Edit tour

Windows Analysis Report
https://x.3seq.com/wp-content/uploads/2023/10/4.png

Overview

General Information

Sample URL:	https://x.3seq.com/wp-content/uploads/2023/10/4.png
Analysis ID:	1366971
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Creates files inside the system directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 1748 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 352 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=2000,i,12641965270428627891,14806553762081753421,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6368 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "https://x.3seq.com/wp-content/uploads/2023/10/4.png MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

• AV Detection
• Phishing
• Compliance
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://x.3seq.com/wp-content/uploads/2023/10/4.png

Avira URL Cloud: detection malicious, Label: malware

Antivirus detection for URL or domain

Source: https://x.3seq.com/wp-content/uploads/2023/09/cropped-55-1-32x32.png	Avira URL Cloud: Label: malware
Source: https://x.3seq.com/favicon.ico	Avira URL Cloud: Label: malware

Source: https://x.3seq.com/wp-content/uploads/2023/10/4.png

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 104.88.196.112:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.88.196.112:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.4:49749 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 104.88.196.112
Source: unknown	TCP traffic detected without corresponding DNS query: 104.88.196.112
Source: unknown	TCP traffic detected without corresponding DNS query: 104.88.196.112
Source: unknown	TCP traffic detected without corresponding DNS query: 104.88.196.112
Source: unknown	TCP traffic detected without corresponding DNS query: 104.88.196.112
Source: unknown	TCP traffic detected without corresponding DNS query: 104.88.196.112
Source: unknown	TCP traffic detected without corresponding DNS query: 104.88.196.112
Source: unknown	TCP traffic detected without corresponding DNS query: 104.88.196.112
Source: unknown	TCP traffic detected without corresponding DNS query: 104.88.196.112
Source: unknown	TCP traffic detected without corresponding DNS query: 104.88.196.112
Source: unknown	TCP traffic detected without corresponding DNS query: 104.88.196.112
Source: unknown	TCP traffic detected without corresponding DNS query: 104.88.196.112
Source: unknown	TCP traffic detected without corresponding DNS query: 104.88.196.112
Source: unknown	TCP traffic detected without corresponding DNS query: 104.88.196.112
Source: unknown	TCP traffic detected without corresponding DNS query: 104.88.196.112
Source: unknown	TCP traffic detected without corresponding DNS query: 104.88.196.112
Source: unknown	TCP traffic detected without corresponding DNS query: 104.88.196.112
Source: unknown	TCP traffic detected without corresponding DNS query: 104.88.196.112
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 208.111.136.128
Source: unknown	TCP traffic detected without corresponding DNS query: 208.111.136.128
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-117.0.5938.132Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2023/10/4.png HTTP/1.1Host: x.3seq.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: x.3seq.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://x.3seq.com/wp-content/uploads/2023/10/4.pngAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2023/09/cropped-55-1-32x32.png HTTP/1.1Host: x.3seq.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://x.3seq.com/wp-content/uploads/2023/10/4.pngAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2023/09/cropped-55-1-32x32.png HTTP/1.1Host: x.3seq.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=bRTMA1eeGlrB4fp&MD=H1yek7X9 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=bRTMA1eeGlrB4fp&MD=H1yek7X9 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: unknown

DNS traffic detected: queries for: clients2.google.com

Source: unknown

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 104.88.196.112:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.88.196.112:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.4:49749 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_BITS_1748_2117395670

Jump to behavior

Source: classification engine

Classification label: mal56.win@16/3@12/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=2000,i,12641965270428627891,14806553762081753421,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "https://x.3seq.com/wp-content/uploads/2023/10/4.png
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=2000,i,12641965270428627891,14806553762081753421,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact	Resource Development	Reconnaissance
Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Abuse Accessibility Features	Acquire Infrastructure	Gather Victim Identity Information
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	3 Non-Application Layer Protocol	SIM Card Swap	Obtain Device Cloud Backups	Network Denial of Service	Domains	Credentials
Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	4 Application Layer Protocol			Data Encrypted for Impact	DNS Server	Email Addresses
Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Traffic Duplication	1 Ingress Tool Transfer			Data Destruction	Virtual Private Server	Employee Names

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://x.3seq.com/wp-content/uploads/2023/10/4.png	100%	Avira URL Cloud	malware
https://x.3seq.com/wp-content/uploads/2023/10/4.png	4%	Virustotal		Browse

Source	Detection	Scanner	Label	Link
https://x.3seq.com/wp-content/uploads/2023/09/cropped-55-1-32x32.png	100%	Avira URL Cloud	malware
https://x.3seq.com/favicon.ico	100%	Avira URL Cloud	malware

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
accounts.google.com	192.178.50.45	true	false	high
www.google.com	142.250.217.228	true	false	high
clients.l.google.com	142.250.217.238	true	false	high
x.3seq.com	172.67.182.99	true	false	unknown
clients2.google.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1	false		high
https://x.3seq.com/wp-content/uploads/2023/10/4.png	true		unknown
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false		high
https://x.3seq.com/favicon.ico	false	Avira URL Cloud: malware	unknown
https://x.3seq.com/wp-content/uploads/2023/09/cropped-55-1-32x32.png	false	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
192.178.50.45	accounts.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.217.228	www.google.com	United States	15169	GOOGLEUS	false
142.250.217.238	clients.l.google.com	United States	15169	GOOGLEUS	false
172.67.182.99	x.3seq.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	38.0.0 Ammolite
Analysis ID:	1366971
Start date and time:	2023-12-26 06:40:06 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 45s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://x.3seq.com/wp-content/uploads/2023/10/4.png
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.win@16/3@12/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 192.178.50.35, 34.104.35.123, 72.21.81.240, 192.229.211.108, 142.250.189.131
Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	1627
Entropy (8bit):	7.817574423703537
Encrypted:	false
SSDEEP:	48:8KiSLFojpBUQdF8ZKCqiQa8/mMAXzeKn1jrmq:+SLF2fT8Y9iEAKKdmq
MD5:	7FFBD59F33AE70B0219F6A4641FE9F3B
SHA1:	DC481CB678578E4FE6318FA175EFFAD95687F3BE
SHA-256:	4C2BDF75D1F3B982B730458AA6F6A4F9DCA2D8ECE8CC13739C98D6B84E6C8059
SHA-512:	20A0EB8F80B42A20DBE73545A119B39031ED5D2CCCE964B219DF184D421E7B8A9F9B6D08323F6EE781D9C6B44AD6C87C27C763AEEAC1BC36882ECB13D62715CB
Malicious:	false
Reputation:	low
URL:	https://x.3seq.com/wp-content/uploads/2023/09/cropped-55-1-32x32.png
Preview:	.PNG........IHDR... ... .....szz...."IDATX..]h.....3.3...l...Ic>H.I.......>.ZE..7.p..A.QA......"X)>.T.A.A..XH.z.I..&1..7...Wvw>}.....$...3....?...#L.b..........0.."L.b............ I(..ZW..C.....].SM..$.....i.U..<.....B..>.(.3gP.QD..A..pm..R..d...#.[....P^[..9..I....FO\|...=...K..t}7i.p]..)'.$'&X..S....... ..O.f...Z...M....P\\d..u...8.j...#.z....A..z..c.j..TX....H~~..;(.0V.Diyy.6EA.$.H....J~~..0.....4.<.<...?xv].-...l\|.5..q...v...(.\..S.0...mm.......:w.oG.}.>....z.{kko...Q"..5...,_.F..M.r.v...jEKg'v...NSZZ".....]O=E.O.}.2.d..>..N.....t}7ynn../.Lrb.....T~..%......^\X`.....o`.r.>......M.m..K...n..T..w...O{.\ec.9.D.F...&...\..........Oc......V...W............o"....I6.q......6..uq...1...\|.k....J$.....O..X..b..[......l.`g...r....v..J.u........M.3.Y.QD?r.1..Z%w.6..(.q.,.R...,Zo/..?...K.h...A@...P.l..`.JH....w@.s.....&./.....q.?.....b...%4.YZ....=.c..n.<..X.............Vq*..P...8./..o`.......k,Dv....?$p.$.s...............>.uh...Q..\|.cs.A.......A.pL...Bs.

Chrome Cache Entry: 42

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 727 x 462, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	640145
Entropy (8bit):	7.985563548902399
Encrypted:	false
SSDEEP:	12288:0zBVNl4WqK8zjR8g3Nj9ZSVugqeOzAXv44ckNXLnOvJUqdF8P:0zBV7uV8SXSgPeOzolNXLnOvmqD8P
MD5:	79406349031C73C3954ABB2CBC1D39C5
SHA1:	BC8FFA547D76A0CD3AFB1F5BF7DE7BC6B2B0F3BA
SHA-256:	856ED252D6B813EE6DDD44398D8FFA8A040DA5579496C82516BE51AB33EE5EBE
SHA-512:	FD93022383C2E8AAF5EE7C8AFFFEFAA53123B3851CAA3DD517BE99E43C9AC2DB8BD75D474298E5C8BAC08674F76017000FDB438AE8EA75253CACD3EB42DD16B3
Malicious:	false
Reputation:	low
URL:	https://x.3seq.com/wp-content/uploads/2023/10/4.png
Preview:	.PNG........IHDR....................pHYs..........+.... .IDATx....\.....zf.-..Y23K.l1$GF.3333ff$....m.......V......D.._w..W....7.=g.......C.w.n..0y .s@e...D.N...#.T6.........5.".[....\.[..xN.9#P....%9z^t.........:Kr...x..Sb..<&o..+G2C..P,7.N....Z...[fp.. 8..~.3l.. fo..K@p.?......i.Ee.m~.-.u.u......RX}..K.......[n..!.R...b..H}f@.T.....y..C......^..Om.h.B.].w..N..).sq,.:......ka.F..c...[..,P.z...".~.^.g].O...9'..s.x..t..'./.{1.f_..H.i<b.0.x.........\|0]..2.@........n.j:..+.cHkTc.o..iK....+...........{........SZ....n..r.......@....-(.. J;..7.S.h.....F".He<Z.....d.....q.-(5y%...&.[fr.....+5.....!PX.s._}Z....vJM}j....WXC9w..O.C..`v(....j.d...yW..... .X...<./].g..L-..d2.O.Op.\.q.+..:.-.\|.+V.g:.YG$k.fp.0.\|Tq..D..k...w.4g......].S=...@n....H.....N.FR..dy4V..3.X..O.]a.......Qe..V.{.&>91a.F.FOn.)...3.q.....7...p...+Q..+.l-....GR....le.bmzqh..:.X..KT.0>.X..O..Ik0..1..d.(;.9K0.s.D.[..x...S....\|t..D.._.4....Lu....SW......o.3..i{..s....

Chrome Cache Entry: 43

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1627
Entropy (8bit):	7.817574423703537
Encrypted:	false
SSDEEP:	48:8KiSLFojpBUQdF8ZKCqiQa8/mMAXzeKn1jrmq:+SLF2fT8Y9iEAKKdmq
MD5:	7FFBD59F33AE70B0219F6A4641FE9F3B
SHA1:	DC481CB678578E4FE6318FA175EFFAD95687F3BE
SHA-256:	4C2BDF75D1F3B982B730458AA6F6A4F9DCA2D8ECE8CC13739C98D6B84E6C8059
SHA-512:	20A0EB8F80B42A20DBE73545A119B39031ED5D2CCCE964B219DF184D421E7B8A9F9B6D08323F6EE781D9C6B44AD6C87C27C763AEEAC1BC36882ECB13D62715CB
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR... ... .....szz...."IDATX..]h.....3.3...l...Ic>H.I.......>.ZE..7.p..A.QA......"X)>.T.A.A..XH.z.I..&1..7...Wvw>}.....$...3....?...#L.b..........0.."L.b............ I(..ZW..C.....].SM..$.....i.U..<.....B..>.(.3gP.QD..A..pm..R..d...#.[....P^[..9..I....FO\|...=...K..t}7i.p]..)'.$'&X..S....... ..O.f...Z...M....P\\d..u...8.j...#.z....A..z..c.j..TX....H~~..;(.0V.Diyy.6EA.$.H....J~~..0.....4.<.<...?xv].-...l\|.5..q...v...(.\..S.0...mm.......:w.oG.}.>....z.{kko...Q"..5...,_.F..M.r.v...jEKg'v...NSZZ".....]O=E.O.}.2.d..>..N.....t}7ynn../.Lrb.....T~..%......^\X`.....o`.r.>......M.m..K...n..T..w...O{.\ec.9.D.F...&...\..........Oc......V...W............o"....I6.q......6..uq...1...\|.k....J$.....O..X..b..[......l.`g...r....v..J.u........M.3.Y.QD?r.1..Z%w.6..(.q.,.R...,Zo/..?...K.h...A@...P.l..`.JH....w@.s.....&./.....q.?.....b...%4.YZ....=.c..n.<..X.............Vq*..P...8./..o`.......k,Dv....?$p.$.s...............>.uh...Q..\|.cs.A.......A.pL...Bs.

Total Packets: 246
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 26, 2023 06:40:48.399714947 CET	49678	443	192.168.2.4	104.46.162.224
Dec 26, 2023 06:40:48.884047031 CET	49675	443	192.168.2.4	173.222.162.32
Dec 26, 2023 06:40:53.607964039 CET	49730	443	192.168.2.4	142.250.217.238
Dec 26, 2023 06:40:53.608016968 CET	443	49730	142.250.217.238	192.168.2.4
Dec 26, 2023 06:40:53.608072996 CET	49730	443	192.168.2.4	142.250.217.238
Dec 26, 2023 06:40:53.609379053 CET	49730	443	192.168.2.4	142.250.217.238
Dec 26, 2023 06:40:53.609394073 CET	443	49730	142.250.217.238	192.168.2.4
Dec 26, 2023 06:40:53.964314938 CET	443	49730	142.250.217.238	192.168.2.4
Dec 26, 2023 06:40:53.964610100 CET	49730	443	192.168.2.4	142.250.217.238
Dec 26, 2023 06:40:53.964646101 CET	443	49730	142.250.217.238	192.168.2.4
Dec 26, 2023 06:40:53.965013981 CET	443	49730	142.250.217.238	192.168.2.4
Dec 26, 2023 06:40:53.965076923 CET	49730	443	192.168.2.4	142.250.217.238
Dec 26, 2023 06:40:53.965991974 CET	443	49730	142.250.217.238	192.168.2.4
Dec 26, 2023 06:40:53.966047049 CET	49730	443	192.168.2.4	142.250.217.238
Dec 26, 2023 06:40:53.967046022 CET	49730	443	192.168.2.4	142.250.217.238
Dec 26, 2023 06:40:53.967107058 CET	443	49730	142.250.217.238	192.168.2.4
Dec 26, 2023 06:40:53.967327118 CET	49730	443	192.168.2.4	142.250.217.238
Dec 26, 2023 06:40:53.967335939 CET	443	49730	142.250.217.238	192.168.2.4
Dec 26, 2023 06:40:54.007970095 CET	49730	443	192.168.2.4	142.250.217.238
Dec 26, 2023 06:40:54.355495930 CET	443	49730	142.250.217.238	192.168.2.4
Dec 26, 2023 06:40:54.355644941 CET	443	49730	142.250.217.238	192.168.2.4
Dec 26, 2023 06:40:54.355701923 CET	49730	443	192.168.2.4	142.250.217.238
Dec 26, 2023 06:40:54.356758118 CET	49730	443	192.168.2.4	142.250.217.238
Dec 26, 2023 06:40:54.356775045 CET	443	49730	142.250.217.238	192.168.2.4
Dec 26, 2023 06:40:54.567924976 CET	49733	443	192.168.2.4	192.178.50.45
Dec 26, 2023 06:40:54.567943096 CET	443	49733	192.178.50.45	192.168.2.4
Dec 26, 2023 06:40:54.568025112 CET	49733	443	192.168.2.4	192.178.50.45
Dec 26, 2023 06:40:54.568483114 CET	49733	443	192.168.2.4	192.178.50.45
Dec 26, 2023 06:40:54.568496943 CET	443	49733	192.178.50.45	192.168.2.4
Dec 26, 2023 06:40:55.088665962 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.088679075 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.088764906 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.089138031 CET	49735	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.089162111 CET	443	49735	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.089214087 CET	49735	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.089479923 CET	49735	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.089493036 CET	443	49735	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.089703083 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.089716911 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.267956018 CET	443	49733	192.178.50.45	192.168.2.4
Dec 26, 2023 06:40:55.268297911 CET	49733	443	192.168.2.4	192.178.50.45
Dec 26, 2023 06:40:55.268310070 CET	443	49733	192.178.50.45	192.168.2.4
Dec 26, 2023 06:40:55.269328117 CET	443	49733	192.178.50.45	192.168.2.4
Dec 26, 2023 06:40:55.269392967 CET	49733	443	192.168.2.4	192.178.50.45
Dec 26, 2023 06:40:55.270324945 CET	49733	443	192.168.2.4	192.178.50.45
Dec 26, 2023 06:40:55.270387888 CET	443	49733	192.178.50.45	192.168.2.4
Dec 26, 2023 06:40:55.270556927 CET	49733	443	192.168.2.4	192.178.50.45
Dec 26, 2023 06:40:55.270565033 CET	443	49733	192.178.50.45	192.168.2.4
Dec 26, 2023 06:40:55.319870949 CET	49733	443	192.168.2.4	192.178.50.45
Dec 26, 2023 06:40:55.370419025 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.370663881 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.370671988 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.371136904 CET	443	49735	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.371300936 CET	49735	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.371309042 CET	443	49735	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.371705055 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.371762037 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.372293949 CET	443	49735	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.372373104 CET	49735	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.372880936 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.372953892 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.373122931 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.373131990 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.373260021 CET	49735	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.373326063 CET	443	49735	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.416277885 CET	49735	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.416279078 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.416285038 CET	443	49735	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.463198900 CET	49735	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.670162916 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.670228958 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.670262098 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.670281887 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.670294046 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.670331001 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.670336008 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.670344114 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.670387983 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.670393944 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.670634031 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.670669079 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.670675993 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.670681953 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.670721054 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.670941114 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.671017885 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.671049118 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.671056986 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.671066046 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.671113014 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.671895027 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.671955109 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.671992064 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.671997070 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.672007084 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.672039032 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.672044992 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.672317982 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.672358036 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.672363997 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.672398090 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.672432899 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.672439098 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.672657013 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.672691107 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.672700882 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.672708035 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.672749043 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.672756910 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.673124075 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.673166037 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.673171997 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.673202991 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.673239946 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.673243999 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.673255920 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.673293114 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.673297882 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.673599958 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.673629045 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.673648119 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.673655033 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.673691034 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.673692942 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.673700094 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.673736095 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.673877001 CET	443	49733	192.178.50.45	192.168.2.4
Dec 26, 2023 06:40:55.673935890 CET	49733	443	192.168.2.4	192.178.50.45
Dec 26, 2023 06:40:55.673940897 CET	443	49733	192.178.50.45	192.168.2.4
Dec 26, 2023 06:40:55.674047947 CET	443	49733	192.178.50.45	192.168.2.4
Dec 26, 2023 06:40:55.674087048 CET	49733	443	192.168.2.4	192.178.50.45
Dec 26, 2023 06:40:55.676136971 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.676184893 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.676209927 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.676230907 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.676239967 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.676279068 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.676554918 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.676604986 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.684417963 CET	49733	443	192.168.2.4	192.178.50.45
Dec 26, 2023 06:40:55.684426069 CET	443	49733	192.178.50.45	192.168.2.4
Dec 26, 2023 06:40:55.823569059 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.823681116 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.824135065 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.824177027 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.824208021 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.824254036 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.824618101 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.824668884 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.956331015 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.956404924 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.956422091 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.956429958 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.956474066 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.957561016 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.957626104 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.958889961 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.958956957 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.959048986 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.959089994 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.959104061 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.959112883 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.959127903 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.959129095 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.959147930 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.959153891 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.959178925 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.959844112 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.959878922 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.959898949 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.959906101 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.959929943 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.959995031 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.960033894 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.960042953 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.960052013 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.960079908 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.960081100 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.960119009 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.960120916 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.960129976 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.960165977 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.960170031 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.960180998 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.960211039 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.960212946 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.960217953 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.960225105 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.960252047 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.960262060 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.960315943 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.960319042 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.960325003 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.960360050 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.960364103 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.960371017 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.960407972 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.960412979 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.960427046 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.960460901 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.960467100 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.960474968 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.960505962 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.960521936 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.960536003 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.960570097 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.960575104 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.960582018 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.960607052 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.960630894 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.960711956 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:55.960755110 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:55.962315083 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.074148893 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.074219942 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.074228048 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.074235916 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.074275017 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.074508905 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.074563026 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.077600002 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.077671051 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.077761889 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.077822924 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.084503889 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.084585905 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.084702015 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.084750891 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.090200901 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.090234041 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.090266943 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.090277910 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.090291023 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.090828896 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.090876102 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.090883017 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.090931892 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.091203928 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.091258049 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.091479063 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.091535091 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.092462063 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.092504025 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.092533112 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.092539072 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.092552900 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.094366074 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.094384909 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.094430923 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.094439983 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.094464064 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.097759962 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.097778082 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.097839117 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.097846985 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.098998070 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.099013090 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.099092007 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.099100113 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.104624033 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.104640007 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.104722977 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.104729891 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.105827093 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.105844021 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.105916977 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.105925083 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.107415915 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.107430935 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.107502937 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.107511997 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.112445116 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.112462044 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.112521887 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.112529039 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.112544060 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.114105940 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.114120007 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.114177942 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.114187002 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.136673927 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.136689901 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.136781931 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.136795044 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.139338970 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.139354944 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.139437914 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.139446974 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.145425081 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.145440102 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.145508051 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.145515919 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.149539948 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.149555922 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.149612904 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.149620056 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.149650097 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.158762932 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.158797979 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.158873081 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.158879042 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.159997940 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.160017014 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.160223007 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.160231113 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.215104103 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.347367048 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.347387075 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.347424984 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.347464085 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.347517967 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.347688913 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.347724915 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.347773075 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.347779989 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.347790003 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.347805977 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.347815037 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.347821951 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.347846985 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.347862959 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.347877026 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.347877979 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.347891092 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.347914934 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.347946882 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.347949982 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.347958088 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.347979069 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.348002911 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.348011017 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.348025084 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.348038912 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.348037958 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.348037958 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.348052979 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.348073006 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.348114014 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.348119974 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.348135948 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.348181009 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.348187923 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.348222017 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.359569073 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.400403023 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.400422096 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.400520086 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.400527000 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.400568008 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.401166916 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.401184082 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.401247025 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.401253939 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.401298046 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.402556896 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.402573109 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.402642012 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.402648926 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.402688980 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.403135061 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.403152943 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.403181076 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.403208017 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.403214931 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.403239965 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.403260946 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.403264999 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.403306007 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.403343916 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.403567076 CET	49734	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.403574944 CET	443	49734	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:56.438661098 CET	49735	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:56.480742931 CET	443	49735	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:57.128252029 CET	443	49735	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:57.128321886 CET	443	49735	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:57.128381014 CET	49735	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:57.132678032 CET	49735	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:57.132689953 CET	443	49735	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:57.139311075 CET	49738	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:57.139364958 CET	443	49738	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:57.139492989 CET	49738	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:57.143030882 CET	49738	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:57.143049955 CET	443	49738	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:57.413124084 CET	443	49738	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:57.413393021 CET	49738	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:57.413425922 CET	443	49738	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:57.413733006 CET	443	49738	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:57.414233923 CET	49738	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:57.414293051 CET	443	49738	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:57.414417028 CET	49738	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:57.460741043 CET	443	49738	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:57.729825974 CET	443	49738	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:57.729856968 CET	443	49738	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:57.729906082 CET	49738	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:57.729909897 CET	443	49738	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:57.729979992 CET	49738	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:57.730850935 CET	49738	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:57.730868101 CET	443	49738	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:57.946281910 CET	49739	443	192.168.2.4	142.250.217.228
Dec 26, 2023 06:40:57.946305990 CET	443	49739	142.250.217.228	192.168.2.4
Dec 26, 2023 06:40:57.946367025 CET	49739	443	192.168.2.4	142.250.217.228
Dec 26, 2023 06:40:57.946928978 CET	49739	443	192.168.2.4	142.250.217.228
Dec 26, 2023 06:40:57.946940899 CET	443	49739	142.250.217.228	192.168.2.4
Dec 26, 2023 06:40:57.978826046 CET	49740	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:57.978854895 CET	443	49740	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:57.978967905 CET	49740	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:57.979466915 CET	49740	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:57.979479074 CET	443	49740	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:58.264058113 CET	443	49740	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:58.264799118 CET	49740	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:58.264813900 CET	443	49740	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:58.265805960 CET	443	49740	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:58.265887022 CET	49740	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:58.266999006 CET	49740	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:58.267057896 CET	443	49740	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:58.267597914 CET	49740	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:58.267605066 CET	443	49740	172.67.182.99	192.168.2.4
Dec 26, 2023 06:40:58.319258928 CET	49740	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:40:58.340954065 CET	443	49739	142.250.217.228	192.168.2.4
Dec 26, 2023 06:40:58.341218948 CET	49739	443	192.168.2.4	142.250.217.228
Dec 26, 2023 06:40:58.341228008 CET	443	49739	142.250.217.228	192.168.2.4
Dec 26, 2023 06:40:58.342092037 CET	443	49739	142.250.217.228	192.168.2.4
Dec 26, 2023 06:40:58.342160940 CET	49739	443	192.168.2.4	142.250.217.228
Dec 26, 2023 06:40:58.343322039 CET	49739	443	192.168.2.4	142.250.217.228
Dec 26, 2023 06:40:58.343372107 CET	443	49739	142.250.217.228	192.168.2.4
Dec 26, 2023 06:40:58.354223013 CET	49741	443	192.168.2.4	104.88.196.112
Dec 26, 2023 06:40:58.354249001 CET	443	49741	104.88.196.112	192.168.2.4
Dec 26, 2023 06:40:58.354314089 CET	49741	443	192.168.2.4	104.88.196.112
Dec 26, 2023 06:40:58.357165098 CET	49741	443	192.168.2.4	104.88.196.112
Dec 26, 2023 06:40:58.357175112 CET	443	49741	104.88.196.112	192.168.2.4
Dec 26, 2023 06:40:58.397414923 CET	49739	443	192.168.2.4	142.250.217.228
Dec 26, 2023 06:40:58.397419930 CET	443	49739	142.250.217.228	192.168.2.4
Dec 26, 2023 06:40:58.444278002 CET	49739	443	192.168.2.4	142.250.217.228
Dec 26, 2023 06:40:58.620230913 CET	443	49741	104.88.196.112	192.168.2.4
Dec 26, 2023 06:40:58.620325089 CET	49741	443	192.168.2.4	104.88.196.112
Dec 26, 2023 06:40:58.624663115 CET	49741	443	192.168.2.4	104.88.196.112
Dec 26, 2023 06:40:58.624670982 CET	443	49741	104.88.196.112	192.168.2.4
Dec 26, 2023 06:40:58.624948978 CET	443	49741	104.88.196.112	192.168.2.4
Dec 26, 2023 06:40:58.678647041 CET	49741	443	192.168.2.4	104.88.196.112
Dec 26, 2023 06:40:58.714150906 CET	49741	443	192.168.2.4	104.88.196.112
Dec 26, 2023 06:40:58.756746054 CET	443	49741	104.88.196.112	192.168.2.4
Dec 26, 2023 06:40:58.864801884 CET	443	49741	104.88.196.112	192.168.2.4
Dec 26, 2023 06:40:58.864860058 CET	443	49741	104.88.196.112	192.168.2.4
Dec 26, 2023 06:40:58.864972115 CET	49741	443	192.168.2.4	104.88.196.112
Dec 26, 2023 06:40:58.865145922 CET	49741	443	192.168.2.4	104.88.196.112
Dec 26, 2023 06:40:58.865160942 CET	443	49741	104.88.196.112	192.168.2.4
Dec 26, 2023 06:40:58.865170002 CET	49741	443	192.168.2.4	104.88.196.112
Dec 26, 2023 06:40:58.865175962 CET	443	49741	104.88.196.112	192.168.2.4
Dec 26, 2023 06:40:58.902677059 CET	49742	443	192.168.2.4	104.88.196.112
Dec 26, 2023 06:40:58.902698994 CET	443	49742	104.88.196.112	192.168.2.4
Dec 26, 2023 06:40:58.902796030 CET	49742	443	192.168.2.4	104.88.196.112
Dec 26, 2023 06:40:58.903259993 CET	49742	443	192.168.2.4	104.88.196.112
Dec 26, 2023 06:40:58.903273106 CET	443	49742	104.88.196.112	192.168.2.4
Dec 26, 2023 06:40:59.167953014 CET	443	49742	104.88.196.112	192.168.2.4
Dec 26, 2023 06:40:59.168056011 CET	49742	443	192.168.2.4	104.88.196.112
Dec 26, 2023 06:40:59.169235945 CET	49742	443	192.168.2.4	104.88.196.112
Dec 26, 2023 06:40:59.169241905 CET	443	49742	104.88.196.112	192.168.2.4
Dec 26, 2023 06:40:59.169446945 CET	443	49742	104.88.196.112	192.168.2.4
Dec 26, 2023 06:40:59.170578003 CET	49742	443	192.168.2.4	104.88.196.112
Dec 26, 2023 06:40:59.216743946 CET	443	49742	104.88.196.112	192.168.2.4
Dec 26, 2023 06:40:59.431534052 CET	443	49742	104.88.196.112	192.168.2.4
Dec 26, 2023 06:40:59.431623936 CET	443	49742	104.88.196.112	192.168.2.4
Dec 26, 2023 06:40:59.431678057 CET	49742	443	192.168.2.4	104.88.196.112
Dec 26, 2023 06:40:59.433866024 CET	49742	443	192.168.2.4	104.88.196.112
Dec 26, 2023 06:40:59.433873892 CET	443	49742	104.88.196.112	192.168.2.4
Dec 26, 2023 06:41:00.892549038 CET	443	49740	172.67.182.99	192.168.2.4
Dec 26, 2023 06:41:00.947180033 CET	49740	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:41:00.947199106 CET	443	49740	172.67.182.99	192.168.2.4
Dec 26, 2023 06:41:00.993968010 CET	49740	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:41:01.426378012 CET	443	49740	172.67.182.99	192.168.2.4
Dec 26, 2023 06:41:01.426486969 CET	443	49740	172.67.182.99	192.168.2.4
Dec 26, 2023 06:41:01.426537991 CET	49740	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:41:01.426767111 CET	49740	443	192.168.2.4	172.67.182.99
Dec 26, 2023 06:41:01.426781893 CET	443	49740	172.67.182.99	192.168.2.4
Dec 26, 2023 06:41:08.370145082 CET	443	49739	142.250.217.228	192.168.2.4
Dec 26, 2023 06:41:08.370223999 CET	443	49739	142.250.217.228	192.168.2.4
Dec 26, 2023 06:41:08.370275021 CET	49739	443	192.168.2.4	142.250.217.228
Dec 26, 2023 06:41:09.843960047 CET	49739	443	192.168.2.4	142.250.217.228
Dec 26, 2023 06:41:09.843976974 CET	443	49739	142.250.217.228	192.168.2.4
Dec 26, 2023 06:41:10.325788021 CET	49743	443	192.168.2.4	52.165.165.26
Dec 26, 2023 06:41:10.325809956 CET	443	49743	52.165.165.26	192.168.2.4
Dec 26, 2023 06:41:10.325896025 CET	49743	443	192.168.2.4	52.165.165.26
Dec 26, 2023 06:41:10.327655077 CET	49743	443	192.168.2.4	52.165.165.26
Dec 26, 2023 06:41:10.327667952 CET	443	49743	52.165.165.26	192.168.2.4
Dec 26, 2023 06:41:10.898544073 CET	443	49743	52.165.165.26	192.168.2.4
Dec 26, 2023 06:41:10.898722887 CET	49743	443	192.168.2.4	52.165.165.26
Dec 26, 2023 06:41:10.903203011 CET	49743	443	192.168.2.4	52.165.165.26
Dec 26, 2023 06:41:10.903208017 CET	443	49743	52.165.165.26	192.168.2.4
Dec 26, 2023 06:41:10.903405905 CET	443	49743	52.165.165.26	192.168.2.4
Dec 26, 2023 06:41:10.945317984 CET	49743	443	192.168.2.4	52.165.165.26
Dec 26, 2023 06:41:11.449199915 CET	49743	443	192.168.2.4	52.165.165.26
Dec 26, 2023 06:41:11.496732950 CET	443	49743	52.165.165.26	192.168.2.4
Dec 26, 2023 06:41:11.837739944 CET	443	49743	52.165.165.26	192.168.2.4
Dec 26, 2023 06:41:11.837776899 CET	443	49743	52.165.165.26	192.168.2.4
Dec 26, 2023 06:41:11.837784052 CET	443	49743	52.165.165.26	192.168.2.4
Dec 26, 2023 06:41:11.837793112 CET	443	49743	52.165.165.26	192.168.2.4
Dec 26, 2023 06:41:11.837833881 CET	443	49743	52.165.165.26	192.168.2.4
Dec 26, 2023 06:41:11.837847948 CET	49743	443	192.168.2.4	52.165.165.26
Dec 26, 2023 06:41:11.837862968 CET	443	49743	52.165.165.26	192.168.2.4
Dec 26, 2023 06:41:11.837879896 CET	49743	443	192.168.2.4	52.165.165.26
Dec 26, 2023 06:41:11.837888002 CET	443	49743	52.165.165.26	192.168.2.4
Dec 26, 2023 06:41:11.837902069 CET	49743	443	192.168.2.4	52.165.165.26
Dec 26, 2023 06:41:11.837907076 CET	443	49743	52.165.165.26	192.168.2.4
Dec 26, 2023 06:41:11.837938070 CET	443	49743	52.165.165.26	192.168.2.4
Dec 26, 2023 06:41:11.837939024 CET	49743	443	192.168.2.4	52.165.165.26
Dec 26, 2023 06:41:11.837956905 CET	49743	443	192.168.2.4	52.165.165.26
Dec 26, 2023 06:41:11.837985039 CET	49743	443	192.168.2.4	52.165.165.26
Dec 26, 2023 06:41:12.521522999 CET	49743	443	192.168.2.4	52.165.165.26
Dec 26, 2023 06:41:12.521533966 CET	443	49743	52.165.165.26	192.168.2.4
Dec 26, 2023 06:41:12.521567106 CET	49743	443	192.168.2.4	52.165.165.26
Dec 26, 2023 06:41:12.521572113 CET	443	49743	52.165.165.26	192.168.2.4
Dec 26, 2023 06:41:17.907881021 CET	80	49723	208.111.136.128	192.168.2.4
Dec 26, 2023 06:41:17.908149004 CET	49723	80	192.168.2.4	208.111.136.128
Dec 26, 2023 06:41:17.908149004 CET	49723	80	192.168.2.4	208.111.136.128
Dec 26, 2023 06:41:18.033996105 CET	80	49723	208.111.136.128	192.168.2.4
Dec 26, 2023 06:41:49.013194084 CET	49749	443	192.168.2.4	40.68.123.157
Dec 26, 2023 06:41:49.013214111 CET	443	49749	40.68.123.157	192.168.2.4
Dec 26, 2023 06:41:49.013288021 CET	49749	443	192.168.2.4	40.68.123.157
Dec 26, 2023 06:41:49.014336109 CET	49749	443	192.168.2.4	40.68.123.157
Dec 26, 2023 06:41:49.014348984 CET	443	49749	40.68.123.157	192.168.2.4
Dec 26, 2023 06:41:51.492538929 CET	443	49749	40.68.123.157	192.168.2.4
Dec 26, 2023 06:41:51.492746115 CET	49749	443	192.168.2.4	40.68.123.157
Dec 26, 2023 06:41:51.495982885 CET	49749	443	192.168.2.4	40.68.123.157
Dec 26, 2023 06:41:51.495990038 CET	443	49749	40.68.123.157	192.168.2.4
Dec 26, 2023 06:41:51.496193886 CET	443	49749	40.68.123.157	192.168.2.4
Dec 26, 2023 06:41:51.507277012 CET	49749	443	192.168.2.4	40.68.123.157
Dec 26, 2023 06:41:51.552745104 CET	443	49749	40.68.123.157	192.168.2.4
Dec 26, 2023 06:41:52.451548100 CET	443	49749	40.68.123.157	192.168.2.4
Dec 26, 2023 06:41:52.451585054 CET	443	49749	40.68.123.157	192.168.2.4
Dec 26, 2023 06:41:52.451630116 CET	443	49749	40.68.123.157	192.168.2.4
Dec 26, 2023 06:41:52.451694965 CET	49749	443	192.168.2.4	40.68.123.157
Dec 26, 2023 06:41:52.451704025 CET	443	49749	40.68.123.157	192.168.2.4
Dec 26, 2023 06:41:52.451718092 CET	49749	443	192.168.2.4	40.68.123.157
Dec 26, 2023 06:41:52.451749086 CET	49749	443	192.168.2.4	40.68.123.157
Dec 26, 2023 06:41:52.732147932 CET	443	49749	40.68.123.157	192.168.2.4
Dec 26, 2023 06:41:52.732156038 CET	443	49749	40.68.123.157	192.168.2.4
Dec 26, 2023 06:41:52.732186079 CET	443	49749	40.68.123.157	192.168.2.4
Dec 26, 2023 06:41:52.732233047 CET	443	49749	40.68.123.157	192.168.2.4
Dec 26, 2023 06:41:52.732239962 CET	49749	443	192.168.2.4	40.68.123.157
Dec 26, 2023 06:41:52.732281923 CET	49749	443	192.168.2.4	40.68.123.157
Dec 26, 2023 06:41:52.732368946 CET	49749	443	192.168.2.4	40.68.123.157
Dec 26, 2023 06:41:52.732383966 CET	443	49749	40.68.123.157	192.168.2.4
Dec 26, 2023 06:41:52.732403994 CET	49749	443	192.168.2.4	40.68.123.157
Dec 26, 2023 06:41:52.732408047 CET	443	49749	40.68.123.157	192.168.2.4
Dec 26, 2023 06:41:57.969372988 CET	49751	443	192.168.2.4	142.250.217.228
Dec 26, 2023 06:41:57.969398022 CET	443	49751	142.250.217.228	192.168.2.4
Dec 26, 2023 06:41:57.969476938 CET	49751	443	192.168.2.4	142.250.217.228
Dec 26, 2023 06:41:57.969834089 CET	49751	443	192.168.2.4	142.250.217.228
Dec 26, 2023 06:41:57.969846964 CET	443	49751	142.250.217.228	192.168.2.4
Dec 26, 2023 06:41:58.371819973 CET	443	49751	142.250.217.228	192.168.2.4
Dec 26, 2023 06:41:58.381000996 CET	49751	443	192.168.2.4	142.250.217.228
Dec 26, 2023 06:41:58.381011963 CET	443	49751	142.250.217.228	192.168.2.4
Dec 26, 2023 06:41:58.381371021 CET	443	49751	142.250.217.228	192.168.2.4
Dec 26, 2023 06:41:58.382190943 CET	49751	443	192.168.2.4	142.250.217.228
Dec 26, 2023 06:41:58.382251978 CET	443	49751	142.250.217.228	192.168.2.4
Dec 26, 2023 06:41:58.430229902 CET	49751	443	192.168.2.4	142.250.217.228
Dec 26, 2023 06:42:07.351952076 CET	49724	80	192.168.2.4	23.219.3.49
Dec 26, 2023 06:42:07.501365900 CET	80	49724	23.219.3.49	192.168.2.4
Dec 26, 2023 06:42:07.501456976 CET	49724	80	192.168.2.4	23.219.3.49
Dec 26, 2023 06:42:08.359981060 CET	443	49751	142.250.217.228	192.168.2.4
Dec 26, 2023 06:42:08.360054970 CET	443	49751	142.250.217.228	192.168.2.4
Dec 26, 2023 06:42:08.360114098 CET	49751	443	192.168.2.4	142.250.217.228
Dec 26, 2023 06:42:09.876985073 CET	49751	443	192.168.2.4	142.250.217.228
Dec 26, 2023 06:42:09.877001047 CET	443	49751	142.250.217.228	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 26, 2023 06:40:53.416310072 CET	60278	53	192.168.2.4	1.1.1.1
Dec 26, 2023 06:40:53.416527033 CET	58908	53	192.168.2.4	1.1.1.1
Dec 26, 2023 06:40:53.417084932 CET	53893	53	192.168.2.4	1.1.1.1
Dec 26, 2023 06:40:53.417474985 CET	56031	53	192.168.2.4	1.1.1.1
Dec 26, 2023 06:40:53.454982042 CET	53	62702	1.1.1.1	192.168.2.4
Dec 26, 2023 06:40:53.568885088 CET	53	60278	1.1.1.1	192.168.2.4
Dec 26, 2023 06:40:54.429971933 CET	58722	53	192.168.2.4	1.1.1.1
Dec 26, 2023 06:40:54.430216074 CET	59743	53	192.168.2.4	1.1.1.1
Dec 26, 2023 06:40:54.525980949 CET	53	50172	1.1.1.1	192.168.2.4
Dec 26, 2023 06:40:54.567313910 CET	53	58722	1.1.1.1	192.168.2.4
Dec 26, 2023 06:40:54.567478895 CET	53	59743	1.1.1.1	192.168.2.4
Dec 26, 2023 06:40:54.929757118 CET	56413	53	192.168.2.4	1.1.1.1
Dec 26, 2023 06:40:54.930085897 CET	51958	53	192.168.2.4	1.1.1.1
Dec 26, 2023 06:40:55.056546926 CET	53	56413	1.1.1.1	192.168.2.4
Dec 26, 2023 06:40:55.099368095 CET	53	51958	1.1.1.1	192.168.2.4
Dec 26, 2023 06:40:57.808679104 CET	51524	53	192.168.2.4	1.1.1.1
Dec 26, 2023 06:40:57.808861017 CET	54947	53	192.168.2.4	1.1.1.1
Dec 26, 2023 06:40:57.815418005 CET	54201	53	192.168.2.4	1.1.1.1
Dec 26, 2023 06:40:57.815893888 CET	60844	53	192.168.2.4	1.1.1.1
Dec 26, 2023 06:40:57.944065094 CET	53	51524	1.1.1.1	192.168.2.4
Dec 26, 2023 06:40:57.944310904 CET	53	54947	1.1.1.1	192.168.2.4
Dec 26, 2023 06:40:57.954333067 CET	53	54201	1.1.1.1	192.168.2.4
Dec 26, 2023 06:40:57.977675915 CET	53	60844	1.1.1.1	192.168.2.4
Dec 26, 2023 06:41:12.696388960 CET	53	49195	1.1.1.1	192.168.2.4
Dec 26, 2023 06:41:18.938627005 CET	138	138	192.168.2.4	192.168.2.255
Dec 26, 2023 06:41:31.461082935 CET	53	60777	1.1.1.1	192.168.2.4
Dec 26, 2023 06:41:54.298054934 CET	53	56194	1.1.1.1	192.168.2.4
Dec 26, 2023 06:41:55.557117939 CET	53	62765	1.1.1.1	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Dec 26, 2023 06:40:55.099457026 CET	192.168.2.4	1.1.1.1	c229	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 26, 2023 06:40:53.416310072 CET	192.168.2.4	1.1.1.1	0xd0b7	Standard query (0)	clients2.google.com	A (IP address)	IN (0x0001)	false
Dec 26, 2023 06:40:53.416527033 CET	192.168.2.4	1.1.1.1	0x6258	Standard query (0)	clients2.google.com	65	IN (0x0001)	false
Dec 26, 2023 06:40:53.417084932 CET	192.168.2.4	1.1.1.1	0x8e26	Standard query (0)	accounts.google.com	A (IP address)	IN (0x0001)	false
Dec 26, 2023 06:40:53.417474985 CET	192.168.2.4	1.1.1.1	0x2e3a	Standard query (0)	accounts.google.com	65	IN (0x0001)	false
Dec 26, 2023 06:40:54.429971933 CET	192.168.2.4	1.1.1.1	0xb24	Standard query (0)	accounts.google.com	A (IP address)	IN (0x0001)	false
Dec 26, 2023 06:40:54.430216074 CET	192.168.2.4	1.1.1.1	0xb1a0	Standard query (0)	accounts.google.com	65	IN (0x0001)	false
Dec 26, 2023 06:40:54.929757118 CET	192.168.2.4	1.1.1.1	0xd006	Standard query (0)	x.3seq.com	A (IP address)	IN (0x0001)	false
Dec 26, 2023 06:40:54.930085897 CET	192.168.2.4	1.1.1.1	0x5bb4	Standard query (0)	x.3seq.com	65	IN (0x0001)	false
Dec 26, 2023 06:40:57.808679104 CET	192.168.2.4	1.1.1.1	0x6aae	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 26, 2023 06:40:57.808861017 CET	192.168.2.4	1.1.1.1	0x89c2	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 26, 2023 06:40:57.815418005 CET	192.168.2.4	1.1.1.1	0x10cf	Standard query (0)	x.3seq.com	A (IP address)	IN (0x0001)	false
Dec 26, 2023 06:40:57.815893888 CET	192.168.2.4	1.1.1.1	0xa203	Standard query (0)	x.3seq.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 26, 2023 06:40:53.568885088 CET	1.1.1.1	192.168.2.4	0xd0b7	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2023 06:40:53.568885088 CET	1.1.1.1	192.168.2.4	0xd0b7	No error (0)	clients.l.google.com		142.250.217.238	A (IP address)	IN (0x0001)	false
Dec 26, 2023 06:40:54.567313910 CET	1.1.1.1	192.168.2.4	0xb24	No error (0)	accounts.google.com		192.178.50.45	A (IP address)	IN (0x0001)	false
Dec 26, 2023 06:40:55.056546926 CET	1.1.1.1	192.168.2.4	0xd006	No error (0)	x.3seq.com		172.67.182.99	A (IP address)	IN (0x0001)	false
Dec 26, 2023 06:40:55.056546926 CET	1.1.1.1	192.168.2.4	0xd006	No error (0)	x.3seq.com		104.21.83.225	A (IP address)	IN (0x0001)	false
Dec 26, 2023 06:40:55.099368095 CET	1.1.1.1	192.168.2.4	0x5bb4	No error (0)	x.3seq.com			65	IN (0x0001)	false
Dec 26, 2023 06:40:57.944065094 CET	1.1.1.1	192.168.2.4	0x6aae	No error (0)	www.google.com		142.250.217.228	A (IP address)	IN (0x0001)	false
Dec 26, 2023 06:40:57.944310904 CET	1.1.1.1	192.168.2.4	0x89c2	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 26, 2023 06:40:57.954333067 CET	1.1.1.1	192.168.2.4	0x10cf	No error (0)	x.3seq.com		172.67.182.99	A (IP address)	IN (0x0001)	false
Dec 26, 2023 06:40:57.954333067 CET	1.1.1.1	192.168.2.4	0x10cf	No error (0)	x.3seq.com		104.21.83.225	A (IP address)	IN (0x0001)	false
Dec 26, 2023 06:40:57.977675915 CET	1.1.1.1	192.168.2.4	0xa203	No error (0)	x.3seq.com			65	IN (0x0001)	false

HTTP Request Dependency Graph

clients2.google.com

accounts.google.com

x.3seq.com

https:

fs.microsoft.com

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	142.250.217.238	443	352	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-26 05:40:53 UTC	752	OUT	GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1 Host: clients2.google.com Connection: keep-alive X-Goog-Update-Interactivity: fg X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda X-Goog-Update-Updater: chromecrx-117.0.5938.132 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-12-26 05:40:54 UTC	732	IN	HTTP/1.1 200 OK Content-Security-Policy: script-src 'report-sample' 'nonce-gfirvPtwHZhRd5vq6DLuCg' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 26 Dec 2023 05:40:54 GMT Content-Type: text/xml; charset=UTF-8 X-Daynum: 6202 X-Daystart: 78054 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-12-26 05:40:54 UTC	520	IN	Data Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 32 30 32 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 37 38 30 35 34 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6202" elapsed_seconds="78054"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
2023-12-26 05:40:54 UTC	200	IN	Data Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
2023-12-26 05:40:54 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49733	192.178.50.45	443	352	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-26 05:40:55 UTC	680	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
2023-12-26 05:40:55 UTC	1	OUT	Data Raw: 20 Data Ascii:
2023-12-26 05:40:55 UTC	1627	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Access-Control-Allow-Origin: https://www.google.com Access-Control-Allow-Credentials: true X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 26 Dec 2023 05:40:55 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Cross-Origin-Opener-Policy: same-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy: script-src 'report-sample' 'nonce-1rFJbHiJ3nEr-QChTc3ITA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factor=, ch-ua-platform=, ch-ua-platform-version=* Server: ESF X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-12-26 05:40:55 UTC	23	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2023-12-26 05:40:55 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49734	172.67.182.99	443	352	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-26 05:40:55 UTC	685	OUT	GET /wp-content/uploads/2023/10/4.png HTTP/1.1 Host: x.3seq.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-12-26 05:40:55 UTC	845	IN	HTTP/1.1 200 OK Date: Tue, 26 Dec 2023 05:40:55 GMT Content-Type: image/png Transfer-Encoding: chunked Connection: close vary: Accept-Encoding vary: Accept-Encoding last-modified: Fri, 20 Oct 2023 23:17:29 GMT etag: W/"65330a89-9c491" expires: Thu, 31 Dec 2037 23:55:55 GMT Cache-Control: max-age=315360000 x-cache: HIT from Backend x-xss-protection: 1; mode=block x-content-type-options: nosniff CF-Cache-Status: HIT Age: 481386 Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vaA73HLKYiiwS98MFmnxaCtwt0KKuVBnlwOdAx%2FLFn1DTq22FBpTk7PIwL%2BrZS3dd39PiPM5soN61x1f77TAPboKAQHc%2F9nH%2FKqJfj5AwJwQTQrpHBvKjXxDDvb9"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83b6fde77f2a2876-MIA alt-svc: h3=":443"; ma=86400
2023-12-26 05:40:55 UTC	524	IN	Data Raw: 37 39 37 35 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 d7 00 00 01 ce 08 02 00 00 00 dc dd b2 c4 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 20 00 49 44 41 54 78 da 9c bd f5 97 5c d7 96 e7 e9 bf a4 fa bd 7a 66 96 2d b4 98 59 32 33 4b b2 6c 31 24 47 46 06 33 33 33 33 66 66 24 b3 a4 14 83 6d 99 ed c7 85 dd d3 bd aa a7 56 cd cc 0f f3 dd e7 44 84 d2 b2 5f 77 cd ac b5 57 ac 9b 91 01 37 ce 3d 67 ef cf 86 b3 ef 03 12 9d 43 aa 77 ca 8d 6e a5 d9 ab 30 79 20 f8 73 40 65 ed 95 1a bb 44 da 4e a1 1a d2 23 d6 89 54 36 85 ce a3 b5 04 f5 f6 88 d1 19 35 b8 22 1a 5b 08 ef 12 eb 5c fd 2a 5b 97 d4 78 4e a8 39 23 50 9d e8 91 7f d6 25 39 7a 5e 74 e4 fc c0 e1 b3 fd 87 ce f4 1f 3a 4b 72 f8 ac f0 78 b7 ac 53 62 90 1a 3c 26 6f d2 1b 2b Data Ascii: 7975PNGIHDRpHYs+ IDATx\zf-Y23Kl1$GF3333ff$mVD_wW7=gCwn0y s@eDN#T65"[\*[xN9#P%9z^t:KrxSb<&o+
2023-12-26 05:40:55 UTC	1369	IN	Data Raw: 6f 9c 0f 69 4b e2 06 0c 9d 2b aa b6 87 15 16 bf d4 e8 1e d0 d9 7b 95 a6 1e b9 11 e7 83 d1 eb 53 5a fa b5 f8 ed 6e 99 c5 af 72 84 b5 ee 98 ce 13 87 e0 40 e3 8a e2 19 85 2d 28 b7 06 20 4a 3b fe 1b 37 fa 53 f6 68 c1 9f 1e 0a 17 46 22 e5 b1 48 65 3c 5a 1a 0b e7 1b ee 64 c5 1c cc e8 dd 71 95 2d 28 35 79 25 06 8f 84 26 80 5b 66 72 cb cc 1e 99 c5 2b 35 b9 c5 06 d7 80 c6 21 50 58 9a 73 ac 5f 7d 5a 00 d1 9c 1b d0 76 4a 4d 7d 6a 9b d4 1c c0 57 58 43 39 77 bc ec 4f d7 43 b9 e1 60 76 28 90 19 f4 a5 6a de 64 d5 93 a8 e0 79 57 ac e4 88 16 98 e4 20 ce 58 1e e2 8a 17 3c c9 92 2f 5d f1 67 aa fe 4c 2d 98 1d 64 32 84 4f b8 4f 70 aa 5c f8 71 eb 2b ea f8 3a f6 2d 15 7c be 2b 56 c0 67 3a a2 59 47 24 6b 0f 66 70 8d 30 ec 7c 54 71 81 f8 44 c5 a5 17 6b ed fc a2 77 8a 34 67 05 8a Data Ascii: oiK+{SZnr@-( J;7ShF"He<Zdq-(5y%&[fr+5!PXs_}ZvJM}jWXC9wOC`v(jdyW X</]gL-d2OOp\q+:-\|+Vg:YG$kfp0\|TqDkw4g
2023-12-26 05:40:55 UTC	1369	IN	Data Raw: 32 a0 ee 1a 50 f7 4a f4 62 b5 5d 69 f4 01 41 cc ee 84 c5 93 34 c3 f0 38 22 78 0b a8 a2 5f 6d ef 92 19 61 15 60 21 4e f6 2a 8e 75 4b 3f ed 10 13 88 9c 15 1e 26 fe 20 04 c1 f1 89 1e 45 a7 d4 00 4b 63 f4 24 bc b1 52 38 3d 18 cd 92 04 93 15 4f 24 6f 81 0d 83 d1 32 7a 70 32 b0 43 72 23 8c b7 4f 65 0d 40 19 41 25 c1 be 3a 42 19 18 54 2e dc 12 9b 3c 51 e8 77 0d b0 c3 ea 07 ac a8 18 7f e0 f5 10 f0 07 17 50 88 da 11 94 5b bc bf a4 10 ce 1f 6d 1c c1 25 07 88 f0 65 43 e4 c1 b8 84 0b fe c5 ad 2f 26 62 1f d3 2c f8 28 18 66 31 47 10 2c 63 a3 9b 9d 76 93 9f b8 e0 19 b9 d9 a3 b4 78 95 16 fc 10 12 35 1e 2d f7 40 64 80 a9 57 18 a4 0e 46 21 27 7b 65 c7 ba c5 47 3b 84 98 67 c0 91 13 bd 52 30 10 be 11 5f 81 9f 06 80 80 76 e6 14 c2 cd 1b 9e 81 6d 83 d0 ef 05 a3 78 e3 9c 42 fc Data Ascii: 2PJb]iA48"x_ma`!N*uK?& EKc$R8=O$o2zp2Cr#Oe@A%:BT.<QwP[m%eC/&b,(f1G,cvx5-@dWF!'{eG;gR0_vmxB
2023-12-26 05:40:55 UTC	1369	IN	Data Raw: f0 9b 65 4d 0a 79 64 f5 f6 c7 5f d8 fd f4 86 bd 4f 03 2f d6 ed 79 e2 85 9d 8f ad da f6 f0 f2 cd bf 7b 6e 23 40 04 f2 bb 65 1b 1e 5a be e5 b1 d5 3b 9e da b0 f7 d9 2d 07 9f db fa 22 e4 99 8d 00 91 3d 0f af de f1 f7 cb f1 81 9b 1f 80 51 54 91 99 f4 ab 6d 01 28 4a 6e 23 85 2a 4b af 54 4f b1 10 fc 54 91 b6 5f 6e 92 40 d7 9b 03 06 27 fc e6 a4 0d fa c2 9b d4 c3 78 90 9a 70 83 42 60 0c ce 8b 74 50 07 a0 90 e3 3d 32 50 c8 27 e7 06 0e 9f e9 87 1c 61 08 82 3f f1 2f b8 b3 b0 28 f0 7d dd 91 62 38 55 0f a7 21 b5 40 a2 ec 0e e7 88 42 a0 0b 4c 64 a4 95 38 25 50 91 35 a0 75 84 4d ee 98 cd 9f 84 83 e8 89 15 60 56 bd b0 1c b1 02 fe 04 94 c0 be 42 29 eb 9d 21 66 8c 03 10 d8 63 83 8b ec 31 14 99 15 4a d3 97 60 a6 34 a8 c0 9a 87 4b 4d 14 62 5e 1a 0b e1 07 78 e4 4f 76 32 7e 6f Data Ascii: eMyd_O/y{n#@eZ;-"=QTm(Jn#*KTOT_n@'xpB`tP=2P'a?/(}b8U!@BLd8%P5uM`VB)!fc1J`4KMb^xOv2~o
2023-12-26 05:40:55 UTC	1369	IN	Data Raw: 9d 3e 85 de da 3d 20 3f 76 a6 f3 c3 c3 c7 de 7c e7 a3 97 5e 7b e7 c0 4b 6f ee de ff ca 8e dd 07 76 ec 39 b0 f7 c5 d7 5e 7e f3 c3 77 3e fe ec c8 89 0e c8 7b 9f 9c 7e e9 ed 43 5b 0f bc b1 62 cb be 27 5f d8 fe d0 8a 4d bf 7d 6e c3 7f 79 66 3d e4 37 cf 6e fc dd f3 9b 1f 59 b5 ed 89 b5 9c 42 f6 3e b5 7e 4f 0b 44 b6 3e bc 7c d3 43 cf 93 80 48 c0 25 4f af db f3 fc 96 17 57 ed 7c 6d d5 ce 57 57 ee 78 65 f9 b6 97 9f de b4 ff 91 35 3b 7f b7 62 2b 40 e4 01 90 07 19 33 58 32 16 37 86 ff a1 30 ba 39 85 80 3f ba 44 9a 5e 89 4e a4 b2 ca f4 1e 8d 35 64 72 c5 ad be 94 1d 57 d1 97 06 91 70 0a 11 82 42 e4 a0 10 3d cc c3 a9 3e 25 25 65 3a 25 3c 16 d2 46 10 4e 21 80 15 a2 10 57 dc 15 29 04 53 35 20 48 38 5d f5 63 de 43 bd 7a e2 7a 3b c5 60 79 54 46 83 b3 72 84 8d 84 20 29 fc Data Ascii: >= ?v\|^{Kov9^~w>{~C[b'_M}nyf=7nYB>~OD>\|CH%OW\|mWWxe5;b+@3X2709?D^N5drWpB=>%%e:%<FN!W)S5 H8]cCzz;`yTFr )
2023-12-26 05:40:55 UTC	1369	IN	Data Raw: b3 1d 01 a5 99 5c 0e 5a e3 50 9b be 98 21 90 30 05 13 e6 40 c2 12 48 58 43 58 ef 29 47 24 65 0f 25 ac fe a8 c1 e1 55 e8 cd 5d 42 d9 a7 27 cf bf fb e1 27 af bc fe de 9e 03 af ed d8 f3 d2 96 ed 7b b7 ed da bf e7 c0 cb af bc f9 fe bb 1f 1f 3b 7c e2 fc 89 8e fe 13 e7 05 1f 1d 3b ff f2 3b 87 b7 ee 7f 7d c5 e6 7d 4f ae d9 0e b6 f8 ed 32 4e 21 1b 7e bb 8c 53 c8 f6 27 d7 81 42 f6 80 42 9e dd b8 ef 19 b0 c8 ba dd 4f ac d9 fe d8 aa 2d 8f ae 84 6c 7d 7c f5 d6 a7 d6 ee 7c 6e d3 fe 55 3b 5e 5d bb f7 cd 75 fb de 5a bb f7 ad 55 bb de 58 b6 f5 c5 c7 d6 ed 7e 68 d5 f6 07 57 6e 7b a0 ed 19 b3 4a 8b 88 0e 36 1b cb 8f 32 32 86 1e b1 0e 20 d2 27 35 88 d5 76 85 c1 ab b3 87 cd a0 10 6f aa 19 0b 71 44 14 66 9f 14 a4 a9 b2 76 53 46 46 07 c3 d0 a6 10 1e 0e e1 02 22 81 70 0a 11 eb Data Ascii: \ZP!0@HXCX)G$e%U]B''{;\|;;}}O2N!~S'BBO-l}\|\|nU;^]uZUX~hWn{J622 '5voqDfvSFF"p
2023-12-26 05:40:55 UTC	1369	IN	Data Raw: 89 43 2c a1 a4 2d 02 10 49 82 42 2c be 88 c1 e9 95 e9 4d 9d fd 92 4f 8e 9f 7d f3 dd 8f f7 1d 7c 6d cb 8e 7d 1b b6 ec de b0 79 c7 f6 3d 2f be f4 fa 3b ef 1d fa ec d3 53 5d 67 ba 07 ce f7 49 cf 74 8b 0e 9f e8 7c f9 dd 23 5b f7 bf b1 72 09 85 fc e6 59 c8 c6 df 2e db f4 e0 f2 2d 8f ae 66 14 b2 71 cf 33 1b f7 2d db b4 7f d9 c6 7d cf 82 48 d6 ed 7a f2 85 1d 60 11 c8 53 6b 77 2c db b0 67 e5 d6 83 2f ec 7e 6d e3 81 b7 37 bf f8 de e6 17 df 7f 61 df db cf ef 78 e5 c9 0d fb 1e 5e b3 13 20 f2 00 54 a4 d5 97 e0 35 07 30 45 06 4a 60 fb a0 25 fb e4 a6 1e 89 0e 20 22 90 99 24 1a a7 c2 e8 d3 d9 c2 26 67 c2 e2 49 59 bc 29 a3 3b ae b1 c1 36 78 60 1b 04 0a 33 3c 54 78 24 a7 05 2a a0 06 34 c2 f1 6e 19 0f 87 b4 05 7f e2 bf 8c 42 dc 5a 47 c4 1e cc fa 12 15 50 42 30 d5 a2 90 56 Data Ascii: C,-IB,MO}\|m}y=/;S]gIt\|#[rY.-fq3-}Hz`Skw,g/~m7ax^ T50EJ`% "$&gIY);6x`3<Tx$*4nBZGPB0V
2023-12-26 05:40:55 UTC	1369	IN	Data Raw: 21 b0 47 18 1c 4d 9b 42 7c 71 63 20 6e 22 89 81 42 ac 61 a2 10 47 28 6e f5 85 0d 4e 8f 44 67 38 db 3b f0 d1 d1 13 2f bf f1 ee b6 5d fb 5f 58 bf 75 d5 da cd eb 37 ef d8 7d e0 b5 b7 3f 38 72 ec 74 67 97 40 d2 2f 51 f5 89 d4 00 91 c3 27 bb 5e 79 ef 93 6d 07 df 5c bd f5 00 78 e2 91 15 9b ff 9e ea 42 36 36 29 64 c5 d6 47 81 1a 6b 77 51 20 84 c5 42 96 6d da bb 6c e3 de 65 f4 e7 9e 67 d6 ef 82 2c db b0 7b f9 a6 fd ab b7 bf b4 61 df 1b 5b 5f 7a 77 fb ab 1f 6c 7f f5 a3 0d 2f be bf 6a d7 eb 4f 6f 3a f0 e8 0b bb 1e 06 85 d8 fd 29 47 ab f6 93 8c 3a 95 9d 06 65 98 1f 58 f9 52 7d 8f 44 df 2f 37 8b 35 0e b9 d1 ab b5 86 0c 4e 58 c1 b8 d1 89 d7 84 a1 52 61 18 28 35 2b 33 75 8a 0d 67 85 cd ea d4 36 85 7c da 21 86 e0 00 96 15 4f 42 59 f4 c8 cd 12 50 88 3d 6c 03 e0 27 2a 94 Data Ascii: !GMB\|qc n"BaG(nNDg8;/]_Xu7}?8rtg@/Q'^ym\xB66)dGkwQ Bmleg,{a[_zwl/jOo:)G:eXR}D/75NXRa(5+3ug6\|!OBYP=l'*
2023-12-26 05:40:55 UTC	1369	IN	Data Raw: 9d fb 5e 79 fb c3 a3 27 cf f7 8a c4 0a 9d 54 6d 12 ca f5 9d 42 f9 e1 93 2c 16 72 e0 8d d5 db 0f 3c b3 9e 2a 4f 1f 5c be f9 c1 e5 5b 7e f7 3c c9 43 2b b7 3f ba 66 e7 13 6b 77 13 88 ac db f5 ec 86 dd 24 eb 77 2f 5b bf fb b9 0d fc 71 cf f2 8d 7b 57 6d 39 b0 66 e7 cb 1b f6 83 42 de db f6 ea 47 90 8d 07 df e3 14 f2 c8 9a 9d 0f ae dc fe 80 23 94 73 47 0b 50 97 dc 75 03 94 c0 c8 29 8c de 01 15 34 be a9 57 62 04 85 88 34 0e 99 81 ea 42 00 07 46 57 cc e0 88 6a 61 36 0c 5e 11 df 42 c9 53 f5 ac 66 90 ab 03 e6 9a 48 b9 c0 a6 e2 4f 4e 21 7d 0a 8b b4 45 21 1e 46 21 21 e8 ee 44 99 51 48 82 c5 42 40 21 21 a2 10 57 cc ea 4f b9 22 b4 e3 23 92 1b a4 fd 02 95 b1 a5 14 c2 cf 96 f8 29 d0 de 18 09 49 83 42 42 d9 a1 62 63 ae 31 7d 75 74 f6 46 7d f2 72 b2 3c 66 f3 67 60 c9 44 1a Data Ascii: ^y'TmB,r<*O\[~<C+?fkw$w/[q{Wm9fBG#sGPu)4Wb4BFWja6^BSfHON!}E!F!!DQHB@!!WO"#)IBBbc1}utF}r<fg`D
2023-12-26 05:40:55 UTC	1369	IN	Data Raw: 3a 9e c1 5a c5 0a 59 42 21 38 55 67 18 92 c3 01 3b ce 81 a8 5c 91 82 3b 5a 0c 67 87 0a 43 b3 43 53 57 1a b3 d7 ca a3 17 a2 f9 06 30 45 65 69 82 88 50 6d 11 69 ed 80 0f 18 57 b5 d9 a7 81 26 62 1e a4 c2 c2 9a 8e 30 f8 80 e1 6f 9a 79 0a 21 04 21 6a 16 f2 d2 b9 9a fc 61 f1 c4 5b cc 91 5a c2 1f 29 9e 13 01 21 b1 b2 80 6c ab b7 07 70 24 ce 28 24 cc 62 21 01 a2 10 1d db 8b 44 14 62 e8 18 60 9a 14 c3 d5 23 3f c5 06 ed bc 48 db ab 30 89 75 4e 9c 12 50 a0 5d 52 6a 6a a5 4b 96 36 0b 59 4a 21 ed 0a 8f 25 2f 63 8f ae f0 cf 37 c8 fc 8c 42 da cd 42 7e 99 91 69 51 88 bb d9 c7 c5 e8 86 41 32 7a 93 f0 93 e2 d5 c9 c2 d8 a5 fa ec 8d d1 8b 5f 4e 5c fe 66 ea ea 77 53 57 bf 1d 5f fc 1a 20 52 9e b8 96 1d be 90 a8 4e 47 8a e3 81 ec b0 3f 33 04 ea 87 78 98 40 8f e3 18 38 02 e7 d2 Data Ascii: :ZYB!8Ug;\;ZgCCSW0EeiPmiW&b0oy!!ja[Z)!lp$($b!Db`#?H0uNP]RjjK6YJ!%/c7BB~iQA2z_N\fwSW_ RNG?3x@8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49735	172.67.182.99	443	352	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-26 05:40:56 UTC	608	OUT	GET /favicon.ico HTTP/1.1 Host: x.3seq.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://x.3seq.com/wp-content/uploads/2023/10/4.png Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-12-26 05:40:57 UTC	807	IN	HTTP/1.1 302 Found Date: Tue, 26 Dec 2023 05:40:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close location: https://x.3seq.com/wp-content/uploads/2023/09/cropped-55-1-32x32.png link: <https://x.3seq.com/wp-json/>; rel="https://api.w.org/" x-redirect-by: WordPress Cache-Control: max-age=14400 expires: Tue, 26 Dec 2023 08:43:33 GMT CF-Cache-Status: MISS Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n7npTKlUvxQxcD9dvjkoo%2BXUEPVL%2Bne4QK0ENx9a1jC%2FKVCa5ylZbLicEi1rT%2FUKwErXBUtx5RqHO4fX%2BP3KJoXCJy4X45hX53qMxspGU2qdBdsetN9T4juMNcne"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83b6fded2d82128b-MIA alt-svc: h3=":443"; ma=86400
2023-12-26 05:40:57 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49738	172.67.182.99	443	352	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-26 05:40:57 UTC	646	OUT	GET /wp-content/uploads/2023/09/cropped-55-1-32x32.png HTTP/1.1 Host: x.3seq.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://x.3seq.com/wp-content/uploads/2023/10/4.png Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-12-26 05:40:57 UTC	840	IN	HTTP/1.1 200 OK Date: Tue, 26 Dec 2023 05:40:57 GMT Content-Type: image/png Transfer-Encoding: chunked Connection: close vary: Accept-Encoding vary: Accept-Encoding last-modified: Wed, 20 Sep 2023 04:45:49 GMT etag: W/"650a78fd-65b" expires: Thu, 31 Dec 2037 23:55:55 GMT Cache-Control: max-age=315360000 x-cache: HIT from Backend x-xss-protection: 1; mode=block x-content-type-options: nosniff CF-Cache-Status: HIT Age: 4092768 Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZCevWj%2BzeBLWW5X86hrSfSacD8uBK1xs9GMCTv9w4BHYOloaYiQyyalUzqMAWTY6rQggVpvbYMc6FGPvVtdWXjHOgynhRMnV7pKDSgztM1AO3h986PAEtKeJ5%2BeN"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83b6fdf4592c5c67-MIA alt-svc: h3=":443"; ma=86400
2023-12-26 05:40:57 UTC	529	IN	Data Raw: 36 35 62 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 06 22 49 44 41 54 58 c3 c5 97 5d 68 1c 85 16 c7 7f 33 b3 33 b3 99 d9 6c f6 a3 bb 49 63 3e 48 bb 49 d3 10 da c6 d8 0f d3 3e 04 5a 45 f1 c1 37 b1 70 1f 04 41 f1 51 41 10 a9 a0 82 e0 c5 a7 22 58 29 3e e8 a3 54 f0 41 83 41 b4 a0 58 48 c2 7a bd 49 e3 d5 84 26 31 dd c4 bb 37 fb 91 ee 57 76 77 3e 7d 88 89 ee dd dd 24 be d4 f3 b8 33 ec f9 9f f3 3f e7 7f fe 23 4c c6 62 97 80 7f 02 a7 00 91 fb 13 0e 30 0b bc 22 4c c6 62 d3 c0 19 fe 9e f8 de 03 8c ee f7 96 20 49 28 91 08 5a 57 17 ca a1 43 88 8a 02 ae 8b 5d 2e 53 4d a7 a9 24 93 18 99 0c ae 69 fe 55 00 a7 3c 80 d4 ec a9 d8 d2 42 e8 a1 87 88 3e fa 28 a1 33 67 50 a3 51 44 af 17 41 10 00 70 6d 1b bb 52 Data Ascii: 65bPNGIHDR szz"IDATX]h33lIc>HI>ZE7pAQA"X)>TAAXHzI&17Wvw>}$3?#Lb0"Lb I(ZWC].SM$iU<B>(3gPQDApmR
2023-12-26 05:40:57 UTC	1105	IN	Data Raw: 27 76 b9 8c 91 4e 53 5a 5a 22 f9 f9 e7 e8 b1 18 5d 4f 3d 45 e7 93 4f d2 7d f9 32 95 64 92 d5 8f 3e aa 1b 4e f1 cf dc 87 c7 c6 90 74 7d 37 79 6e 6e 8e db 2f bf 4c 72 62 a2 2e f9 ce 16 54 7e fd 15 25 14 c2 e3 f3 d5 fc 5e 5c 58 60 e1 ed b7 f9 cf 1b 6f 60 e6 72 f4 3e f3 0c fe e1 e1 fa 4d db 6d bf d7 4b db f0 f0 6e f5 d5 54 8a c5 77 de a1 f0 d3 4f 7b 0e 5c 65 63 03 39 18 44 8d 46 eb 01 9a 26 c9 89 09 ee 5c bd 8a 1c 08 d0 fd f4 d3 08 1e 4f 63 00 a2 d7 8b 1c 0c ee 56 bf f1 d5 57 dc 8b c7 f7 9d f8 f2 ea 2a a2 a2 e0 eb ef 6f 22 ba 0e c9 c9 49 36 e3 71 c2 17 2e a0 f5 f6 36 a1 c0 75 71 7f e7 c7 31 0c d2 df 7c 83 6b db fb 02 d8 4a 24 b0 0a 05 82 a7 4f 83 d4 58 d3 ec 62 91 cc ad 5b a8 91 08 81 07 1f 6c 0c 60 67 88 00 9c 72 99 ea c6 c6 81 76 be 9a 4a b1 75 f7 2e 81 91 Data Ascii: 'vNSZZ"]O=EO}2d>Nt}7ynn/Lrb.T~%^\X`o`r>MmKnTwO{\ec9DF&\OcVW*o"I6q.6uq1\|kJ$OXb[l`grvJu.
2023-12-26 05:40:57 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49740	172.67.182.99	443	352	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-26 05:40:58 UTC	383	OUT	GET /wp-content/uploads/2023/09/cropped-55-1-32x32.png HTTP/1.1 Host: x.3seq.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-12-26 05:41:00 UTC	849	IN	HTTP/1.1 200 OK Date: Tue, 26 Dec 2023 05:40:58 GMT Content-Type: image/png Transfer-Encoding: chunked Connection: close vary: Accept-Encoding vary: Accept-Encoding last-modified: Wed, 20 Sep 2023 04:45:49 GMT etag: W/"650a78fd-65b" expires: Thu, 31 Dec 2037 23:55:55 GMT Cache-Control: max-age=315360000 x-cache: HIT from Backend x-xss-protection: 1; mode=block x-content-type-options: nosniff CF-Cache-Status: HIT Age: 651433 Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BfYHR3W%2FgvheHP%2BjqzGW8qUcKI%2FiRXV0ZML0Bt6%2BLiz1X1FiTg%2B9c%2FUX0F2TcBEVzWoD2x8pEM2eQdHfnZBvgqtvjJIsBweXXAk3gSoPcwcPiQanNmn9yeirj7Ae"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83b6fdfb2bcdb3eb-MIA alt-svc: h3=":443"; ma=86400
2023-12-26 05:41:00 UTC	520	IN	Data Raw: 36 35 62 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 06 22 49 44 41 54 58 c3 c5 97 5d 68 1c 85 16 c7 7f 33 b3 33 b3 99 d9 6c f6 a3 bb 49 63 3e 48 bb 49 d3 10 da c6 d8 0f d3 3e 04 5a 45 f1 c1 37 b1 70 1f 04 41 f1 51 41 10 a9 a0 82 e0 c5 a7 22 58 29 3e e8 a3 54 f0 41 83 41 b4 a0 58 48 c2 7a bd 49 e3 d5 84 26 31 dd c4 bb 37 fb 91 ee 57 76 77 3e 7d 88 89 ee dd dd 24 be d4 f3 b8 33 ec f9 9f f3 3f e7 7f fe 23 4c c6 62 97 80 7f 02 a7 00 91 fb 13 0e 30 0b bc 22 4c c6 62 d3 c0 19 fe 9e f8 de 03 8c ee f7 96 20 49 28 91 08 5a 57 17 ca a1 43 88 8a 02 ae 8b 5d 2e 53 4d a7 a9 24 93 18 99 0c ae 69 fe 55 00 a7 3c 80 d4 ec a9 d8 d2 42 e8 a1 87 88 3e fa 28 a1 33 67 50 a3 51 44 af 17 41 10 00 70 6d 1b bb 52 Data Ascii: 65bPNGIHDR szz"IDATX]h33lIc>HI>ZE7pAQA"X)>TAAXHzI&17Wvw>}$3?#Lb0"Lb I(ZWC].SM$iU<B>(3gPQDApmR
2023-12-26 05:41:01 UTC	1114	IN	Data Raw: 76 99 1d 87 6a 2a 45 4b 67 27 76 b9 8c 91 4e 53 5a 5a 22 f9 f9 e7 e8 b1 18 5d 4f 3d 45 e7 93 4f d2 7d f9 32 95 64 92 d5 8f 3e aa 1b 4e f1 cf dc 87 c7 c6 90 74 7d 37 79 6e 6e 8e db 2f bf 4c 72 62 a2 2e f9 ce 16 54 7e fd 15 25 14 c2 e3 f3 d5 fc 5e 5c 58 60 e1 ed b7 f9 cf 1b 6f 60 e6 72 f4 3e f3 0c fe e1 e1 fa 4d db 6d bf d7 4b db f0 f0 6e f5 d5 54 8a c5 77 de a1 f0 d3 4f 7b 0e 5c 65 63 03 39 18 44 8d 46 eb 01 9a 26 c9 89 09 ee 5c bd 8a 1c 08 d0 fd f4 d3 08 1e 4f 63 00 a2 d7 8b 1c 0c ee 56 bf f1 d5 57 dc 8b c7 f7 9d f8 f2 ea 2a a2 a2 e0 eb ef 6f 22 ba 0e c9 c9 49 36 e3 71 c2 17 2e a0 f5 f6 36 a1 c0 75 71 7f e7 c7 31 0c d2 df 7c 83 6b db fb 02 d8 4a 24 b0 0a 05 82 a7 4f 83 d4 58 d3 ec 62 91 cc ad 5b a8 91 08 81 07 1f 6c 0c 60 67 88 00 9c 72 99 ea c6 c6 81 76 Data Ascii: vjEKg'vNSZZ"]O=EO}2d>Nt}7ynn/Lrb.T~%^\X`o`r>MmKnTwO{\ec9DF&\OcVWo"I6q.6uq1\|kJ$OXb[l`grv
2023-12-26 05:41:01 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49741	104.88.196.112	443

Timestamp	Bytes transferred	Direction	Data
2023-12-26 05:40:58 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2023-12-26 05:40:58 UTC	468	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/079C) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus2-z1 Cache-Control: public, max-age=213309 Date: Tue, 26 Dec 2023 05:40:58 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49742	104.88.196.112	443

Timestamp	Bytes transferred	Direction	Data
2023-12-26 05:40:59 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2023-12-26 05:40:59 UTC	531	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0rcGnYgAAAAANOnx9vccHTr21ROgX9ESTU0pDRURHRTAzMDkAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=213287 Date: Tue, 26 Dec 2023 05:40:59 GMT Content-Length: 55 Connection: close X-CID: 2
2023-12-26 05:40:59 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49743	52.165.165.26	443

Timestamp	Bytes transferred	Direction	Data
2023-12-26 05:41:11 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=bRTMA1eeGlrB4fp&MD=H1yek7X9 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2023-12-26 05:41:11 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 695b9b05-45b6-48fd-813a-bc3ac087c0ba MS-RequestId: 0193d80f-743b-4155-a38c-210a80f3071c MS-CV: oNOEW2hkpkSyo2c1.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Tue, 26 Dec 2023 05:41:10 GMT Connection: close Content-Length: 24490
2023-12-26 05:41:11 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2023-12-26 05:41:11 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49749	40.68.123.157	443

Timestamp	Bytes transferred	Direction	Data
2023-12-26 05:41:51 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=bRTMA1eeGlrB4fp&MD=H1yek7X9 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2023-12-26 05:41:52 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160" MS-CorrelationId: 0bf2c413-f062-4f2f-8502-afc13115cadc MS-RequestId: 714263e3-b688-4f50-8f4a-c2f3fbab1339 MS-CV: XY1kWX/TDEeyrWUU.0 X-Microsoft-SLSClientCache: 2160 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Tue, 26 Dec 2023 05:41:51 GMT Connection: close Content-Length: 25457
2023-12-26 05:41:52 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2023-12-26 05:41:52 UTC	9633	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

Target ID:	0
Start time:	06:40:50
Start date:	26/12/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	06:40:51
Start date:	26/12/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=2000,i,12641965270428627891,14806553762081753421,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	06:40:54
Start date:	26/12/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" "https://x.3seq.com/wp-content/uploads/2023/10/4.png
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://x.3seq.com/wp-content/uploads/2023/10/4.png

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 41

Chrome Cache Entry: 42

Chrome Cache Entry: 43

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 1748, Parent PID: 2120

General

File Activities

File Opened

File Created

File Deleted

File Moved

Other File Operations

Registry Activities

Key Deleted

Key Value Deleted

Windows Analysis Report
https://x.3seq.com/wp-content/uploads/2023/10/4.png