Edit tour

Windows Analysis Report
https://scam-report.malwarebouncer.com/XT2VkOUF6UWhJRkJORWRibzhzMytNYjdrNS9teUZ4OEhhK3BwL2pVdGJ6b3JVOHpQdlFFU1pVSDVwZC9ObHAzN2ptMTRIald2TXl0dXh0VEFrYzlWbTU4eU9qdTAycjN0VVRRalNHOVJzSkIzcm9hTDFRYnhOU2xkSVYrV2RLRjJ2dk9ITUdnRldMR2hKYzJsb0NuQWJTNG1rSjFaeEpyVDBsS1pYcWpsVTh5bThKUENydWxvcjdmbWR1ZkdvbjRzaElW

Overview

General Information

Sample URL:	https://scam-report.malwarebouncer.com/XT2VkOUF6UWhJRkJORWRibzhzMytNYjdrNS9teUZ4OEhhK3BwL2pVdGJ6b3JVOHpQdlFFU1pVSDVwZC9ObHAzN2ptMTRIald2TXl0dXh0VEFrYzlWbTU4eU9qdTAycjN0VVRRalNHOVJzSkIzcm9hTDFRYnhOU2xk
Analysis ID:	1560692
Infos:

Detection

KnowBe4

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected KnowBe4 simulated phishing

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 5528 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6604 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=2036,i,16374000043300381340,16768935406528561873,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6228 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://scam-report.malwarebouncer.com/XT2VkOUF6UWhJRkJORWRibzhzMytNYjdrNS9teUZ4OEhhK3BwL2pVdGJ6b3JVOHpQdlFFU1pVSDVwZC9ObHAzN2ptMTRIald2TXl0dXh0VEFrYzlWbTU4eU9qdTAycjN0VVRRalNHOVJzSkIzcm9hTDFRYnhOU2xkSVYrV2RLRjJ2dk9ITUdnRldMR2hKYzJsb0NuQWJTNG1rSjFaeEpyVDBsS1pYcWpsVTh5bThKUENydWxvcjdmbWR1ZkdvbjRzaElWWUFEMXN4R3ZKcXZaa3NzWnZ2N3ZBS3VjUUcwdz0tLXBNenBsNlZQeDgzanJXMEUtLXRsSDVDalFBbzhFdVNOMnltY2sxcUE9PQ==?cid=294625424" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_62	JoeSecurity_KnowBe4	Yara detected KnowBe4 simulated phishing	Joe Security

HTML

Source	Rule	Description	Author	Strings
1.0.pages.csv	JoeSecurity_KnowBe4	Yara detected KnowBe4 simulated phishing	Joe Security

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

Yara detected KnowBe4 simulated phishing

Source: Yara match	File source: 1.0.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_62, type: DROPPED

Source: https://secure.encryptedconnection.net/pages/ea3b295c08f691a7ad8d850d0f81bcf6/XT2VkOUF6UWhJRkJORWRibzhzMytNYjdrNS9teUZ4OEhhK3BwL2pVdGJ6b3JVOHpQdlFFU1pVSDVwZC9ObHAzN2ptMTRIald2TXl0dXh0VEFrYzlWbTU4eU9qdTAycjN0VVRRalNHOVJzSkIzcm9hTDFRYnhOU2xkSVYrV2RLRjJ2dk9ITUdnRldMR2hKYzJsb0NuQWJTNG1rSjFaeEpyVDBsS1pYcWpsVTh5bThKUENydWxvcjdmbWR1ZkdvbjRzaElWWUFEMXN4R3ZKcXZaa3NzWnZ2N3ZBS3VjUUcwdz0tLXBNenBsNlZQeDgzanJXMEUtLXRsSDVDalFBbzhFdVNOMnltY2sxcUE9PQ==

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49714 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /XT2VkOUF6UWhJRkJORWRibzhzMytNYjdrNS9teUZ4OEhhK3BwL2pVdGJ6b3JVOHpQdlFFU1pVSDVwZC9ObHAzN2ptMTRIald2TXl0dXh0VEFrYzlWbTU4eU9qdTAycjN0VVRRalNHOVJzSkIzcm9hTDFRYnhOU2xkSVYrV2RLRjJ2dk9ITUdnRldMR2hKYzJsb0NuQWJTNG1rSjFaeEpyVDBsS1pYcWpsVTh5bThKUENydWxvcjdmbWR1ZkdvbjRzaElWWUFEMXN4R3ZKcXZaa3NzWnZ2N3ZBS3VjUUcwdz0tLXBNenBsNlZQeDgzanJXMEUtLXRsSDVDalFBbzhFdVNOMnltY2sxcUE9PQ==?cid=294625424 HTTP/1.1Host: scam-report.malwarebouncer.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pages/ea3b295c08f691a7ad8d850d0f81bcf6/XT2VkOUF6UWhJRkJORWRibzhzMytNYjdrNS9teUZ4OEhhK3BwL2pVdGJ6b3JVOHpQdlFFU1pVSDVwZC9ObHAzN2ptMTRIald2TXl0dXh0VEFrYzlWbTU4eU9qdTAycjN0VVRRalNHOVJzSkIzcm9hTDFRYnhOU2xkSVYrV2RLRjJ2dk9ITUdnRldMR2hKYzJsb0NuQWJTNG1rSjFaeEpyVDBsS1pYcWpsVTh5bThKUENydWxvcjdmbWR1ZkdvbjRzaElWWUFEMXN4R3ZKcXZaa3NzWnZ2N3ZBS3VjUUcwdz0tLXBNenBsNlZQeDgzanJXMEUtLXRsSDVDalFBbzhFdVNOMnltY2sxcUE9PQ== HTTP/1.1Host: secure.encryptedconnection.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://scam-report.malwarebouncer.com/XT2VkOUF6UWhJRkJORWRibzhzMytNYjdrNS9teUZ4OEhhK3BwL2pVdGJ6b3JVOHpQdlFFU1pVSDVwZC9ObHAzN2ptMTRIald2TXl0dXh0VEFrYzlWbTU4eU9qdTAycjN0VVRRalNHOVJzSkIzcm9hTDFRYnhOU2xkSVYrV2RLRjJ2dk9ITUdnRldMR2hKYzJsb0NuQWJTNG1rSjFaeEpyVDBsS1pYcWpsVTh5bThKUENydWxvcjdmbWR1ZkdvbjRzaElWWUFEMXN4R3ZKcXZaa3NzWnZ2N3ZBS3VjUUcwdz0tLXBNenBsNlZQeDgzanJXMEUtLXRsSDVDalFBbzhFdVNOMnltY2sxcUE9PQ==?cid=294625424Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css HTTP/1.1Host: secure.encryptedconnection.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://secure.encryptedconnection.net/pages/ea3b295c08f691a7ad8d850d0f81bcf6/XT2VkOUF6UWhJRkJORWRibzhzMytNYjdrNS9teUZ4OEhhK3BwL2pVdGJ6b3JVOHpQdlFFU1pVSDVwZC9ObHAzN2ptMTRIald2TXl0dXh0VEFrYzlWbTU4eU9qdTAycjN0VVRRalNHOVJzSkIzcm9hTDFRYnhOU2xkSVYrV2RLRjJ2dk9ITUdnRldMR2hKYzJsb0NuQWJTNG1rSjFaeEpyVDBsS1pYcWpsVTh5bThKUENydWxvcjdmbWR1ZkdvbjRzaElWWUFEMXN4R3ZKcXZaa3NzWnZ2N3ZBS3VjUUcwdz0tLXBNenBsNlZQeDgzanJXMEUtLXRsSDVDalFBbzhFdVNOMnltY2sxcUE9PQ==Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js HTTP/1.1Host: secure.encryptedconnection.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://secure.encryptedconnection.net/pages/ea3b295c08f691a7ad8d850d0f81bcf6/XT2VkOUF6UWhJRkJORWRibzhzMytNYjdrNS9teUZ4OEhhK3BwL2pVdGJ6b3JVOHpQdlFFU1pVSDVwZC9ObHAzN2ptMTRIald2TXl0dXh0VEFrYzlWbTU4eU9qdTAycjN0VVRRalNHOVJzSkIzcm9hTDFRYnhOU2xkSVYrV2RLRjJ2dk9ITUdnRldMR2hKYzJsb0NuQWJTNG1rSjFaeEpyVDBsS1pYcWpsVTh5bThKUENydWxvcjdmbWR1ZkdvbjRzaElWWUFEMXN4R3ZKcXZaa3NzWnZ2N3ZBS3VjUUcwdz0tLXBNenBsNlZQeDgzanJXMEUtLXRsSDVDalFBbzhFdVNOMnltY2sxcUE9PQ==Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=k+1D+NM9AYctW85&MD=GtoPbtS1 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: secure.encryptedconnection.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://secure.encryptedconnection.net/pages/ea3b295c08f691a7ad8d850d0f81bcf6/XT2VkOUF6UWhJRkJORWRibzhzMytNYjdrNS9teUZ4OEhhK3BwL2pVdGJ6b3JVOHpQdlFFU1pVSDVwZC9ObHAzN2ptMTRIald2TXl0dXh0VEFrYzlWbTU4eU9qdTAycjN0VVRRalNHOVJzSkIzcm9hTDFRYnhOU2xkSVYrV2RLRjJ2dk9ITUdnRldMR2hKYzJsb0NuQWJTNG1rSjFaeEpyVDBsS1pYcWpsVTh5bThKUENydWxvcjdmbWR1ZkdvbjRzaElWWUFEMXN4R3ZKcXZaa3NzWnZ2N3ZBS3VjUUcwdz0tLXBNenBsNlZQeDgzanJXMEUtLXRsSDVDalFBbzhFdVNOMnltY2sxcUE9PQ==Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js HTTP/1.1Host: secure.encryptedconnection.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: secure.encryptedconnection.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=k+1D+NM9AYctW85&MD=GtoPbtS1 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: scam-report.malwarebouncer.com
Source: global traffic	DNS traffic detected: DNS query: secure.encryptedconnection.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: chromecache_65.1.dr

String found in binary or memory: https://secure.encryptedconnection.net/pages/ea3b295c08f691a7ad8d850d0f81bcf6/XT2VkOUF6UWhJRkJORWRib

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49697 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49697
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49696
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49696 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701

Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49714 version: TLS 1.2

Source: classification engine

Classification label: mal48.phis.win@18/15@8/5

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=2036,i,16374000043300381340,16768935406528561873,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://scam-report.malwarebouncer.com/XT2VkOUF6UWhJRkJORWRibzhzMytNYjdrNS9teUZ4OEhhK3BwL2pVdGJ6b3JVOHpQdlFFU1pVSDVwZC9ObHAzN2ptMTRIald2TXl0dXh0VEFrYzlWbTU4eU9qdTAycjN0VVRRalNHOVJzSkIzcm9hTDFRYnhOU2xkSVYrV2RLRjJ2dk9ITUdnRldMR2hKYzJsb0NuQWJTNG1rSjFaeEpyVDBsS1pYcWpsVTh5bThKUENydWxvcjdmbWR1ZkdvbjRzaElWWUFEMXN4R3ZKcXZaa3NzWnZ2N3ZBS3VjUUcwdz0tLXBNenBsNlZQeDgzanJXMEUtLXRsSDVDalFBbzhFdVNOMnltY2sxcUE9PQ==?cid=294625424"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=2036,i,16374000043300381340,16768935406528561873,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://scam-report.malwarebouncer.com/XT2VkOUF6UWhJRkJORWRibzhzMytNYjdrNS9teUZ4OEhhK3BwL2pVdGJ6b3JVOHpQdlFFU1pVSDVwZC9ObHAzN2ptMTRIald2TXl0dXh0VEFrYzlWbTU4eU9qdTAycjN0VVRRalNHOVJzSkIzcm9hTDFRYnhOU2xkSVYrV2RLRjJ2dk9ITUdnRldMR2hKYzJsb0NuQWJTNG1rSjFaeEpyVDBsS1pYcWpsVTh5bThKUENydWxvcjdmbWR1ZkdvbjRzaElWWUFEMXN4R3ZKcXZaa3NzWnZ2N3ZBS3VjUUcwdz0tLXBNenBsNlZQeDgzanJXMEUtLXRsSDVDalFBbzhFdVNOMnltY2sxcUE9PQ==?cid=294625424	0%	Avira URL Cloud	safe

Name	IP	Active	Malicious	Reputation
landing.eu.knowbe4.com	46.137.49.168	true	false	high
www.google.com	142.250.181.100	true	false	high
scam-report.malwarebouncer.com	unknown	unknown	false	unknown
secure.encryptedconnection.net	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
https://secure.encryptedconnection.net/pages/ea3b295c08f691a7ad8d850d0f81bcf6/XT2VkOUF6UWhJRkJORWRibzhzMytNYjdrNS9teUZ4OEhhK3BwL2pVdGJ6b3JVOHpQdlFFU1pVSDVwZC9ObHAzN2ptMTRIald2TXl0dXh0VEFrYzlWbTU4eU9qdTAycjN0VVRRalNHOVJzSkIzcm9hTDFRYnhOU2xkSVYrV2RLRjJ2dk9ITUdnRldMR2hKYzJsb0NuQWJTNG1rSjFaeEpyVDBsS1pYcWpsVTh5bThKUENydWxvcjdmbWR1ZkdvbjRzaElWWUFEMXN4R3ZKcXZaa3NzWnZ2N3ZBS3VjUUcwdz0tLXBNenBsNlZQeDgzanJXMEUtLXRsSDVDalFBbzhFdVNOMnltY2sxcUE9PQ==	false	high
https://secure.encryptedconnection.net/assets/landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css	false	high
https://secure.encryptedconnection.net/assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js	false	high
https://scam-report.malwarebouncer.com/XT2VkOUF6UWhJRkJORWRibzhzMytNYjdrNS9teUZ4OEhhK3BwL2pVdGJ6b3JVOHpQdlFFU1pVSDVwZC9ObHAzN2ptMTRIald2TXl0dXh0VEFrYzlWbTU4eU9qdTAycjN0VVRRalNHOVJzSkIzcm9hTDFRYnhOU2xkSVYrV2RLRjJ2dk9ITUdnRldMR2hKYzJsb0NuQWJTNG1rSjFaeEpyVDBsS1pYcWpsVTh5bThKUENydWxvcjdmbWR1ZkdvbjRzaElWWUFEMXN4R3ZKcXZaa3NzWnZ2N3ZBS3VjUUcwdz0tLXBNenBsNlZQeDgzanJXMEUtLXRsSDVDalFBbzhFdVNOMnltY2sxcUE9PQ==?cid=294625424	false	unknown
https://secure.encryptedconnection.net/favicon.ico	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://secure.encryptedconnection.net/pages/ea3b295c08f691a7ad8d850d0f81bcf6/XT2VkOUF6UWhJRkJORWRib	chromecache_65.1.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
46.137.49.168	landing.eu.knowbe4.com	Ireland	16509	AMAZON-02US	false
52.48.171.10	unknown	United States	16509	AMAZON-02US	false
142.250.181.100	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1560692
Start date and time:	2024-11-22 07:37:09 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 26s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://scam-report.malwarebouncer.com/XT2VkOUF6UWhJRkJORWRibzhzMytNYjdrNS9teUZ4OEhhK3BwL2pVdGJ6b3JVOHpQdlFFU1pVSDVwZC9ObHAzN2ptMTRIald2TXl0dXh0VEFrYzlWbTU4eU9qdTAycjN0VVRRalNHOVJzSkIzcm9hTDFRYnhOU2xkSVYrV2RLRjJ2dk9ITUdnRldMR2hKYzJsb0NuQWJTNG1rSjFaeEpyVDBsS1pYcWpsVTh5bThKUENydWxvcjdmbWR1ZkdvbjRzaElWWUFEMXN4R3ZKcXZaa3NzWnZ2N3ZBS3VjUUcwdz0tLXBNenBsNlZQeDgzanJXMEUtLXRsSDVDalFBbzhFdVNOMnltY2sxcUE9PQ==?cid=294625424
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.phis.win@18/15@8/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.19.227, 172.217.19.238, 64.233.165.84, 34.104.35.123, 199.232.210.172, 172.217.17.35, 172.217.17.78
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Input	Output
URL: https://scam-report.malwarebouncer.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": true, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://scam-report.malwarebouncer.com
URL: https://secure.encryptedconnection.net Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": true, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://secure.encryptedconnection.net
URL: https://secure.encryptedconnection.net/pages/ea3b295c08f691a7ad8d850d0f81bcf6/XT2VkOUF6UWhJRkJORWRibzhzMytNYjdrNS9teUZ4OEhhK3BwL2pVdGJ6b3JVOHpQdlFFU1pVSDVwZC9ObHAzN2ptMTRIald2TXl0dXh0VEFrYzlWbTU4eU9qdTAycjN0VVRRalNHOVJzSkIzcm9hTDFRYnhOU2xkSVYrV2RLRjJ2dk9I Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "OOPS! YOU CLICKED ON PHISHING SIMULATION", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false }

URL: https://secure.encryptedconnection.net/pages/ea3b295c08f691a7ad8d850d0f81bcf6/XT2VkOUF6UWhJRkJORWRibzhzMytNYjdrNS9teUZ4OEhhK3BwL2pVdGJ6b3JVOHpQdlFFU1pVSDVwZC9ObHAzN2ptMTRIald2TXl0dXh0VEFrYzlWbTU4eU9qdTAycjN0VVRRalNHOVJzSkIzcm9hTDFRYnhOU2xkSVYrV2RLRjJ2dk9I Model: Joe Sandbox AI	{ "brands": [ "O-1" ] }

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 22 05:37:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9865522574368133
Encrypted:	false
SSDEEP:	48:87dXTPDkHWidAKZdA1FehwiZUklqehRdy+3:8pnxwdy
MD5:	E8BCC5B6A6F38E038DD60893B2F7AC66
SHA1:	92AEBF27D38DC701418FED9A40736C7EF57EB6E1
SHA-256:	D9A61C82C6797FBC14E0607B8556AFCA5FE6F46AA0AAAF27236464F3FDD72A0F
SHA-512:	B9DCC142EAF334B62E36C8FAE295F54424FE9E1041DD8A9BA79720580BF620D2B492CCB222F012FFA0797C2739E9FD7B64BECB36E7C2AE6F81BD23D947E03E00
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....EG...<..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IvY.4....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VvY.4....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VvY.4....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VvY.4..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VvY.4...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............&.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 22 05:37:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.004881217876889
Encrypted:	false
SSDEEP:	48:8fWdXTPDkHWidAKZdA1seh/iZUkAQkqehgdy+2:8fCnn9Q/dy
MD5:	1189196D2FA76B8ADC1A609F2B044AD8
SHA1:	D2778A62FC894F80B770A46FF354654991FFE690
SHA-256:	A641B586DBE89342F27C48C659422E2A939F370DBC00451E4DF9D31403DFC4D8
SHA-512:	2AFDBCE33F24103332112E3294F671B88C6E83D1F37A0CF376A9AB59DB675A9A35702109A011CB4B59DC016EF92D10253C400F8CA5DCBBC55F2C541DA819053E
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....d...<..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IvY.4....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VvY.4....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VvY.4....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VvY.4..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VvY.4...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............&.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.007536735103021
Encrypted:	false
SSDEEP:	48:8hdXTPDAHWidAKZdA14meh7sFiZUkmgqeh7sGdy+BX:8Tnnncdy
MD5:	AB85E91DBA2DE5E813E9D81C6DDF3CF4
SHA1:	F3833097C4F08EE88E12293049FC5602DCB57FED
SHA-256:	A1A979D912076ACD71E0B5483AA63F14F58D75EDB23A2530DACEAAB50942655D
SHA-512:	4748595FE457D1273DFDFB9190B79580F455AC1BC3CA094B44C5FA707F47E61ED3FE9BA517694D55B63734D3361F38217B77E2D1A697DC95ABFC1BA9F1AACE51
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IvY.4....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VvY.4....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VvY.4....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VvY.4..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............&.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 22 05:37:42 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	4.00249665491708
Encrypted:	false
SSDEEP:	48:87dXTPDkHWidAKZdA1TehDiZUkwqehEdy+R:8pnUudy
MD5:	8846BAEC009EA9BDE1B63CC932ADA1F7
SHA1:	7469EC4436D754ACC000E4413541FAC7F738612E
SHA-256:	D25C4FB3BF55DBB27294BC27FDCE551ED38805417B48B56830F2BD7D1BC69A96
SHA-512:	4B146B9C2F0F0324E503FBCAEE7E826C88EBE7A3BC70952ACB640913A2BE074CECD0D7A1708A60452AC9423328A715F33E5962177C477F5BD240D23978CC95B1
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.........<..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IvY.4....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VvY.4....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VvY.4....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VvY.4..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VvY.4...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............&.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 22 05:37:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9889356515991867
Encrypted:	false
SSDEEP:	48:8j3dXTPDkHWidAKZdA1dehBiZUk1W1qehCdy+C:8jNnU9idy
MD5:	99806F2551158CF020E7E07A83E1EC27
SHA1:	2AE0D3A71ADD63A1EE3A5AA9A3834D0AEAD186C6
SHA-256:	35768276F2E9529858DBD3B9D4CA9AFD687019A1DD1A210FBAC484354AFA67DB
SHA-512:	6412FDE854EF8F5833A8282F28460E04675F657ED916CB32D85DA737523537BB2353D916A0B413469D75316C9B82BED53BE25C8BE531EDC8C826D3F4D80BB431
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....fi...<..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IvY.4....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VvY.4....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VvY.4....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VvY.4..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VvY.4...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............&.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 22 05:37:42 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.000302384501133
Encrypted:	false
SSDEEP:	48:8rdXTPDkHWidAKZdA1duTeehOuTbbiZUk5OjqehOuTbcdy+yT+:8ZnmTfTbxWOvTbcdy7T
MD5:	CF11DD608B72469F2C2403C6F6B6E81B
SHA1:	9E32F0AFA6D25E50C71BF47599B2E9F3AD1748F1
SHA-256:	A7ED1DDBDCA32258104E51F6EA448C5A1403F5B6DE8811EDCEBB07B37D582BD9
SHA-512:	F9C60864013F362E6DC9BE93FEC218F4064ACA4FF4CBB33E289BEBCFA81B60AD5F5EEC217A7258CEA12CC43C2048D7C16081A7C5D4E43E0726BB3A956411ECD5
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....f....<..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IvY.4....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VvY.4....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VvY.4....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VvY.4..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VvY.4...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............&.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 62

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (64724)
Category:	downloaded
Size (bytes):	172080
Entropy (8bit):	5.9630926526514605
Encrypted:	false
SSDEEP:	3072:2UtNeqd9RKqvJ7rUL0pMhkUqypDLrWM8vkz3cLMXqwKw9emRkvTDa75IM2nhv4x:2wRRnb+hx9DLrYvkzML1wcvfaEg
MD5:	99D09CD653262E74832FE72A84B098C1
SHA1:	B24DC098091E702E997EEA647EA0C575DE4359C1
SHA-256:	B371C9ADF7C3C4066371A37F45F672CAA62447F16E167CEC6C2B7BF0D1DA1FD4
SHA-512:	50F1F2580CE1687A64D0E7260D72B7447FBF1D965D26E5E80BBBAD92F1680B9FAA224A5AF1263E533B65D0E8259988DCCCC8B6DD0153ACC05C39FC9AB0AF8F8E
Malicious:	false
Reputation:	low
URL:	https://secure.encryptedconnection.net/pages/ea3b295c08f691a7ad8d850d0f81bcf6/XT2VkOUF6UWhJRkJORWRibzhzMytNYjdrNS9teUZ4OEhhK3BwL2pVdGJ6b3JVOHpQdlFFU1pVSDVwZC9ObHAzN2ptMTRIald2TXl0dXh0VEFrYzlWbTU4eU9qdTAycjN0VVRRalNHOVJzSkIzcm9hTDFRYnhOU2xkSVYrV2RLRjJ2dk9ITUdnRldMR2hKYzJsb0NuQWJTNG1rSjFaeEpyVDBsS1pYcWpsVTh5bThKUENydWxvcjdmbWR1ZkdvbjRzaElWWUFEMXN4R3ZKcXZaa3NzWnZ2N3ZBS3VjUUcwdz0tLXBNenBsNlZQeDgzanJXMEUtLXRsSDVDalFBbzhFdVNOMnltY2sxcUE9PQ==
Preview:	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="http://www.w3.org/1999/xhtml">. <meta name="IMPORTANT" content="This page is part of a simulated phishing attack initiated by KnowBe4 on behalf of its customers." />. <meta name="IMPORTANT" content="If you have any questions please contact support@knowbe4.com." />. <meta content="IE=edge,chrome=1" http-equiv="X-UA-Compatible"/>. <meta name="robots" content="noindex, nofollow" />.. <head>. <script src="/assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js"></script>.. <link rel="stylesheet" href="/assets/landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css" media="all" />.. </head>. .<img alt="" height="731" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAB4AAAAQ4CAYAAADo08FDAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAAPHRFWHRDb21tZW50AHhyOmQ6REFGRGZuN3pZNTg6MjIsajo1MzgyMjA0MTIz

Chrome Cache Entry: 63

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	1471
Entropy (8bit):	4.754611179426391
Encrypted:	false
SSDEEP:	24:y40r8CQo40agx40mC400XLaR404hZYmx40vGk40vG/I40vGhH40VhZ40UrCmn:xdDgCFEiBZgnTOHTn
MD5:	15E89F9684B18EC43EE51F8D62A787C3
SHA1:	9CBAAACEAE96845ECD3497F41EE3B02588ABEC11
SHA-256:	16F13E16A7EF02FB6F94250AA1931DED83DBEE5D9FAD278E33DD5792D085194F
SHA-512:	79E0110A045F28437D192290AC9789270CB0D4E676A985564746DB439992D867BA89639D7738E2A7F7D83BBF37D9A02CAA2AE1DC4E0EE2519797E5840A47FABE
Malicious:	false
Reputation:	low
URL:	https://secure.encryptedconnection.net/assets/landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css
Preview:	/* line 1, app/assets/stylesheets/landing-watermark.scss /..watermark {. -webkit-writing-mode: vertical-rl;. -ms-writing-mode: tb-rl;. writing-mode: vertical-rl;. text-orientation: sideways;.}../ line 4, app/assets/stylesheets/landing-watermark.scss /..watermark.left {. left: 0;.}../ line 7, app/assets/stylesheets/landing-watermark.scss /..watermark.right {. right: 0;.}../ line 10, app/assets/stylesheets/landing-watermark.scss /..watermark.top {. text-align: center;. -webkit-writing-mode: horizontal-tb;. -ms-writing-mode: lr-tb;. writing-mode: horizontal-tb;. top: -38px;.}../ line 15, app/assets/stylesheets/landing-watermark.scss /..watermark h1 {. -webkit-user-select: none;. -moz-user-select: none;. -ms-user-select: none;. user-select: none;. font-size: 15px;. color: #fdfdfa;. font-weight: bold;.}../ line 24, app/assets/stylesheets/landing-watermark.scss /.#template_sei .watermark.left {. margin-left: -10px;.}../ li

Chrome Cache Entry: 64

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	dropped
Size (bytes):	380848
Entropy (8bit):	5.202109831427653
Encrypted:	false
SSDEEP:	3072:sHNwcv9VBQpLl88SMBQ47GKYQa8ITLYI9fB8NJOD3EAjV2Uc9M1U+/uz+rSLyCAV:sHWK9VC78UBQ47GKXIvd9sOVAqtNX
MD5:	67A0C4DBD69561F3226243034423F1ED
SHA1:	88C1B5C7EBBFA24D8196290206BF544F28EEB406
SHA-256:	74B9F1CFE7CAD31AE1C1901200890B76676E6D92AC817641F5EF9BFD552F2110
SHA-512:	D5326C46E2FC443AA0C75DB573B39957514BD025235ADB5F16797133394E1AFD0A6458B38DA8220BF7558333E8F2334532FBCC4CD9DD4DD5811AAC403B498542
Malicious:	false
Reputation:	low
Preview:	/! jQuery v3.7.1 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(ie,e){"use strict";var oe=[],r=Object.getPrototypeOf,ae=oe.slice,g=oe.flat?function(e){return oe.flat.call(e)}:function(e){return oe.concat.apply([],e)},s=oe.push,se=oe.indexOf,n={},i=n.toString,ue=n.hasOwnProperty,o=ue.toString,a=o.call(Object),le={},v=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},y=function(e){return null!=e&&e===e.window},C=ie.document,u={type:!0,src:!0,nonce:!0,noModule:!0};function m(e,t,n){var r,i,o=(n=n\|\|C).createElement("script");if(o.text=e,t)for(r in u)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.remove

Chrome Cache Entry: 65

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (488)
Category:	downloaded
Size (bytes):	542
Entropy (8bit):	5.858039119212293
Encrypted:	false
SSDEEP:	12:3R+xnunldLx6d0M6ViQcTZ5+Zwqdg50uzsvjBqnoVuvzaxE4AEdeIQL:3EuldLxA0JV3cTYdg50qsvjBGuENEkj
MD5:	0EEFF0BDE8075D66753B69E50E648778
SHA1:	3B6316017BCB68329E487D7AA3C74B1FFB3D0690
SHA-256:	E74CF312BBE36552704226736F9A21E0B117FB6966936E3362F90F9D69E1ED35
SHA-512:	BECF0E473B573D36C5ED0FFB780025AD5BDFB256689B296A26DCDB07D7AECA203DA9F075099C72448454B6E0751C9FE35D4CB308651707D099B6673AF1A3AC3D
Malicious:	false
Reputation:	low
URL:	https://scam-report.malwarebouncer.com/XT2VkOUF6UWhJRkJORWRibzhzMytNYjdrNS9teUZ4OEhhK3BwL2pVdGJ6b3JVOHpQdlFFU1pVSDVwZC9ObHAzN2ptMTRIald2TXl0dXh0VEFrYzlWbTU4eU9qdTAycjN0VVRRalNHOVJzSkIzcm9hTDFRYnhOU2xkSVYrV2RLRjJ2dk9ITUdnRldMR2hKYzJsb0NuQWJTNG1rSjFaeEpyVDBsS1pYcWpsVTh5bThKUENydWxvcjdmbWR1ZkdvbjRzaElWWUFEMXN4R3ZKcXZaa3NzWnZ2N3ZBS3VjUUcwdz0tLXBNenBsNlZQeDgzanJXMEUtLXRsSDVDalFBbzhFdVNOMnltY2sxcUE9PQ==?cid=294625424
Preview:	<html>. <head>. <script>window.location.href = 'https://secure.encryptedconnection.net/pages/ea3b295c08f691a7ad8d850d0f81bcf6/XT2VkOUF6UWhJRkJORWRibzhzMytNYjdrNS9teUZ4OEhhK3BwL2pVdGJ6b3JVOHpQdlFFU1pVSDVwZC9ObHAzN2ptMTRIald2TXl0dXh0VEFrYzlWbTU4eU9qdTAycjN0VVRRalNHOVJzSkIzcm9hTDFRYnhOU2xkSVYrV2RLRjJ2dk9ITUdnRldMR2hKYzJsb0NuQWJTNG1rSjFaeEpyVDBsS1pYcWpsVTh5bThKUENydWxvcjdmbWR1ZkdvbjRzaElWWUFEMXN4R3ZKcXZaa3NzWnZ2N3ZBS3VjUUcwdz0tLXBNenBsNlZQeDgzanJXMEUtLXRsSDVDalFBbzhFdVNOMnltY2sxcUE9PQ==';</script>. </head>. <body>. </body>.</html>.

Chrome Cache Entry: 66

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	downloaded
Size (bytes):	380848
Entropy (8bit):	5.202109831427653
Encrypted:	false
SSDEEP:	3072:sHNwcv9VBQpLl88SMBQ47GKYQa8ITLYI9fB8NJOD3EAjV2Uc9M1U+/uz+rSLyCAV:sHWK9VC78UBQ47GKXIvd9sOVAqtNX
MD5:	67A0C4DBD69561F3226243034423F1ED
SHA1:	88C1B5C7EBBFA24D8196290206BF544F28EEB406
SHA-256:	74B9F1CFE7CAD31AE1C1901200890B76676E6D92AC817641F5EF9BFD552F2110
SHA-512:	D5326C46E2FC443AA0C75DB573B39957514BD025235ADB5F16797133394E1AFD0A6458B38DA8220BF7558333E8F2334532FBCC4CD9DD4DD5811AAC403B498542
Malicious:	false
Reputation:	low
URL:	https://secure.encryptedconnection.net/assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js
Preview:	/! jQuery v3.7.1 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(ie,e){"use strict";var oe=[],r=Object.getPrototypeOf,ae=oe.slice,g=oe.flat?function(e){return oe.flat.call(e)}:function(e){return oe.concat.apply([],e)},s=oe.push,se=oe.indexOf,n={},i=n.toString,ue=n.hasOwnProperty,o=ue.toString,a=o.call(Object),le={},v=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},y=function(e){return null!=e&&e===e.window},C=ie.document,u={type:!0,src:!0,nonce:!0,noModule:!0};function m(e,t,n){var r,i,o=(n=n\|\|C).createElement("script");if(o.text=e,t)for(r in u)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.remove

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 22, 2024 07:37:43.001247883 CET	49673	443	192.168.2.16	204.79.197.203
Nov 22, 2024 07:37:43.303021908 CET	49673	443	192.168.2.16	204.79.197.203
Nov 22, 2024 07:37:43.496962070 CET	49696	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:43.497020960 CET	443	49696	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:43.497098923 CET	49696	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:43.501131058 CET	49696	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:43.501153946 CET	443	49696	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:43.501859903 CET	49697	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:43.501904011 CET	443	49697	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:43.501962900 CET	49697	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:43.512145042 CET	49697	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:43.512166023 CET	443	49697	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:43.906413078 CET	49673	443	192.168.2.16	204.79.197.203
Nov 22, 2024 07:37:45.108725071 CET	49673	443	192.168.2.16	204.79.197.203
Nov 22, 2024 07:37:45.470750093 CET	443	49696	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:45.471210957 CET	49696	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:45.471245050 CET	443	49696	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:45.472767115 CET	443	49696	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:45.472842932 CET	49696	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:45.474267960 CET	49696	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:45.474354029 CET	443	49696	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:45.474528074 CET	49696	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:45.474535942 CET	443	49696	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:45.523725033 CET	49696	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:45.538038015 CET	443	49697	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:45.538333893 CET	49697	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:45.538355112 CET	443	49697	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:45.541986942 CET	443	49697	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:45.542057037 CET	49697	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:45.542459011 CET	49697	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:45.542624950 CET	443	49697	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:45.587702036 CET	49697	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:45.587713957 CET	443	49697	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:45.634705067 CET	49697	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:46.095726967 CET	443	49696	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:46.095804930 CET	443	49696	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:46.095891953 CET	49696	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:46.102211952 CET	49696	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:46.102252960 CET	443	49696	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:46.609669924 CET	49701	443	192.168.2.16	142.250.181.100
Nov 22, 2024 07:37:46.609724998 CET	443	49701	142.250.181.100	192.168.2.16
Nov 22, 2024 07:37:46.609802008 CET	49701	443	192.168.2.16	142.250.181.100
Nov 22, 2024 07:37:46.610150099 CET	49701	443	192.168.2.16	142.250.181.100
Nov 22, 2024 07:37:46.610166073 CET	443	49701	142.250.181.100	192.168.2.16
Nov 22, 2024 07:37:47.009810925 CET	49703	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:47.009856939 CET	443	49703	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:47.009946108 CET	49703	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:47.010415077 CET	49704	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:47.010468960 CET	443	49704	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:47.010531902 CET	49704	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:47.010683060 CET	49703	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:47.010703087 CET	443	49703	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:47.010890007 CET	49704	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:47.010900974 CET	443	49704	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:47.516746044 CET	49673	443	192.168.2.16	204.79.197.203
Nov 22, 2024 07:37:47.523710012 CET	49689	80	192.168.2.16	192.229.211.108
Nov 22, 2024 07:37:48.353610039 CET	443	49701	142.250.181.100	192.168.2.16
Nov 22, 2024 07:37:48.357822895 CET	49701	443	192.168.2.16	142.250.181.100
Nov 22, 2024 07:37:48.357845068 CET	443	49701	142.250.181.100	192.168.2.16
Nov 22, 2024 07:37:48.358844995 CET	443	49701	142.250.181.100	192.168.2.16
Nov 22, 2024 07:37:48.358928919 CET	49701	443	192.168.2.16	142.250.181.100
Nov 22, 2024 07:37:48.360002995 CET	49701	443	192.168.2.16	142.250.181.100
Nov 22, 2024 07:37:48.360074997 CET	443	49701	142.250.181.100	192.168.2.16
Nov 22, 2024 07:37:48.408797979 CET	49701	443	192.168.2.16	142.250.181.100
Nov 22, 2024 07:37:48.408818960 CET	443	49701	142.250.181.100	192.168.2.16
Nov 22, 2024 07:37:48.455801010 CET	49701	443	192.168.2.16	142.250.181.100
Nov 22, 2024 07:37:48.961447954 CET	443	49703	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:48.961769104 CET	49703	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:48.961806059 CET	443	49703	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:48.962865114 CET	443	49703	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:48.962949038 CET	49703	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:48.964361906 CET	49703	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:48.964433908 CET	443	49703	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:48.964612961 CET	49703	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:48.964627028 CET	443	49703	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:49.012895107 CET	49703	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:49.031989098 CET	443	49704	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:49.032423019 CET	49704	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:49.032460928 CET	443	49704	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:49.036087990 CET	443	49704	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:49.036277056 CET	49704	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:49.036786079 CET	49704	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:49.036962032 CET	443	49704	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:49.091912031 CET	49704	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:49.091957092 CET	443	49704	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:49.139866114 CET	49704	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:49.504035950 CET	49707	443	192.168.2.16	23.218.208.109
Nov 22, 2024 07:37:49.504082918 CET	443	49707	23.218.208.109	192.168.2.16
Nov 22, 2024 07:37:49.504179001 CET	49707	443	192.168.2.16	23.218.208.109
Nov 22, 2024 07:37:49.506531954 CET	49707	443	192.168.2.16	23.218.208.109
Nov 22, 2024 07:37:49.506551027 CET	443	49707	23.218.208.109	192.168.2.16
Nov 22, 2024 07:37:50.877700090 CET	443	49703	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:50.877742052 CET	443	49703	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:50.877749920 CET	443	49703	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:50.877789021 CET	443	49703	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:50.877819061 CET	443	49703	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:50.877835035 CET	49703	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:50.877857924 CET	443	49703	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:50.877923965 CET	49703	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:50.877959013 CET	49703	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:50.899125099 CET	49704	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:50.905268908 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:50.905318022 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:50.905419111 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:50.905680895 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:50.905694962 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:50.934307098 CET	443	49707	23.218.208.109	192.168.2.16
Nov 22, 2024 07:37:50.934428930 CET	49707	443	192.168.2.16	23.218.208.109
Nov 22, 2024 07:37:50.939590931 CET	49707	443	192.168.2.16	23.218.208.109
Nov 22, 2024 07:37:50.939642906 CET	443	49707	23.218.208.109	192.168.2.16
Nov 22, 2024 07:37:50.939934969 CET	443	49707	23.218.208.109	192.168.2.16
Nov 22, 2024 07:37:50.943336010 CET	443	49704	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:50.981493950 CET	49707	443	192.168.2.16	23.218.208.109
Nov 22, 2024 07:37:51.023346901 CET	443	49707	23.218.208.109	192.168.2.16
Nov 22, 2024 07:37:51.025984049 CET	443	49703	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:51.026005030 CET	443	49703	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:51.026088953 CET	49703	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:51.026112080 CET	443	49703	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:51.026273012 CET	49703	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:51.084027052 CET	443	49703	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:51.084047079 CET	443	49703	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:51.084122896 CET	49703	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:51.084171057 CET	443	49703	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:51.085594893 CET	49703	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:51.178334951 CET	49678	443	192.168.2.16	20.189.173.10
Nov 22, 2024 07:37:51.196950912 CET	443	49703	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:51.196971893 CET	443	49703	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:51.197074890 CET	49703	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:51.197124958 CET	443	49703	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:51.197832108 CET	49703	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:51.236325026 CET	443	49703	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:51.236342907 CET	443	49703	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:51.236462116 CET	49703	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:51.236502886 CET	443	49703	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:51.240214109 CET	49703	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:51.258404970 CET	443	49703	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:51.258421898 CET	443	49703	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:51.258543968 CET	49703	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:51.258562088 CET	443	49703	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:51.259886980 CET	49703	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:51.275415897 CET	443	49703	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:51.275434971 CET	443	49703	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:51.275567055 CET	49703	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:51.275578976 CET	443	49703	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:51.275865078 CET	49703	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:51.306420088 CET	443	49704	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:51.306473970 CET	443	49704	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:51.306569099 CET	49704	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:51.306603909 CET	443	49704	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:51.306634903 CET	443	49704	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:51.306724072 CET	49704	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:51.307472944 CET	49704	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:51.307499886 CET	443	49704	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:51.386960030 CET	443	49703	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:51.386986971 CET	443	49703	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:51.387073994 CET	49703	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:51.387098074 CET	443	49703	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:51.387156010 CET	49703	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:51.404751062 CET	443	49703	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:51.404769897 CET	443	49703	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:51.404855967 CET	49703	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:51.404870033 CET	443	49703	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:51.404916048 CET	49703	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:51.419168949 CET	443	49703	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:51.419187069 CET	443	49703	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:51.419267893 CET	49703	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:51.419280052 CET	443	49703	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:51.419327021 CET	49703	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:51.428596973 CET	443	49703	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:51.428678989 CET	443	49703	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:51.428680897 CET	49703	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:51.428740025 CET	49703	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:51.429364920 CET	49703	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:51.429383993 CET	443	49703	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:51.456964016 CET	443	49707	23.218.208.109	192.168.2.16
Nov 22, 2024 07:37:51.457045078 CET	443	49707	23.218.208.109	192.168.2.16
Nov 22, 2024 07:37:51.457122087 CET	49707	443	192.168.2.16	23.218.208.109
Nov 22, 2024 07:37:51.457185030 CET	49707	443	192.168.2.16	23.218.208.109
Nov 22, 2024 07:37:51.457185030 CET	49707	443	192.168.2.16	23.218.208.109
Nov 22, 2024 07:37:51.457228899 CET	443	49707	23.218.208.109	192.168.2.16
Nov 22, 2024 07:37:51.457252979 CET	443	49707	23.218.208.109	192.168.2.16
Nov 22, 2024 07:37:51.478746891 CET	49678	443	192.168.2.16	20.189.173.10
Nov 22, 2024 07:37:51.498084068 CET	49709	443	192.168.2.16	23.218.208.109
Nov 22, 2024 07:37:51.498172998 CET	443	49709	23.218.208.109	192.168.2.16
Nov 22, 2024 07:37:51.498399019 CET	49709	443	192.168.2.16	23.218.208.109
Nov 22, 2024 07:37:51.498698950 CET	49709	443	192.168.2.16	23.218.208.109
Nov 22, 2024 07:37:51.498728991 CET	443	49709	23.218.208.109	192.168.2.16
Nov 22, 2024 07:37:52.082799911 CET	49678	443	192.168.2.16	20.189.173.10
Nov 22, 2024 07:37:52.318866968 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:52.319226980 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:52.319264889 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:52.319638968 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:52.319766998 CET	49673	443	192.168.2.16	204.79.197.203
Nov 22, 2024 07:37:52.320204020 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:52.320278883 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:52.320440054 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:52.363332033 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:52.966655970 CET	443	49709	23.218.208.109	192.168.2.16
Nov 22, 2024 07:37:52.966758013 CET	49709	443	192.168.2.16	23.218.208.109
Nov 22, 2024 07:37:52.970290899 CET	49709	443	192.168.2.16	23.218.208.109
Nov 22, 2024 07:37:52.970324039 CET	443	49709	23.218.208.109	192.168.2.16
Nov 22, 2024 07:37:52.970587969 CET	443	49709	23.218.208.109	192.168.2.16
Nov 22, 2024 07:37:52.973273993 CET	49709	443	192.168.2.16	23.218.208.109
Nov 22, 2024 07:37:53.015335083 CET	443	49709	23.218.208.109	192.168.2.16
Nov 22, 2024 07:37:53.047517061 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.047543049 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.047554970 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.047637939 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.047696114 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.047750950 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.100291967 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.100313902 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.100404024 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.100465059 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.100527048 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.256145000 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.256170988 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.256257057 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.256275892 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.256325960 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.286504030 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.286530018 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.286648035 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.286662102 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.286767960 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.287772894 CET	49678	443	192.168.2.16	20.189.173.10
Nov 22, 2024 07:37:53.321501970 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.321527004 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.321593046 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.321600914 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.321655989 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.455461025 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.455487013 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.455563068 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.455578089 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.455641985 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.481183052 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.481206894 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.481280088 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.481287956 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.481344938 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.500298977 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.500322104 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.500384092 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.500391960 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.500437021 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.502552032 CET	443	49709	23.218.208.109	192.168.2.16
Nov 22, 2024 07:37:53.502620935 CET	443	49709	23.218.208.109	192.168.2.16
Nov 22, 2024 07:37:53.502671003 CET	49709	443	192.168.2.16	23.218.208.109
Nov 22, 2024 07:37:53.503562927 CET	49709	443	192.168.2.16	23.218.208.109
Nov 22, 2024 07:37:53.503582954 CET	443	49709	23.218.208.109	192.168.2.16
Nov 22, 2024 07:37:53.503597021 CET	49709	443	192.168.2.16	23.218.208.109
Nov 22, 2024 07:37:53.503602028 CET	443	49709	23.218.208.109	192.168.2.16
Nov 22, 2024 07:37:53.516722918 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.516746044 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.516808033 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.516815901 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.516856909 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.529905081 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.529927015 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.529978991 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.529984951 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.530030966 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.530050993 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.572072029 CET	49710	443	192.168.2.16	20.109.210.53
Nov 22, 2024 07:37:53.572118998 CET	443	49710	20.109.210.53	192.168.2.16
Nov 22, 2024 07:37:53.572190046 CET	49710	443	192.168.2.16	20.109.210.53
Nov 22, 2024 07:37:53.574817896 CET	49710	443	192.168.2.16	20.109.210.53
Nov 22, 2024 07:37:53.574837923 CET	443	49710	20.109.210.53	192.168.2.16
Nov 22, 2024 07:37:53.657382965 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.657421112 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.657474995 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.657491922 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.657522917 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.657536030 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.672359943 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.672384024 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.672439098 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.672446966 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.672487020 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.672498941 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.683862925 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.683886051 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.683938026 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.683945894 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.683971882 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.683990955 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.697745085 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.697772026 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.697812080 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.697818995 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.697856903 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.697885036 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.710417986 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.710441113 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.710489035 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.710494995 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.710566044 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.710566044 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.722799063 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.722824097 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.722934961 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.722940922 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.722976923 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.736114979 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.736140013 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.736227036 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.736233950 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.736283064 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.748166084 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.748189926 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.748275042 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.748282909 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.748322964 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.860584021 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.860610962 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.860665083 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.860676050 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.860722065 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.870709896 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.870733976 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.870781898 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.870789051 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.870820045 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.870837927 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.879430056 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.879453897 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.879504919 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.879527092 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.879545927 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.879580021 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.889286041 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.889308929 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.889363050 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.889370918 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.889416933 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.889435053 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.898509026 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.898528099 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.898596048 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.898610115 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.898966074 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.901169062 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.901232958 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.901240110 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.901256084 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.901283026 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.901314974 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.901458025 CET	49708	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.901477098 CET	443	49708	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.937295914 CET	49711	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.937357903 CET	443	49711	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:53.938015938 CET	49711	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.938236952 CET	49711	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:53.938265085 CET	443	49711	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:54.044512987 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:54.044575930 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:54.044655085 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:54.044872999 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:54.044886112 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:55.270647049 CET	443	49710	20.109.210.53	192.168.2.16
Nov 22, 2024 07:37:55.270745039 CET	49710	443	192.168.2.16	20.109.210.53
Nov 22, 2024 07:37:55.273478985 CET	49710	443	192.168.2.16	20.109.210.53
Nov 22, 2024 07:37:55.273494005 CET	443	49710	20.109.210.53	192.168.2.16
Nov 22, 2024 07:37:55.274135113 CET	443	49710	20.109.210.53	192.168.2.16
Nov 22, 2024 07:37:55.326745987 CET	49710	443	192.168.2.16	20.109.210.53
Nov 22, 2024 07:37:55.330794096 CET	49710	443	192.168.2.16	20.109.210.53
Nov 22, 2024 07:37:55.352348089 CET	443	49711	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:55.352689981 CET	49711	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:55.352724075 CET	443	49711	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:55.353914976 CET	443	49711	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:55.354356050 CET	49711	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:55.354532957 CET	49711	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:55.354547977 CET	443	49711	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:55.371345997 CET	443	49710	20.109.210.53	192.168.2.16
Nov 22, 2024 07:37:55.395348072 CET	443	49711	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:55.407231092 CET	49711	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:55.645963907 CET	49680	80	192.168.2.16	192.229.211.108
Nov 22, 2024 07:37:55.693759918 CET	49678	443	192.168.2.16	20.189.173.10
Nov 22, 2024 07:37:55.881311893 CET	443	49711	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:55.881407022 CET	443	49711	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:55.881493092 CET	49711	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:55.882122993 CET	49711	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:37:55.882155895 CET	443	49711	46.137.49.168	192.168.2.16
Nov 22, 2024 07:37:55.884902954 CET	49713	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:55.884951115 CET	443	49713	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:55.885082960 CET	49713	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:55.885340929 CET	49713	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:55.885351896 CET	443	49713	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:55.947259903 CET	443	49710	20.109.210.53	192.168.2.16
Nov 22, 2024 07:37:55.947283983 CET	443	49710	20.109.210.53	192.168.2.16
Nov 22, 2024 07:37:55.947292089 CET	443	49710	20.109.210.53	192.168.2.16
Nov 22, 2024 07:37:55.947324991 CET	443	49710	20.109.210.53	192.168.2.16
Nov 22, 2024 07:37:55.947343111 CET	443	49710	20.109.210.53	192.168.2.16
Nov 22, 2024 07:37:55.947356939 CET	443	49710	20.109.210.53	192.168.2.16
Nov 22, 2024 07:37:55.947372913 CET	49710	443	192.168.2.16	20.109.210.53
Nov 22, 2024 07:37:55.947388887 CET	443	49710	20.109.210.53	192.168.2.16
Nov 22, 2024 07:37:55.947455883 CET	49710	443	192.168.2.16	20.109.210.53
Nov 22, 2024 07:37:55.947457075 CET	49710	443	192.168.2.16	20.109.210.53
Nov 22, 2024 07:37:55.947556973 CET	49710	443	192.168.2.16	20.109.210.53
Nov 22, 2024 07:37:55.948770046 CET	49680	80	192.168.2.16	192.229.211.108
Nov 22, 2024 07:37:55.967581987 CET	443	49710	20.109.210.53	192.168.2.16
Nov 22, 2024 07:37:55.967645884 CET	443	49710	20.109.210.53	192.168.2.16
Nov 22, 2024 07:37:55.967667103 CET	49710	443	192.168.2.16	20.109.210.53
Nov 22, 2024 07:37:55.967720032 CET	49710	443	192.168.2.16	20.109.210.53
Nov 22, 2024 07:37:55.967813969 CET	49710	443	192.168.2.16	20.109.210.53
Nov 22, 2024 07:37:55.967837095 CET	443	49710	20.109.210.53	192.168.2.16
Nov 22, 2024 07:37:55.967849016 CET	49710	443	192.168.2.16	20.109.210.53
Nov 22, 2024 07:37:55.967856884 CET	443	49710	20.109.210.53	192.168.2.16
Nov 22, 2024 07:37:56.138962030 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:56.139278889 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:56.139322042 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:56.140805960 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:56.140883923 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:56.141336918 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:56.141415119 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:56.141539097 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:56.141546965 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:56.187753916 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:56.555764914 CET	49680	80	192.168.2.16	192.229.211.108
Nov 22, 2024 07:37:56.644212961 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:56.644242048 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:56.644252062 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:56.644263983 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:56.644292116 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:56.644314051 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:56.644337893 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:56.644365072 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:56.644383907 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:56.807495117 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:56.807529926 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:56.807584047 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:56.807599068 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:56.807625055 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:56.807647943 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:56.866163015 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:56.866195917 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:56.866249084 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:56.866266966 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:56.866314888 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:56.998677969 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:56.998713017 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:56.998766899 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:56.998785019 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:56.998814106 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:56.998833895 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.030002117 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.030040979 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.030095100 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.030108929 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.030132055 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.030215979 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.048562050 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.048585892 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.048645020 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.048651934 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.048717976 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.048717976 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.102487087 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.102514029 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.102610111 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.102618933 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.102664948 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.209697962 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.209741116 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.209801912 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.209815979 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.209887028 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.219409943 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.219430923 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.219472885 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.219477892 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.219500065 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.219526052 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.234244108 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.234272957 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.234316111 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.234322071 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.234347105 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.234365940 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.245994091 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.246014118 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.246068001 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.246073008 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.246124983 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.257091999 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.257112980 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.257164001 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.257172108 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.257477045 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.268862009 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.268881083 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.268922091 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.268927097 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.268965006 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.268974066 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.279601097 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.279620886 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.279680014 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.279685020 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.279722929 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.404679060 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.404706955 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.404782057 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.404789925 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.404845953 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.413077116 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.413098097 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.413157940 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.413163900 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.413203955 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.421741009 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.421761036 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.421827078 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.421839952 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.421904087 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.429702997 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.429722071 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.429768085 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.429779053 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.429800034 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.429821014 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.438389063 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.438410044 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.438457012 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.438461065 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.438498020 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.438518047 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.446691036 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.446711063 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.446758032 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.446768999 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.446779013 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.446805000 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.455585957 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.455610037 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.455670118 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.455674887 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.455727100 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.455744982 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.487912893 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.487932920 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.487978935 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.487987041 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.488014936 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.488027096 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.615381002 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.615406990 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.615457058 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.615466118 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.615494967 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.615516901 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.617887974 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.617942095 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.617947102 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.617980003 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.617997885 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.618029118 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.618086100 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.618103027 CET	443	49712	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.618110895 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.618238926 CET	49712	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.769773006 CET	49680	80	192.168.2.16	192.229.211.108
Nov 22, 2024 07:37:57.911640882 CET	443	49713	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.911952972 CET	49713	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.911981106 CET	443	49713	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.915604115 CET	443	49713	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.915688992 CET	49713	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.915946007 CET	49713	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.916105032 CET	49713	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.916114092 CET	443	49713	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:57.961754084 CET	49713	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:57.961762905 CET	443	49713	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:58.009757042 CET	49713	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:58.034853935 CET	443	49701	142.250.181.100	192.168.2.16
Nov 22, 2024 07:37:58.034960985 CET	443	49701	142.250.181.100	192.168.2.16
Nov 22, 2024 07:37:58.035093069 CET	49701	443	192.168.2.16	142.250.181.100
Nov 22, 2024 07:37:58.324544907 CET	443	49713	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:58.324753046 CET	443	49713	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:58.325273037 CET	49713	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:58.325299025 CET	443	49713	52.48.171.10	192.168.2.16
Nov 22, 2024 07:37:58.325310946 CET	49713	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:58.325340033 CET	49713	443	192.168.2.16	52.48.171.10
Nov 22, 2024 07:37:58.327819109 CET	49701	443	192.168.2.16	142.250.181.100
Nov 22, 2024 07:37:58.327843904 CET	443	49701	142.250.181.100	192.168.2.16
Nov 22, 2024 07:38:00.182754040 CET	49680	80	192.168.2.16	192.229.211.108
Nov 22, 2024 07:38:00.500808001 CET	49678	443	192.168.2.16	20.189.173.10
Nov 22, 2024 07:38:01.920804024 CET	49673	443	192.168.2.16	204.79.197.203
Nov 22, 2024 07:38:04.989831924 CET	49680	80	192.168.2.16	192.229.211.108
Nov 22, 2024 07:38:10.115803957 CET	49678	443	192.168.2.16	20.189.173.10
Nov 22, 2024 07:38:14.592905998 CET	49680	80	192.168.2.16	192.229.211.108
Nov 22, 2024 07:38:30.593060017 CET	49697	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:38:30.593081951 CET	443	49697	46.137.49.168	192.168.2.16
Nov 22, 2024 07:38:32.392625093 CET	49714	443	192.168.2.16	20.109.210.53
Nov 22, 2024 07:38:32.392729998 CET	443	49714	20.109.210.53	192.168.2.16
Nov 22, 2024 07:38:32.392863989 CET	49714	443	192.168.2.16	20.109.210.53
Nov 22, 2024 07:38:32.393349886 CET	49714	443	192.168.2.16	20.109.210.53
Nov 22, 2024 07:38:32.393384933 CET	443	49714	20.109.210.53	192.168.2.16
Nov 22, 2024 07:38:34.160037041 CET	443	49714	20.109.210.53	192.168.2.16
Nov 22, 2024 07:38:34.160154104 CET	49714	443	192.168.2.16	20.109.210.53
Nov 22, 2024 07:38:34.161827087 CET	49714	443	192.168.2.16	20.109.210.53
Nov 22, 2024 07:38:34.161859989 CET	443	49714	20.109.210.53	192.168.2.16
Nov 22, 2024 07:38:34.162276983 CET	443	49714	20.109.210.53	192.168.2.16
Nov 22, 2024 07:38:34.164010048 CET	49714	443	192.168.2.16	20.109.210.53
Nov 22, 2024 07:38:34.207376003 CET	443	49714	20.109.210.53	192.168.2.16
Nov 22, 2024 07:38:34.861815929 CET	443	49714	20.109.210.53	192.168.2.16
Nov 22, 2024 07:38:34.861877918 CET	443	49714	20.109.210.53	192.168.2.16
Nov 22, 2024 07:38:34.861921072 CET	443	49714	20.109.210.53	192.168.2.16
Nov 22, 2024 07:38:34.861989021 CET	49714	443	192.168.2.16	20.109.210.53
Nov 22, 2024 07:38:34.862065077 CET	443	49714	20.109.210.53	192.168.2.16
Nov 22, 2024 07:38:34.862107992 CET	49714	443	192.168.2.16	20.109.210.53
Nov 22, 2024 07:38:34.862135887 CET	49714	443	192.168.2.16	20.109.210.53
Nov 22, 2024 07:38:34.900863886 CET	443	49714	20.109.210.53	192.168.2.16
Nov 22, 2024 07:38:34.900919914 CET	443	49714	20.109.210.53	192.168.2.16
Nov 22, 2024 07:38:34.900999069 CET	49714	443	192.168.2.16	20.109.210.53
Nov 22, 2024 07:38:34.901025057 CET	443	49714	20.109.210.53	192.168.2.16
Nov 22, 2024 07:38:34.901087999 CET	49714	443	192.168.2.16	20.109.210.53
Nov 22, 2024 07:38:34.901093006 CET	443	49714	20.109.210.53	192.168.2.16
Nov 22, 2024 07:38:34.901160955 CET	49714	443	192.168.2.16	20.109.210.53
Nov 22, 2024 07:38:34.901210070 CET	443	49714	20.109.210.53	192.168.2.16
Nov 22, 2024 07:38:34.901237965 CET	49714	443	192.168.2.16	20.109.210.53
Nov 22, 2024 07:38:34.901237965 CET	49714	443	192.168.2.16	20.109.210.53
Nov 22, 2024 07:38:34.901261091 CET	443	49714	20.109.210.53	192.168.2.16
Nov 22, 2024 07:38:34.901278973 CET	443	49714	20.109.210.53	192.168.2.16
Nov 22, 2024 07:38:39.724884987 CET	443	49697	46.137.49.168	192.168.2.16
Nov 22, 2024 07:38:39.725064039 CET	443	49697	46.137.49.168	192.168.2.16
Nov 22, 2024 07:38:39.725137949 CET	49697	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:38:39.956635952 CET	49697	443	192.168.2.16	46.137.49.168
Nov 22, 2024 07:38:39.956687927 CET	443	49697	46.137.49.168	192.168.2.16
Nov 22, 2024 07:38:46.511197090 CET	49716	443	192.168.2.16	142.250.181.100
Nov 22, 2024 07:38:46.511239052 CET	443	49716	142.250.181.100	192.168.2.16
Nov 22, 2024 07:38:46.511346102 CET	49716	443	192.168.2.16	142.250.181.100
Nov 22, 2024 07:38:46.511554956 CET	49716	443	192.168.2.16	142.250.181.100
Nov 22, 2024 07:38:46.511569977 CET	443	49716	142.250.181.100	192.168.2.16
Nov 22, 2024 07:38:48.304048061 CET	443	49716	142.250.181.100	192.168.2.16
Nov 22, 2024 07:38:48.304418087 CET	49716	443	192.168.2.16	142.250.181.100
Nov 22, 2024 07:38:48.304435015 CET	443	49716	142.250.181.100	192.168.2.16
Nov 22, 2024 07:38:48.304770947 CET	443	49716	142.250.181.100	192.168.2.16
Nov 22, 2024 07:38:48.305183887 CET	49716	443	192.168.2.16	142.250.181.100
Nov 22, 2024 07:38:48.305241108 CET	443	49716	142.250.181.100	192.168.2.16
Nov 22, 2024 07:38:48.357980967 CET	49716	443	192.168.2.16	142.250.181.100
Nov 22, 2024 07:38:57.940911055 CET	443	49716	142.250.181.100	192.168.2.16
Nov 22, 2024 07:38:57.940984964 CET	443	49716	142.250.181.100	192.168.2.16
Nov 22, 2024 07:38:57.941096067 CET	49716	443	192.168.2.16	142.250.181.100
Nov 22, 2024 07:38:57.950948954 CET	49716	443	192.168.2.16	142.250.181.100
Nov 22, 2024 07:38:57.950974941 CET	443	49716	142.250.181.100	192.168.2.16

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 22, 2024 07:37:41.828371048 CET	53	58556	1.1.1.1	192.168.2.16
Nov 22, 2024 07:37:41.834388018 CET	53	65428	1.1.1.1	192.168.2.16
Nov 22, 2024 07:37:42.536107063 CET	52993	53	192.168.2.16	1.1.1.1
Nov 22, 2024 07:37:42.536261082 CET	62270	53	192.168.2.16	1.1.1.1
Nov 22, 2024 07:37:43.481159925 CET	53	52993	1.1.1.1	192.168.2.16
Nov 22, 2024 07:37:43.482043982 CET	53	62270	1.1.1.1	192.168.2.16
Nov 22, 2024 07:37:44.632622004 CET	53	60846	1.1.1.1	192.168.2.16
Nov 22, 2024 07:37:46.191298962 CET	55232	53	192.168.2.16	1.1.1.1
Nov 22, 2024 07:37:46.191454887 CET	59102	53	192.168.2.16	1.1.1.1
Nov 22, 2024 07:37:46.458822012 CET	63142	53	192.168.2.16	1.1.1.1
Nov 22, 2024 07:37:46.459014893 CET	53626	53	192.168.2.16	1.1.1.1
Nov 22, 2024 07:37:46.598576069 CET	53	53626	1.1.1.1	192.168.2.16
Nov 22, 2024 07:37:46.608582020 CET	53	63142	1.1.1.1	192.168.2.16
Nov 22, 2024 07:37:47.007416010 CET	53	55232	1.1.1.1	192.168.2.16
Nov 22, 2024 07:37:47.008924007 CET	53	59102	1.1.1.1	192.168.2.16
Nov 22, 2024 07:37:53.905559063 CET	54254	53	192.168.2.16	1.1.1.1
Nov 22, 2024 07:37:53.905703068 CET	54411	53	192.168.2.16	1.1.1.1
Nov 22, 2024 07:37:54.043692112 CET	53	54254	1.1.1.1	192.168.2.16
Nov 22, 2024 07:37:54.043951988 CET	53	54411	1.1.1.1	192.168.2.16
Nov 22, 2024 07:38:01.533077955 CET	53	65535	1.1.1.1	192.168.2.16
Nov 22, 2024 07:38:20.510291100 CET	53	60194	1.1.1.1	192.168.2.16
Nov 22, 2024 07:38:41.770504951 CET	53	53741	1.1.1.1	192.168.2.16
Nov 22, 2024 07:38:43.604181051 CET	53	55897	1.1.1.1	192.168.2.16
Nov 22, 2024 07:38:47.347161055 CET	138	138	192.168.2.16	192.168.2.255
Nov 22, 2024 07:39:12.229873896 CET	53	54136	1.1.1.1	192.168.2.16

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 22, 2024 07:37:42.536107063 CET	192.168.2.16	1.1.1.1	0xeb74	Standard query (0)	scam-report.malwarebouncer.com	A (IP address)	IN (0x0001)	false
Nov 22, 2024 07:37:42.536261082 CET	192.168.2.16	1.1.1.1	0xcf0f	Standard query (0)	scam-report.malwarebouncer.com	65	IN (0x0001)	false
Nov 22, 2024 07:37:46.191298962 CET	192.168.2.16	1.1.1.1	0xba18	Standard query (0)	secure.encryptedconnection.net	A (IP address)	IN (0x0001)	false
Nov 22, 2024 07:37:46.191454887 CET	192.168.2.16	1.1.1.1	0x3f77	Standard query (0)	secure.encryptedconnection.net	65	IN (0x0001)	false
Nov 22, 2024 07:37:46.458822012 CET	192.168.2.16	1.1.1.1	0x3598	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 22, 2024 07:37:46.459014893 CET	192.168.2.16	1.1.1.1	0xfcd6	Standard query (0)	www.google.com	65	IN (0x0001)	false
Nov 22, 2024 07:37:53.905559063 CET	192.168.2.16	1.1.1.1	0x31b	Standard query (0)	secure.encryptedconnection.net	A (IP address)	IN (0x0001)	false
Nov 22, 2024 07:37:53.905703068 CET	192.168.2.16	1.1.1.1	0xd9d0	Standard query (0)	secure.encryptedconnection.net	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 22, 2024 07:37:43.481159925 CET	1.1.1.1	192.168.2.16	0xeb74	No error (0)	scam-report.malwarebouncer.com	landing.eu.knowbe4.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 22, 2024 07:37:43.481159925 CET	1.1.1.1	192.168.2.16	0xeb74	No error (0)	landing.eu.knowbe4.com		46.137.49.168	A (IP address)	IN (0x0001)	false
Nov 22, 2024 07:37:43.481159925 CET	1.1.1.1	192.168.2.16	0xeb74	No error (0)	landing.eu.knowbe4.com		52.48.171.10	A (IP address)	IN (0x0001)	false
Nov 22, 2024 07:37:43.482043982 CET	1.1.1.1	192.168.2.16	0xcf0f	No error (0)	scam-report.malwarebouncer.com	landing.eu.knowbe4.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 22, 2024 07:37:46.598576069 CET	1.1.1.1	192.168.2.16	0xfcd6	No error (0)	www.google.com			65	IN (0x0001)	false
Nov 22, 2024 07:37:46.608582020 CET	1.1.1.1	192.168.2.16	0x3598	No error (0)	www.google.com		142.250.181.100	A (IP address)	IN (0x0001)	false
Nov 22, 2024 07:37:47.007416010 CET	1.1.1.1	192.168.2.16	0xba18	No error (0)	secure.encryptedconnection.net	landing.eu.knowbe4.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 22, 2024 07:37:47.007416010 CET	1.1.1.1	192.168.2.16	0xba18	No error (0)	landing.eu.knowbe4.com		46.137.49.168	A (IP address)	IN (0x0001)	false
Nov 22, 2024 07:37:47.007416010 CET	1.1.1.1	192.168.2.16	0xba18	No error (0)	landing.eu.knowbe4.com		52.48.171.10	A (IP address)	IN (0x0001)	false
Nov 22, 2024 07:37:47.008924007 CET	1.1.1.1	192.168.2.16	0x3f77	No error (0)	secure.encryptedconnection.net	landing.eu.knowbe4.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 22, 2024 07:37:54.043692112 CET	1.1.1.1	192.168.2.16	0x31b	No error (0)	secure.encryptedconnection.net	landing.eu.knowbe4.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 22, 2024 07:37:54.043692112 CET	1.1.1.1	192.168.2.16	0x31b	No error (0)	landing.eu.knowbe4.com		52.48.171.10	A (IP address)	IN (0x0001)	false
Nov 22, 2024 07:37:54.043692112 CET	1.1.1.1	192.168.2.16	0x31b	No error (0)	landing.eu.knowbe4.com		46.137.49.168	A (IP address)	IN (0x0001)	false
Nov 22, 2024 07:37:54.043951988 CET	1.1.1.1	192.168.2.16	0xd9d0	No error (0)	secure.encryptedconnection.net	landing.eu.knowbe4.com		CNAME (Canonical name)	IN (0x0001)	false

HTTP Request Dependency Graph

scam-report.malwarebouncer.com

https:

secure.encryptedconnection.net

fs.microsoft.com

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.16	49696	46.137.49.168	443	6604	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-22 06:37:45 UTC	1048	OUT	GET /XT2VkOUF6UWhJRkJORWRibzhzMytNYjdrNS9teUZ4OEhhK3BwL2pVdGJ6b3JVOHpQdlFFU1pVSDVwZC9ObHAzN2ptMTRIald2TXl0dXh0VEFrYzlWbTU4eU9qdTAycjN0VVRRalNHOVJzSkIzcm9hTDFRYnhOU2xkSVYrV2RLRjJ2dk9ITUdnRldMR2hKYzJsb0NuQWJTNG1rSjFaeEpyVDBsS1pYcWpsVTh5bThKUENydWxvcjdmbWR1ZkdvbjRzaElWWUFEMXN4R3ZKcXZaa3NzWnZ2N3ZBS3VjUUcwdz0tLXBNenBsNlZQeDgzanJXMEUtLXRsSDVDalFBbzhFdVNOMnltY2sxcUE9PQ==?cid=294625424 HTTP/1.1 Host: scam-report.malwarebouncer.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-22 06:37:46 UTC	574	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 06:37:45 GMT Content-Type: text/html; charset=utf-8 Content-Length: 542 Connection: close X-Frame-Options: SAMEORIGIN X-XSS-Protection: 0 X-Content-Type-Options: nosniff X-Permitted-Cross-Domain-Policies: none Referrer-Policy: no-referrer-when-downgrade ETag: W/"e74cf312bbe36552704226736f9a21e0" Cache-Control: max-age=0, private, must-revalidate Content-Security-Policy: X-Request-Id: 84e7d96d-e1d9-44b9-b31e-94f4c7c42add X-Runtime: 0.098228 Strict-Transport-Security: max-age=63113904; includeSubDomains; preload
2024-11-22 06:37:46 UTC	542	IN	Data Raw: 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20 3d 20 27 68 74 74 70 73 3a 2f 2f 73 65 63 75 72 65 2e 65 6e 63 72 79 70 74 65 64 63 6f 6e 6e 65 63 74 69 6f 6e 2e 6e 65 74 2f 70 61 67 65 73 2f 65 61 33 62 32 39 35 63 30 38 66 36 39 31 61 37 61 64 38 64 38 35 30 64 30 66 38 31 62 63 66 36 2f 58 54 32 56 6b 4f 55 46 36 55 57 68 4a 52 6b 4a 4f 52 57 52 69 62 7a 68 7a 4d 79 74 4e 59 6a 64 72 4e 53 39 74 65 55 5a 34 4f 45 68 68 4b 33 42 77 4c 32 70 56 64 47 4a 36 62 33 4a 56 4f 48 70 51 64 6c 46 46 55 31 70 56 53 44 56 77 5a 43 39 4f 62 48 41 7a 4e 32 70 74 4d 54 52 49 61 6c 64 32 54 58 6c 30 64 58 68 30 56 45 46 72 59 7a 6c 57 62 54 55 34 65 55 39 71 64 54 Data Ascii: <html> <head> <script>window.location.href = 'https://secure.encryptedconnection.net/pages/ea3b295c08f691a7ad8d850d0f81bcf6/XT2VkOUF6UWhJRkJORWRibzhzMytNYjdrNS9teUZ4OEhhK3BwL2pVdGJ6b3JVOHpQdlFFU1pVSDVwZC9ObHAzN2ptMTRIald2TXl0dXh0VEFrYzlWbTU4eU9qdT

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.16	49703	46.137.49.168	443	6604	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-22 06:37:48 UTC	1484	OUT	GET /pages/ea3b295c08f691a7ad8d850d0f81bcf6/XT2VkOUF6UWhJRkJORWRibzhzMytNYjdrNS9teUZ4OEhhK3BwL2pVdGJ6b3JVOHpQdlFFU1pVSDVwZC9ObHAzN2ptMTRIald2TXl0dXh0VEFrYzlWbTU4eU9qdTAycjN0VVRRalNHOVJzSkIzcm9hTDFRYnhOU2xkSVYrV2RLRjJ2dk9ITUdnRldMR2hKYzJsb0NuQWJTNG1rSjFaeEpyVDBsS1pYcWpsVTh5bThKUENydWxvcjdmbWR1ZkdvbjRzaElWWUFEMXN4R3ZKcXZaa3NzWnZ2N3ZBS3VjUUcwdz0tLXBNenBsNlZQeDgzanJXMEUtLXRsSDVDalFBbzhFdVNOMnltY2sxcUE9PQ== HTTP/1.1 Host: secure.encryptedconnection.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://scam-report.malwarebouncer.com/XT2VkOUF6UWhJRkJORWRibzhzMytNYjdrNS9teUZ4OEhhK3BwL2pVdGJ6b3JVOHpQdlFFU1pVSDVwZC9ObHAzN2ptMTRIald2TXl0dXh0VEFrYzlWbTU4eU9qdTAycjN0VVRRalNHOVJzSkIzcm9hTDFRYnhOU2xkSVYrV2RLRjJ2dk9ITUdnRldMR2hKYzJsb0NuQWJTNG1rSjFaeEpyVDBsS1pYcWpsVTh5bThKUENydWxvcjdmbWR1ZkdvbjRzaElWWUFEMXN4R3ZKcXZaa3NzWnZ2N3ZBS3VjUUcwdz0tLXBNenBsNlZQeDgzanJXMEUtLXRsSDVDalFBbzhFdVNOMnltY2sxcUE9PQ==?cid=294625424 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-22 06:37:50 UTC	834	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 06:37:50 GMT Content-Type: text/html; charset=utf-8 Content-Length: 172080 Connection: close X-Frame-Options: SAMEORIGIN X-XSS-Protection: 0 X-Content-Type-Options: nosniff X-Permitted-Cross-Domain-Policies: none Referrer-Policy: no-referrer-when-downgrade Link: </assets/landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css>; rel=preload; as=style; nopush,</assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js>; rel=preload; as=script; nopush ETag: W/"b371c9adf7c3c4066371a37f45f672ca" Cache-Control: max-age=0, private, must-revalidate Content-Security-Policy: X-Request-Id: fee6f743-78b8-4b6d-8838-d41a2c3bfc41 X-Runtime: 1.308885 Strict-Transport-Security: max-age=63113904; includeSubDomains; preload
2024-11-22 06:37:50 UTC	15550	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 49 4d 50 4f 52 54 41 4e 54 22 20 63 6f 6e 74 65 6e 74 3d 22 54 68 69 73 20 70 61 67 65 20 69 73 20 70 61 72 74 20 6f 66 20 61 20 73 69 6d 75 6c 61 74 65 64 20 70 68 69 73 68 69 6e 67 20 61 74 74 61 63 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"> <meta name="IMPORTANT" content="This page is part of a simulated phishing attac
2024-11-22 06:37:51 UTC	16384	IN	Data Raw: 78 2f 48 35 4c 59 53 5a 79 52 4f 43 63 48 4f 38 52 4f 47 51 53 43 44 30 43 63 4f 43 59 6c 70 43 6d 51 59 36 50 41 61 41 69 45 48 41 73 4d 6c 61 34 55 57 4d 68 57 61 57 75 33 48 75 67 42 47 47 74 58 74 48 56 74 31 51 4d 6f 46 53 75 74 57 6e 58 61 74 4b 30 48 72 57 71 6c 37 72 4b 37 57 4b 46 54 4e 37 55 4e 57 61 55 52 4c 6f 4b 45 76 51 76 6b 67 4c 52 75 54 56 49 6e 66 38 64 2b 76 57 37 74 69 36 2f 39 2f 48 33 78 36 4f 33 76 37 79 63 41 41 77 41 41 6e 4b 5a 35 37 65 33 5a 74 66 75 4f 7a 4a 6b 7a 4a 34 6b 74 59 4d 62 58 33 49 76 6d 5a 73 75 32 37 65 6e 73 37 4b 72 33 4b 41 41 41 41 46 7a 41 42 47 41 41 41 49 44 54 56 46 56 56 31 74 2f 77 6c 67 77 4e 44 36 66 42 68 69 62 6a 70 43 69 4b 4e 44 55 31 5a 33 6a 64 6d 37 4e 2b 77 38 59 30 4e 6a 58 56 65 79 51 41 41 Data Ascii: x/H5LYSZyROCcHO8ROGQSCD0CcOCYlpCmQY6PAaAiEHAsMla4UWMhWaWu3HugBGGtXtHVt1QMoFSutWnXatK0HrWql7rK7WKFTN7UNWaURLoKEvQvkgLRuTVInf8d+vW7ti6/9/H3x6O3v7ycAAwAAnKZ57e3ZtfuOzJkzJ4ktYMbX3IvmZsu27ens7Kr3KAAAAFzABGAAAIDTVFVV1t/wlgwND6fBhibjpCiKNDU1Z3jdm7N+w8Y0NjXVeyQAA
2024-11-22 06:37:51 UTC	56	IN	Data Raw: 78 2b 2f 41 6a 39 2b 2f 54 45 75 4e 45 6a 35 66 70 69 5a 32 5a 6d 42 69 4d 6a 32 53 74 6f 57 65 6d 68 68 54 5a 71 7a 46 69 46 56 76 49 43 6e 33 2b 58 42 67 59 47 43 68 Data Ascii: x+/Aj9+/TEuNEj5fpiZ2ZmBiMj2StoWemhhTZqzFiFVvICn3+XBgYGCh
2024-11-22 06:37:51 UTC	16384	IN	Data Raw: 30 6a 35 62 6b 57 54 55 79 34 5a 7a 41 72 79 6f 7a 6e 57 70 53 71 65 43 32 4b 43 64 38 44 57 62 36 4a 47 77 55 5a 33 77 4e 66 43 33 4e 78 2f 65 35 6d 2f 44 49 5a 57 56 6d 30 4d 75 63 4c 76 73 2b 73 6e 4a 78 63 51 64 76 54 68 33 75 67 72 4f 74 6e 32 50 43 52 4b 46 71 73 47 4f 63 78 2f 39 79 2b 68 57 30 68 57 2f 4f 39 4c 6c 54 66 51 32 69 37 64 2b 33 38 32 74 66 59 74 47 45 64 64 75 2f 61 69 57 74 58 72 38 67 31 2b 47 74 74 62 59 4d 52 50 34 2f 57 51 4a 53 36 7a 38 76 48 46 38 48 62 64 36 47 55 73 37 4e 43 78 36 57 6c 70 6d 4c 2b 33 46 6e 6f 32 4b 34 31 5a 78 70 6a 38 71 33 76 33 35 63 47 42 67 61 59 50 48 55 36 38 7a 32 32 4c 57 53 72 7a 42 54 41 69 76 62 74 38 75 4b 62 4e 47 4e 74 6f 35 6e 73 4e 6b 4c 53 74 2b 76 34 34 38 66 50 67 37 50 56 71 74 66 67 76 Data Ascii: 0j5bkWTUy4ZzAryoznWpSqeC2KCd8DWb6JGwUZ3wNfC3Nx/e5m/DIZWVm0MucLvs+snJxcQdvTh3ugrOtn2PCRKFqsGOcx/9y+hW0hW/O9LlTfQ2i7d+382tfYtGEddu/aiWtXr8g1+GttbYMRP4/WQJS6z8vHF8Hbd6GUs7NCx6WlpmL+3Fno2K41Zxpj8q3v35cGBgaYPHU68z22LWSrzBTAivbt8uKbNGNto5nsNkLSt+v448fPg7PVqtfgv
2024-11-22 06:37:51 UTC	16384	IN	Data Raw: 72 58 33 47 56 52 56 65 62 62 69 74 44 5a 68 4e 63 2f 67 72 48 76 35 75 57 4b 4d 58 4f 48 6f 31 34 6a 44 32 68 71 61 53 49 2f 4c 78 2b 50 62 7a 37 44 35 69 57 37 38 4f 56 44 6e 45 72 37 4a 59 2b 38 55 57 52 65 6c 6f 61 76 76 7a 64 36 6a 2f 67 46 64 58 33 63 47 54 6d 53 6e 5a 6d 44 31 34 47 68 4f 50 76 76 52 64 79 37 38 6b 6a 73 6d 67 34 39 32 2b 43 6e 58 39 73 53 78 77 5a 4e 37 49 74 65 51 37 73 42 41 4a 37 65 44 73 43 36 50 37 65 55 2b 39 6d 4b 36 4b 34 56 76 61 35 55 56 4a 38 57 6c 6e 6e 48 64 70 37 43 71 58 33 6e 34 64 61 67 4e 6b 62 4e 47 67 4b 76 4a 70 37 51 31 4e 4c 45 72 72 2f 33 45 33 4f 33 70 70 59 6d 65 67 33 70 68 67 36 39 32 71 43 57 65 30 32 6d 66 46 64 53 66 44 4b 65 33 41 37 45 76 78 76 2f 77 2b 66 33 58 34 6a 50 55 61 58 39 52 56 33 36 74 Data Ascii: rX3GVRVebbitDZhNc/grHv5uWKMXOHo14jD2hqaSI/Lx+Pbz7D5iW78OVDnEr7JY+8UWReloavvzd6j/gFdX3cGTmSnZmD14GhOPvvRdy78kjsmg492+CnX9sSxwZN7IteQ7sBAJ7eDsC6P7eU+9mK6K4Vva5UVJ8WlnnHdp7CqX3n4dagNkbNGgKvJp7Q1NLErr/3E3O3ppYmeg3phg692qCWe02mfFdSfDKe3A7Evxv/w+f3X4jPUaX9RV36t
2024-11-22 06:37:51 UTC	16384	IN	Data Raw: 78 6c 55 46 54 4f 62 56 6d 36 43 79 66 33 6e 42 56 62 72 33 79 4b 2b 59 49 46 59 35 5a 6a 37 39 71 44 43 48 77 67 58 67 65 38 4b 6c 42 56 35 6c 74 31 36 57 77 33 7a 39 37 46 35 73 55 37 78 54 37 6e 31 64 4d 51 54 4f 30 33 57 79 79 6a 68 37 70 31 53 58 6e 6d 5a 57 6e 38 50 57 4d 39 6c 6b 35 61 52 64 52 45 46 5a 41 59 6e 34 54 39 47 77 35 6a 66 4d 38 5a 4b 6c 38 33 71 6b 70 33 56 65 57 36 55 74 33 36 64 45 70 69 4b 73 5a 30 6d 34 70 64 71 2f 37 46 6c 77 39 78 45 73 2f 35 46 50 4d 46 68 7a 59 66 51 2f 4c 58 38 6a 4d 59 79 59 75 36 39 4f 75 41 65 79 38 51 45 52 4a 46 7a 4e 73 43 38 6e 4c 7a 63 65 66 69 66 59 7a 37 5a 56 71 5a 36 77 70 4a 2f 5a 6f 31 5a 43 46 32 72 4e 79 48 2b 45 2f 69 4e 71 32 43 2f 41 4c 63 76 66 77 51 77 63 39 4b 39 64 75 71 72 42 74 4a 51 Data Ascii: xlUFTObVm6Cyf3nBVbr3yK+YIFY5Zj79qDCHwgXge8KlBV5lt16Ww3z97F5sU7xT7n1dMQTO03Wyyjh7p1SXnmZWn8PWM9lk5aRdREFZAYn4T9Gw5jfM8ZKl83qkp3VeW6Ut36dEpiKsZ0m4pdq/7Flw9xEs/5FPMFhzYfQ/LX8jMYyYu69OuAey8QERJFzNsC8nLzcefifYz7ZVqZ6wpJ/Zo1ZCF2rNyH+E/iNq2C/ALcvfwQwc9K9duqrBtJQ
2024-11-22 06:37:51 UTC	16384	IN	Data Raw: 54 44 6f 48 46 39 79 66 62 37 31 38 48 59 73 59 78 57 39 43 73 7a 35 73 76 44 75 78 63 42 59 76 76 65 76 67 69 67 76 4e 49 71 75 37 73 55 4f 62 34 38 2f 38 39 58 62 46 39 45 61 43 54 63 36 6c 59 6a 32 38 4b 65 37 4e 4a 49 53 55 70 46 69 48 38 6f 36 65 50 30 39 48 55 78 65 2f 30 30 44 4a 30 34 41 4a 65 4f 58 63 66 35 51 35 64 6c 79 73 57 70 79 6a 4a 4a 51 74 35 78 54 6a 51 4d 71 36 6c 49 58 54 51 57 47 70 65 45 46 79 31 49 51 35 6d 32 4b 5a 70 6a 56 6b 42 73 5a 46 79 52 58 76 45 76 6e 37 79 6d 74 69 50 44 6f 70 43 64 6c 51 4d 39 66 66 35 37 7a 4d 2f 4c 70 78 59 77 43 49 34 52 52 6b 64 58 63 70 74 78 71 47 69 50 32 67 31 71 77 74 36 70 48 49 78 4e 6a 61 43 6e 72 30 75 39 45 77 42 69 75 5a 4f 56 51 5a 55 79 73 54 43 71 65 49 34 58 39 31 36 4b 37 59 73 4b 2f Data Ascii: TDoHF9yfb718HYsYxW9Csz5svDuxcBYvvevgigvNIqu7sUOb48/89XbF9EaCTc6lYj28Ke7NJISUpFiH8o6eP09HUxe/00DJ04AJeOXcf5Q5dlysWpyjJJQt5xTjQMq6lIXTQWGpeEFy1IQ5m2KZpjVkBsZFyRXvEvn7ymtiPDopCdlQM9ff57zM/LpxYwCI4RRkdXcptxqGiP2g1qwt6pHIxNjaCnr0u9EwBiuZOVQZUysTCqeI4X916K7YsK/
2024-11-22 06:37:51 UTC	16384	IN	Data Raw: 31 35 42 43 61 6d 4a 70 69 36 65 49 4a 6f 57 64 62 47 62 62 32 31 69 71 65 54 65 32 38 34 75 7a 6c 68 32 36 6e 31 77 72 45 7a 67 52 66 77 32 64 41 76 74 50 32 54 38 50 76 61 6e 64 69 38 38 6e 65 6b 70 61 61 6a 31 39 42 75 6d 4c 7a 77 59 36 48 50 76 57 35 31 56 4b 68 6f 68 38 67 58 55 56 72 4e 35 56 70 54 58 46 45 35 6f 50 6b 49 6f 58 72 57 31 73 45 47 58 54 37 6f 67 50 69 59 68 45 4c 33 65 64 32 34 59 68 73 32 72 74 69 47 52 54 2f 4e 46 56 56 4b 6a 2b 34 36 55 55 68 59 46 53 53 76 4b 6a 6f 32 4f 67 36 58 54 6c 35 46 35 49 73 6f 78 45 53 4b 45 31 64 62 2f 66 77 68 4e 35 62 68 38 4f 37 6a 6f 71 57 75 57 33 56 75 68 6d 39 2b 6e 53 2b 30 6d 37 56 76 6a 46 2b 58 62 79 33 30 6d 67 58 5a 39 73 4d 4f 62 46 6d 39 48 57 6d 70 36 58 68 76 59 43 64 4d 2b 2f 6f 54 59 Data Ascii: 15BCamJpi6eIJoWdbGbb21iqeTe284uzlh26n1wrEzgRfw2dAvtP2T8Pvandi88nekpaaj19BumLzwY6HPvW51VKhoh8gXUVrN5VpTXFE5oPkIoXrW1sEGXT7ogPiYhEL3ed24Yhs2rtiGRT/NFVVKj+46UUhYFSSvKjo2Og6XTl5F5IsoxESKE1db/fwhN5bh8O7joqWuW3Vuhm9+nS+0m7VvjF+Xby30mgXZ9sMObFm9HWmp6XhvYCdM+/oTY
2024-11-22 06:37:51 UTC	16384	IN	Data Raw: 51 75 58 37 72 49 48 4f 2f 58 74 42 6b 41 59 50 66 4f 33 2f 48 7a 6c 68 2f 56 4f 70 79 4a 38 50 45 54 37 32 75 61 55 70 6e 50 76 51 52 42 45 4b 38 37 4a 41 41 54 42 46 45 39 71 61 52 7a 41 5a 6d 68 44 46 34 42 44 65 44 52 31 67 56 75 4c 52 31 68 57 62 64 71 6f 6e 6f 72 6d 33 70 65 64 71 6a 6e 5a 59 66 57 2f 55 73 4f 72 4f 4b 6a 6e 2b 4c 47 34 55 68 63 33 48 4d 54 2b 54 6e 73 69 42 79 43 49 41 69 43 49 46 34 4e 57 4f 6b 76 79 30 63 34 4a 4d 54 48 53 77 35 73 6d 37 64 6f 67 64 71 31 61 77 76 6e 46 67 6e 41 6d 74 5a 51 36 39 6a 70 44 61 37 59 6b 70 36 65 6a 72 54 55 56 47 48 36 78 49 54 34 65 49 77 66 38 37 35 51 6c 4f 4f 52 6b 35 4f 44 36 56 4d 2b 67 6c 34 4e 50 66 54 75 30 31 66 72 38 5a 72 53 75 6b 31 62 70 67 43 73 4c 43 78 45 53 45 67 77 32 72 5a 72 6a Data Ascii: QuX7rIHO/XtBkAYPfO3/Hzlh/VOpyJ8PET72uaUpnPvQRBEK87JAATBFE9qaRzAZmhDF4BDeDR1gVuLR1hWbdqonorm3pedqjnZYfW/UsOrOKjn+LG4Uhc3HMT+TnsiByCIAiCIF4NWOkvy0c4JMTHSw5sm7dogdq1awvnFgnAmtZQ69jpDa7Ykp6ejrTUVGH6xIT4eIwf875QlOORk5OD6VM+gl4NPfTu01fr8ZrSuk1bpgCsLCxESEgw2rZrj
2024-11-22 06:37:51 UTC	16384	IN	Data Raw: 31 74 38 54 42 6e 37 6c 2f 51 4d 54 6c 5a 64 35 37 52 61 4d 4b 6b 4b 63 39 6a 39 75 74 2f 77 6f 58 7a 35 32 33 47 41 34 4f 43 45 42 32 6a 58 65 37 63 31 66 4f 6a 35 38 45 42 44 2b 4f 75 75 2b 39 78 65 58 74 41 6e 45 55 73 79 7a 4b 65 47 50 6c 6b 76 66 5a 50 52 45 54 36 32 41 4f 59 69 4a 71 46 6d 44 73 6a 6b 62 76 72 6a 4f 5a 34 39 70 59 6a 69 45 78 32 72 4d 77 67 58 56 64 78 74 52 4c 48 64 70 30 57 7a 6f 6d 35 55 33 78 58 4e 52 45 52 45 54 56 50 7a 67 51 6f 76 4c 79 38 34 4f 66 6e 44 2f 38 41 66 37 51 4f 62 34 50 45 78 43 53 30 37 39 41 42 76 58 72 66 33 61 41 5a 58 38 39 4f 6d 49 68 37 37 2b 2b 44 4a 59 76 6d 34 38 76 50 50 39 66 73 68 32 67 79 56 66 58 59 65 33 54 51 59 50 54 70 32 38 2b 68 4d 71 41 4e 61 61 2f 67 44 64 65 47 36 4b 4d 49 41 4a 47 52 62 Data Ascii: 1t8TBn7l/QMTlZd57RaMKkKc9j9ut/woXz523GA4OCEB2jXe7c1fOj58EBD+Ouu+9xeXtAnEUsyzKeGPlkvfZPRET62AOYiJqFmDsjkbvrjOZ49pYjiEx2rMwgXVdxtRLHdp0Wzom5U3xXNRERETVPzgQovLy84OfnD/8Af7QOb4PExCS079ABvXrf3aAZX89OmIh77++DJYvm48vPP9fsh2gyVfXYe3TQYPTp28+hMqANaa/gDdeG6KMIAJGRb

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.16	49704	46.137.49.168	443	6604	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-22 06:37:50 UTC	1052	OUT	GET /assets/landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css HTTP/1.1 Host: secure.encryptedconnection.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://secure.encryptedconnection.net/pages/ea3b295c08f691a7ad8d850d0f81bcf6/XT2VkOUF6UWhJRkJORWRibzhzMytNYjdrNS9teUZ4OEhhK3BwL2pVdGJ6b3JVOHpQdlFFU1pVSDVwZC9ObHAzN2ptMTRIald2TXl0dXh0VEFrYzlWbTU4eU9qdTAycjN0VVRRalNHOVJzSkIzcm9hTDFRYnhOU2xkSVYrV2RLRjJ2dk9ITUdnRldMR2hKYzJsb0NuQWJTNG1rSjFaeEpyVDBsS1pYcWpsVTh5bThKUENydWxvcjdmbWR1ZkdvbjRzaElWWUFEMXN4R3ZKcXZaa3NzWnZ2N3ZBS3VjUUcwdz0tLXBNenBsNlZQeDgzanJXMEUtLXRsSDVDalFBbzhFdVNOMnltY2sxcUE9PQ== Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-22 06:37:51 UTC	263	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 06:37:51 GMT Content-Type: text/css Content-Length: 1471 Connection: close Last-Modified: Thu, 21 Nov 2024 22:06:37 GMT Vary: accept-encoding Strict-Transport-Security: max-age=63113904; includeSubDomains; preload
2024-11-22 06:37:51 UTC	1471	IN	Data Raw: 2f 2a 20 6c 69 6e 65 20 31 2c 20 61 70 70 2f 61 73 73 65 74 73 2f 73 74 79 6c 65 73 68 65 65 74 73 2f 6c 61 6e 64 69 6e 67 2d 77 61 74 65 72 6d 61 72 6b 2e 73 63 73 73 20 2a 2f 0a 2e 77 61 74 65 72 6d 61 72 6b 20 7b 0a 20 20 2d 77 65 62 6b 69 74 2d 77 72 69 74 69 6e 67 2d 6d 6f 64 65 3a 20 76 65 72 74 69 63 61 6c 2d 72 6c 3b 0a 20 20 20 20 20 20 2d 6d 73 2d 77 72 69 74 69 6e 67 2d 6d 6f 64 65 3a 20 74 62 2d 72 6c 3b 0a 20 20 20 20 20 20 20 20 20 20 77 72 69 74 69 6e 67 2d 6d 6f 64 65 3a 20 76 65 72 74 69 63 61 6c 2d 72 6c 3b 0a 20 20 74 65 78 74 2d 6f 72 69 65 6e 74 61 74 69 6f 6e 3a 20 73 69 64 65 77 61 79 73 3b 0a 7d 0a 0a 2f 2a 20 6c 69 6e 65 20 34 2c 20 61 70 70 2f 61 73 73 65 74 73 2f 73 74 79 6c 65 73 68 65 65 74 73 2f 6c 61 6e 64 69 6e 67 2d 77 61 Data Ascii: /* line 1, app/assets/stylesheets/landing-watermark.scss /.watermark { -webkit-writing-mode: vertical-rl; -ms-writing-mode: tb-rl; writing-mode: vertical-rl; text-orientation: sideways;}/ line 4, app/assets/stylesheets/landing-wa

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.16	49707	23.218.208.109	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 06:37:50 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-22 06:37:51 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF17) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=122920 Date: Fri, 22 Nov 2024 06:37:51 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.16	49708	46.137.49.168	443	6604	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-22 06:37:52 UTC	1031	OUT	GET /assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js HTTP/1.1 Host: secure.encryptedconnection.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://secure.encryptedconnection.net/pages/ea3b295c08f691a7ad8d850d0f81bcf6/XT2VkOUF6UWhJRkJORWRibzhzMytNYjdrNS9teUZ4OEhhK3BwL2pVdGJ6b3JVOHpQdlFFU1pVSDVwZC9ObHAzN2ptMTRIald2TXl0dXh0VEFrYzlWbTU4eU9qdTAycjN0VVRRalNHOVJzSkIzcm9hTDFRYnhOU2xkSVYrV2RLRjJ2dk9ITUdnRldMR2hKYzJsb0NuQWJTNG1rSjFaeEpyVDBsS1pYcWpsVTh5bThKUENydWxvcjdmbWR1ZkdvbjRzaElWWUFEMXN4R3ZKcXZaa3NzWnZ2N3ZBS3VjUUcwdz0tLXBNenBsNlZQeDgzanJXMEUtLXRsSDVDalFBbzhFdVNOMnltY2sxcUE9PQ== Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-22 06:37:53 UTC	279	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 06:37:52 GMT Content-Type: application/javascript Content-Length: 380848 Connection: close Last-Modified: Thu, 21 Nov 2024 22:06:37 GMT Vary: accept-encoding Strict-Transport-Security: max-age=63113904; includeSubDomains; preload
2024-11-22 06:37:53 UTC	16105	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 37 2e 31 20 7c 20 28 63 29 20 4f 70 65 6e 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 Data Ascii: /! jQuery v3.7.1 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQu
2024-11-22 06:37:53 UTC	16384	IN	Data Raw: 4e 61 6d 65 29 7d 2c 69 6e 70 75 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 4e 2e 74 65 73 74 28 65 2e 6e 6f 64 65 4e 61 6d 65 29 7d 2c 62 75 74 74 6f 6e 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 66 65 28 65 2c 22 69 6e 70 75 74 22 29 26 26 22 62 75 74 74 6f 6e 22 3d 3d 3d 65 2e 74 79 70 65 7c 7c 66 65 28 65 2c 22 62 75 74 74 6f 6e 22 29 7d 2c 74 65 78 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3b 72 65 74 75 72 6e 20 66 65 28 65 2c 22 69 6e 70 75 74 22 29 26 26 22 74 65 78 74 22 3d 3d 3d 65 2e 74 79 70 65 26 26 28 6e 75 6c 6c 3d 3d 28 74 3d 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 74 79 70 65 22 29 29 7c 7c 22 74 65 78 74 22 3d 3d 3d 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 7d 2c 66 69 72 Data Ascii: Name)},input:function(e){return N.test(e.nodeName)},button:function(e){return fe(e,"input")&&"button"===e.type\|\|fe(e,"button")},text:function(e){var t;return fe(e,"input")&&"text"===e.type&&(null==(t=e.getAttribute("type"))\|\|"text"===t.toLowerCase())},fir
2024-11-22 06:37:53 UTC	56	IN	Data Raw: 28 65 2c 6e 29 7c 7c 5f 2e 61 63 63 65 73 73 28 65 2c 6e 2c 7b 65 6d 70 74 79 3a 63 65 2e 43 61 6c 6c 62 61 63 6b 73 28 22 6f 6e 63 65 20 6d 65 6d 6f 72 79 22 29 2e 61 Data Ascii: (e,n)\|\|_.access(e,n,{empty:ce.Callbacks("once memory").a
2024-11-22 06:37:53 UTC	16384	IN	Data Raw: 64 64 28 66 75 6e 63 74 69 6f 6e 28 29 7b 5f 2e 72 65 6d 6f 76 65 28 65 2c 5b 74 2b 22 71 75 65 75 65 22 2c 6e 5d 29 7d 29 7d 29 7d 7d 29 2c 63 65 2e 66 6e 2e 65 78 74 65 6e 64 28 7b 71 75 65 75 65 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 29 7b 76 61 72 20 65 3d 32 3b 72 65 74 75 72 6e 22 73 74 72 69 6e 67 22 21 3d 74 79 70 65 6f 66 20 74 26 26 28 6e 3d 74 2c 74 3d 22 66 78 22 2c 65 2d 2d 29 2c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3c 65 3f 63 65 2e 71 75 65 75 65 28 74 68 69 73 5b 30 5d 2c 74 29 3a 76 6f 69 64 20 30 3d 3d 3d 6e 3f 74 68 69 73 3a 74 68 69 73 2e 65 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 63 65 2e 71 75 65 75 65 28 74 68 69 73 2c 74 2c 6e 29 3b 63 65 2e 5f 71 75 65 75 65 48 6f 6f 6b 73 28 74 68 69 73 2c 74 29 Data Ascii: dd(function(){_.remove(e,[t+"queue",n])})})}}),ce.fn.extend({queue:function(t,n){var e=2;return"string"!=typeof t&&(n=t,t="fx",e--),arguments.length<e?ce.queue(this[0],t):void 0===n?this:this.each(function(){var e=ce.queue(this,t,n);ce._queueHooks(this,t)
2024-11-22 06:37:53 UTC	16384	IN	Data Raw: 74 68 69 73 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 63 65 2e 69 6e 41 72 72 61 79 28 74 68 69 73 2c 6e 29 3c 30 26 26 28 63 65 2e 63 6c 65 61 6e 44 61 74 61 28 53 65 28 74 68 69 73 29 29 2c 74 26 26 74 2e 72 65 70 6c 61 63 65 43 68 69 6c 64 28 65 2c 74 68 69 73 29 29 7d 2c 6e 29 7d 7d 29 2c 63 65 2e 65 61 63 68 28 7b 61 70 70 65 6e 64 54 6f 3a 22 61 70 70 65 6e 64 22 2c 70 72 65 70 65 6e 64 54 6f 3a 22 70 72 65 70 65 6e 64 22 2c 69 6e 73 65 72 74 42 65 66 6f 72 65 3a 22 62 65 66 6f 72 65 22 2c 69 6e 73 65 72 74 41 66 74 65 72 3a 22 61 66 74 65 72 22 2c 72 65 70 6c 61 63 65 41 6c 6c 3a 22 72 65 70 6c 61 63 65 57 69 74 68 22 7d 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 61 29 7b 63 65 2e 66 6e 5b 65 5d 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 Data Ascii: this.parentNode;ce.inArray(this,n)<0&&(ce.cleanData(Se(this)),t&&t.replaceChild(e,this))},n)}}),ce.each({appendTo:"append",prependTo:"prepend",insertBefore:"before",insertAfter:"after",replaceAll:"replaceWith"},function(e,a){ce.fn[e]=function(e){for(var t
2024-11-22 06:37:53 UTC	16384	IN	Data Raw: 28 72 3d 69 2e 73 65 74 28 65 2c 6e 2c 74 29 29 3f 72 3a 65 5b 74 5d 3d 6e 3a 69 26 26 22 67 65 74 22 69 6e 20 69 26 26 6e 75 6c 6c 21 3d 3d 28 72 3d 69 2e 67 65 74 28 65 2c 74 29 29 3f 72 3a 65 5b 74 5d 7d 2c 70 72 6f 70 48 6f 6f 6b 73 3a 7b 74 61 62 49 6e 64 65 78 3a 7b 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 63 65 2e 66 69 6e 64 2e 61 74 74 72 28 65 2c 22 74 61 62 69 6e 64 65 78 22 29 3b 72 65 74 75 72 6e 20 74 3f 70 61 72 73 65 49 6e 74 28 74 2c 31 30 29 3a 62 74 2e 74 65 73 74 28 65 2e 6e 6f 64 65 4e 61 6d 65 29 7c 7c 77 74 2e 74 65 73 74 28 65 2e 6e 6f 64 65 4e 61 6d 65 29 26 26 65 2e 68 72 65 66 3f 30 3a 2d 31 7d 7d 7d 2c 70 72 6f 70 46 69 78 3a 7b 22 66 6f 72 22 3a 22 68 74 6d 6c 46 6f 72 22 2c 22 63 6c 61 73 73 22 3a 22 Data Ascii: (r=i.set(e,n,t))?r:e[t]=n:i&&"get"in i&&null!==(r=i.get(e,t))?r:e[t]},propHooks:{tabIndex:{get:function(e){var t=ce.find.attr(e,"tabindex");return t?parseInt(t,10):bt.test(e.nodeName)\|\|wt.test(e.nodeName)&&e.href?0:-1}}},propFix:{"for":"htmlFor","class":"
2024-11-22 06:37:53 UTC	16384	IN	Data Raw: 65 66 69 6c 74 65 72 28 22 6a 73 6f 6e 20 6a 73 6f 6e 70 22 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 76 61 72 20 72 2c 69 2c 6f 2c 61 3d 21 31 21 3d 3d 65 2e 6a 73 6f 6e 70 26 26 28 5a 74 2e 74 65 73 74 28 65 2e 75 72 6c 29 3f 22 75 72 6c 22 3a 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 65 2e 64 61 74 61 26 26 30 3d 3d 3d 28 65 2e 63 6f 6e 74 65 6e 74 54 79 70 65 7c 7c 22 22 29 2e 69 6e 64 65 78 4f 66 28 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 77 77 77 2d 66 6f 72 6d 2d 75 72 6c 65 6e 63 6f 64 65 64 22 29 26 26 5a 74 2e 74 65 73 74 28 65 2e 64 61 74 61 29 26 26 22 64 61 74 61 22 29 3b 69 66 28 61 7c 7c 22 6a 73 6f 6e 70 22 3d 3d 3d 65 2e 64 61 74 61 54 79 70 65 73 5b 30 5d 29 72 65 74 75 72 6e 20 72 3d 65 2e 6a 73 6f 6e 70 43 61 6c Data Ascii: efilter("json jsonp",function(e,t,n){var r,i,o,a=!1!==e.jsonp&&(Zt.test(e.url)?"url":"string"==typeof e.data&&0===(e.contentType\|\|"").indexOf("application/x-www-form-urlencoded")&&Zt.test(e.data)&&"data");if(a\|\|"jsonp"===e.dataTypes[0])return r=e.jsonpCal
2024-11-22 06:37:53 UTC	16384	IN	Data Raw: 74 65 72 22 2c 69 5b 31 5d 3d 6c 2e 74 65 73 74 28 69 5b 31 5d 29 3f 69 5b 31 5d 3a 22 63 65 6e 74 65 72 22 2c 74 3d 68 2e 65 78 65 63 28 69 5b 30 5d 29 2c 65 3d 68 2e 65 78 65 63 28 69 5b 31 5d 29 2c 77 5b 74 68 69 73 5d 3d 5b 74 3f 74 5b 30 5d 3a 30 2c 65 3f 65 5b 30 5d 3a 30 5d 2c 75 5b 74 68 69 73 5d 3d 5b 63 2e 65 78 65 63 28 69 5b 30 5d 29 5b 30 5d 2c 63 2e 65 78 65 63 28 69 5b 31 5d 29 5b 30 5d 5d 7d 29 2c 31 3d 3d 3d 79 2e 6c 65 6e 67 74 68 26 26 28 79 5b 31 5d 3d 79 5b 30 5d 29 2c 22 72 69 67 68 74 22 3d 3d 3d 75 2e 61 74 5b 30 5d 3f 6d 2e 6c 65 66 74 2b 3d 70 3a 22 63 65 6e 74 65 72 22 3d 3d 3d 75 2e 61 74 5b 30 5d 26 26 28 6d 2e 6c 65 66 74 2b 3d 70 2f 32 29 2c 22 62 6f 74 74 6f 6d 22 3d 3d 3d 75 2e 61 74 5b 31 5d 3f 6d 2e 74 6f 70 2b 3d 66 3a Data Ascii: ter",i[1]=l.test(i[1])?i[1]:"center",t=h.exec(i[0]),e=h.exec(i[1]),w[this]=[t?t[0]:0,e?e[0]:0],u[this]=[c.exec(i[0])[0],c.exec(i[1])[0]]}),1===y.length&&(y[1]=y[0]),"right"===u.at[0]?m.left+=p:"center"===u.at[0]&&(m.left+=p/2),"bottom"===u.at[1]?m.top+=f:
2024-11-22 06:37:53 UTC	16384	IN	Data Raw: 66 66 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 74 68 69 73 2e 6f 66 66 73 65 74 50 61 72 65 6e 74 2e 6f 66 66 73 65 74 28 29 2c 65 3d 74 68 69 73 2e 64 6f 63 75 6d 65 6e 74 5b 30 5d 3b 72 65 74 75 72 6e 22 61 62 73 6f 6c 75 74 65 22 3d 3d 3d 74 68 69 73 2e 63 73 73 50 6f 73 69 74 69 6f 6e 26 26 74 68 69 73 2e 73 63 72 6f 6c 6c 50 61 72 65 6e 74 5b 30 5d 21 3d 3d 65 26 26 56 2e 63 6f 6e 74 61 69 6e 73 28 74 68 69 73 2e 73 63 72 6f 6c 6c 50 61 72 65 6e 74 5b 30 5d 2c 74 68 69 73 2e 6f 66 66 73 65 74 50 61 72 65 6e 74 5b 30 5d 29 26 26 28 74 2e 6c 65 66 74 2b 3d 74 68 69 73 2e 73 63 72 6f 6c 6c 50 61 72 65 6e 74 2e 73 63 72 6f 6c 6c 4c 65 66 74 28 29 2c 74 2e 74 6f 70 2b 3d 74 68 69 73 2e 73 63 72 6f 6c 6c 50 61 72 65 6e 74 2e 73 63 72 Data Ascii: ffset:function(){var t=this.offsetParent.offset(),e=this.document[0];return"absolute"===this.cssPosition&&this.scrollParent[0]!==e&&V.contains(this.scrollParent[0],this.offsetParent[0])&&(t.left+=this.scrollParent.scrollLeft(),t.top+=this.scrollParent.scr
2024-11-22 06:37:53 UTC	16384	IN	Data Raw: 74 2e 6f 66 66 73 65 74 28 29 2c 6e 5b 69 5d 2e 70 72 6f 70 6f 72 74 69 6f 6e 73 28 7b 77 69 64 74 68 3a 6e 5b 69 5d 2e 65 6c 65 6d 65 6e 74 5b 30 5d 2e 6f 66 66 73 65 74 57 69 64 74 68 2c 68 65 69 67 68 74 3a 6e 5b 69 5d 2e 65 6c 65 6d 65 6e 74 5b 30 5d 2e 6f 66 66 73 65 74 48 65 69 67 68 74 7d 29 29 7d 7d 2c 64 72 6f 70 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 76 61 72 20 69 3d 21 31 3b 72 65 74 75 72 6e 20 56 2e 65 61 63 68 28 28 56 2e 75 69 2e 64 64 6d 61 6e 61 67 65 72 2e 64 72 6f 70 70 61 62 6c 65 73 5b 74 2e 6f 70 74 69 6f 6e 73 2e 73 63 6f 70 65 5d 7c 7c 5b 5d 29 2e 73 6c 69 63 65 28 29 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 6f 70 74 69 6f 6e 73 26 26 28 21 74 68 69 73 2e 6f 70 74 69 6f 6e 73 2e 64 69 73 61 62 6c 65 64 26 26 74 68 Data Ascii: t.offset(),n[i].proportions({width:n[i].element[0].offsetWidth,height:n[i].element[0].offsetHeight}))}},drop:function(t,e){var i=!1;return V.each((V.ui.ddmanager.droppables[t.options.scope]\|\|[]).slice(),function(){this.options&&(!this.options.disabled&&th

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.16	49709	23.218.208.109	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 06:37:52 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-22 06:37:53 UTC	535	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0WwMRYwAAAABe7whxSEuqSJRuLqzPsqCaTE9OMjFFREdFMTcxNQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y= Cache-Control: public, max-age=122869 Date: Fri, 22 Nov 2024 06:37:53 GMT Content-Length: 55 Connection: close X-CID: 2
2024-11-22 06:37:53 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.16	49710	20.109.210.53	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 06:37:55 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=k+1D+NM9AYctW85&MD=GtoPbtS1 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-22 06:37:55 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: ae45f06d-dc41-4684-b166-1b4c9dace844 MS-RequestId: 536876b5-3bdc-45ef-a51a-5894bfea3622 MS-CV: dt0Wl+m44Uike1PK.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 22 Nov 2024 06:37:54 GMT Connection: close Content-Length: 24490
2024-11-22 06:37:55 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-11-22 06:37:55 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.16	49711	46.137.49.168	443	6604	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-22 06:37:55 UTC	1016	OUT	GET /favicon.ico HTTP/1.1 Host: secure.encryptedconnection.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://secure.encryptedconnection.net/pages/ea3b295c08f691a7ad8d850d0f81bcf6/XT2VkOUF6UWhJRkJORWRibzhzMytNYjdrNS9teUZ4OEhhK3BwL2pVdGJ6b3JVOHpQdlFFU1pVSDVwZC9ObHAzN2ptMTRIald2TXl0dXh0VEFrYzlWbTU4eU9qdTAycjN0VVRRalNHOVJzSkIzcm9hTDFRYnhOU2xkSVYrV2RLRjJ2dk9ITUdnRldMR2hKYzJsb0NuQWJTNG1rSjFaeEpyVDBsS1pYcWpsVTh5bThKUENydWxvcjdmbWR1ZkdvbjRzaElWWUFEMXN4R3ZKcXZaa3NzWnZ2N3ZBS3VjUUcwdz0tLXBNenBsNlZQeDgzanJXMEUtLXRsSDVDalFBbzhFdVNOMnltY2sxcUE9PQ== Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-22 06:37:55 UTC	253	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 06:37:55 GMT Content-Type: image/vnd.microsoft.icon Content-Length: 0 Connection: close Last-Modified: Thu, 21 Nov 2024 22:07:29 GMT Strict-Transport-Security: max-age=63113904; includeSubDomains; preload

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.16	49712	52.48.171.10	443	6604	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-22 06:37:56 UTC	440	OUT	GET /assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js HTTP/1.1 Host: secure.encryptedconnection.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-22 06:37:56 UTC	279	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 06:37:56 GMT Content-Type: application/javascript Content-Length: 380848 Connection: close Last-Modified: Thu, 21 Nov 2024 22:06:37 GMT Vary: accept-encoding Strict-Transport-Security: max-age=63113904; includeSubDomains; preload
2024-11-22 06:37:56 UTC	16105	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 37 2e 31 20 7c 20 28 63 29 20 4f 70 65 6e 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 Data Ascii: /! jQuery v3.7.1 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQu
2024-11-22 06:37:56 UTC	16384	IN	Data Raw: 4e 61 6d 65 29 7d 2c 69 6e 70 75 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 4e 2e 74 65 73 74 28 65 2e 6e 6f 64 65 4e 61 6d 65 29 7d 2c 62 75 74 74 6f 6e 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 66 65 28 65 2c 22 69 6e 70 75 74 22 29 26 26 22 62 75 74 74 6f 6e 22 3d 3d 3d 65 2e 74 79 70 65 7c 7c 66 65 28 65 2c 22 62 75 74 74 6f 6e 22 29 7d 2c 74 65 78 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3b 72 65 74 75 72 6e 20 66 65 28 65 2c 22 69 6e 70 75 74 22 29 26 26 22 74 65 78 74 22 3d 3d 3d 65 2e 74 79 70 65 26 26 28 6e 75 6c 6c 3d 3d 28 74 3d 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 74 79 70 65 22 29 29 7c 7c 22 74 65 78 74 22 3d 3d 3d 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 7d 2c 66 69 72 Data Ascii: Name)},input:function(e){return N.test(e.nodeName)},button:function(e){return fe(e,"input")&&"button"===e.type\|\|fe(e,"button")},text:function(e){var t;return fe(e,"input")&&"text"===e.type&&(null==(t=e.getAttribute("type"))\|\|"text"===t.toLowerCase())},fir
2024-11-22 06:37:56 UTC	56	IN	Data Raw: 28 65 2c 6e 29 7c 7c 5f 2e 61 63 63 65 73 73 28 65 2c 6e 2c 7b 65 6d 70 74 79 3a 63 65 2e 43 61 6c 6c 62 61 63 6b 73 28 22 6f 6e 63 65 20 6d 65 6d 6f 72 79 22 29 2e 61 Data Ascii: (e,n)\|\|_.access(e,n,{empty:ce.Callbacks("once memory").a
2024-11-22 06:37:56 UTC	16384	IN	Data Raw: 64 64 28 66 75 6e 63 74 69 6f 6e 28 29 7b 5f 2e 72 65 6d 6f 76 65 28 65 2c 5b 74 2b 22 71 75 65 75 65 22 2c 6e 5d 29 7d 29 7d 29 7d 7d 29 2c 63 65 2e 66 6e 2e 65 78 74 65 6e 64 28 7b 71 75 65 75 65 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 29 7b 76 61 72 20 65 3d 32 3b 72 65 74 75 72 6e 22 73 74 72 69 6e 67 22 21 3d 74 79 70 65 6f 66 20 74 26 26 28 6e 3d 74 2c 74 3d 22 66 78 22 2c 65 2d 2d 29 2c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3c 65 3f 63 65 2e 71 75 65 75 65 28 74 68 69 73 5b 30 5d 2c 74 29 3a 76 6f 69 64 20 30 3d 3d 3d 6e 3f 74 68 69 73 3a 74 68 69 73 2e 65 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 63 65 2e 71 75 65 75 65 28 74 68 69 73 2c 74 2c 6e 29 3b 63 65 2e 5f 71 75 65 75 65 48 6f 6f 6b 73 28 74 68 69 73 2c 74 29 Data Ascii: dd(function(){_.remove(e,[t+"queue",n])})})}}),ce.fn.extend({queue:function(t,n){var e=2;return"string"!=typeof t&&(n=t,t="fx",e--),arguments.length<e?ce.queue(this[0],t):void 0===n?this:this.each(function(){var e=ce.queue(this,t,n);ce._queueHooks(this,t)
2024-11-22 06:37:56 UTC	16384	IN	Data Raw: 74 68 69 73 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 63 65 2e 69 6e 41 72 72 61 79 28 74 68 69 73 2c 6e 29 3c 30 26 26 28 63 65 2e 63 6c 65 61 6e 44 61 74 61 28 53 65 28 74 68 69 73 29 29 2c 74 26 26 74 2e 72 65 70 6c 61 63 65 43 68 69 6c 64 28 65 2c 74 68 69 73 29 29 7d 2c 6e 29 7d 7d 29 2c 63 65 2e 65 61 63 68 28 7b 61 70 70 65 6e 64 54 6f 3a 22 61 70 70 65 6e 64 22 2c 70 72 65 70 65 6e 64 54 6f 3a 22 70 72 65 70 65 6e 64 22 2c 69 6e 73 65 72 74 42 65 66 6f 72 65 3a 22 62 65 66 6f 72 65 22 2c 69 6e 73 65 72 74 41 66 74 65 72 3a 22 61 66 74 65 72 22 2c 72 65 70 6c 61 63 65 41 6c 6c 3a 22 72 65 70 6c 61 63 65 57 69 74 68 22 7d 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 61 29 7b 63 65 2e 66 6e 5b 65 5d 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 Data Ascii: this.parentNode;ce.inArray(this,n)<0&&(ce.cleanData(Se(this)),t&&t.replaceChild(e,this))},n)}}),ce.each({appendTo:"append",prependTo:"prepend",insertBefore:"before",insertAfter:"after",replaceAll:"replaceWith"},function(e,a){ce.fn[e]=function(e){for(var t
2024-11-22 06:37:57 UTC	16384	IN	Data Raw: 28 72 3d 69 2e 73 65 74 28 65 2c 6e 2c 74 29 29 3f 72 3a 65 5b 74 5d 3d 6e 3a 69 26 26 22 67 65 74 22 69 6e 20 69 26 26 6e 75 6c 6c 21 3d 3d 28 72 3d 69 2e 67 65 74 28 65 2c 74 29 29 3f 72 3a 65 5b 74 5d 7d 2c 70 72 6f 70 48 6f 6f 6b 73 3a 7b 74 61 62 49 6e 64 65 78 3a 7b 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 63 65 2e 66 69 6e 64 2e 61 74 74 72 28 65 2c 22 74 61 62 69 6e 64 65 78 22 29 3b 72 65 74 75 72 6e 20 74 3f 70 61 72 73 65 49 6e 74 28 74 2c 31 30 29 3a 62 74 2e 74 65 73 74 28 65 2e 6e 6f 64 65 4e 61 6d 65 29 7c 7c 77 74 2e 74 65 73 74 28 65 2e 6e 6f 64 65 4e 61 6d 65 29 26 26 65 2e 68 72 65 66 3f 30 3a 2d 31 7d 7d 7d 2c 70 72 6f 70 46 69 78 3a 7b 22 66 6f 72 22 3a 22 68 74 6d 6c 46 6f 72 22 2c 22 63 6c 61 73 73 22 3a 22 Data Ascii: (r=i.set(e,n,t))?r:e[t]=n:i&&"get"in i&&null!==(r=i.get(e,t))?r:e[t]},propHooks:{tabIndex:{get:function(e){var t=ce.find.attr(e,"tabindex");return t?parseInt(t,10):bt.test(e.nodeName)\|\|wt.test(e.nodeName)&&e.href?0:-1}}},propFix:{"for":"htmlFor","class":"
2024-11-22 06:37:57 UTC	16384	IN	Data Raw: 65 66 69 6c 74 65 72 28 22 6a 73 6f 6e 20 6a 73 6f 6e 70 22 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 76 61 72 20 72 2c 69 2c 6f 2c 61 3d 21 31 21 3d 3d 65 2e 6a 73 6f 6e 70 26 26 28 5a 74 2e 74 65 73 74 28 65 2e 75 72 6c 29 3f 22 75 72 6c 22 3a 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 65 2e 64 61 74 61 26 26 30 3d 3d 3d 28 65 2e 63 6f 6e 74 65 6e 74 54 79 70 65 7c 7c 22 22 29 2e 69 6e 64 65 78 4f 66 28 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 77 77 77 2d 66 6f 72 6d 2d 75 72 6c 65 6e 63 6f 64 65 64 22 29 26 26 5a 74 2e 74 65 73 74 28 65 2e 64 61 74 61 29 26 26 22 64 61 74 61 22 29 3b 69 66 28 61 7c 7c 22 6a 73 6f 6e 70 22 3d 3d 3d 65 2e 64 61 74 61 54 79 70 65 73 5b 30 5d 29 72 65 74 75 72 6e 20 72 3d 65 2e 6a 73 6f 6e 70 43 61 6c Data Ascii: efilter("json jsonp",function(e,t,n){var r,i,o,a=!1!==e.jsonp&&(Zt.test(e.url)?"url":"string"==typeof e.data&&0===(e.contentType\|\|"").indexOf("application/x-www-form-urlencoded")&&Zt.test(e.data)&&"data");if(a\|\|"jsonp"===e.dataTypes[0])return r=e.jsonpCal
2024-11-22 06:37:57 UTC	16384	IN	Data Raw: 74 65 72 22 2c 69 5b 31 5d 3d 6c 2e 74 65 73 74 28 69 5b 31 5d 29 3f 69 5b 31 5d 3a 22 63 65 6e 74 65 72 22 2c 74 3d 68 2e 65 78 65 63 28 69 5b 30 5d 29 2c 65 3d 68 2e 65 78 65 63 28 69 5b 31 5d 29 2c 77 5b 74 68 69 73 5d 3d 5b 74 3f 74 5b 30 5d 3a 30 2c 65 3f 65 5b 30 5d 3a 30 5d 2c 75 5b 74 68 69 73 5d 3d 5b 63 2e 65 78 65 63 28 69 5b 30 5d 29 5b 30 5d 2c 63 2e 65 78 65 63 28 69 5b 31 5d 29 5b 30 5d 5d 7d 29 2c 31 3d 3d 3d 79 2e 6c 65 6e 67 74 68 26 26 28 79 5b 31 5d 3d 79 5b 30 5d 29 2c 22 72 69 67 68 74 22 3d 3d 3d 75 2e 61 74 5b 30 5d 3f 6d 2e 6c 65 66 74 2b 3d 70 3a 22 63 65 6e 74 65 72 22 3d 3d 3d 75 2e 61 74 5b 30 5d 26 26 28 6d 2e 6c 65 66 74 2b 3d 70 2f 32 29 2c 22 62 6f 74 74 6f 6d 22 3d 3d 3d 75 2e 61 74 5b 31 5d 3f 6d 2e 74 6f 70 2b 3d 66 3a Data Ascii: ter",i[1]=l.test(i[1])?i[1]:"center",t=h.exec(i[0]),e=h.exec(i[1]),w[this]=[t?t[0]:0,e?e[0]:0],u[this]=[c.exec(i[0])[0],c.exec(i[1])[0]]}),1===y.length&&(y[1]=y[0]),"right"===u.at[0]?m.left+=p:"center"===u.at[0]&&(m.left+=p/2),"bottom"===u.at[1]?m.top+=f:
2024-11-22 06:37:57 UTC	16384	IN	Data Raw: 66 66 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 74 68 69 73 2e 6f 66 66 73 65 74 50 61 72 65 6e 74 2e 6f 66 66 73 65 74 28 29 2c 65 3d 74 68 69 73 2e 64 6f 63 75 6d 65 6e 74 5b 30 5d 3b 72 65 74 75 72 6e 22 61 62 73 6f 6c 75 74 65 22 3d 3d 3d 74 68 69 73 2e 63 73 73 50 6f 73 69 74 69 6f 6e 26 26 74 68 69 73 2e 73 63 72 6f 6c 6c 50 61 72 65 6e 74 5b 30 5d 21 3d 3d 65 26 26 56 2e 63 6f 6e 74 61 69 6e 73 28 74 68 69 73 2e 73 63 72 6f 6c 6c 50 61 72 65 6e 74 5b 30 5d 2c 74 68 69 73 2e 6f 66 66 73 65 74 50 61 72 65 6e 74 5b 30 5d 29 26 26 28 74 2e 6c 65 66 74 2b 3d 74 68 69 73 2e 73 63 72 6f 6c 6c 50 61 72 65 6e 74 2e 73 63 72 6f 6c 6c 4c 65 66 74 28 29 2c 74 2e 74 6f 70 2b 3d 74 68 69 73 2e 73 63 72 6f 6c 6c 50 61 72 65 6e 74 2e 73 63 72 Data Ascii: ffset:function(){var t=this.offsetParent.offset(),e=this.document[0];return"absolute"===this.cssPosition&&this.scrollParent[0]!==e&&V.contains(this.scrollParent[0],this.offsetParent[0])&&(t.left+=this.scrollParent.scrollLeft(),t.top+=this.scrollParent.scr
2024-11-22 06:37:57 UTC	16384	IN	Data Raw: 74 2e 6f 66 66 73 65 74 28 29 2c 6e 5b 69 5d 2e 70 72 6f 70 6f 72 74 69 6f 6e 73 28 7b 77 69 64 74 68 3a 6e 5b 69 5d 2e 65 6c 65 6d 65 6e 74 5b 30 5d 2e 6f 66 66 73 65 74 57 69 64 74 68 2c 68 65 69 67 68 74 3a 6e 5b 69 5d 2e 65 6c 65 6d 65 6e 74 5b 30 5d 2e 6f 66 66 73 65 74 48 65 69 67 68 74 7d 29 29 7d 7d 2c 64 72 6f 70 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 76 61 72 20 69 3d 21 31 3b 72 65 74 75 72 6e 20 56 2e 65 61 63 68 28 28 56 2e 75 69 2e 64 64 6d 61 6e 61 67 65 72 2e 64 72 6f 70 70 61 62 6c 65 73 5b 74 2e 6f 70 74 69 6f 6e 73 2e 73 63 6f 70 65 5d 7c 7c 5b 5d 29 2e 73 6c 69 63 65 28 29 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 6f 70 74 69 6f 6e 73 26 26 28 21 74 68 69 73 2e 6f 70 74 69 6f 6e 73 2e 64 69 73 61 62 6c 65 64 26 26 74 68 Data Ascii: t.offset(),n[i].proportions({width:n[i].element[0].offsetWidth,height:n[i].element[0].offsetHeight}))}},drop:function(t,e){var i=!1;return V.each((V.ui.ddmanager.droppables[t.options.scope]\|\|[]).slice(),function(){this.options&&(!this.options.disabled&&th

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.16	49713	52.48.171.10	443	6604	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-22 06:37:57 UTC	365	OUT	GET /favicon.ico HTTP/1.1 Host: secure.encryptedconnection.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-22 06:37:58 UTC	253	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 06:37:58 GMT Content-Type: image/vnd.microsoft.icon Content-Length: 0 Connection: close Last-Modified: Thu, 21 Nov 2024 22:07:29 GMT Strict-Transport-Security: max-age=63113904; includeSubDomains; preload

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.16	49714	20.109.210.53	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 06:38:34 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=k+1D+NM9AYctW85&MD=GtoPbtS1 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-22 06:38:34 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: 19e6aac1-7f1e-4261-bbec-2ab800a88418 MS-RequestId: 8d6d8576-473d-4a28-b63a-5f26579d59ce MS-CV: SAtgPLDGp0SN2e9P.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 22 Nov 2024 06:38:33 GMT Connection: close Content-Length: 30005
2024-11-22 06:38:34 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-11-22 06:38:34 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Target ID:	0
Start time:	01:37:39
Start date:	22/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	1
Start time:	01:37:40
Start date:	22/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=2036,i,16374000043300381340,16768935406528561873,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	01:37:41
Start date:	22/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://scam-report.malwarebouncer.com/XT2VkOUF6UWhJRkJORWRibzhzMytNYjdrNS9teUZ4OEhhK3BwL2pVdGJ6b3JVOHpQdlFFU1pVSDVwZC9ObHAzN2ptMTRIald2TXl0dXh0VEFrYzlWbTU4eU9qdTAycjN0VVRRalNHOVJzSkIzcm9hTDFRYnhOU2xkSVYrV2RLRjJ2dk9ITUdnRldMR2hKYzJsb0NuQWJTNG1rSjFaeEpyVDBsS1pYcWpsVTh5bThKUENydWxvcjdmbWR1ZkdvbjRzaElWWUFEMXN4R3ZKcXZaa3NzWnZ2N3ZBS3VjUUcwdz0tLXBNenBsNlZQeDgzanJXMEUtLXRsSDVDalFBbzhFdVNOMnltY2sxcUE9PQ==?cid=294625424"
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 62

Chrome Cache Entry: 63

Chrome Cache Entry: 64

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 5528, Parent PID: 4216