Edit tour

Windows Analysis Report
https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiHjX8DoCw-2F6wUeQ27RvG2-2F-2FyOCUgAe-2BapJJCrwiDoubXwxmIHQZ2do2nzugRpbj8sUFd6CN1kXQoK6DZheR-2FZcSl-2BG8nPyiUMp-2BXnWxSbhgmy-2FWwzycK19XehhV0HHwb0m9518omDv25WdhbqkS8HDJ2-2Fg-2F3DdJp1feIpcvm97HbFBOMr-2Fk21r9f0CAx

Overview

General Information

Sample URL:	https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiHjX8DoCw-2F6wUeQ27RvG2-2F-2FyOCUgAe-2BapJJCrwiDoubXwxmIHQZ2do2nzugRpbj8sUFd6CN1kXQoK6DZheR-2FZcSl-2BG8nPyiUMp
Analysis ID:	1541006
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Detected non-DNS traffic on DNS port

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5280 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7160 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1900,i,1981889510303664643,3109297267778171361,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6884 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiHjX8DoCw-2F6wUeQ27RvG2-2F-2FyOCUgAe-2BapJJCrwiDoubXwxmIHQZ2do2nzugRpbj8sUFd6CN1kXQoK6DZheR-2FZcSl-2BG8nPyiUMp-2BXnWxSbhgmy-2FWwzycK19XehhV0HHwb0m9518omDv25WdhbqkS8HDJ2-2Fg-2F3DdJp1feIpcvm97HbFBOMr-2Fk21r9f0CAx8zbwI3YI4bGZHfv9umE%20completed" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiHjX8DoCw-2F6wUeQ27RvG2-2F-2FyOCUgAe-2BapJJCrwiDoubXwxmIHQZ2do2nzugRpbj8sUFd6CN1kXQoK6DZheR-2FZcSl-2BG8nPyiUMp-2BXnWxSbhgmy-2FWwzycK19XehhV0HHwb0m9518omDv25WdhbqkS8HDJ2-2Fg-2F3DdJp1feIpcvm97HbFBOMr-2Fk21r9f0CAx8zbwI3YI4bGZHfv9umE%20completed

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49460 version: TLS 1.2

Source: global traffic

TCP traffic: 192.168.2.8:49459 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45

Source: global traffic	HTTP traffic detected: GET /ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiHjX8DoCw-2F6wUeQ27RvG2-2F-2FyOCUgAe-2BapJJCrwiDoubXwxmIHQZ2do2nzugRpbj8sUFd6CN1kXQoK6DZheR-2FZcSl-2BG8nPyiUMp-2BXnWxSbhgmy-2FWwzycK19XehhV0HHwb0m9518omDv25WdhbqkS8HDJ2-2Fg-2F3DdJp1feIpcvm97HbFBOMr-2Fk21r9f0CAx8zbwI3YI4bGZHfv9umE%20completed HTTP/1.1Host: email.sg.on24event.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: email.sg.on24event.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiHjX8DoCw-2F6wUeQ27RvG2-2F-2FyOCUgAe-2BapJJCrwiDoubXwxmIHQZ2do2nzugRpbj8sUFd6CN1kXQoK6DZheR-2FZcSl-2BG8nPyiUMp-2BXnWxSbhgmy-2FWwzycK19XehhV0HHwb0m9518omDv25WdhbqkS8HDJ2-2Fg-2F3DdJp1feIpcvm97HbFBOMr-2Fk21r9f0CAx8zbwI3YI4bGZHfv9umE%20completedAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: email.sg.on24event.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 24 Oct 2024 08:31:10 GMTContent-Type: text/htmlContent-Length: 564Connection: close

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49460 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49466
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49460
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49466 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49460 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@21/10@6/5

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1900,i,1981889510303664643,3109297267778171361,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiHjX8DoCw-2F6wUeQ27RvG2-2F-2FyOCUgAe-2BapJJCrwiDoubXwxmIHQZ2do2nzugRpbj8sUFd6CN1kXQoK6DZheR-2FZcSl-2BG8nPyiUMp-2BXnWxSbhgmy-2FWwzycK19XehhV0HHwb0m9518omDv25WdhbqkS8HDJ2-2Fg-2F3DdJp1feIpcvm97HbFBOMr-2Fk21r9f0CAx8zbwI3YI4bGZHfv9umE%20completed"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1900,i,1981889510303664643,3109297267778171361,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
www.google.com	172.217.18.4	true	false	unknown
r-email.sg.on24event.com	199.83.44.68	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown
email.sg.on24event.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://email.sg.on24event.com/favicon.ico	false		unknown
https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiHjX8DoCw-2F6wUeQ27RvG2-2F-2FyOCUgAe-2BapJJCrwiDoubXwxmIHQZ2do2nzugRpbj8sUFd6CN1kXQoK6DZheR-2FZcSl-2BG8nPyiUMp-2BXnWxSbhgmy-2FWwzycK19XehhV0HHwb0m9518omDv25WdhbqkS8HDJ2-2Fg-2F3DdJp1feIpcvm97HbFBOMr-2Fk21r9f0CAx8zbwI3YI4bGZHfv9umE%20completed	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.196	unknown	United States	15169	GOOGLEUS	false
172.217.18.4	www.google.com	United States	15169	GOOGLEUS	false
199.83.44.68	r-email.sg.on24event.com	United States	18742	ON24-SACUS	false

Private

IP
192.168.2.8

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1541006
Start date and time:	2024-10-24 10:30:09 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 56s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiHjX8DoCw-2F6wUeQ27RvG2-2F-2FyOCUgAe-2BapJJCrwiDoubXwxmIHQZ2do2nzugRpbj8sUFd6CN1kXQoK6DZheR-2FZcSl-2BG8nPyiUMp-2BXnWxSbhgmy-2FWwzycK19XehhV0HHwb0m9518omDv25WdhbqkS8HDJ2-2Fg-2F3DdJp1feIpcvm97HbFBOMr-2Fk21r9f0CAx8zbwI3YI4bGZHfv9umE%20completed
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.win@21/10@6/5

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.67, 142.250.186.78, 142.251.168.84, 34.104.35.123, 52.149.20.212, 13.95.31.18, 192.229.221.95, 20.242.39.171, 172.217.18.3
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, ocsp.edge.digicert.com, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiHjX8DoCw-2F6wUeQ27RvG2-2F-2FyOCUgAe-2BapJJCrwiDoubXwxmIHQZ2do2nzugRpbj8sUFd6CN1kXQoK6DZheR-2FZcSl-2BG8nPyiUMp-2BXnWxSbhgmy-2FWwzycK19XehhV0HHwb0m9518omDv25WdhbqkS8HDJ2-2Fg-2F3DdJp1feIpcvm97HbFBOMr-2Fk21r9f0CAx8zbwI3YI4bGZHfv9umE%20completed

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Input	Output
URL: https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiHjX8DoCw-2F6wUeQ27RvG2-2F-2FyOCUgAe-2BapJJCrwiDoubXwxmIHQZ2do2nzugRpbj8sUFd6CN1kXQoK6DZheR-2FZcSl-2BG8nPyiUMp-2BXnWxSbhgmy-2FWwzycK19XehhV0HHwb0m9518omDv25WdhbqkS8H Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "You have clicked on an invalid link. Please make sure that you have typed the link correctly. If are copying this link from a mail reader please ensure that you have copied all the lines in the link.", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false }

URL: https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiHjX8DoCw-2F6wUeQ27RvG2-2F-2FyOCUgAe-2BapJJCrwiDoubXwxmIHQZ2do2nzugRpbj8sUFd6CN1kXQoK6DZheR-2FZcSl-2BG8nPyiUMp-2BXnWxSbhgmy-2FWwzycK19XehhV0HHwb0m9518omDv25WdhbqkS8H Model: claude-3-haiku-20240307	```json { "brands": [] }
	```json { "brands": [] }

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 07:31:09 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9738057625334444
Encrypted:	false
SSDEEP:	48:83K0dATkkQHUidAKZdA1oehwiZUklqeh1y+3:86rv+ey
MD5:	1E7552A999A5C0EA1C559A3C108A1AAB
SHA1:	058C14AC5974C3F1D080029D9564DC2B31A25017
SHA-256:	5EE5FC538AA76E1FD0BC584281A6487D3E8AA360031845818B0161E7F95A98CD
SHA-512:	8A39C94C018DD6EB582B09C2C8F6925D91A1FDF7E02BEF46A411A3B9CCEA9B0BDEA4EC7AD52BE73DA5C3C349715FEB50046AF5F508EADAB167C0402E61C90941
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....2G\|..%..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.IXY.C....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VXY.C....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VXY.C....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VXY.C..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VXY.C...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........p.v^.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 07:31:09 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.989359812261501
Encrypted:	false
SSDEEP:	48:8O0dATkkQHUidAKZdA1leh/iZUkAQkqehOy+2:8Orv89QLy
MD5:	2A8057138D2502390763BEC13D597FF2
SHA1:	FACC73194A46320F2AD45E53DFF6F4B71A65C441
SHA-256:	DE37EBD0050DD09E73281DCFA01AE6AC408FB21BCA7848C526F4F2E1B0547935
SHA-512:	215331BBA69B084CF897AE348D75BCFCD9802AABE264EEED79B0FDA850AD764B09CB115AAA9AFCA48221AD143525D1402DBAFAEFBD5ECB1FB4C9D2A69EE01913
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......m..%..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.IXY.C....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VXY.C....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VXY.C....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VXY.C..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VXY.C...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........p.v^.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:00:51 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.001813525871888
Encrypted:	false
SSDEEP:	48:8J0dATkkbHUidAKZdA14t5eh7sFiZUkmgqeh7sky+BX:8Jrv1nCy
MD5:	C362B2A900D80D2B9BCA74DEF143022C
SHA1:	EA2EC480248EAE8601CEF769F562AE6BB1FB1FD3
SHA-256:	9375EA208DDAF900F7AD7AA2FA81232E42F8CA7ECE56D8237FAA6F5E2EC57D02
SHA-512:	4938064A7BBC54B65A76261A62D7D4FB74D272546B36A42C82D0BC67497D58B3E6B7BF8003B56B425472286125C04D500B917A0650C06763A12087AFCBC61228
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....C..b...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.IXY.C....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VXY.C....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VXY.C....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VXY.C..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VEW.@...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........p.v^.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 07:31:09 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.987515873721074
Encrypted:	false
SSDEEP:	48:8Ah0dATkkQHUidAKZdA16ehDiZUkwqehKy+R:8QrvXsy
MD5:	12EF7BDDBF6BF4A004CB04BFDD394E82
SHA1:	62F94719192757FFB3DA0BA3521E5F03413F12DB
SHA-256:	4597663B5FFEC3E79F0217087723A192A5F5E83BC97E571BB3011E12AA5EBBAD
SHA-512:	0BF2F9FAC3808AE75B0541A9EB472320C4E016B13CAF1929E4F25E109FD54484037FC62F20D7E5D20987B33DF8CE9AB75E57676CFD181CD472C9EEE73C8A4EA4
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....u.f..%..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.IXY.C....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VXY.C....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VXY.C....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VXY.C..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VXY.C...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........p.v^.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 07:31:09 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9760126092304366
Encrypted:	false
SSDEEP:	48:8/0dATkkQHUidAKZdA1UehBiZUk1W1qehIy+C:8/rvH9oy
MD5:	B1F7D4B806F263FD0CAD44CC0DBF7E62
SHA1:	55AED507EE90CF90F6BB33A669A71E656EB89BCF
SHA-256:	9C5E66C766A3891A64FAA409A86B04058916E011FE82426951002A41D1FA01CF
SHA-512:	545306C11A0ECA1E7B26F122801A341F4D0C401A6DD3E14630F83A3F03559920E5876C2A648E9E740BCA495D4282128225CBF457A8A1772EEFF9E4B60822BD94
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....ks..%..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.IXY.C....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VXY.C....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VXY.C....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VXY.C..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VXY.C...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........p.v^.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 07:31:08 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.9860577310105603
Encrypted:	false
SSDEEP:	48:8h0dATkkQHUidAKZdA1duTrehOuTbbiZUk5OjqehOuTbCy+yT+:8hrvQTYTbxWOvTbCy7T
MD5:	2D945F05DFDF65AF79E79FC354D5A407
SHA1:	B888269E1B5D9838B84A498BB31A20E495335FAA
SHA-256:	9C2DD22432D7E8A0463E84FE307FFD3D7BF169F061E1536A8577D02B73ADDC30
SHA-512:	767EAF647BF47E9859D6FBDF5546FDD2069B2DF58012AF255F972BD0D66A72C1E82E82ABF9B9B3AC802B24FB574FDF094F5865EA35F0DF8633B60B29A21B56D4
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....Y.Y..%..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.IXY.C....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VXY.C....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VXY.C....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VXY.C..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VXY.C...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........p.v^.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 117

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	291
Entropy (8bit):	4.477778146874743
Encrypted:	false
SSDEEP:	6:qzxUsjMR1X96b2+Ubghxc8le3rn9MGzMd4aa6++Oix9qD:kxBMR1knUkhGXpPoa6++3xMD
MD5:	F0C66914A58FC74FC98A7C9BB4C288F2
SHA1:	3E0E43F567138623CABFF91C14100D144AC56949
SHA-256:	54E173BE753D03B2C163CEBBEE02BE7F4BDC1D6663154D4D60A3833F7BA3436B
SHA-512:	7AEDAEBA112D43E2B2FF845355199A11A141D637C0306155BE2356AE297DF118D2C0D2768D44C35A1D89841DB428E95686E29E9D15DEADF4233F3713893514BF
Malicious:	false
Reputation:	low
URL:	https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiHjX8DoCw-2F6wUeQ27RvG2-2F-2FyOCUgAe-2BapJJCrwiDoubXwxmIHQZ2do2nzugRpbj8sUFd6CN1kXQoK6DZheR-2FZcSl-2BG8nPyiUMp-2BXnWxSbhgmy-2FWwzycK19XehhV0HHwb0m9518omDv25WdhbqkS8HDJ2-2Fg-2F3DdJp1feIpcvm97HbFBOMr-2Fk21r9f0CAx8zbwI3YI4bGZHfv9umE%20completed
Preview:	<html><head><title>Wrong Link</title></head><body><h1>Wrong Link</h1><p>You have clicked on an invalid link. Please make sure that you have typed the link correctly. If are copying this link from a mail reader please ensure that you have copied all the lines in the link.</p></body></html>

Chrome Cache Entry: 118

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	564
Entropy (8bit):	4.72971822420855
Encrypted:	false
SSDEEP:	12:TjeRHdHiHZdtklI5r8INGlTF5TF5TF5TF5TF5TFK:neRH988DTPTPTPTPTPTc
MD5:	8E325DC2FEA7C8900FC6C4B8C6C394FE
SHA1:	1B3291D4EEA179C84145B2814CB53E6A506EC201
SHA-256:	0B52C5338AF355699530A47683420E48C7344E779D3E815FF9943CBFDC153CF2
SHA-512:	084C608F1F860FB08EF03B155658EA9988B3628D3C0F0E9561FDFF930E5912004CDDBCC43B1FA90C21FE7F5A481AC47C64B8CAA066C2BDF3CF533E152BF96C14
Malicious:	false
Reputation:	low
URL:	https://email.sg.on24event.com/favicon.ico
Preview:	<html>..<head><title>404 Not Found</title></head>..<body bgcolor="white">..<center><h1>404 Not Found</h1></center>..<hr><center>nginx</center>..</body>..</html>.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->..

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 24, 2024 10:30:58.996138096 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:58.996161938 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:58.996252060 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:58.996509075 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:58.998137951 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:58.998148918 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:58.998351097 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:58.998358965 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:58.998421907 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:58.999442101 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.000310898 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.000855923 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.001485109 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.001653910 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.001893997 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.005728006 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.006387949 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.006807089 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.006907940 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.007179022 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.132561922 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.132594109 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.133409023 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.133831024 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.133852005 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.133889914 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.133889914 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.134241104 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.134290934 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.134463072 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.137649059 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.138269901 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.139069080 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.139215946 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.139538050 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.143017054 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.143843889 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.144370079 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.144542933 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.144817114 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.270072937 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.271187067 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.271337032 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.271600008 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.271658897 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.271718979 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.271883965 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.272074938 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.272139072 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.272910118 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.277369976 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.277431011 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.277890921 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.278141022 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.278237104 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.282879114 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.283724070 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.404689074 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.409292936 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.409320116 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.409379005 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.409859896 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.410135984 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.410265923 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.410379887 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.410432100 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.410439014 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.410701990 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.411336899 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.412766933 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.413260937 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.413739920 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.415553093 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.417582035 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.418122053 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.418554068 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.419048071 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.422903061 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.541888952 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.544545889 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.544574976 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.544979095 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.545187950 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.545456886 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.547543049 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.547543049 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.547740936 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.549228907 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.549520969 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.550190926 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.551345110 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.553035975 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.553106070 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.553114891 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.556716919 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.677228928 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.679646969 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.680469036 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.680511951 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.680524111 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.680542946 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.680579901 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.681067944 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.681118011 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.682681084 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.685092926 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.691469908 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.692272902 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.692353010 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.692682981 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.697813034 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.698520899 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.699309111 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.811980009 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.815335035 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.820910931 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.824830055 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.824846983 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.824856997 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.825160980 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.825944901 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.826019049 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.826029062 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.826075077 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.826075077 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.834144115 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.834654093 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.835464954 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.835464954 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.840198040 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.841254950 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.947185040 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.949953079 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.966960907 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.967047930 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.967148066 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.984805107 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.985222101 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.985275030 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.986330032 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.986418009 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.988648891 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.989373922 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:30:59.992321968 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:30:59.995294094 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:00.082140923 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:00.085067034 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:00.118830919 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:00.118982077 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:00.119060040 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:00.119121075 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:00.119962931 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:00.120047092 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:00.121644020 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:00.126029015 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:00.128477097 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:00.128591061 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:00.129494905 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:00.134071112 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:00.135032892 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:00.217521906 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:00.223956108 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:00.257884979 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:00.260114908 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:00.260234118 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:00.261183023 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:00.261502981 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:00.261514902 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:00.261589050 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:00.264902115 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:00.267071962 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:00.268722057 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:00.271461964 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:00.272388935 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:00.276887894 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:00.355933905 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:00.359766960 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:00.397094965 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:00.398464918 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:00.398662090 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:00.399591923 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:00.400500059 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:00.401360035 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:00.402506113 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:00.403666973 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:00.403799057 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:00.405575991 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:00.406707048 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:00.410926104 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:00.491883039 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:00.492558956 CEST	49676	443	192.168.2.8	52.182.143.211
Oct 24, 2024 10:31:00.494703054 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:00.531229973 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:00.533869028 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:00.533914089 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:00.534065008 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:00.534336090 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:00.534646034 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:00.536031008 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:00.536287069 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:00.537101030 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:00.537172079 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:00.538955927 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:00.541496992 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:00.544363022 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:00.626295090 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:00.629420996 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:00.665972948 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:00.667798996 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:00.667813063 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:00.667928934 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:00.668442011 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:00.668520927 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:00.669013977 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:00.670097113 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:00.670264959 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:00.670335054 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:00.670645952 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:00.672245979 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:00.677198887 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:00.679228067 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:00.761473894 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:00.764523029 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:00.802376986 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:00.803467989 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:00.803503990 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:00.803544044 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:00.804785967 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:00.804822922 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:00.805197954 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:00.805329084 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:00.805520058 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:00.806586981 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:00.807214022 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:00.811217070 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:00.812614918 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:00.896424055 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:00.899324894 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:00.937618971 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:00.937635899 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:00.937709093 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:00.938421965 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:00.938436031 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:00.938494921 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:00.938570023 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:00.940771103 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:00.941077948 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:00.941432953 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:00.941627979 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:00.947145939 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:00.947529078 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.073508978 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.075649023 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.075704098 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.075777054 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.076226950 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.076277018 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.076299906 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.076705933 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.079111099 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.079653978 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.079862118 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.080199957 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.084671974 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.085233927 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.127156973 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.209223986 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.211251974 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.211333036 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.211713076 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.211880922 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.211990118 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.211990118 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.212961912 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.212975025 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.213165045 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.214099884 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.214922905 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.215205908 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.215612888 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.217351913 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.219482899 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.220298052 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.220571041 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.220954895 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.344007015 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.345766068 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.345865011 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.347121954 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.347171068 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.347340107 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.347562075 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.347980976 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.348036051 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.348041058 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.348083973 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.348630905 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.350756884 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.351509094 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.352283001 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.352952003 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.354024887 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.356024981 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.356913090 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.357831955 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.479281902 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.480134964 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.480209112 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.482194901 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.483025074 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.483036041 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.483105898 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.483753920 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.483824968 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.509413004 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.511529922 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.512321949 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.512934923 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.515933990 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.517501116 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.517743111 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.518497944 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.519061089 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.523753881 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.647809982 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.647833109 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.648030996 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.648972988 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.648984909 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.649064064 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.649070978 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.649494886 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.649564981 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.654123068 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.654123068 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.655595064 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.656261921 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.656544924 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.659559011 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.661052942 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.661900043 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.662529945 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.758219004 CEST	49671	443	192.168.2.8	204.79.197.203
Oct 24, 2024 10:31:01.786355972 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.786380053 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.786506891 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.786528111 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.787436962 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.787570000 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.789243937 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.789259911 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.789273977 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.789338112 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.790113926 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.790174961 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.791071892 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.792475939 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.792891026 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.796096087 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.796335936 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.797998905 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.798194885 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.923227072 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.923248053 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.923263073 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.923295975 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.923325062 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.923410892 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.923434019 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.925751925 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.925775051 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.925879955 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.925894022 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.925901890 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.925931931 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.933562040 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.933624029 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.934582949 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.934726000 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.935724974 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:01.938957930 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.939054012 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.939863920 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.940005064 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:01.941170931 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:02.065426111 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:02.065444946 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:02.065485954 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:02.065505981 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:02.066478014 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:02.066488981 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:02.066519976 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:02.066606998 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:02.066648006 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:02.067683935 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:02.072242975 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:02.073298931 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:02.074414968 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:02.077675104 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:02.078640938 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:02.079788923 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:02.080996990 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:02.086311102 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:02.101963997 CEST	49677	80	192.168.2.8	192.229.211.108
Oct 24, 2024 10:31:02.204344988 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:02.205346107 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:02.205488920 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:02.206300974 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:02.212481022 CEST	443	49704	13.107.253.45	192.168.2.8
Oct 24, 2024 10:31:02.212588072 CEST	49704	443	192.168.2.8	13.107.253.45
Oct 24, 2024 10:31:02.523808956 CEST	49673	443	192.168.2.8	23.206.229.226
Oct 24, 2024 10:31:02.883337975 CEST	49672	443	192.168.2.8	23.206.229.226
Oct 24, 2024 10:31:09.455212116 CEST	49711	443	192.168.2.8	199.83.44.68
Oct 24, 2024 10:31:09.455260038 CEST	443	49711	199.83.44.68	192.168.2.8
Oct 24, 2024 10:31:09.455498934 CEST	49711	443	192.168.2.8	199.83.44.68
Oct 24, 2024 10:31:09.455879927 CEST	49712	443	192.168.2.8	199.83.44.68
Oct 24, 2024 10:31:09.455918074 CEST	443	49712	199.83.44.68	192.168.2.8
Oct 24, 2024 10:31:09.455996990 CEST	49712	443	192.168.2.8	199.83.44.68
Oct 24, 2024 10:31:09.456538916 CEST	49711	443	192.168.2.8	199.83.44.68
Oct 24, 2024 10:31:09.456567049 CEST	443	49711	199.83.44.68	192.168.2.8
Oct 24, 2024 10:31:09.456830025 CEST	49712	443	192.168.2.8	199.83.44.68
Oct 24, 2024 10:31:09.456846952 CEST	443	49712	199.83.44.68	192.168.2.8
Oct 24, 2024 10:31:10.160953999 CEST	49676	443	192.168.2.8	52.182.143.211
Oct 24, 2024 10:31:10.301383972 CEST	443	49712	199.83.44.68	192.168.2.8
Oct 24, 2024 10:31:10.323249102 CEST	443	49711	199.83.44.68	192.168.2.8
Oct 24, 2024 10:31:10.346060038 CEST	49712	443	192.168.2.8	199.83.44.68
Oct 24, 2024 10:31:10.355257988 CEST	49712	443	192.168.2.8	199.83.44.68
Oct 24, 2024 10:31:10.355274916 CEST	443	49712	199.83.44.68	192.168.2.8
Oct 24, 2024 10:31:10.356524944 CEST	443	49712	199.83.44.68	192.168.2.8
Oct 24, 2024 10:31:10.356625080 CEST	49712	443	192.168.2.8	199.83.44.68
Oct 24, 2024 10:31:10.357556105 CEST	49711	443	192.168.2.8	199.83.44.68
Oct 24, 2024 10:31:10.357584953 CEST	443	49711	199.83.44.68	192.168.2.8
Oct 24, 2024 10:31:10.358724117 CEST	443	49711	199.83.44.68	192.168.2.8
Oct 24, 2024 10:31:10.358833075 CEST	49711	443	192.168.2.8	199.83.44.68
Oct 24, 2024 10:31:10.363368988 CEST	49712	443	192.168.2.8	199.83.44.68
Oct 24, 2024 10:31:10.363553047 CEST	443	49712	199.83.44.68	192.168.2.8
Oct 24, 2024 10:31:10.363661051 CEST	49712	443	192.168.2.8	199.83.44.68
Oct 24, 2024 10:31:10.363672018 CEST	443	49712	199.83.44.68	192.168.2.8
Oct 24, 2024 10:31:10.365411043 CEST	49711	443	192.168.2.8	199.83.44.68
Oct 24, 2024 10:31:10.365506887 CEST	443	49711	199.83.44.68	192.168.2.8
Oct 24, 2024 10:31:10.405759096 CEST	49712	443	192.168.2.8	199.83.44.68
Oct 24, 2024 10:31:10.406586885 CEST	49711	443	192.168.2.8	199.83.44.68
Oct 24, 2024 10:31:10.406608105 CEST	443	49711	199.83.44.68	192.168.2.8
Oct 24, 2024 10:31:10.455655098 CEST	49711	443	192.168.2.8	199.83.44.68
Oct 24, 2024 10:31:10.586325884 CEST	443	49712	199.83.44.68	192.168.2.8
Oct 24, 2024 10:31:10.617742062 CEST	443	49712	199.83.44.68	192.168.2.8
Oct 24, 2024 10:31:10.617814064 CEST	49712	443	192.168.2.8	199.83.44.68
Oct 24, 2024 10:31:10.618236065 CEST	49712	443	192.168.2.8	199.83.44.68
Oct 24, 2024 10:31:10.618251085 CEST	443	49712	199.83.44.68	192.168.2.8
Oct 24, 2024 10:31:10.684583902 CEST	49711	443	192.168.2.8	199.83.44.68
Oct 24, 2024 10:31:10.731334925 CEST	443	49711	199.83.44.68	192.168.2.8
Oct 24, 2024 10:31:10.890944958 CEST	443	49711	199.83.44.68	192.168.2.8
Oct 24, 2024 10:31:10.921624899 CEST	443	49711	199.83.44.68	192.168.2.8
Oct 24, 2024 10:31:10.921688080 CEST	49711	443	192.168.2.8	199.83.44.68
Oct 24, 2024 10:31:10.922461033 CEST	49711	443	192.168.2.8	199.83.44.68
Oct 24, 2024 10:31:10.922483921 CEST	443	49711	199.83.44.68	192.168.2.8
Oct 24, 2024 10:31:12.124712944 CEST	49673	443	192.168.2.8	23.206.229.226
Oct 24, 2024 10:31:12.384393930 CEST	49715	443	192.168.2.8	172.217.18.4
Oct 24, 2024 10:31:12.384437084 CEST	443	49715	172.217.18.4	192.168.2.8
Oct 24, 2024 10:31:12.384505987 CEST	49715	443	192.168.2.8	172.217.18.4
Oct 24, 2024 10:31:12.384854078 CEST	49715	443	192.168.2.8	172.217.18.4
Oct 24, 2024 10:31:12.384870052 CEST	443	49715	172.217.18.4	192.168.2.8
Oct 24, 2024 10:31:12.484077930 CEST	49672	443	192.168.2.8	23.206.229.226
Oct 24, 2024 10:31:12.717484951 CEST	49716	443	192.168.2.8	184.28.90.27
Oct 24, 2024 10:31:12.717529058 CEST	443	49716	184.28.90.27	192.168.2.8
Oct 24, 2024 10:31:12.718008995 CEST	49716	443	192.168.2.8	184.28.90.27
Oct 24, 2024 10:31:12.719966888 CEST	49716	443	192.168.2.8	184.28.90.27
Oct 24, 2024 10:31:12.719988108 CEST	443	49716	184.28.90.27	192.168.2.8
Oct 24, 2024 10:31:12.735497952 CEST	49677	80	192.168.2.8	192.229.211.108
Oct 24, 2024 10:31:13.249557972 CEST	443	49715	172.217.18.4	192.168.2.8
Oct 24, 2024 10:31:13.250153065 CEST	49715	443	192.168.2.8	172.217.18.4
Oct 24, 2024 10:31:13.250173092 CEST	443	49715	172.217.18.4	192.168.2.8
Oct 24, 2024 10:31:13.251230955 CEST	443	49715	172.217.18.4	192.168.2.8
Oct 24, 2024 10:31:13.251302004 CEST	49715	443	192.168.2.8	172.217.18.4
Oct 24, 2024 10:31:13.252392054 CEST	49715	443	192.168.2.8	172.217.18.4
Oct 24, 2024 10:31:13.252455950 CEST	443	49715	172.217.18.4	192.168.2.8
Oct 24, 2024 10:31:13.297390938 CEST	49715	443	192.168.2.8	172.217.18.4
Oct 24, 2024 10:31:13.297409058 CEST	443	49715	172.217.18.4	192.168.2.8
Oct 24, 2024 10:31:13.344280005 CEST	49715	443	192.168.2.8	172.217.18.4
Oct 24, 2024 10:31:13.564354897 CEST	443	49716	184.28.90.27	192.168.2.8
Oct 24, 2024 10:31:13.564429998 CEST	49716	443	192.168.2.8	184.28.90.27
Oct 24, 2024 10:31:13.566940069 CEST	49716	443	192.168.2.8	184.28.90.27
Oct 24, 2024 10:31:13.566951036 CEST	443	49716	184.28.90.27	192.168.2.8
Oct 24, 2024 10:31:13.567262888 CEST	443	49716	184.28.90.27	192.168.2.8
Oct 24, 2024 10:31:13.602492094 CEST	49459	53	192.168.2.8	1.1.1.1
Oct 24, 2024 10:31:13.608191013 CEST	53	49459	1.1.1.1	192.168.2.8
Oct 24, 2024 10:31:13.608264923 CEST	49459	53	192.168.2.8	1.1.1.1
Oct 24, 2024 10:31:13.608300924 CEST	49459	53	192.168.2.8	1.1.1.1
Oct 24, 2024 10:31:13.608886003 CEST	49716	443	192.168.2.8	184.28.90.27
Oct 24, 2024 10:31:13.613780975 CEST	53	49459	1.1.1.1	192.168.2.8
Oct 24, 2024 10:31:13.651341915 CEST	443	49716	184.28.90.27	192.168.2.8
Oct 24, 2024 10:31:13.851027966 CEST	443	49716	184.28.90.27	192.168.2.8
Oct 24, 2024 10:31:13.851109982 CEST	443	49716	184.28.90.27	192.168.2.8
Oct 24, 2024 10:31:13.851244926 CEST	49716	443	192.168.2.8	184.28.90.27
Oct 24, 2024 10:31:13.851310968 CEST	49716	443	192.168.2.8	184.28.90.27
Oct 24, 2024 10:31:13.851336002 CEST	443	49716	184.28.90.27	192.168.2.8
Oct 24, 2024 10:31:13.851361990 CEST	49716	443	192.168.2.8	184.28.90.27
Oct 24, 2024 10:31:13.851367950 CEST	443	49716	184.28.90.27	192.168.2.8
Oct 24, 2024 10:31:13.894659996 CEST	49460	443	192.168.2.8	184.28.90.27
Oct 24, 2024 10:31:13.894716978 CEST	443	49460	184.28.90.27	192.168.2.8
Oct 24, 2024 10:31:13.894817114 CEST	49460	443	192.168.2.8	184.28.90.27
Oct 24, 2024 10:31:13.895131111 CEST	49460	443	192.168.2.8	184.28.90.27
Oct 24, 2024 10:31:13.895159960 CEST	443	49460	184.28.90.27	192.168.2.8
Oct 24, 2024 10:31:14.226429939 CEST	53	49459	1.1.1.1	192.168.2.8
Oct 24, 2024 10:31:14.227127075 CEST	49459	53	192.168.2.8	1.1.1.1
Oct 24, 2024 10:31:14.233066082 CEST	53	49459	1.1.1.1	192.168.2.8
Oct 24, 2024 10:31:14.233134031 CEST	49459	53	192.168.2.8	1.1.1.1
Oct 24, 2024 10:31:14.271533012 CEST	443	49705	23.206.229.226	192.168.2.8
Oct 24, 2024 10:31:14.271753073 CEST	49705	443	192.168.2.8	23.206.229.226
Oct 24, 2024 10:31:14.747345924 CEST	443	49460	184.28.90.27	192.168.2.8
Oct 24, 2024 10:31:14.747430086 CEST	49460	443	192.168.2.8	184.28.90.27
Oct 24, 2024 10:31:14.748886108 CEST	49460	443	192.168.2.8	184.28.90.27
Oct 24, 2024 10:31:14.748899937 CEST	443	49460	184.28.90.27	192.168.2.8
Oct 24, 2024 10:31:14.749149084 CEST	443	49460	184.28.90.27	192.168.2.8
Oct 24, 2024 10:31:14.750292063 CEST	49460	443	192.168.2.8	184.28.90.27
Oct 24, 2024 10:31:14.795336962 CEST	443	49460	184.28.90.27	192.168.2.8
Oct 24, 2024 10:31:15.003797054 CEST	443	49460	184.28.90.27	192.168.2.8
Oct 24, 2024 10:31:15.003868103 CEST	443	49460	184.28.90.27	192.168.2.8
Oct 24, 2024 10:31:15.004654884 CEST	49460	443	192.168.2.8	184.28.90.27
Oct 24, 2024 10:31:15.005014896 CEST	49460	443	192.168.2.8	184.28.90.27
Oct 24, 2024 10:31:15.005014896 CEST	49460	443	192.168.2.8	184.28.90.27
Oct 24, 2024 10:31:15.005042076 CEST	443	49460	184.28.90.27	192.168.2.8
Oct 24, 2024 10:31:15.005055904 CEST	443	49460	184.28.90.27	192.168.2.8
Oct 24, 2024 10:31:23.267275095 CEST	443	49715	172.217.18.4	192.168.2.8
Oct 24, 2024 10:31:23.267352104 CEST	443	49715	172.217.18.4	192.168.2.8
Oct 24, 2024 10:31:23.270242929 CEST	49715	443	192.168.2.8	172.217.18.4
Oct 24, 2024 10:31:24.378047943 CEST	49715	443	192.168.2.8	172.217.18.4
Oct 24, 2024 10:31:24.378073931 CEST	443	49715	172.217.18.4	192.168.2.8
Oct 24, 2024 10:31:51.406383991 CEST	49703	80	192.168.2.8	93.184.221.240
Oct 24, 2024 10:31:51.412261009 CEST	80	49703	93.184.221.240	192.168.2.8
Oct 24, 2024 10:31:51.412321091 CEST	49703	80	192.168.2.8	93.184.221.240
Oct 24, 2024 10:32:12.450697899 CEST	49466	443	192.168.2.8	142.250.185.196
Oct 24, 2024 10:32:12.450757980 CEST	443	49466	142.250.185.196	192.168.2.8
Oct 24, 2024 10:32:12.450829983 CEST	49466	443	192.168.2.8	142.250.185.196
Oct 24, 2024 10:32:12.451141119 CEST	49466	443	192.168.2.8	142.250.185.196
Oct 24, 2024 10:32:12.451160908 CEST	443	49466	142.250.185.196	192.168.2.8
Oct 24, 2024 10:32:13.307938099 CEST	443	49466	142.250.185.196	192.168.2.8
Oct 24, 2024 10:32:13.308267117 CEST	49466	443	192.168.2.8	142.250.185.196
Oct 24, 2024 10:32:13.308291912 CEST	443	49466	142.250.185.196	192.168.2.8
Oct 24, 2024 10:32:13.308783054 CEST	443	49466	142.250.185.196	192.168.2.8
Oct 24, 2024 10:32:13.309257984 CEST	49466	443	192.168.2.8	142.250.185.196
Oct 24, 2024 10:32:13.309364080 CEST	443	49466	142.250.185.196	192.168.2.8
Oct 24, 2024 10:32:13.359791040 CEST	49466	443	192.168.2.8	142.250.185.196
Oct 24, 2024 10:32:23.298949003 CEST	443	49466	142.250.185.196	192.168.2.8
Oct 24, 2024 10:32:23.299021006 CEST	443	49466	142.250.185.196	192.168.2.8
Oct 24, 2024 10:32:23.299211025 CEST	49466	443	192.168.2.8	142.250.185.196

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 24, 2024 10:31:08.150413990 CEST	53	61977	1.1.1.1	192.168.2.8
Oct 24, 2024 10:31:08.153297901 CEST	53	56041	1.1.1.1	192.168.2.8
Oct 24, 2024 10:31:09.430855036 CEST	61313	53	192.168.2.8	1.1.1.1
Oct 24, 2024 10:31:09.431216002 CEST	49398	53	192.168.2.8	1.1.1.1
Oct 24, 2024 10:31:09.452116966 CEST	53	61313	1.1.1.1	192.168.2.8
Oct 24, 2024 10:31:09.454057932 CEST	53	49398	1.1.1.1	192.168.2.8
Oct 24, 2024 10:31:09.548458099 CEST	53	52945	1.1.1.1	192.168.2.8
Oct 24, 2024 10:31:12.376136065 CEST	58773	53	192.168.2.8	1.1.1.1
Oct 24, 2024 10:31:12.376327991 CEST	65387	53	192.168.2.8	1.1.1.1
Oct 24, 2024 10:31:12.383503914 CEST	53	65387	1.1.1.1	192.168.2.8
Oct 24, 2024 10:31:12.383522034 CEST	53	58773	1.1.1.1	192.168.2.8
Oct 24, 2024 10:31:13.602092981 CEST	53	52219	1.1.1.1	192.168.2.8
Oct 24, 2024 10:31:50.927354097 CEST	138	138	192.168.2.8	192.168.2.255
Oct 24, 2024 10:32:07.583723068 CEST	53	50101	1.1.1.1	192.168.2.8
Oct 24, 2024 10:32:12.440958977 CEST	57485	53	192.168.2.8	1.1.1.1
Oct 24, 2024 10:32:12.441350937 CEST	59109	53	192.168.2.8	1.1.1.1
Oct 24, 2024 10:32:12.448293924 CEST	53	57485	1.1.1.1	192.168.2.8
Oct 24, 2024 10:32:12.449599028 CEST	53	59109	1.1.1.1	192.168.2.8

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 24, 2024 10:31:09.430855036 CEST	192.168.2.8	1.1.1.1	0xb5fb	Standard query (0)	email.sg.on24event.com	A (IP address)	IN (0x0001)	false
Oct 24, 2024 10:31:09.431216002 CEST	192.168.2.8	1.1.1.1	0x51a9	Standard query (0)	email.sg.on24event.com	65	IN (0x0001)	false
Oct 24, 2024 10:31:12.376136065 CEST	192.168.2.8	1.1.1.1	0x82d7	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 24, 2024 10:31:12.376327991 CEST	192.168.2.8	1.1.1.1	0xe6ab	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 24, 2024 10:32:12.440958977 CEST	192.168.2.8	1.1.1.1	0x64de	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 24, 2024 10:32:12.441350937 CEST	192.168.2.8	1.1.1.1	0x83d6	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 24, 2024 10:31:09.452116966 CEST	1.1.1.1	192.168.2.8	0xb5fb	No error (0)	email.sg.on24event.com	r-email.sg.on24event.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 24, 2024 10:31:09.452116966 CEST	1.1.1.1	192.168.2.8	0xb5fb	No error (0)	r-email.sg.on24event.com		199.83.44.68	A (IP address)	IN (0x0001)	false
Oct 24, 2024 10:31:09.454057932 CEST	1.1.1.1	192.168.2.8	0x51a9	No error (0)	email.sg.on24event.com	r-email.sg.on24event.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 24, 2024 10:31:12.383503914 CEST	1.1.1.1	192.168.2.8	0xe6ab	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 24, 2024 10:31:12.383522034 CEST	1.1.1.1	192.168.2.8	0x82d7	No error (0)	www.google.com		172.217.18.4	A (IP address)	IN (0x0001)	false
Oct 24, 2024 10:31:23.221323013 CEST	1.1.1.1	192.168.2.8	0x1ace	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 24, 2024 10:31:23.221323013 CEST	1.1.1.1	192.168.2.8	0x1ace	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Oct 24, 2024 10:32:12.448293924 CEST	1.1.1.1	192.168.2.8	0x64de	No error (0)	www.google.com		142.250.185.196	A (IP address)	IN (0x0001)	false
Oct 24, 2024 10:32:12.449599028 CEST	1.1.1.1	192.168.2.8	0x83d6	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 24, 2024 10:32:20.934526920 CEST	1.1.1.1	192.168.2.8	0x7ac8	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 24, 2024 10:32:20.934526920 CEST	1.1.1.1	192.168.2.8	0x7ac8	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

email.sg.on24event.com

https:

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.8	49712	199.83.44.68	443	7160	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-24 08:31:10 UTC	965	OUT	GET /ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiHjX8DoCw-2F6wUeQ27RvG2-2F-2FyOCUgAe-2BapJJCrwiDoubXwxmIHQZ2do2nzugRpbj8sUFd6CN1kXQoK6DZheR-2FZcSl-2BG8nPyiUMp-2BXnWxSbhgmy-2FWwzycK19XehhV0HHwb0m9518omDv25WdhbqkS8HDJ2-2Fg-2F3DdJp1feIpcvm97HbFBOMr-2Fk21r9f0CAx8zbwI3YI4bGZHfv9umE%20completed HTTP/1.1 Host: email.sg.on24event.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-24 08:31:10 UTC	193	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Thu, 24 Oct 2024 08:31:10 GMT Content-Type: text/html; charset=utf-8 Content-Length: 291 Connection: close X-Robots-Tag: noindex, nofollow
2024-10-24 08:31:10 UTC	291	IN	Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 57 72 6f 6e 67 20 4c 69 6e 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 57 72 6f 6e 67 20 4c 69 6e 6b 3c 2f 68 31 3e 3c 70 3e 59 6f 75 20 68 61 76 65 20 63 6c 69 63 6b 65 64 20 6f 6e 20 61 6e 20 69 6e 76 61 6c 69 64 20 6c 69 6e 6b 2e 20 20 50 6c 65 61 73 65 20 6d 61 6b 65 20 73 75 72 65 20 74 68 61 74 20 79 6f 75 20 68 61 76 65 20 74 79 70 65 64 20 74 68 65 20 6c 69 6e 6b 20 63 6f 72 72 65 63 74 6c 79 2e 20 20 49 66 20 61 72 65 20 63 6f 70 79 69 6e 67 20 74 68 69 73 20 6c 69 6e 6b 20 66 72 6f 6d 20 61 20 6d 61 69 6c 20 72 65 61 64 65 72 20 70 6c 65 61 73 65 20 65 6e 73 75 72 65 20 74 68 61 74 20 79 6f 75 20 68 61 76 65 20 63 6f 70 69 65 64 20 61 6c 6c 20 74 68 65 20 Data Ascii: <html><head><title>Wrong Link</title></head><body><h1>Wrong Link</h1><p>You have clicked on an invalid link. Please make sure that you have typed the link correctly. If are copying this link from a mail reader please ensure that you have copied all the

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.8	49711	199.83.44.68	443	7160	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-24 08:31:10 UTC	900	OUT	GET /favicon.ico HTTP/1.1 Host: email.sg.on24event.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiHjX8DoCw-2F6wUeQ27RvG2-2F-2FyOCUgAe-2BapJJCrwiDoubXwxmIHQZ2do2nzugRpbj8sUFd6CN1kXQoK6DZheR-2FZcSl-2BG8nPyiUMp-2BXnWxSbhgmy-2FWwzycK19XehhV0HHwb0m9518omDv25WdhbqkS8HDJ2-2Fg-2F3DdJp1feIpcvm97HbFBOMr-2Fk21r9f0CAx8zbwI3YI4bGZHfv9umE%20completed Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-24 08:31:10 UTC	143	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 24 Oct 2024 08:31:10 GMT Content-Type: text/html Content-Length: 564 Connection: close
2024-10-24 08:31:10 UTC	564	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.8	49716	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 08:31:13 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-24 08:31:13 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF70) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=29633 Date: Thu, 24 Oct 2024 08:31:13 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.8	49460	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 08:31:14 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-24 08:31:15 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=29712 Date: Thu, 24 Oct 2024 08:31:14 GMT Content-Length: 55 Connection: close X-CID: 2
2024-10-24 08:31:15 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 5280, Parent PID: 1500

General

Target ID:	0
Start time:	04:31:02
Start date:	24/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff678760000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 7160, Parent PID: 5280

General

Target ID:	2
Start time:	04:31:06
Start date:	24/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1900,i,1981889510303664643,3109297267778171361,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff678760000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6884, Parent PID: 1500

General

Target ID:	3
Start time:	04:31:08
Start date:	24/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiHjX8DoCw-2F6wUeQ27RvG2-2F-2FyOCUgAe-2BapJJCrwiDoubXwxmIHQZ2do2nzugRpbj8sUFd6CN1kXQoK6DZheR-2FZcSl-2BG8nPyiUMp-2BXnWxSbhgmy-2FWwzycK19XehhV0HHwb0m9518omDv25WdhbqkS8HDJ2-2Fg-2F3DdJp1feIpcvm97HbFBOMr-2Fk21r9f0CAx8zbwI3YI4bGZHfv9umE%20completed"
Imagebase:	0x7ff678760000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 117

Chrome Cache Entry: 118

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 5280, Parent PID: 1500

General

Chronological Activities

Analysis Process: chrome.exePID: 7160, Parent PID: 5280

General

Chronological Activities

Analysis Process: chrome.exePID: 6884, Parent PID: 1500