Edit tour

Windows Analysis Report
http://westernunion.eu99.life/3/190917927/

Overview

General Information

Sample URL:	http://westernunion.eu99.life/3/190917927/
Analysis ID:	1589670
Infos:

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

AI detected suspicious URL

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5088 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 4144 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1996,i,18103409492336325948,3345637603511846627,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 1616 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://westernunion.eu99.life/3/190917927/" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

HTTP traffic detected: POST /report/v4?s=B0p4h1qs3aCbu5SugLFhjvF1JzIqAp63TaJ5qY42XcqpcIADg9aHHQeaXmsc2wTjCPhrKSH%2BqczveDlXUv6bDGJi2x62fCNCiu617PozFYJOEb%2FK1sOfmOPov%2FghA28M96eINb2QETeu HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 406Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 12 Jan 2025 23:55:41 GMTContent-Type: text/plain; charset=utf-8Content-Length: 9Connection: closeX-Powered-By: ExpressAccess-Control-Allow-Origin: *Access-Control-Allow-Methods: GET, POSTAccess-Control-Allow-Headers: Content-Type, AuthorizationETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B0p4h1qs3aCbu5SugLFhjvF1JzIqAp63TaJ5qY42XcqpcIADg9aHHQeaXmsc2wTjCPhrKSH%2BqczveDlXUv6bDGJi2x62fCNCiu617PozFYJOEb%2FK1sOfmOPov%2FghA28M96eINb2QETeu"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 9011142d7b50f5f8-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=8573&min_rtt=8573&rtt_var=4286&sent=6&recv=7&lost=0&retrans=1&sent_bytes=4176&recv_bytes=1255&delivery_rate=134178&cwnd=122&unsent_bytes=0&cid=cfb62112e10e5ff9&ts=473&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 12 Jan 2025 23:55:42 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeX-Powered-By: ExpressAccess-Control-Allow-Origin: *Access-Control-Allow-Methods: GET, POSTAccess-Control-Allow-Headers: Content-Type, AuthorizationContent-Security-Policy: default-src 'none'X-Content-Type-Options: nosniffCache-Control: max-age=14400CF-Cache-Status: EXPIREDReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tCdJfxnZS851KS3iU5vPuZhrTlDuRu3RkMMCo06i%2FTGKqeOaSx5F%2BSHb%2FHryw86hXvd5%2BgsfQlIGMCs38k59qbm%2FADmAhoR7wX%2BTwfCb91eUvB2sYx%2F4QmC32RehmVCuZ7qHD%2FDYeA17"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 901114362aa9431a-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2493&min_rtt=2484&rtt_var=938&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2820&recv_bytes=1190&delivery_rate=1175523&cwnd=224&unsent_bytes=0&cid=cd1a4945f7f17895&ts=428&x=0"

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49827 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49949 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:50003 version: TLS 1.2

Source: classification engine

Classification label: mal60.win@17/4@8/7

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1996,i,18103409492336325948,3345637603511846627,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://westernunion.eu99.life/3/190917927/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1996,i,18103409492336325948,3345637603511846627,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://westernunion.eu99.life/3/190917927/	100%	Avira URL Cloud	phishing

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://westernunion.eu99.life/favicon.ico	100%	Avira URL Cloud	phishing

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false	high
a.nel.cloudflare.com	35.190.80.1	true	false	high
edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com	217.20.57.18	true	false	high
www.google.com	216.58.212.164	true	false	high
westernunion.eu99.life	104.21.48.245	true	true	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://westernunion.eu99.life/3/190917927/	false		unknown
https://a.nel.cloudflare.com/report/v4?s=B0p4h1qs3aCbu5SugLFhjvF1JzIqAp63TaJ5qY42XcqpcIADg9aHHQeaXmsc2wTjCPhrKSH%2BqczveDlXUv6bDGJi2x62fCNCiu617PozFYJOEb%2FK1sOfmOPov%2FghA28M96eINb2QETeu	false		high
http://westernunion.eu99.life/3/190917927/	true		unknown
https://westernunion.eu99.life/favicon.ico	false	Avira URL Cloud: phishing	unknown
https://a.nel.cloudflare.com/report/v4?s=tCdJfxnZS851KS3iU5vPuZhrTlDuRu3RkMMCo06i%2FTGKqeOaSx5F%2BSHb%2FHryw86hXvd5%2BgsfQlIGMCs38k59qbm%2FADmAhoR7wX%2BTwfCb91eUvB2sYx%2F4QmC32RehmVCuZ7qHD%2FDYeA17	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.67.138.244	unknown	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
216.58.212.164	www.google.com	United States	15169	GOOGLEUS	false
104.21.48.245	westernunion.eu99.life	United States	13335	CLOUDFLARENETUS	true
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4
192.168.2.6

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1589670
Start date and time:	2025-01-13 00:54:37 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 14s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://westernunion.eu99.life/3/190917927/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal60.win@17/4@8/7
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.195, 108.177.15.84, 142.250.186.174, 216.58.206.46, 216.58.212.174, 142.250.185.110, 4.175.87.197, 192.229.221.95, 20.3.187.198, 217.20.57.18, 142.250.184.206, 142.250.186.142, 142.250.185.206, 13.95.31.18, 142.250.181.238, 216.58.206.78, 142.250.185.99, 142.250.186.46, 34.104.35.123, 142.250.186.78, 13.107.246.45, 2.23.242.162
Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, accounts.google.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, redirector.gvt1.com, ocsp.digicert.com, edgedl.me.gvt1.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: http://westernunion.eu99.life/3/190917927/

Simulations

Behavior and APIs

⊘No simulations

Input	Output
URL: http://westernunion.eu99.life Model: Joe Sandbox AI	{ "typosquatting": true, "unusual_query_string": false, "suspicious_tld": true, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": true, "brand_spoofing_attempt": true, "third_party_hosting": true }
URL: http://westernunion.eu99.life
URL: https://westernunion.eu99.life/3/190917927/ Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://westernunion.eu99.life/3/190917927/ Model: Joe Sandbox AI	{ "brands": "unknown" }

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 39

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	150
Entropy (8bit):	4.817012895739808
Encrypted:	false
SSDEEP:	3:PouV7uJzhquHbtt6vYk2ZRMRJfHKERSAEtvxLrXZiLKY8KDETqLLMu9MK6c4NGL:hxuJzhqIzyYk+qRU4zEdxXZiqiLMcMKj
MD5:	84241342D84AC29592A5D9516F8EDF7F
SHA1:	03C53980E18E17625F439C20E7D438F066202428
SHA-256:	6E21162BC64073FE9E3D3D6375CA24D04FED1912A5B7716AAC0CB0F2D16FAE7C
SHA-512:	7509483335C7A30365F7F403098491AC0B44FFFCC68A5CDACB86EC191F02DBDA5B16A20A09E924B6A29AC938578D43BACB9A50115DB5C5668EA27FE1811BD530
Malicious:	false
Reputation:	low
URL:	https://westernunion.eu99.life/favicon.ico
Preview:	<!DOCTYPE html>.<html lang="en">.<head>.<meta charset="utf-8">.<title>Error</title>.</head>.<body>.<pre>Cannot GET /favicon.ico</pre>.</body>.</html>.

Chrome Cache Entry: 40

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	9
Entropy (8bit):	2.94770277922009
Encrypted:	false
SSDEEP:	3:Obn:Obn
MD5:	9D1EAD73E678FA2F51A70A933B0BF017
SHA1:	D205CBD6783332A212C5AE92D73C77178C2D2F28
SHA-256:	0019DFC4B32D63C1392AA264AED2253C1E0C2FB09216F8E2CC269BBFB8BB49B5
SHA-512:	935B3D516E996F6D25948BA8A54C1B7F70F7F0E3F517E36481FDF0196C2C5CFC2841F86E891F3DF9517746B7FB605DB47CDDED1B8FF78D9482DDAA621DB43A34
Malicious:	false
Reputation:	low
URL:	https://westernunion.eu99.life/3/190917927/
Preview:	Not Found

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 13, 2025 00:55:25.222423077 CET	49673	443	192.168.2.6	173.222.162.64
Jan 13, 2025 00:55:25.315901995 CET	49674	443	192.168.2.6	173.222.162.64
Jan 13, 2025 00:55:25.550285101 CET	49672	443	192.168.2.6	173.222.162.64
Jan 13, 2025 00:55:33.216459036 CET	49712	443	192.168.2.6	40.113.110.67
Jan 13, 2025 00:55:33.216514111 CET	443	49712	40.113.110.67	192.168.2.6
Jan 13, 2025 00:55:33.216563940 CET	49712	443	192.168.2.6	40.113.110.67
Jan 13, 2025 00:55:33.217144966 CET	49712	443	192.168.2.6	40.113.110.67
Jan 13, 2025 00:55:33.217161894 CET	443	49712	40.113.110.67	192.168.2.6
Jan 13, 2025 00:55:34.038594007 CET	443	49712	40.113.110.67	192.168.2.6
Jan 13, 2025 00:55:34.038693905 CET	49712	443	192.168.2.6	40.113.110.67
Jan 13, 2025 00:55:34.046386957 CET	49712	443	192.168.2.6	40.113.110.67
Jan 13, 2025 00:55:34.046406984 CET	443	49712	40.113.110.67	192.168.2.6
Jan 13, 2025 00:55:34.046787024 CET	443	49712	40.113.110.67	192.168.2.6
Jan 13, 2025 00:55:34.049071074 CET	49712	443	192.168.2.6	40.113.110.67
Jan 13, 2025 00:55:34.049200058 CET	49712	443	192.168.2.6	40.113.110.67
Jan 13, 2025 00:55:34.049207926 CET	443	49712	40.113.110.67	192.168.2.6
Jan 13, 2025 00:55:34.049381971 CET	49712	443	192.168.2.6	40.113.110.67
Jan 13, 2025 00:55:34.091330051 CET	443	49712	40.113.110.67	192.168.2.6
Jan 13, 2025 00:55:34.223659992 CET	443	49712	40.113.110.67	192.168.2.6
Jan 13, 2025 00:55:34.223855019 CET	443	49712	40.113.110.67	192.168.2.6
Jan 13, 2025 00:55:34.223972082 CET	49712	443	192.168.2.6	40.113.110.67
Jan 13, 2025 00:55:34.224142075 CET	49712	443	192.168.2.6	40.113.110.67
Jan 13, 2025 00:55:34.224159002 CET	443	49712	40.113.110.67	192.168.2.6
Jan 13, 2025 00:55:34.829621077 CET	49673	443	192.168.2.6	173.222.162.64
Jan 13, 2025 00:55:34.923486948 CET	49674	443	192.168.2.6	173.222.162.64
Jan 13, 2025 00:55:35.158117056 CET	49672	443	192.168.2.6	173.222.162.64
Jan 13, 2025 00:55:36.624248981 CET	49717	443	192.168.2.6	216.58.212.164
Jan 13, 2025 00:55:36.624353886 CET	443	49717	216.58.212.164	192.168.2.6
Jan 13, 2025 00:55:36.624425888 CET	49717	443	192.168.2.6	216.58.212.164
Jan 13, 2025 00:55:36.624831915 CET	49717	443	192.168.2.6	216.58.212.164
Jan 13, 2025 00:55:36.624866962 CET	443	49717	216.58.212.164	192.168.2.6
Jan 13, 2025 00:55:36.825313091 CET	443	49705	173.222.162.64	192.168.2.6
Jan 13, 2025 00:55:36.825412035 CET	49705	443	192.168.2.6	173.222.162.64
Jan 13, 2025 00:55:37.287309885 CET	443	49717	216.58.212.164	192.168.2.6
Jan 13, 2025 00:55:37.302145958 CET	49717	443	192.168.2.6	216.58.212.164
Jan 13, 2025 00:55:37.302175999 CET	443	49717	216.58.212.164	192.168.2.6
Jan 13, 2025 00:55:37.306066036 CET	443	49717	216.58.212.164	192.168.2.6
Jan 13, 2025 00:55:37.306166887 CET	49717	443	192.168.2.6	216.58.212.164
Jan 13, 2025 00:55:37.371203899 CET	49717	443	192.168.2.6	216.58.212.164
Jan 13, 2025 00:55:37.371546984 CET	443	49717	216.58.212.164	192.168.2.6
Jan 13, 2025 00:55:37.423585892 CET	49717	443	192.168.2.6	216.58.212.164
Jan 13, 2025 00:55:37.423604012 CET	443	49717	216.58.212.164	192.168.2.6
Jan 13, 2025 00:55:37.470505953 CET	49717	443	192.168.2.6	216.58.212.164
Jan 13, 2025 00:55:38.838990927 CET	49725	80	192.168.2.6	104.21.48.245
Jan 13, 2025 00:55:38.842477083 CET	49726	80	192.168.2.6	104.21.48.245
Jan 13, 2025 00:55:38.843818903 CET	80	49725	104.21.48.245	192.168.2.6
Jan 13, 2025 00:55:38.843878984 CET	49725	80	192.168.2.6	104.21.48.245
Jan 13, 2025 00:55:38.844122887 CET	49725	80	192.168.2.6	104.21.48.245
Jan 13, 2025 00:55:38.847265005 CET	80	49726	104.21.48.245	192.168.2.6
Jan 13, 2025 00:55:38.847330093 CET	49726	80	192.168.2.6	104.21.48.245
Jan 13, 2025 00:55:38.848923922 CET	80	49725	104.21.48.245	192.168.2.6
Jan 13, 2025 00:55:39.327663898 CET	80	49725	104.21.48.245	192.168.2.6
Jan 13, 2025 00:55:39.369169950 CET	49725	80	192.168.2.6	104.21.48.245
Jan 13, 2025 00:55:39.792941093 CET	49733	443	192.168.2.6	172.67.138.244
Jan 13, 2025 00:55:39.792962074 CET	443	49733	172.67.138.244	192.168.2.6
Jan 13, 2025 00:55:39.793066978 CET	49733	443	192.168.2.6	172.67.138.244
Jan 13, 2025 00:55:39.842068911 CET	49733	443	192.168.2.6	172.67.138.244
Jan 13, 2025 00:55:39.842084885 CET	443	49733	172.67.138.244	192.168.2.6
Jan 13, 2025 00:55:40.317034960 CET	443	49733	172.67.138.244	192.168.2.6
Jan 13, 2025 00:55:40.317337990 CET	49733	443	192.168.2.6	172.67.138.244
Jan 13, 2025 00:55:40.317348957 CET	443	49733	172.67.138.244	192.168.2.6
Jan 13, 2025 00:55:40.319013119 CET	443	49733	172.67.138.244	192.168.2.6
Jan 13, 2025 00:55:40.319078922 CET	49733	443	192.168.2.6	172.67.138.244
Jan 13, 2025 00:55:40.320759058 CET	49733	443	192.168.2.6	172.67.138.244
Jan 13, 2025 00:55:40.320791006 CET	49733	443	192.168.2.6	172.67.138.244
Jan 13, 2025 00:55:40.320843935 CET	443	49733	172.67.138.244	192.168.2.6
Jan 13, 2025 00:55:40.320966959 CET	49733	443	192.168.2.6	172.67.138.244
Jan 13, 2025 00:55:40.320974112 CET	443	49733	172.67.138.244	192.168.2.6
Jan 13, 2025 00:55:40.321052074 CET	49733	443	192.168.2.6	172.67.138.244
Jan 13, 2025 00:55:40.321645975 CET	49739	443	192.168.2.6	172.67.138.244
Jan 13, 2025 00:55:40.321751118 CET	443	49739	172.67.138.244	192.168.2.6
Jan 13, 2025 00:55:40.321822882 CET	49739	443	192.168.2.6	172.67.138.244
Jan 13, 2025 00:55:40.322195053 CET	49739	443	192.168.2.6	172.67.138.244
Jan 13, 2025 00:55:40.322230101 CET	443	49739	172.67.138.244	192.168.2.6
Jan 13, 2025 00:55:40.940351009 CET	443	49739	172.67.138.244	192.168.2.6
Jan 13, 2025 00:55:40.940898895 CET	49739	443	192.168.2.6	172.67.138.244
Jan 13, 2025 00:55:40.940965891 CET	443	49739	172.67.138.244	192.168.2.6
Jan 13, 2025 00:55:40.942832947 CET	443	49739	172.67.138.244	192.168.2.6
Jan 13, 2025 00:55:40.942914963 CET	49739	443	192.168.2.6	172.67.138.244
Jan 13, 2025 00:55:40.944365978 CET	49739	443	192.168.2.6	172.67.138.244
Jan 13, 2025 00:55:40.944473028 CET	443	49739	172.67.138.244	192.168.2.6
Jan 13, 2025 00:55:40.944664955 CET	49739	443	192.168.2.6	172.67.138.244
Jan 13, 2025 00:55:40.987339020 CET	443	49739	172.67.138.244	192.168.2.6
Jan 13, 2025 00:55:40.988706112 CET	49739	443	192.168.2.6	172.67.138.244
Jan 13, 2025 00:55:40.988780022 CET	443	49739	172.67.138.244	192.168.2.6
Jan 13, 2025 00:55:41.035521984 CET	49739	443	192.168.2.6	172.67.138.244
Jan 13, 2025 00:55:41.231595993 CET	49745	443	192.168.2.6	40.113.110.67
Jan 13, 2025 00:55:41.231652975 CET	443	49745	40.113.110.67	192.168.2.6
Jan 13, 2025 00:55:41.231729031 CET	49745	443	192.168.2.6	40.113.110.67
Jan 13, 2025 00:55:41.232285976 CET	49745	443	192.168.2.6	40.113.110.67
Jan 13, 2025 00:55:41.232304096 CET	443	49745	40.113.110.67	192.168.2.6
Jan 13, 2025 00:55:41.259897947 CET	443	49739	172.67.138.244	192.168.2.6
Jan 13, 2025 00:55:41.259989977 CET	443	49739	172.67.138.244	192.168.2.6
Jan 13, 2025 00:55:41.260063887 CET	49739	443	192.168.2.6	172.67.138.244
Jan 13, 2025 00:55:41.262258053 CET	49739	443	192.168.2.6	172.67.138.244
Jan 13, 2025 00:55:41.262274027 CET	443	49739	172.67.138.244	192.168.2.6
Jan 13, 2025 00:55:41.281867027 CET	49746	443	192.168.2.6	35.190.80.1
Jan 13, 2025 00:55:41.281955957 CET	443	49746	35.190.80.1	192.168.2.6
Jan 13, 2025 00:55:41.282067060 CET	49746	443	192.168.2.6	35.190.80.1
Jan 13, 2025 00:55:41.291656971 CET	49746	443	192.168.2.6	35.190.80.1
Jan 13, 2025 00:55:41.291697979 CET	443	49746	35.190.80.1	192.168.2.6
Jan 13, 2025 00:55:41.321763992 CET	49747	443	192.168.2.6	172.67.138.244
Jan 13, 2025 00:55:41.321801901 CET	443	49747	172.67.138.244	192.168.2.6
Jan 13, 2025 00:55:41.321959972 CET	49747	443	192.168.2.6	172.67.138.244
Jan 13, 2025 00:55:41.322237968 CET	49747	443	192.168.2.6	172.67.138.244
Jan 13, 2025 00:55:41.322257996 CET	443	49747	172.67.138.244	192.168.2.6
Jan 13, 2025 00:55:41.762893915 CET	443	49746	35.190.80.1	192.168.2.6
Jan 13, 2025 00:55:41.763148069 CET	49746	443	192.168.2.6	35.190.80.1
Jan 13, 2025 00:55:41.763186932 CET	443	49746	35.190.80.1	192.168.2.6
Jan 13, 2025 00:55:41.764944077 CET	443	49746	35.190.80.1	192.168.2.6
Jan 13, 2025 00:55:41.765402079 CET	49746	443	192.168.2.6	35.190.80.1
Jan 13, 2025 00:55:41.766046047 CET	49746	443	192.168.2.6	35.190.80.1
Jan 13, 2025 00:55:41.766136885 CET	443	49746	35.190.80.1	192.168.2.6
Jan 13, 2025 00:55:41.766235113 CET	49746	443	192.168.2.6	35.190.80.1
Jan 13, 2025 00:55:41.766252995 CET	443	49746	35.190.80.1	192.168.2.6
Jan 13, 2025 00:55:41.807547092 CET	443	49747	172.67.138.244	192.168.2.6
Jan 13, 2025 00:55:41.807797909 CET	49747	443	192.168.2.6	172.67.138.244
Jan 13, 2025 00:55:41.807812929 CET	443	49747	172.67.138.244	192.168.2.6
Jan 13, 2025 00:55:41.809266090 CET	443	49747	172.67.138.244	192.168.2.6
Jan 13, 2025 00:55:41.809324026 CET	49747	443	192.168.2.6	172.67.138.244
Jan 13, 2025 00:55:41.809680939 CET	49747	443	192.168.2.6	172.67.138.244
Jan 13, 2025 00:55:41.809693098 CET	49747	443	192.168.2.6	172.67.138.244
Jan 13, 2025 00:55:41.809734106 CET	49747	443	192.168.2.6	172.67.138.244
Jan 13, 2025 00:55:41.809925079 CET	443	49747	172.67.138.244	192.168.2.6
Jan 13, 2025 00:55:41.809973001 CET	49747	443	192.168.2.6	172.67.138.244
Jan 13, 2025 00:55:41.810022116 CET	49753	443	192.168.2.6	172.67.138.244
Jan 13, 2025 00:55:41.810067892 CET	443	49753	172.67.138.244	192.168.2.6
Jan 13, 2025 00:55:41.810131073 CET	49753	443	192.168.2.6	172.67.138.244
Jan 13, 2025 00:55:41.810300112 CET	49753	443	192.168.2.6	172.67.138.244
Jan 13, 2025 00:55:41.810312033 CET	443	49753	172.67.138.244	192.168.2.6
Jan 13, 2025 00:55:41.813908100 CET	49746	443	192.168.2.6	35.190.80.1
Jan 13, 2025 00:55:41.889081001 CET	443	49746	35.190.80.1	192.168.2.6
Jan 13, 2025 00:55:41.889174938 CET	443	49746	35.190.80.1	192.168.2.6
Jan 13, 2025 00:55:41.889236927 CET	49746	443	192.168.2.6	35.190.80.1
Jan 13, 2025 00:55:41.889532089 CET	49746	443	192.168.2.6	35.190.80.1
Jan 13, 2025 00:55:41.889565945 CET	443	49746	35.190.80.1	192.168.2.6
Jan 13, 2025 00:55:41.890083075 CET	49754	443	192.168.2.6	35.190.80.1
Jan 13, 2025 00:55:41.890104055 CET	443	49754	35.190.80.1	192.168.2.6
Jan 13, 2025 00:55:41.890191078 CET	49754	443	192.168.2.6	35.190.80.1
Jan 13, 2025 00:55:41.890422106 CET	49754	443	192.168.2.6	35.190.80.1
Jan 13, 2025 00:55:41.890434027 CET	443	49754	35.190.80.1	192.168.2.6
Jan 13, 2025 00:55:42.014524937 CET	443	49745	40.113.110.67	192.168.2.6
Jan 13, 2025 00:55:42.014616966 CET	49745	443	192.168.2.6	40.113.110.67
Jan 13, 2025 00:55:42.018649101 CET	49745	443	192.168.2.6	40.113.110.67
Jan 13, 2025 00:55:42.018661022 CET	443	49745	40.113.110.67	192.168.2.6
Jan 13, 2025 00:55:42.019000053 CET	443	49745	40.113.110.67	192.168.2.6
Jan 13, 2025 00:55:42.021080017 CET	49745	443	192.168.2.6	40.113.110.67
Jan 13, 2025 00:55:42.021240950 CET	49745	443	192.168.2.6	40.113.110.67
Jan 13, 2025 00:55:42.021246910 CET	443	49745	40.113.110.67	192.168.2.6
Jan 13, 2025 00:55:42.021363974 CET	49745	443	192.168.2.6	40.113.110.67
Jan 13, 2025 00:55:42.063327074 CET	443	49745	40.113.110.67	192.168.2.6
Jan 13, 2025 00:55:42.195882082 CET	443	49745	40.113.110.67	192.168.2.6
Jan 13, 2025 00:55:42.196007013 CET	443	49745	40.113.110.67	192.168.2.6
Jan 13, 2025 00:55:42.196062088 CET	49745	443	192.168.2.6	40.113.110.67
Jan 13, 2025 00:55:42.196223974 CET	49745	443	192.168.2.6	40.113.110.67
Jan 13, 2025 00:55:42.196245909 CET	443	49745	40.113.110.67	192.168.2.6
Jan 13, 2025 00:55:42.277671099 CET	443	49753	172.67.138.244	192.168.2.6
Jan 13, 2025 00:55:42.294781923 CET	49753	443	192.168.2.6	172.67.138.244
Jan 13, 2025 00:55:42.294801950 CET	443	49753	172.67.138.244	192.168.2.6
Jan 13, 2025 00:55:42.295970917 CET	443	49753	172.67.138.244	192.168.2.6
Jan 13, 2025 00:55:42.345805883 CET	49753	443	192.168.2.6	172.67.138.244
Jan 13, 2025 00:55:42.363404036 CET	49753	443	192.168.2.6	172.67.138.244
Jan 13, 2025 00:55:42.363600016 CET	443	49753	172.67.138.244	192.168.2.6
Jan 13, 2025 00:55:42.367440939 CET	443	49754	35.190.80.1	192.168.2.6
Jan 13, 2025 00:55:42.367728949 CET	49753	443	192.168.2.6	172.67.138.244
Jan 13, 2025 00:55:42.368208885 CET	49754	443	192.168.2.6	35.190.80.1
Jan 13, 2025 00:55:42.368217945 CET	443	49754	35.190.80.1	192.168.2.6
Jan 13, 2025 00:55:42.368513107 CET	443	49754	35.190.80.1	192.168.2.6
Jan 13, 2025 00:55:42.381453037 CET	49754	443	192.168.2.6	35.190.80.1
Jan 13, 2025 00:55:42.381508112 CET	443	49754	35.190.80.1	192.168.2.6
Jan 13, 2025 00:55:42.381580114 CET	49754	443	192.168.2.6	35.190.80.1
Jan 13, 2025 00:55:42.411331892 CET	443	49753	172.67.138.244	192.168.2.6
Jan 13, 2025 00:55:42.427318096 CET	443	49754	35.190.80.1	192.168.2.6
Jan 13, 2025 00:55:42.629923105 CET	443	49754	35.190.80.1	192.168.2.6
Jan 13, 2025 00:55:42.629987001 CET	443	49754	35.190.80.1	192.168.2.6
Jan 13, 2025 00:55:42.630033016 CET	49754	443	192.168.2.6	35.190.80.1
Jan 13, 2025 00:55:42.630403996 CET	49754	443	192.168.2.6	35.190.80.1
Jan 13, 2025 00:55:42.630410910 CET	443	49754	35.190.80.1	192.168.2.6
Jan 13, 2025 00:55:42.692512035 CET	443	49753	172.67.138.244	192.168.2.6
Jan 13, 2025 00:55:42.692774057 CET	443	49753	172.67.138.244	192.168.2.6
Jan 13, 2025 00:55:42.692840099 CET	49753	443	192.168.2.6	172.67.138.244
Jan 13, 2025 00:55:42.696280003 CET	49753	443	192.168.2.6	172.67.138.244
Jan 13, 2025 00:55:42.696299076 CET	443	49753	172.67.138.244	192.168.2.6
Jan 13, 2025 00:55:47.204173088 CET	443	49717	216.58.212.164	192.168.2.6
Jan 13, 2025 00:55:47.204341888 CET	443	49717	216.58.212.164	192.168.2.6
Jan 13, 2025 00:55:47.204405069 CET	49717	443	192.168.2.6	216.58.212.164
Jan 13, 2025 00:55:47.568933010 CET	49717	443	192.168.2.6	216.58.212.164
Jan 13, 2025 00:55:47.568967104 CET	443	49717	216.58.212.164	192.168.2.6
Jan 13, 2025 00:55:53.715454102 CET	49827	443	192.168.2.6	40.113.110.67
Jan 13, 2025 00:55:53.715516090 CET	443	49827	40.113.110.67	192.168.2.6
Jan 13, 2025 00:55:53.715579033 CET	49827	443	192.168.2.6	40.113.110.67
Jan 13, 2025 00:55:53.716154099 CET	49827	443	192.168.2.6	40.113.110.67
Jan 13, 2025 00:55:53.716170073 CET	443	49827	40.113.110.67	192.168.2.6
Jan 13, 2025 00:55:54.205957890 CET	80	49726	104.21.48.245	192.168.2.6
Jan 13, 2025 00:55:54.206015110 CET	49726	80	192.168.2.6	104.21.48.245
Jan 13, 2025 00:55:54.501954079 CET	443	49827	40.113.110.67	192.168.2.6
Jan 13, 2025 00:55:54.502029896 CET	49827	443	192.168.2.6	40.113.110.67
Jan 13, 2025 00:55:54.507457018 CET	49827	443	192.168.2.6	40.113.110.67
Jan 13, 2025 00:55:54.507478952 CET	443	49827	40.113.110.67	192.168.2.6
Jan 13, 2025 00:55:54.507783890 CET	443	49827	40.113.110.67	192.168.2.6
Jan 13, 2025 00:55:54.509470940 CET	49827	443	192.168.2.6	40.113.110.67
Jan 13, 2025 00:55:54.509548903 CET	49827	443	192.168.2.6	40.113.110.67
Jan 13, 2025 00:55:54.509553909 CET	443	49827	40.113.110.67	192.168.2.6
Jan 13, 2025 00:55:54.509707928 CET	49827	443	192.168.2.6	40.113.110.67
Jan 13, 2025 00:55:54.551343918 CET	443	49827	40.113.110.67	192.168.2.6
Jan 13, 2025 00:55:54.685398102 CET	443	49827	40.113.110.67	192.168.2.6
Jan 13, 2025 00:55:54.685504913 CET	443	49827	40.113.110.67	192.168.2.6
Jan 13, 2025 00:55:54.685698032 CET	49827	443	192.168.2.6	40.113.110.67
Jan 13, 2025 00:55:54.685960054 CET	49827	443	192.168.2.6	40.113.110.67
Jan 13, 2025 00:55:54.685985088 CET	443	49827	40.113.110.67	192.168.2.6
Jan 13, 2025 00:55:55.303930044 CET	49726	80	192.168.2.6	104.21.48.245
Jan 13, 2025 00:55:55.308679104 CET	80	49726	104.21.48.245	192.168.2.6
Jan 13, 2025 00:56:13.146848917 CET	49949	443	192.168.2.6	40.113.110.67
Jan 13, 2025 00:56:13.146872997 CET	443	49949	40.113.110.67	192.168.2.6
Jan 13, 2025 00:56:13.146940947 CET	49949	443	192.168.2.6	40.113.110.67
Jan 13, 2025 00:56:13.148108006 CET	49949	443	192.168.2.6	40.113.110.67
Jan 13, 2025 00:56:13.148121119 CET	443	49949	40.113.110.67	192.168.2.6
Jan 13, 2025 00:56:13.961380005 CET	443	49949	40.113.110.67	192.168.2.6
Jan 13, 2025 00:56:13.961466074 CET	49949	443	192.168.2.6	40.113.110.67
Jan 13, 2025 00:56:13.963460922 CET	49949	443	192.168.2.6	40.113.110.67
Jan 13, 2025 00:56:13.963468075 CET	443	49949	40.113.110.67	192.168.2.6
Jan 13, 2025 00:56:13.963819027 CET	443	49949	40.113.110.67	192.168.2.6
Jan 13, 2025 00:56:13.965441942 CET	49949	443	192.168.2.6	40.113.110.67
Jan 13, 2025 00:56:13.965500116 CET	49949	443	192.168.2.6	40.113.110.67
Jan 13, 2025 00:56:13.965502977 CET	443	49949	40.113.110.67	192.168.2.6
Jan 13, 2025 00:56:13.965646029 CET	49949	443	192.168.2.6	40.113.110.67
Jan 13, 2025 00:56:14.007323980 CET	443	49949	40.113.110.67	192.168.2.6
Jan 13, 2025 00:56:14.144411087 CET	443	49949	40.113.110.67	192.168.2.6
Jan 13, 2025 00:56:14.144599915 CET	443	49949	40.113.110.67	192.168.2.6
Jan 13, 2025 00:56:14.144678116 CET	49949	443	192.168.2.6	40.113.110.67
Jan 13, 2025 00:56:14.144840002 CET	49949	443	192.168.2.6	40.113.110.67
Jan 13, 2025 00:56:14.144853115 CET	443	49949	40.113.110.67	192.168.2.6
Jan 13, 2025 00:56:24.330612898 CET	49725	80	192.168.2.6	104.21.48.245
Jan 13, 2025 00:56:24.335448980 CET	80	49725	104.21.48.245	192.168.2.6
Jan 13, 2025 00:56:36.666635036 CET	50002	443	192.168.2.6	216.58.212.164
Jan 13, 2025 00:56:36.666661024 CET	443	50002	216.58.212.164	192.168.2.6
Jan 13, 2025 00:56:36.666937113 CET	50002	443	192.168.2.6	216.58.212.164
Jan 13, 2025 00:56:36.667840004 CET	50002	443	192.168.2.6	216.58.212.164
Jan 13, 2025 00:56:36.667855024 CET	443	50002	216.58.212.164	192.168.2.6
Jan 13, 2025 00:56:37.312002897 CET	443	50002	216.58.212.164	192.168.2.6
Jan 13, 2025 00:56:37.312325001 CET	50002	443	192.168.2.6	216.58.212.164
Jan 13, 2025 00:56:37.312335968 CET	443	50002	216.58.212.164	192.168.2.6
Jan 13, 2025 00:56:37.312619925 CET	443	50002	216.58.212.164	192.168.2.6
Jan 13, 2025 00:56:37.313296080 CET	50002	443	192.168.2.6	216.58.212.164
Jan 13, 2025 00:56:37.313348055 CET	443	50002	216.58.212.164	192.168.2.6
Jan 13, 2025 00:56:37.361351967 CET	50002	443	192.168.2.6	216.58.212.164
Jan 13, 2025 00:56:39.011127949 CET	50003	443	192.168.2.6	40.113.110.67
Jan 13, 2025 00:56:39.011199951 CET	443	50003	40.113.110.67	192.168.2.6
Jan 13, 2025 00:56:39.011337996 CET	50003	443	192.168.2.6	40.113.110.67
Jan 13, 2025 00:56:39.012279987 CET	50003	443	192.168.2.6	40.113.110.67
Jan 13, 2025 00:56:39.012298107 CET	443	50003	40.113.110.67	192.168.2.6
Jan 13, 2025 00:56:39.801883936 CET	443	50003	40.113.110.67	192.168.2.6
Jan 13, 2025 00:56:39.801970959 CET	50003	443	192.168.2.6	40.113.110.67
Jan 13, 2025 00:56:39.803936958 CET	50003	443	192.168.2.6	40.113.110.67
Jan 13, 2025 00:56:39.803951979 CET	443	50003	40.113.110.67	192.168.2.6
Jan 13, 2025 00:56:39.804749012 CET	443	50003	40.113.110.67	192.168.2.6
Jan 13, 2025 00:56:39.806747913 CET	50003	443	192.168.2.6	40.113.110.67
Jan 13, 2025 00:56:39.806824923 CET	50003	443	192.168.2.6	40.113.110.67
Jan 13, 2025 00:56:39.806832075 CET	443	50003	40.113.110.67	192.168.2.6
Jan 13, 2025 00:56:39.806994915 CET	50003	443	192.168.2.6	40.113.110.67
Jan 13, 2025 00:56:39.851334095 CET	443	50003	40.113.110.67	192.168.2.6
Jan 13, 2025 00:56:39.977466106 CET	443	50003	40.113.110.67	192.168.2.6
Jan 13, 2025 00:56:39.977637053 CET	443	50003	40.113.110.67	192.168.2.6
Jan 13, 2025 00:56:39.977706909 CET	50003	443	192.168.2.6	40.113.110.67
Jan 13, 2025 00:56:39.977812052 CET	50003	443	192.168.2.6	40.113.110.67
Jan 13, 2025 00:56:39.977838993 CET	443	50003	40.113.110.67	192.168.2.6
Jan 13, 2025 00:56:41.268924952 CET	50004	443	192.168.2.6	35.190.80.1
Jan 13, 2025 00:56:41.268997908 CET	443	50004	35.190.80.1	192.168.2.6
Jan 13, 2025 00:56:41.269107103 CET	50004	443	192.168.2.6	35.190.80.1
Jan 13, 2025 00:56:41.269347906 CET	50004	443	192.168.2.6	35.190.80.1
Jan 13, 2025 00:56:41.269366980 CET	443	50004	35.190.80.1	192.168.2.6
Jan 13, 2025 00:56:41.740406036 CET	443	50004	35.190.80.1	192.168.2.6
Jan 13, 2025 00:56:41.740787029 CET	50004	443	192.168.2.6	35.190.80.1
Jan 13, 2025 00:56:41.740829945 CET	443	50004	35.190.80.1	192.168.2.6
Jan 13, 2025 00:56:41.741309881 CET	443	50004	35.190.80.1	192.168.2.6
Jan 13, 2025 00:56:41.741751909 CET	50004	443	192.168.2.6	35.190.80.1
Jan 13, 2025 00:56:41.741828918 CET	443	50004	35.190.80.1	192.168.2.6
Jan 13, 2025 00:56:41.741935968 CET	50004	443	192.168.2.6	35.190.80.1
Jan 13, 2025 00:56:41.783344030 CET	443	50004	35.190.80.1	192.168.2.6
Jan 13, 2025 00:56:41.872215986 CET	443	50004	35.190.80.1	192.168.2.6
Jan 13, 2025 00:56:41.872400045 CET	443	50004	35.190.80.1	192.168.2.6
Jan 13, 2025 00:56:41.872462988 CET	50004	443	192.168.2.6	35.190.80.1
Jan 13, 2025 00:56:41.872577906 CET	50004	443	192.168.2.6	35.190.80.1
Jan 13, 2025 00:56:41.872594118 CET	443	50004	35.190.80.1	192.168.2.6
Jan 13, 2025 00:56:41.872603893 CET	50004	443	192.168.2.6	35.190.80.1
Jan 13, 2025 00:56:41.872642040 CET	50004	443	192.168.2.6	35.190.80.1
Jan 13, 2025 00:56:41.873397112 CET	50005	443	192.168.2.6	35.190.80.1
Jan 13, 2025 00:56:41.873423100 CET	443	50005	35.190.80.1	192.168.2.6
Jan 13, 2025 00:56:41.873486996 CET	50005	443	192.168.2.6	35.190.80.1
Jan 13, 2025 00:56:41.873706102 CET	50005	443	192.168.2.6	35.190.80.1
Jan 13, 2025 00:56:41.873718023 CET	443	50005	35.190.80.1	192.168.2.6
Jan 13, 2025 00:56:42.365495920 CET	443	50005	35.190.80.1	192.168.2.6
Jan 13, 2025 00:56:42.365856886 CET	50005	443	192.168.2.6	35.190.80.1
Jan 13, 2025 00:56:42.365873098 CET	443	50005	35.190.80.1	192.168.2.6
Jan 13, 2025 00:56:42.367041111 CET	443	50005	35.190.80.1	192.168.2.6
Jan 13, 2025 00:56:42.367501974 CET	50005	443	192.168.2.6	35.190.80.1
Jan 13, 2025 00:56:42.367660999 CET	50005	443	192.168.2.6	35.190.80.1
Jan 13, 2025 00:56:42.367672920 CET	443	50005	35.190.80.1	192.168.2.6
Jan 13, 2025 00:56:42.408268929 CET	50005	443	192.168.2.6	35.190.80.1
Jan 13, 2025 00:56:42.408276081 CET	443	50005	35.190.80.1	192.168.2.6
Jan 13, 2025 00:56:42.510776043 CET	443	50005	35.190.80.1	192.168.2.6
Jan 13, 2025 00:56:42.510962009 CET	443	50005	35.190.80.1	192.168.2.6
Jan 13, 2025 00:56:42.511017084 CET	50005	443	192.168.2.6	35.190.80.1
Jan 13, 2025 00:56:42.511342049 CET	50005	443	192.168.2.6	35.190.80.1
Jan 13, 2025 00:56:42.511353970 CET	443	50005	35.190.80.1	192.168.2.6
Jan 13, 2025 00:56:47.221251965 CET	443	50002	216.58.212.164	192.168.2.6
Jan 13, 2025 00:56:47.221411943 CET	443	50002	216.58.212.164	192.168.2.6
Jan 13, 2025 00:56:47.221487045 CET	50002	443	192.168.2.6	216.58.212.164
Jan 13, 2025 00:56:47.327029943 CET	50002	443	192.168.2.6	216.58.212.164
Jan 13, 2025 00:56:47.327054024 CET	443	50002	216.58.212.164	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 13, 2025 00:55:32.547024965 CET	53	49199	1.1.1.1	192.168.2.6
Jan 13, 2025 00:55:32.564256907 CET	53	52479	1.1.1.1	192.168.2.6
Jan 13, 2025 00:55:33.599464893 CET	53	59971	1.1.1.1	192.168.2.6
Jan 13, 2025 00:55:36.614279985 CET	52623	53	192.168.2.6	1.1.1.1
Jan 13, 2025 00:55:36.614795923 CET	60900	53	192.168.2.6	1.1.1.1
Jan 13, 2025 00:55:36.621362925 CET	53	52623	1.1.1.1	192.168.2.6
Jan 13, 2025 00:55:36.622703075 CET	53	60900	1.1.1.1	192.168.2.6
Jan 13, 2025 00:55:38.796802044 CET	53542	53	192.168.2.6	1.1.1.1
Jan 13, 2025 00:55:38.807760000 CET	53	53542	1.1.1.1	192.168.2.6
Jan 13, 2025 00:55:38.813098907 CET	64085	53	192.168.2.6	1.1.1.1
Jan 13, 2025 00:55:38.936022997 CET	53	64085	1.1.1.1	192.168.2.6
Jan 13, 2025 00:55:39.616300106 CET	56434	53	192.168.2.6	1.1.1.1
Jan 13, 2025 00:55:39.616777897 CET	57852	53	192.168.2.6	1.1.1.1
Jan 13, 2025 00:55:39.628242970 CET	53	57852	1.1.1.1	192.168.2.6
Jan 13, 2025 00:55:39.775321960 CET	53	56434	1.1.1.1	192.168.2.6
Jan 13, 2025 00:55:41.261944056 CET	52914	53	192.168.2.6	1.1.1.1
Jan 13, 2025 00:55:41.262151957 CET	50348	53	192.168.2.6	1.1.1.1
Jan 13, 2025 00:55:41.268831968 CET	53	52914	1.1.1.1	192.168.2.6
Jan 13, 2025 00:55:41.268851995 CET	53	50348	1.1.1.1	192.168.2.6
Jan 13, 2025 00:55:51.166896105 CET	53	65102	1.1.1.1	192.168.2.6
Jan 13, 2025 00:56:10.265990019 CET	53	49236	1.1.1.1	192.168.2.6
Jan 13, 2025 00:56:32.418040991 CET	53	50727	1.1.1.1	192.168.2.6
Jan 13, 2025 00:56:33.056632996 CET	53	57320	1.1.1.1	192.168.2.6

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Jan 13, 2025 00:55:38.936146975 CET	192.168.2.6	1.1.1.1	c282	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 13, 2025 00:55:36.614279985 CET	192.168.2.6	1.1.1.1	0x4cd4	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 00:55:36.614795923 CET	192.168.2.6	1.1.1.1	0x7852	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jan 13, 2025 00:55:38.796802044 CET	192.168.2.6	1.1.1.1	0xe9e8	Standard query (0)	westernunion.eu99.life	A (IP address)	IN (0x0001)	false
Jan 13, 2025 00:55:38.813098907 CET	192.168.2.6	1.1.1.1	0x32b2	Standard query (0)	westernunion.eu99.life	65	IN (0x0001)	false
Jan 13, 2025 00:55:39.616300106 CET	192.168.2.6	1.1.1.1	0x639a	Standard query (0)	westernunion.eu99.life	A (IP address)	IN (0x0001)	false
Jan 13, 2025 00:55:39.616777897 CET	192.168.2.6	1.1.1.1	0xa2e	Standard query (0)	westernunion.eu99.life	65	IN (0x0001)	false
Jan 13, 2025 00:55:41.261944056 CET	192.168.2.6	1.1.1.1	0xb455	Standard query (0)	a.nel.cloudflare.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 00:55:41.262151957 CET	192.168.2.6	1.1.1.1	0x4ce4	Standard query (0)	a.nel.cloudflare.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 13, 2025 00:55:36.621362925 CET	1.1.1.1	192.168.2.6	0x4cd4	No error (0)	www.google.com		216.58.212.164	A (IP address)	IN (0x0001)	false
Jan 13, 2025 00:55:36.622703075 CET	1.1.1.1	192.168.2.6	0x7852	No error (0)	www.google.com			65	IN (0x0001)	false
Jan 13, 2025 00:55:38.807760000 CET	1.1.1.1	192.168.2.6	0xe9e8	No error (0)	westernunion.eu99.life		104.21.48.245	A (IP address)	IN (0x0001)	false
Jan 13, 2025 00:55:38.807760000 CET	1.1.1.1	192.168.2.6	0xe9e8	No error (0)	westernunion.eu99.life		172.67.138.244	A (IP address)	IN (0x0001)	false
Jan 13, 2025 00:55:38.936022997 CET	1.1.1.1	192.168.2.6	0x32b2	No error (0)	westernunion.eu99.life			65	IN (0x0001)	false
Jan 13, 2025 00:55:39.628242970 CET	1.1.1.1	192.168.2.6	0xa2e	No error (0)	westernunion.eu99.life			65	IN (0x0001)	false
Jan 13, 2025 00:55:39.775321960 CET	1.1.1.1	192.168.2.6	0x639a	No error (0)	westernunion.eu99.life		172.67.138.244	A (IP address)	IN (0x0001)	false
Jan 13, 2025 00:55:39.775321960 CET	1.1.1.1	192.168.2.6	0x639a	No error (0)	westernunion.eu99.life		104.21.48.245	A (IP address)	IN (0x0001)	false
Jan 13, 2025 00:55:41.268831968 CET	1.1.1.1	192.168.2.6	0xb455	No error (0)	a.nel.cloudflare.com		35.190.80.1	A (IP address)	IN (0x0001)	false
Jan 13, 2025 00:55:46.092587948 CET	1.1.1.1	192.168.2.6	0x2827	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 13, 2025 00:55:46.092587948 CET	1.1.1.1	192.168.2.6	0x2827	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Jan 13, 2025 00:55:47.876568079 CET	1.1.1.1	192.168.2.6	0x66ce	No error (0)	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.57.18	A (IP address)	IN (0x0001)	false
Jan 13, 2025 00:55:47.876568079 CET	1.1.1.1	192.168.2.6	0x66ce	No error (0)	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		84.201.210.39	A (IP address)	IN (0x0001)	false
Jan 13, 2025 00:55:47.876568079 CET	1.1.1.1	192.168.2.6	0x66ce	No error (0)	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.57.36	A (IP address)	IN (0x0001)	false
Jan 13, 2025 00:55:47.876568079 CET	1.1.1.1	192.168.2.6	0x66ce	No error (0)	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.57.34	A (IP address)	IN (0x0001)	false
Jan 13, 2025 00:55:47.876568079 CET	1.1.1.1	192.168.2.6	0x66ce	No error (0)	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		84.201.210.23	A (IP address)	IN (0x0001)	false
Jan 13, 2025 00:55:47.876568079 CET	1.1.1.1	192.168.2.6	0x66ce	No error (0)	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.57.35	A (IP address)	IN (0x0001)	false
Jan 13, 2025 00:55:47.876568079 CET	1.1.1.1	192.168.2.6	0x66ce	No error (0)	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.57.19	A (IP address)	IN (0x0001)	false
Jan 13, 2025 00:55:47.876568079 CET	1.1.1.1	192.168.2.6	0x66ce	No error (0)	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.57.20	A (IP address)	IN (0x0001)	false
Jan 13, 2025 00:56:06.277688026 CET	1.1.1.1	192.168.2.6	0x3468	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Jan 13, 2025 00:56:06.277688026 CET	1.1.1.1	192.168.2.6	0x3468	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Jan 13, 2025 00:56:25.322993040 CET	1.1.1.1	192.168.2.6	0xdb76	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Jan 13, 2025 00:56:25.322993040 CET	1.1.1.1	192.168.2.6	0xdb76	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Jan 13, 2025 00:56:45.400548935 CET	1.1.1.1	192.168.2.6	0x6502	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Jan 13, 2025 00:56:45.400548935 CET	1.1.1.1	192.168.2.6	0x6502	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

westernunion.eu99.life

https:

a.nel.cloudflare.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49725	104.21.48.245	80	4144	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Jan 13, 2025 00:55:38.844122887 CET	449	OUT	GET /3/190917927/ HTTP/1.1 Host: westernunion.eu99.life Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 13, 2025 00:55:39.327663898 CET	1072	IN	HTTP/1.1 301 Moved Permanently Date: Sun, 12 Jan 2025 23:55:39 GMT Content-Type: text/html Content-Length: 167 Connection: keep-alive Cache-Control: max-age=3600 Expires: Mon, 13 Jan 2025 00:55:39 GMT Location: https://westernunion.eu99.life/3/190917927/ Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d%2FtT1lh7juwQn%2BtFHqko86C7km9rahYiklc7O50M%2BIYuXNywr4aPXJXilg8pNsXflvRoPQWLanv6IPUKpkKinqhTZFreJV0bCuoBrLcsmi96jz1yjjuI%2BomtOhtH%2F8qdLlC5lLiU4qo3"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Vary: Accept-Encoding Server: cloudflare CF-RAY: 9011142259b17c7e-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1984&min_rtt=1984&rtt_var=992&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=449&delivery_rate=0&cwnd=228&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>
Jan 13, 2025 00:56:24.330612898 CET	6	OUT	Data Raw: 00 Data Ascii:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.6	49712	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2025-01-12 23:55:34 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 42 75 30 31 75 77 57 6f 71 45 32 35 6d 53 46 64 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 64 63 63 61 64 62 36 65 63 30 34 32 35 33 35 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: Bu01uwWoqE25mSFd.1Context: 8dccadb6ec042535
2025-01-12 23:55:34 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-12 23:55:34 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 42 75 30 31 75 77 57 6f 71 45 32 35 6d 53 46 64 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 64 63 63 61 64 62 36 65 63 30 34 32 35 33 35 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 52 61 65 78 61 54 6a 4a 59 6a 6a 78 2b 70 65 34 34 49 50 65 58 72 6b 49 4a 41 39 69 61 51 65 54 61 46 6c 67 75 77 58 4b 75 7a 31 30 5a 50 38 79 4a 32 57 34 59 71 73 6f 4a 4d 78 4b 75 56 41 51 50 48 30 41 6f 39 50 61 39 76 32 79 4c 55 54 78 6d 4b 7a 57 30 30 64 72 36 62 48 48 56 76 42 6f 45 52 56 5a 4b 62 43 51 52 5a 66 78 49 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: Bu01uwWoqE25mSFd.2Context: 8dccadb6ec042535<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAARaexaTjJYjjx+pe44IPeXrkIJA9iaQeTaFlguwXKuz10ZP8yJ2W4YqsoJMxKuVAQPH0Ao9Pa9v2yLUTxmKzW00dr6bHHVvBoERVZKbCQRZfxI
2025-01-12 23:55:34 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 42 75 30 31 75 77 57 6f 71 45 32 35 6d 53 46 64 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 64 63 63 61 64 62 36 65 63 30 34 32 35 33 35 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: Bu01uwWoqE25mSFd.3Context: 8dccadb6ec042535<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-12 23:55:34 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-12 23:55:34 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 47 4b 6f 49 77 77 33 30 6d 55 2b 73 74 54 34 34 67 4a 35 4c 63 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: GKoIww30mU+stT44gJ5Lcg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49739	172.67.138.244	443	4144	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-12 23:55:40 UTC	677	OUT	GET /3/190917927/ HTTP/1.1 Host: westernunion.eu99.life Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 23:55:41 UTC	989	IN	HTTP/1.1 404 Not Found Date: Sun, 12 Jan 2025 23:55:41 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 9 Connection: close X-Powered-By: Express Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST Access-Control-Allow-Headers: Content-Type, Authorization ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg" cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B0p4h1qs3aCbu5SugLFhjvF1JzIqAp63TaJ5qY42XcqpcIADg9aHHQeaXmsc2wTjCPhrKSH%2BqczveDlXUv6bDGJi2x62fCNCiu617PozFYJOEb%2FK1sOfmOPov%2FghA28M96eINb2QETeu"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 9011142d7b50f5f8-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=8573&min_rtt=8573&rtt_var=4286&sent=6&recv=7&lost=0&retrans=1&sent_bytes=4176&recv_bytes=1255&delivery_rate=134178&cwnd=122&unsent_bytes=0&cid=cfb62112e10e5ff9&ts=473&x=0"
2025-01-12 23:55:41 UTC	9	IN	Data Raw: 4e 6f 74 20 46 6f 75 6e 64 Data Ascii: Not Found

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49746	35.190.80.1	443	4144	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-12 23:55:41 UTC	549	OUT	OPTIONS /report/v4?s=B0p4h1qs3aCbu5SugLFhjvF1JzIqAp63TaJ5qY42XcqpcIADg9aHHQeaXmsc2wTjCPhrKSH%2BqczveDlXUv6bDGJi2x62fCNCiu617PozFYJOEb%2FK1sOfmOPov%2FghA28M96eINb2QETeu HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://westernunion.eu99.life Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 23:55:41 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: OPTIONS, POST access-control-allow-origin: * access-control-allow-headers: content-length, content-type date: Sun, 12 Jan 2025 23:55:41 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
3	192.168.2.6	49745	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2025-01-12 23:55:42 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 78 6b 51 33 74 72 6e 38 49 6b 4f 4b 54 4c 4b 2f 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 36 63 38 37 36 34 37 61 63 30 34 62 63 63 61 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: xkQ3trn8IkOKTLK/.1Context: 26c87647ac04bcca
2025-01-12 23:55:42 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-12 23:55:42 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 78 6b 51 33 74 72 6e 38 49 6b 4f 4b 54 4c 4b 2f 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 36 63 38 37 36 34 37 61 63 30 34 62 63 63 61 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 52 61 65 78 61 54 6a 4a 59 6a 6a 78 2b 70 65 34 34 49 50 65 58 72 6b 49 4a 41 39 69 61 51 65 54 61 46 6c 67 75 77 58 4b 75 7a 31 30 5a 50 38 79 4a 32 57 34 59 71 73 6f 4a 4d 78 4b 75 56 41 51 50 48 30 41 6f 39 50 61 39 76 32 79 4c 55 54 78 6d 4b 7a 57 30 30 64 72 36 62 48 48 56 76 42 6f 45 52 56 5a 4b 62 43 51 52 5a 66 78 49 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: xkQ3trn8IkOKTLK/.2Context: 26c87647ac04bcca<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAARaexaTjJYjjx+pe44IPeXrkIJA9iaQeTaFlguwXKuz10ZP8yJ2W4YqsoJMxKuVAQPH0Ao9Pa9v2yLUTxmKzW00dr6bHHVvBoERVZKbCQRZfxI
2025-01-12 23:55:42 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 78 6b 51 33 74 72 6e 38 49 6b 4f 4b 54 4c 4b 2f 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 36 63 38 37 36 34 37 61 63 30 34 62 63 63 61 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: xkQ3trn8IkOKTLK/.3Context: 26c87647ac04bcca<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-12 23:55:42 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-12 23:55:42 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 75 68 57 45 6e 6c 72 59 2b 30 2b 57 4e 78 53 47 66 2f 6d 61 4d 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: uhWEnlrY+0+WNxSGf/maMw.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49753	172.67.138.244	443	4144	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-12 23:55:42 UTC	612	OUT	GET /favicon.ico HTTP/1.1 Host: westernunion.eu99.life Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://westernunion.eu99.life/3/190917927/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 23:55:42 UTC	1074	IN	HTTP/1.1 404 Not Found Date: Sun, 12 Jan 2025 23:55:42 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close X-Powered-By: Express Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST Access-Control-Allow-Headers: Content-Type, Authorization Content-Security-Policy: default-src 'none' X-Content-Type-Options: nosniff Cache-Control: max-age=14400 CF-Cache-Status: EXPIRED Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tCdJfxnZS851KS3iU5vPuZhrTlDuRu3RkMMCo06i%2FTGKqeOaSx5F%2BSHb%2FHryw86hXvd5%2BgsfQlIGMCs38k59qbm%2FADmAhoR7wX%2BTwfCb91eUvB2sYx%2F4QmC32RehmVCuZ7qHD%2FDYeA17"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 901114362aa9431a-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2493&min_rtt=2484&rtt_var=938&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2820&recv_bytes=1190&delivery_rate=1175523&cwnd=224&unsent_bytes=0&cid=cd1a4945f7f17895&ts=428&x=0"
2025-01-12 23:55:42 UTC	156	IN	Data Raw: 39 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 70 72 65 3e 43 61 6e 6e 6f 74 20 47 45 54 20 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 3c 2f 70 72 65 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a Data Ascii: 96<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><title>Error</title></head><body><pre>Cannot GET /favicon.ico</pre></body></html>
2025-01-12 23:55:42 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49754	35.190.80.1	443	4144	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-12 23:55:42 UTC	484	OUT	POST /report/v4?s=B0p4h1qs3aCbu5SugLFhjvF1JzIqAp63TaJ5qY42XcqpcIADg9aHHQeaXmsc2wTjCPhrKSH%2BqczveDlXUv6bDGJi2x62fCNCiu617PozFYJOEb%2FK1sOfmOPov%2FghA28M96eINb2QETeu HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 406 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 23:55:42 UTC	406	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 30 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 31 36 34 35 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 37 32 2e 36 37 2e 31 33 38 2e 32 34 34 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 34 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 65 73 74 65 72 6e 75 6e 69 6f 6e 2e 65 Data Ascii: [{"age":0,"body":{"elapsed_time":1645,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"","sampling_fraction":1.0,"server_ip":"172.67.138.244","status_code":404,"type":"http.error"},"type":"network-error","url":"https://westernunion.e
2025-01-12 23:55:42 UTC	168	IN	HTTP/1.1 200 OK Content-Length: 0 date: Sun, 12 Jan 2025 23:55:41 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.6	49827	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2025-01-12 23:55:54 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 35 66 74 57 72 7a 72 68 67 55 53 59 37 55 56 33 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 36 63 38 36 32 65 34 37 62 31 30 38 36 36 31 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 5ftWrzrhgUSY7UV3.1Context: d6c862e47b108661
2025-01-12 23:55:54 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-12 23:55:54 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 35 66 74 57 72 7a 72 68 67 55 53 59 37 55 56 33 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 36 63 38 36 32 65 34 37 62 31 30 38 36 36 31 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 52 61 65 78 61 54 6a 4a 59 6a 6a 78 2b 70 65 34 34 49 50 65 58 72 6b 49 4a 41 39 69 61 51 65 54 61 46 6c 67 75 77 58 4b 75 7a 31 30 5a 50 38 79 4a 32 57 34 59 71 73 6f 4a 4d 78 4b 75 56 41 51 50 48 30 41 6f 39 50 61 39 76 32 79 4c 55 54 78 6d 4b 7a 57 30 30 64 72 36 62 48 48 56 76 42 6f 45 52 56 5a 4b 62 43 51 52 5a 66 78 49 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 5ftWrzrhgUSY7UV3.2Context: d6c862e47b108661<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAARaexaTjJYjjx+pe44IPeXrkIJA9iaQeTaFlguwXKuz10ZP8yJ2W4YqsoJMxKuVAQPH0Ao9Pa9v2yLUTxmKzW00dr6bHHVvBoERVZKbCQRZfxI
2025-01-12 23:55:54 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 35 66 74 57 72 7a 72 68 67 55 53 59 37 55 56 33 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 36 63 38 36 32 65 34 37 62 31 30 38 36 36 31 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: 5ftWrzrhgUSY7UV3.3Context: d6c862e47b108661<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-12 23:55:54 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-12 23:55:54 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 39 5a 41 31 6b 53 44 34 6b 6b 61 69 5a 6c 58 7a 2b 72 75 2b 6e 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 9ZA1kSD4kkaiZlXz+ru+nQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.6	49949	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2025-01-12 23:56:13 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 62 71 34 77 37 50 50 75 4b 6b 6d 6a 66 4e 4c 38 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 37 37 31 65 66 32 37 36 38 37 37 31 35 65 33 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: bq4w7PPuKkmjfNL8.1Context: c771ef27687715e3
2025-01-12 23:56:13 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-12 23:56:13 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 62 71 34 77 37 50 50 75 4b 6b 6d 6a 66 4e 4c 38 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 37 37 31 65 66 32 37 36 38 37 37 31 35 65 33 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 52 61 65 78 61 54 6a 4a 59 6a 6a 78 2b 70 65 34 34 49 50 65 58 72 6b 49 4a 41 39 69 61 51 65 54 61 46 6c 67 75 77 58 4b 75 7a 31 30 5a 50 38 79 4a 32 57 34 59 71 73 6f 4a 4d 78 4b 75 56 41 51 50 48 30 41 6f 39 50 61 39 76 32 79 4c 55 54 78 6d 4b 7a 57 30 30 64 72 36 62 48 48 56 76 42 6f 45 52 56 5a 4b 62 43 51 52 5a 66 78 49 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: bq4w7PPuKkmjfNL8.2Context: c771ef27687715e3<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAARaexaTjJYjjx+pe44IPeXrkIJA9iaQeTaFlguwXKuz10ZP8yJ2W4YqsoJMxKuVAQPH0Ao9Pa9v2yLUTxmKzW00dr6bHHVvBoERVZKbCQRZfxI
2025-01-12 23:56:13 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 62 71 34 77 37 50 50 75 4b 6b 6d 6a 66 4e 4c 38 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 37 37 31 65 66 32 37 36 38 37 37 31 35 65 33 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: bq4w7PPuKkmjfNL8.3Context: c771ef27687715e3<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-12 23:56:14 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-12 23:56:14 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 37 6c 68 70 38 33 48 57 63 6b 57 65 56 7a 6f 52 58 4f 4c 6b 41 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 7lhp83HWckWeVzoRXOLkAg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.6	50003	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2025-01-12 23:56:39 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 34 45 55 39 53 78 6a 74 36 30 2b 30 56 6b 48 38 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 31 38 33 31 34 64 34 38 30 37 66 65 62 38 62 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 4EU9Sxjt60+0VkH8.1Context: 918314d4807feb8b
2025-01-12 23:56:39 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-12 23:56:39 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 34 45 55 39 53 78 6a 74 36 30 2b 30 56 6b 48 38 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 31 38 33 31 34 64 34 38 30 37 66 65 62 38 62 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 52 61 65 78 61 54 6a 4a 59 6a 6a 78 2b 70 65 34 34 49 50 65 58 72 6b 49 4a 41 39 69 61 51 65 54 61 46 6c 67 75 77 58 4b 75 7a 31 30 5a 50 38 79 4a 32 57 34 59 71 73 6f 4a 4d 78 4b 75 56 41 51 50 48 30 41 6f 39 50 61 39 76 32 79 4c 55 54 78 6d 4b 7a 57 30 30 64 72 36 62 48 48 56 76 42 6f 45 52 56 5a 4b 62 43 51 52 5a 66 78 49 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 4EU9Sxjt60+0VkH8.2Context: 918314d4807feb8b<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAARaexaTjJYjjx+pe44IPeXrkIJA9iaQeTaFlguwXKuz10ZP8yJ2W4YqsoJMxKuVAQPH0Ao9Pa9v2yLUTxmKzW00dr6bHHVvBoERVZKbCQRZfxI
2025-01-12 23:56:39 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 34 45 55 39 53 78 6a 74 36 30 2b 30 56 6b 48 38 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 31 38 33 31 34 64 34 38 30 37 66 65 62 38 62 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: 4EU9Sxjt60+0VkH8.3Context: 918314d4807feb8b<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-12 23:56:39 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-12 23:56:39 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 4d 50 51 74 4b 45 72 5a 68 45 71 35 53 42 76 6d 6b 74 36 32 66 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: MPQtKErZhEq5SBvmkt62fA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.6	50004	35.190.80.1	443	4144	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-12 23:56:41 UTC	559	OUT	OPTIONS /report/v4?s=tCdJfxnZS851KS3iU5vPuZhrTlDuRu3RkMMCo06i%2FTGKqeOaSx5F%2BSHb%2FHryw86hXvd5%2BgsfQlIGMCs38k59qbm%2FADmAhoR7wX%2BTwfCb91eUvB2sYx%2F4QmC32RehmVCuZ7qHD%2FDYeA17 HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://westernunion.eu99.life Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 23:56:41 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: OPTIONS, POST access-control-allow-origin: * access-control-allow-headers: content-type, content-length date: Sun, 12 Jan 2025 23:56:41 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.6	50005	35.190.80.1	443	4144	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-12 23:56:42 UTC	494	OUT	POST /report/v4?s=tCdJfxnZS851KS3iU5vPuZhrTlDuRu3RkMMCo06i%2FTGKqeOaSx5F%2BSHb%2FHryw86hXvd5%2BgsfQlIGMCs38k59qbm%2FADmAhoR7wX%2BTwfCb91eUvB2sYx%2F4QmC32RehmVCuZ7qHD%2FDYeA17 HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 452 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 23:56:42 UTC	452	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 35 38 35 37 34 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 31 33 37 31 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 77 65 73 74 65 72 6e 75 6e 69 6f 6e 2e 65 75 39 39 2e 6c 69 66 65 2f 33 2f 31 39 30 39 31 37 39 32 37 2f 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 37 32 2e 36 37 2e 31 33 38 2e 32 34 34 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 34 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 Data Ascii: [{"age":58574,"body":{"elapsed_time":1371,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://westernunion.eu99.life/3/190917927/","sampling_fraction":1.0,"server_ip":"172.67.138.244","status_code":404,"type":"http.error"},"type
2025-01-12 23:56:42 UTC	168	IN	HTTP/1.1 200 OK Content-Length: 0 date: Sun, 12 Jan 2025 23:56:42 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 5088, Parent PID: 6032

General

Target ID:	1
Start time:	18:55:26
Start date:	12/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 4144, Parent PID: 5088

General

Target ID:	3
Start time:	18:55:30
Start date:	12/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1996,i,18103409492336325948,3345637603511846627,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 1616, Parent PID: 6032

General

Target ID:	4
Start time:	18:55:37
Start date:	12/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://westernunion.eu99.life/3/190917927/"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: URL	Joe Sandbox AI: AI detected Brand spoofing attempt in URL: http://westernunion.eu99.life
Source: URL	Joe Sandbox AI: AI detected Typosquatting in URL: http://westernunion.eu99.life

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /3/190917927/ HTTP/1.1Host: westernunion.eu99.lifeConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: westernunion.eu99.lifeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://westernunion.eu99.life/3/190917927/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /3/190917927/ HTTP/1.1Host: westernunion.eu99.lifeConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: westernunion.eu99.life
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://westernunion.eu99.life/3/190917927/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 39

Chrome Cache Entry: 40

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 5088, Parent PID: 6032

General

Chronological Activities

Analysis Process: chrome.exePID: 4144, Parent PID: 5088

General

Chronological Activities

Analysis Process: chrome.exePID: 1616, Parent PID: 6032

General

Chronological Activities

Disassembly

Windows Analysis Report
http://westernunion.eu99.life/3/190917927/