_rishi.vasandani_Advice81108.pdf	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Credential Flusher	Browse
	https://finalstepgetshere.com/uploads/beta9.zip	Get hash	malicious	LummaC	Browse
	https://hwvtu.us17.list-manage.com/track/click?u=b34582412f60404066a5f49b0&id=a034dac789&e=6353042e9a	Get hash	malicious	Unknown	Browse
	http://innerglowjourney.com	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Credential Flusher	Browse
	moba-24.2-installer_M64ZB-1.exe	Get hash	malicious	PureLog Stealer	Browse
	Audio_Msg..00299229202324Transcript.html	Get hash	malicious	Unknown	Browse
	https://bit.ly/4eqfXtg	Get hash	malicious	Unknown	Browse
104.18.24.163	https://ipfs.io/ipfs/QmUcxG9XYwfiVnjaf6ugfmt6iPHAdNuk7o3cqDa64AYtKB	Get hash	malicious	HTMLPhisher	Browse
	Booking Order 09022024.html	Get hash	malicious	Unknown	Browse
	https://ipfs.io/ipfs/QmbCxGWWLA3Aw5YJsqtZrD2qzLaDToHxHy1ctA1LgutVJi?filename=pxl.html	Get hash	malicious	HTMLPhisher	Browse
	https://vitinhhoangkhang.net/.well-known/pki-validation/content/newkorea.html	Get hash	malicious	Unknown	Browse
	https://pub-76c623e95ea84e6cb2978f3311321b22.r2.dev/qiye.html	Get hash	malicious	HTMLPhisher	Browse
	https://berajpaints.com.pk/tag/dolor/	Get hash	malicious	Unknown	Browse
	https://k-trade-hub.vercel.app/?web=kdjung3@hdel.co.kr	Get hash	malicious	Unknown	Browse
	https://buy-korea-online.vercel.app/?web=th.park@hdel.co.kr	Get hash	malicious	Unknown	Browse
	http://pub-de070dc664904ed28782265ba717e609.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse
	http://pub-51281a8f3dca408099fab1bcf70f2ddd.r2.dev/index.html	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
i.gyazo.com	https://ipfs.io/ipfs/QmUcxG9XYwfiVnjaf6ugfmt6iPHAdNuk7o3cqDa64AYtKB	Get hash	malicious	HTMLPhisher	Browse	104.18.25.163
	Booking Order 09022024.html	Get hash	malicious	Unknown	Browse	104.18.24.163
	https://ipfs.io/ipfs/QmbCxGWWLA3Aw5YJsqtZrD2qzLaDToHxHy1ctA1LgutVJi?filename=pxl.html	Get hash	malicious	HTMLPhisher	Browse	104.18.24.163
	https://vitinhhoangkhang.net/.well-known/pki-validation/content/newkorea.html	Get hash	malicious	Unknown	Browse	104.18.24.163
	https://mijnicscardactiveren.com/nl-start/66b5f40a2de05	Get hash	malicious	Unknown	Browse	104.18.25.163
	https://pub-76c623e95ea84e6cb2978f3311321b22.r2.dev/qiye.html	Get hash	malicious	HTMLPhisher	Browse	104.18.24.163
	https://berajpaints.com.pk/tag/dolor/	Get hash	malicious	Unknown	Browse	104.18.24.163
	https://k-trade-hub.vercel.app/?web=kdjung3@hdel.co.kr	Get hash	malicious	Unknown	Browse	104.18.25.163
	https://buy-korea-online.vercel.app/?web=th.park@hdel.co.kr	Get hash	malicious	Unknown	Browse	104.18.25.163
	http://pub-de070dc664904ed28782265ba717e609.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse	104.18.25.163
fp2e7a.wpc.phicdn.net	https://hwvtu.us17.list-manage.com/track/click?u=b34582412f60404066a5f49b0&id=a034dac789&e=6353042e9a	Get hash	malicious	Unknown	Browse	192.229.221.95
	http://innerglowjourney.com	Get hash	malicious	Unknown	Browse	192.229.221.95
	https://bit.ly/4eqfXtg	Get hash	malicious	Unknown	Browse	192.229.221.95
	https://debelfor.com/	Get hash	malicious	Unknown	Browse	192.229.221.95
	https://k7qo.sarnerholz.cam/APRjVfmk	Get hash	malicious	Unknown	Browse	192.229.221.95
	https://0.pwsinc.shop/?MKPT=Inc	Get hash	malicious	Captcha Phish	Browse	192.229.221.95
	https://pt9w4x.nauleacepr.com/9QLzRhIr/#Ygovernment.relations@rolls-royce.com	Get hash	malicious	HTMLPhisher	Browse	192.229.221.95
	https://swissquotech.com/swissquote-2024.zip	Get hash	malicious	Phisher	Browse	192.229.221.95
	He6pI1bhcA.exe	Get hash	malicious	ScreenConnect Tool	Browse	192.229.221.95
	5eRyCYRR9y.exe	Get hash	malicious	ScreenConnect Tool	Browse	192.229.221.95

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	Google_Chrome.exe	Get hash	malicious	LummaC	Browse	172.67.209.193
	https://finalstepgetshere.com/uploads/beta111.zip	Get hash	malicious	LummaC, Go Injector, LummaC Stealer	Browse	172.67.209.193
	Translink_rishi.vasandani_Advice81108.pdf	Get hash	malicious	Unknown	Browse	104.18.42.178
	https://hwvtu.us17.list-manage.com/track/click?u=b34582412f60404066a5f49b0&id=a034dac789&e=6353042e9a	Get hash	malicious	Unknown	Browse	104.18.69.40
	upd_9686786.exe	Get hash	malicious	Unknown	Browse	172.67.178.253
	Prismifyr-Install.exe	Get hash	malicious	Node Stealer	Browse	172.67.74.152
	Prismifyr-Install.exe	Get hash	malicious	Node Stealer	Browse	104.26.12.205
	moba-24.2-installer_M64ZB-1.exe	Get hash	malicious	PureLog Stealer	Browse	104.22.74.216
	Audio_Msg..00299229202324Transcript.html	Get hash	malicious	Unknown	Browse	104.17.25.14
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	172.67.183.74

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	https://finalstepgetshere.com/uploads/beta111.zip	Get hash	malicious	LummaC, Go Injector, LummaC Stealer	Browse	4.175.87.197 184.28.90.27
	Translink_rishi.vasandani_Advice81108.pdf	Get hash	malicious	Unknown	Browse	4.175.87.197 184.28.90.27
	file.exe	Get hash	malicious	Credential Flusher	Browse	4.175.87.197 184.28.90.27
	https://finalstepgetshere.com/uploads/beta9.zip	Get hash	malicious	LummaC	Browse	4.175.87.197 184.28.90.27
	https://hwvtu.us17.list-manage.com/track/click?u=b34582412f60404066a5f49b0&id=a034dac789&e=6353042e9a	Get hash	malicious	Unknown	Browse	4.175.87.197 184.28.90.27
	http://innerglowjourney.com	Get hash	malicious	Unknown	Browse	4.175.87.197 184.28.90.27
	file.exe	Get hash	malicious	Credential Flusher	Browse	4.175.87.197 184.28.90.27
	https://bit.ly/4eqfXtg	Get hash	malicious	Unknown	Browse	4.175.87.197 184.28.90.27
	$R3ET6JM.htm	Get hash	malicious	Unknown	Browse	4.175.87.197 184.28.90.27
	https://k7qo.sarnerholz.cam/APRjVfmk	Get hash	malicious	Unknown	Browse	4.175.87.197 184.28.90.27

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 127

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 300 x 168, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	2676
Entropy (8bit):	7.823715424910269
Encrypted:	false
SSDEEP:	48:bcKkD+2QtFrnHtUG30zhodaLBm0HV4G5bumPSlqVr2uu3bUiaUFxWg:4KawHSGEGG5bI4zuPtQg
MD5:	40A8327B4278A35BC0C3D6A6D1A4A52D
SHA1:	F5D640B55C2D074E8E64D47DFE143A037E2E1CFC
SHA-256:	5E7B2B91F4CC0AC24DF3040C2A9E0A21E9B85212222ABF0A33B64ABF53AF8714
SHA-512:	65228C1856D94F3712088DAF1CA7AB69A6F338401097769C4F3CE670ED188571E20DEF441ACE3B38EAA61C4368B0FD331470D42BED7854C9D66DAA06AA7330CB
Malicious:	false
Reputation:	low
URL:	https://i.gyazo.com/40a8327b4278a35bc0c3d6a6d1a4a52d.png
Preview:	.PNG........IHDR...,.........m.#=....PLTE..9.....5...>.Z..(x....$..4....1.\|...+....}......@........KC.bV.oM.i...................t.}..i..........I...r....R`.y.z..q.5.WZ.s...9.s.....IDATx....8..!.A....n.....7...A......3s."!..$.J.6..................................l.]....X....f..+..B...q{.,L...J....T...4..be.7&.K..@......Hc...S......n..q.2...N1...........C...P..bM.o7.U. .y...XE..R.O3.\..2.......@,......@.'."...<;.......V9 V.?,..zo@..$..K........Q.{.# ...7..$ ..n}.X..N.?B,.X7sX.jT.#.f.....+r.7...<.jGb......a...OX\|.X?".N.J...vJ.Q.i6L.......H3.7..._...5.7..&H......w.m..`..O.t7\....W.q.2b..>....lZ#;3........,...[.]........./w.'8....:p.z..[^.Rb..Pd...R.a.X!....O_LI..a.e.&t.pO....Yb!.u]'.HI...z.Ft.S...f.\W...o...X6..h..\2,L....44..*..Xm.Jd/...t..>V.b9m..N.L....Xm.......]o.q\|5+...:....O$Q..b..8u..9..+2.7...V.._.......vW....:V...v....z.,9.,.ly.%..iA.......nHD..JA..onb9.<I.q'...!}-..T.kG..V,./.^.....9....8>......[...T..\3#.<.......a.Sa.U.X.-B^qGtG\?[..k

Chrome Cache Entry: 128

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 236x334, components 3
Category:	dropped
Size (bytes):	9905
Entropy (8bit):	7.87271845518893
Encrypted:	false
SSDEEP:	192:e/6666666ItMqe14O4uOFDm2QSZvTL1v4jX4PZ3a2BRRRRtkD+Qh6eZ2Y4j88cP:JKFDLQwvf1+XWaVaQhuYWQ
MD5:	843426683DDBD46030D521670BADAC8C
SHA1:	4D4971173E0B041C6C8E2C992621923B48F8A4D7
SHA-256:	5E649EB08D4C278C612D9664D9272E64CA6D22F17456C917F2857043DF9E7FE1
SHA-512:	A023A37B5335E05457D304989C9FABD3F9BE4AE81B483E1AF4097D896E6D8843F5B474F8A510BE337AEF30A312F0C41C86BDD80C87A86C44AD7AFAE536CCC892
Malicious:	false
Reputation:	low
Preview:	......JFIF.....H.H.....C.....................................%...#... , #&'))..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......N....".........................................................................P.....O.......\|..t.......#.#..."......h.............`a..-...);.[U..W\..)..K...fN..8;eHh........_f>"o..._..Vn..T..1d...nO..O..]q........J.s>.7.v.B9k.wg......vZU..E.O......-C.G~U..).:.j.[T....b............Z...+.d\|.^...%c6-[f.:..Y[..w...R.U.j...6......f....[.h.j..V.c&n%5..X.k.P.S.h.....z..Q..h..U.'.S.....K.N..H6._.......,.'%{Um....jV.../~.`E,G2.)........,.....{...V.X..R.s,R......9...hW.\..k5. E,G2.)........,.....{...V.X..R.s,R......9...hW.\..k5. E,D..th.5N..........~].'....>....~z.M.nM.".....v.=.R......(,HM..OjiT..f..{.'_?..^a.o...[Q..\|..s....3o......3;..!.\|..H1.}...pR....................;.o>{\|..........'XbX.................?...*...........................30.12. !#@"`$................lo....~.".....X,..uIQ....)?.

Chrome Cache Entry: 129

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 300 x 168, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	2676
Entropy (8bit):	7.823715424910269
Encrypted:	false
SSDEEP:	48:bcKkD+2QtFrnHtUG30zhodaLBm0HV4G5bumPSlqVr2uu3bUiaUFxWg:4KawHSGEGG5bI4zuPtQg
MD5:	40A8327B4278A35BC0C3D6A6D1A4A52D
SHA1:	F5D640B55C2D074E8E64D47DFE143A037E2E1CFC
SHA-256:	5E7B2B91F4CC0AC24DF3040C2A9E0A21E9B85212222ABF0A33B64ABF53AF8714
SHA-512:	65228C1856D94F3712088DAF1CA7AB69A6F338401097769C4F3CE670ED188571E20DEF441ACE3B38EAA61C4368B0FD331470D42BED7854C9D66DAA06AA7330CB
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...,.........m.#=....PLTE..9.....5...>.Z..(x....$..4....1.\|...+....}......@........KC.bV.oM.i...................t.}..i..........I...r....R`.y.z..q.5.WZ.s...9.s.....IDATx....8..!.A....n.....7...A......3s."!..$.J.6..................................l.]....X....f..+..B...q{.,L...J....T...4..be.7&.K..@......Hc...S......n..q.2...N1...........C...P..bM.o7.U. .y...XE..R.O3.\..2.......@,......@.'."...<;.......V9 V.?,..zo@..$..K........Q.{.# ...7..$ ..n}.X..N.?B,.X7sX.jT.#.f.....+r.7...<.jGb......a...OX\|.X?".N.J...vJ.Q.i6L.......H3.7..._...5.7..&H......w.m..`..O.t7\....W.q.2b..>....lZ#;3........,...[.]........./w.'8....:p.z..[^.Rb..Pd...R.a.X!....O_LI..a.e.&t.pO....Yb!.u]'.HI...z.Ft.S...f.\W...o...X6..h..\2,L....44..*..Xm.Jd/...t..>V.b9m..N.L....Xm.......]o.q\|5+...:....O$Q..b..8u..9..+2.7...V.._.......vW....:V...v....z.,9.,.ly.%..iA.......nHD..JA..onb9.<I.q'...!}-..T.kG..V,./.^.....9....8>......[...T..\3#.<.......a.Sa.U.X.-B^qGtG\?[..k

Chrome Cache Entry: 130

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 236x334, components 3
Category:	downloaded
Size (bytes):	9905
Entropy (8bit):	7.87271845518893
Encrypted:	false
SSDEEP:	192:e/6666666ItMqe14O4uOFDm2QSZvTL1v4jX4PZ3a2BRRRRtkD+Qh6eZ2Y4j88cP:JKFDLQwvf1+XWaVaQhuYWQ
MD5:	843426683DDBD46030D521670BADAC8C
SHA1:	4D4971173E0B041C6C8E2C992621923B48F8A4D7
SHA-256:	5E649EB08D4C278C612D9664D9272E64CA6D22F17456C917F2857043DF9E7FE1
SHA-512:	A023A37B5335E05457D304989C9FABD3F9BE4AE81B483E1AF4097D896E6D8843F5B474F8A510BE337AEF30A312F0C41C86BDD80C87A86C44AD7AFAE536CCC892
Malicious:	false
Reputation:	low
URL:	https://i.gyazo.com/843426683ddbd46030d521670badac8c.jpg
Preview:	......JFIF.....H.H.....C.....................................%...#... , #&'))..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......N....".........................................................................P.....O.......\|..t.......#.#..."......h.............`a..-...);.[U..W\..)..K...fN..8;eHh........_f>"o..._..Vn..T..1d...nO..O..]q........J.s>.7.v.B9k.wg......vZU..E.O......-C.G~U..).:.j.[T....b............Z...+.d\|.^...%c6-[f.:..Y[..w...R.U.j...6......f....[.h.j..V.c&n%5..X.k.P.S.h.....z..Q..h..U.'.S.....K.N..H6._.......,.'%{Um....jV.../~.`E,G2.)........,.....{...V.X..R.s,R......9...hW.\..k5. E,G2.)........,.....{...V.X..R.s,R......9...hW.\..k5. E,D..th.5N..........~].'....>....~z.M.nM.".....v.=.R......(,HM..OjiT..f..{.'_?..^a.o...[Q..\|..s....3o......3;..!.\|..H1.}...pR....................;.o>{\|..........'XbX.................?...*...........................30.12. !#@"`$................lo....~.".....X,..uIQ....)?.

Static File Info

General

File type:	HTML document, ASCII text, with CRLF line terminators
Entropy (8bit):	5.1206454942030675
TrID:	HyperText Markup Language (11501/1) 65.69% HyperText Markup Language (6006/1) 34.31%
File name:	PO#150623.html
File size:	4'434 bytes
MD5:	6b3be25530c0dcd4e4aea188e8e3e22c
SHA1:	4e054a8eb5687aa473e82ce9172667f088d73483
SHA256:	b38f81508623bbea36427906922014b617506704b5ebe3a76aae920c72ca2d4d
SHA512:	c96d047cb66b0d44c82b7ef6e0b349e69748b3d9d0be3cbb1e4f5a10171538218e8fa991c94b27858281787e558208044bbe7d08b28c2300ae7a309d22e84950
SSDEEP:	96:n7NTZVLQFlqqBA8mWmCkojUhQGvoQMmbmC:/VLQFlqqBA8tObBiC
TLSH:	6291217095C05815E6BA0565B3017FC7EED180E303AA17143A9F3B5FAFEA8B04A5738A
File Content Preview:	<html>..<head>.. <meta name="viewport" content="width=device-width, initial-scale=1">.. <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />.. <title>Shared File </title>.... <style>..body, html { height: 100%;margin: 0; font-family: Arial, He

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 1, 2024 20:26:03.884259939 CEST	49675	443	192.168.2.4	173.222.162.32
Oct 1, 2024 20:26:05.438920975 CEST	49733	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:05.439013958 CEST	443	49733	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:05.439045906 CEST	49734	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:05.439064980 CEST	443	49734	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:05.439090967 CEST	49733	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:05.439155102 CEST	49734	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:05.439672947 CEST	49734	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:05.439707041 CEST	443	49734	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:05.440212011 CEST	49733	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:05.440237045 CEST	443	49733	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:05.677565098 CEST	49735	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:05.677637100 CEST	443	49735	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:05.677733898 CEST	49735	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:05.678006887 CEST	49735	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:05.678037882 CEST	443	49735	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:05.685543060 CEST	49736	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:05.685591936 CEST	443	49736	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:05.685662985 CEST	49736	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:05.685848951 CEST	49736	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:05.685866117 CEST	443	49736	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:05.973289967 CEST	443	49733	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:05.973643064 CEST	49733	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:05.973683119 CEST	443	49733	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:05.975234985 CEST	443	49733	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:05.975297928 CEST	49733	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:05.975378990 CEST	443	49734	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:05.978841066 CEST	49734	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:05.978856087 CEST	443	49734	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:05.979020119 CEST	49733	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:05.979096889 CEST	443	49733	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:05.980521917 CEST	443	49734	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:05.980580091 CEST	49734	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:05.980643988 CEST	49733	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:05.980659008 CEST	443	49733	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:05.983221054 CEST	49734	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:05.983314037 CEST	443	49734	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:05.983736992 CEST	49734	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:05.983750105 CEST	443	49734	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:06.036139965 CEST	49733	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:06.036211967 CEST	49734	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:06.139894009 CEST	443	49734	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:06.141855001 CEST	443	49734	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:06.141930103 CEST	49734	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:06.141951084 CEST	443	49734	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:06.142008066 CEST	49734	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:06.148638964 CEST	49734	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:06.148699999 CEST	443	49734	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:06.156438112 CEST	443	49736	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:06.160180092 CEST	49736	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:06.160218000 CEST	443	49736	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:06.161633968 CEST	443	49736	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:06.161695957 CEST	49736	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:06.162381887 CEST	49736	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:06.162462950 CEST	443	49736	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:06.173405886 CEST	443	49733	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:06.173429966 CEST	443	49735	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:06.173451900 CEST	443	49733	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:06.173485041 CEST	443	49733	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:06.173499107 CEST	49733	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:06.173523903 CEST	443	49733	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:06.173567057 CEST	443	49733	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:06.173583984 CEST	49733	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:06.173599005 CEST	443	49733	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:06.173638105 CEST	443	49733	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:06.173645020 CEST	49733	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:06.173656940 CEST	443	49733	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:06.173706055 CEST	49733	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:06.173718929 CEST	443	49733	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:06.173738003 CEST	443	49733	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:06.173779011 CEST	49733	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:06.174165964 CEST	49735	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:06.174222946 CEST	443	49735	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:06.175693989 CEST	443	49735	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:06.175770998 CEST	49735	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:06.177048922 CEST	49735	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:06.177138090 CEST	443	49735	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:06.177162886 CEST	49733	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:06.177180052 CEST	443	49733	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:06.230200052 CEST	49735	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:06.230240107 CEST	443	49735	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:06.259887934 CEST	49736	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:06.259917021 CEST	443	49736	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:06.276793003 CEST	49735	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:06.367799044 CEST	49736	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:06.571873903 CEST	49740	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:06.571906090 CEST	443	49740	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:06.572067976 CEST	49740	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:06.572519064 CEST	49741	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:06.572557926 CEST	443	49741	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:06.572663069 CEST	49741	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:06.572885036 CEST	49741	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:06.572900057 CEST	443	49741	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:06.573033094 CEST	49740	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:06.573049068 CEST	443	49740	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:07.048022985 CEST	443	49740	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:07.049432993 CEST	49740	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:07.049458027 CEST	443	49740	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:07.050856113 CEST	443	49740	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:07.050936937 CEST	49740	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:07.051245928 CEST	49740	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:07.051321030 CEST	443	49740	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:07.051403046 CEST	49740	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:07.079710960 CEST	443	49741	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:07.081290960 CEST	49741	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:07.081311941 CEST	443	49741	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:07.082717896 CEST	443	49741	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:07.082781076 CEST	49741	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:07.083086014 CEST	49741	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:07.083163977 CEST	443	49741	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:07.083200932 CEST	49741	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:07.099406958 CEST	443	49740	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:07.101958990 CEST	49740	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:07.101969004 CEST	443	49740	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:07.127398014 CEST	443	49741	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:07.148880005 CEST	49740	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:07.164366007 CEST	49741	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:07.164375067 CEST	443	49741	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:07.215934038 CEST	443	49740	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:07.215993881 CEST	443	49740	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:07.216051102 CEST	49740	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:07.216072083 CEST	443	49740	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:07.217052937 CEST	443	49740	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:07.217112064 CEST	49740	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:07.218048096 CEST	49740	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:07.218060970 CEST	443	49740	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:07.242417097 CEST	443	49741	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:07.242592096 CEST	49741	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:07.242609978 CEST	443	49741	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:07.243688107 CEST	443	49741	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:07.243752003 CEST	49741	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:07.243760109 CEST	443	49741	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:07.246428967 CEST	443	49741	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:07.246478081 CEST	443	49741	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:07.246491909 CEST	49741	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:07.246499062 CEST	443	49741	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:07.246556997 CEST	49741	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:07.246562958 CEST	443	49741	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:07.246577978 CEST	443	49741	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:07.246625900 CEST	49741	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:07.246761084 CEST	49741	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:07.246774912 CEST	443	49741	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:09.884340048 CEST	49745	443	192.168.2.4	142.250.186.68
Oct 1, 2024 20:26:09.884390116 CEST	443	49745	142.250.186.68	192.168.2.4
Oct 1, 2024 20:26:09.884450912 CEST	49745	443	192.168.2.4	142.250.186.68
Oct 1, 2024 20:26:09.884926081 CEST	49745	443	192.168.2.4	142.250.186.68
Oct 1, 2024 20:26:09.884942055 CEST	443	49745	142.250.186.68	192.168.2.4
Oct 1, 2024 20:26:10.238584995 CEST	49746	443	192.168.2.4	184.28.90.27
Oct 1, 2024 20:26:10.238681078 CEST	443	49746	184.28.90.27	192.168.2.4
Oct 1, 2024 20:26:10.238955975 CEST	49746	443	192.168.2.4	184.28.90.27
Oct 1, 2024 20:26:10.245111942 CEST	49746	443	192.168.2.4	184.28.90.27
Oct 1, 2024 20:26:10.245146990 CEST	443	49746	184.28.90.27	192.168.2.4
Oct 1, 2024 20:26:10.538867950 CEST	443	49745	142.250.186.68	192.168.2.4
Oct 1, 2024 20:26:10.539570093 CEST	49745	443	192.168.2.4	142.250.186.68
Oct 1, 2024 20:26:10.539593935 CEST	443	49745	142.250.186.68	192.168.2.4
Oct 1, 2024 20:26:10.541016102 CEST	443	49745	142.250.186.68	192.168.2.4
Oct 1, 2024 20:26:10.541146994 CEST	49745	443	192.168.2.4	142.250.186.68
Oct 1, 2024 20:26:10.544112921 CEST	49745	443	192.168.2.4	142.250.186.68
Oct 1, 2024 20:26:10.544189930 CEST	443	49745	142.250.186.68	192.168.2.4
Oct 1, 2024 20:26:10.589121103 CEST	49745	443	192.168.2.4	142.250.186.68
Oct 1, 2024 20:26:10.589128017 CEST	443	49745	142.250.186.68	192.168.2.4
Oct 1, 2024 20:26:10.635289907 CEST	49745	443	192.168.2.4	142.250.186.68
Oct 1, 2024 20:26:10.891299963 CEST	443	49746	184.28.90.27	192.168.2.4
Oct 1, 2024 20:26:10.891488075 CEST	49746	443	192.168.2.4	184.28.90.27
Oct 1, 2024 20:26:10.895509005 CEST	49746	443	192.168.2.4	184.28.90.27
Oct 1, 2024 20:26:10.895535946 CEST	443	49746	184.28.90.27	192.168.2.4
Oct 1, 2024 20:26:10.895937920 CEST	443	49746	184.28.90.27	192.168.2.4
Oct 1, 2024 20:26:10.933403015 CEST	49746	443	192.168.2.4	184.28.90.27
Oct 1, 2024 20:26:10.975441933 CEST	443	49746	184.28.90.27	192.168.2.4
Oct 1, 2024 20:26:11.162311077 CEST	443	49746	184.28.90.27	192.168.2.4
Oct 1, 2024 20:26:11.162389040 CEST	443	49746	184.28.90.27	192.168.2.4
Oct 1, 2024 20:26:11.162527084 CEST	49746	443	192.168.2.4	184.28.90.27
Oct 1, 2024 20:26:11.162600994 CEST	443	49746	184.28.90.27	192.168.2.4
Oct 1, 2024 20:26:11.162635088 CEST	49746	443	192.168.2.4	184.28.90.27
Oct 1, 2024 20:26:11.162635088 CEST	49746	443	192.168.2.4	184.28.90.27
Oct 1, 2024 20:26:11.162656069 CEST	443	49746	184.28.90.27	192.168.2.4
Oct 1, 2024 20:26:11.162672997 CEST	443	49746	184.28.90.27	192.168.2.4
Oct 1, 2024 20:26:11.347706079 CEST	49747	443	192.168.2.4	184.28.90.27
Oct 1, 2024 20:26:11.347806931 CEST	443	49747	184.28.90.27	192.168.2.4
Oct 1, 2024 20:26:11.347883940 CEST	49747	443	192.168.2.4	184.28.90.27
Oct 1, 2024 20:26:11.348450899 CEST	49747	443	192.168.2.4	184.28.90.27
Oct 1, 2024 20:26:11.348479033 CEST	443	49747	184.28.90.27	192.168.2.4
Oct 1, 2024 20:26:12.004439116 CEST	443	49747	184.28.90.27	192.168.2.4
Oct 1, 2024 20:26:12.004544020 CEST	49747	443	192.168.2.4	184.28.90.27
Oct 1, 2024 20:26:12.007824898 CEST	49747	443	192.168.2.4	184.28.90.27
Oct 1, 2024 20:26:12.007852077 CEST	443	49747	184.28.90.27	192.168.2.4
Oct 1, 2024 20:26:12.008213997 CEST	443	49747	184.28.90.27	192.168.2.4
Oct 1, 2024 20:26:12.011163950 CEST	49747	443	192.168.2.4	184.28.90.27
Oct 1, 2024 20:26:12.055393934 CEST	443	49747	184.28.90.27	192.168.2.4
Oct 1, 2024 20:26:12.306327105 CEST	443	49747	184.28.90.27	192.168.2.4
Oct 1, 2024 20:26:12.306380033 CEST	443	49747	184.28.90.27	192.168.2.4
Oct 1, 2024 20:26:12.306718111 CEST	49747	443	192.168.2.4	184.28.90.27
Oct 1, 2024 20:26:12.307328939 CEST	49747	443	192.168.2.4	184.28.90.27
Oct 1, 2024 20:26:12.307328939 CEST	49747	443	192.168.2.4	184.28.90.27
Oct 1, 2024 20:26:12.307370901 CEST	443	49747	184.28.90.27	192.168.2.4
Oct 1, 2024 20:26:12.307413101 CEST	443	49747	184.28.90.27	192.168.2.4
Oct 1, 2024 20:26:14.994004965 CEST	49672	443	192.168.2.4	173.222.162.32
Oct 1, 2024 20:26:14.994081020 CEST	443	49672	173.222.162.32	192.168.2.4
Oct 1, 2024 20:26:17.736236095 CEST	80	49723	217.20.57.41	192.168.2.4
Oct 1, 2024 20:26:17.736368895 CEST	49723	80	192.168.2.4	217.20.57.41
Oct 1, 2024 20:26:17.736438036 CEST	49723	80	192.168.2.4	217.20.57.41
Oct 1, 2024 20:26:17.741235971 CEST	80	49723	217.20.57.41	192.168.2.4
Oct 1, 2024 20:26:19.626657009 CEST	49751	443	192.168.2.4	4.175.87.197
Oct 1, 2024 20:26:19.626676083 CEST	443	49751	4.175.87.197	192.168.2.4
Oct 1, 2024 20:26:19.626740932 CEST	49751	443	192.168.2.4	4.175.87.197
Oct 1, 2024 20:26:19.627973080 CEST	49751	443	192.168.2.4	4.175.87.197
Oct 1, 2024 20:26:19.627985001 CEST	443	49751	4.175.87.197	192.168.2.4
Oct 1, 2024 20:26:20.409986973 CEST	443	49751	4.175.87.197	192.168.2.4
Oct 1, 2024 20:26:20.410197020 CEST	49751	443	192.168.2.4	4.175.87.197
Oct 1, 2024 20:26:20.444704056 CEST	443	49745	142.250.186.68	192.168.2.4
Oct 1, 2024 20:26:20.444802046 CEST	443	49745	142.250.186.68	192.168.2.4
Oct 1, 2024 20:26:20.444885015 CEST	49745	443	192.168.2.4	142.250.186.68
Oct 1, 2024 20:26:20.447912931 CEST	49751	443	192.168.2.4	4.175.87.197
Oct 1, 2024 20:26:20.447925091 CEST	443	49751	4.175.87.197	192.168.2.4
Oct 1, 2024 20:26:20.448177099 CEST	443	49751	4.175.87.197	192.168.2.4
Oct 1, 2024 20:26:20.492412090 CEST	49751	443	192.168.2.4	4.175.87.197
Oct 1, 2024 20:26:21.054588079 CEST	443	49736	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:21.054651022 CEST	443	49736	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:21.054934978 CEST	49736	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:21.072684050 CEST	443	49735	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:21.072750092 CEST	443	49735	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:21.072824955 CEST	49735	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:21.194817066 CEST	49736	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:21.194829941 CEST	49735	443	192.168.2.4	104.18.24.163
Oct 1, 2024 20:26:21.194835901 CEST	443	49736	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:21.194890022 CEST	443	49735	104.18.24.163	192.168.2.4
Oct 1, 2024 20:26:21.195005894 CEST	49745	443	192.168.2.4	142.250.186.68
Oct 1, 2024 20:26:21.195024967 CEST	443	49745	142.250.186.68	192.168.2.4
Oct 1, 2024 20:26:32.700862885 CEST	49724	80	192.168.2.4	199.232.214.172
Oct 1, 2024 20:26:32.706111908 CEST	80	49724	199.232.214.172	192.168.2.4
Oct 1, 2024 20:26:32.706178904 CEST	49724	80	192.168.2.4	199.232.214.172
Oct 1, 2024 20:26:35.035319090 CEST	49751	443	192.168.2.4	4.175.87.197
Oct 1, 2024 20:26:35.075416088 CEST	443	49751	4.175.87.197	192.168.2.4
Oct 1, 2024 20:26:35.299180031 CEST	443	49751	4.175.87.197	192.168.2.4
Oct 1, 2024 20:26:35.299201012 CEST	443	49751	4.175.87.197	192.168.2.4
Oct 1, 2024 20:26:35.299206972 CEST	443	49751	4.175.87.197	192.168.2.4
Oct 1, 2024 20:26:35.299263954 CEST	443	49751	4.175.87.197	192.168.2.4
Oct 1, 2024 20:26:35.299284935 CEST	49751	443	192.168.2.4	4.175.87.197
Oct 1, 2024 20:26:35.299324036 CEST	443	49751	4.175.87.197	192.168.2.4
Oct 1, 2024 20:26:35.299338102 CEST	443	49751	4.175.87.197	192.168.2.4
Oct 1, 2024 20:26:35.299350977 CEST	49751	443	192.168.2.4	4.175.87.197
Oct 1, 2024 20:26:35.299372911 CEST	49751	443	192.168.2.4	4.175.87.197
Oct 1, 2024 20:26:35.299393892 CEST	49751	443	192.168.2.4	4.175.87.197
Oct 1, 2024 20:26:35.304014921 CEST	443	49751	4.175.87.197	192.168.2.4
Oct 1, 2024 20:26:35.304085970 CEST	49751	443	192.168.2.4	4.175.87.197
Oct 1, 2024 20:26:35.304094076 CEST	443	49751	4.175.87.197	192.168.2.4
Oct 1, 2024 20:26:35.304105043 CEST	443	49751	4.175.87.197	192.168.2.4
Oct 1, 2024 20:26:35.304143906 CEST	49751	443	192.168.2.4	4.175.87.197
Oct 1, 2024 20:26:35.807657003 CEST	49751	443	192.168.2.4	4.175.87.197
Oct 1, 2024 20:26:35.807678938 CEST	443	49751	4.175.87.197	192.168.2.4
Oct 1, 2024 20:26:35.807738066 CEST	49751	443	192.168.2.4	4.175.87.197
Oct 1, 2024 20:26:35.807744026 CEST	443	49751	4.175.87.197	192.168.2.4
Oct 1, 2024 20:26:46.829473019 CEST	63216	53	192.168.2.4	1.1.1.1
Oct 1, 2024 20:26:46.834326029 CEST	53	63216	1.1.1.1	192.168.2.4
Oct 1, 2024 20:26:46.834402084 CEST	63216	53	192.168.2.4	1.1.1.1
Oct 1, 2024 20:26:46.834477901 CEST	63216	53	192.168.2.4	1.1.1.1
Oct 1, 2024 20:26:46.839276075 CEST	53	63216	1.1.1.1	192.168.2.4
Oct 1, 2024 20:26:47.283233881 CEST	53	63216	1.1.1.1	192.168.2.4
Oct 1, 2024 20:26:47.293174028 CEST	63216	53	192.168.2.4	1.1.1.1
Oct 1, 2024 20:26:47.300405025 CEST	53	63216	1.1.1.1	192.168.2.4
Oct 1, 2024 20:26:47.300508022 CEST	63216	53	192.168.2.4	1.1.1.1
Oct 1, 2024 20:27:09.934050083 CEST	63219	443	192.168.2.4	142.250.186.68
Oct 1, 2024 20:27:09.934134960 CEST	443	63219	142.250.186.68	192.168.2.4
Oct 1, 2024 20:27:09.934211969 CEST	63219	443	192.168.2.4	142.250.186.68
Oct 1, 2024 20:27:09.934604883 CEST	63219	443	192.168.2.4	142.250.186.68
Oct 1, 2024 20:27:09.934639931 CEST	443	63219	142.250.186.68	192.168.2.4
Oct 1, 2024 20:27:10.588361025 CEST	443	63219	142.250.186.68	192.168.2.4
Oct 1, 2024 20:27:10.588706970 CEST	63219	443	192.168.2.4	142.250.186.68
Oct 1, 2024 20:27:10.588742971 CEST	443	63219	142.250.186.68	192.168.2.4
Oct 1, 2024 20:27:10.589086056 CEST	443	63219	142.250.186.68	192.168.2.4
Oct 1, 2024 20:27:10.589421034 CEST	63219	443	192.168.2.4	142.250.186.68
Oct 1, 2024 20:27:10.589507103 CEST	443	63219	142.250.186.68	192.168.2.4
Oct 1, 2024 20:27:10.633544922 CEST	63219	443	192.168.2.4	142.250.186.68
Oct 1, 2024 20:27:12.216104984 CEST	63220	443	192.168.2.4	4.175.87.197
Oct 1, 2024 20:27:12.216131926 CEST	443	63220	4.175.87.197	192.168.2.4
Oct 1, 2024 20:27:12.216296911 CEST	63220	443	192.168.2.4	4.175.87.197
Oct 1, 2024 20:27:12.216613054 CEST	63220	443	192.168.2.4	4.175.87.197
Oct 1, 2024 20:27:12.216626883 CEST	443	63220	4.175.87.197	192.168.2.4
Oct 1, 2024 20:27:12.999835014 CEST	443	63220	4.175.87.197	192.168.2.4
Oct 1, 2024 20:27:12.999933958 CEST	63220	443	192.168.2.4	4.175.87.197
Oct 1, 2024 20:27:13.004021883 CEST	63220	443	192.168.2.4	4.175.87.197
Oct 1, 2024 20:27:13.004029036 CEST	443	63220	4.175.87.197	192.168.2.4
Oct 1, 2024 20:27:13.004285097 CEST	443	63220	4.175.87.197	192.168.2.4
Oct 1, 2024 20:27:13.013520956 CEST	63220	443	192.168.2.4	4.175.87.197
Oct 1, 2024 20:27:13.059403896 CEST	443	63220	4.175.87.197	192.168.2.4
Oct 1, 2024 20:27:13.334203959 CEST	443	63220	4.175.87.197	192.168.2.4
Oct 1, 2024 20:27:13.334225893 CEST	443	63220	4.175.87.197	192.168.2.4
Oct 1, 2024 20:27:13.334255934 CEST	443	63220	4.175.87.197	192.168.2.4
Oct 1, 2024 20:27:13.334290981 CEST	63220	443	192.168.2.4	4.175.87.197
Oct 1, 2024 20:27:13.334297895 CEST	443	63220	4.175.87.197	192.168.2.4
Oct 1, 2024 20:27:13.334331989 CEST	63220	443	192.168.2.4	4.175.87.197
Oct 1, 2024 20:27:13.334378004 CEST	63220	443	192.168.2.4	4.175.87.197
Oct 1, 2024 20:27:13.335037947 CEST	443	63220	4.175.87.197	192.168.2.4
Oct 1, 2024 20:27:13.335083961 CEST	443	63220	4.175.87.197	192.168.2.4
Oct 1, 2024 20:27:13.335107088 CEST	63220	443	192.168.2.4	4.175.87.197
Oct 1, 2024 20:27:13.335110903 CEST	443	63220	4.175.87.197	192.168.2.4
Oct 1, 2024 20:27:13.335128069 CEST	63220	443	192.168.2.4	4.175.87.197
Oct 1, 2024 20:27:13.335300922 CEST	443	63220	4.175.87.197	192.168.2.4
Oct 1, 2024 20:27:13.335377932 CEST	63220	443	192.168.2.4	4.175.87.197
Oct 1, 2024 20:27:13.339476109 CEST	63220	443	192.168.2.4	4.175.87.197
Oct 1, 2024 20:27:13.339476109 CEST	63220	443	192.168.2.4	4.175.87.197
Oct 1, 2024 20:27:13.339490891 CEST	443	63220	4.175.87.197	192.168.2.4
Oct 1, 2024 20:27:13.339500904 CEST	443	63220	4.175.87.197	192.168.2.4
Oct 1, 2024 20:27:20.267512083 CEST	60407	53	192.168.2.4	1.1.1.1
Oct 1, 2024 20:27:20.272404909 CEST	53	60407	1.1.1.1	192.168.2.4
Oct 1, 2024 20:27:20.272476912 CEST	60407	53	192.168.2.4	1.1.1.1
Oct 1, 2024 20:27:20.272533894 CEST	60407	53	192.168.2.4	1.1.1.1
Oct 1, 2024 20:27:20.277257919 CEST	53	60407	1.1.1.1	192.168.2.4
Oct 1, 2024 20:27:20.507683992 CEST	443	63219	142.250.186.68	192.168.2.4
Oct 1, 2024 20:27:20.507735968 CEST	443	63219	142.250.186.68	192.168.2.4
Oct 1, 2024 20:27:20.507952929 CEST	63219	443	192.168.2.4	142.250.186.68
Oct 1, 2024 20:27:20.736382961 CEST	53	60407	1.1.1.1	192.168.2.4
Oct 1, 2024 20:27:20.736808062 CEST	60407	53	192.168.2.4	1.1.1.1
Oct 1, 2024 20:27:20.741974115 CEST	53	60407	1.1.1.1	192.168.2.4
Oct 1, 2024 20:27:20.742073059 CEST	60407	53	192.168.2.4	1.1.1.1
Oct 1, 2024 20:27:21.653987885 CEST	63219	443	192.168.2.4	142.250.186.68
Oct 1, 2024 20:27:21.654078007 CEST	443	63219	142.250.186.68	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 1, 2024 20:26:05.114706039 CEST	53	54647	1.1.1.1	192.168.2.4
Oct 1, 2024 20:26:05.192281008 CEST	53	61863	1.1.1.1	192.168.2.4
Oct 1, 2024 20:26:05.421866894 CEST	53643	53	192.168.2.4	1.1.1.1
Oct 1, 2024 20:26:05.422084093 CEST	62382	53	192.168.2.4	1.1.1.1
Oct 1, 2024 20:26:05.432473898 CEST	53	53643	1.1.1.1	192.168.2.4
Oct 1, 2024 20:26:05.434142113 CEST	53	62382	1.1.1.1	192.168.2.4
Oct 1, 2024 20:26:06.557600975 CEST	62565	53	192.168.2.4	1.1.1.1
Oct 1, 2024 20:26:06.557753086 CEST	62688	53	192.168.2.4	1.1.1.1
Oct 1, 2024 20:26:06.567689896 CEST	53	62565	1.1.1.1	192.168.2.4
Oct 1, 2024 20:26:06.571257114 CEST	53	62688	1.1.1.1	192.168.2.4
Oct 1, 2024 20:26:06.592592955 CEST	53	59631	1.1.1.1	192.168.2.4
Oct 1, 2024 20:26:09.874434948 CEST	64237	53	192.168.2.4	1.1.1.1
Oct 1, 2024 20:26:09.875046015 CEST	53044	53	192.168.2.4	1.1.1.1
Oct 1, 2024 20:26:09.881581068 CEST	53	64237	1.1.1.1	192.168.2.4
Oct 1, 2024 20:26:09.883224964 CEST	53	53044	1.1.1.1	192.168.2.4
Oct 1, 2024 20:26:17.489392042 CEST	53	60061	1.1.1.1	192.168.2.4
Oct 1, 2024 20:26:17.657646894 CEST	138	138	192.168.2.4	192.168.2.255
Oct 1, 2024 20:26:23.577225924 CEST	53	65330	1.1.1.1	192.168.2.4
Oct 1, 2024 20:26:42.782532930 CEST	53	59379	1.1.1.1	192.168.2.4
Oct 1, 2024 20:26:46.828744888 CEST	53	51073	1.1.1.1	192.168.2.4
Oct 1, 2024 20:27:04.944859982 CEST	53	53464	1.1.1.1	192.168.2.4
Oct 1, 2024 20:27:20.267074108 CEST	53	49964	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 1, 2024 20:26:05.421866894 CEST	192.168.2.4	1.1.1.1	0x2a53	Standard query (0)	i.gyazo.com	A (IP address)	IN (0x0001)	false
Oct 1, 2024 20:26:05.422084093 CEST	192.168.2.4	1.1.1.1	0x1ffd	Standard query (0)	i.gyazo.com	65	IN (0x0001)	false
Oct 1, 2024 20:26:06.557600975 CEST	192.168.2.4	1.1.1.1	0x8404	Standard query (0)	i.gyazo.com	A (IP address)	IN (0x0001)	false
Oct 1, 2024 20:26:06.557753086 CEST	192.168.2.4	1.1.1.1	0x63d0	Standard query (0)	i.gyazo.com	65	IN (0x0001)	false
Oct 1, 2024 20:26:09.874434948 CEST	192.168.2.4	1.1.1.1	0x48bc	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 1, 2024 20:26:09.875046015 CEST	192.168.2.4	1.1.1.1	0x6748	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 1, 2024 20:26:05.432473898 CEST	1.1.1.1	192.168.2.4	0x2a53	No error (0)	i.gyazo.com		104.18.24.163	A (IP address)	IN (0x0001)	false
Oct 1, 2024 20:26:05.432473898 CEST	1.1.1.1	192.168.2.4	0x2a53	No error (0)	i.gyazo.com		104.18.25.163	A (IP address)	IN (0x0001)	false
Oct 1, 2024 20:26:05.434142113 CEST	1.1.1.1	192.168.2.4	0x1ffd	No error (0)	i.gyazo.com			65	IN (0x0001)	false
Oct 1, 2024 20:26:06.567689896 CEST	1.1.1.1	192.168.2.4	0x8404	No error (0)	i.gyazo.com		104.18.24.163	A (IP address)	IN (0x0001)	false
Oct 1, 2024 20:26:06.567689896 CEST	1.1.1.1	192.168.2.4	0x8404	No error (0)	i.gyazo.com		104.18.25.163	A (IP address)	IN (0x0001)	false
Oct 1, 2024 20:26:06.571257114 CEST	1.1.1.1	192.168.2.4	0x63d0	No error (0)	i.gyazo.com			65	IN (0x0001)	false
Oct 1, 2024 20:26:09.881581068 CEST	1.1.1.1	192.168.2.4	0x48bc	No error (0)	www.google.com		142.250.186.68	A (IP address)	IN (0x0001)	false
Oct 1, 2024 20:26:09.883224964 CEST	1.1.1.1	192.168.2.4	0x6748	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 1, 2024 20:26:35.949295044 CEST	1.1.1.1	192.168.2.4	0x33df	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 1, 2024 20:26:35.949295044 CEST	1.1.1.1	192.168.2.4	0x33df	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

i.gyazo.com

fs.microsoft.com

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49733	104.18.24.163	443	2908	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 18:26:05 UTC	571	OUT	GET /843426683ddbd46030d521670badac8c.jpg HTTP/1.1 Host: i.gyazo.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-01 18:26:06 UTC	560	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 18:26:06 GMT Content-Type: image/jpeg Content-Length: 9905 Connection: close CF-Ray: 8cbe7fc3ce36c454-EWR CF-Cache-Status: HIT Accept-Ranges: bytes Access-Control-Allow-Origin: https://gyazo.com Cache-Control: public, max-age=31536000 ETag: "8434" Expires: Wed, 01 Oct 2025 18:26:06 GMT Set-Cookie: Gyazo_cfwoker=i; Secure; HttpOnly; SameSite=None; Expires=Tue, 01 Jan 2030 00:00:00 GMT Vary: Accept-Encoding Via: 1.1 google access-control-allow-credentials: true x-cache-level: ZS Server: cloudflare
2024-10-01 18:26:06 UTC	809	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff db 00 43 00 06 04 05 06 05 04 06 06 05 06 07 07 06 08 0a 10 0a 0a 09 09 0a 14 0e 0f 0c 10 17 14 18 18 17 14 16 16 1a 1d 25 1f 1a 1b 23 1c 16 16 20 2c 20 23 26 27 29 2a 29 19 1f 2d 30 2d 28 30 25 28 29 28 ff db 00 43 01 07 07 07 0a 08 0a 13 0a 0a 13 28 1a 16 1a 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 ff c2 00 11 08 01 4e 00 ec 03 01 22 00 02 11 01 03 11 01 ff c4 00 1b 00 01 00 03 01 01 01 01 00 00 00 00 00 00 00 00 00 00 03 04 05 02 01 06 07 ff c4 00 14 01 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff da 00 0c 03 01 00 02 10 03 10 00 00 01 fd 50 84 99 89 01 f4 4f 9e f4 fa 07 ce Data Ascii: JFIFHHC%# , #&')*)-0-(0%()(C(((((((((((((((((((((((((((((((((((((((((((((((((((N"PO
2024-10-01 18:26:06 UTC	1369	IN	Data Raw: 5b 51 e8 b9 ee 7c a5 af 73 e4 2e 00 00 33 2a 6f 0c 0d 1e c7 b5 ec d9 33 3b d0 00 21 98 7c fc 7f 48 31 ab 7d 10 c0 ef 70 52 ba 00 00 00 00 01 c7 92 08 e4 00 00 00 00 00 00 00 00 00 01 01 3b 04 6f 3e 7b 7c e8 00 00 00 00 00 00 00 00 03 27 58 62 58 d3 19 13 e8 00 00 00 00 00 00 00 00 00 00 00 00 00 3f ff c4 00 2a 10 00 01 03 03 04 01 03 05 01 01 01 00 00 00 00 00 03 00 01 02 04 12 13 10 11 14 33 30 05 31 32 15 20 21 23 40 22 60 24 ff da 00 08 01 01 00 01 05 02 fe f3 11 84 16 af 6c 6f ea a3 bb ea c1 b0 7e a8 22 1b ea c2 dd fd 58 2c a3 ea 83 75 49 51 0a a0 ff 00 29 3f 10 e4 33 a7 2b 21 49 e4 d9 5b 20 67 19 9a 47 0c 54 63 07 6f e6 33 ec 28 91 9d 8c ce 38 5f b2 99 c6 f1 72 45 db 14 c8 a0 02 46 7f cc 77 68 8b 38 d7 28 56 35 40 d7 20 6b 92 3d f9 d4 eb 9d 4e b9 d4 Data Ascii: [Q\|s.3o3;!\|H1}pR;o>{\|'XbX?3012 !#@"`$lo~"X,uIQ)?3+!I[ gGTco3(8_rEFwh8(V5@ k=N
2024-10-01 18:26:06 UTC	1369	IN	Data Raw: 00 14 11 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 ff da 00 08 01 02 01 01 3f 01 1d ff 00 ff c4 00 3f 10 00 01 02 03 03 08 06 08 06 02 02 03 00 00 00 00 01 00 02 03 11 21 12 31 32 10 13 20 22 41 51 71 81 30 72 91 92 a2 b1 04 23 33 42 61 a1 d1 e1 14 24 34 40 62 82 43 60 a3 f0 52 73 83 ff da 00 08 01 01 00 06 3f 02 fd fb e2 1b 9a 0b 94 47 be 0c 46 86 00 ef 8d 51 19 b7 f2 95 69 35 6a 4f 97 dd 08 6d 6b aa 65 f3 92 70 0c 7c c1 95 64 16 08 92 2a 14 d8 e0 22 5c b3 90 e7 2b ab fb 67 5d 76 d4 d9 47 65 d5 d5 bd 09 c5 87 75 66 ca 15 a9 1a 19 23 f8 21 28 d0 e9 fc 11 06 2b 1e d3 73 6c a7 4c 71 a2 05 ad 1d 9f b7 79 33 94 b6 20 cc f1 b4 e3 4d 54 db 5e 90 e6 f2 bd 4b f1 71 3b 88 0c e9 6b b7 d9 4c f5 e6 fd 8d bd 07 36 3b 83 65 b9 02 7d 21 c4 6e 97 ed dc 5c e2 d1 Data Ascii: ??!12 "AQq0r#3Ba$4@bC`Rs?GFQi5jOmkep\|d*"\+g]vGeuf#!(+slLqy3 MT^Kq;kL6;e}!n\
2024-10-01 18:26:06 UTC	1369	IN	Data Raw: b2 12 9a d6 87 0c 52 f1 d2 43 ea 85 cc 79 e4 32 bd 45 e5 93 55 ac 2d 96 db d4 5c e0 60 d5 f7 72 6a 00 4f c5 0d 48 52 50 f3 81 a2 be ef 0d 01 c4 27 f5 4a 1d 2c 3e a8 5c c7 9e 58 bc b2 c4 ea 9d 08 5c 4f 96 80 e2 13 fa a5 0e 96 1f 54 2e 63 cf 2c 5e 59 62 75 4e 84 2e 27 cb 40 71 09 fd 52 87 4b 0f aa 17 31 e7 96 2f 2c b1 3a a7 42 17 13 e5 a0 38 84 fe a9 43 a5 87 d5 0b 98 f3 cb 17 96 58 9d 53 a1 0b 89 f2 d0 1c 42 7f 54 a1 d2 c3 ea 85 cc 79 e5 8b cb 2c 4e a9 d0 85 c4 f9 68 0e 21 3f aa 50 e9 61 f5 42 e6 3c f2 c5 e5 96 27 54 e8 42 e2 7c b4 07 10 9f d5 28 74 b0 fa a1 73 1e 79 62 f2 cb 13 aa 74 21 71 3e 5a 03 88 4f ea 94 3a 58 7d 50 b9 8f 3c b1 79 65 89 d5 3a 10 b8 9f 2d 0a 09 d5 38 06 3e 64 21 a8 f5 81 eb 03 d6 07 ac 0f 58 1e b0 3d 60 7a c0 f5 81 eb 03 d6 07 ac 0f Data Ascii: RCy2EU-\`rjOHRP'J,>\X\OT.c,^YbuN.'@qRK1/,:B8CXSBTy,Nh!?PaB<'TB\|(tsybt!q>ZO:X}P<ye:-8>d!X=`z
2024-10-01 18:26:06 UTC	1369	IN	Data Raw: a1 67 00 f0 61 3e a1 a9 10 e4 8d 68 87 07 40 24 d3 db 1c 4c 11 ff 00 41 02 13 9d 44 76 44 a0 b0 0c 3d 48 ef c6 0f e3 c5 16 55 f5 40 a0 c0 3a 06 35 f7 44 64 cd 62 80 1c 65 d8 18 e8 10 89 63 05 e9 85 60 22 02 bf 8a bb a1 ab d0 0c 90 60 e5 4c 7a 32 e0 c8 14 72 c7 9e 79 e0 37 1d 83 2b 0f 5e 57 6e 7e 3c f3 cf 3c 0c e3 d0 35 49 ad 07 01 31 6c a7 e5 03 43 47 b2 0c 01 00 e0 98 78 27 dd 14 df 50 86 03 54 ca dd ac 35 06 d8 4c 59 06 82 ad a8 8a ae 05 e3 1b eb 87 95 90 dd 4e 3b 40 a7 18 a8 70 72 3c 0f 02 13 87 d5 03 27 ec 02 89 0e 84 68 64 1c 12 d5 0b 4e 0d 31 30 99 ae c4 29 e5 e9 e4 e9 79 eb 46 fc 29 69 41 03 5b 17 3e 6a 1c 2c e0 a8 69 82 f2 f4 f2 f4 f2 f4 f2 f4 2c 7f bd 08 24 44 05 65 0e d8 c3 11 7c 11 97 20 64 d0 d0 ee ef ef 42 75 05 07 30 84 8e e4 c0 2a 0a 80 89 Data Ascii: ga>h@$LADvD=HU@:5Ddbec`"`Lz2ry7+^Wn~<<5I1lCGx'PT5LYN;@pr<'hdN10)yF)iA[>j,i,$De\| dBu0*
2024-10-01 18:26:06 UTC	1369	IN	Data Raw: 97 71 87 74 dd cf 08 40 81 84 47 a9 e8 d2 88 a0 9a f3 a5 1b e9 13 06 3f 72 70 e1 1a 86 02 8b 44 64 ad 28 c2 4e 7b 94 65 c3 57 a9 0b 10 c8 1e 3d 10 dd d5 07 44 08 ed 00 04 cd 25 96 0c 38 3c e0 02 28 12 8f d1 1b 1d 32 00 cb 30 51 d0 6c 93 0a 64 db aa 3e 7a e0 02 e7 61 a7 54 54 45 34 85 91 a0 c3 a3 53 a7 cb e1 11 40 a0 b8 7a 2a fa 9e 5b 03 d6 26 2e 4c 6e ca 72 67 35 84 a6 76 2d 46 ff 00 97 06 47 b0 e4 46 28 23 aa 79 46 43 23 99 71 f4 aa 48 08 a0 ea 46 4d e4 07 16 3f ca 78 a6 76 90 05 4c 32 40 cb 89 9d 00 aa 60 52 76 02 27 60 a9 31 23 a6 0f 39 c2 ae ff 00 f3 ff 00 ff da 00 0c 03 01 00 02 00 03 00 00 00 10 f3 cc 38 d3 cf 3c f3 cf 3c f3 cf 38 e2 0f 2c f3 cf 3c f3 cf 3c f3 ce 00 00 00 00 10 42 00 00 00 00 f3 8c 38 d3 4f 18 20 8f 3c d3 cf 3c f2 05 3c f3 cf 3c b0 Data Ascii: qt@G?rpDd(N{eW=D%8<(20Qld>zaTTE4S@z*[&.Lnrg5v-FGF(#yFC#qHFM?xvL2@`Rv'`1#98<<8,<<B8O <<<<
2024-10-01 18:26:06 UTC	1369	IN	Data Raw: c2 3f 07 19 04 00 24 2a 93 5f 8f b8 2c 88 c6 48 04 d1 16 c8 11 df 27 3c 28 09 70 74 15 6d f6 4e 27 d1 78 22 42 20 21 c9 0e e7 f1 92 8a 95 06 45 6e 7b a4 c6 09 11 f4 00 7a 39 0f d6 32 5e 48 93 2b f1 ff 00 3c b5 f4 a0 49 4a fe f4 c1 8b 64 6d 62 40 5d 59 a6 75 8d 14 04 59 cd 53 ed fa c3 26 52 65 6a 86 6a bf b8 58 70 31 aa e9 e9 ae 3b f6 c0 28 2f 6f 06 ba da b7 d3 00 32 93 2b a2 f4 33 c7 d8 68 20 42 15 95 80 02 dd e4 c1 20 a2 00 13 32 18 11 14 49 3f f9 67 94 7c 67 94 7c 67 94 7c 67 94 7c 65 c0 88 92 bf 86 26 58 a8 6c b9 44 4c 77 cf 2c f8 cf 28 f8 cf 28 f8 cf 28 f8 cf 28 f8 cf 2a f8 c8 1b 2b 66 24 90 48 a5 11 87 20 e8 28 86 22 53 96 05 92 91 a4 3c a3 6b 77 ce 43 c9 2a 81 40 09 4b d7 b6 44 71 b2 e5 a4 09 b8 30 b9 32 91 53 ff 00 20 30 92 91 85 f0 04 64 6c 5d 63 Data Ascii: ?$_,H'<(ptmN'x"B !En{z92^H+<IJdmb@]YuYS&RejjXp1;(/o2+3h B 2I?g\|g\|g\|g\|e&XlDLw,((((+f$H ("S<kwC*@KDq02S 0dl]c
2024-10-01 18:26:06 UTC	882	IN	Data Raw: 9b 35 36 6d fa c4 16 6e 8c 49 1b 83 78 eb 1a c1 d0 26 6c 33 42 26 42 5a 2d 82 0c 50 32 4f 60 ff 00 7b f2 85 a4 54 4a f5 59 03 88 ab ec 52 2b fa 15 81 99 29 21 71 17 fa c6 20 08 40 24 07 49 19 ff 00 e3 97 f4 c8 41 4a 06 13 0e bb 15 8b 40 aa 70 ba 23 a0 68 f6 78 70 12 0a 42 94 2b b5 ec d6 09 63 a5 04 9b 9a ae bb cb 84 01 02 4a 26 19 3e ed 28 2d 89 41 99 28 28 be a9 85 6b 10 4a 88 11 53 18 89 ef 84 8f c2 06 92 05 31 12 ac e5 29 47 2b 04 79 b6 30 d4 61 69 35 5b 87 eb 2f 1c 4e 22 50 cd aa 69 b5 87 6d df e8 50 dc 1b 1a 36 c8 d6 12 0a 81 40 ca 49 d2 bb d6 9e bd 17 c5 4c 0c d9 69 87 bf 4d 6b 20 38 20 8a 76 10 ad e8 d1 63 ec 6c ca 29 b4 be a5 46 d6 9e b4 61 8c 9a 45 63 65 1f 87 25 7e 58 24 8f d1 1e 9d 44 2f ee ca b9 4d 69 28 99 05 50 fc b0 f6 9a 95 b4 00 16 91 65 Data Ascii: 56mnIx&l3B&BZ-P2O`{TJYR+)!q @$IAJ@p#hxpB+cJ&>(-A((kJS1)G+y0ai5[/N"PimP6@ILiMk 8 vcl)FaEce%~X$D/Mi(Pe

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49734	104.18.24.163	443	2908	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 18:26:05 UTC	571	OUT	GET /40a8327b4278a35bc0c3d6a6d1a4a52d.png HTTP/1.1 Host: i.gyazo.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-01 18:26:06 UTC	559	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 18:26:06 GMT Content-Type: image/png Content-Length: 2676 Connection: close CF-Ray: 8cbe7fc3ca17c3fa-EWR CF-Cache-Status: HIT Accept-Ranges: bytes Access-Control-Allow-Origin: https://gyazo.com Cache-Control: public, max-age=31536000 ETag: "40a8" Expires: Wed, 01 Oct 2025 18:26:06 GMT Set-Cookie: Gyazo_cfwoker=i; Secure; HttpOnly; SameSite=None; Expires=Tue, 01 Jan 2030 00:00:00 GMT Vary: Accept-Encoding Via: 1.1 google access-control-allow-credentials: true x-cache-level: ZS Server: cloudflare
2024-10-01 18:26:06 UTC	810	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 2c 00 00 00 a8 08 03 00 00 00 6d f5 23 3d 00 00 00 87 50 4c 54 45 00 87 39 ff ff ff 00 85 35 00 83 2e 3e 97 5a 00 80 28 78 b1 89 00 7f 24 00 85 34 b0 d2 bc 00 84 31 00 7c 1a 00 81 2b 81 b7 93 00 7d 1e cd e1 d3 00 8b 40 b7 d5 c1 c2 d9 c8 1e 90 4b 43 9b 62 56 a2 6f 4d 9f 69 9d c7 ac f5 fb f9 8e bc 9b dc ec e3 e5 f1 ea a7 cc b3 94 c1 a3 00 74 00 7d b4 8e 69 ab 7f e2 ef e8 d4 e7 db 1c 8f 49 c7 df d0 72 b0 86 2e 93 52 60 a8 79 00 7a 10 00 71 00 35 95 57 5a a4 73 ed f6 f2 39 19 73 05 00 00 09 a8 49 44 41 54 78 9c ed 9d 89 96 aa 38 10 86 21 88 41 82 b8 ef da 6e b8 8c fa fe cf 37 90 8d 00 41 14 94 be da f5 9d 33 73 ae 22 21 f9 ad 24 95 4a c5 36 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: PNGIHDR,m#=PLTE95.>Z(x$41\|+}@KCbVoMit}iIr.R`yzq5WZs9sIDATx8!An7A3s"!$J6
2024-10-01 18:26:06 UTC	1369	IN	Data Raw: 6f b2 71 7c 35 2b 0a d9 f6 3a 10 f5 9b f6 4f 24 51 af 92 62 dd d8 38 75 09 ff 39 8a ca 2b 32 ac 37 8b e5 f1 56 84 1e 5f e2 be 03 7f bb ab b4 ce 76 57 89 bc a9 f9 3a 56 cb b2 96 a9 76 9e d4 02 cb 7a f0 2c 39 81 2c b8 6c 79 86 25 b7 ef 69 41 a9 8d fb a7 9d d2 fc 6e 48 44 fb c7 4a 41 c8 e2 6f 6e 62 39 1c 3c 49 d7 71 27 97 19 fe 21 7d 2d 94 9f 54 17 6b 47 cb f0 56 2c b7 2f d7 b0 5e bb dc c9 17 cb 39 f2 07 aa f9 38 3e 8f 02 f7 e3 f6 da 8d 5b a6 8e b2 54 d2 ca 5c 33 23 17 3c be bb ec da b0 11 0d 0f 61 cf a2 53 61 ee 88 55 97 58 86 2d 42 5e 71 47 74 47 5c 3f 5b b6 0d 6b 4c c7 6c f1 52 49 a0 bc a9 2c 7c 7b 52 ad d2 62 f5 a9 0e d6 81 1a 56 6e 5c 22 da 37 f4 c4 be a1 e1 25 79 61 37 34 8c b3 70 5d 64 47 f4 79 83 af b2 6c bc 4e 54 8e 47 49 98 eb 63 f8 72 b8 ea 9f 2c Data Ascii: oq\|5+:O$Qb8u9+27V_vW:Vvz,9,ly%iAnHDJAonb9<Iq'!}-TkGV,/^98>[T\3#<aSaUX-B^qGtG\?[kLlRI,\|{RbVn\"7%ya74p]dGylNTGIcr,
2024-10-01 18:26:06 UTC	497	IN	Data Raw: fa c1 f7 f4 ac dc b4 a9 ef 12 4b c6 de d5 e0 68 bc 35 16 6f 88 91 a6 a6 04 11 96 b7 8e 39 bf e4 54 d3 98 25 79 af 58 62 30 4f 1d 11 93 f1 9a 38 df c1 33 b2 de 60 5f 0e 73 39 ab 90 b1 f3 49 62 dd 0b 91 87 62 c9 c4 bf 71 aa 18 19 84 d8 c8 0b 08 77 97 89 1c ad c5 4a c9 0b c4 97 4c 2a c2 76 26 53 55 3f e2 d8 2f 6a b4 d7 79 b4 c3 9a 8b 94 d2 4d da fd 76 86 fc 46 f5 08 27 f2 c8 a5 dd db 6d 17 8b 79 b0 6c ee 49 62 b1 e8 60 a3 dd 91 bd 71 1a cc 06 c4 92 d7 9d 11 3d 24 da de ff cb 62 dd 3b f6 4b 9b 92 97 ac 6c 38 fa c3 c1 88 67 2b 63 db ca b4 1b 59 98 74 c7 9b c3 e1 34 44 04 27 af 3b f1 23 df 20 96 3c a8 43 cf ee 6c 13 67 77 b6 0f 9f dd a9 1d 9a 08 af cb 84 2f be b3 82 58 43 f2 8a c3 99 1f 44 15 b1 46 c5 3f e6 07 62 81 58 25 d0 46 bc 93 80 58 82 07 7e f8 10 c4 92 Data Ascii: Kh5o9T%yXb0O83`_s9IbbqwJL*v&SU?/jyMvF'mylIb`q=$b;Kl8g+cYt4D';# <Clgw/XCDF?bX%FX~

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49740	104.18.24.163	443	2908	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 18:26:07 UTC	396	OUT	GET /40a8327b4278a35bc0c3d6a6d1a4a52d.png HTTP/1.1 Host: i.gyazo.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: Gyazo_cfwoker=i
2024-10-01 18:26:07 UTC	567	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 18:26:07 GMT Content-Type: image/png Content-Length: 2676 Connection: close CF-Ray: 8cbe7fcaacf47ce7-EWR CF-Cache-Status: HIT Accept-Ranges: bytes Access-Control-Allow-Origin: https://gyazo.com Age: 1 Cache-Control: public, max-age=31536000 ETag: "40a8" Expires: Wed, 01 Oct 2025 18:26:07 GMT Set-Cookie: Gyazo_cfwoker=i; Secure; HttpOnly; SameSite=None; Expires=Tue, 01 Jan 2030 00:00:00 GMT Vary: Accept-Encoding Via: 1.1 google access-control-allow-credentials: true x-cache-level: ZS Server: cloudflare
2024-10-01 18:26:07 UTC	802	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 2c 00 00 00 a8 08 03 00 00 00 6d f5 23 3d 00 00 00 87 50 4c 54 45 00 87 39 ff ff ff 00 85 35 00 83 2e 3e 97 5a 00 80 28 78 b1 89 00 7f 24 00 85 34 b0 d2 bc 00 84 31 00 7c 1a 00 81 2b 81 b7 93 00 7d 1e cd e1 d3 00 8b 40 b7 d5 c1 c2 d9 c8 1e 90 4b 43 9b 62 56 a2 6f 4d 9f 69 9d c7 ac f5 fb f9 8e bc 9b dc ec e3 e5 f1 ea a7 cc b3 94 c1 a3 00 74 00 7d b4 8e 69 ab 7f e2 ef e8 d4 e7 db 1c 8f 49 c7 df d0 72 b0 86 2e 93 52 60 a8 79 00 7a 10 00 71 00 35 95 57 5a a4 73 ed f6 f2 39 19 73 05 00 00 09 a8 49 44 41 54 78 9c ed 9d 89 96 aa 38 10 86 21 88 41 82 b8 ef da 6e b8 8c fa fe cf 37 90 8d 00 41 14 94 be da f5 9d 33 73 ae 22 21 f9 ad 24 95 4a c5 36 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: PNGIHDR,m#=PLTE95.>Z(x$41\|+}@KCbVoMit}iIr.R`yzq5WZs9sIDATx8!An7A3s"!$J6
2024-10-01 18:26:07 UTC	1369	IN	Data Raw: c8 b1 dd ea cc b7 f3 5d 6f b2 71 7c 35 2b 0a d9 f6 3a 10 f5 9b f6 4f 24 51 af 92 62 dd d8 38 75 09 ff 39 8a ca 2b 32 ac 37 8b e5 f1 56 84 1e 5f e2 be 03 7f bb ab b4 ce 76 57 89 bc a9 f9 3a 56 cb b2 96 a9 76 9e d4 02 cb 7a f0 2c 39 81 2c b8 6c 79 86 25 b7 ef 69 41 a9 8d fb a7 9d d2 fc 6e 48 44 fb c7 4a 41 c8 e2 6f 6e 62 39 1c 3c 49 d7 71 27 97 19 fe 21 7d 2d 94 9f 54 17 6b 47 cb f0 56 2c b7 2f d7 b0 5e bb dc c9 17 cb 39 f2 07 aa f9 38 3e 8f 02 f7 e3 f6 da 8d 5b a6 8e b2 54 d2 ca 5c 33 23 17 3c be bb ec da b0 11 0d 0f 61 cf a2 53 61 ee 88 55 97 58 86 2d 42 5e 71 47 74 47 5c 3f 5b b6 0d 6b 4c c7 6c f1 52 49 a0 bc a9 2c 7c 7b 52 ad d2 62 f5 a9 0e d6 81 1a 56 6e 5c 22 da 37 f4 c4 be a1 e1 25 79 61 37 34 8c b3 70 5d 64 47 f4 79 83 af b2 6c bc 4e 54 8e 47 49 98 Data Ascii: ]oq\|5+:O$Qb8u9+27V_vW:Vvz,9,ly%iAnHDJAonb9<Iq'!}-TkGV,/^98>[T\3#<aSaUX-B^qGtG\?[kLlRI,\|{RbVn\"7%ya74p]dGylNTGI
2024-10-01 18:26:07 UTC	505	IN	Data Raw: 82 a3 d2 56 64 b0 46 9f fa c1 f7 f4 ac dc b4 a9 ef 12 4b c6 de d5 e0 68 bc 35 16 6f 88 91 a6 a6 04 11 96 b7 8e 39 bf e4 54 d3 98 25 79 af 58 62 30 4f 1d 11 93 f1 9a 38 df c1 33 b2 de 60 5f 0e 73 39 ab 90 b1 f3 49 62 dd 0b 91 87 62 c9 c4 bf 71 aa 18 19 84 d8 c8 0b 08 77 97 89 1c ad c5 4a c9 0b c4 97 4c 2a c2 76 26 53 55 3f e2 d8 2f 6a b4 d7 79 b4 c3 9a 8b 94 d2 4d da fd 76 86 fc 46 f5 08 27 f2 c8 a5 dd db 6d 17 8b 79 b0 6c ee 49 62 b1 e8 60 a3 dd 91 bd 71 1a cc 06 c4 92 d7 9d 11 3d 24 da de ff cb 62 dd 3b f6 4b 9b 92 97 ac 6c 38 fa c3 c1 88 67 2b 63 db ca b4 1b 59 98 74 c7 9b c3 e1 34 44 04 27 af 3b f1 23 df 20 96 3c a8 43 cf ee 6c 13 67 77 b6 0f 9f dd a9 1d 9a 08 af cb 84 2f be b3 82 58 43 f2 8a c3 99 1f 44 15 b1 46 c5 3f e6 07 62 81 58 25 d0 46 bc 93 80 Data Ascii: VdFKh5o9T%yXb0O83`_s9IbbqwJL*v&SU?/jyMvF'mylIb`q=$b;Kl8g+cYt4D';# <Clgw/XCDF?bX%F

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49741	104.18.24.163	443	2908	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 18:26:07 UTC	396	OUT	GET /843426683ddbd46030d521670badac8c.jpg HTTP/1.1 Host: i.gyazo.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: Gyazo_cfwoker=i
2024-10-01 18:26:07 UTC	583	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 18:26:07 GMT Content-Type: image/jpeg Content-Length: 9905 Connection: close CF-Ray: 8cbe7fcab9f5238a-EWR CF-Cache-Status: HIT Accept-Ranges: bytes Access-Control-Allow-Origin: https://gyazo.com Age: 1 Cache-Control: public, max-age=31536000 ETag: "8434" Expires: Wed, 01 Oct 2025 18:26:07 GMT Set-Cookie: Gyazo_cfwoker=i; Secure; HttpOnly; SameSite=None; Expires=Tue, 01 Jan 2030 00:00:00 GMT Vary: Accept-Encoding Via: 1.1 google access-control-allow-credentials: true Cf-Bgj: h2pri x-cache-level: ZS Server: cloudflare
2024-10-01 18:26:07 UTC	786	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff db 00 43 00 06 04 05 06 05 04 06 06 05 06 07 07 06 08 0a 10 0a 0a 09 09 0a 14 0e 0f 0c 10 17 14 18 18 17 14 16 16 1a 1d 25 1f 1a 1b 23 1c 16 16 20 2c 20 23 26 27 29 2a 29 19 1f 2d 30 2d 28 30 25 28 29 28 ff db 00 43 01 07 07 07 0a 08 0a 13 0a 0a 13 28 1a 16 1a 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 ff c2 00 11 08 01 4e 00 ec 03 01 22 00 02 11 01 03 11 01 ff c4 00 1b 00 01 00 03 01 01 01 01 00 00 00 00 00 00 00 00 00 00 03 04 05 02 01 06 07 ff c4 00 14 01 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff da 00 0c 03 01 00 02 10 03 10 00 00 01 fd 50 84 99 89 01 f4 4f 9e f4 fa 07 ce Data Ascii: JFIFHHC%# , #&')*)-0-(0%()(C(((((((((((((((((((((((((((((((((((((((((((((((((((N"PO
2024-10-01 18:26:07 UTC	1369	IN	Data Raw: 6a 69 54 2a c9 cf 66 d0 1e 7b 09 27 5f 3f c9 f4 5e 61 f2 6f f9 83 a6 5b 51 e8 b9 ee 7c a5 af 73 e4 2e 00 00 33 2a 6f 0c 0d 1e c7 b5 ec d9 33 3b d0 00 21 98 7c fc 7f 48 31 ab 7d 10 c0 ef 70 52 ba 00 00 00 00 01 c7 92 08 e4 00 00 00 00 00 00 00 00 00 01 01 3b 04 6f 3e 7b 7c e8 00 00 00 00 00 00 00 00 03 27 58 62 58 d3 19 13 e8 00 00 00 00 00 00 00 00 00 00 00 00 00 3f ff c4 00 2a 10 00 01 03 03 04 01 03 05 01 01 01 00 00 00 00 00 03 00 01 02 04 12 13 10 11 14 33 30 05 31 32 15 20 21 23 40 22 60 24 ff da 00 08 01 01 00 01 05 02 fe f3 11 84 16 af 6c 6f ea a3 bb ea c1 b0 7e a8 22 1b ea c2 dd fd 58 2c a3 ea 83 75 49 51 0a a0 ff 00 29 3f 10 e4 33 a7 2b 21 49 e4 d9 5b 20 67 19 9a 47 0c 54 63 07 6f e6 33 ec 28 91 9d 8c ce 38 5f b2 99 c6 f1 72 45 db 14 c8 a0 02 46 Data Ascii: jiTf{'_?^ao[Q\|s.3o3;!\|H1}pR;o>{\|'XbX?*3012 !#@"`$lo~"X,uIQ)?3+!I[ gGTco3(8_rEF
2024-10-01 18:26:07 UTC	1369	IN	Data Raw: 00 00 00 00 00 00 00 80 ff da 00 08 01 03 01 01 3f 01 1d ff 00 ff c4 00 14 11 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 ff da 00 08 01 02 01 01 3f 01 1d ff 00 ff c4 00 3f 10 00 01 02 03 03 08 06 08 06 02 02 03 00 00 00 00 01 00 02 03 11 21 12 31 32 10 13 20 22 41 51 71 81 30 72 91 92 a2 b1 04 23 33 42 61 a1 d1 e1 14 24 34 40 62 82 43 60 a3 f0 52 73 83 ff da 00 08 01 01 00 06 3f 02 fd fb e2 1b 9a 0b 94 47 be 0c 46 86 00 ef 8d 51 19 b7 f2 95 69 35 6a 4f 97 dd 08 6d 6b aa 65 f3 92 70 0c 7c c1 95 64 16 08 92 2a 14 d8 e0 22 5c b3 90 e7 2b ab fb 67 5d 76 d4 d9 47 65 d5 d5 bd 09 c5 87 75 66 ca 15 a9 1a 19 23 f8 21 28 d0 e9 fc 11 06 2b 1e d3 73 6c a7 4c 71 a2 05 ad 1d 9f b7 79 33 94 b6 20 cc f1 b4 e3 4d 54 db 5e 90 e6 f2 bd 4b f1 71 3b 88 0c e9 6b b7 d9 Data Ascii: ???!12 "AQq0r#3Ba$4@bC`Rs?GFQi5jOmkep\|d*"\+g]vGeuf#!(+slLqy3 MT^Kq;k
2024-10-01 18:26:07 UTC	1369	IN	Data Raw: 9b f9 a7 6c a4 93 25 14 c4 d6 db c3 40 71 0a 2c e5 66 cd 16 ab 21 39 b2 12 9a d6 87 0c 52 f1 d2 43 ea 85 cc 79 e4 32 bd 45 e5 93 55 ac 2d 96 db d4 5c e0 60 d5 f7 72 6a 00 4f c5 0d 48 52 50 f3 81 a2 be ef 0d 01 c4 27 f5 4a 1d 2c 3e a8 5c c7 9e 58 bc b2 c4 ea 9d 08 5c 4f 96 80 e2 13 fa a5 0e 96 1f 54 2e 63 cf 2c 5e 59 62 75 4e 84 2e 27 cb 40 71 09 fd 52 87 4b 0f aa 17 31 e7 96 2f 2c b1 3a a7 42 17 13 e5 a0 38 84 fe a9 43 a5 87 d5 0b 98 f3 cb 17 96 58 9d 53 a1 0b 89 f2 d0 1c 42 7f 54 a1 d2 c3 ea 85 cc 79 e5 8b cb 2c 4e a9 d0 85 c4 f9 68 0e 21 3f aa 50 e9 61 f5 42 e6 3c f2 c5 e5 96 27 54 e8 42 e2 7c b4 07 10 9f d5 28 74 b0 fa a1 73 1e 79 62 f2 cb 13 aa 74 21 71 3e 5a 03 88 4f ea 94 3a 58 7d 50 b9 8f 3c b1 79 65 89 d5 3a 10 b8 9f 2d 0a 09 d5 38 06 3e 64 21 a8 Data Ascii: l%@q,f!9RCy2EU-\`rjOHRP'J,>\X\OT.c,^YbuN.'@qRK1/,:B8CXSBTy,Nh!?PaB<'TB\|(tsybt!q>ZO:X}P<ye:-8>d!
2024-10-01 18:26:07 UTC	1369	IN	Data Raw: c4 1d b9 e4 c2 e0 ce 10 08 68 d4 82 4d 90 d2 2a 44 80 64 67 f9 5a fb a1 67 00 f0 61 3e a1 a9 10 e4 8d 68 87 07 40 24 d3 db 1c 4c 11 ff 00 41 02 13 9d 44 76 44 a0 b0 0c 3d 48 ef c6 0f e3 c5 16 55 f5 40 a0 c0 3a 06 35 f7 44 64 cd 62 80 1c 65 d8 18 e8 10 89 63 05 e9 85 60 22 02 bf 8a bb a1 ab d0 0c 90 60 e5 4c 7a 32 e0 c8 14 72 c7 9e 79 e0 37 1d 83 2b 0f 5e 57 6e 7e 3c f3 cf 3c 0c e3 d0 35 49 ad 07 01 31 6c a7 e5 03 43 47 b2 0c 01 00 e0 98 78 27 dd 14 df 50 86 03 54 ca dd ac 35 06 d8 4c 59 06 82 ad a8 8a ae 05 e3 1b eb 87 95 90 dd 4e 3b 40 a7 18 a8 70 72 3c 0f 02 13 87 d5 03 27 ec 02 89 0e 84 68 64 1c 12 d5 0b 4e 0d 31 30 99 ae c4 29 e5 e9 e4 e9 79 eb 46 fc 29 69 41 03 5b 17 3e 6a 1c 2c e0 a8 69 82 f2 f4 f2 f4 f2 f4 f2 f4 2c 7f bd 08 24 44 05 65 0e d8 c3 11 Data Ascii: hM*DdgZga>h@$LADvD=HU@:5Ddbec`"`Lz2ry7+^Wn~<<5I1lCGx'PT5LYN;@pr<'hdN10)yF)iA[>j,i,$De
2024-10-01 18:26:07 UTC	1369	IN	Data Raw: e5 9a fc 82 e0 d5 f6 91 dd 22 28 fc 61 09 98 5c c8 74 0d 4f e2 04 8a 97 71 87 74 dd cf 08 40 81 84 47 a9 e8 d2 88 a0 9a f3 a5 1b e9 13 06 3f 72 70 e1 1a 86 02 8b 44 64 ad 28 c2 4e 7b 94 65 c3 57 a9 0b 10 c8 1e 3d 10 dd d5 07 44 08 ed 00 04 cd 25 96 0c 38 3c e0 02 28 12 8f d1 1b 1d 32 00 cb 30 51 d0 6c 93 0a 64 db aa 3e 7a e0 02 e7 61 a7 54 54 45 34 85 91 a0 c3 a3 53 a7 cb e1 11 40 a0 b8 7a 2a fa 9e 5b 03 d6 26 2e 4c 6e ca 72 67 35 84 a6 76 2d 46 ff 00 97 06 47 b0 e4 46 28 23 aa 79 46 43 23 99 71 f4 aa 48 08 a0 ea 46 4d e4 07 16 3f ca 78 a6 76 90 05 4c 32 40 cb 89 9d 00 aa 60 52 76 02 27 60 a9 31 23 a6 0f 39 c2 ae ff 00 f3 ff 00 ff da 00 0c 03 01 00 02 00 03 00 00 00 10 f3 cc 38 d3 cf 3c f3 cf 3c f3 cf 38 e2 0f 2c f3 cf 3c f3 cf 3c f3 ce 00 00 00 00 10 42 Data Ascii: "(a\tOqt@G?rpDd(N{eW=D%8<(20Qld>zaTTE4S@z*[&.Lnrg5v-FGF(#yFC#qHFM?xvL2@`Rv'`1#98<<8,<<B
2024-10-01 18:26:07 UTC	1369	IN	Data Raw: e2 5a 12 15 da 1d 74 82 33 87 11 06 00 5b 17 31 7f 18 79 ea 13 d8 1f c2 3f 07 19 04 00 24 2a 93 5f 8f b8 2c 88 c6 48 04 d1 16 c8 11 df 27 3c 28 09 70 74 15 6d f6 4e 27 d1 78 22 42 20 21 c9 0e e7 f1 92 8a 95 06 45 6e 7b a4 c6 09 11 f4 00 7a 39 0f d6 32 5e 48 93 2b f1 ff 00 3c b5 f4 a0 49 4a fe f4 c1 8b 64 6d 62 40 5d 59 a6 75 8d 14 04 59 cd 53 ed fa c3 26 52 65 6a 86 6a bf b8 58 70 31 aa e9 e9 ae 3b f6 c0 28 2f 6f 06 ba da b7 d3 00 32 93 2b a2 f4 33 c7 d8 68 20 42 15 95 80 02 dd e4 c1 20 a2 00 13 32 18 11 14 49 3f f9 67 94 7c 67 94 7c 67 94 7c 67 94 7c 65 c0 88 92 bf 86 26 58 a8 6c b9 44 4c 77 cf 2c f8 cf 28 f8 cf 28 f8 cf 28 f8 cf 28 f8 cf 2a f8 c8 1b 2b 66 24 90 48 a5 11 87 20 e8 28 86 22 53 96 05 92 91 a4 3c a3 6b 77 ce 43 c9 2a 81 40 09 4b d7 b6 44 71 Data Ascii: Zt3[1y?$_,H'<(ptmN'x"B !En{z92^H+<IJdmb@]YuYS&RejjXp1;(/o2+3h B 2I?g\|g\|g\|g\|e&XlDLw,((((+f$H ("S<kwC*@KDq
2024-10-01 18:26:07 UTC	905	IN	Data Raw: 06 0c 18 17 1c 01 bf 8f 09 60 1c 3d 7f a0 14 33 fa 0f ae 0c 1b ce 7b 9b 35 36 6d fa c4 16 6e 8c 49 1b 83 78 eb 1a c1 d0 26 6c 33 42 26 42 5a 2d 82 0c 50 32 4f 60 ff 00 7b f2 85 a4 54 4a f5 59 03 88 ab ec 52 2b fa 15 81 99 29 21 71 17 fa c6 20 08 40 24 07 49 19 ff 00 e3 97 f4 c8 41 4a 06 13 0e bb 15 8b 40 aa 70 ba 23 a0 68 f6 78 70 12 0a 42 94 2b b5 ec d6 09 63 a5 04 9b 9a ae bb cb 84 01 02 4a 26 19 3e ed 28 2d 89 41 99 28 28 be a9 85 6b 10 4a 88 11 53 18 89 ef 84 8f c2 06 92 05 31 12 ac e5 29 47 2b 04 79 b6 30 d4 61 69 35 5b 87 eb 2f 1c 4e 22 50 cd aa 69 b5 87 6d df e8 50 dc 1b 1a 36 c8 d6 12 0a 81 40 ca 49 d2 bb d6 9e bd 17 c5 4c 0c d9 69 87 bf 4d 6b 20 38 20 8a 76 10 ad e8 d1 63 ec 6c ca 29 b4 be a5 46 d6 9e b4 61 8c 9a 45 63 65 1f 87 25 7e 58 24 8f d1 Data Ascii: `=3{56mnIx&l3B&BZ-P2O`{TJYR+)!q @$IAJ@p#hxpB+cJ&>(-A((kJS1)G+y0ai5[/N"PimP6@ILiMk 8 vcl)FaEce%~X$

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49746	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-01 18:26:10 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-01 18:26:11 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=166779 Date: Tue, 01 Oct 2024 18:26:11 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49747	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-01 18:26:12 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-01 18:26:12 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=166722 Date: Tue, 01 Oct 2024 18:26:12 GMT Content-Length: 55 Connection: close X-CID: 2
2024-10-01 18:26:12 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49751	4.175.87.197	443

Timestamp	Bytes transferred	Direction	Data
2024-10-01 18:26:35 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=A5oXPEzC8sWrgDY&MD=PgsMh2+o HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-01 18:26:35 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: bb315e61-8a4d-469e-b32d-f05a5e976bdc MS-RequestId: cf47013f-e9b9-4586-8b4f-a3e6b0621967 MS-CV: PgEGp+P98kmckGg6.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Tue, 01 Oct 2024 18:26:35 GMT Connection: close Content-Length: 24490
2024-10-01 18:26:35 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-10-01 18:26:35 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	63220	4.175.87.197	443

Timestamp	Bytes transferred	Direction	Data
2024-10-01 18:27:13 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=A5oXPEzC8sWrgDY&MD=PgsMh2+o HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-01 18:27:13 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: b9e37810-33bc-42c4-94ce-4d0a0a529846 MS-RequestId: 82e0b8e7-d0be-4b3c-a4f4-b1dd233f3f3a MS-CV: 5phcVPEBpEW0zzVj.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Tue, 01 Oct 2024 18:27:13 GMT Connection: close Content-Length: 30005
2024-10-01 18:27:13 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-10-01 18:27:13 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 4432, Parent PID: 1596

General

Target ID:	0
Start time:	14:26:01
Start date:	01/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\PO#150623.html"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 2908, Parent PID: 4432

General

Target ID:	2
Start time:	14:26:03
Start date:	01/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 --field-trial-handle=2252,i,2106847254082382091,4944369899380202969,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report PO#150623.html

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 127

Chrome Cache Entry: 128

Chrome Cache Entry: 129

Chrome Cache Entry: 130

Static File Info

General

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 4432, Parent PID: 1596

General

Chronological Activities

Analysis Process: chrome.exePID: 2908, Parent PID: 4432

General

Chronological Activities

Disassembly

Windows Analysis Report
PO#150623.html