Edit tour

Windows Analysis Report
https://www.asda.com@hnvs.xyz/asda-christmas-prizes

Overview

General Information

Sample URL:	https://www.asda.com@hnvs.xyz/asda-christmas-prizes
Analysis ID:	1577916
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

AI detected suspicious URL

Performs DNS queries to domains with low reputation

Stores files to the Windows start menu directory

URL contains potential PII (phishing indication)

Classification

Process Tree

System is w10x64

chrome.exe (PID: 4148 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3664 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1972,i,5852589805163091655,14694738719058850363,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1988 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.asda.com@hnvs.xyz/asda-christmas-prizes" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://tescko.pages.dev/

Avira URL Cloud: Label: malware

Phishing

AI detected suspicious URL

Source: Email

Joe Sandbox AI: AI detected Brand spoofing attempt in URL: https://www.asda.com@hnvs.xyz

Source: https://www.asda.com@hnvs.xyz/asda-christmas-prizes

Sample URL: PII: www.asda.com@hnvs.xyz

Networking

Performs DNS queries to domains with low reputation

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: hnvs.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: hnvs.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: reln.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: reln.xyz

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /asda-christmas-prizes HTTP/1.1Host: hnvs.xyzConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /asda-christmas-prizes/ HTTP/1.1Host: hnvs.xyzConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /3C20VLV HTTP/1.1Host: bit.lyConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hnvs.xyz/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ic.png?ASDA HTTP/1.1Host: od-img.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hnvs.xyz/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ZXLlDMU.jpeg HTTP/1.1Host: i.imgur.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hnvs.xyz/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ic.png?ASDA HTTP/1.1Host: od-img.pages.devConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /asdachristmas/ HTTP/1.1Host: reln.xyzConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://hnvs.xyz/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /asdachristmas/css/app1.css?id=2fbe2d9a9a40ca9b2489 HTTP/1.1Host: reln.xyzConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://reln.xyz/asdachristmas/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ZXLlDMU.jpeg HTTP/1.1Host: i.imgur.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: hnvs.xyz
Source: global traffic	DNS traffic detected: DNS query: bit.ly
Source: global traffic	DNS traffic detected: DNS query: od-img.pages.dev
Source: global traffic	DNS traffic detected: DNS query: i.imgur.com
Source: global traffic	DNS traffic detected: DNS query: reln.xyz
Source: global traffic	DNS traffic detected: DNS query: tescko.pages.dev
Source: global traffic	DNS traffic detected: DNS query: google.com

Source: chromecache_66.2.dr	String found in binary or memory: https://asda.com
Source: chromecache_66.2.dr	String found in binary or memory: https://bit.ly/3C20VLV
Source: chromecache_64.2.dr	String found in binary or memory: https://fonts.googleapis.com/css2?family=Poppins:wght
Source: chromecache_64.2.dr	String found in binary or memory: https://i.imgur.com/0a9qrg1.png
Source: chromecache_64.2.dr	String found in binary or memory: https://i.imgur.com/0efeNk2.jpeg
Source: chromecache_64.2.dr	String found in binary or memory: https://i.imgur.com/7e9Zo12.jpeg
Source: chromecache_64.2.dr	String found in binary or memory: https://i.imgur.com/SilWoEH.png
Source: chromecache_64.2.dr	String found in binary or memory: https://i.imgur.com/Ty4H8hn.png
Source: chromecache_64.2.dr	String found in binary or memory: https://i.imgur.com/XtXhTi5.png
Source: chromecache_66.2.dr	String found in binary or memory: https://i.imgur.com/ZXLlDMU.jpeg
Source: chromecache_64.2.dr	String found in binary or memory: https://i.imgur.com/cGJHhVv.png
Source: chromecache_64.2.dr	String found in binary or memory: https://i.imgur.com/f3064OZ.png
Source: chromecache_64.2.dr	String found in binary or memory: https://i.imgur.com/jxuLQ1C.png
Source: chromecache_64.2.dr	String found in binary or memory: https://i.imgur.com/o0mPH2v.png
Source: chromecache_64.2.dr	String found in binary or memory: https://i.imgur.com/qJq55WO.png
Source: chromecache_64.2.dr	String found in binary or memory: https://i.imgur.com/qTRa9kR.png
Source: chromecache_64.2.dr	String found in binary or memory: https://i.imgur.com/x32QWDp.gif
Source: chromecache_64.2.dr	String found in binary or memory: https://img1.wsimg.com/traffic-assets/js/tccl.min.js
Source: chromecache_66.2.dr	String found in binary or memory: https://reln.xyz/asdachristmas/
Source: chromecache_64.2.dr	String found in binary or memory: https://tescko.pages.dev/
Source: chromecache_64.2.dr	String found in binary or memory: https://www.blogger.com/profile/07475555264621047576

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747

Source: classification engine

Classification label: mal56.troj.win@24/18@42/10

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1972,i,5852589805163091655,14694738719058850363,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.asda.com@hnvs.xyz/asda-christmas-prizes"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1972,i,5852589805163091655,14694738719058850363,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://www.asda.com@hnvs.xyz/asda-christmas-prizes	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://reln.xyz/asdachristmas/css/app1.css?id=2fbe2d9a9a40ca9b2489	0%	Avira URL Cloud	safe
https://reln.xyz/asdachristmas/	0%	Avira URL Cloud	safe
https://tescko.pages.dev/	100%	Avira URL Cloud	malware
https://hnvs.xyz/asda-christmas-prizes	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
hnvs.xyz	198.12.239.74	true	true	unknown
google.com	142.250.181.110	true	false	high
bit.ly	67.199.248.11	true	false	high
www.google.com	142.250.181.132	true	false	high
od-img.pages.dev	172.66.47.201	true	false	high
reln.xyz	198.12.239.74	true	true	unknown
ipv4.imgur.map.fastly.net	199.232.196.193	true	false	high
i.imgur.com	unknown	unknown	false	high
tescko.pages.dev	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://bit.ly/3C20VLV	false		high
https://reln.xyz/asdachristmas/css/app1.css?id=2fbe2d9a9a40ca9b2489	false	Avira URL Cloud: safe	unknown
https://hnvs.xyz/asda-christmas-prizes/	false		unknown
https://od-img.pages.dev/ic.png?ASDA	false		high
https://reln.xyz/asdachristmas/	false	Avira URL Cloud: safe	unknown
https://i.imgur.com/ZXLlDMU.jpeg	false		high
https://hnvs.xyz/asda-christmas-prizes	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://i.imgur.com/cGJHhVv.png	chromecache_64.2.dr	false		high
https://i.imgur.com/qJq55WO.png	chromecache_64.2.dr	false		high
https://i.imgur.com/0efeNk2.jpeg	chromecache_64.2.dr	false		high
https://i.imgur.com/7e9Zo12.jpeg	chromecache_64.2.dr	false		high
https://www.blogger.com/profile/07475555264621047576	chromecache_64.2.dr	false		high
https://asda.com	chromecache_66.2.dr	false		high
https://i.imgur.com/0a9qrg1.png	chromecache_64.2.dr	false		high
https://i.imgur.com/f3064OZ.png	chromecache_64.2.dr	false		high
https://i.imgur.com/jxuLQ1C.png	chromecache_64.2.dr	false		high
https://i.imgur.com/x32QWDp.gif	chromecache_64.2.dr	false		high
https://i.imgur.com/SilWoEH.png	chromecache_64.2.dr	false		high
https://i.imgur.com/Ty4H8hn.png	chromecache_64.2.dr	false		high
https://tescko.pages.dev/	chromecache_64.2.dr	false	Avira URL Cloud: malware	unknown
https://i.imgur.com/o0mPH2v.png	chromecache_64.2.dr	false		high
https://i.imgur.com/XtXhTi5.png	chromecache_64.2.dr	false		high
https://img1.wsimg.com/traffic-assets/js/tccl.min.js	chromecache_64.2.dr	false		high
https://i.imgur.com/qTRa9kR.png	chromecache_64.2.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
199.232.192.193	unknown	United States	54113	FASTLYUS	false
172.66.44.55	unknown	United States	13335	CLOUDFLARENETUS	false
198.12.239.74	hnvs.xyz	United States	26496	AS-26496-GO-DADDY-COM-LLCUS	true
199.232.196.193	ipv4.imgur.map.fastly.net	United States	54113	FASTLYUS	false
142.250.181.132	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.66.47.201	od-img.pages.dev	United States	13335	CLOUDFLARENETUS	false
67.199.248.11	bit.ly	United States	396982	GOOGLE-PRIVATE-CLOUDUS	false

Private

IP
192.168.2.5
192.168.2.23

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1577916
Start date and time:	2024-12-18 21:15:43 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 12s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://www.asda.com@hnvs.xyz/asda-christmas-prizes
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.troj.win@24/18@42/10
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 216.58.208.227, 172.217.19.206, 64.233.164.84, 172.217.17.46, 199.232.210.172, 192.229.221.95, 172.217.17.42, 172.217.17.35, 2.22.157.166, 13.107.246.63, 52.149.20.212
Excluded domains from analysis (whitelisted): fonts.googleapis.com, fs.microsoft.com, accounts.google.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://www.asda.com@hnvs.xyz/asda-christmas-prizes

Simulations

Behavior and APIs

⊘No simulations

Input	Output
URL: https://www.asda.com@hnvs.xyz Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": true, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": true, "contains_email_address": false, "known_domain": true, "brand_spoofing_attempt": true, "third_party_hosting": true }
URL: https://www.asda.com@hnvs.xyz
URL: https://reln.xyz/asdachristmas/... Model: Joe Sandbox AI	{ "risk_score": 5, "reasoning": "The script checks the user agent string to detect if the user is accessing the page from a mobile device. If the user is not on a mobile device, it redirects them to the 'https://tescko.pages.dev/' website. This behavior is not inherently malicious, but the redirection to an external domain without user consent is a moderate-risk indicator." }
if (/Android\|webOS\|iPhone\|iPad\|iPod\|BlackBerry\|IEMobile\|Opera Mini/i.test(navigator.userAgent)) { } else { window.location.href = "https://tescko.pages.dev/"; }

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Dec 18 19:16:46 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9800704147415575
Encrypted:	false
SSDEEP:	48:8jdpTxBrEHqidAKZdA19ehwiZUklqehBy+3:8f7Buy
MD5:	D55B09A58725A89A680BA9E7CE6E8D94
SHA1:	111753CF6C91089B326A670EF64AB6D2775B0ADD
SHA-256:	47C06CE79ABA5684BE0DD599D396D026B70A1BEAA33BCB01ECEBD5BC795D8EEA
SHA-512:	9ADB5DCD74CD02368E467302CF46D899D439511C677DE144C9ECB72AB9C9E43CEE7E5DBAD561C4E9E4D2530F72CF1F8462EA3B30D1C1F44A516D9E7A49CB099E
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....jn5.Q..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........v. ......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Dec 18 19:16:46 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9993309821940253
Encrypted:	false
SSDEEP:	48:8odpTxBrEHqidAKZdA1weh/iZUkAQkqehey+2:8m7z9QHy
MD5:	46022AD1E40E4BFFC4CFC10E20F453E3
SHA1:	4F161C8EA7B52B553E42FF4CCEFA4153B7FD6F75
SHA-256:	EF3F278FFFE5610C4B0A7343AB93C7DB9629AE427919EF7363CB5D69BA8BB423
SHA-512:	B385CC728CA2DF537693385370337BF6A18829E632AB89D56DEA75709053ECB212BE2879CB7870C668B2B9B7A5C69DB12ABA03015430648CD9E46443B77B6A77
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....w.$.Q..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........v. ......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.005979183220273
Encrypted:	false
SSDEEP:	48:8xidpTxBsHqidAKZdA14tseh7sFiZUkmgqeh7sEy+BX:8xI7nnCy
MD5:	C201AB2A1DE3A8D6AD0D7EACC5716864
SHA1:	497C5BD5AC1165BEE96EAB607BA76DE9DA779FD0
SHA-256:	9EC3A2DC2864042E877629E6C3CC3F4945BAA7E1CA23391BBDAA330EED549AD2
SHA-512:	19A32F0782CC0C8B90964E53FCD88A424BCAA079598DAC1332544096CC71E002BFFCAF660B58C1CF92BF856A9F53288CF76FAE94E1B428556100C5CAA7485333
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........v. ......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Dec 18 19:16:46 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9982564202155775
Encrypted:	false
SSDEEP:	48:8JdpTxBrEHqidAKZdA1vehDiZUkwqeh6y+R:8t7wcy
MD5:	D37B7386556D11411D5706858EE3C25A
SHA1:	CE82B0C6996770BFECD7B6D2F6A476F6C93068D2
SHA-256:	BBB156CF1B0A56B53A75942C559A7CD8B687165E8842F62220A633454775EA4D
SHA-512:	FA5A4994CC6B2F55F6FE91D02536A084CC3851CB36795495D1A3D5ADAB696BBEC9844F2A7DA8A65A62D0DC7B69B1CE7D5BFD7FAF74D32AC5A7B8B5333B623B0B
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,........Q..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........v. ......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Dec 18 19:16:46 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9869719390865623
Encrypted:	false
SSDEEP:	48:8xdpTxBrEHqidAKZdA1hehBiZUk1W1qehYy+C:817w94y
MD5:	D14B778B51F3E2909E301755617FBD8E
SHA1:	3990686081481672D949E23F0DB19DF25A2D6897
SHA-256:	8898B8790B556D9C00F4072B2C58F4BCE8CB60D0F81DCC5B46BFC549199F58B5
SHA-512:	C807E858E35F3ADA2FB36585FB28E741B43569381B5AF391209DD522640A4C6FAA31504EB33240AA976193551561E70CEC4F36A332B43A75753446E459BB1339
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......+.Q..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........v. ......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Dec 18 19:16:46 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.9960642720975867
Encrypted:	false
SSDEEP:	48:8ndpTxBrEHqidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbCy+yT+:8r7+T/TbxWOvTbCy7T
MD5:	92BDB6C8DFE3584A42965D955CC387ED
SHA1:	0C2D424F3589CC2E8D4BAB9834B15FF8A8261B8E
SHA-256:	A464D00895A3B4CE6AFF1CE23AE7CFFD4D2563B7EADD55A08FDC0F9BE4C8E35C
SHA-512:	64C0CDC53FA9C5449121F6197147DB4852DB54F71EEFBD3F6BFEAC96D4F747D6D1D4C16454AB4DE044208A5FED65A36EF6170B9DB6326F2309C622968D79E4E6
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,........Q..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........v. ......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 61

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 2, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	73
Entropy (8bit):	4.522037697473431
Encrypted:	false
SSDEEP:	3:yionv//thPlE9tn/pGIxtqQAuVt1p:6v/lhPcwIVVfp
MD5:	3174AC632667F3C26DAE3AF447893B82
SHA1:	28B175A656447C4C663090A30247C8213F0CC97C
SHA-256:	1F67E1B33E44F077ECE60FA2A0918050D19BA61CA75B999B52ECD059383D8B94
SHA-512:	7D7391102CB89251D634D977C16A4CFD0A35E7BBDB80B6214C77DDAA7A0CB804EB5E17BED16B494CBA0A9D9A65904A5E70A979308F565CBADE3E7F986F392583
Malicious:	false
Reputation:	low
URL:	https://od-img.pages.dev/ic.png?ASDA
Preview:	.PNG........IHDR...............!p....IDAT..c...?............O....IEND.B`.

Chrome Cache Entry: 62

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	33
Entropy (8bit):	4.369707376737534
Encrypted:	false
SSDEEP:	3:IO4Dv+:IO0+
MD5:	C588C17324F2BE0E0EC90A18F39E7D7C
SHA1:	69D360EDDD15F527AAC7F7E610346517732B7770
SHA-256:	B83E8830B6B2F1253A78F90191CF1087E8FD7638831FD4C1376A7A6029297240
SHA-512:	A31B191830ED5216CCA982E5483AE0E39466D27B097601623A199E7A111126679E9349E1A540DD1FDBC14E7BF13581B02BCDDA0FB67C3FBC8AACAB2A46F01DA5
Malicious:	false
Reputation:	low
URL:	https://reln.xyz/asdachristmas/css/app1.css?id=2fbe2d9a9a40ca9b2489
Preview:	[v-cloak]{display:none!important}

Chrome Cache Entry: 63

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 750x500, components 3
Category:	downloaded
Size (bytes):	25814
Entropy (8bit):	7.60362822120246
Encrypted:	false
SSDEEP:	384:D7PltC66wZS079/xnMEy4ZkYJisOTPJed8E0DuC4cfPQ8i+oj4z5wkYJ:XPrC63D7TnMEyWhODYd/D4uJkYJ
MD5:	F4EFA9260E7C528B8196B9F5CF9D8976
SHA1:	E0CA9D3FEC242CF7CFADD2D05D2182E0A9B1434D
SHA-256:	03A6F7387B1DEF3E0DF10FC187B9774E4B52532837767D664C583F824D9410A4
SHA-512:	FE47515B9ADB4F2E48CAE9DC263198322DEEE552F681E6D14855A5575AA6FCC6ED5E7F0E70DDF11EEF951E50B78AC05034D658B96DBA26F5F6A4608A03B75B63
Malicious:	false
Reputation:	low
URL:	https://i.imgur.com/ZXLlDMU.jpeg
Preview:	.....C....................................................................C............................................................................"..........................................a...........................!1..AQ."aq...2...#BRW........V...$&368Cbtu...%ST.47FGUXcds...'5Der...................................@.........................!1A..Qq...."2a....RS..BC...#346.br...............?..0......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Chrome Cache Entry: 64

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (461)
Category:	downloaded
Size (bytes):	9110
Entropy (8bit):	5.275414220552559
Encrypted:	false
SSDEEP:	192:lEGBlCLC4oCzAs+sbdyx1WCctFKiWlR4V9Nag4e7C8:bBYLushJGWC0j9Nag4O
MD5:	F2528A5BBEF0EAE9E1DE9F14A32751D7
SHA1:	EF390F71D8B87F019530EE821A4FC428AF99C468
SHA-256:	D1304FB3332F56BA9A7EE4303714345523CA06C10FC39B8D8C258F5A61E49C62
SHA-512:	0FE0AE148C34078CD5ABC5CF7C27BF1DA0ADE54CC23E327816580C6683EB1FCCD71501D9344E01CAD41BDDC7F844B8D1FBB6933C80BCB34623D42A0BA4E0C979
Malicious:	false
Reputation:	low
URL:	https://reln.xyz/asdachristmas/
Preview:	..<!doctype html>.<html lang="en" dir="ltr">.<head>... <script>. if (/Android\|webOS\|iPhone\|iPad\|iPod\|BlackBerry\|IEMobile\|Opera Mini/i.test(navigator.userAgent)) {. } else {. window.location.href = "https://tescko.pages.dev/";. }. </script>..<title>ASA 1 2024</title>.<meta charset="utf-8">.<meta http-equiv="X-UA-Compatible" content="IE=edge">.<meta name="viewport" content="width=device-width, initial-scale=1">.<meta name="lander" content="survey-pick-a-box">.<meta name="description" content="survey-pick-a-box">.<link rel="shortcut icon" href="data:image/x-icon" type="image/x-icon">.<link href="css/app1.css?id=2fbe2d9a9a40ca9b2489" type="text/css" rel="stylesheet" />.<link href="css/app.css?id=cfc27b22c2dc71691640" type="text/css" rel="stylesheet" />.<meta name="robots" content="noindex,nofollow">.<link rel="me" href="https://www.blogger.com/profile/07475555264621047576" />.<meta name='google-adsense-platform-account' content=

Chrome Cache Entry: 65

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 2, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	73
Entropy (8bit):	4.522037697473431
Encrypted:	false
SSDEEP:	3:yionv//thPlE9tn/pGIxtqQAuVt1p:6v/lhPcwIVVfp
MD5:	3174AC632667F3C26DAE3AF447893B82
SHA1:	28B175A656447C4C663090A30247C8213F0CC97C
SHA-256:	1F67E1B33E44F077ECE60FA2A0918050D19BA61CA75B999B52ECD059383D8B94
SHA-512:	7D7391102CB89251D634D977C16A4CFD0A35E7BBDB80B6214C77DDAA7A0CB804EB5E17BED16B494CBA0A9D9A65904A5E70A979308F565CBADE3E7F986F392583
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...............!p....IDAT..c...?............O....IEND.B`.

Chrome Cache Entry: 66

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text
Category:	downloaded
Size (bytes):	915
Entropy (8bit):	5.247756485805853
Encrypted:	false
SSDEEP:	24:Uof0FS9UA5M7em3KdV6Am37emUWAemJemvxAmmMxm+TD:ZgGP5MLKdVyoW+Zxm+TD
MD5:	709C4F7FE7452D724A28DFD9F1352AAF
SHA1:	097C6E2717EFADAF2092432F68AB773C958B2A24
SHA-256:	1FA0A450C3028BF910D92A8A74E61F84CC9059DE3E197F5DC58AA237E0E9FF35
SHA-512:	9511B5FF8A1755A962121B3A438EBDB864989D75C1D326C1B08BB7B7324E3E3E9DE8377B4191D04B4CD1F6827E75FEF18FC04A0D6F660E5C6E3DA20EBD22BA67
Malicious:	false
Reputation:	low
URL:	https://hnvs.xyz/asda-christmas-prizes/
Preview:	..<html><head> .<title>ASDK Tran 1</title>. <head><meta property="og:title" content="ASDA - ..CHRISTMAS GIVEAWAY.." />..<meta property="og:type" content="website" /> ..<meta property="og:url" content="https://asda.com" />..<meta property="og:image" content="https://i.imgur.com/ZXLlDMU.jpeg" />..<meta property="og:description" content="Free Gift Cards For Everyone.. HURRY UP! LIMITED OFFER" />..<link rel="image_src" href="https://i.imgur.com/ZXLlDMU.jpeg" />..<meta property="og:image" content="https://i.imgur.com/ZXLlDMU.jpeg" />..<meta name="twitter:image:src" content="https://i.imgur.com/ZXLlDMU.jpeg">..<meta name="twitter:image" content="https://i.imgur.com/ZXLlDMU.jpeg">..<link rel="icon" href="https://i.imgur.com/ZXLlDMU.jpeg"> .<meta http-equiv="refresh" content="0.2; url=https://reln.xyz/asdachristmas/">. <center><img src="https://bit.ly/3C20VLV" alt="Tran"></center>....</head><body>...

Chrome Cache Entry: 67

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 750x500, components 3
Category:	dropped
Size (bytes):	25814
Entropy (8bit):	7.60362822120246
Encrypted:	false
SSDEEP:	384:D7PltC66wZS079/xnMEy4ZkYJisOTPJed8E0DuC4cfPQ8i+oj4z5wkYJ:XPrC63D7TnMEyWhODYd/D4uJkYJ
MD5:	F4EFA9260E7C528B8196B9F5CF9D8976
SHA1:	E0CA9D3FEC242CF7CFADD2D05D2182E0A9B1434D
SHA-256:	03A6F7387B1DEF3E0DF10FC187B9774E4B52532837767D664C583F824D9410A4
SHA-512:	FE47515B9ADB4F2E48CAE9DC263198322DEEE552F681E6D14855A5575AA6FCC6ED5E7F0E70DDF11EEF951E50B78AC05034D658B96DBA26F5F6A4608A03B75B63
Malicious:	false
Reputation:	low
Preview:	.....C....................................................................C............................................................................"..........................................a...........................!1..AQ."aq...2...#BRW........V...$&368Cbtu...%ST.47FGUXcds...'5Der...................................@.........................!1A..Qq...."2a....RS..BC...#346.br...............?..0......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 18, 2024 21:16:38.645828009 CET	49674	443	192.168.2.5	23.1.237.91
Dec 18, 2024 21:16:38.648907900 CET	49675	443	192.168.2.5	23.1.237.91
Dec 18, 2024 21:16:38.739613056 CET	49673	443	192.168.2.5	23.1.237.91
Dec 18, 2024 21:16:48.250214100 CET	49675	443	192.168.2.5	23.1.237.91
Dec 18, 2024 21:16:48.250791073 CET	49674	443	192.168.2.5	23.1.237.91
Dec 18, 2024 21:16:48.344044924 CET	49673	443	192.168.2.5	23.1.237.91
Dec 18, 2024 21:16:48.470803022 CET	49712	443	192.168.2.5	142.250.181.132
Dec 18, 2024 21:16:48.470868111 CET	443	49712	142.250.181.132	192.168.2.5
Dec 18, 2024 21:16:48.470953941 CET	49712	443	192.168.2.5	142.250.181.132
Dec 18, 2024 21:16:48.471338034 CET	49712	443	192.168.2.5	142.250.181.132
Dec 18, 2024 21:16:48.471359968 CET	443	49712	142.250.181.132	192.168.2.5
Dec 18, 2024 21:16:50.167093992 CET	443	49712	142.250.181.132	192.168.2.5
Dec 18, 2024 21:16:50.167426109 CET	49712	443	192.168.2.5	142.250.181.132
Dec 18, 2024 21:16:50.167460918 CET	443	49712	142.250.181.132	192.168.2.5
Dec 18, 2024 21:16:50.168544054 CET	443	49712	142.250.181.132	192.168.2.5
Dec 18, 2024 21:16:50.168628931 CET	49712	443	192.168.2.5	142.250.181.132
Dec 18, 2024 21:16:50.170130014 CET	49712	443	192.168.2.5	142.250.181.132
Dec 18, 2024 21:16:50.170207024 CET	443	49712	142.250.181.132	192.168.2.5
Dec 18, 2024 21:16:50.218527079 CET	49712	443	192.168.2.5	142.250.181.132
Dec 18, 2024 21:16:50.218564987 CET	443	49712	142.250.181.132	192.168.2.5
Dec 18, 2024 21:16:50.265232086 CET	49712	443	192.168.2.5	142.250.181.132
Dec 18, 2024 21:16:50.680728912 CET	49713	443	192.168.2.5	198.12.239.74
Dec 18, 2024 21:16:50.680769920 CET	443	49713	198.12.239.74	192.168.2.5
Dec 18, 2024 21:16:50.681009054 CET	49713	443	192.168.2.5	198.12.239.74
Dec 18, 2024 21:16:50.681252956 CET	49714	443	192.168.2.5	198.12.239.74
Dec 18, 2024 21:16:50.681303978 CET	443	49714	198.12.239.74	192.168.2.5
Dec 18, 2024 21:16:50.681436062 CET	49714	443	192.168.2.5	198.12.239.74
Dec 18, 2024 21:16:50.681477070 CET	49713	443	192.168.2.5	198.12.239.74
Dec 18, 2024 21:16:50.681490898 CET	443	49713	198.12.239.74	192.168.2.5
Dec 18, 2024 21:16:50.681729078 CET	49714	443	192.168.2.5	198.12.239.74
Dec 18, 2024 21:16:50.681742907 CET	443	49714	198.12.239.74	192.168.2.5
Dec 18, 2024 21:16:50.746206999 CET	443	49703	23.1.237.91	192.168.2.5
Dec 18, 2024 21:16:50.746304035 CET	49703	443	192.168.2.5	23.1.237.91
Dec 18, 2024 21:16:52.388164997 CET	443	49714	198.12.239.74	192.168.2.5
Dec 18, 2024 21:16:52.388557911 CET	49714	443	192.168.2.5	198.12.239.74
Dec 18, 2024 21:16:52.388588905 CET	443	49714	198.12.239.74	192.168.2.5
Dec 18, 2024 21:16:52.389714956 CET	443	49714	198.12.239.74	192.168.2.5
Dec 18, 2024 21:16:52.389792919 CET	49714	443	192.168.2.5	198.12.239.74
Dec 18, 2024 21:16:52.392535925 CET	443	49713	198.12.239.74	192.168.2.5
Dec 18, 2024 21:16:52.414191008 CET	49713	443	192.168.2.5	198.12.239.74
Dec 18, 2024 21:16:52.414205074 CET	443	49713	198.12.239.74	192.168.2.5
Dec 18, 2024 21:16:52.418170929 CET	443	49713	198.12.239.74	192.168.2.5
Dec 18, 2024 21:16:52.418363094 CET	49713	443	192.168.2.5	198.12.239.74
Dec 18, 2024 21:16:52.475682020 CET	49714	443	192.168.2.5	198.12.239.74
Dec 18, 2024 21:16:52.475882053 CET	443	49714	198.12.239.74	192.168.2.5
Dec 18, 2024 21:16:52.477880955 CET	49713	443	192.168.2.5	198.12.239.74
Dec 18, 2024 21:16:52.478094101 CET	443	49713	198.12.239.74	192.168.2.5
Dec 18, 2024 21:16:52.478282928 CET	49714	443	192.168.2.5	198.12.239.74
Dec 18, 2024 21:16:52.478308916 CET	443	49714	198.12.239.74	192.168.2.5
Dec 18, 2024 21:16:52.518394947 CET	49714	443	192.168.2.5	198.12.239.74
Dec 18, 2024 21:16:52.518409967 CET	49713	443	192.168.2.5	198.12.239.74
Dec 18, 2024 21:16:52.518424988 CET	443	49713	198.12.239.74	192.168.2.5
Dec 18, 2024 21:16:52.564215899 CET	49713	443	192.168.2.5	198.12.239.74
Dec 18, 2024 21:16:52.860372066 CET	443	49714	198.12.239.74	192.168.2.5
Dec 18, 2024 21:16:52.860475063 CET	443	49714	198.12.239.74	192.168.2.5
Dec 18, 2024 21:16:52.860626936 CET	49714	443	192.168.2.5	198.12.239.74
Dec 18, 2024 21:16:52.861151934 CET	49714	443	192.168.2.5	198.12.239.74
Dec 18, 2024 21:16:52.861172915 CET	443	49714	198.12.239.74	192.168.2.5
Dec 18, 2024 21:16:52.864697933 CET	49713	443	192.168.2.5	198.12.239.74
Dec 18, 2024 21:16:52.911324024 CET	443	49713	198.12.239.74	192.168.2.5
Dec 18, 2024 21:16:53.246043921 CET	443	49713	198.12.239.74	192.168.2.5
Dec 18, 2024 21:16:53.254453897 CET	443	49713	198.12.239.74	192.168.2.5
Dec 18, 2024 21:16:53.254574060 CET	49713	443	192.168.2.5	198.12.239.74
Dec 18, 2024 21:16:53.262319088 CET	49713	443	192.168.2.5	198.12.239.74
Dec 18, 2024 21:16:53.262335062 CET	443	49713	198.12.239.74	192.168.2.5
Dec 18, 2024 21:16:53.410238981 CET	49718	443	192.168.2.5	67.199.248.11
Dec 18, 2024 21:16:53.410293102 CET	443	49718	67.199.248.11	192.168.2.5
Dec 18, 2024 21:16:53.410388947 CET	49718	443	192.168.2.5	67.199.248.11
Dec 18, 2024 21:16:53.410645008 CET	49718	443	192.168.2.5	67.199.248.11
Dec 18, 2024 21:16:53.410659075 CET	443	49718	67.199.248.11	192.168.2.5
Dec 18, 2024 21:16:54.627019882 CET	443	49718	67.199.248.11	192.168.2.5
Dec 18, 2024 21:16:54.627334118 CET	49718	443	192.168.2.5	67.199.248.11
Dec 18, 2024 21:16:54.627356052 CET	443	49718	67.199.248.11	192.168.2.5
Dec 18, 2024 21:16:54.628456116 CET	443	49718	67.199.248.11	192.168.2.5
Dec 18, 2024 21:16:54.628529072 CET	49718	443	192.168.2.5	67.199.248.11
Dec 18, 2024 21:16:54.629601955 CET	49718	443	192.168.2.5	67.199.248.11
Dec 18, 2024 21:16:54.629673958 CET	443	49718	67.199.248.11	192.168.2.5
Dec 18, 2024 21:16:54.629817963 CET	49718	443	192.168.2.5	67.199.248.11
Dec 18, 2024 21:16:54.629827976 CET	443	49718	67.199.248.11	192.168.2.5
Dec 18, 2024 21:16:54.672374964 CET	49718	443	192.168.2.5	67.199.248.11
Dec 18, 2024 21:16:55.076570034 CET	443	49718	67.199.248.11	192.168.2.5
Dec 18, 2024 21:16:55.076654911 CET	443	49718	67.199.248.11	192.168.2.5
Dec 18, 2024 21:16:55.076795101 CET	49718	443	192.168.2.5	67.199.248.11
Dec 18, 2024 21:16:55.119333982 CET	49718	443	192.168.2.5	67.199.248.11
Dec 18, 2024 21:16:55.119364977 CET	443	49718	67.199.248.11	192.168.2.5
Dec 18, 2024 21:16:55.270654917 CET	49719	443	192.168.2.5	172.66.47.201
Dec 18, 2024 21:16:55.270705938 CET	443	49719	172.66.47.201	192.168.2.5
Dec 18, 2024 21:16:55.271115065 CET	49719	443	192.168.2.5	172.66.47.201
Dec 18, 2024 21:16:55.271115065 CET	49719	443	192.168.2.5	172.66.47.201
Dec 18, 2024 21:16:55.271157980 CET	443	49719	172.66.47.201	192.168.2.5
Dec 18, 2024 21:16:56.495980978 CET	443	49719	172.66.47.201	192.168.2.5
Dec 18, 2024 21:16:56.496387005 CET	49719	443	192.168.2.5	172.66.47.201
Dec 18, 2024 21:16:56.496407986 CET	443	49719	172.66.47.201	192.168.2.5
Dec 18, 2024 21:16:56.497478008 CET	443	49719	172.66.47.201	192.168.2.5
Dec 18, 2024 21:16:56.497565985 CET	49719	443	192.168.2.5	172.66.47.201
Dec 18, 2024 21:16:56.498752117 CET	49719	443	192.168.2.5	172.66.47.201
Dec 18, 2024 21:16:56.498792887 CET	49719	443	192.168.2.5	172.66.47.201
Dec 18, 2024 21:16:56.498825073 CET	443	49719	172.66.47.201	192.168.2.5
Dec 18, 2024 21:16:56.498855114 CET	49719	443	192.168.2.5	172.66.47.201
Dec 18, 2024 21:16:56.498930931 CET	49719	443	192.168.2.5	172.66.47.201
Dec 18, 2024 21:16:56.499306917 CET	49725	443	192.168.2.5	172.66.47.201
Dec 18, 2024 21:16:56.499355078 CET	443	49725	172.66.47.201	192.168.2.5
Dec 18, 2024 21:16:56.499460936 CET	49725	443	192.168.2.5	172.66.47.201
Dec 18, 2024 21:16:56.499696016 CET	49725	443	192.168.2.5	172.66.47.201
Dec 18, 2024 21:16:56.499711990 CET	443	49725	172.66.47.201	192.168.2.5
Dec 18, 2024 21:16:57.754654884 CET	443	49725	172.66.47.201	192.168.2.5
Dec 18, 2024 21:16:57.754933119 CET	49725	443	192.168.2.5	172.66.47.201
Dec 18, 2024 21:16:57.754964113 CET	443	49725	172.66.47.201	192.168.2.5
Dec 18, 2024 21:16:57.756074905 CET	443	49725	172.66.47.201	192.168.2.5
Dec 18, 2024 21:16:57.756143093 CET	49725	443	192.168.2.5	172.66.47.201
Dec 18, 2024 21:16:57.757364988 CET	49725	443	192.168.2.5	172.66.47.201
Dec 18, 2024 21:16:57.757440090 CET	443	49725	172.66.47.201	192.168.2.5
Dec 18, 2024 21:16:57.757590055 CET	49725	443	192.168.2.5	172.66.47.201
Dec 18, 2024 21:16:57.757601976 CET	443	49725	172.66.47.201	192.168.2.5
Dec 18, 2024 21:16:57.798059940 CET	49725	443	192.168.2.5	172.66.47.201
Dec 18, 2024 21:16:58.219552994 CET	443	49725	172.66.47.201	192.168.2.5
Dec 18, 2024 21:16:58.219641924 CET	443	49725	172.66.47.201	192.168.2.5
Dec 18, 2024 21:16:58.219772100 CET	49725	443	192.168.2.5	172.66.47.201
Dec 18, 2024 21:16:58.221033096 CET	49725	443	192.168.2.5	172.66.47.201
Dec 18, 2024 21:16:58.221065044 CET	443	49725	172.66.47.201	192.168.2.5
Dec 18, 2024 21:16:58.369678020 CET	49732	443	192.168.2.5	199.232.196.193
Dec 18, 2024 21:16:58.369721889 CET	443	49732	199.232.196.193	192.168.2.5
Dec 18, 2024 21:16:58.369878054 CET	49732	443	192.168.2.5	199.232.196.193
Dec 18, 2024 21:16:58.370109081 CET	49732	443	192.168.2.5	199.232.196.193
Dec 18, 2024 21:16:58.370125055 CET	443	49732	199.232.196.193	192.168.2.5
Dec 18, 2024 21:16:58.371946096 CET	49733	443	192.168.2.5	172.66.44.55
Dec 18, 2024 21:16:58.371997118 CET	443	49733	172.66.44.55	192.168.2.5
Dec 18, 2024 21:16:58.372085094 CET	49733	443	192.168.2.5	172.66.44.55
Dec 18, 2024 21:16:58.372330904 CET	49733	443	192.168.2.5	172.66.44.55
Dec 18, 2024 21:16:58.372344017 CET	443	49733	172.66.44.55	192.168.2.5
Dec 18, 2024 21:16:58.933178902 CET	49734	443	192.168.2.5	198.12.239.74
Dec 18, 2024 21:16:58.933233023 CET	443	49734	198.12.239.74	192.168.2.5
Dec 18, 2024 21:16:58.933312893 CET	49734	443	192.168.2.5	198.12.239.74
Dec 18, 2024 21:16:58.933625937 CET	49735	443	192.168.2.5	198.12.239.74
Dec 18, 2024 21:16:58.933676004 CET	443	49735	198.12.239.74	192.168.2.5
Dec 18, 2024 21:16:58.933738947 CET	49735	443	192.168.2.5	198.12.239.74
Dec 18, 2024 21:16:58.934041977 CET	49735	443	192.168.2.5	198.12.239.74
Dec 18, 2024 21:16:58.934057951 CET	443	49735	198.12.239.74	192.168.2.5
Dec 18, 2024 21:16:58.934214115 CET	49734	443	192.168.2.5	198.12.239.74
Dec 18, 2024 21:16:58.934242964 CET	443	49734	198.12.239.74	192.168.2.5
Dec 18, 2024 21:16:59.582006931 CET	443	49733	172.66.44.55	192.168.2.5
Dec 18, 2024 21:16:59.606661081 CET	49733	443	192.168.2.5	172.66.44.55
Dec 18, 2024 21:16:59.606692076 CET	443	49733	172.66.44.55	192.168.2.5
Dec 18, 2024 21:16:59.608048916 CET	443	49733	172.66.44.55	192.168.2.5
Dec 18, 2024 21:16:59.608120918 CET	49733	443	192.168.2.5	172.66.44.55
Dec 18, 2024 21:16:59.609038115 CET	49733	443	192.168.2.5	172.66.44.55
Dec 18, 2024 21:16:59.609051943 CET	49733	443	192.168.2.5	172.66.44.55
Dec 18, 2024 21:16:59.609148026 CET	443	49733	172.66.44.55	192.168.2.5
Dec 18, 2024 21:16:59.609272003 CET	49733	443	192.168.2.5	172.66.44.55
Dec 18, 2024 21:16:59.609283924 CET	443	49733	172.66.44.55	192.168.2.5
Dec 18, 2024 21:16:59.609359980 CET	443	49733	172.66.44.55	192.168.2.5
Dec 18, 2024 21:16:59.609376907 CET	49733	443	192.168.2.5	172.66.44.55
Dec 18, 2024 21:16:59.609417915 CET	49733	443	192.168.2.5	172.66.44.55
Dec 18, 2024 21:16:59.613284111 CET	49738	443	192.168.2.5	172.66.44.55
Dec 18, 2024 21:16:59.613331079 CET	443	49738	172.66.44.55	192.168.2.5
Dec 18, 2024 21:16:59.613487005 CET	49738	443	192.168.2.5	172.66.44.55
Dec 18, 2024 21:16:59.613729000 CET	49738	443	192.168.2.5	172.66.44.55
Dec 18, 2024 21:16:59.613750935 CET	443	49738	172.66.44.55	192.168.2.5
Dec 18, 2024 21:16:59.873331070 CET	443	49712	142.250.181.132	192.168.2.5
Dec 18, 2024 21:16:59.873413086 CET	443	49712	142.250.181.132	192.168.2.5
Dec 18, 2024 21:16:59.873469114 CET	49712	443	192.168.2.5	142.250.181.132
Dec 18, 2024 21:16:59.897900105 CET	443	49732	199.232.196.193	192.168.2.5
Dec 18, 2024 21:16:59.898474932 CET	49732	443	192.168.2.5	199.232.196.193
Dec 18, 2024 21:16:59.898497105 CET	443	49732	199.232.196.193	192.168.2.5
Dec 18, 2024 21:16:59.899559021 CET	443	49732	199.232.196.193	192.168.2.5
Dec 18, 2024 21:16:59.899629116 CET	49732	443	192.168.2.5	199.232.196.193
Dec 18, 2024 21:16:59.902164936 CET	49732	443	192.168.2.5	199.232.196.193
Dec 18, 2024 21:16:59.902281046 CET	443	49732	199.232.196.193	192.168.2.5
Dec 18, 2024 21:16:59.902637005 CET	49732	443	192.168.2.5	199.232.196.193
Dec 18, 2024 21:16:59.902645111 CET	443	49732	199.232.196.193	192.168.2.5
Dec 18, 2024 21:16:59.954898119 CET	49732	443	192.168.2.5	199.232.196.193
Dec 18, 2024 21:17:00.217698097 CET	443	49732	199.232.196.193	192.168.2.5
Dec 18, 2024 21:17:00.217986107 CET	443	49732	199.232.196.193	192.168.2.5
Dec 18, 2024 21:17:00.218033075 CET	49732	443	192.168.2.5	199.232.196.193
Dec 18, 2024 21:17:00.218058109 CET	443	49732	199.232.196.193	192.168.2.5
Dec 18, 2024 21:17:00.226097107 CET	443	49732	199.232.196.193	192.168.2.5
Dec 18, 2024 21:17:00.226274967 CET	49732	443	192.168.2.5	199.232.196.193
Dec 18, 2024 21:17:00.226293087 CET	443	49732	199.232.196.193	192.168.2.5
Dec 18, 2024 21:17:00.234697104 CET	443	49732	199.232.196.193	192.168.2.5
Dec 18, 2024 21:17:00.234749079 CET	49732	443	192.168.2.5	199.232.196.193
Dec 18, 2024 21:17:00.234777927 CET	443	49732	199.232.196.193	192.168.2.5
Dec 18, 2024 21:17:00.242904902 CET	443	49732	199.232.196.193	192.168.2.5
Dec 18, 2024 21:17:00.242980957 CET	49732	443	192.168.2.5	199.232.196.193
Dec 18, 2024 21:17:00.242996931 CET	443	49732	199.232.196.193	192.168.2.5
Dec 18, 2024 21:17:00.259550095 CET	443	49732	199.232.196.193	192.168.2.5
Dec 18, 2024 21:17:00.259604931 CET	443	49732	199.232.196.193	192.168.2.5
Dec 18, 2024 21:17:00.259617090 CET	49732	443	192.168.2.5	199.232.196.193
Dec 18, 2024 21:17:00.259632111 CET	443	49732	199.232.196.193	192.168.2.5
Dec 18, 2024 21:17:00.259699106 CET	49732	443	192.168.2.5	199.232.196.193
Dec 18, 2024 21:17:00.268012047 CET	443	49732	199.232.196.193	192.168.2.5
Dec 18, 2024 21:17:00.315140009 CET	49732	443	192.168.2.5	199.232.196.193
Dec 18, 2024 21:17:00.338233948 CET	443	49732	199.232.196.193	192.168.2.5
Dec 18, 2024 21:17:00.391555071 CET	49732	443	192.168.2.5	199.232.196.193
Dec 18, 2024 21:17:00.410305977 CET	443	49732	199.232.196.193	192.168.2.5
Dec 18, 2024 21:17:00.421705008 CET	443	49732	199.232.196.193	192.168.2.5
Dec 18, 2024 21:17:00.421765089 CET	49732	443	192.168.2.5	199.232.196.193
Dec 18, 2024 21:17:00.421778917 CET	443	49732	199.232.196.193	192.168.2.5
Dec 18, 2024 21:17:00.429157972 CET	443	49732	199.232.196.193	192.168.2.5
Dec 18, 2024 21:17:00.429219961 CET	443	49732	199.232.196.193	192.168.2.5
Dec 18, 2024 21:17:00.429239988 CET	49732	443	192.168.2.5	199.232.196.193
Dec 18, 2024 21:17:00.429253101 CET	443	49732	199.232.196.193	192.168.2.5
Dec 18, 2024 21:17:00.429296970 CET	49732	443	192.168.2.5	199.232.196.193
Dec 18, 2024 21:17:00.429315090 CET	443	49732	199.232.196.193	192.168.2.5
Dec 18, 2024 21:17:00.429363012 CET	49732	443	192.168.2.5	199.232.196.193
Dec 18, 2024 21:17:00.479310036 CET	49732	443	192.168.2.5	199.232.196.193
Dec 18, 2024 21:17:00.479336023 CET	443	49732	199.232.196.193	192.168.2.5
Dec 18, 2024 21:17:00.510222912 CET	49712	443	192.168.2.5	142.250.181.132
Dec 18, 2024 21:17:00.510241985 CET	443	49712	142.250.181.132	192.168.2.5
Dec 18, 2024 21:17:00.649915934 CET	49744	443	192.168.2.5	199.232.192.193
Dec 18, 2024 21:17:00.649960995 CET	443	49744	199.232.192.193	192.168.2.5
Dec 18, 2024 21:17:00.650038958 CET	49744	443	192.168.2.5	199.232.192.193
Dec 18, 2024 21:17:00.650338888 CET	49744	443	192.168.2.5	199.232.192.193
Dec 18, 2024 21:17:00.650348902 CET	443	49744	199.232.192.193	192.168.2.5
Dec 18, 2024 21:17:00.828237057 CET	443	49738	172.66.44.55	192.168.2.5
Dec 18, 2024 21:17:00.828682899 CET	49738	443	192.168.2.5	172.66.44.55
Dec 18, 2024 21:17:00.828700066 CET	443	49738	172.66.44.55	192.168.2.5
Dec 18, 2024 21:17:00.829761982 CET	443	49738	172.66.44.55	192.168.2.5
Dec 18, 2024 21:17:00.829927921 CET	49738	443	192.168.2.5	172.66.44.55
Dec 18, 2024 21:17:00.830919981 CET	49738	443	192.168.2.5	172.66.44.55
Dec 18, 2024 21:17:00.830987930 CET	443	49738	172.66.44.55	192.168.2.5
Dec 18, 2024 21:17:00.831557035 CET	49738	443	192.168.2.5	172.66.44.55
Dec 18, 2024 21:17:00.831566095 CET	443	49738	172.66.44.55	192.168.2.5
Dec 18, 2024 21:17:00.841378927 CET	443	49734	198.12.239.74	192.168.2.5
Dec 18, 2024 21:17:00.841469049 CET	443	49735	198.12.239.74	192.168.2.5
Dec 18, 2024 21:17:00.841914892 CET	49734	443	192.168.2.5	198.12.239.74
Dec 18, 2024 21:17:00.841917038 CET	49735	443	192.168.2.5	198.12.239.74
Dec 18, 2024 21:17:00.841936111 CET	443	49735	198.12.239.74	192.168.2.5
Dec 18, 2024 21:17:00.841943026 CET	443	49734	198.12.239.74	192.168.2.5
Dec 18, 2024 21:17:00.843029976 CET	443	49734	198.12.239.74	192.168.2.5
Dec 18, 2024 21:17:00.843085051 CET	443	49735	198.12.239.74	192.168.2.5
Dec 18, 2024 21:17:00.843118906 CET	49734	443	192.168.2.5	198.12.239.74
Dec 18, 2024 21:17:00.843322039 CET	49735	443	192.168.2.5	198.12.239.74
Dec 18, 2024 21:17:00.845897913 CET	49735	443	192.168.2.5	198.12.239.74
Dec 18, 2024 21:17:00.846034050 CET	443	49735	198.12.239.74	192.168.2.5
Dec 18, 2024 21:17:00.846165895 CET	49734	443	192.168.2.5	198.12.239.74
Dec 18, 2024 21:17:00.846282959 CET	443	49734	198.12.239.74	192.168.2.5
Dec 18, 2024 21:17:00.848150015 CET	49735	443	192.168.2.5	198.12.239.74
Dec 18, 2024 21:17:00.848176003 CET	443	49735	198.12.239.74	192.168.2.5
Dec 18, 2024 21:17:00.876909018 CET	49738	443	192.168.2.5	172.66.44.55
Dec 18, 2024 21:17:00.892401934 CET	49734	443	192.168.2.5	198.12.239.74
Dec 18, 2024 21:17:00.892402887 CET	49735	443	192.168.2.5	198.12.239.74
Dec 18, 2024 21:17:00.892431021 CET	443	49734	198.12.239.74	192.168.2.5
Dec 18, 2024 21:17:00.938781977 CET	49734	443	192.168.2.5	198.12.239.74
Dec 18, 2024 21:17:01.233438015 CET	443	49735	198.12.239.74	192.168.2.5
Dec 18, 2024 21:17:01.233474016 CET	443	49735	198.12.239.74	192.168.2.5
Dec 18, 2024 21:17:01.233481884 CET	443	49735	198.12.239.74	192.168.2.5
Dec 18, 2024 21:17:01.233632088 CET	49735	443	192.168.2.5	198.12.239.74
Dec 18, 2024 21:17:01.233650923 CET	443	49735	198.12.239.74	192.168.2.5
Dec 18, 2024 21:17:01.241316080 CET	443	49735	198.12.239.74	192.168.2.5
Dec 18, 2024 21:17:01.241676092 CET	49735	443	192.168.2.5	198.12.239.74
Dec 18, 2024 21:17:01.262517929 CET	49735	443	192.168.2.5	198.12.239.74
Dec 18, 2024 21:17:01.262541056 CET	443	49735	198.12.239.74	192.168.2.5
Dec 18, 2024 21:17:01.263360977 CET	49747	443	192.168.2.5	198.12.239.74
Dec 18, 2024 21:17:01.263400078 CET	443	49747	198.12.239.74	192.168.2.5
Dec 18, 2024 21:17:01.263633013 CET	49747	443	192.168.2.5	198.12.239.74
Dec 18, 2024 21:17:01.265785933 CET	49734	443	192.168.2.5	198.12.239.74
Dec 18, 2024 21:17:01.266824961 CET	49747	443	192.168.2.5	198.12.239.74
Dec 18, 2024 21:17:01.266843081 CET	443	49747	198.12.239.74	192.168.2.5
Dec 18, 2024 21:17:01.306205988 CET	443	49738	172.66.44.55	192.168.2.5
Dec 18, 2024 21:17:01.306284904 CET	443	49738	172.66.44.55	192.168.2.5
Dec 18, 2024 21:17:01.307537079 CET	49738	443	192.168.2.5	172.66.44.55
Dec 18, 2024 21:17:01.310743093 CET	49738	443	192.168.2.5	172.66.44.55
Dec 18, 2024 21:17:01.310765028 CET	443	49738	172.66.44.55	192.168.2.5
Dec 18, 2024 21:17:01.311332941 CET	443	49734	198.12.239.74	192.168.2.5
Dec 18, 2024 21:17:01.407329082 CET	49749	443	192.168.2.5	199.232.196.193
Dec 18, 2024 21:17:01.407335997 CET	49748	443	192.168.2.5	199.232.196.193
Dec 18, 2024 21:17:01.407385111 CET	443	49748	199.232.196.193	192.168.2.5
Dec 18, 2024 21:17:01.407397032 CET	443	49749	199.232.196.193	192.168.2.5
Dec 18, 2024 21:17:01.407510996 CET	49749	443	192.168.2.5	199.232.196.193
Dec 18, 2024 21:17:01.407526016 CET	49748	443	192.168.2.5	199.232.196.193
Dec 18, 2024 21:17:01.407856941 CET	49749	443	192.168.2.5	199.232.196.193
Dec 18, 2024 21:17:01.407871008 CET	443	49749	199.232.196.193	192.168.2.5
Dec 18, 2024 21:17:01.408175945 CET	49748	443	192.168.2.5	199.232.196.193
Dec 18, 2024 21:17:01.408190012 CET	443	49748	199.232.196.193	192.168.2.5
Dec 18, 2024 21:17:01.641280890 CET	443	49734	198.12.239.74	192.168.2.5
Dec 18, 2024 21:17:01.641532898 CET	443	49734	198.12.239.74	192.168.2.5
Dec 18, 2024 21:17:01.641820908 CET	49734	443	192.168.2.5	198.12.239.74
Dec 18, 2024 21:17:01.645277023 CET	49734	443	192.168.2.5	198.12.239.74
Dec 18, 2024 21:17:01.645299911 CET	443	49734	198.12.239.74	192.168.2.5
Dec 18, 2024 21:17:02.190474033 CET	443	49744	199.232.192.193	192.168.2.5
Dec 18, 2024 21:17:02.228404045 CET	49744	443	192.168.2.5	199.232.192.193
Dec 18, 2024 21:17:02.228431940 CET	443	49744	199.232.192.193	192.168.2.5
Dec 18, 2024 21:17:02.229634047 CET	443	49744	199.232.192.193	192.168.2.5
Dec 18, 2024 21:17:02.229729891 CET	49744	443	192.168.2.5	199.232.192.193
Dec 18, 2024 21:17:02.234275103 CET	49744	443	192.168.2.5	199.232.192.193
Dec 18, 2024 21:17:02.234359026 CET	443	49744	199.232.192.193	192.168.2.5
Dec 18, 2024 21:17:02.234486103 CET	49744	443	192.168.2.5	199.232.192.193
Dec 18, 2024 21:17:02.234493971 CET	443	49744	199.232.192.193	192.168.2.5
Dec 18, 2024 21:17:02.281913042 CET	49744	443	192.168.2.5	199.232.192.193
Dec 18, 2024 21:17:02.591583014 CET	443	49744	199.232.192.193	192.168.2.5
Dec 18, 2024 21:17:02.591866016 CET	443	49744	199.232.192.193	192.168.2.5
Dec 18, 2024 21:17:02.591963053 CET	49744	443	192.168.2.5	199.232.192.193
Dec 18, 2024 21:17:02.591990948 CET	443	49744	199.232.192.193	192.168.2.5
Dec 18, 2024 21:17:02.608247042 CET	443	49744	199.232.192.193	192.168.2.5
Dec 18, 2024 21:17:02.608341932 CET	443	49744	199.232.192.193	192.168.2.5
Dec 18, 2024 21:17:02.608460903 CET	49744	443	192.168.2.5	199.232.192.193
Dec 18, 2024 21:17:02.608489990 CET	443	49744	199.232.192.193	192.168.2.5
Dec 18, 2024 21:17:02.608609915 CET	49744	443	192.168.2.5	199.232.192.193
Dec 18, 2024 21:17:02.615294933 CET	443	49744	199.232.192.193	192.168.2.5
Dec 18, 2024 21:17:02.623640060 CET	443	49744	199.232.192.193	192.168.2.5
Dec 18, 2024 21:17:02.623735905 CET	49744	443	192.168.2.5	199.232.192.193
Dec 18, 2024 21:17:02.623747110 CET	443	49744	199.232.192.193	192.168.2.5
Dec 18, 2024 21:17:02.632256031 CET	443	49744	199.232.192.193	192.168.2.5
Dec 18, 2024 21:17:02.632369995 CET	49744	443	192.168.2.5	199.232.192.193
Dec 18, 2024 21:17:02.632380009 CET	443	49744	199.232.192.193	192.168.2.5
Dec 18, 2024 21:17:02.640474081 CET	443	49744	199.232.192.193	192.168.2.5
Dec 18, 2024 21:17:02.640512943 CET	443	49744	199.232.192.193	192.168.2.5
Dec 18, 2024 21:17:02.640600920 CET	49744	443	192.168.2.5	199.232.192.193
Dec 18, 2024 21:17:02.640609980 CET	443	49744	199.232.192.193	192.168.2.5
Dec 18, 2024 21:17:02.640765905 CET	49744	443	192.168.2.5	199.232.192.193
Dec 18, 2024 21:17:02.645365953 CET	443	49747	198.12.239.74	192.168.2.5
Dec 18, 2024 21:17:02.647670984 CET	49747	443	192.168.2.5	198.12.239.74
Dec 18, 2024 21:17:02.647685051 CET	443	49747	198.12.239.74	192.168.2.5
Dec 18, 2024 21:17:02.648190975 CET	443	49747	198.12.239.74	192.168.2.5
Dec 18, 2024 21:17:02.649391890 CET	49747	443	192.168.2.5	198.12.239.74
Dec 18, 2024 21:17:02.649491072 CET	443	49747	198.12.239.74	192.168.2.5
Dec 18, 2024 21:17:02.689579964 CET	49747	443	192.168.2.5	198.12.239.74
Dec 18, 2024 21:17:02.701633930 CET	443	49749	199.232.196.193	192.168.2.5
Dec 18, 2024 21:17:02.701942921 CET	443	49748	199.232.196.193	192.168.2.5
Dec 18, 2024 21:17:02.702008963 CET	49749	443	192.168.2.5	199.232.196.193
Dec 18, 2024 21:17:02.702033997 CET	443	49749	199.232.196.193	192.168.2.5
Dec 18, 2024 21:17:02.702419043 CET	49748	443	192.168.2.5	199.232.196.193
Dec 18, 2024 21:17:02.702435970 CET	443	49748	199.232.196.193	192.168.2.5
Dec 18, 2024 21:17:02.703118086 CET	443	49749	199.232.196.193	192.168.2.5
Dec 18, 2024 21:17:02.703222990 CET	49749	443	192.168.2.5	199.232.196.193
Dec 18, 2024 21:17:02.703511000 CET	443	49748	199.232.196.193	192.168.2.5
Dec 18, 2024 21:17:02.703593016 CET	49748	443	192.168.2.5	199.232.196.193
Dec 18, 2024 21:17:02.703820944 CET	49749	443	192.168.2.5	199.232.196.193
Dec 18, 2024 21:17:02.703887939 CET	443	49749	199.232.196.193	192.168.2.5
Dec 18, 2024 21:17:02.704242945 CET	49748	443	192.168.2.5	199.232.196.193
Dec 18, 2024 21:17:02.704313993 CET	443	49748	199.232.196.193	192.168.2.5
Dec 18, 2024 21:17:02.751202106 CET	49749	443	192.168.2.5	199.232.196.193
Dec 18, 2024 21:17:02.751228094 CET	443	49749	199.232.196.193	192.168.2.5
Dec 18, 2024 21:17:02.751240969 CET	49748	443	192.168.2.5	199.232.196.193
Dec 18, 2024 21:17:02.751260996 CET	443	49748	199.232.196.193	192.168.2.5
Dec 18, 2024 21:17:02.783788919 CET	443	49744	199.232.192.193	192.168.2.5
Dec 18, 2024 21:17:02.787286997 CET	443	49744	199.232.192.193	192.168.2.5
Dec 18, 2024 21:17:02.787404060 CET	49744	443	192.168.2.5	199.232.192.193
Dec 18, 2024 21:17:02.787436008 CET	443	49744	199.232.192.193	192.168.2.5
Dec 18, 2024 21:17:02.793272972 CET	443	49744	199.232.192.193	192.168.2.5
Dec 18, 2024 21:17:02.793708086 CET	49744	443	192.168.2.5	199.232.192.193
Dec 18, 2024 21:17:02.793728113 CET	443	49744	199.232.192.193	192.168.2.5
Dec 18, 2024 21:17:02.798090935 CET	49748	443	192.168.2.5	199.232.196.193
Dec 18, 2024 21:17:02.798113108 CET	49749	443	192.168.2.5	199.232.196.193
Dec 18, 2024 21:17:02.800704002 CET	443	49744	199.232.192.193	192.168.2.5
Dec 18, 2024 21:17:02.800795078 CET	443	49744	199.232.192.193	192.168.2.5
Dec 18, 2024 21:17:02.800817966 CET	49744	443	192.168.2.5	199.232.192.193
Dec 18, 2024 21:17:02.800863981 CET	49744	443	192.168.2.5	199.232.192.193
Dec 18, 2024 21:17:02.802165031 CET	49744	443	192.168.2.5	199.232.192.193
Dec 18, 2024 21:17:02.802186012 CET	443	49744	199.232.192.193	192.168.2.5
Dec 18, 2024 21:17:33.047487974 CET	443	49747	198.12.239.74	192.168.2.5
Dec 18, 2024 21:17:33.047560930 CET	443	49747	198.12.239.74	192.168.2.5
Dec 18, 2024 21:17:33.047640085 CET	49747	443	192.168.2.5	198.12.239.74
Dec 18, 2024 21:17:33.206285000 CET	49747	443	192.168.2.5	198.12.239.74
Dec 18, 2024 21:17:33.206317902 CET	443	49747	198.12.239.74	192.168.2.5
Dec 18, 2024 21:17:47.766458988 CET	49748	443	192.168.2.5	199.232.196.193
Dec 18, 2024 21:17:47.766463041 CET	49749	443	192.168.2.5	199.232.196.193
Dec 18, 2024 21:17:47.766474962 CET	443	49749	199.232.196.193	192.168.2.5
Dec 18, 2024 21:17:47.766482115 CET	443	49748	199.232.196.193	192.168.2.5
Dec 18, 2024 21:17:48.393275023 CET	49861	443	192.168.2.5	142.250.181.132
Dec 18, 2024 21:17:48.393327951 CET	443	49861	142.250.181.132	192.168.2.5
Dec 18, 2024 21:17:48.393402100 CET	49861	443	192.168.2.5	142.250.181.132
Dec 18, 2024 21:17:48.393671036 CET	49861	443	192.168.2.5	142.250.181.132
Dec 18, 2024 21:17:48.393681049 CET	443	49861	142.250.181.132	192.168.2.5
Dec 18, 2024 21:17:50.107831955 CET	443	49861	142.250.181.132	192.168.2.5
Dec 18, 2024 21:17:50.108324051 CET	49861	443	192.168.2.5	142.250.181.132
Dec 18, 2024 21:17:50.108352900 CET	443	49861	142.250.181.132	192.168.2.5
Dec 18, 2024 21:17:50.108736992 CET	443	49861	142.250.181.132	192.168.2.5
Dec 18, 2024 21:17:50.109082937 CET	49861	443	192.168.2.5	142.250.181.132
Dec 18, 2024 21:17:50.109149933 CET	443	49861	142.250.181.132	192.168.2.5
Dec 18, 2024 21:17:50.156866074 CET	49861	443	192.168.2.5	142.250.181.132
Dec 18, 2024 21:17:59.803235054 CET	443	49861	142.250.181.132	192.168.2.5
Dec 18, 2024 21:17:59.803307056 CET	443	49861	142.250.181.132	192.168.2.5
Dec 18, 2024 21:17:59.803489923 CET	49861	443	192.168.2.5	142.250.181.132
Dec 18, 2024 21:18:01.205856085 CET	49861	443	192.168.2.5	142.250.181.132
Dec 18, 2024 21:18:01.205883026 CET	443	49861	142.250.181.132	192.168.2.5
Dec 18, 2024 21:18:03.204869986 CET	49749	443	192.168.2.5	199.232.196.193
Dec 18, 2024 21:18:03.204916000 CET	49748	443	192.168.2.5	199.232.196.193
Dec 18, 2024 21:18:03.204962015 CET	443	49749	199.232.196.193	192.168.2.5
Dec 18, 2024 21:18:03.204994917 CET	443	49748	199.232.196.193	192.168.2.5
Dec 18, 2024 21:18:03.205035925 CET	49749	443	192.168.2.5	199.232.196.193
Dec 18, 2024 21:18:03.205065966 CET	49748	443	192.168.2.5	199.232.196.193

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 18, 2024 21:16:44.812871933 CET	53	53720	1.1.1.1	192.168.2.5
Dec 18, 2024 21:16:45.126223087 CET	53	60655	1.1.1.1	192.168.2.5
Dec 18, 2024 21:16:47.846410036 CET	53	64379	1.1.1.1	192.168.2.5
Dec 18, 2024 21:16:48.329714060 CET	54516	53	192.168.2.5	1.1.1.1
Dec 18, 2024 21:16:48.329830885 CET	49167	53	192.168.2.5	1.1.1.1
Dec 18, 2024 21:16:48.469464064 CET	53	49167	1.1.1.1	192.168.2.5
Dec 18, 2024 21:16:48.469506025 CET	53	54516	1.1.1.1	192.168.2.5
Dec 18, 2024 21:16:50.298408031 CET	54359	53	192.168.2.5	1.1.1.1
Dec 18, 2024 21:16:50.298723936 CET	59152	53	192.168.2.5	1.1.1.1
Dec 18, 2024 21:16:50.679125071 CET	53	54359	1.1.1.1	192.168.2.5
Dec 18, 2024 21:16:50.680063963 CET	53	59152	1.1.1.1	192.168.2.5
Dec 18, 2024 21:16:53.271876097 CET	57606	53	192.168.2.5	1.1.1.1
Dec 18, 2024 21:16:53.272145987 CET	50697	53	192.168.2.5	1.1.1.1
Dec 18, 2024 21:16:53.409230947 CET	53	57606	1.1.1.1	192.168.2.5
Dec 18, 2024 21:16:53.409738064 CET	53	50697	1.1.1.1	192.168.2.5
Dec 18, 2024 21:16:55.123450994 CET	65333	53	192.168.2.5	1.1.1.1
Dec 18, 2024 21:16:55.123637915 CET	59480	53	192.168.2.5	1.1.1.1
Dec 18, 2024 21:16:55.265157938 CET	53	59480	1.1.1.1	192.168.2.5
Dec 18, 2024 21:16:55.266623974 CET	53	65333	1.1.1.1	192.168.2.5
Dec 18, 2024 21:16:58.228885889 CET	63718	53	192.168.2.5	1.1.1.1
Dec 18, 2024 21:16:58.229176998 CET	63580	53	192.168.2.5	1.1.1.1
Dec 18, 2024 21:16:58.231334925 CET	58516	53	192.168.2.5	1.1.1.1
Dec 18, 2024 21:16:58.231504917 CET	59194	53	192.168.2.5	1.1.1.1
Dec 18, 2024 21:16:58.368709087 CET	53	63718	1.1.1.1	192.168.2.5
Dec 18, 2024 21:16:58.369035959 CET	53	63580	1.1.1.1	192.168.2.5
Dec 18, 2024 21:16:58.370913029 CET	53	58516	1.1.1.1	192.168.2.5
Dec 18, 2024 21:16:58.371452093 CET	53	59194	1.1.1.1	192.168.2.5
Dec 18, 2024 21:16:58.445729971 CET	57020	53	192.168.2.5	1.1.1.1
Dec 18, 2024 21:16:58.445939064 CET	55066	53	192.168.2.5	1.1.1.1
Dec 18, 2024 21:16:58.932293892 CET	53	57020	1.1.1.1	192.168.2.5
Dec 18, 2024 21:16:58.932462931 CET	53	55066	1.1.1.1	192.168.2.5
Dec 18, 2024 21:17:00.510946035 CET	57636	53	192.168.2.5	1.1.1.1
Dec 18, 2024 21:17:00.511989117 CET	50343	53	192.168.2.5	1.1.1.1
Dec 18, 2024 21:17:00.648499012 CET	53	57636	1.1.1.1	192.168.2.5
Dec 18, 2024 21:17:00.649243116 CET	53	50343	1.1.1.1	192.168.2.5
Dec 18, 2024 21:17:01.264647961 CET	65216	53	192.168.2.5	1.1.1.1
Dec 18, 2024 21:17:01.264816999 CET	58840	53	192.168.2.5	1.1.1.1
Dec 18, 2024 21:17:01.283425093 CET	53859	53	192.168.2.5	1.1.1.1
Dec 18, 2024 21:17:01.283786058 CET	58116	53	192.168.2.5	1.1.1.1
Dec 18, 2024 21:17:01.405611038 CET	53	58840	1.1.1.1	192.168.2.5
Dec 18, 2024 21:17:01.406234980 CET	53	65216	1.1.1.1	192.168.2.5
Dec 18, 2024 21:17:01.448184967 CET	53	53859	1.1.1.1	192.168.2.5
Dec 18, 2024 21:17:01.448637009 CET	53	58116	1.1.1.1	192.168.2.5
Dec 18, 2024 21:17:01.452647924 CET	57933	53	192.168.2.5	1.1.1.1
Dec 18, 2024 21:17:01.589945078 CET	53	57933	1.1.1.1	192.168.2.5
Dec 18, 2024 21:17:01.630556107 CET	51362	53	192.168.2.5	8.8.8.8
Dec 18, 2024 21:17:01.630554914 CET	52266	53	192.168.2.5	1.1.1.1
Dec 18, 2024 21:17:01.768429995 CET	53	51362	8.8.8.8	192.168.2.5
Dec 18, 2024 21:17:01.772452116 CET	53	52266	1.1.1.1	192.168.2.5
Dec 18, 2024 21:17:01.814342976 CET	53	54322	1.1.1.1	192.168.2.5
Dec 18, 2024 21:17:02.632484913 CET	59972	53	192.168.2.5	1.1.1.1
Dec 18, 2024 21:17:02.632900000 CET	61826	53	192.168.2.5	1.1.1.1
Dec 18, 2024 21:17:02.770488977 CET	53	61826	1.1.1.1	192.168.2.5
Dec 18, 2024 21:17:02.771415949 CET	53	59972	1.1.1.1	192.168.2.5
Dec 18, 2024 21:17:04.949278116 CET	53	65165	1.1.1.1	192.168.2.5
Dec 18, 2024 21:17:07.792052031 CET	60657	53	192.168.2.5	1.1.1.1
Dec 18, 2024 21:17:07.792366982 CET	52636	53	192.168.2.5	1.1.1.1
Dec 18, 2024 21:17:07.933159113 CET	53	60657	1.1.1.1	192.168.2.5
Dec 18, 2024 21:17:07.933516026 CET	53	52636	1.1.1.1	192.168.2.5
Dec 18, 2024 21:17:07.934149027 CET	54870	53	192.168.2.5	1.1.1.1
Dec 18, 2024 21:17:08.073745966 CET	53	54870	1.1.1.1	192.168.2.5
Dec 18, 2024 21:17:09.383039951 CET	60861	53	192.168.2.5	1.1.1.1
Dec 18, 2024 21:17:09.383196115 CET	58435	53	192.168.2.5	1.1.1.1
Dec 18, 2024 21:17:09.520365953 CET	53	58435	1.1.1.1	192.168.2.5
Dec 18, 2024 21:17:09.520503044 CET	53	60861	1.1.1.1	192.168.2.5
Dec 18, 2024 21:17:09.531862020 CET	54685	53	192.168.2.5	1.1.1.1
Dec 18, 2024 21:17:09.532073975 CET	58140	53	192.168.2.5	8.8.8.8
Dec 18, 2024 21:17:09.667953968 CET	53	58140	8.8.8.8	192.168.2.5
Dec 18, 2024 21:17:09.670519114 CET	53	54685	1.1.1.1	192.168.2.5
Dec 18, 2024 21:17:23.718071938 CET	53	63951	1.1.1.1	192.168.2.5
Dec 18, 2024 21:17:38.688906908 CET	64527	53	192.168.2.5	1.1.1.1
Dec 18, 2024 21:17:38.826385975 CET	53	64527	1.1.1.1	192.168.2.5
Dec 18, 2024 21:17:39.540091991 CET	64927	53	192.168.2.5	1.1.1.1
Dec 18, 2024 21:17:39.540460110 CET	64218	53	192.168.2.5	1.1.1.1
Dec 18, 2024 21:17:39.677040100 CET	53	64927	1.1.1.1	192.168.2.5
Dec 18, 2024 21:17:39.677998066 CET	53	64218	1.1.1.1	192.168.2.5
Dec 18, 2024 21:17:39.681802988 CET	55909	53	192.168.2.5	1.1.1.1
Dec 18, 2024 21:17:39.818583012 CET	53	55909	1.1.1.1	192.168.2.5
Dec 18, 2024 21:17:44.566235065 CET	53	51544	1.1.1.1	192.168.2.5
Dec 18, 2024 21:17:46.360987902 CET	53	65006	1.1.1.1	192.168.2.5
Dec 18, 2024 21:17:59.267525911 CET	65163	53	192.168.2.5	1.1.1.1
Dec 18, 2024 21:17:59.405661106 CET	53	65163	1.1.1.1	192.168.2.5
Dec 18, 2024 21:18:04.774874926 CET	64847	53	192.168.2.5	1.1.1.1
Dec 18, 2024 21:18:04.775002956 CET	49717	53	192.168.2.5	1.1.1.1
Dec 18, 2024 21:18:04.914249897 CET	53	64847	1.1.1.1	192.168.2.5
Dec 18, 2024 21:18:04.914910078 CET	53	49717	1.1.1.1	192.168.2.5
Dec 18, 2024 21:18:04.915587902 CET	61209	53	192.168.2.5	1.1.1.1
Dec 18, 2024 21:18:05.054903030 CET	53	61209	1.1.1.1	192.168.2.5
Dec 18, 2024 21:18:05.067116976 CET	62656	53	192.168.2.5	1.1.1.1
Dec 18, 2024 21:18:05.067284107 CET	56581	53	192.168.2.5	8.8.8.8
Dec 18, 2024 21:18:05.201587915 CET	53	56581	8.8.8.8	192.168.2.5
Dec 18, 2024 21:18:05.204152107 CET	53	62656	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 18, 2024 21:16:48.329714060 CET	192.168.2.5	1.1.1.1	0x2db8	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:16:48.329830885 CET	192.168.2.5	1.1.1.1	0x92ea	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 18, 2024 21:16:50.298408031 CET	192.168.2.5	1.1.1.1	0xf17	Standard query (0)	hnvs.xyz	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:16:50.298723936 CET	192.168.2.5	1.1.1.1	0x832f	Standard query (0)	hnvs.xyz	65	IN (0x0001)	false
Dec 18, 2024 21:16:53.271876097 CET	192.168.2.5	1.1.1.1	0x6a45	Standard query (0)	bit.ly	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:16:53.272145987 CET	192.168.2.5	1.1.1.1	0x487d	Standard query (0)	bit.ly	65	IN (0x0001)	false
Dec 18, 2024 21:16:55.123450994 CET	192.168.2.5	1.1.1.1	0x3aa7	Standard query (0)	od-img.pages.dev	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:16:55.123637915 CET	192.168.2.5	1.1.1.1	0x329c	Standard query (0)	od-img.pages.dev	65	IN (0x0001)	false
Dec 18, 2024 21:16:58.228885889 CET	192.168.2.5	1.1.1.1	0xfe20	Standard query (0)	i.imgur.com	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:16:58.229176998 CET	192.168.2.5	1.1.1.1	0x9397	Standard query (0)	i.imgur.com	65	IN (0x0001)	false
Dec 18, 2024 21:16:58.231334925 CET	192.168.2.5	1.1.1.1	0x2501	Standard query (0)	od-img.pages.dev	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:16:58.231504917 CET	192.168.2.5	1.1.1.1	0x33a4	Standard query (0)	od-img.pages.dev	65	IN (0x0001)	false
Dec 18, 2024 21:16:58.445729971 CET	192.168.2.5	1.1.1.1	0x5b95	Standard query (0)	reln.xyz	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:16:58.445939064 CET	192.168.2.5	1.1.1.1	0x9ecf	Standard query (0)	reln.xyz	65	IN (0x0001)	false
Dec 18, 2024 21:17:00.510946035 CET	192.168.2.5	1.1.1.1	0x14bb	Standard query (0)	i.imgur.com	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:17:00.511989117 CET	192.168.2.5	1.1.1.1	0x4da8	Standard query (0)	i.imgur.com	65	IN (0x0001)	false
Dec 18, 2024 21:17:01.264647961 CET	192.168.2.5	1.1.1.1	0xceb1	Standard query (0)	i.imgur.com	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:17:01.264816999 CET	192.168.2.5	1.1.1.1	0x647	Standard query (0)	i.imgur.com	65	IN (0x0001)	false
Dec 18, 2024 21:17:01.283425093 CET	192.168.2.5	1.1.1.1	0x70ec	Standard query (0)	tescko.pages.dev	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:17:01.283786058 CET	192.168.2.5	1.1.1.1	0x6cd6	Standard query (0)	tescko.pages.dev	65	IN (0x0001)	false
Dec 18, 2024 21:17:01.452647924 CET	192.168.2.5	1.1.1.1	0xd9cd	Standard query (0)	tescko.pages.dev	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:17:01.630556107 CET	192.168.2.5	8.8.8.8	0xa251	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:17:01.630554914 CET	192.168.2.5	1.1.1.1	0xfc43	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:17:02.632484913 CET	192.168.2.5	1.1.1.1	0xf8b7	Standard query (0)	tescko.pages.dev	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:17:02.632900000 CET	192.168.2.5	1.1.1.1	0x4d94	Standard query (0)	tescko.pages.dev	65	IN (0x0001)	false
Dec 18, 2024 21:17:07.792052031 CET	192.168.2.5	1.1.1.1	0x8956	Standard query (0)	tescko.pages.dev	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:17:07.792366982 CET	192.168.2.5	1.1.1.1	0xbb78	Standard query (0)	tescko.pages.dev	65	IN (0x0001)	false
Dec 18, 2024 21:17:07.934149027 CET	192.168.2.5	1.1.1.1	0x5f54	Standard query (0)	tescko.pages.dev	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:17:09.383039951 CET	192.168.2.5	1.1.1.1	0xabf3	Standard query (0)	tescko.pages.dev	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:17:09.383196115 CET	192.168.2.5	1.1.1.1	0xb39d	Standard query (0)	tescko.pages.dev	65	IN (0x0001)	false
Dec 18, 2024 21:17:09.531862020 CET	192.168.2.5	1.1.1.1	0xc201	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:17:09.532073975 CET	192.168.2.5	8.8.8.8	0x86a7	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:17:38.688906908 CET	192.168.2.5	1.1.1.1	0x585b	Standard query (0)	tescko.pages.dev	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:17:39.540091991 CET	192.168.2.5	1.1.1.1	0xf179	Standard query (0)	tescko.pages.dev	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:17:39.540460110 CET	192.168.2.5	1.1.1.1	0xbc42	Standard query (0)	tescko.pages.dev	65	IN (0x0001)	false
Dec 18, 2024 21:17:39.681802988 CET	192.168.2.5	1.1.1.1	0x4da5	Standard query (0)	tescko.pages.dev	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:17:59.267525911 CET	192.168.2.5	1.1.1.1	0xafad	Standard query (0)	tescko.pages.dev	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:18:04.774874926 CET	192.168.2.5	1.1.1.1	0x435b	Standard query (0)	tescko.pages.dev	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:18:04.775002956 CET	192.168.2.5	1.1.1.1	0x7bf1	Standard query (0)	tescko.pages.dev	65	IN (0x0001)	false
Dec 18, 2024 21:18:04.915587902 CET	192.168.2.5	1.1.1.1	0xec73	Standard query (0)	tescko.pages.dev	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:18:05.067116976 CET	192.168.2.5	1.1.1.1	0x7936	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:18:05.067284107 CET	192.168.2.5	8.8.8.8	0xad68	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 18, 2024 21:16:48.469464064 CET	1.1.1.1	192.168.2.5	0x92ea	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 18, 2024 21:16:48.469506025 CET	1.1.1.1	192.168.2.5	0x2db8	No error (0)	www.google.com		142.250.181.132	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:16:50.679125071 CET	1.1.1.1	192.168.2.5	0xf17	No error (0)	hnvs.xyz		198.12.239.74	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:16:53.409230947 CET	1.1.1.1	192.168.2.5	0x6a45	No error (0)	bit.ly		67.199.248.11	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:16:53.409230947 CET	1.1.1.1	192.168.2.5	0x6a45	No error (0)	bit.ly		67.199.248.10	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:16:55.265157938 CET	1.1.1.1	192.168.2.5	0x329c	No error (0)	od-img.pages.dev			65	IN (0x0001)	false
Dec 18, 2024 21:16:55.266623974 CET	1.1.1.1	192.168.2.5	0x3aa7	No error (0)	od-img.pages.dev		172.66.47.201	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:16:55.266623974 CET	1.1.1.1	192.168.2.5	0x3aa7	No error (0)	od-img.pages.dev		172.66.44.55	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:16:58.368709087 CET	1.1.1.1	192.168.2.5	0xfe20	No error (0)	i.imgur.com	ipv4.imgur.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 18, 2024 21:16:58.368709087 CET	1.1.1.1	192.168.2.5	0xfe20	No error (0)	ipv4.imgur.map.fastly.net		199.232.196.193	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:16:58.368709087 CET	1.1.1.1	192.168.2.5	0xfe20	No error (0)	ipv4.imgur.map.fastly.net		199.232.192.193	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:16:58.369035959 CET	1.1.1.1	192.168.2.5	0x9397	No error (0)	i.imgur.com	ipv4.imgur.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 18, 2024 21:16:58.370913029 CET	1.1.1.1	192.168.2.5	0x2501	No error (0)	od-img.pages.dev		172.66.44.55	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:16:58.370913029 CET	1.1.1.1	192.168.2.5	0x2501	No error (0)	od-img.pages.dev		172.66.47.201	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:16:58.371452093 CET	1.1.1.1	192.168.2.5	0x33a4	No error (0)	od-img.pages.dev			65	IN (0x0001)	false
Dec 18, 2024 21:16:58.932293892 CET	1.1.1.1	192.168.2.5	0x5b95	No error (0)	reln.xyz		198.12.239.74	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:17:00.648499012 CET	1.1.1.1	192.168.2.5	0x14bb	No error (0)	i.imgur.com	ipv4.imgur.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 18, 2024 21:17:00.648499012 CET	1.1.1.1	192.168.2.5	0x14bb	No error (0)	ipv4.imgur.map.fastly.net		199.232.192.193	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:17:00.648499012 CET	1.1.1.1	192.168.2.5	0x14bb	No error (0)	ipv4.imgur.map.fastly.net		199.232.196.193	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:17:00.649243116 CET	1.1.1.1	192.168.2.5	0x4da8	No error (0)	i.imgur.com	ipv4.imgur.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 18, 2024 21:17:01.405611038 CET	1.1.1.1	192.168.2.5	0x647	No error (0)	i.imgur.com	ipv4.imgur.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 18, 2024 21:17:01.406234980 CET	1.1.1.1	192.168.2.5	0xceb1	No error (0)	i.imgur.com	ipv4.imgur.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 18, 2024 21:17:01.406234980 CET	1.1.1.1	192.168.2.5	0xceb1	No error (0)	ipv4.imgur.map.fastly.net		199.232.196.193	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:17:01.406234980 CET	1.1.1.1	192.168.2.5	0xceb1	No error (0)	ipv4.imgur.map.fastly.net		199.232.192.193	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:17:01.448184967 CET	1.1.1.1	192.168.2.5	0x70ec	Name error (3)	tescko.pages.dev	none	none	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:17:01.448637009 CET	1.1.1.1	192.168.2.5	0x6cd6	Name error (3)	tescko.pages.dev	none	none	65	IN (0x0001)	false
Dec 18, 2024 21:17:01.589945078 CET	1.1.1.1	192.168.2.5	0xd9cd	Name error (3)	tescko.pages.dev	none	none	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:17:01.768429995 CET	8.8.8.8	192.168.2.5	0xa251	No error (0)	google.com		142.250.181.110	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:17:01.772452116 CET	1.1.1.1	192.168.2.5	0xfc43	No error (0)	google.com		172.217.17.78	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:17:02.770488977 CET	1.1.1.1	192.168.2.5	0x4d94	Name error (3)	tescko.pages.dev	none	none	65	IN (0x0001)	false
Dec 18, 2024 21:17:02.771415949 CET	1.1.1.1	192.168.2.5	0xf8b7	Name error (3)	tescko.pages.dev	none	none	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:17:07.933159113 CET	1.1.1.1	192.168.2.5	0x8956	Name error (3)	tescko.pages.dev	none	none	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:17:07.933516026 CET	1.1.1.1	192.168.2.5	0xbb78	Name error (3)	tescko.pages.dev	none	none	65	IN (0x0001)	false
Dec 18, 2024 21:17:08.073745966 CET	1.1.1.1	192.168.2.5	0x5f54	Name error (3)	tescko.pages.dev	none	none	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:17:09.520365953 CET	1.1.1.1	192.168.2.5	0xb39d	Name error (3)	tescko.pages.dev	none	none	65	IN (0x0001)	false
Dec 18, 2024 21:17:09.520503044 CET	1.1.1.1	192.168.2.5	0xabf3	Name error (3)	tescko.pages.dev	none	none	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:17:09.667953968 CET	8.8.8.8	192.168.2.5	0x86a7	No error (0)	google.com		142.250.181.110	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:17:09.670519114 CET	1.1.1.1	192.168.2.5	0xc201	No error (0)	google.com		172.217.17.46	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:17:38.826385975 CET	1.1.1.1	192.168.2.5	0x585b	Name error (3)	tescko.pages.dev	none	none	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:17:39.677040100 CET	1.1.1.1	192.168.2.5	0xf179	Name error (3)	tescko.pages.dev	none	none	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:17:39.677998066 CET	1.1.1.1	192.168.2.5	0xbc42	Name error (3)	tescko.pages.dev	none	none	65	IN (0x0001)	false
Dec 18, 2024 21:17:39.818583012 CET	1.1.1.1	192.168.2.5	0x4da5	Name error (3)	tescko.pages.dev	none	none	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:17:59.405661106 CET	1.1.1.1	192.168.2.5	0xafad	Name error (3)	tescko.pages.dev	none	none	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:18:04.914249897 CET	1.1.1.1	192.168.2.5	0x435b	Name error (3)	tescko.pages.dev	none	none	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:18:04.914910078 CET	1.1.1.1	192.168.2.5	0x7bf1	Name error (3)	tescko.pages.dev	none	none	65	IN (0x0001)	false
Dec 18, 2024 21:18:05.054903030 CET	1.1.1.1	192.168.2.5	0xec73	Name error (3)	tescko.pages.dev	none	none	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:18:05.201587915 CET	8.8.8.8	192.168.2.5	0xad68	No error (0)	google.com		142.250.181.110	A (IP address)	IN (0x0001)	false
Dec 18, 2024 21:18:05.204152107 CET	1.1.1.1	192.168.2.5	0x7936	No error (0)	google.com		172.217.17.46	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

hnvs.xyz

https:

bit.ly

od-img.pages.dev

i.imgur.com

reln.xyz

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49714	198.12.239.74	443	3664	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-18 20:16:52 UTC	672	OUT	GET /asda-christmas-prizes HTTP/1.1 Host: hnvs.xyz Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-18 20:16:52 UTC	223	IN	HTTP/1.1 301 Moved Permanently Date: Wed, 18 Dec 2024 20:16:52 GMT Server: Apache Location: https://hnvs.xyz/asda-christmas-prizes/ Content-Length: 247 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-12-18 20:16:52 UTC	247	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 6e 76 73 2e 78 79 7a 2f 61 73 64 61 2d 63 68 72 69 73 74 6d 61 73 2d 70 72 69 7a 65 73 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://hnvs.xyz/asda-christmas-prizes/">here</a>.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49713	198.12.239.74	443	3664	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-18 20:16:52 UTC	673	OUT	GET /asda-christmas-prizes/ HTTP/1.1 Host: hnvs.xyz Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-18 20:16:53 UTC	296	IN	HTTP/1.1 200 OK Date: Wed, 18 Dec 2024 20:16:53 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 12 Dec 2024 16:23:05 GMT ETag: "32a0555-393-6291521051602" Accept-Ranges: bytes Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: text/html
2024-12-18 20:16:53 UTC	927	IN	Data Raw: 33 39 33 0d 0a 0a 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 20 20 20 0a 3c 74 69 74 6c 65 3e 41 53 44 4b 20 54 72 61 6e 20 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 68 65 61 64 3e 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 41 53 44 41 20 2d 20 f0 9f 8e 85 43 48 52 49 53 54 4d 41 53 20 47 49 56 45 41 57 41 59 f0 9f 8e 84 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 77 65 62 73 69 74 65 22 20 2f 3e 20 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 61 73 64 61 2e 63 6f 6d 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 69 Data Ascii: 393<html><head> <title>ASDK Tran 1</title> <head><meta property="og:title" content="ASDA - CHRISTMAS GIVEAWAY" /><meta property="og:type" content="website" /> <meta property="og:url" content="https://asda.com" /><meta property="og:i

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49718	67.199.248.11	443	3664	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-18 20:16:54 UTC	565	OUT	GET /3C20VLV HTTP/1.1 Host: bit.ly Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://hnvs.xyz/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-18 20:16:55 UTC	497	IN	HTTP/1.1 301 Moved Permanently Server: nginx Date: Wed, 18 Dec 2024 20:16:54 GMT Content-Type: text/html; charset=utf-8 Content-Length: 89 Cache-Control: private, max-age=90 Content-Security-Policy: referrer always; Location: https://od-img.pages.dev/ic.png?ASDA Referrer-Policy: unsafe-url Set-Cookie: _bit=obikgS-8888eed25d58562a63-009; Domain=bit.ly; Expires=Mon, 16 Jun 2025 20:16:54 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-18 20:16:55 UTC	89	IN	Data Raw: 3c 68 74 6d 6c 3e 0a 3c 62 6f 64 79 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6f 64 2d 69 6d 67 2e 70 61 67 65 73 2e 64 65 76 2f 69 63 2e 70 6e 67 3f 41 53 44 41 22 3e 6d 6f 76 65 64 20 68 65 72 65 3c 2f 61 3e 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><body><a href="https://od-img.pages.dev/ic.png?ASDA">moved here</a></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49725	172.66.47.201	443	3664	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-18 20:16:57 UTC	579	OUT	GET /ic.png?ASDA HTTP/1.1 Host: od-img.pages.dev Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://hnvs.xyz/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-18 20:16:58 UTC	946	IN	HTTP/1.1 200 OK Date: Wed, 18 Dec 2024 20:16:58 GMT Content-Type: image/png Content-Length: 73 Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=0, must-revalidate ETag: "dffe0cf1a64d3dd05635fc937707c193" referrer-policy: strict-origin-when-cross-origin x-content-type-options: nosniff Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R27QzGdZRRVogKP7Edph6v8JvEB%2BHsHrTgbc1T23ZK7oKmQtcvMMA5puOFK0cIbmwSLEjEDhIy3iGcMKjSaskAAzp75KACtAF00F2M%2BC7TzGvtTtTWJlE0KUtWRH9caAsbE5"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f41d56abf8b0f8b-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=18565&min_rtt=1704&rtt_var=10761&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2840&recv_bytes=1157&delivery_rate=1713615&cwnd=237&unsent_bytes=0&cid=98615ce3d6646443&ts=478&x=0"
2024-12-18 20:16:58 UTC	73	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 01 00 00 00 02 08 02 00 00 00 16 e3 21 70 00 00 00 10 49 44 41 54 08 d7 63 f8 ff ff 3f 13 03 03 03 00 11 fe 03 00 f7 aa 99 4f 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: PNGIHDR!pIDATc?OIENDB`

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49732	199.232.196.193	443	3664	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-18 20:16:59 UTC	575	OUT	GET /ZXLlDMU.jpeg HTTP/1.1 Host: i.imgur.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://hnvs.xyz/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-18 20:17:00 UTC	762	IN	HTTP/1.1 200 OK Connection: close Content-Length: 25814 Content-Type: image/jpeg Last-Modified: Sat, 19 Oct 2024 20:15:03 GMT ETag: "f4efa9260e7c528b8196b9f5cf9d8976" x-amz-server-side-encryption: AES256 X-Amz-Cf-Pop: IAD89-P1 X-Amz-Cf-Id: 99uAwuZtkWrbW1juRANzG-eW1mOT6hY4STVn422pDk4QbeiyrQLfXA== cache-control: public, max-age=31536000 Accept-Ranges: bytes Age: 2576791 Date: Wed, 18 Dec 2024 20:17:00 GMT X-Served-By: cache-iad-kcgs7200059-IAD, cache-ewr-kewr1740033-EWR X-Cache: Miss from cloudfront, HIT, HIT X-Cache-Hits: 78, 0 X-Timer: S1734553020.063388,VS0,VE2 Strict-Transport-Security: max-age=300 Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Origin: * Server: cat factory 1.0 X-Content-Type-Options: nosniff
2024-12-18 20:17:00 UTC	1371	IN	Data Raw: ff d8 ff db 00 43 00 02 01 01 01 01 01 02 01 01 01 02 02 02 02 02 04 03 02 02 02 02 05 04 04 03 04 06 05 06 06 06 05 06 06 06 07 09 08 06 07 09 07 06 06 08 0b 08 09 0a 0a 0a 0a 0a 06 08 0b 0c 0b 0a 0c 09 0a 0a 0a ff db 00 43 01 02 02 02 02 02 02 05 03 03 05 0a 07 06 07 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a ff c0 00 11 08 01 f4 02 ee 03 01 22 00 02 11 01 03 11 01 ff c4 00 1e 00 01 00 02 02 03 01 01 01 00 00 00 00 00 00 00 00 00 01 09 02 08 03 07 0a 06 04 05 ff c4 00 61 10 00 01 03 03 02 03 04 06 02 0d 04 0e 04 0c 07 00 00 01 02 03 04 05 11 06 07 08 21 31 09 12 41 51 13 22 61 71 81 91 14 32 0a 19 1a 23 42 52 57 93 94 a1 b1 c1 d1 15 17 56 f0 16 18 Data Ascii: CC"a!1AQ"aq2#BRWV
2024-12-18 20:17:00 UTC	1371	IN	Data Raw: 08 90 72 d1 d9 b5 3d c9 f1 c7 6c d1 77 aa 97 4d fe 05 29 ed b2 3b be 9e 69 84 5e 5f a8 fb ed 2b c2 47 14 7a c9 ac 97 4c 6c 2d ee a2 39 5b ea c9 51 4e e8 f9 fb 95 32 85 fa 76 b7 35 bf d3 84 9f 72 7e 47 b8 c2 53 f7 51 d7 80 ef 1b 77 66 2f 1f 77 48 63 9a 9b 87 3a a6 fa 4e 89 2d 63 19 8f 7e 57 97 bc fd bf 6a a3 b4 33 ff 00 57 95 ff 00 fd 68 bf fb 8c d8 e8 9a bc fd da 13 fe 96 7b fb 3d 7f c2 fe 87 40 83 ba ae dd 9a 7c 7c d9 9b 2b ea b8 6d ac 7a 45 c9 c9 0d 6b 1f 9f 76 17 9f ec 3e 13 55 70 e9 c4 0e 84 47 3f 57 ec dd fe 92 36 27 df 24 65 13 a4 46 af 8a 61 a8 aa bc fc 7a 16 a7 a5 ea 34 bd fa 32 5f fe 5f 91 e7 d1 54 5c 53 fa 1f 20 0c eb a8 ab 2d 4d 6b af 14 15 54 48 e4 cb 56 b6 91 f0 f7 93 d9 df 44 c9 c1 0c d0 54 27 7e 9a 66 c8 df 15 62 e4 c2 51 6d 7f f2 3c b8 b8 Data Ascii: r=lwM);i^_+GzLl-9[QN2v5r~GSQwf/wHc:N-c~Wj3Wh{=@\|\|+mzEkv>UpG?W6'$eFaz42__T\S -MkTHVDT'~fbQm<
2024-12-18 20:17:00 UTC	1371	IN	Data Raw: d5 d0 17 0b 25 6c 6c 6b e4 8a aa 07 77 5a 8e e6 9e b6 31 fa f9 2f 23 d1 d2 c6 8b 9c af 53 e7 37 13 67 f6 d3 76 2c 93 69 dd c5 d1 76 fb bd 15 43 3b b2 43 59 4a d7 7c 51 d8 ef 22 fb 72 41 35 1e 8d 2c 6b 27 2b 39 b8 3e c7 bd 79 9a da fa 45 29 ef a6 f0 79 c9 8e 48 e5 6a b9 ae 47 27 9b 57 26 65 a6 71 3f d8 5f b7 fa 85 b5 3a 93 86 dd 45 25 8e ad c8 ab 0d 8e af 0e a5 45 f2 6a e3 bd f3 52 bc 37 f3 86 0d ea e1 9b 50 a6 9c dd dd 23 51 42 f9 33 f4 7a c4 85 52 0a 8c 2e 15 58 ef 13 99 eb 1b 31 ab e8 99 95 c4 33 1f c4 b7 af ec 69 6b 59 d6 b7 7e d7 0e d3 e0 3e b2 61 13 1e 48 6d ff 00 01 7d 98 70 f1 95 b3 f3 ee 6c 9b 9d 2d 99 61 b8 c9 4c 94 cc ef 2a 39 1a aa 9d ec 27 43 50 5a ec 3d af 45 e8 b9 42 dc 7b 07 a7 67 f6 a9 dc 20 6b 91 5d 1d f6 6e f2 27 86 55 70 66 6c 66 9b 67 Data Ascii: %llkwZ1/#S7gv,ivC;CYJ\|Q"rA5,k'+9>yE)yHjG'W&eq?_:E%EjR7P#QB3zR.X13ikY~>aHm}pl-aL*9'CPZ=EB{g k]n'Upflfg
2024-12-18 20:17:00 UTC	1371	IN	Data Raw: 92 d2 e1 aa eb 94 a9 49 fb 31 f6 9f cb 7e 3e 66 5d 95 3f 4b 71 18 96 1f 1c 6c 8a 26 c7 13 11 1a d6 a2 35 3c 91 0e 44 5f 53 96 3e 26 0b 95 4e 4a 66 de 6d c6 3e 38 3e 97 4b d9 44 c5 24 96 42 a2 22 af eb f6 99 22 22 26 10 c5 ed f1 32 28 53 2f 20 00 53 0c a8 00 0c 30 0f cb 78 b6 52 de ad 55 36 9a c8 da e8 ea 60 7c 52 35 c9 94 54 72 61 4f d4 03 59 58 63 73 47 9e 5e 2b f6 9a e5 b1 5c 49 6a cd a9 b9 2a b9 d4 37 39 26 82 45 66 33 14 ae 57 35 be dc 22 a2 67 e2 7c 0f a3 7f 97 ff 00 51 bf bd bc 7b 25 1e 9b dd 4d 3d bf 56 7b 3a b6 9a eb 4e b4 b7 9a 96 33 ac d1 f2 66 7d aa 98 43 41 39 e5 cd 5c fb bc 8f 97 b6 87 4f ad a6 6b 95 e8 c9 7b 3d 66 d7 73 de 42 ee a9 ba 35 e5 13 10 01 a5 31 c0 04 7a d8 e4 99 5c 72 0d e0 18 ca 92 fa 35 58 21 7c 8f 4f ab 1c 7f 59 eb f8 a9 ed 52 Data Ascii: I1~>f]?Kql&5<D_S>&NJfm>8>KD$B"""&2(S/ S0xRU6`\|R5TraOYXcsG^+\Ij*79&Ef3W5"g\|Q{%M=V{:N3f}CA9\Ok{=fsB51z\r5X!\|OYR
2024-12-18 20:17:00 UTC	1371	IN	Data Raw: 0e 5c ad f7 2a 67 29 e2 52 0c 2e 74 ac 49 95 aa 9d e6 a2 aa 2a 74 5f 23 d2 5d ee d1 43 7f b4 54 d9 2e 70 36 5a 7a b8 1d 14 d1 b9 32 8e 6b 93 0a 87 9e de 28 f6 82 f7 b0 fc 45 6b 1d b9 ba 31 19 1c 57 b9 a7 a1 85 33 f7 ba 79 1c aa ce be cf d8 71 be 93 f4 da 74 6b 52 bf 5f c5 ec bf 97 03 41 ab 5b fb 6a a2 e6 7c 20 00 e4 e6 88 19 db e8 aa ae 97 0a 6b 3d b2 2f 49 5b 5b 50 c8 28 a0 ce 3d 2c ae 72 22 37 3e 1f 25 f7 18 1d c1 c0 16 d7 33 76 78 c0 d1 5a 72 4a 57 4c 94 17 68 ae 2a c6 a7 24 48 dd 9c bb d9 d4 cb b0 b7 77 77 94 e8 2f e2 92 5f 52 e5 25 d6 a8 91 72 fc 0d ec 1d 9f 87 5e 1b b4 f6 df db 6d ec 82 7f a2 36 a6 e2 88 9c d6 a2 46 a2 bd 55 7c 7f 57 4e 87 70 33 ea a1 c7 0f 75 8d 46 46 c4 44 6a 61 31 d0 e5 45 ca 64 fa a2 ca d6 16 56 90 a1 05 85 14 91 35 84 54 16 10 Data Ascii: \g)R.tIt_#]CT.p6Zz2k(Ek1W3yqtkR_A[j\| k=/I[[P(=,r"7>%3vxZrJWLh*$Hww/_R%r^m6FU\|WNp3uFFDja1EdV5T
2024-12-18 20:17:00 UTC	1371	IN	Data Raw: 1d a6 d3 fb 6b 44 d4 ee d9 ed 71 53 2a b7 c5 5a d4 45 5e 9c cf af 44 44 e8 87 d4 5a 1d 87 ab 34 ba 56 cd 61 c5 6f ef e7 e2 4c ed a9 2a 54 23 10 00 36 e5 f2 1c 8a bd 07 7d be 64 9c 60 a3 78 25 d2 c6 d7 23 5c e4 45 55 c2 65 71 95 33 34 9f 8e 4e 34 d3 6b 78 de da 1d 99 4b a2 41 6a 7d 77 d3 75 0c 8c 93 18 6a e5 8c 63 91 17 9f 3f 81 ba 54 f5 31 54 31 b3 42 fe f3 1e d4 73 57 cd 17 99 af b4 d4 68 5e 5c 56 a5 07 be 9c ba af e8 99 6e 9d 6a 75 24 e3 17 bd 71 39 80 ea 0d 81 74 00 00 05 4f f6 f5 ec 67 f6 35 bc 1a 5f 7c ec 74 ce 58 b5 0d 2b a8 ef 4f c7 28 d6 1c 77 1d e5 cf bd 82 d8 0d 6b ed 56 d8 27 6f ef 07 5a 96 cb 42 e7 32 ba d4 c6 dc a8 e5 8e 24 73 93 d1 3b bc e6 a6 7c d1 15 3d c4 67 6b b4 d5 aa 68 75 69 a5 ed 25 d6 5d eb 7f e9 95 f3 31 2f a9 3a b6 d2 49 6f 28 e1 Data Ascii: kDqSZE^DDZ4VaoLT#6}d`x%#\EUeq34N4kxKAj}wujc?T1T1BsWh^\Vnju$q9tOg5_\|tX+O(wkV'oZB2$s;\|=gkhui%]1/:Io(
2024-12-18 20:17:00 UTC	1371	IN	Data Raw: a2 77 93 19 f3 c2 26 7d a6 87 69 34 b8 eb 1a 45 4b 79 2d fc 57 7a 31 6e a8 46 e2 9f 55 9e 7b 9c 88 8b ea aa 2f b5 17 28 a4 9c b7 1b 15 c3 4c 5c 2a 74 d5 d6 92 48 2a 2d b5 72 52 49 1c ad c2 fd ed ca d4 5f 8a 22 1c 47 cc 95 23 d5 9b 8f 61 0f 9a 71 93 44 46 c5 95 e8 c4 54 ca af 25 72 e1 3f e0 59 bf 60 56 c2 d3 c7 a4 75 4f 10 f7 2a 57 a4 97 3a a7 5a e8 92 66 2a 2a 32 3c 77 9e df 24 5e 69 9f 12 b2 e8 ec b5 7a 8e ae 2d 3f 6f ff 00 c2 2b a5 6d 3d 3a 67 ab de a8 d6 a7 cd 4f 40 5c 16 6c db 36 27 86 6d 25 b7 93 d0 a4 15 94 d6 a8 df 71 44 ea e9 dc 99 72 af 2e bd 13 e0 4f fa 3c d3 65 79 ac ba ed 7b 34 d3 fa bd cb cc da e9 14 3a f5 ba ef 82 fd 4e d0 6b 51 13 09 9c 22 79 99 a2 22 74 0a d6 e7 9f 88 45 fc 1c f3 3b cb dd 82 49 84 b8 92 02 67 c4 15 2a 0c 5d 22 35 79 a2 fb Data Ascii: w&}i4EKy-Wz1nFU{/(L\tH-rRI_"G#aqDFT%r?Y`VuOW:Zf2<w$^iz-?o+m=:gO@\l6'm%qDr.O<ey{4:NkQ"y"tE;Ig]"5y
2024-12-18 20:17:00 UTC	1371	IN	Data Raw: b3 7b c9 42 b6 fd cf db cb 5d e6 35 6a b7 35 74 ad 55 44 5e b8 5f 0f 79 a7 3b fb d8 45 b2 7a e6 69 ef 1b 39 ad eb f4 bd 6b d5 56 1a 6a 84 f4 d4 cc f2 44 44 e7 84 e6 40 f5 2e 8d 75 5a 0a 53 b5 9c 66 bb 38 3f 1d c6 ba be 93 52 1e e6 f4 55 13 d8 8e 4c 63 c4 85 89 3d 86 c1 71 1b d9 9d c5 57 0d 69 51 74 bb 68 a9 f5 0d 86 95 73 35 f6 ce ce f2 23 53 3f e6 fe b2 e5 13 e1 d1 4d 7f ef b5 cf ee b1 92 33 2e 54 6c 53 c4 ac 91 15 3c da bc d0 e7 f7 36 37 96 55 5d 3b 8a 6e 2f e2 9a 35 53 a5 5a 9b c3 4c 31 aa dc f3 ea 61 27 5f 8a 1c 99 45 e8 a6 0f 4f 58 c6 eb 24 f0 78 ea ee cb 20 b6 3e c0 ef f2 71 bf 7f b7 5d fb 0a 9c 2d 8f b0 3b fc 9c 6f df ed d7 7e c2 6f d1 e7 fc 8a 1d cc d8 e9 5f ee 91 be 5f 87 f1 33 30 fc 3f 89 99 f4 19 28 5c 58 00 03 d0 00 00 55 df d9 01 b3 3a cb 44 Data Ascii: {B]5j5tUD^_y;Ezi9kVjDD@.uZSf8?RULc=qWiQths5#S?M3.TlS<67U];n/5SZL1a'_EOX$x >q]-;o~o__30?(\XU:D
2024-12-18 20:17:00 UTC	1371	IN	Data Raw: 3c cf ea 68 8d 71 7a db 2d 67 66 dc 3d 3b 27 76 b6 cd 74 86 aa 9f 3d 15 5a ee 8b ec c6 4e 1b a7 de cf 4e be a5 73 1e 30 92 7e 3e 44 7e 85 55 42 b2 a8 f9 1e 92 1b d3 9a e7 da 49 f2 bb 25 b8 74 5b ab b5 76 1d c0 b7 d4 32 58 ee 96 b8 67 74 91 af 2e fa b5 3b c9 f0 5c 9f 54 7d 4f 42 b4 2e 28 c6 ac 1e 54 92 6b e6 4c e1 25 38 29 2e 60 00 5d 3d 00 00 06 be f6 97 ec 27 f3 ff 00 c2 7d ff 00 4e 51 d0 b6 5a fb 7c 69 5b 42 e5 6a 2a b1 cc e6 e5 4c f8 e1 0a 26 45 95 ae 74 32 bb 2f 63 dc c7 72 54 c2 a2 aa 2a 61 7c b0 7a 53 ba db a9 af 16 ba 9b 4d 63 73 0d 54 0f 8a 54 45 e7 dd 73 55 17 f5 29 40 1c 69 ec f4 bb 1f c4 ee b0 d0 31 d0 be 2a 4a 5b bc ae a1 57 37 1e 92 27 2e 51 ff 00 15 5e a7 20 e9 3b 4c 6e a5 1b e8 2e 4e 32 f9 6f 5e 46 8b 57 a1 86 aa 2e e3 ab 88 6a a3 5e 9c fc Data Ascii: <hqz-gf=;'vt=ZNNs0~>D~UBI%t[v2Xgt.;\T}OB.(TkL%8).`]='}NQZ\|i[BjL&Et2/crTa\|zSMcsTTEsU)@i1*J[W7'.Q^ ;Ln.N2o^FW.j^
2024-12-18 20:17:00 UTC	1371	IN	Data Raw: b7 83 fd 33 7c ad 9d 3e 99 6e a5 fe 4f a9 89 1d cd a9 17 aa d7 2a 7b 51 09 17 46 5a 8c a3 73 56 cd f0 6b ac bb d1 97 a2 d6 cf 5a 9b ef 36 28 04 e8 0e ca 6f c0 00 02 1f d3 e2 75 67 19 db 2f 49 bf dc 34 6a cd b0 a9 8f 2b 5d 6b 91 d0 ae 39 a4 8c 4e f3 71 e5 d3 af 53 b4 df d3 e2 71 cb 1c 72 c4 e8 66 6a 2b 1c 8a 8e 45 f1 45 2c 5c db c2 ee d6 74 67 c2 49 a7 f3 2d cd 75 93 5d a7 9a da 8a 0a fb 55 54 f6 8b 9d 2a c1 35 1d 4b e9 dd 03 fe b4 7d c7 2b 70 b9 f7 7b c8 36 2b b5 3f 62 ea b6 33 8c bd 43 13 28 63 a6 b5 6a 3f fa 46 cf 0c 49 ea b5 8b 8e f2 74 fc 6c f9 fb 4d 75 3e 56 be b4 9d 95 ed 4b 79 f1 83 68 86 d7 a6 e9 55 70 7c 98 00 18 65 90 00 00 00 00 00 00 00 00 00 00 00 18 a4 8d 8b ef af e6 89 ed c7 3f 0e 66 47 db 70 db b4 55 db f3 bf 3a 57 69 29 69 a5 92 3b cd d5 Data Ascii: 3\|>nO{QFZsVkZ6(oug/I4j+]k9NqSqrfj+EE,\tgI-u]UT5K}+p{6+?b3C(cj?FItlMu>VKyhUp\|e?fGpU:Wi)i;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49738	172.66.44.55	443	3664	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-18 20:17:00 UTC	351	OUT	GET /ic.png?ASDA HTTP/1.1 Host: od-img.pages.dev Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-18 20:17:01 UTC	954	IN	HTTP/1.1 200 OK Date: Wed, 18 Dec 2024 20:17:01 GMT Content-Type: image/png Content-Length: 73 Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=0, must-revalidate ETag: "dffe0cf1a64d3dd05635fc937707c193" referrer-policy: strict-origin-when-cross-origin x-content-type-options: nosniff Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6SX%2ByNBzF%2F3C6qWV5jsbJCPBDCNyL%2B%2FPRYdfLq%2FhxxIpx5K7noj1u%2B6n0uf8vkZ5JlmGfYh3ks%2B6uLDtK5Kl%2Bbi3E75ek0W1dpTDki74cN51VYk8hXqPfqdf8oHs4S6rlBUt"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f41d57e0989424b-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1671&min_rtt=1662&rtt_var=642&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2839&recv_bytes=929&delivery_rate=1680092&cwnd=248&unsent_bytes=0&cid=25c5a05d59a2a47e&ts=485&x=0"
2024-12-18 20:17:01 UTC	73	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 01 00 00 00 02 08 02 00 00 00 16 e3 21 70 00 00 00 10 49 44 41 54 08 d7 63 f8 ff ff 3f 13 03 03 03 00 11 fe 03 00 f7 aa 99 4f 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: PNGIHDR!pIDATc?OIENDB`

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49735	198.12.239.74	443	3664	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-18 20:17:00 UTC	699	OUT	GET /asdachristmas/ HTTP/1.1 Host: reln.xyz Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://hnvs.xyz/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-18 20:17:01 UTC	297	IN	HTTP/1.1 200 OK Date: Wed, 18 Dec 2024 20:17:01 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Sat, 23 Nov 2024 21:30:23 GMT ETag: "34c04f2-21d0-6279b35027647" Accept-Ranges: bytes Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: text/html
2024-12-18 20:17:01 UTC	7895	IN	Data Raw: 32 30 66 63 0d 0a 0a 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 22 6c 74 72 22 3e 0a 3c 68 65 61 64 3e 0a 09 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 2f 41 6e 64 72 6f 69 64 7c 77 65 62 4f 53 7c 69 50 68 6f 6e 65 7c 69 50 61 64 7c 69 50 6f 64 7c 42 6c 61 63 6b 42 65 72 72 79 7c 49 45 4d 6f 62 69 6c 65 7c 4f 70 65 72 61 20 4d 69 6e 69 2f 69 2e 74 65 73 74 28 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 29 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 20 65 6c 73 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20 3d 20 22 68 74 74 70 73 3a 2f Data Ascii: 20fc<!doctype html><html lang="en" dir="ltr"><head> <script> if (/Android\|webOS\|iPhone\|iPad\|iPod\|BlackBerry\|IEMobile\|Opera Mini/i.test(navigator.userAgent)) { } else { window.location.href = "https:/
2024-12-18 20:17:01 UTC	82	IN	Data Raw: 36 65 61 64 35 66 30 63 35 64 64 62 36 63 31 64 33 33 61 33 31 37 39 64 62 36 39 64 35 32 66 32 61 62 35 62 61 38 63 65 62 34 31 66 30 33 30 36 63 32 37 30 33 32 39 33 33 63 61 33 62 33 66 33 22 20 64 65 66 65 72 3e 3c 2f 73 63 72 69 70 74 3e 0a Data Ascii: 6ead5f0c5ddb6c1d33a3179db69d52f2ab5ba8ceb41f0306c27032933ca3b3f3" defer></script>
2024-12-18 20:17:01 UTC	1	IN	Data Raw: 0a Data Ascii:
2024-12-18 20:17:01 UTC	8	IN	Data Raw: 3c 2f 62 6f 64 79 3e 0a Data Ascii: </body>
2024-12-18 20:17:01 UTC	461	IN	Data Raw: 3c 73 63 72 69 70 74 3e 27 75 6e 64 65 66 69 6e 65 64 27 3d 3d 3d 20 74 79 70 65 6f 66 20 5f 74 72 66 71 20 7c 7c 20 28 77 69 6e 64 6f 77 2e 5f 74 72 66 71 20 3d 20 5b 5d 29 3b 27 75 6e 64 65 66 69 6e 65 64 27 3d 3d 3d 20 74 79 70 65 6f 66 20 5f 74 72 66 64 20 26 26 20 28 77 69 6e 64 6f 77 2e 5f 74 72 66 64 3d 5b 5d 29 2c 5f 74 72 66 64 2e 70 75 73 68 28 7b 27 74 63 63 6c 2e 62 61 73 65 48 6f 73 74 27 3a 27 73 65 63 75 72 65 73 65 72 76 65 72 2e 6e 65 74 27 7d 2c 7b 27 61 70 27 3a 27 63 70 73 68 2d 6f 68 27 7d 2c 7b 27 73 65 72 76 65 72 27 3a 27 70 33 70 6c 7a 63 70 6e 6c 35 30 34 36 36 32 27 7d 2c 7b 27 64 63 65 6e 74 65 72 27 3a 27 70 33 27 7d 2c 7b 27 63 70 5f 69 64 27 3a 27 31 30 30 39 32 36 38 34 27 7d 2c 7b 27 63 70 5f 63 6c 27 3a 27 38 27 7d 29 20 Data Ascii: <script>'undefined'=== typeof _trfq \|\| (window._trfq = []);'undefined'=== typeof _trfd && (window._trfd=[]),_trfd.push({'tccl.baseHost':'secureserver.net'},{'ap':'cpsh-oh'},{'server':'p3plzcpnl504662'},{'dcenter':'p3'},{'cp_id':'10092684'},{'cp_cl':'8'})
2024-12-18 20:17:01 UTC	1	IN	Data Raw: 0a Data Ascii:
2024-12-18 20:17:01 UTC	1	IN	Data Raw: 0a Data Ascii:
2024-12-18 20:17:01 UTC	1	IN	Data Raw: 0a Data Ascii:
2024-12-18 20:17:01 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2024-12-18 20:17:01 UTC	684	IN	Data Raw: 32 38 30 0d 0a 3c 21 2d 2d 20 48 69 73 74 61 74 73 2e 63 6f 6d 20 20 53 54 41 52 54 20 20 28 61 79 6e 63 29 2d 2d 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 76 61 72 20 5f 48 61 73 79 6e 63 3d 20 5f 48 61 73 79 6e 63 7c 7c 20 5b 5d 3b 0a 5f 48 61 73 79 6e 63 2e 70 75 73 68 28 5b 27 48 69 73 74 61 74 73 2e 73 74 61 72 74 27 2c 20 27 31 2c 34 37 39 35 35 38 39 2c 34 2c 30 2c 30 2c 30 2c 30 30 30 31 30 30 30 30 27 5d 29 3b 0a 5f 48 61 73 79 6e 63 2e 70 75 73 68 28 5b 27 48 69 73 74 61 74 73 2e 66 61 73 69 27 2c 20 27 31 27 5d 29 3b 0a 5f 48 61 73 79 6e 63 2e 70 75 73 68 28 5b 27 48 69 73 74 61 74 73 2e 74 72 61 63 6b 5f 68 69 74 73 27 2c 20 27 27 5d 29 3b 0a 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 76 Data Ascii: 280... Histats.com START (aync)--><script type="text/javascript">var _Hasync= _Hasync\|\| [];_Hasync.push(['Histats.start', '1,4795589,4,0,0,0,00010000']);_Hasync.push(['Histats.fasi', '1']);_Hasync.push(['Histats.track_hits', '']);(function() {v

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49734	198.12.239.74	443	3664	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-18 20:17:01 UTC	579	OUT	GET /asdachristmas/css/app1.css?id=2fbe2d9a9a40ca9b2489 HTTP/1.1 Host: reln.xyz Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://reln.xyz/asdachristmas/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-18 20:17:01 UTC	286	IN	HTTP/1.1 200 OK Date: Wed, 18 Dec 2024 20:17:01 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 21 Nov 2024 17:02:18 GMT ETag: "34c0536-21-6276f3a959a80" Accept-Ranges: bytes Content-Length: 33 Vary: Accept-Encoding Content-Type: text/css
2024-12-18 20:17:01 UTC	33	IN	Data Raw: 5b 76 2d 63 6c 6f 61 6b 5d 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d Data Ascii: [v-cloak]{display:none!important}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	49744	199.232.192.193	443	3664	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-18 20:17:02 UTC	347	OUT	GET /ZXLlDMU.jpeg HTTP/1.1 Host: i.imgur.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-18 20:17:02 UTC	762	IN	HTTP/1.1 200 OK Connection: close Content-Length: 25814 Content-Type: image/jpeg Last-Modified: Sat, 19 Oct 2024 20:15:03 GMT ETag: "f4efa9260e7c528b8196b9f5cf9d8976" x-amz-server-side-encryption: AES256 X-Amz-Cf-Pop: IAD89-P1 X-Amz-Cf-Id: 99uAwuZtkWrbW1juRANzG-eW1mOT6hY4STVn422pDk4QbeiyrQLfXA== cache-control: public, max-age=31536000 Accept-Ranges: bytes Age: 734303 Date: Wed, 18 Dec 2024 20:17:02 GMT X-Served-By: cache-iad-kcgs7200059-IAD, cache-nyc-kteb1890089-NYC X-Cache: Miss from cloudfront, HIT, HIT X-Cache-Hits: 283, 0 X-Timer: S1734553022.424141,VS0,VE1 Strict-Transport-Security: max-age=300 Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Origin: * Server: cat factory 1.0 X-Content-Type-Options: nosniff
2024-12-18 20:17:02 UTC	1371	IN	Data Raw: ff d8 ff db 00 43 00 02 01 01 01 01 01 02 01 01 01 02 02 02 02 02 04 03 02 02 02 02 05 04 04 03 04 06 05 06 06 06 05 06 06 06 07 09 08 06 07 09 07 06 06 08 0b 08 09 0a 0a 0a 0a 0a 06 08 0b 0c 0b 0a 0c 09 0a 0a 0a ff db 00 43 01 02 02 02 02 02 02 05 03 03 05 0a 07 06 07 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a ff c0 00 11 08 01 f4 02 ee 03 01 22 00 02 11 01 03 11 01 ff c4 00 1e 00 01 00 02 02 03 01 01 01 00 00 00 00 00 00 00 00 00 01 09 02 08 03 07 0a 06 04 05 ff c4 00 61 10 00 01 03 03 02 03 04 06 02 0d 04 0e 04 0c 07 00 00 01 02 03 04 05 11 06 07 08 21 31 09 12 41 51 13 22 61 71 81 91 14 32 0a 19 1a 23 42 52 57 93 94 a1 b1 c1 d1 15 17 56 f0 16 18 Data Ascii: CC"a!1AQ"aq2#BRWV
2024-12-18 20:17:02 UTC	1371	IN	Data Raw: 08 90 72 d1 d9 b5 3d c9 f1 c7 6c d1 77 aa 97 4d fe 05 29 ed b2 3b be 9e 69 84 5e 5f a8 fb ed 2b c2 47 14 7a c9 ac 97 4c 6c 2d ee a2 39 5b ea c9 51 4e e8 f9 fb 95 32 85 fa 76 b7 35 bf d3 84 9f 72 7e 47 b8 c2 53 f7 51 d7 80 ef 1b 77 66 2f 1f 77 48 63 9a 9b 87 3a a6 fa 4e 89 2d 63 19 8f 7e 57 97 bc fd bf 6a a3 b4 33 ff 00 57 95 ff 00 fd 68 bf fb 8c d8 e8 9a bc fd da 13 fe 96 7b fb 3d 7f c2 fe 87 40 83 ba ae dd 9a 7c 7c d9 9b 2b ea b8 6d ac 7a 45 c9 c9 0d 6b 1f 9f 76 17 9f ec 3e 13 55 70 e9 c4 0e 84 47 3f 57 ec dd fe 92 36 27 df 24 65 13 a4 46 af 8a 61 a8 aa bc fc 7a 16 a7 a5 ea 34 bd fa 32 5f fe 5f 91 e7 d1 54 5c 53 fa 1f 20 0c eb a8 ab 2d 4d 6b af 14 15 54 48 e4 cb 56 b6 91 f0 f7 93 d9 df 44 c9 c1 0c d0 54 27 7e 9a 66 c8 df 15 62 e4 c2 51 6d 7f f2 3c b8 b8 Data Ascii: r=lwM);i^_+GzLl-9[QN2v5r~GSQwf/wHc:N-c~Wj3Wh{=@\|\|+mzEkv>UpG?W6'$eFaz42__T\S -MkTHVDT'~fbQm<
2024-12-18 20:17:02 UTC	1371	IN	Data Raw: d5 d0 17 0b 25 6c 6c 6b e4 8a aa 07 77 5a 8e e6 9e b6 31 fa f9 2f 23 d1 d2 c6 8b 9c af 53 e7 37 13 67 f6 d3 76 2c 93 69 dd c5 d1 76 fb bd 15 43 3b b2 43 59 4a d7 7c 51 d8 ef 22 fb 72 41 35 1e 8d 2c 6b 27 2b 39 b8 3e c7 bd 79 9a da fa 45 29 ef a6 f0 79 c9 8e 48 e5 6a b9 ae 47 27 9b 57 26 65 a6 71 3f d8 5f b7 fa 85 b5 3a 93 86 dd 45 25 8e ad c8 ab 0d 8e af 0e a5 45 f2 6a e3 bd f3 52 bc 37 f3 86 0d ea e1 9b 50 a6 9c dd dd 23 51 42 f9 33 f4 7a c4 85 52 0a 8c 2e 15 58 ef 13 99 eb 1b 31 ab e8 99 95 c4 33 1f c4 b7 af ec 69 6b 59 d6 b7 7e d7 0e d3 e0 3e b2 61 13 1e 48 6d ff 00 01 7d 98 70 f1 95 b3 f3 ee 6c 9b 9d 2d 99 61 b8 c9 4c 94 cc ef 2a 39 1a aa 9d ec 27 43 50 5a ec 3d af 45 e8 b9 42 dc 7b 07 a7 67 f6 a9 dc 20 6b 91 5d 1d f6 6e f2 27 86 55 70 66 6c 66 9b 67 Data Ascii: %llkwZ1/#S7gv,ivC;CYJ\|Q"rA5,k'+9>yE)yHjG'W&eq?_:E%EjR7P#QB3zR.X13ikY~>aHm}pl-aL*9'CPZ=EB{g k]n'Upflfg
2024-12-18 20:17:02 UTC	1371	IN	Data Raw: 92 d2 e1 aa eb 94 a9 49 fb 31 f6 9f cb 7e 3e 66 5d 95 3f 4b 71 18 96 1f 1c 6c 8a 26 c7 13 11 1a d6 a2 35 3c 91 0e 44 5f 53 96 3e 26 0b 95 4e 4a 66 de 6d c6 3e 38 3e 97 4b d9 44 c5 24 96 42 a2 22 af eb f6 99 22 22 26 10 c5 ed f1 32 28 53 2f 20 00 53 0c a8 00 0c 30 0f cb 78 b6 52 de ad 55 36 9a c8 da e8 ea 60 7c 52 35 c9 94 54 72 61 4f d4 03 59 58 63 73 47 9e 5e 2b f6 9a e5 b1 5c 49 6a cd a9 b9 2a b9 d4 37 39 26 82 45 66 33 14 ae 57 35 be dc 22 a2 67 e2 7c 0f a3 7f 97 ff 00 51 bf bd bc 7b 25 1e 9b dd 4d 3d bf 56 7b 3a b6 9a eb 4e b4 b7 9a 96 33 ac d1 f2 66 7d aa 98 43 41 39 e5 cd 5c fb bc 8f 97 b6 87 4f ad a6 6b 95 e8 c9 7b 3d 66 d7 73 de 42 ee a9 ba 35 e5 13 10 01 a5 31 c0 04 7a d8 e4 99 5c 72 0d e0 18 ca 92 fa 35 58 21 7c 8f 4f ab 1c 7f 59 eb f8 a9 ed 52 Data Ascii: I1~>f]?Kql&5<D_S>&NJfm>8>KD$B"""&2(S/ S0xRU6`\|R5TraOYXcsG^+\Ij*79&Ef3W5"g\|Q{%M=V{:N3f}CA9\Ok{=fsB51z\r5X!\|OYR
2024-12-18 20:17:02 UTC	1371	IN	Data Raw: 0e 5c ad f7 2a 67 29 e2 52 0c 2e 74 ac 49 95 aa 9d e6 a2 aa 2a 74 5f 23 d2 5d ee d1 43 7f b4 54 d9 2e 70 36 5a 7a b8 1d 14 d1 b9 32 8e 6b 93 0a 87 9e de 28 f6 82 f7 b0 fc 45 6b 1d b9 ba 31 19 1c 57 b9 a7 a1 85 33 f7 ba 79 1c aa ce be cf d8 71 be 93 f4 da 74 6b 52 bf 5f c5 ec bf 97 03 41 ab 5b fb 6a a2 e6 7c 20 00 e4 e6 88 19 db e8 aa ae 97 0a 6b 3d b2 2f 49 5b 5b 50 c8 28 a0 ce 3d 2c ae 72 22 37 3e 1f 25 f7 18 1d c1 c0 16 d7 33 76 78 c0 d1 5a 72 4a 57 4c 94 17 68 ae 2a c6 a7 24 48 dd 9c bb d9 d4 cb b0 b7 77 77 94 e8 2f e2 92 5f 52 e5 25 d6 a8 91 72 fc 0d ec 1d 9f 87 5e 1b b4 f6 df db 6d ec 82 7f a2 36 a6 e2 88 9c d6 a2 46 a2 bd 55 7c 7f 57 4e 87 70 33 ea a1 c7 0f 75 8d 46 46 c4 44 6a 61 31 d0 e5 45 ca 64 fa a2 ca d6 16 56 90 a1 05 85 14 91 35 84 54 16 10 Data Ascii: \g)R.tIt_#]CT.p6Zz2k(Ek1W3yqtkR_A[j\| k=/I[[P(=,r"7>%3vxZrJWLh*$Hww/_R%r^m6FU\|WNp3uFFDja1EdV5T
2024-12-18 20:17:02 UTC	1371	IN	Data Raw: 1d a6 d3 fb 6b 44 d4 ee d9 ed 71 53 2a b7 c5 5a d4 45 5e 9c cf af 44 44 e8 87 d4 5a 1d 87 ab 34 ba 56 cd 61 c5 6f ef e7 e2 4c ed a9 2a 54 23 10 00 36 e5 f2 1c 8a bd 07 7d be 64 9c 60 a3 78 25 d2 c6 d7 23 5c e4 45 55 c2 65 71 95 33 34 9f 8e 4e 34 d3 6b 78 de da 1d 99 4b a2 41 6a 7d 77 d3 75 0c 8c 93 18 6a e5 8c 63 91 17 9f 3f 81 ba 54 f5 31 54 31 b3 42 fe f3 1e d4 73 57 cd 17 99 af b4 d4 68 5e 5c 56 a5 07 be 9c ba af e8 99 6e 9d 6a 75 24 e3 17 bd 71 39 80 ea 0d 81 74 00 00 05 4f f6 f5 ec 67 f6 35 bc 1a 5f 7c ec 74 ce 58 b5 0d 2b a8 ef 4f c7 28 d6 1c 77 1d e5 cf bd 82 d8 0d 6b ed 56 d8 27 6f ef 07 5a 96 cb 42 e7 32 ba d4 c6 dc a8 e5 8e 24 73 93 d1 3b bc e6 a6 7c d1 15 3d c4 67 6b b4 d5 aa 68 75 69 a5 ed 25 d6 5d eb 7f e9 95 f3 31 2f a9 3a b6 d2 49 6f 28 e1 Data Ascii: kDqSZE^DDZ4VaoLT#6}d`x%#\EUeq34N4kxKAj}wujc?T1T1BsWh^\Vnju$q9tOg5_\|tX+O(wkV'oZB2$s;\|=gkhui%]1/:Io(
2024-12-18 20:17:02 UTC	1371	IN	Data Raw: a2 77 93 19 f3 c2 26 7d a6 87 69 34 b8 eb 1a 45 4b 79 2d fc 57 7a 31 6e a8 46 e2 9f 55 9e 7b 9c 88 8b ea aa 2f b5 17 28 a4 9c b7 1b 15 c3 4c 5c 2a 74 d5 d6 92 48 2a 2d b5 72 52 49 1c ad c2 fd ed ca d4 5f 8a 22 1c 47 cc 95 23 d5 9b 8f 61 0f 9a 71 93 44 46 c5 95 e8 c4 54 ca af 25 72 e1 3f e0 59 bf 60 56 c2 d3 c7 a4 75 4f 10 f7 2a 57 a4 97 3a a7 5a e8 92 66 2a 2a 32 3c 77 9e df 24 5e 69 9f 12 b2 e8 ec b5 7a 8e ae 2d 3f 6f ff 00 c2 2b a5 6d 3d 3a 67 ab de a8 d6 a7 cd 4f 40 5c 16 6c db 36 27 86 6d 25 b7 93 d0 a4 15 94 d6 a8 df 71 44 ea e9 dc 99 72 af 2e bd 13 e0 4f fa 3c d3 65 79 ac ba ed 7b 34 d3 fa bd cb cc da e9 14 3a f5 ba ef 82 fd 4e d0 6b 51 13 09 9c 22 79 99 a2 22 74 0a d6 e7 9f 88 45 fc 1c f3 3b cb dd 82 49 84 b8 92 02 67 c4 15 2a 0c 5d 22 35 79 a2 fb Data Ascii: w&}i4EKy-Wz1nFU{/(L\tH-rRI_"G#aqDFT%r?Y`VuOW:Zf2<w$^iz-?o+m=:gO@\l6'm%qDr.O<ey{4:NkQ"y"tE;Ig]"5y
2024-12-18 20:17:02 UTC	1371	IN	Data Raw: b3 7b c9 42 b6 fd cf db cb 5d e6 35 6a b7 35 74 ad 55 44 5e b8 5f 0f 79 a7 3b fb d8 45 b2 7a e6 69 ef 1b 39 ad eb f4 bd 6b d5 56 1a 6a 84 f4 d4 cc f2 44 44 e7 84 e6 40 f5 2e 8d 75 5a 0a 53 b5 9c 66 bb 38 3f 1d c6 ba be 93 52 1e e6 f4 55 13 d8 8e 4c 63 c4 85 89 3d 86 c1 71 1b d9 9d c5 57 0d 69 51 74 bb 68 a9 f5 0d 86 95 73 35 f6 ce ce f2 23 53 3f e6 fe b2 e5 13 e1 d1 4d 7f ef b5 cf ee b1 92 33 2e 54 6c 53 c4 ac 91 15 3c da bc d0 e7 f7 36 37 96 55 5d 3b 8a 6e 2f e2 9a 35 53 a5 5a 9b c3 4c 31 aa dc f3 ea 61 27 5f 8a 1c 99 45 e8 a6 0f 4f 58 c6 eb 24 f0 78 ea ee cb 20 b6 3e c0 ef f2 71 bf 7f b7 5d fb 0a 9c 2d 8f b0 3b fc 9c 6f df ed d7 7e c2 6f d1 e7 fc 8a 1d cc d8 e9 5f ee 91 be 5f 87 f1 33 30 fc 3f 89 99 f4 19 28 5c 58 00 03 d0 00 00 55 df d9 01 b3 3a cb 44 Data Ascii: {B]5j5tUD^_y;Ezi9kVjDD@.uZSf8?RULc=qWiQths5#S?M3.TlS<67U];n/5SZL1a'_EOX$x >q]-;o~o__30?(\XU:D
2024-12-18 20:17:02 UTC	1371	IN	Data Raw: 3c cf ea 68 8d 71 7a db 2d 67 66 dc 3d 3b 27 76 b6 cd 74 86 aa 9f 3d 15 5a ee 8b ec c6 4e 1b a7 de cf 4e be a5 73 1e 30 92 7e 3e 44 7e 85 55 42 b2 a8 f9 1e 92 1b d3 9a e7 da 49 f2 bb 25 b8 74 5b ab b5 76 1d c0 b7 d4 32 58 ee 96 b8 67 74 91 af 2e fa b5 3b c9 f0 5c 9f 54 7d 4f 42 b4 2e 28 c6 ac 1e 54 92 6b e6 4c e1 25 38 29 2e 60 00 5d 3d 00 00 06 be f6 97 ec 27 f3 ff 00 c2 7d ff 00 4e 51 d0 b6 5a fb 7c 69 5b 42 e5 6a 2a b1 cc e6 e5 4c f8 e1 0a 26 45 95 ae 74 32 bb 2f 63 dc c7 72 54 c2 a2 aa 2a 61 7c b0 7a 53 ba db a9 af 16 ba 9b 4d 63 73 0d 54 0f 8a 54 45 e7 dd 73 55 17 f5 29 40 1c 69 ec f4 bb 1f c4 ee b0 d0 31 d0 be 2a 4a 5b bc ae a1 57 37 1e 92 27 2e 51 ff 00 15 5e a7 20 e9 3b 4c 6e a5 1b e8 2e 4e 32 f9 6f 5e 46 8b 57 a1 86 aa 2e e3 ab 88 6a a3 5e 9c fc Data Ascii: <hqz-gf=;'vt=ZNNs0~>D~UBI%t[v2Xgt.;\T}OB.(TkL%8).`]='}NQZ\|i[BjL&Et2/crTa\|zSMcsTTEsU)@i1*J[W7'.Q^ ;Ln.N2o^FW.j^
2024-12-18 20:17:02 UTC	1371	IN	Data Raw: b7 83 fd 33 7c ad 9d 3e 99 6e a5 fe 4f a9 89 1d cd a9 17 aa d7 2a 7b 51 09 17 46 5a 8c a3 73 56 cd f0 6b ac bb d1 97 a2 d6 cf 5a 9b ef 36 28 04 e8 0e ca 6f c0 00 02 1f d3 e2 75 67 19 db 2f 49 bf dc 34 6a cd b0 a9 8f 2b 5d 6b 91 d0 ae 39 a4 8c 4e f3 71 e5 d3 af 53 b4 df d3 e2 71 cb 1c 72 c4 e8 66 6a 2b 1c 8a 8e 45 f1 45 2c 5c db c2 ee d6 74 67 c2 49 a7 f3 2d cd 75 93 5d a7 9a da 8a 0a fb 55 54 f6 8b 9d 2a c1 35 1d 4b e9 dd 03 fe b4 7d c7 2b 70 b9 f7 7b c8 36 2b b5 3f 62 ea b6 33 8c bd 43 13 28 63 a6 b5 6a 3f fa 46 cf 0c 49 ea b5 8b 8e f2 74 fc 6c f9 fb 4d 75 3e 56 be b4 9d 95 ed 4b 79 f1 83 68 86 d7 a6 e9 55 70 7c 98 00 18 65 90 00 00 00 00 00 00 00 00 00 00 00 18 a4 8d 8b ef af e6 89 ed c7 3f 0e 66 47 db 70 db b4 55 db f3 bf 3a 57 69 29 69 a5 92 3b cd d5 Data Ascii: 3\|>nO{QFZsVkZ6(oug/I4j+]k9NqSqrfj+EE,\tgI-u]UT5K}+p{6+?b3C(cj?FItlMu>VKyhUp\|e?fGpU:Wi)i;

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 4148, Parent PID: 5764

General

Target ID:	0
Start time:	15:16:40
Start date:	18/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3664, Parent PID: 4148

General

Target ID:	2
Start time:	15:16:42
Start date:	18/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1972,i,5852589805163091655,14694738719058850363,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 1988, Parent PID: 5764

General

Target ID:	3
Start time:	15:16:49
Start date:	18/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.asda.com@hnvs.xyz/asda-christmas-prizes"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://www.asda.com@hnvs.xyz/asda-christmas-prizes

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 61

Chrome Cache Entry: 62

Chrome Cache Entry: 63

Chrome Cache Entry: 64

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Windows Analysis Report
https://www.asda.com@hnvs.xyz/asda-christmas-prizes