Edit tour

Windows Analysis Report
https://sclreg.com/122861d2-a974-4dcc-80de-fc04620cb773/

Overview

General Information

Sample URL:	https://sclreg.com/122861d2-a974-4dcc-80de-fc04620cb773/
Analysis ID:	1446885
Infos:

Detection

HTMLPhisher

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Yara detected BlockedWebSite

Classification

Process Tree

System is w10x64

chrome.exe (PID: 7052 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 5772 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 --field-trial-handle=2216,i,16482093608261227541,114962425812962219,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 1912 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://sclreg.com/122861d2-a974-4dcc-80de-fc04620cb773/" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_44	JoeSecurity_BlockedWebSite	Yara detected BlockedWebSite	Joe Security

HTML

Source	Rule	Description	Author	Strings
0.0.pages.csv	JoeSecurity_BlockedWebSite	Yara detected BlockedWebSite	Joe Security

HTTP traffic detected: POST /report/v4?s=eM%2BLY7MD5DxS8Q4LGsl2hxq8n1FeuAZ43Kb5DKX6iCMpWhESE2zEaL4rccHh58Z8Q7l5Ln3RMXyGcMph9LJjIk822%2BRzelXJoF8pHoDggYmhCJ4X7PRRg9WgCYXS HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 450Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 23 May 2024 22:31:16 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400CF-Cache-Status: EXPIREDReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eM%2BLY7MD5DxS8Q4LGsl2hxq8n1FeuAZ43Kb5DKX6iCMpWhESE2zEaL4rccHh58Z8Q7l5Ln3RMXyGcMph9LJjIk822%2BRzelXJoF8pHoDggYmhCJ4X7PRRg9WgCYXS"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 88887eca2b6242dc-EWRalt-svc: h3=":443"; ma=86400

Source: chromecache_44.2.dr	String found in binary or memory: https://www.cloudflare.com/5xx-error-landing
Source: chromecache_44.2.dr	String found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704

Source: unknown	HTTPS traffic detected: 2.19.104.72:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.19.104.72:443 -> 192.168.2.6:49717 version: TLS 1.2

Source: classification engine

Classification label: mal64.phis.win@16/9@8/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 --field-trial-handle=2216,i,16482093608261227541,114962425812962219,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://sclreg.com/122861d2-a974-4dcc-80de-fc04620cb773/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 --field-trial-handle=2216,i,16482093608261227541,114962425812962219,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://sclreg.com/122861d2-a974-4dcc-80de-fc04620cb773/	100%	Avira URL Cloud	phishing
https://sclreg.com/122861d2-a974-4dcc-80de-fc04620cb773/	100%	SlashNext	Credential Stealing type: Phishing & Social usering

Source	Detection	Scanner	Label
https://sclreg.com/cdn-cgi/images/icon-exclamation.png?1376755637	100%	Avira URL Cloud	phishing
https://www.cloudflare.com/learning/access-management/phishing-attack/	0%	Avira URL Cloud	safe
https://a.nel.cloudflare.com/report/v4?s=eM%2BLY7MD5DxS8Q4LGsl2hxq8n1FeuAZ43Kb5DKX6iCMpWhESE2zEaL4rccHh58Z8Q7l5Ln3RMXyGcMph9LJjIk822%2BRzelXJoF8pHoDggYmhCJ4X7PRRg9WgCYXS	0%	Avira URL Cloud	safe
https://sclreg.com/favicon.ico	100%	Avira URL Cloud	phishing
https://sclreg.com/cdn-cgi/styles/cf.errors.css	100%	Avira URL Cloud	phishing
https://www.cloudflare.com/5xx-error-landing	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
a.nel.cloudflare.com	35.190.80.1	true	false	unknown
www.google.com	142.250.185.132	true	false	unknown
sclreg.com	172.67.175.197	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://sclreg.com/favicon.ico	false	Avira URL Cloud: phishing	unknown
https://sclreg.com/cdn-cgi/styles/cf.errors.css	false	Avira URL Cloud: phishing	unknown
https://sclreg.com/122861d2-a974-4dcc-80de-fc04620cb773/	true		unknown
https://sclreg.com/cdn-cgi/images/icon-exclamation.png?1376755637	false	Avira URL Cloud: phishing	unknown
https://a.nel.cloudflare.com/report/v4?s=eM%2BLY7MD5DxS8Q4LGsl2hxq8n1FeuAZ43Kb5DKX6iCMpWhESE2zEaL4rccHh58Z8Q7l5Ln3RMXyGcMph9LJjIk822%2BRzelXJoF8pHoDggYmhCJ4X7PRRg9WgCYXS	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.cloudflare.com/learning/access-management/phishing-attack/	chromecache_44.2.dr	false	Avira URL Cloud: safe	unknown
https://www.cloudflare.com/5xx-error-landing	chromecache_44.2.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
142.250.185.132	www.google.com	United States	15169	GOOGLEUS	false
172.67.175.197	sclreg.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.7
192.168.2.6

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1446885
Start date and time:	2024-05-24 00:30:23 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 10s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://sclreg.com/122861d2-a974-4dcc-80de-fc04620cb773/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal64.phis.win@16/9@8/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 216.58.212.163, 108.177.15.84, 172.217.16.142, 34.104.35.123, 13.85.23.86, 93.184.221.240, 192.229.221.95, 20.3.187.198, 13.95.31.18, 172.217.18.3
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: https://sclreg.com/122861d2-a974-4dcc-80de-fc04620cb773/

Input	Output
URL: https://sclreg.com/122861d2-a974-4dcc-80de-fc04620cb773/ Model: Perplexity: mixtral-8x7b-instruct	{ "loginform": false, "reasons": [ "The text does not contain any form fields for a user to input data.", "There is no mention of a username, password, or any other type of login credentials.", "The text is actually a warning about a potential phishing attempt and does not contain a login form." ] }
O Warning Suspected Phishing This website has been reported for potential phishing. Phishing is when a site attempts to steal sensitive information by falsely presenting as a safe source. Leam More Ignore & Proceed Cloudflare Ray ID: 88887ebf5a6b7cb2 Your IP: Click to reveal Performance & security by Claudflare
URL: https://sclreg.com/122861d2-a974-4dcc-80de-fc04620cb773/ Model: gpt-4o	```json { "riskscore": 1, "reasons": "The provided JavaScript code appears to manipulate the DOM to reveal or hide elements related to an IP address in the footer. There are no obvious signs of malicious activity such as data exfiltration, credential stealing, or unauthorized access. The code is relatively simple and does not perform any suspicious actions. However, any code that manipulates the DOM could potentially be used for phishing if combined with other malicious scripts, hence a minimal risk score of 1." }
(function(){function d(){var b=a.getElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}var a=document;document.addEventListener&&a.addEventListener("DOMContentLoaded",d)})();

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 54 x 54, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	452
Entropy (8bit):	7.0936408308765495
Encrypted:	false
SSDEEP:	12:6v/7EljW8E6Cl2SYh8SZM4tf70FSDvMXDxJp6ScFChY9:U8hCl2SIdZBtAFSDUX/ozIhK
MD5:	C33DE66281E933259772399D10A6AFE8
SHA1:	B9F9D500F8814381451011D4DCF59CD2D90AD94F
SHA-256:	F1591A5221136C49438642155691AE6C68E25B7241F3D7EBE975B09A77662016
SHA-512:	5834FB9D66F550E6CECFE484B7B6A14F3FCA795405DECE8E652BD69AD917B94B6BBDCDF7639161B9C07F0D33EABD3E79580446B5867219F72F4FC43FD43B98C3
Malicious:	false
Reputation:	low
URL:	https://sclreg.com/cdn-cgi/images/icon-exclamation.png?1376755637
Preview:	.PNG........IHDR...6...6............3PLTE.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?..".....tRNS.@0.`........ P.p`...../IDATx.....0...l..6....+...~yJ.F"....oE..L.3..[..i2..n.WyJ..z&.....F.......b....p~...\|:t5.m...fp.i./e....%.%...n.P...enV.....!...,.......E........t![HW.B.g.R.\^.e..o+........%.&-j..q...f@..o...]... ....u0.x..2K.+C..8.U.L.Y.[=.....y...o.tF..]M..U.,4..........a.>/.)....C3gNI.i...R.=....Q7..K......IEND.B`.

Chrome Cache Entry: 42

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 54 x 54, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	452
Entropy (8bit):	7.0936408308765495
Encrypted:	false
SSDEEP:	12:6v/7EljW8E6Cl2SYh8SZM4tf70FSDvMXDxJp6ScFChY9:U8hCl2SIdZBtAFSDUX/ozIhK
MD5:	C33DE66281E933259772399D10A6AFE8
SHA1:	B9F9D500F8814381451011D4DCF59CD2D90AD94F
SHA-256:	F1591A5221136C49438642155691AE6C68E25B7241F3D7EBE975B09A77662016
SHA-512:	5834FB9D66F550E6CECFE484B7B6A14F3FCA795405DECE8E652BD69AD917B94B6BBDCDF7639161B9C07F0D33EABD3E79580446B5867219F72F4FC43FD43B98C3
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...6...6............3PLTE.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?..".....tRNS.@0.`........ P.p`...../IDATx.....0...l..6....+...~yJ.F"....oE..L.3..[..i2..n.WyJ..z&.....F.......b....p~...\|:t5.m...fp.i./e....%.%...n.P...enV.....!...,.......E........t![HW.B.g.R.\^.e..o+........%.&-j..q...f@..o...]... ....u0.x..2K.+C..8.U.L.Y.[=.....y...o.tF..]M..U.,4..........a.>/.)....C3gNI.i...R.=....Q7..K......IEND.B`.

Chrome Cache Entry: 43

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	272
Entropy (8bit):	5.215211155178454
Encrypted:	false
SSDEEP:	6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoIRCw1KBFEcXaoD:J0+oxBeRmR9etdzRxGezHttma+
MD5:	C887869904BCCDBD10124890DC4B75A0
SHA1:	95F448AD0A86DB5F86489A5A6D8338D0CA1DAE99
SHA-256:	031C255C5692EB688D7B5E7F35D6982CF6CC1D44D7F7B3F3BBBABF5AD9522807
SHA-512:	0C6244187B12E9890BEAC5F77FFC0BD4F07F0A291063FA68823970CE96792B05AC3C219DA52392FF3CD1EFE5140C1433C4FD7E6C72BBC16CF4DEF7DA54FAB4D8
Malicious:	false
Reputation:	low
URL:	https://sclreg.com/favicon.ico
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<hr>.<address>Apache/2.4.52 (Ubuntu) Server at sclreg.com Port 80</address>.</body></html>.

Chrome Cache Entry: 44

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (394)
Category:	downloaded
Size (bytes):	4432
Entropy (8bit):	5.1002037549320685
Encrypted:	false
SSDEEP:	96:1j9jwIjYjUDK/D5DMF+BOiso0A2ZLimxrR79PaQxJbGD:1j9jhjYjIK/Vo+tsRZOmxr59ieJGD
MD5:	133250926C5CF49D2C7DBF8BE5F3FA08
SHA1:	31472FE5B9D3D4464DB28003BA75ABC14979ADC6
SHA-256:	1DFBC4CB76B25DAF75C853639D3940DAC7C24E8C82FCCD2D1036C7D9C2141EDD
SHA-512:	FE8F6DB5498421271010EA1115F4098BF80D86F66C14B1FB943FD36BF4ACB10904BE8D23908109FDDE9095328A00B7848136B389E128B8BDDB3F8648D32D1442
Malicious:	false
Reputation:	low
URL:	https://sclreg.com/122861d2-a974-4dcc-80de-fc04620cb773/
Preview:	<!DOCTYPE html>. [if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->. [if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->. [if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->. [if gt IE 8]> > <html class="no-js" lang="en-US"> <![endif]-->.<head>.<title>Suspected phishing site \| Cloudflare</title>.<meta charset="UTF-8" />.<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.<meta http-equiv="X-UA-Compatible" content="IE=Edge" />.<meta name="robots" content="noindex, nofollow" />.<meta name="viewport" content="width=device-width,initial-scale=1" />.<link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" />. [if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]-->.<style>body{margin:0;padding:0}</style>... [if gte IE 10]> >.<script>. if (!navigator.cookieEnabled) {. window.addEventListener('DOMContentLoaded

Chrome Cache Entry: 45

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (24050)
Category:	downloaded
Size (bytes):	24051
Entropy (8bit):	4.941039417164537
Encrypted:	false
SSDEEP:	192:VuR/6okgTQwq23gGM8lUR9YRGQ2BwoX6zp+1+nDT1FvxKSI7/UsV7MSE6XZ2dKzk:JwV+oUcoQJpdf1dxKSI7/Ue7ZX2qk
MD5:	5E8C69A459A691B5D1B9BE442332C87D
SHA1:	F24DD1AD7C9080575D92A9A9A2C42620725EF836
SHA-256:	84E3C77025ACE5AF143972B4A40FC834DCDFD4E449D4B36A57E62326F16B3091
SHA-512:	6DB74B262D717916DE0B0B600EEAD2CC6A10E52A9E26D701FAE761FCBC931F35F251553669A92BE3B524F380F32E62AC6AD572BEA23C78965228CE9EFB92ED42
Malicious:	false
Reputation:	low
URL:	https://sclreg.com/cdn-cgi/styles/cf.errors.css
Preview:	#cf-wrapper a,#cf-wrapper abbr,#cf-wrapper article,#cf-wrapper aside,#cf-wrapper b,#cf-wrapper big,#cf-wrapper blockquote,#cf-wrapper body,#cf-wrapper canvas,#cf-wrapper caption,#cf-wrapper center,#cf-wrapper cite,#cf-wrapper code,#cf-wrapper dd,#cf-wrapper del,#cf-wrapper details,#cf-wrapper dfn,#cf-wrapper div,#cf-wrapper dl,#cf-wrapper dt,#cf-wrapper em,#cf-wrapper embed,#cf-wrapper fieldset,#cf-wrapper figcaption,#cf-wrapper figure,#cf-wrapper footer,#cf-wrapper form,#cf-wrapper h1,#cf-wrapper h2,#cf-wrapper h3,#cf-wrapper h4,#cf-wrapper h5,#cf-wrapper h6,#cf-wrapper header,#cf-wrapper hgroup,#cf-wrapper html,#cf-wrapper i,#cf-wrapper iframe,#cf-wrapper img,#cf-wrapper label,#cf-wrapper legend,#cf-wrapper li,#cf-wrapper mark,#cf-wrapper menu,#cf-wrapper nav,#cf-wrapper object,#cf-wrapper ol,#cf-wrapper output,#cf-wrapper p,#cf-wrapper pre,#cf-wrapper s,#cf-wrapper samp,#cf-wrapper section,#cf-wrapper small,#cf-wrapper span,#cf-wrapper strike,#cf-wrapper strong,#cf-wrapper sub,#cf-w

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 24, 2024 00:31:07.307964087 CEST	49673	443	192.168.2.6	173.222.162.64
May 24, 2024 00:31:07.307964087 CEST	49674	443	192.168.2.6	173.222.162.64
May 24, 2024 00:31:07.636061907 CEST	49672	443	192.168.2.6	173.222.162.64
May 24, 2024 00:31:14.435419083 CEST	49704	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:14.435453892 CEST	443	49704	172.67.175.197	192.168.2.6
May 24, 2024 00:31:14.435570955 CEST	49704	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:14.435949087 CEST	49705	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:14.435955048 CEST	443	49705	172.67.175.197	192.168.2.6
May 24, 2024 00:31:14.436019897 CEST	49705	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:14.436167002 CEST	49704	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:14.436178923 CEST	443	49704	172.67.175.197	192.168.2.6
May 24, 2024 00:31:14.436387062 CEST	49705	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:14.436398983 CEST	443	49705	172.67.175.197	192.168.2.6
May 24, 2024 00:31:14.985239029 CEST	443	49704	172.67.175.197	192.168.2.6
May 24, 2024 00:31:14.985738039 CEST	49704	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:14.985752106 CEST	443	49704	172.67.175.197	192.168.2.6
May 24, 2024 00:31:14.986815929 CEST	443	49704	172.67.175.197	192.168.2.6
May 24, 2024 00:31:14.986922026 CEST	49704	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:14.988289118 CEST	49704	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:14.988354921 CEST	443	49704	172.67.175.197	192.168.2.6
May 24, 2024 00:31:14.988646030 CEST	49704	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:15.016608000 CEST	443	49705	172.67.175.197	192.168.2.6
May 24, 2024 00:31:15.016993046 CEST	49705	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:15.017004967 CEST	443	49705	172.67.175.197	192.168.2.6
May 24, 2024 00:31:15.020567894 CEST	443	49705	172.67.175.197	192.168.2.6
May 24, 2024 00:31:15.020654917 CEST	49705	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:15.021083117 CEST	49705	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:15.021145105 CEST	443	49705	172.67.175.197	192.168.2.6
May 24, 2024 00:31:15.029275894 CEST	49704	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:15.029285908 CEST	443	49704	172.67.175.197	192.168.2.6
May 24, 2024 00:31:15.075917006 CEST	49704	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:15.075917006 CEST	49705	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:15.075939894 CEST	443	49705	172.67.175.197	192.168.2.6
May 24, 2024 00:31:15.122113943 CEST	49705	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:15.143428087 CEST	443	49704	172.67.175.197	192.168.2.6
May 24, 2024 00:31:15.146680117 CEST	443	49704	172.67.175.197	192.168.2.6
May 24, 2024 00:31:15.146759987 CEST	443	49704	172.67.175.197	192.168.2.6
May 24, 2024 00:31:15.146799088 CEST	49704	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:15.146806002 CEST	443	49704	172.67.175.197	192.168.2.6
May 24, 2024 00:31:15.146869898 CEST	49704	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:15.149935007 CEST	443	49704	172.67.175.197	192.168.2.6
May 24, 2024 00:31:15.150126934 CEST	443	49704	172.67.175.197	192.168.2.6
May 24, 2024 00:31:15.150197029 CEST	49704	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:15.157582998 CEST	49704	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:15.157603025 CEST	443	49704	172.67.175.197	192.168.2.6
May 24, 2024 00:31:15.163219929 CEST	49705	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:15.206537962 CEST	443	49705	172.67.175.197	192.168.2.6
May 24, 2024 00:31:15.290432930 CEST	443	49705	172.67.175.197	192.168.2.6
May 24, 2024 00:31:15.296936035 CEST	443	49705	172.67.175.197	192.168.2.6
May 24, 2024 00:31:15.297033072 CEST	443	49705	172.67.175.197	192.168.2.6
May 24, 2024 00:31:15.297070980 CEST	49705	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:15.297091961 CEST	443	49705	172.67.175.197	192.168.2.6
May 24, 2024 00:31:15.297162056 CEST	49705	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:15.297168970 CEST	443	49705	172.67.175.197	192.168.2.6
May 24, 2024 00:31:15.303656101 CEST	443	49705	172.67.175.197	192.168.2.6
May 24, 2024 00:31:15.303930044 CEST	49705	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:15.303940058 CEST	443	49705	172.67.175.197	192.168.2.6
May 24, 2024 00:31:15.315474987 CEST	443	49705	172.67.175.197	192.168.2.6
May 24, 2024 00:31:15.315570116 CEST	443	49705	172.67.175.197	192.168.2.6
May 24, 2024 00:31:15.315633059 CEST	49705	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:15.315649033 CEST	443	49705	172.67.175.197	192.168.2.6
May 24, 2024 00:31:15.316168070 CEST	49705	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:15.320128918 CEST	443	49705	172.67.175.197	192.168.2.6
May 24, 2024 00:31:15.324755907 CEST	443	49705	172.67.175.197	192.168.2.6
May 24, 2024 00:31:15.324841022 CEST	443	49705	172.67.175.197	192.168.2.6
May 24, 2024 00:31:15.324841976 CEST	49705	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:15.324872017 CEST	443	49705	172.67.175.197	192.168.2.6
May 24, 2024 00:31:15.325006008 CEST	49705	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:15.403359890 CEST	443	49705	172.67.175.197	192.168.2.6
May 24, 2024 00:31:15.404920101 CEST	443	49705	172.67.175.197	192.168.2.6
May 24, 2024 00:31:15.405018091 CEST	443	49705	172.67.175.197	192.168.2.6
May 24, 2024 00:31:15.405038118 CEST	49705	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:15.405056953 CEST	443	49705	172.67.175.197	192.168.2.6
May 24, 2024 00:31:15.405345917 CEST	49705	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:15.409760952 CEST	443	49705	172.67.175.197	192.168.2.6
May 24, 2024 00:31:15.409934044 CEST	443	49705	172.67.175.197	192.168.2.6
May 24, 2024 00:31:15.410012007 CEST	49705	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:15.410129070 CEST	49705	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:15.410156965 CEST	443	49705	172.67.175.197	192.168.2.6
May 24, 2024 00:31:15.410171986 CEST	49705	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:15.410255909 CEST	49705	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:15.444670916 CEST	49708	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:15.444715977 CEST	443	49708	172.67.175.197	192.168.2.6
May 24, 2024 00:31:15.444825888 CEST	49708	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:15.445564985 CEST	49708	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:15.445594072 CEST	443	49708	172.67.175.197	192.168.2.6
May 24, 2024 00:31:15.972678900 CEST	443	49708	172.67.175.197	192.168.2.6
May 24, 2024 00:31:16.016434908 CEST	49708	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:16.016469955 CEST	443	49708	172.67.175.197	192.168.2.6
May 24, 2024 00:31:16.017039061 CEST	443	49708	172.67.175.197	192.168.2.6
May 24, 2024 00:31:16.021445990 CEST	49708	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:16.021548033 CEST	443	49708	172.67.175.197	192.168.2.6
May 24, 2024 00:31:16.022250891 CEST	49708	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:16.062500954 CEST	443	49708	172.67.175.197	192.168.2.6
May 24, 2024 00:31:16.154455900 CEST	443	49708	172.67.175.197	192.168.2.6
May 24, 2024 00:31:16.154558897 CEST	443	49708	172.67.175.197	192.168.2.6
May 24, 2024 00:31:16.154616117 CEST	49708	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:16.162648916 CEST	49708	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:16.162662029 CEST	443	49708	172.67.175.197	192.168.2.6
May 24, 2024 00:31:16.187968016 CEST	49709	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:16.187994003 CEST	443	49709	172.67.175.197	192.168.2.6
May 24, 2024 00:31:16.188064098 CEST	49709	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:16.188682079 CEST	49709	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:16.188694954 CEST	443	49709	172.67.175.197	192.168.2.6
May 24, 2024 00:31:16.291212082 CEST	49710	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:16.291245937 CEST	443	49710	172.67.175.197	192.168.2.6
May 24, 2024 00:31:16.291317940 CEST	49710	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:16.293534994 CEST	49710	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:16.293570995 CEST	443	49710	172.67.175.197	192.168.2.6
May 24, 2024 00:31:16.691173077 CEST	443	49709	172.67.175.197	192.168.2.6
May 24, 2024 00:31:16.705039024 CEST	49709	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:16.705115080 CEST	443	49709	172.67.175.197	192.168.2.6
May 24, 2024 00:31:16.706228971 CEST	443	49709	172.67.175.197	192.168.2.6
May 24, 2024 00:31:16.707293987 CEST	49709	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:16.707449913 CEST	443	49709	172.67.175.197	192.168.2.6
May 24, 2024 00:31:16.707627058 CEST	49709	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:16.750535965 CEST	443	49709	172.67.175.197	192.168.2.6
May 24, 2024 00:31:16.795200109 CEST	443	49710	172.67.175.197	192.168.2.6
May 24, 2024 00:31:16.795541048 CEST	49710	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:16.795588017 CEST	443	49710	172.67.175.197	192.168.2.6
May 24, 2024 00:31:16.799705982 CEST	443	49710	172.67.175.197	192.168.2.6
May 24, 2024 00:31:16.799819946 CEST	49710	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:16.800451040 CEST	49710	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:16.800617933 CEST	443	49710	172.67.175.197	192.168.2.6
May 24, 2024 00:31:16.800731897 CEST	49710	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:16.800750017 CEST	443	49710	172.67.175.197	192.168.2.6
May 24, 2024 00:31:16.853363991 CEST	49710	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:16.915874958 CEST	49674	443	192.168.2.6	173.222.162.64
May 24, 2024 00:31:16.915874958 CEST	49673	443	192.168.2.6	173.222.162.64
May 24, 2024 00:31:16.963819027 CEST	443	49710	172.67.175.197	192.168.2.6
May 24, 2024 00:31:16.964003086 CEST	443	49710	172.67.175.197	192.168.2.6
May 24, 2024 00:31:16.964066029 CEST	49710	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:16.966006041 CEST	49710	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:16.966022968 CEST	443	49710	172.67.175.197	192.168.2.6
May 24, 2024 00:31:17.023865938 CEST	443	49709	172.67.175.197	192.168.2.6
May 24, 2024 00:31:17.023997068 CEST	443	49709	172.67.175.197	192.168.2.6
May 24, 2024 00:31:17.024051905 CEST	49709	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:17.025213003 CEST	49709	443	192.168.2.6	172.67.175.197
May 24, 2024 00:31:17.025222063 CEST	443	49709	172.67.175.197	192.168.2.6
May 24, 2024 00:31:17.239653111 CEST	49672	443	192.168.2.6	173.222.162.64
May 24, 2024 00:31:17.359441042 CEST	49713	443	192.168.2.6	35.190.80.1
May 24, 2024 00:31:17.359549046 CEST	443	49713	35.190.80.1	192.168.2.6
May 24, 2024 00:31:17.359688044 CEST	49713	443	192.168.2.6	35.190.80.1
May 24, 2024 00:31:17.367557049 CEST	49714	443	192.168.2.6	142.250.185.132
May 24, 2024 00:31:17.367587090 CEST	443	49714	142.250.185.132	192.168.2.6
May 24, 2024 00:31:17.367778063 CEST	49714	443	192.168.2.6	142.250.185.132
May 24, 2024 00:31:17.368949890 CEST	49714	443	192.168.2.6	142.250.185.132
May 24, 2024 00:31:17.368959904 CEST	443	49714	142.250.185.132	192.168.2.6
May 24, 2024 00:31:17.369824886 CEST	49713	443	192.168.2.6	35.190.80.1
May 24, 2024 00:31:17.369837999 CEST	443	49713	35.190.80.1	192.168.2.6
May 24, 2024 00:31:17.842082024 CEST	49715	443	192.168.2.6	2.19.104.72
May 24, 2024 00:31:17.842135906 CEST	443	49715	2.19.104.72	192.168.2.6
May 24, 2024 00:31:17.842206955 CEST	49715	443	192.168.2.6	2.19.104.72
May 24, 2024 00:31:17.854794025 CEST	49715	443	192.168.2.6	2.19.104.72
May 24, 2024 00:31:17.854814053 CEST	443	49715	2.19.104.72	192.168.2.6
May 24, 2024 00:31:17.873934984 CEST	443	49713	35.190.80.1	192.168.2.6
May 24, 2024 00:31:17.874644995 CEST	49713	443	192.168.2.6	35.190.80.1
May 24, 2024 00:31:17.874660015 CEST	443	49713	35.190.80.1	192.168.2.6
May 24, 2024 00:31:17.875740051 CEST	443	49713	35.190.80.1	192.168.2.6
May 24, 2024 00:31:17.875818968 CEST	49713	443	192.168.2.6	35.190.80.1
May 24, 2024 00:31:17.878261089 CEST	49713	443	192.168.2.6	35.190.80.1
May 24, 2024 00:31:17.878489017 CEST	49713	443	192.168.2.6	35.190.80.1
May 24, 2024 00:31:17.878494024 CEST	443	49713	35.190.80.1	192.168.2.6
May 24, 2024 00:31:17.878514051 CEST	443	49713	35.190.80.1	192.168.2.6
May 24, 2024 00:31:17.931518078 CEST	49713	443	192.168.2.6	35.190.80.1
May 24, 2024 00:31:17.931560040 CEST	443	49713	35.190.80.1	192.168.2.6
May 24, 2024 00:31:17.978393078 CEST	49713	443	192.168.2.6	35.190.80.1
May 24, 2024 00:31:18.019541979 CEST	443	49713	35.190.80.1	192.168.2.6
May 24, 2024 00:31:18.027535915 CEST	443	49713	35.190.80.1	192.168.2.6
May 24, 2024 00:31:18.027614117 CEST	49713	443	192.168.2.6	35.190.80.1
May 24, 2024 00:31:18.129301071 CEST	49713	443	192.168.2.6	35.190.80.1
May 24, 2024 00:31:18.129328966 CEST	443	49713	35.190.80.1	192.168.2.6
May 24, 2024 00:31:18.134452105 CEST	49716	443	192.168.2.6	35.190.80.1
May 24, 2024 00:31:18.134500980 CEST	443	49716	35.190.80.1	192.168.2.6
May 24, 2024 00:31:18.134569883 CEST	49716	443	192.168.2.6	35.190.80.1
May 24, 2024 00:31:18.159235954 CEST	49716	443	192.168.2.6	35.190.80.1
May 24, 2024 00:31:18.159265041 CEST	443	49716	35.190.80.1	192.168.2.6
May 24, 2024 00:31:18.509083986 CEST	443	49715	2.19.104.72	192.168.2.6
May 24, 2024 00:31:18.509170055 CEST	49715	443	192.168.2.6	2.19.104.72
May 24, 2024 00:31:18.514175892 CEST	49715	443	192.168.2.6	2.19.104.72
May 24, 2024 00:31:18.514195919 CEST	443	49715	2.19.104.72	192.168.2.6
May 24, 2024 00:31:18.514538050 CEST	443	49715	2.19.104.72	192.168.2.6
May 24, 2024 00:31:18.556520939 CEST	49715	443	192.168.2.6	2.19.104.72
May 24, 2024 00:31:18.564918995 CEST	49715	443	192.168.2.6	2.19.104.72
May 24, 2024 00:31:18.610508919 CEST	443	49715	2.19.104.72	192.168.2.6
May 24, 2024 00:31:18.636955023 CEST	443	49716	35.190.80.1	192.168.2.6
May 24, 2024 00:31:18.637473106 CEST	49716	443	192.168.2.6	35.190.80.1
May 24, 2024 00:31:18.637502909 CEST	443	49716	35.190.80.1	192.168.2.6
May 24, 2024 00:31:18.637876034 CEST	443	49716	35.190.80.1	192.168.2.6
May 24, 2024 00:31:18.638386011 CEST	49716	443	192.168.2.6	35.190.80.1
May 24, 2024 00:31:18.638583899 CEST	443	49716	35.190.80.1	192.168.2.6
May 24, 2024 00:31:18.638772011 CEST	49716	443	192.168.2.6	35.190.80.1
May 24, 2024 00:31:18.686501026 CEST	443	49716	35.190.80.1	192.168.2.6
May 24, 2024 00:31:18.822154999 CEST	443	49715	2.19.104.72	192.168.2.6
May 24, 2024 00:31:18.822242975 CEST	443	49715	2.19.104.72	192.168.2.6
May 24, 2024 00:31:18.822318077 CEST	49715	443	192.168.2.6	2.19.104.72
May 24, 2024 00:31:18.822551012 CEST	49715	443	192.168.2.6	2.19.104.72
May 24, 2024 00:31:18.822608948 CEST	443	49715	2.19.104.72	192.168.2.6
May 24, 2024 00:31:18.822644949 CEST	49715	443	192.168.2.6	2.19.104.72
May 24, 2024 00:31:18.822664022 CEST	443	49715	2.19.104.72	192.168.2.6
May 24, 2024 00:31:18.862508059 CEST	443	49716	35.190.80.1	192.168.2.6
May 24, 2024 00:31:18.862572908 CEST	443	49716	35.190.80.1	192.168.2.6
May 24, 2024 00:31:18.862648964 CEST	49716	443	192.168.2.6	35.190.80.1
May 24, 2024 00:31:18.862974882 CEST	49716	443	192.168.2.6	35.190.80.1
May 24, 2024 00:31:18.862992048 CEST	443	49716	35.190.80.1	192.168.2.6
May 24, 2024 00:31:18.876105070 CEST	49717	443	192.168.2.6	2.19.104.72
May 24, 2024 00:31:18.876137018 CEST	443	49717	2.19.104.72	192.168.2.6
May 24, 2024 00:31:18.876210928 CEST	49717	443	192.168.2.6	2.19.104.72
May 24, 2024 00:31:18.877146959 CEST	49717	443	192.168.2.6	2.19.104.72
May 24, 2024 00:31:18.877157927 CEST	443	49717	2.19.104.72	192.168.2.6
May 24, 2024 00:31:18.941838026 CEST	443	49698	173.222.162.64	192.168.2.6
May 24, 2024 00:31:18.941931963 CEST	49698	443	192.168.2.6	173.222.162.64
May 24, 2024 00:31:19.580207109 CEST	443	49717	2.19.104.72	192.168.2.6
May 24, 2024 00:31:19.580419064 CEST	49717	443	192.168.2.6	2.19.104.72
May 24, 2024 00:31:19.584815979 CEST	49717	443	192.168.2.6	2.19.104.72
May 24, 2024 00:31:19.584830046 CEST	443	49717	2.19.104.72	192.168.2.6
May 24, 2024 00:31:19.585055113 CEST	443	49717	2.19.104.72	192.168.2.6
May 24, 2024 00:31:19.586610079 CEST	49717	443	192.168.2.6	2.19.104.72
May 24, 2024 00:31:19.634502888 CEST	443	49717	2.19.104.72	192.168.2.6
May 24, 2024 00:31:19.899806976 CEST	443	49717	2.19.104.72	192.168.2.6
May 24, 2024 00:31:19.899964094 CEST	443	49717	2.19.104.72	192.168.2.6
May 24, 2024 00:31:19.900213003 CEST	49717	443	192.168.2.6	2.19.104.72
May 24, 2024 00:31:19.900940895 CEST	49717	443	192.168.2.6	2.19.104.72
May 24, 2024 00:31:19.900990009 CEST	443	49717	2.19.104.72	192.168.2.6
May 24, 2024 00:31:19.901022911 CEST	49717	443	192.168.2.6	2.19.104.72
May 24, 2024 00:31:19.901038885 CEST	443	49717	2.19.104.72	192.168.2.6
May 24, 2024 00:31:47.385413885 CEST	49714	443	192.168.2.6	142.250.185.132
May 24, 2024 00:31:47.430502892 CEST	443	49714	142.250.185.132	192.168.2.6
May 24, 2024 00:31:47.471410990 CEST	443	49714	142.250.185.132	192.168.2.6
May 24, 2024 00:31:47.471934080 CEST	49714	443	192.168.2.6	142.250.185.132
May 24, 2024 00:32:17.327294111 CEST	49727	443	192.168.2.6	142.250.185.132
May 24, 2024 00:32:17.327327013 CEST	443	49727	142.250.185.132	192.168.2.6
May 24, 2024 00:32:17.327398062 CEST	49727	443	192.168.2.6	142.250.185.132
May 24, 2024 00:32:17.327685118 CEST	49727	443	192.168.2.6	142.250.185.132
May 24, 2024 00:32:17.327701092 CEST	443	49727	142.250.185.132	192.168.2.6
May 24, 2024 00:32:17.974335909 CEST	443	49727	142.250.185.132	192.168.2.6
May 24, 2024 00:32:17.974822044 CEST	49727	443	192.168.2.6	142.250.185.132
May 24, 2024 00:32:17.974844933 CEST	443	49727	142.250.185.132	192.168.2.6
May 24, 2024 00:32:17.975864887 CEST	443	49727	142.250.185.132	192.168.2.6
May 24, 2024 00:32:17.975924969 CEST	49727	443	192.168.2.6	142.250.185.132
May 24, 2024 00:32:17.977813959 CEST	49727	443	192.168.2.6	142.250.185.132
May 24, 2024 00:32:17.977884054 CEST	443	49727	142.250.185.132	192.168.2.6
May 24, 2024 00:32:18.026882887 CEST	49727	443	192.168.2.6	142.250.185.132
May 24, 2024 00:32:18.026896954 CEST	443	49727	142.250.185.132	192.168.2.6
May 24, 2024 00:32:18.073745966 CEST	49727	443	192.168.2.6	142.250.185.132
May 24, 2024 00:32:27.894259930 CEST	443	49727	142.250.185.132	192.168.2.6
May 24, 2024 00:32:27.894397974 CEST	443	49727	142.250.185.132	192.168.2.6
May 24, 2024 00:32:27.894470930 CEST	49727	443	192.168.2.6	142.250.185.132
May 24, 2024 00:32:28.997783899 CEST	49727	443	192.168.2.6	142.250.185.132
May 24, 2024 00:32:28.997811079 CEST	443	49727	142.250.185.132	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 24, 2024 00:31:12.772005081 CEST	53	59366	1.1.1.1	192.168.2.6
May 24, 2024 00:31:12.785552979 CEST	53	62773	1.1.1.1	192.168.2.6
May 24, 2024 00:31:13.837867022 CEST	53	64288	1.1.1.1	192.168.2.6
May 24, 2024 00:31:14.401232958 CEST	57539	53	192.168.2.6	1.1.1.1
May 24, 2024 00:31:14.403409004 CEST	51732	53	192.168.2.6	1.1.1.1
May 24, 2024 00:31:14.421665907 CEST	53	57539	1.1.1.1	192.168.2.6
May 24, 2024 00:31:14.435415983 CEST	53	51732	1.1.1.1	192.168.2.6
May 24, 2024 00:31:16.257869005 CEST	63908	53	192.168.2.6	1.1.1.1
May 24, 2024 00:31:16.258430958 CEST	60140	53	192.168.2.6	1.1.1.1
May 24, 2024 00:31:16.271969080 CEST	53	63908	1.1.1.1	192.168.2.6
May 24, 2024 00:31:16.286367893 CEST	53	60140	1.1.1.1	192.168.2.6
May 24, 2024 00:31:17.266474962 CEST	54411	53	192.168.2.6	1.1.1.1
May 24, 2024 00:31:17.266650915 CEST	55501	53	192.168.2.6	1.1.1.1
May 24, 2024 00:31:17.267313957 CEST	53900	53	192.168.2.6	1.1.1.1
May 24, 2024 00:31:17.267446041 CEST	52916	53	192.168.2.6	1.1.1.1
May 24, 2024 00:31:17.306504011 CEST	53	53900	1.1.1.1	192.168.2.6
May 24, 2024 00:31:17.306535006 CEST	53	55501	1.1.1.1	192.168.2.6
May 24, 2024 00:31:17.306549072 CEST	53	54411	1.1.1.1	192.168.2.6
May 24, 2024 00:31:17.306566000 CEST	53	52916	1.1.1.1	192.168.2.6
May 24, 2024 00:31:31.061525106 CEST	53	50503	1.1.1.1	192.168.2.6
May 24, 2024 00:31:50.099350929 CEST	53	64944	1.1.1.1	192.168.2.6
May 24, 2024 00:32:12.345211029 CEST	53	53132	1.1.1.1	192.168.2.6
May 24, 2024 00:32:13.069550037 CEST	53	51858	1.1.1.1	192.168.2.6

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
May 24, 2024 00:31:14.435544968 CEST	192.168.2.6	1.1.1.1	c22b	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
May 24, 2024 00:31:14.401232958 CEST	192.168.2.6	1.1.1.1	0x1bad	Standard query (0)	sclreg.com	A (IP address)	IN (0x0001)	false
May 24, 2024 00:31:14.403409004 CEST	192.168.2.6	1.1.1.1	0xa709	Standard query (0)	sclreg.com	65	IN (0x0001)	false
May 24, 2024 00:31:16.257869005 CEST	192.168.2.6	1.1.1.1	0x3521	Standard query (0)	sclreg.com	A (IP address)	IN (0x0001)	false
May 24, 2024 00:31:16.258430958 CEST	192.168.2.6	1.1.1.1	0x9a80	Standard query (0)	sclreg.com	65	IN (0x0001)	false
May 24, 2024 00:31:17.266474962 CEST	192.168.2.6	1.1.1.1	0x572	Standard query (0)	a.nel.cloudflare.com	A (IP address)	IN (0x0001)	false
May 24, 2024 00:31:17.266650915 CEST	192.168.2.6	1.1.1.1	0x81bf	Standard query (0)	a.nel.cloudflare.com	65	IN (0x0001)	false
May 24, 2024 00:31:17.267313957 CEST	192.168.2.6	1.1.1.1	0x8f40	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
May 24, 2024 00:31:17.267446041 CEST	192.168.2.6	1.1.1.1	0xc29b	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
May 24, 2024 00:31:14.421665907 CEST	1.1.1.1	192.168.2.6	0x1bad	No error (0)	sclreg.com		172.67.175.197	A (IP address)	IN (0x0001)	false
May 24, 2024 00:31:14.421665907 CEST	1.1.1.1	192.168.2.6	0x1bad	No error (0)	sclreg.com		104.21.17.113	A (IP address)	IN (0x0001)	false
May 24, 2024 00:31:14.435415983 CEST	1.1.1.1	192.168.2.6	0xa709	No error (0)	sclreg.com			65	IN (0x0001)	false
May 24, 2024 00:31:16.271969080 CEST	1.1.1.1	192.168.2.6	0x3521	No error (0)	sclreg.com		172.67.175.197	A (IP address)	IN (0x0001)	false
May 24, 2024 00:31:16.271969080 CEST	1.1.1.1	192.168.2.6	0x3521	No error (0)	sclreg.com		104.21.17.113	A (IP address)	IN (0x0001)	false
May 24, 2024 00:31:16.286367893 CEST	1.1.1.1	192.168.2.6	0x9a80	No error (0)	sclreg.com			65	IN (0x0001)	false
May 24, 2024 00:31:17.306504011 CEST	1.1.1.1	192.168.2.6	0x8f40	No error (0)	www.google.com		142.250.185.132	A (IP address)	IN (0x0001)	false
May 24, 2024 00:31:17.306549072 CEST	1.1.1.1	192.168.2.6	0x572	No error (0)	a.nel.cloudflare.com		35.190.80.1	A (IP address)	IN (0x0001)	false
May 24, 2024 00:31:17.306566000 CEST	1.1.1.1	192.168.2.6	0xc29b	No error (0)	www.google.com			65	IN (0x0001)	false
May 24, 2024 00:31:29.239487886 CEST	1.1.1.1	192.168.2.6	0x2c31	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
May 24, 2024 00:31:29.239487886 CEST	1.1.1.1	192.168.2.6	0x2c31	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
May 24, 2024 00:31:43.341581106 CEST	1.1.1.1	192.168.2.6	0xe1f2	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
May 24, 2024 00:31:43.341581106 CEST	1.1.1.1	192.168.2.6	0xe1f2	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
May 24, 2024 00:32:05.253689051 CEST	1.1.1.1	192.168.2.6	0xde64	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
May 24, 2024 00:32:05.253689051 CEST	1.1.1.1	192.168.2.6	0xde64	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
May 24, 2024 00:32:25.587352037 CEST	1.1.1.1	192.168.2.6	0x529b	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
May 24, 2024 00:32:25.587352037 CEST	1.1.1.1	192.168.2.6	0x529b	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

sclreg.com

https:

a.nel.cloudflare.com

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49704	172.67.175.197	443	5772	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-23 22:31:14 UTC	690	OUT	GET /122861d2-a974-4dcc-80de-fc04620cb773/ HTTP/1.1 Host: sclreg.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-23 22:31:15 UTC	539	IN	HTTP/1.1 200 OK Date: Thu, 23 May 2024 22:31:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8FxjZf05JP5%2FABOnUBk9a6n0e5KIwM6aVu4hDpxOqO%2FLtnzZdufMs%2FhMfuKx%2Fu3dt4mJitao7SX8MjVQvLDvjDmsD8sXC9Z0Go8YHqhSLjkvTOsk7sSHbN5tjcDR"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 88887ebf5a6b7cb2-EWR
2024-05-23 22:31:15 UTC	830	IN	Data Raw: 31 31 35 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1150<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-05-23 22:31:15 UTC	1369	IN	Data Raw: 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 27 29 3b 0a Data Ascii: .css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert');
2024-05-23 22:31:15 UTC	1369	IN	Data Raw: 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 73 6f 46 33 6a 4d 79 78 49 6a 2e 6d 79 68 7a 45 6c 4e 35 64 47 41 66 37 66 59 73 70 47 50 53 42 31 4d 33 33 5a 34 78 77 4d 77 30 2d 31 37 31 36 35 30 33 34 37 35 2d 30 2e 30 2e 31 2e 31 2d 2f 31 32 32 38 36 31 64 32 2d 61 39 37 34 2d 34 64 63 63 2d 38 30 64 65 2d 66 63 30 34 36 32 30 63 62 37 37 33 2f 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 Data Ascii: <input type="hidden" name="atok" value="soF3jMyxIj.myhzElN5dGAf7fYspGPSB1M33Z4xwMw0-1716503475-0.0.1.1-/122861d2-a974-4dcc-80de-fc04620cb773/"> <a href="https://www.cloudflare.com/learning/access-management/phishing-atta
2024-05-23 22:31:15 UTC	872	IN	Data Raw: 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 Data Ascii: ="cf-footer-separator sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target
2024-05-23 22:31:15 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49705	172.67.175.197	443	5772	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-23 22:31:15 UTC	584	OUT	GET /cdn-cgi/styles/cf.errors.css HTTP/1.1 Host: sclreg.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://sclreg.com/122861d2-a974-4dcc-80de-fc04620cb773/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-23 22:31:15 UTC	411	IN	HTTP/1.1 200 OK Date: Thu, 23 May 2024 22:31:15 GMT Content-Type: text/css Content-Length: 24051 Connection: close Last-Modified: Mon, 20 May 2024 10:28:51 GMT ETag: "664b25e3-5df3" Server: cloudflare CF-RAY: 88887ec04d8d43e2-EWR X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Fri, 24 May 2024 00:31:15 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2024-05-23 22:31:15 UTC	958	IN	Data Raw: 23 63 66 2d 77 72 61 70 70 65 72 20 61 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 62 62 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 72 74 69 63 6c 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 73 69 64 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 69 67 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 6c 6f 63 6b 71 75 6f 74 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 6f 64 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 61 6e 76 61 73 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 61 70 74 69 6f 6e 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 65 6e 74 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 69 74 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 6f 64 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 64 64 2c 23 63 66 2d 77 72 61 70 70 Data Ascii: #cf-wrapper a,#cf-wrapper abbr,#cf-wrapper article,#cf-wrapper aside,#cf-wrapper b,#cf-wrapper big,#cf-wrapper blockquote,#cf-wrapper body,#cf-wrapper canvas,#cf-wrapper caption,#cf-wrapper center,#cf-wrapper cite,#cf-wrapper code,#cf-wrapper dd,#cf-wrapp
2024-05-23 22:31:15 UTC	1369	IN	Data Raw: 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 74 72 6f 6e 67 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 62 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 6d 6d 61 72 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 61 62 6c 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 62 6f 64 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 66 6f 6f 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 68 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 68 65 61 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 75 2c 23 63 66 2d 77 72 61 70 70 65 72 20 75 6c 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 62 6f Data Ascii: e,#cf-wrapper strong,#cf-wrapper sub,#cf-wrapper summary,#cf-wrapper sup,#cf-wrapper table,#cf-wrapper tbody,#cf-wrapper td,#cf-wrapper tfoot,#cf-wrapper th,#cf-wrapper thead,#cf-wrapper tr,#cf-wrapper tt,#cf-wrapper u,#cf-wrapper ul{margin:0;padding:0;bo
2024-05-23 22:31:15 UTC	1369	IN	Data Raw: 31 2e 35 21 69 6d 70 6f 72 74 61 6e 74 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 3b 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 74 61 70 2d 68 69 67 68 6c 69 67 68 74 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 32 34 36 2c 31 33 39 2c 33 31 2c 2e 33 29 3b 2d 77 65 62 6b 69 74 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 61 6e 74 69 61 6c 69 61 73 65 64 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 73 65 63 74 69 6f 6e 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 65 63 74 69 6f 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 30 20 30 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 32 65 6d 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 65 6d Data Ascii: 1.5!important;text-decoration:none!important;letter-spacing:normal;-webkit-tap-highlight-color:rgba(246,139,31,.3);-webkit-font-smoothing:antialiased}#cf-wrapper .cf-section,#cf-wrapper section{background:0 0;display:block;margin-bottom:2em;margin-top:2em
2024-05-23 22:31:15 UTC	1369	IN	Data Raw: 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 74 77 6f 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 32 32 2e 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 32 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 Data Ascii: ld(2n),#cf-wrapper .cf-columns.cols-4>.cf-column:nth-child(2n),#cf-wrapper .cf-columns.four>.cf-column:nth-child(2n),#cf-wrapper .cf-columns.two>.cf-column:nth-child(2n){padding-left:22.5px;padding-right:0}#cf-wrapper .cf-columns.cols-2>.cf-column:nth-chi
2024-05-23 22:31:15 UTC	1369	IN	Data Raw: 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 6f 64 64 29 7b 63 6c 65 61 72 3a 6e 6f 6e 65 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 66 69 72 73 74 2d 63 68 69 6c 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 34 6e 2b 31 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 66 69 72 73 74 2d 63 68 69 6c 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 Data Ascii: ),#cf-wrapper .cf-columns.four>.cf-column:nth-child(odd){clear:none}#cf-wrapper .cf-columns.cols-4>.cf-column:first-child,#cf-wrapper .cf-columns.cols-4>.cf-column:nth-child(4n+1),#cf-wrapper .cf-columns.four>.cf-column:first-child,#cf-wrapper .cf-columns
2024-05-23 22:31:15 UTC	1369	IN	Data Raw: 30 3b 70 61 64 64 69 6e 67 3a 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 31 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 34 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 74 72 6f 6e 67 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 36 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 30 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 33 7d 23 63 66 2d 77 72 61 70 70 65 Data Ascii: 0;padding:0}#cf-wrapper h1,#cf-wrapper h2,#cf-wrapper h3{font-weight:400}#cf-wrapper h4,#cf-wrapper h5,#cf-wrapper h6,#cf-wrapper strong{font-weight:600}#cf-wrapper h1{font-size:36px;line-height:1.2}#cf-wrapper h2{font-size:30px;line-height:1.3}#cf-wrappe
2024-05-23 22:31:15 UTC	1369	IN	Data Raw: 68 32 2b 68 34 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2b 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2b 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 34 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 6f 6c 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 75 6c 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2e 35 65 6d 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 39 39 39 3b 63 6f 6c Data Ascii: h2+h4,#cf-wrapper h2+h5,#cf-wrapper h2+h6,#cf-wrapper h3+h5,#cf-wrapper h3+h6,#cf-wrapper h3+p,#cf-wrapper h4+p,#cf-wrapper h5+ol,#cf-wrapper h5+p,#cf-wrapper h5+ul{margin-top:.5em}#cf-wrapper .cf-btn{background-color:transparent;border:1px solid #999;col
2024-05-23 22:31:15 UTC	1369	IN	Data Raw: 3a 23 36 32 61 31 64 38 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 31 36 33 39 35 39 3b 63 6f 6c 6f 72 3a 23 66 66 66 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 65 72 72 6f 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 69 6d 70 6f 72 74 61 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 62 64 32 34 32 36 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 63 6f 6c 6f 72 3a 23 66 66 66 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 3a 68 6f 76 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 65 72 72 6f 72 3a 68 6f 76 65 72 2c 23 Data Ascii: :#62a1d8;border:1px solid #163959;color:#fff}#cf-wrapper .cf-btn-danger,#cf-wrapper .cf-btn-error,#cf-wrapper .cf-btn-important{background-color:#bd2426;border-color:transparent;color:#fff}#cf-wrapper .cf-btn-danger:hover,#cf-wrapper .cf-btn-error:hover,#
2024-05-23 22:31:15 UTC	1369	IN	Data Raw: 61 63 65 3a 6e 6f 77 72 61 70 7d 23 63 66 2d 77 72 61 70 70 65 72 20 69 6e 70 75 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 65 6c 65 63 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 65 78 74 61 72 65 61 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 39 39 39 21 69 6d 70 6f 72 74 61 6e 74 3b 63 6f 6c 6f 72 3a 23 34 30 34 30 34 30 21 69 6d 70 6f 72 74 61 6e 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 36 36 36 37 65 6d 21 69 6d 70 6f 72 74 61 6e 74 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 34 21 69 6d 70 6f 72 74 61 6e 74 3b 6d 61 72 67 69 6e 3a 30 20 30 20 31 65 6d 21 69 6d 70 6f 72 74 61 6e 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 21 69 6d 70 6f 72 74 61 6e Data Ascii: ace:nowrap}#cf-wrapper input,#cf-wrapper select,#cf-wrapper textarea{background:#fff!important;border:1px solid #999!important;color:#404040!important;font-size:.86667em!important;line-height:1.24!important;margin:0 0 1em!important;max-width:100%!importan
2024-05-23 22:31:15 UTC	1369	IN	Data Raw: 3a 23 34 30 34 30 34 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 70 61 64 64 69 6e 67 3a 37 2e 35 70 78 20 31 35 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 32 70 78 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 61 6c 65 72 74 3a 65 6d 70 74 79 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 61 6c 65 72 74 20 2e 63 66 2d 63 6c 6f 73 65 7b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 38 2e 37 35 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 3b 70 61 64 64 69 6e Data Ascii: :#404040;font-size:13px;padding:7.5px 15px;position:relative;vertical-align:middle;border-radius:2px}#cf-wrapper .cf-alert:empty{display:none}#cf-wrapper .cf-alert .cf-close{border:1px solid transparent;color:inherit;font-size:18.75px;line-height:1;paddin

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49708	172.67.175.197	443	5772	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-23 22:31:16 UTC	639	OUT	GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1 Host: sclreg.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://sclreg.com/cdn-cgi/styles/cf.errors.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-23 22:31:16 UTC	409	IN	HTTP/1.1 200 OK Date: Thu, 23 May 2024 22:31:16 GMT Content-Type: image/png Content-Length: 452 Connection: close Last-Modified: Wed, 22 May 2024 09:02:18 GMT ETag: "664db49a-1c4" Server: cloudflare CF-RAY: 88887ec5abda8c4b-EWR X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Fri, 24 May 2024 00:31:16 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2024-05-23 22:31:16 UTC	452	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 36 00 00 00 36 08 03 00 00 00 bb 9b 9a ef 00 00 00 33 50 4c 54 45 c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f ab b2 22 ed 00 00 00 11 74 52 4e 53 00 40 30 10 60 8f bf ff ef 7f af 9f df 20 50 cf 70 60 82 c8 9b 00 00 01 2f 49 44 41 54 78 01 bd d3 05 d2 b4 30 10 06 e1 8e 6c de c1 36 dc ff b2 9f 2b 95 c9 12 7e 79 4a 91 46 22 b8 c2 8b c8 80 94 6f 45 1f ac 4c 81 33 f2 ac 03 5b 1e 95 69 32 b5 94 6e 98 57 79 4a c4 91 8a 7a 26 9a 82 a9 af a4 46 95 f5 d0 1a fb 95 c7 62 bf b2 f2 e9 70 7e e3 a7 a0 df ee 7c 3a 74 35 f1 6d b3 b3 99 66 70 af 69 f2 2f 65 ef c7 fa 99 25 de 25 1b c9 b4 f0 6e d2 50 a6 ed fb 65 Data Ascii: PNGIHDR663PLTEE?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?"tRNS@0` Pp`/IDATx0l6+~yJF"oEL3[i2nWyJz&Fbp~\|:t5mfpi/e%%nPe

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49709	172.67.175.197	443	5772	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-23 22:31:16 UTC	613	OUT	GET /favicon.ico HTTP/1.1 Host: sclreg.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://sclreg.com/122861d2-a974-4dcc-80de-fc04620cb773/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-23 22:31:17 UTC	604	IN	HTTP/1.1 404 Not Found Date: Thu, 23 May 2024 22:31:16 GMT Content-Type: text/html; charset=iso-8859-1 Transfer-Encoding: chunked Connection: close Cache-Control: max-age=14400 CF-Cache-Status: EXPIRED Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eM%2BLY7MD5DxS8Q4LGsl2hxq8n1FeuAZ43Kb5DKX6iCMpWhESE2zEaL4rccHh58Z8Q7l5Ln3RMXyGcMph9LJjIk822%2BRzelXJoF8pHoDggYmhCJ4X7PRRg9WgCYXS"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 88887eca2b6242dc-EWR alt-svc: h3=":443"; ma=86400
2024-05-23 22:31:17 UTC	279	IN	Data Raw: 31 31 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 73 63 6c 72 65 67 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 Data Ascii: 110<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at sclreg.com Port 80</ad
2024-05-23 22:31:17 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49710	172.67.175.197	443	5772	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-23 22:31:16 UTC	380	OUT	GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1 Host: sclreg.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-23 22:31:16 UTC	409	IN	HTTP/1.1 200 OK Date: Thu, 23 May 2024 22:31:16 GMT Content-Type: image/png Content-Length: 452 Connection: close Last-Modified: Mon, 20 May 2024 10:28:51 GMT ETag: "664b25e3-1c4" Server: cloudflare CF-RAY: 88887ecabea342b7-EWR X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Fri, 24 May 2024 00:31:16 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2024-05-23 22:31:16 UTC	452	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 36 00 00 00 36 08 03 00 00 00 bb 9b 9a ef 00 00 00 33 50 4c 54 45 c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f ab b2 22 ed 00 00 00 11 74 52 4e 53 00 40 30 10 60 8f bf ff ef 7f af 9f df 20 50 cf 70 60 82 c8 9b 00 00 01 2f 49 44 41 54 78 01 bd d3 05 d2 b4 30 10 06 e1 8e 6c de c1 36 dc ff b2 9f 2b 95 c9 12 7e 79 4a 91 46 22 b8 c2 8b c8 80 94 6f 45 1f ac 4c 81 33 f2 ac 03 5b 1e 95 69 32 b5 94 6e 98 57 79 4a c4 91 8a 7a 26 9a 82 a9 af a4 46 95 f5 d0 1a fb 95 c7 62 bf b2 f2 e9 70 7e e3 a7 a0 df ee 7c 3a 74 35 f1 6d b3 b3 99 66 70 af 69 f2 2f 65 ef c7 fa 99 25 de 25 1b c9 b4 f0 6e d2 50 a6 ed fb 65 Data Ascii: PNGIHDR663PLTEE?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?"tRNS@0` Pp`/IDATx0l6+~yJF"oEL3[i2nWyJz&Fbp~\|:t5mfpi/e%%nPe

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49713	35.190.80.1	443	5772	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-23 22:31:17 UTC	519	OUT	OPTIONS /report/v4?s=eM%2BLY7MD5DxS8Q4LGsl2hxq8n1FeuAZ43Kb5DKX6iCMpWhESE2zEaL4rccHh58Z8Q7l5Ln3RMXyGcMph9LJjIk822%2BRzelXJoF8pHoDggYmhCJ4X7PRRg9WgCYXS HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://sclreg.com Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-23 22:31:18 UTC	336	IN	HTTP/1.1 200 OK content-length: 0 access-control-max-age: 86400 access-control-allow-methods: POST, OPTIONS access-control-allow-origin: * access-control-allow-headers: content-length, content-type date: Thu, 23 May 2024 22:31:17 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49715	2.19.104.72	443

Timestamp	Bytes transferred	Direction	Data
2024-05-23 22:31:18 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-05-23 22:31:18 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=236313 Date: Thu, 23 May 2024 22:31:18 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	49716	35.190.80.1	443	5772	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-23 22:31:18 UTC	466	OUT	POST /report/v4?s=eM%2BLY7MD5DxS8Q4LGsl2hxq8n1FeuAZ43Kb5DKX6iCMpWhESE2zEaL4rccHh58Z8Q7l5Ln3RMXyGcMph9LJjIk822%2BRzelXJoF8pHoDggYmhCJ4X7PRRg9WgCYXS HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 450 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-23 22:31:18 UTC	450	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 32 34 31 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 38 33 37 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 73 63 6c 72 65 67 2e 63 6f 6d 2f 31 32 32 38 36 31 64 32 2d 61 39 37 34 2d 34 64 63 63 2d 38 30 64 65 2d 66 63 30 34 36 32 30 63 62 37 37 33 2f 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 37 32 2e 36 37 2e 31 37 35 2e 31 39 37 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 34 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 Data Ascii: [{"age":241,"body":{"elapsed_time":837,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://sclreg.com/122861d2-a974-4dcc-80de-fc04620cb773/","sampling_fraction":1.0,"server_ip":"172.67.175.197","status_code":404,"type":"http.err
2024-05-23 22:31:18 UTC	168	IN	HTTP/1.1 200 OK content-length: 0 date: Thu, 23 May 2024 22:31:18 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	49717	2.19.104.72	443

Timestamp	Bytes transferred	Direction	Data
2024-05-23 22:31:19 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-05-23 22:31:19 UTC	535	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0WwMRYwAAAABe7whxSEuqSJRuLqzPsqCaTE9OMjFFREdFMTcxNQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y= Cache-Control: public, max-age=236234 Date: Thu, 23 May 2024 22:31:19 GMT Content-Length: 55 Connection: close X-CID: 2
2024-05-23 22:31:19 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Target ID:	0
Start time:	18:31:08
Start date:	23/05/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	18:31:11
Start date:	23/05/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 --field-trial-handle=2216,i,16482093608261227541,114962425812962219,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	18:31:13
Start date:	23/05/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://sclreg.com/122861d2-a974-4dcc-80de-fc04620cb773/"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: https://sclreg.com/122861d2-a974-4dcc-80de-fc04620cb773/	Avira URL Cloud: detection malicious, Label: phishing
Source: https://sclreg.com/122861d2-a974-4dcc-80de-fc04620cb773/	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social usering

Source: https://sclreg.com/cdn-cgi/images/icon-exclamation.png?1376755637	Avira URL Cloud: Label: phishing
Source: https://sclreg.com/favicon.ico	Avira URL Cloud: Label: phishing
Source: https://sclreg.com/cdn-cgi/styles/cf.errors.css	Avira URL Cloud: Label: phishing

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_44, type: DROPPED

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /122861d2-a974-4dcc-80de-fc04620cb773/ HTTP/1.1Host: sclreg.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/styles/cf.errors.css HTTP/1.1Host: sclreg.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://sclreg.com/122861d2-a974-4dcc-80de-fc04620cb773/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1Host: sclreg.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://sclreg.com/cdn-cgi/styles/cf.errors.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: sclreg.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://sclreg.com/122861d2-a974-4dcc-80de-fc04620cb773/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1Host: sclreg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: sclreg.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://sclreg.com/122861d2-a974-4dcc-80de-fc04620cb773/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

HTML

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 41

Chrome Cache Entry: 42

Chrome Cache Entry: 43

Chrome Cache Entry: 44

Chrome Cache Entry: 45

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 7052, Parent PID: 6112

General

Chronological Activities

Analysis Process: chrome.exePID: 5772, Parent PID: 7052

General

Windows Analysis Report
https://sclreg.com/122861d2-a974-4dcc-80de-fc04620cb773/