Edit tour

Windows Analysis Report
https://informed.deliveryele.top/us/

Overview

General Information

Sample URL:	https://informed.deliveryele.top/us/
Analysis ID:	1589679
Infos:

Detection

HTMLPhisher

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Yara detected BlockedWebSite

AI detected suspicious URL

Detected non-DNS traffic on DNS port

Classification

Process Tree

System is w10x64

chrome.exe (PID: 4228 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1312 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=2016,i,14395267210672263836,12176443063107477041,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6852 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://informed.deliveryele.top/us/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_48	JoeSecurity_BlockedWebSite	Yara detected BlockedWebSite	Joe Security

HTML

Source	Rule	Description	Author	Strings
1.1.pages.csv	JoeSecurity_BlockedWebSite	Yara detected BlockedWebSite	Joe Security
1.0.pages.csv	JoeSecurity_BlockedWebSite	Yara detected BlockedWebSite	Joe Security

HTTP traffic detected: POST /report/v4?s=FBitsQyXQiR5%2BMSXgLgPE%2FrSLDt3aiMavpxqwFB10pCnygr7braAgngKEcFaUZLuWpX1iiuD2UwE7uu%2FrmVTvvil5Gnth0fvxf1jledFFdYiVZARqFXbM4s020VxL1YhBqhMZQbyQfeI40A%3D HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 398Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 13 Jan 2025 00:04:44 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: SAMEORIGINReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FBitsQyXQiR5%2BMSXgLgPE%2FrSLDt3aiMavpxqwFB10pCnygr7braAgngKEcFaUZLuWpX1iiuD2UwE7uu%2FrmVTvvil5Gnth0fvxf1jledFFdYiVZARqFXbM4s020VxL1YhBqhMZQbyQfeI40A%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 901121701e93422e-EWR

Source: chromecache_48.2.dr	String found in binary or memory: https://www.cloudflare.com/5xx-error-landing
Source: chromecache_48.2.dr	String found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49217
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49217 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: classification engine

Classification label: mal68.phis.win@16/10@8/8

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=2016,i,14395267210672263836,12176443063107477041,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://informed.deliveryele.top/us/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=2016,i,14395267210672263836,12176443063107477041,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://informed.deliveryele.top/us/	100%	Avira URL Cloud	phishing

Source	Detection	Scanner	Label
https://informed.deliveryele.top/cdn-cgi/styles/cf.errors.css	100%	Avira URL Cloud	phishing
https://informed.deliveryele.top/favicon.ico	100%	Avira URL Cloud	phishing
https://informed.deliveryele.top/cdn-cgi/images/icon-exclamation.png?1376755637	100%	Avira URL Cloud	phishing

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
a.nel.cloudflare.com	35.190.80.1	true	false	high
edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com	84.201.210.39	true	false	high
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true	false	high
www.google.com	142.250.185.132	true	false	high
informed.deliveryele.top	104.21.20.172	true	true	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://informed.deliveryele.top/us/	true		unknown
https://informed.deliveryele.top/favicon.ico	false	Avira URL Cloud: phishing	unknown
https://informed.deliveryele.top/cdn-cgi/images/icon-exclamation.png?1376755637	false	Avira URL Cloud: phishing	unknown
https://a.nel.cloudflare.com/report/v4?s=FBitsQyXQiR5%2BMSXgLgPE%2FrSLDt3aiMavpxqwFB10pCnygr7braAgngKEcFaUZLuWpX1iiuD2UwE7uu%2FrmVTvvil5Gnth0fvxf1jledFFdYiVZARqFXbM4s020VxL1YhBqhMZQbyQfeI40A%3D	false		high
https://informed.deliveryele.top/cdn-cgi/styles/cf.errors.css	false	Avira URL Cloud: phishing	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.cloudflare.com/learning/access-management/phishing-attack/	chromecache_48.2.dr	false		high
https://www.cloudflare.com/5xx-error-landing	chromecache_48.2.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.132	www.google.com	United States	15169	GOOGLEUS	false
172.67.193.61	unknown	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
104.21.20.172	informed.deliveryele.top	United States	13335	CLOUDFLARENETUS	true

Private

IP
192.168.2.4
192.168.2.6
192.168.2.5

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1589679
Start date and time:	2025-01-13 01:03:42 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 16s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://informed.deliveryele.top/us/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal68.phis.win@16/10@8/8
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.67, 172.217.16.206, 64.233.167.84, 142.250.186.78, 142.250.186.174, 142.250.186.46, 20.109.210.53, 84.201.210.39, 192.229.221.95, 20.3.187.198, 142.250.184.238, 13.85.23.206, 142.250.74.206, 142.250.185.206, 142.251.40.142, 74.125.0.74, 172.217.18.3, 34.104.35.123, 2.23.242.162, 13.107.246.45
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, r5.sn-t0aedn7e.gvt1.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, redirector.gvt1.com, ocsp.digicert.com, edgedl.me.gvt1.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, r5---sn-t0aedn7e.gvt1.com, azureedge-t-prod.trafficmanager.net, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://informed.deliveryele.top/us/

Input	Output
URL: https://informed.deliveryele.top Model: Joe Sandbox AI	{ "typosquatting": true, "unusual_query_string": false, "suspicious_tld": true, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": true, "third_party_hosting": true }
URL: https://informed.deliveryele.top
URL: https://informed.deliveryele.top/us/... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "This script checks if cookies are enabled in the user's browser and displays a cookie alert if they are not. This is a common practice to inform users about cookie usage and does not demonstrate any high-risk behaviors." }
if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert'); cookieEl.style.display = 'block'; }) }
URL: https://informed.deliveryele.top/us/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Suspected Phishing", "prominent_button_name": "Learn More", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": true }

URL: https://informed.deliveryele.top/us/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Suspected Phishing", "prominent_button_name": "Learn More", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://informed.deliveryele.top/us/ Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }
URL: https://informed.deliveryele.top/us/ Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	dropped
Size (bytes):	32038
Entropy (8bit):	3.7586031096610943
Encrypted:	false
SSDEEP:	192:cfRys3/ZtSs9axogZeLpoCaAVbZ5iDJ6j5+qDxZ7cnPgW5LnM:cr68dcgWJn
MD5:	3F0F72ED57A54B97CDA500BCF0545EFB
SHA1:	2F252619C18E729D98E16B96D37CD7CD567B38EB
SHA-256:	67FBE8EF9020E5C776AADF6801A1FEF8DC563E2E4DC9DDC740AF8010C0C38943
SHA-512:	EA68C54A3CA39A47555A41AE5FC3723F1E7C06B3AD1776EE7082FFBFF48277D2B4EE7CA1753165C2DCCDF7012EB0CBE29CDBDE21DC05373A07CF18E23DE37E54
Malicious:	false
Reputation:	low
Preview:	............ .h...F... .... .........00.... ..%..V...@@.... .(B...:..(....... ..... .....@...................e21.f32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qe21.f32Qf32.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32Q...Q.....US.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32Q.\[Q.............\|z.m<;.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32Qf32Qf32.uGG..................RP.f32.f32.f32.f32.f32.f32.f32.f32Qf32Qf32.f32.f32.xKJ..................vu.k98.f32.f32.f32.f32.f32Qf32Qf32.f32.f32.g43......^].....................{NL.f32.f32.f32Qf32Qf32.f32.f32..\[.............ts..ww...............k98.f32Qf32Qf32.f32.f32...........................................f32Qf32Qf32.f32.g43.....................................rq....f32Qh65Qh65.h65.j87..YY..[[..[[..[[..\[..]]..oo...........vu.f32Q...Q.........................................mk.g43.f32.f32.f32Q...Q........................`^.p?=.f32.f32.f32.f32.f32.f32.f32Q..Q.....ml.rB@.g43.f32.f32.f32.f32.f32.f32.f32.f32.f32.f3

Chrome Cache Entry: 45

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 54 x 54, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	452
Entropy (8bit):	7.0936408308765495
Encrypted:	false
SSDEEP:	12:6v/7EljW8E6Cl2SYh8SZM4tf70FSDvMXDxJp6ScFChY9:U8hCl2SIdZBtAFSDUX/ozIhK
MD5:	C33DE66281E933259772399D10A6AFE8
SHA1:	B9F9D500F8814381451011D4DCF59CD2D90AD94F
SHA-256:	F1591A5221136C49438642155691AE6C68E25B7241F3D7EBE975B09A77662016
SHA-512:	5834FB9D66F550E6CECFE484B7B6A14F3FCA795405DECE8E652BD69AD917B94B6BBDCDF7639161B9C07F0D33EABD3E79580446B5867219F72F4FC43FD43B98C3
Malicious:	false
Reputation:	low
URL:	https://informed.deliveryele.top/cdn-cgi/images/icon-exclamation.png?1376755637
Preview:	.PNG........IHDR...6...6............3PLTE.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?..".....tRNS.@0.`........ P.p`...../IDATx.....0...l..6....+...~yJ.F"....oE..L.3..[..i2..n.WyJ..z&.....F.......b....p~...\|:t5.m...fp.i./e....%.%...n.P...enV.....!...,.......E........t![HW.B.g.R.\^.e..o+........%.&-j..q...f@..o...]... ....u0.x..2K.+C..8.U.L.Y.[=.....y...o.tF..]M..U.,4..........a.>/.)....C3gNI.i...R.=....Q7..K......IEND.B`.

Chrome Cache Entry: 46

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	32038
Entropy (8bit):	3.7586031096610943
Encrypted:	false
SSDEEP:	192:cfRys3/ZtSs9axogZeLpoCaAVbZ5iDJ6j5+qDxZ7cnPgW5LnM:cr68dcgWJn
MD5:	3F0F72ED57A54B97CDA500BCF0545EFB
SHA1:	2F252619C18E729D98E16B96D37CD7CD567B38EB
SHA-256:	67FBE8EF9020E5C776AADF6801A1FEF8DC563E2E4DC9DDC740AF8010C0C38943
SHA-512:	EA68C54A3CA39A47555A41AE5FC3723F1E7C06B3AD1776EE7082FFBFF48277D2B4EE7CA1753165C2DCCDF7012EB0CBE29CDBDE21DC05373A07CF18E23DE37E54
Malicious:	false
Reputation:	low
URL:	https://informed.deliveryele.top/favicon.ico
Preview:	............ .h...F... .... .........00.... ..%..V...@@.... .(B...:..(....... ..... .....@...................e21.f32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qe21.f32Qf32.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32Q...Q.....US.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32Q.\[Q.............\|z.m<;.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32Qf32Qf32.uGG..................RP.f32.f32.f32.f32.f32.f32.f32.f32Qf32Qf32.f32.f32.xKJ..................vu.k98.f32.f32.f32.f32.f32Qf32Qf32.f32.f32.g43......^].....................{NL.f32.f32.f32Qf32Qf32.f32.f32..\[.............ts..ww...............k98.f32Qf32Qf32.f32.f32...........................................f32Qf32Qf32.f32.g43.....................................rq....f32Qh65Qh65.h65.j87..YY..[[..[[..[[..\[..]]..oo...........vu.f32Q...Q.........................................mk.g43.f32.f32.f32Q...Q........................`^.p?=.f32.f32.f32.f32.f32.f32.f32Q..Q.....ml.rB@.g43.f32.f32.f32.f32.f32.f32.f32.f32.f32.f3

Chrome Cache Entry: 47

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (24050)
Category:	downloaded
Size (bytes):	24051
Entropy (8bit):	4.941039417164537
Encrypted:	false
SSDEEP:	192:VuR/6okgTQwq23gGM8lUR9YRGQ2BwoX6zp+1+nDT1FvxKSI7/UsV7MSE6XZ2dKzk:JwV+oUcoQJpdf1dxKSI7/Ue7ZX2qk
MD5:	5E8C69A459A691B5D1B9BE442332C87D
SHA1:	F24DD1AD7C9080575D92A9A9A2C42620725EF836
SHA-256:	84E3C77025ACE5AF143972B4A40FC834DCDFD4E449D4B36A57E62326F16B3091
SHA-512:	6DB74B262D717916DE0B0B600EEAD2CC6A10E52A9E26D701FAE761FCBC931F35F251553669A92BE3B524F380F32E62AC6AD572BEA23C78965228CE9EFB92ED42
Malicious:	false
Reputation:	low
URL:	https://informed.deliveryele.top/cdn-cgi/styles/cf.errors.css
Preview:	#cf-wrapper a,#cf-wrapper abbr,#cf-wrapper article,#cf-wrapper aside,#cf-wrapper b,#cf-wrapper big,#cf-wrapper blockquote,#cf-wrapper body,#cf-wrapper canvas,#cf-wrapper caption,#cf-wrapper center,#cf-wrapper cite,#cf-wrapper code,#cf-wrapper dd,#cf-wrapper del,#cf-wrapper details,#cf-wrapper dfn,#cf-wrapper div,#cf-wrapper dl,#cf-wrapper dt,#cf-wrapper em,#cf-wrapper embed,#cf-wrapper fieldset,#cf-wrapper figcaption,#cf-wrapper figure,#cf-wrapper footer,#cf-wrapper form,#cf-wrapper h1,#cf-wrapper h2,#cf-wrapper h3,#cf-wrapper h4,#cf-wrapper h5,#cf-wrapper h6,#cf-wrapper header,#cf-wrapper hgroup,#cf-wrapper html,#cf-wrapper i,#cf-wrapper iframe,#cf-wrapper img,#cf-wrapper label,#cf-wrapper legend,#cf-wrapper li,#cf-wrapper mark,#cf-wrapper menu,#cf-wrapper nav,#cf-wrapper object,#cf-wrapper ol,#cf-wrapper output,#cf-wrapper p,#cf-wrapper pre,#cf-wrapper s,#cf-wrapper samp,#cf-wrapper section,#cf-wrapper small,#cf-wrapper span,#cf-wrapper strike,#cf-wrapper strong,#cf-wrapper sub,#cf-w

Chrome Cache Entry: 48

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (394)
Category:	downloaded
Size (bytes):	4548
Entropy (8bit):	5.041674797768708
Encrypted:	false
SSDEEP:	96:1j9jwIjYjUDK/D5DMF+BOiUAtXN0ZLmmJrR89PaQxJbGD:1j9jhjYjIK/Vo+tr2Z6mJre9ieJGD
MD5:	8E24CFA6DB9DE11F4B52BD6D3B8875EA
SHA1:	18686F9D8B41055A35492BDB1CB283F32CE0491D
SHA-256:	2039F50ABBDFAC1A0A473C3FE356DF34F27C79EC56325E2E9F3FBD9B2E395BD7
SHA-512:	C3F79D20B78D2684281653C6BFF53F394C7733275F36CFBA870F6DD74F1BDCAB6911A7E574F43D15D0F16BE0AE741154DC33319B0129880148AED238CCDEB3D3
Malicious:	false
Reputation:	low
URL:	https://informed.deliveryele.top/us/
Preview:	<!DOCTYPE html>. [if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->. [if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->. [if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->. [if gt IE 8]> > <html class="no-js" lang="en-US"> <![endif]-->.<head>.<title>Suspected phishing site \| Cloudflare</title>.<meta charset="UTF-8" />.<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.<meta http-equiv="X-UA-Compatible" content="IE=Edge" />.<meta name="robots" content="noindex, nofollow" />.<meta name="viewport" content="width=device-width,initial-scale=1" />.<link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" />. [if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]-->.<style>body{margin:0;padding:0}</style>... [if gte IE 10]> >.<script>. if (!navigator.cookieEnabled) {. window.addEventListener('DOMContentLoaded

Chrome Cache Entry: 49

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 54 x 54, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	452
Entropy (8bit):	7.0936408308765495
Encrypted:	false
SSDEEP:	12:6v/7EljW8E6Cl2SYh8SZM4tf70FSDvMXDxJp6ScFChY9:U8hCl2SIdZBtAFSDUX/ozIhK
MD5:	C33DE66281E933259772399D10A6AFE8
SHA1:	B9F9D500F8814381451011D4DCF59CD2D90AD94F
SHA-256:	F1591A5221136C49438642155691AE6C68E25B7241F3D7EBE975B09A77662016
SHA-512:	5834FB9D66F550E6CECFE484B7B6A14F3FCA795405DECE8E652BD69AD917B94B6BBDCDF7639161B9C07F0D33EABD3E79580446B5867219F72F4FC43FD43B98C3
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...6...6............3PLTE.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?..".....tRNS.@0.`........ P.p`...../IDATx.....0...l..6....+...~yJ.F"....oE..L.3..[..i2..n.WyJ..z&.....F.......b....p~...\|:t5.m...fp.i./e....%.%...n.P...enV.....!...,.......E........t![HW.B.g.R.\^.e..o+........%.&-j..q...f@..o...]... ....u0.x..2K.+C..8.U.L.Y.[=.....y...o.tF..]M..U.,4..........a.>/.)....C3gNI.i...R.=....Q7..K......IEND.B`.

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 13, 2025 01:04:36.226934910 CET	49675	443	192.168.2.4	173.222.162.32
Jan 13, 2025 01:04:40.133234024 CET	49738	443	192.168.2.4	142.250.185.132
Jan 13, 2025 01:04:40.133259058 CET	443	49738	142.250.185.132	192.168.2.4
Jan 13, 2025 01:04:40.133322001 CET	49738	443	192.168.2.4	142.250.185.132
Jan 13, 2025 01:04:40.133908033 CET	49738	443	192.168.2.4	142.250.185.132
Jan 13, 2025 01:04:40.133922100 CET	443	49738	142.250.185.132	192.168.2.4
Jan 13, 2025 01:04:40.767107010 CET	443	49738	142.250.185.132	192.168.2.4
Jan 13, 2025 01:04:40.767410994 CET	49738	443	192.168.2.4	142.250.185.132
Jan 13, 2025 01:04:40.767437935 CET	443	49738	142.250.185.132	192.168.2.4
Jan 13, 2025 01:04:40.768311977 CET	443	49738	142.250.185.132	192.168.2.4
Jan 13, 2025 01:04:40.768379927 CET	49738	443	192.168.2.4	142.250.185.132
Jan 13, 2025 01:04:40.891550064 CET	49738	443	192.168.2.4	142.250.185.132
Jan 13, 2025 01:04:40.891644001 CET	443	49738	142.250.185.132	192.168.2.4
Jan 13, 2025 01:04:40.934354067 CET	49738	443	192.168.2.4	142.250.185.132
Jan 13, 2025 01:04:40.934380054 CET	443	49738	142.250.185.132	192.168.2.4
Jan 13, 2025 01:04:40.985307932 CET	49738	443	192.168.2.4	142.250.185.132
Jan 13, 2025 01:04:42.761497974 CET	49741	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:42.761518955 CET	443	49741	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:42.761583090 CET	49741	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:42.763103008 CET	49741	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:42.763114929 CET	443	49741	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:42.763632059 CET	49742	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:42.763662100 CET	443	49742	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:42.763731003 CET	49742	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:42.764661074 CET	49742	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:42.764672995 CET	443	49742	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:43.222974062 CET	443	49741	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:43.223387003 CET	49741	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:43.223396063 CET	443	49741	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:43.225030899 CET	443	49741	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:43.225125074 CET	49741	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:43.228174925 CET	443	49742	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:43.232078075 CET	49742	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:43.232120991 CET	443	49742	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:43.233419895 CET	49741	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:43.233587980 CET	443	49742	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:43.233668089 CET	49742	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:43.233716011 CET	443	49741	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:43.233789921 CET	49741	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:43.233795881 CET	443	49741	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:43.233918905 CET	49741	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:43.233942032 CET	49741	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:43.234797001 CET	49743	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:43.234806061 CET	443	49743	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:43.234889030 CET	49743	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:43.235418081 CET	49742	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:43.235517979 CET	49742	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:43.235585928 CET	49742	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:43.235847950 CET	443	49742	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:43.235903978 CET	49742	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:43.236069918 CET	49744	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:43.236160994 CET	443	49744	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:43.236238956 CET	49744	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:43.236548901 CET	49743	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:43.236558914 CET	443	49743	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:43.236855030 CET	49744	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:43.236887932 CET	443	49744	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:43.766588926 CET	443	49743	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:43.766855001 CET	49743	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:43.766884089 CET	443	49743	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:43.768361092 CET	443	49743	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:43.768424988 CET	49743	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:43.774251938 CET	443	49744	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:43.774569035 CET	49744	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:43.774591923 CET	443	49744	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:43.775561094 CET	443	49744	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:43.775631905 CET	49744	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:44.115642071 CET	49743	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:44.115856886 CET	443	49743	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:44.118918896 CET	49744	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:44.119072914 CET	49743	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:44.119100094 CET	443	49743	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:44.119260073 CET	443	49744	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:44.172209024 CET	49744	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:44.172235012 CET	443	49744	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:44.172269106 CET	49743	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:44.217597961 CET	49744	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:44.246113062 CET	443	49743	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:44.246160030 CET	443	49743	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:44.246200085 CET	443	49743	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:44.246216059 CET	49743	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:44.246218920 CET	443	49743	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:44.246243954 CET	443	49743	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:44.246263027 CET	49743	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:44.246344090 CET	443	49743	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:44.246392012 CET	49743	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:44.259355068 CET	49743	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:44.259390116 CET	443	49743	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:44.293157101 CET	49745	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:04:44.293191910 CET	443	49745	35.190.80.1	192.168.2.4
Jan 13, 2025 01:04:44.293252945 CET	49745	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:04:44.297065020 CET	49745	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:04:44.297080994 CET	443	49745	35.190.80.1	192.168.2.4
Jan 13, 2025 01:04:44.403420925 CET	49744	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:44.447338104 CET	443	49744	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:44.505944967 CET	443	49744	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:44.505989075 CET	443	49744	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:44.506012917 CET	443	49744	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:44.506035089 CET	443	49744	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:44.506042957 CET	49744	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:44.506058931 CET	443	49744	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:44.506071091 CET	443	49744	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:44.506088972 CET	49744	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:44.506109953 CET	49744	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:44.506124020 CET	443	49744	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:44.506154060 CET	443	49744	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:44.506182909 CET	443	49744	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:44.506191969 CET	49744	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:44.506198883 CET	443	49744	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:44.506233931 CET	49744	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:44.510674000 CET	443	49744	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:44.510709047 CET	443	49744	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:44.510776997 CET	49744	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:44.510786057 CET	443	49744	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:44.559778929 CET	49744	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:44.598225117 CET	443	49744	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:44.598468065 CET	443	49744	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:44.598536968 CET	49744	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:44.598572016 CET	443	49744	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:44.598670006 CET	443	49744	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:44.598728895 CET	49744	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:44.598745108 CET	443	49744	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:44.598922014 CET	443	49744	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:44.598984003 CET	49744	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:44.726877928 CET	49744	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:44.726924896 CET	443	49744	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:44.783651114 CET	443	49745	35.190.80.1	192.168.2.4
Jan 13, 2025 01:04:44.786202908 CET	49745	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:04:44.786217928 CET	443	49745	35.190.80.1	192.168.2.4
Jan 13, 2025 01:04:44.787341118 CET	443	49745	35.190.80.1	192.168.2.4
Jan 13, 2025 01:04:44.787410975 CET	49745	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:04:44.791163921 CET	49745	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:04:44.791255951 CET	443	49745	35.190.80.1	192.168.2.4
Jan 13, 2025 01:04:44.791584015 CET	49745	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:04:44.791589022 CET	443	49745	35.190.80.1	192.168.2.4
Jan 13, 2025 01:04:44.840789080 CET	49745	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:04:44.853319883 CET	49746	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:44.853430033 CET	443	49746	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:44.853528023 CET	49746	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:44.908907890 CET	49746	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:44.909012079 CET	443	49746	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:44.920341015 CET	443	49745	35.190.80.1	192.168.2.4
Jan 13, 2025 01:04:44.920423031 CET	443	49745	35.190.80.1	192.168.2.4
Jan 13, 2025 01:04:44.920483112 CET	49745	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:04:44.920891047 CET	49745	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:04:44.920913935 CET	443	49745	35.190.80.1	192.168.2.4
Jan 13, 2025 01:04:44.921716928 CET	49747	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:04:44.921746969 CET	443	49747	35.190.80.1	192.168.2.4
Jan 13, 2025 01:04:44.921886921 CET	49747	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:04:44.922301054 CET	49747	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:04:44.922321081 CET	443	49747	35.190.80.1	192.168.2.4
Jan 13, 2025 01:04:45.372000933 CET	443	49747	35.190.80.1	192.168.2.4
Jan 13, 2025 01:04:45.372662067 CET	49747	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:04:45.372678995 CET	443	49747	35.190.80.1	192.168.2.4
Jan 13, 2025 01:04:45.373032093 CET	443	49747	35.190.80.1	192.168.2.4
Jan 13, 2025 01:04:45.373832941 CET	49747	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:04:45.373892069 CET	443	49747	35.190.80.1	192.168.2.4
Jan 13, 2025 01:04:45.374008894 CET	49747	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:04:45.381035089 CET	443	49746	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:45.381304026 CET	49746	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:45.381319046 CET	443	49746	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:45.382334948 CET	443	49746	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:45.382399082 CET	49746	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:45.382745981 CET	49746	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:45.382765055 CET	49746	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:45.382805109 CET	443	49746	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:45.382818937 CET	49746	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:45.382863045 CET	49746	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:45.383174896 CET	49748	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:45.383205891 CET	443	49748	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:45.383280039 CET	49748	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:45.383476019 CET	49748	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:45.383490086 CET	443	49748	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:45.415337086 CET	443	49747	35.190.80.1	192.168.2.4
Jan 13, 2025 01:04:45.500139952 CET	443	49747	35.190.80.1	192.168.2.4
Jan 13, 2025 01:04:45.500205994 CET	443	49747	35.190.80.1	192.168.2.4
Jan 13, 2025 01:04:45.500274897 CET	49747	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:04:45.500601053 CET	49747	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:04:45.500618935 CET	443	49747	35.190.80.1	192.168.2.4
Jan 13, 2025 01:04:45.859769106 CET	443	49748	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:45.860061884 CET	49748	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:45.860074997 CET	443	49748	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:45.860369921 CET	443	49748	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:45.860820055 CET	49748	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:45.860901117 CET	443	49748	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:45.860966921 CET	49748	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:45.907322884 CET	443	49748	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:45.999234915 CET	443	49748	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:45.999303102 CET	443	49748	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:46.000792027 CET	49748	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:46.001115084 CET	49748	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:46.001127005 CET	443	49748	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:46.007905960 CET	49749	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:46.007973909 CET	443	49749	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:46.008362055 CET	49749	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:46.008362055 CET	49749	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:46.008403063 CET	443	49749	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:46.249427080 CET	49750	443	192.168.2.4	172.67.193.61
Jan 13, 2025 01:04:46.249479055 CET	443	49750	172.67.193.61	192.168.2.4
Jan 13, 2025 01:04:46.249806881 CET	49750	443	192.168.2.4	172.67.193.61
Jan 13, 2025 01:04:46.249808073 CET	49750	443	192.168.2.4	172.67.193.61
Jan 13, 2025 01:04:46.249845982 CET	443	49750	172.67.193.61	192.168.2.4
Jan 13, 2025 01:04:46.493542910 CET	443	49749	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:46.494174957 CET	49749	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:46.494199991 CET	443	49749	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:46.495233059 CET	443	49749	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:46.495372057 CET	49749	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:46.495678902 CET	49749	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:46.495678902 CET	49749	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:46.495760918 CET	443	49749	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:46.495776892 CET	49749	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:46.495930910 CET	443	49749	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:46.495968103 CET	49749	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:46.496186018 CET	49751	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:46.496248960 CET	443	49751	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:46.496290922 CET	49749	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:46.496524096 CET	49751	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:46.497113943 CET	49751	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:46.497140884 CET	443	49751	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:46.725384951 CET	443	49750	172.67.193.61	192.168.2.4
Jan 13, 2025 01:04:46.725795984 CET	49750	443	192.168.2.4	172.67.193.61
Jan 13, 2025 01:04:46.725841999 CET	443	49750	172.67.193.61	192.168.2.4
Jan 13, 2025 01:04:46.729468107 CET	443	49750	172.67.193.61	192.168.2.4
Jan 13, 2025 01:04:46.731178999 CET	49750	443	192.168.2.4	172.67.193.61
Jan 13, 2025 01:04:46.731679916 CET	49750	443	192.168.2.4	172.67.193.61
Jan 13, 2025 01:04:46.731892109 CET	443	49750	172.67.193.61	192.168.2.4
Jan 13, 2025 01:04:46.731981039 CET	49750	443	192.168.2.4	172.67.193.61
Jan 13, 2025 01:04:46.731998920 CET	443	49750	172.67.193.61	192.168.2.4
Jan 13, 2025 01:04:46.782264948 CET	49750	443	192.168.2.4	172.67.193.61
Jan 13, 2025 01:04:46.865103006 CET	443	49750	172.67.193.61	192.168.2.4
Jan 13, 2025 01:04:46.865274906 CET	443	49750	172.67.193.61	192.168.2.4
Jan 13, 2025 01:04:46.865746021 CET	49750	443	192.168.2.4	172.67.193.61
Jan 13, 2025 01:04:46.866343021 CET	49750	443	192.168.2.4	172.67.193.61
Jan 13, 2025 01:04:46.866384029 CET	443	49750	172.67.193.61	192.168.2.4
Jan 13, 2025 01:04:46.956692934 CET	443	49751	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:46.957194090 CET	49751	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:46.957223892 CET	443	49751	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:46.958420038 CET	443	49751	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:46.958501101 CET	49751	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:46.958930016 CET	49751	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:46.959002018 CET	443	49751	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:46.959099054 CET	49751	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:46.959116936 CET	443	49751	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:47.000999928 CET	49751	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:47.108445883 CET	443	49751	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:47.108498096 CET	443	49751	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:47.108534098 CET	443	49751	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:47.108576059 CET	443	49751	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:47.108601093 CET	443	49751	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:47.108640909 CET	443	49751	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:47.108666897 CET	443	49751	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:47.108670950 CET	49751	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:47.108670950 CET	49751	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:47.108748913 CET	443	49751	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:47.108799934 CET	49751	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:47.108838081 CET	49751	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:47.109103918 CET	443	49751	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:47.113106966 CET	443	49751	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:47.113176107 CET	49751	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:47.113193035 CET	443	49751	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:47.157278061 CET	49751	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:47.195473909 CET	443	49751	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:47.195537090 CET	443	49751	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:47.195565939 CET	443	49751	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:47.195611000 CET	49751	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:47.195633888 CET	443	49751	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:47.195684910 CET	443	49751	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:47.195724964 CET	49751	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:47.195871115 CET	443	49751	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:47.195924997 CET	49751	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:47.195940018 CET	443	49751	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:47.196073055 CET	443	49751	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:47.196126938 CET	49751	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:47.196139097 CET	443	49751	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:47.196183920 CET	443	49751	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:47.196224928 CET	443	49751	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:47.196255922 CET	49751	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:47.196269989 CET	443	49751	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:47.196336031 CET	49751	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:47.196949959 CET	443	49751	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:47.197096109 CET	443	49751	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:47.197149992 CET	49751	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:47.197454929 CET	49751	443	192.168.2.4	104.21.20.172
Jan 13, 2025 01:04:47.197484016 CET	443	49751	104.21.20.172	192.168.2.4
Jan 13, 2025 01:04:47.203915119 CET	49753	443	192.168.2.4	172.67.193.61
Jan 13, 2025 01:04:47.203942060 CET	443	49753	172.67.193.61	192.168.2.4
Jan 13, 2025 01:04:47.204021931 CET	49753	443	192.168.2.4	172.67.193.61
Jan 13, 2025 01:04:47.204333067 CET	49753	443	192.168.2.4	172.67.193.61
Jan 13, 2025 01:04:47.204340935 CET	443	49753	172.67.193.61	192.168.2.4
Jan 13, 2025 01:04:47.705043077 CET	443	49753	172.67.193.61	192.168.2.4
Jan 13, 2025 01:04:47.705343962 CET	49753	443	192.168.2.4	172.67.193.61
Jan 13, 2025 01:04:47.705364943 CET	443	49753	172.67.193.61	192.168.2.4
Jan 13, 2025 01:04:47.705873013 CET	443	49753	172.67.193.61	192.168.2.4
Jan 13, 2025 01:04:47.706235886 CET	49753	443	192.168.2.4	172.67.193.61
Jan 13, 2025 01:04:47.706324100 CET	443	49753	172.67.193.61	192.168.2.4
Jan 13, 2025 01:04:47.706434011 CET	49753	443	192.168.2.4	172.67.193.61
Jan 13, 2025 01:04:47.747379065 CET	443	49753	172.67.193.61	192.168.2.4
Jan 13, 2025 01:04:47.847950935 CET	443	49753	172.67.193.61	192.168.2.4
Jan 13, 2025 01:04:47.848011017 CET	443	49753	172.67.193.61	192.168.2.4
Jan 13, 2025 01:04:47.848061085 CET	49753	443	192.168.2.4	172.67.193.61
Jan 13, 2025 01:04:47.848076105 CET	443	49753	172.67.193.61	192.168.2.4
Jan 13, 2025 01:04:47.848146915 CET	443	49753	172.67.193.61	192.168.2.4
Jan 13, 2025 01:04:47.848187923 CET	49753	443	192.168.2.4	172.67.193.61
Jan 13, 2025 01:04:47.848195076 CET	443	49753	172.67.193.61	192.168.2.4
Jan 13, 2025 01:04:47.848243952 CET	443	49753	172.67.193.61	192.168.2.4
Jan 13, 2025 01:04:47.848278046 CET	443	49753	172.67.193.61	192.168.2.4
Jan 13, 2025 01:04:47.848289967 CET	49753	443	192.168.2.4	172.67.193.61
Jan 13, 2025 01:04:47.848299026 CET	443	49753	172.67.193.61	192.168.2.4
Jan 13, 2025 01:04:47.848339081 CET	49753	443	192.168.2.4	172.67.193.61
Jan 13, 2025 01:04:47.848536968 CET	443	49753	172.67.193.61	192.168.2.4
Jan 13, 2025 01:04:47.852210045 CET	443	49753	172.67.193.61	192.168.2.4
Jan 13, 2025 01:04:47.852255106 CET	49753	443	192.168.2.4	172.67.193.61
Jan 13, 2025 01:04:47.852263927 CET	443	49753	172.67.193.61	192.168.2.4
Jan 13, 2025 01:04:47.852309942 CET	443	49753	172.67.193.61	192.168.2.4
Jan 13, 2025 01:04:47.852349997 CET	49753	443	192.168.2.4	172.67.193.61
Jan 13, 2025 01:04:47.852358103 CET	443	49753	172.67.193.61	192.168.2.4
Jan 13, 2025 01:04:47.903901100 CET	49753	443	192.168.2.4	172.67.193.61
Jan 13, 2025 01:04:47.939204931 CET	443	49753	172.67.193.61	192.168.2.4
Jan 13, 2025 01:04:47.939421892 CET	443	49753	172.67.193.61	192.168.2.4
Jan 13, 2025 01:04:47.939498901 CET	443	49753	172.67.193.61	192.168.2.4
Jan 13, 2025 01:04:47.939543009 CET	443	49753	172.67.193.61	192.168.2.4
Jan 13, 2025 01:04:47.939582109 CET	49753	443	192.168.2.4	172.67.193.61
Jan 13, 2025 01:04:47.939595938 CET	443	49753	172.67.193.61	192.168.2.4
Jan 13, 2025 01:04:47.939629078 CET	49753	443	192.168.2.4	172.67.193.61
Jan 13, 2025 01:04:47.939696074 CET	443	49753	172.67.193.61	192.168.2.4
Jan 13, 2025 01:04:47.939743996 CET	443	49753	172.67.193.61	192.168.2.4
Jan 13, 2025 01:04:47.939788103 CET	443	49753	172.67.193.61	192.168.2.4
Jan 13, 2025 01:04:47.939815044 CET	49753	443	192.168.2.4	172.67.193.61
Jan 13, 2025 01:04:47.939821959 CET	443	49753	172.67.193.61	192.168.2.4
Jan 13, 2025 01:04:47.940007925 CET	49753	443	192.168.2.4	172.67.193.61
Jan 13, 2025 01:04:47.940017939 CET	443	49753	172.67.193.61	192.168.2.4
Jan 13, 2025 01:04:47.940262079 CET	49753	443	192.168.2.4	172.67.193.61
Jan 13, 2025 01:04:47.940272093 CET	443	49753	172.67.193.61	192.168.2.4
Jan 13, 2025 01:04:47.940366030 CET	443	49753	172.67.193.61	192.168.2.4
Jan 13, 2025 01:04:47.940470934 CET	443	49753	172.67.193.61	192.168.2.4
Jan 13, 2025 01:04:47.940802097 CET	49753	443	192.168.2.4	172.67.193.61
Jan 13, 2025 01:04:47.940884113 CET	49753	443	192.168.2.4	172.67.193.61
Jan 13, 2025 01:04:47.940901995 CET	443	49753	172.67.193.61	192.168.2.4
Jan 13, 2025 01:04:50.685020924 CET	443	49738	142.250.185.132	192.168.2.4
Jan 13, 2025 01:04:50.685094118 CET	443	49738	142.250.185.132	192.168.2.4
Jan 13, 2025 01:04:50.685467005 CET	49738	443	192.168.2.4	142.250.185.132
Jan 13, 2025 01:04:51.321295977 CET	49738	443	192.168.2.4	142.250.185.132
Jan 13, 2025 01:04:51.321357965 CET	443	49738	142.250.185.132	192.168.2.4
Jan 13, 2025 01:04:54.537573099 CET	49723	80	192.168.2.4	199.232.210.172
Jan 13, 2025 01:04:54.542536974 CET	80	49723	199.232.210.172	192.168.2.4
Jan 13, 2025 01:04:54.542588949 CET	49723	80	192.168.2.4	199.232.210.172
Jan 13, 2025 01:05:19.161837101 CET	49173	53	192.168.2.4	1.1.1.1
Jan 13, 2025 01:05:19.166640043 CET	53	49173	1.1.1.1	192.168.2.4
Jan 13, 2025 01:05:19.166699886 CET	49173	53	192.168.2.4	1.1.1.1
Jan 13, 2025 01:05:19.166737080 CET	49173	53	192.168.2.4	1.1.1.1
Jan 13, 2025 01:05:19.171449900 CET	53	49173	1.1.1.1	192.168.2.4
Jan 13, 2025 01:05:19.621334076 CET	53	49173	1.1.1.1	192.168.2.4
Jan 13, 2025 01:05:19.622006893 CET	49173	53	192.168.2.4	1.1.1.1
Jan 13, 2025 01:05:19.626977921 CET	53	49173	1.1.1.1	192.168.2.4
Jan 13, 2025 01:05:19.627043962 CET	49173	53	192.168.2.4	1.1.1.1
Jan 13, 2025 01:05:40.193634987 CET	49217	443	192.168.2.4	142.250.185.132
Jan 13, 2025 01:05:40.193722010 CET	443	49217	142.250.185.132	192.168.2.4
Jan 13, 2025 01:05:40.193794012 CET	49217	443	192.168.2.4	142.250.185.132
Jan 13, 2025 01:05:40.194628000 CET	49217	443	192.168.2.4	142.250.185.132
Jan 13, 2025 01:05:40.194668055 CET	443	49217	142.250.185.132	192.168.2.4
Jan 13, 2025 01:05:40.854952097 CET	443	49217	142.250.185.132	192.168.2.4
Jan 13, 2025 01:05:40.855262995 CET	49217	443	192.168.2.4	142.250.185.132
Jan 13, 2025 01:05:40.855341911 CET	443	49217	142.250.185.132	192.168.2.4
Jan 13, 2025 01:05:40.856467009 CET	443	49217	142.250.185.132	192.168.2.4
Jan 13, 2025 01:05:40.856823921 CET	49217	443	192.168.2.4	142.250.185.132
Jan 13, 2025 01:05:40.857012987 CET	443	49217	142.250.185.132	192.168.2.4
Jan 13, 2025 01:05:40.903855085 CET	49217	443	192.168.2.4	142.250.185.132
Jan 13, 2025 01:05:43.810204029 CET	49724	80	192.168.2.4	199.232.210.172
Jan 13, 2025 01:05:43.815229893 CET	80	49724	199.232.210.172	192.168.2.4
Jan 13, 2025 01:05:43.815280914 CET	49724	80	192.168.2.4	199.232.210.172
Jan 13, 2025 01:05:50.796788931 CET	443	49217	142.250.185.132	192.168.2.4
Jan 13, 2025 01:05:50.796952009 CET	443	49217	142.250.185.132	192.168.2.4
Jan 13, 2025 01:05:50.797023058 CET	49217	443	192.168.2.4	142.250.185.132
Jan 13, 2025 01:05:50.814100981 CET	49217	443	192.168.2.4	142.250.185.132
Jan 13, 2025 01:05:50.814120054 CET	443	49217	142.250.185.132	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 13, 2025 01:04:36.514983892 CET	53	64964	1.1.1.1	192.168.2.4
Jan 13, 2025 01:04:36.663548946 CET	53	57903	1.1.1.1	192.168.2.4
Jan 13, 2025 01:04:37.660257101 CET	53	63542	1.1.1.1	192.168.2.4
Jan 13, 2025 01:04:40.124300957 CET	56281	53	192.168.2.4	1.1.1.1
Jan 13, 2025 01:04:40.124777079 CET	52990	53	192.168.2.4	1.1.1.1
Jan 13, 2025 01:04:40.130911112 CET	53	56281	1.1.1.1	192.168.2.4
Jan 13, 2025 01:04:40.131463051 CET	53	52990	1.1.1.1	192.168.2.4
Jan 13, 2025 01:04:42.296427011 CET	64008	53	192.168.2.4	1.1.1.1
Jan 13, 2025 01:04:42.296576023 CET	58781	53	192.168.2.4	1.1.1.1
Jan 13, 2025 01:04:42.308588982 CET	53	58781	1.1.1.1	192.168.2.4
Jan 13, 2025 01:04:42.641372919 CET	53	64008	1.1.1.1	192.168.2.4
Jan 13, 2025 01:04:44.256417036 CET	63599	53	192.168.2.4	1.1.1.1
Jan 13, 2025 01:04:44.257074118 CET	59780	53	192.168.2.4	1.1.1.1
Jan 13, 2025 01:04:44.263089895 CET	53	63599	1.1.1.1	192.168.2.4
Jan 13, 2025 01:04:44.264204979 CET	53	59780	1.1.1.1	192.168.2.4
Jan 13, 2025 01:04:46.012387991 CET	54747	53	192.168.2.4	1.1.1.1
Jan 13, 2025 01:04:46.012388945 CET	57431	53	192.168.2.4	1.1.1.1
Jan 13, 2025 01:04:46.195080996 CET	53	57431	1.1.1.1	192.168.2.4
Jan 13, 2025 01:04:46.373534918 CET	53	54747	1.1.1.1	192.168.2.4
Jan 13, 2025 01:04:55.022037983 CET	53	58890	1.1.1.1	192.168.2.4
Jan 13, 2025 01:04:55.380306005 CET	138	138	192.168.2.4	192.168.2.255
Jan 13, 2025 01:05:14.063081026 CET	53	51244	1.1.1.1	192.168.2.4
Jan 13, 2025 01:05:19.161432028 CET	53	52142	1.1.1.1	192.168.2.4
Jan 13, 2025 01:05:36.008842945 CET	53	59048	1.1.1.1	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Jan 13, 2025 01:04:46.381309986 CET	192.168.2.4	1.1.1.1	c282	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 13, 2025 01:04:40.124300957 CET	192.168.2.4	1.1.1.1	0x3c30	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:04:40.124777079 CET	192.168.2.4	1.1.1.1	0xa0bb	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jan 13, 2025 01:04:42.296427011 CET	192.168.2.4	1.1.1.1	0x61c5	Standard query (0)	informed.deliveryele.top	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:04:42.296576023 CET	192.168.2.4	1.1.1.1	0x72ed	Standard query (0)	informed.deliveryele.top	65	IN (0x0001)	false
Jan 13, 2025 01:04:44.256417036 CET	192.168.2.4	1.1.1.1	0xb468	Standard query (0)	a.nel.cloudflare.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:04:44.257074118 CET	192.168.2.4	1.1.1.1	0xf8b6	Standard query (0)	a.nel.cloudflare.com	65	IN (0x0001)	false
Jan 13, 2025 01:04:46.012387991 CET	192.168.2.4	1.1.1.1	0xfbc9	Standard query (0)	informed.deliveryele.top	65	IN (0x0001)	false
Jan 13, 2025 01:04:46.012388945 CET	192.168.2.4	1.1.1.1	0x5aab	Standard query (0)	informed.deliveryele.top	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 13, 2025 01:04:40.130911112 CET	1.1.1.1	192.168.2.4	0x3c30	No error (0)	www.google.com		142.250.185.132	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:04:40.131463051 CET	1.1.1.1	192.168.2.4	0xa0bb	No error (0)	www.google.com			65	IN (0x0001)	false
Jan 13, 2025 01:04:42.308588982 CET	1.1.1.1	192.168.2.4	0x72ed	No error (0)	informed.deliveryele.top			65	IN (0x0001)	false
Jan 13, 2025 01:04:42.641372919 CET	1.1.1.1	192.168.2.4	0x61c5	No error (0)	informed.deliveryele.top		104.21.20.172	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:04:42.641372919 CET	1.1.1.1	192.168.2.4	0x61c5	No error (0)	informed.deliveryele.top		172.67.193.61	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:04:44.263089895 CET	1.1.1.1	192.168.2.4	0xb468	No error (0)	a.nel.cloudflare.com		35.190.80.1	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:04:46.195080996 CET	1.1.1.1	192.168.2.4	0x5aab	No error (0)	informed.deliveryele.top		172.67.193.61	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:04:46.195080996 CET	1.1.1.1	192.168.2.4	0x5aab	No error (0)	informed.deliveryele.top		104.21.20.172	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:04:46.373534918 CET	1.1.1.1	192.168.2.4	0xfbc9	No error (0)	informed.deliveryele.top			65	IN (0x0001)	false
Jan 13, 2025 01:04:50.921680927 CET	1.1.1.1	192.168.2.4	0x2259	No error (0)	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		84.201.210.39	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:04:50.921680927 CET	1.1.1.1	192.168.2.4	0x2259	No error (0)	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.57.20	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:04:50.921680927 CET	1.1.1.1	192.168.2.4	0x2259	No error (0)	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		84.201.210.23	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:04:50.921680927 CET	1.1.1.1	192.168.2.4	0x2259	No error (0)	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.57.19	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:04:50.921680927 CET	1.1.1.1	192.168.2.4	0x2259	No error (0)	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.57.34	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:04:50.921680927 CET	1.1.1.1	192.168.2.4	0x2259	No error (0)	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.57.35	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:04:50.921680927 CET	1.1.1.1	192.168.2.4	0x2259	No error (0)	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.57.18	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:04:50.921680927 CET	1.1.1.1	192.168.2.4	0x2259	No error (0)	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.57.36	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:04:51.753590107 CET	1.1.1.1	192.168.2.4	0x7644	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 13, 2025 01:04:51.753590107 CET	1.1.1.1	192.168.2.4	0x7644	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:05:04.927896023 CET	1.1.1.1	192.168.2.4	0xc74d	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 13, 2025 01:05:04.927896023 CET	1.1.1.1	192.168.2.4	0xc74d	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:05:32.279714108 CET	1.1.1.1	192.168.2.4	0x4b88	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	s-part-0017.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 13, 2025 01:05:32.279714108 CET	1.1.1.1	192.168.2.4	0x4b88	No error (0)	s-part-0017.t-0009.t-msedge.net		13.107.246.45	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:05:49.192574024 CET	1.1.1.1	192.168.2.4	0x8aa7	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	s-part-0017.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 13, 2025 01:05:49.192574024 CET	1.1.1.1	192.168.2.4	0x8aa7	No error (0)	s-part-0017.t-0009.t-msedge.net		13.107.246.45	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

informed.deliveryele.top

https:

a.nel.cloudflare.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49743	104.21.20.172	443	1312	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 00:04:44 UTC	670	OUT	GET /us/ HTTP/1.1 Host: informed.deliveryele.top Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 00:04:44 UTC	566	IN	HTTP/1.1 403 Forbidden Date: Mon, 13 Jan 2025 00:04:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FBitsQyXQiR5%2BMSXgLgPE%2FrSLDt3aiMavpxqwFB10pCnygr7braAgngKEcFaUZLuWpX1iiuD2UwE7uu%2FrmVTvvil5Gnth0fvxf1jledFFdYiVZARqFXbM4s020VxL1YhBqhMZQbyQfeI40A%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 901121701e93422e-EWR
2025-01-13 00:04:44 UTC	803	IN	Data Raw: 31 31 63 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 11c4<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2025-01-13 00:04:44 UTC	1369	IN	Data Raw: 63 64 6e 2d 63 67 69 2f 73 74 79 6c 65 73 2f 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c Data Ascii: cdn-cgi/styles/cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getEl
2025-01-13 00:04:44 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 34 30 34 30 34 30 3b 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 20 62 6f 72 64 65 72 3a 20 30 3b 22 3e 4c 65 61 72 6e 20 4d 6f 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 66 Data Ascii: <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" style="background-color: #404040; color: #fff; border: 0;">Learn More</a> <f
2025-01-13 00:04:44 UTC	1015	IN	Data Raw: 61 6c 22 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 2d 62 74 6e 22 3e 43 6c 69 63 6b 20 74 6f 20 72 65 76 65 61 6c 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 Data Ascii: al" class="cf-footer-ip-reveal-btn">Click to reveal</button> <span class="hidden" id="cf-footer-ip">8.46.123.189</span> <span class="cf-footer-separator sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><sp
2025-01-13 00:04:44 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49744	104.21.20.172	443	1312	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 00:04:44 UTC	578	OUT	GET /cdn-cgi/styles/cf.errors.css HTTP/1.1 Host: informed.deliveryele.top Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://informed.deliveryele.top/us/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 00:04:44 UTC	411	IN	HTTP/1.1 200 OK Date: Mon, 13 Jan 2025 00:04:44 GMT Content-Type: text/css Content-Length: 24051 Connection: close Last-Modified: Tue, 07 Jan 2025 14:31:40 GMT ETag: "677d3acc-5df3" Server: cloudflare CF-RAY: 90112171dcfb7d1a-EWR X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Mon, 13 Jan 2025 02:04:44 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2025-01-13 00:04:44 UTC	958	IN	Data Raw: 23 63 66 2d 77 72 61 70 70 65 72 20 61 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 62 62 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 72 74 69 63 6c 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 73 69 64 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 69 67 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 6c 6f 63 6b 71 75 6f 74 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 6f 64 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 61 6e 76 61 73 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 61 70 74 69 6f 6e 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 65 6e 74 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 69 74 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 6f 64 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 64 64 2c 23 63 66 2d 77 72 61 70 70 Data Ascii: #cf-wrapper a,#cf-wrapper abbr,#cf-wrapper article,#cf-wrapper aside,#cf-wrapper b,#cf-wrapper big,#cf-wrapper blockquote,#cf-wrapper body,#cf-wrapper canvas,#cf-wrapper caption,#cf-wrapper center,#cf-wrapper cite,#cf-wrapper code,#cf-wrapper dd,#cf-wrapp
2025-01-13 00:04:44 UTC	1369	IN	Data Raw: 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 74 72 6f 6e 67 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 62 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 6d 6d 61 72 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 61 62 6c 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 62 6f 64 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 66 6f 6f 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 68 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 68 65 61 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 75 2c 23 63 66 2d 77 72 61 70 70 65 72 20 75 6c 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 62 6f Data Ascii: e,#cf-wrapper strong,#cf-wrapper sub,#cf-wrapper summary,#cf-wrapper sup,#cf-wrapper table,#cf-wrapper tbody,#cf-wrapper td,#cf-wrapper tfoot,#cf-wrapper th,#cf-wrapper thead,#cf-wrapper tr,#cf-wrapper tt,#cf-wrapper u,#cf-wrapper ul{margin:0;padding:0;bo
2025-01-13 00:04:44 UTC	1369	IN	Data Raw: 31 2e 35 21 69 6d 70 6f 72 74 61 6e 74 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 3b 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 74 61 70 2d 68 69 67 68 6c 69 67 68 74 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 32 34 36 2c 31 33 39 2c 33 31 2c 2e 33 29 3b 2d 77 65 62 6b 69 74 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 61 6e 74 69 61 6c 69 61 73 65 64 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 73 65 63 74 69 6f 6e 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 65 63 74 69 6f 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 30 20 30 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 32 65 6d 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 65 6d Data Ascii: 1.5!important;text-decoration:none!important;letter-spacing:normal;-webkit-tap-highlight-color:rgba(246,139,31,.3);-webkit-font-smoothing:antialiased}#cf-wrapper .cf-section,#cf-wrapper section{background:0 0;display:block;margin-bottom:2em;margin-top:2em
2025-01-13 00:04:44 UTC	1369	IN	Data Raw: 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 74 77 6f 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 32 32 2e 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 32 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 Data Ascii: ld(2n),#cf-wrapper .cf-columns.cols-4>.cf-column:nth-child(2n),#cf-wrapper .cf-columns.four>.cf-column:nth-child(2n),#cf-wrapper .cf-columns.two>.cf-column:nth-child(2n){padding-left:22.5px;padding-right:0}#cf-wrapper .cf-columns.cols-2>.cf-column:nth-chi
2025-01-13 00:04:44 UTC	1369	IN	Data Raw: 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 6f 64 64 29 7b 63 6c 65 61 72 3a 6e 6f 6e 65 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 66 69 72 73 74 2d 63 68 69 6c 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 34 6e 2b 31 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 66 69 72 73 74 2d 63 68 69 6c 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 Data Ascii: ),#cf-wrapper .cf-columns.four>.cf-column:nth-child(odd){clear:none}#cf-wrapper .cf-columns.cols-4>.cf-column:first-child,#cf-wrapper .cf-columns.cols-4>.cf-column:nth-child(4n+1),#cf-wrapper .cf-columns.four>.cf-column:first-child,#cf-wrapper .cf-columns
2025-01-13 00:04:44 UTC	1369	IN	Data Raw: 30 3b 70 61 64 64 69 6e 67 3a 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 31 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 34 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 74 72 6f 6e 67 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 36 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 30 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 33 7d 23 63 66 2d 77 72 61 70 70 65 Data Ascii: 0;padding:0}#cf-wrapper h1,#cf-wrapper h2,#cf-wrapper h3{font-weight:400}#cf-wrapper h4,#cf-wrapper h5,#cf-wrapper h6,#cf-wrapper strong{font-weight:600}#cf-wrapper h1{font-size:36px;line-height:1.2}#cf-wrapper h2{font-size:30px;line-height:1.3}#cf-wrappe
2025-01-13 00:04:44 UTC	1369	IN	Data Raw: 68 32 2b 68 34 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2b 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2b 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 34 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 6f 6c 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 75 6c 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2e 35 65 6d 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 39 39 39 3b 63 6f 6c Data Ascii: h2+h4,#cf-wrapper h2+h5,#cf-wrapper h2+h6,#cf-wrapper h3+h5,#cf-wrapper h3+h6,#cf-wrapper h3+p,#cf-wrapper h4+p,#cf-wrapper h5+ol,#cf-wrapper h5+p,#cf-wrapper h5+ul{margin-top:.5em}#cf-wrapper .cf-btn{background-color:transparent;border:1px solid #999;col
2025-01-13 00:04:44 UTC	1369	IN	Data Raw: 3a 23 36 32 61 31 64 38 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 31 36 33 39 35 39 3b 63 6f 6c 6f 72 3a 23 66 66 66 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 65 72 72 6f 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 69 6d 70 6f 72 74 61 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 62 64 32 34 32 36 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 63 6f 6c 6f 72 3a 23 66 66 66 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 3a 68 6f 76 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 65 72 72 6f 72 3a 68 6f 76 65 72 2c 23 Data Ascii: :#62a1d8;border:1px solid #163959;color:#fff}#cf-wrapper .cf-btn-danger,#cf-wrapper .cf-btn-error,#cf-wrapper .cf-btn-important{background-color:#bd2426;border-color:transparent;color:#fff}#cf-wrapper .cf-btn-danger:hover,#cf-wrapper .cf-btn-error:hover,#
2025-01-13 00:04:44 UTC	1369	IN	Data Raw: 61 63 65 3a 6e 6f 77 72 61 70 7d 23 63 66 2d 77 72 61 70 70 65 72 20 69 6e 70 75 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 65 6c 65 63 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 65 78 74 61 72 65 61 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 39 39 39 21 69 6d 70 6f 72 74 61 6e 74 3b 63 6f 6c 6f 72 3a 23 34 30 34 30 34 30 21 69 6d 70 6f 72 74 61 6e 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 36 36 36 37 65 6d 21 69 6d 70 6f 72 74 61 6e 74 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 34 21 69 6d 70 6f 72 74 61 6e 74 3b 6d 61 72 67 69 6e 3a 30 20 30 20 31 65 6d 21 69 6d 70 6f 72 74 61 6e 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 21 69 6d 70 6f 72 74 61 6e Data Ascii: ace:nowrap}#cf-wrapper input,#cf-wrapper select,#cf-wrapper textarea{background:#fff!important;border:1px solid #999!important;color:#404040!important;font-size:.86667em!important;line-height:1.24!important;margin:0 0 1em!important;max-width:100%!importan
2025-01-13 00:04:44 UTC	1369	IN	Data Raw: 3a 23 34 30 34 30 34 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 70 61 64 64 69 6e 67 3a 37 2e 35 70 78 20 31 35 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 32 70 78 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 61 6c 65 72 74 3a 65 6d 70 74 79 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 61 6c 65 72 74 20 2e 63 66 2d 63 6c 6f 73 65 7b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 38 2e 37 35 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 3b 70 61 64 64 69 6e Data Ascii: :#404040;font-size:13px;padding:7.5px 15px;position:relative;vertical-align:middle;border-radius:2px}#cf-wrapper .cf-alert:empty{display:none}#cf-wrapper .cf-alert .cf-close{border:1px solid transparent;color:inherit;font-size:18.75px;line-height:1;paddin

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49745	35.190.80.1	443	1312	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 00:04:44 UTC	557	OUT	OPTIONS /report/v4?s=FBitsQyXQiR5%2BMSXgLgPE%2FrSLDt3aiMavpxqwFB10pCnygr7braAgngKEcFaUZLuWpX1iiuD2UwE7uu%2FrmVTvvil5Gnth0fvxf1jledFFdYiVZARqFXbM4s020VxL1YhBqhMZQbyQfeI40A%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://informed.deliveryele.top Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 00:04:44 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: POST, OPTIONS access-control-allow-origin: * access-control-allow-headers: content-type, content-length date: Mon, 13 Jan 2025 00:04:44 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49747	35.190.80.1	443	1312	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 00:04:45 UTC	490	OUT	POST /report/v4?s=FBitsQyXQiR5%2BMSXgLgPE%2FrSLDt3aiMavpxqwFB10pCnygr7braAgngKEcFaUZLuWpX1iiuD2UwE7uu%2FrmVTvvil5Gnth0fvxf1jledFFdYiVZARqFXbM4s020VxL1YhBqhMZQbyQfeI40A%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 398 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 00:04:45 UTC	398	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 36 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 31 39 33 32 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 30 34 2e 32 31 2e 32 30 2e 31 37 32 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 33 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 69 6e 66 6f 72 6d 65 64 2e 64 65 6c 69 76 65 Data Ascii: [{"age":6,"body":{"elapsed_time":1932,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"","sampling_fraction":1.0,"server_ip":"104.21.20.172","status_code":403,"type":"http.error"},"type":"network-error","url":"https://informed.delive
2025-01-13 00:04:45 UTC	168	IN	HTTP/1.1 200 OK Content-Length: 0 date: Mon, 13 Jan 2025 00:04:45 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49748	104.21.20.172	443	1312	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 00:04:45 UTC	667	OUT	GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1 Host: informed.deliveryele.top Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://informed.deliveryele.top/cdn-cgi/styles/cf.errors.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 00:04:45 UTC	409	IN	HTTP/1.1 200 OK Date: Mon, 13 Jan 2025 00:04:45 GMT Content-Type: image/png Content-Length: 452 Connection: close Last-Modified: Tue, 07 Jan 2025 14:31:40 GMT ETag: "677d3acc-1c4" Server: cloudflare CF-RAY: 9011217b2fb00c7c-EWR X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Mon, 13 Jan 2025 02:04:45 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2025-01-13 00:04:45 UTC	452	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 36 00 00 00 36 08 03 00 00 00 bb 9b 9a ef 00 00 00 33 50 4c 54 45 c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f ab b2 22 ed 00 00 00 11 74 52 4e 53 00 40 30 10 60 8f bf ff ef 7f af 9f df 20 50 cf 70 60 82 c8 9b 00 00 01 2f 49 44 41 54 78 01 bd d3 05 d2 b4 30 10 06 e1 8e 6c de c1 36 dc ff b2 9f 2b 95 c9 12 7e 79 4a 91 46 22 b8 c2 8b c8 80 94 6f 45 1f ac 4c 81 33 f2 ac 03 5b 1e 95 69 32 b5 94 6e 98 57 79 4a c4 91 8a 7a 26 9a 82 a9 af a4 46 95 f5 d0 1a fb 95 c7 62 bf b2 f2 e9 70 7e e3 a7 a0 df ee 7c 3a 74 35 f1 6d b3 b3 99 66 70 af 69 f2 2f 65 ef c7 fa 99 25 de 25 1b c9 b4 f0 6e d2 50 a6 ed fb 65 Data Ascii: PNGIHDR663PLTEE?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?"tRNS@0` Pp`/IDATx0l6+~yJF"oEL3[i2nWyJz&Fbp~\|:t5mfpi/e%%nPe

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49750	172.67.193.61	443	1312	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 00:04:46 UTC	394	OUT	GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1 Host: informed.deliveryele.top Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 00:04:46 UTC	409	IN	HTTP/1.1 200 OK Date: Mon, 13 Jan 2025 00:04:46 GMT Content-Type: image/png Content-Length: 452 Connection: close Last-Modified: Tue, 07 Jan 2025 14:31:40 GMT ETag: "677d3acc-1c4" Server: cloudflare CF-RAY: 901121809cf3c461-EWR X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Mon, 13 Jan 2025 02:04:46 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2025-01-13 00:04:46 UTC	452	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 36 00 00 00 36 08 03 00 00 00 bb 9b 9a ef 00 00 00 33 50 4c 54 45 c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f ab b2 22 ed 00 00 00 11 74 52 4e 53 00 40 30 10 60 8f bf ff ef 7f af 9f df 20 50 cf 70 60 82 c8 9b 00 00 01 2f 49 44 41 54 78 01 bd d3 05 d2 b4 30 10 06 e1 8e 6c de c1 36 dc ff b2 9f 2b 95 c9 12 7e 79 4a 91 46 22 b8 c2 8b c8 80 94 6f 45 1f ac 4c 81 33 f2 ac 03 5b 1e 95 69 32 b5 94 6e 98 57 79 4a c4 91 8a 7a 26 9a 82 a9 af a4 46 95 f5 d0 1a fb 95 c7 62 bf b2 f2 e9 70 7e e3 a7 a0 df ee 7c 3a 74 35 f1 6d b3 b3 99 66 70 af 69 f2 2f 65 ef c7 fa 99 25 de 25 1b c9 b4 f0 6e d2 50 a6 ed fb 65 Data Ascii: PNGIHDR663PLTEE?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?"tRNS@0` Pp`/IDATx0l6+~yJF"oEL3[i2nWyJz&Fbp~\|:t5mfpi/e%%nPe

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49751	104.21.20.172	443	1312	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 00:04:46 UTC	607	OUT	GET /favicon.ico HTTP/1.1 Host: informed.deliveryele.top Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://informed.deliveryele.top/us/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 00:04:47 UTC	972	IN	HTTP/1.1 200 OK Date: Mon, 13 Jan 2025 00:04:47 GMT Content-Type: image/vnd.microsoft.icon Content-Length: 32038 Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=86400 Last-Modified: Mon, 15 Jul 2024 08:24:14 GMT ETag: W/"7d26-190b57e07b0" CF-Cache-Status: HIT Age: 5508 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yQMN7ntM%2Bhh6DRF7%2BfWwLi0RJ8HwCssezke9ZJBK7bWwuKdtFGLikuPHkfZHO2B2BAKhjjwOu8a43qh%2BE7mHHKGu6Vdloq4JJvtyQUbhdzgLml78%2F2cQlwmLbFUNNjiaMT%2BmV4SbZQ5EWvo%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 901121821fe932fa-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2056&min_rtt=2045&rtt_var=790&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2835&recv_bytes=1185&delivery_rate=1364485&cwnd=164&unsent_bytes=0&cid=a6a49112bd611e4d&ts=158&x=0"
2025-01-13 00:04:47 UTC	397	IN	Data Raw: 00 00 01 00 04 00 10 10 00 00 00 00 20 00 68 04 00 00 46 00 00 00 20 20 00 00 00 00 20 00 a8 10 00 00 ae 04 00 00 30 30 00 00 00 00 20 00 a8 25 00 00 56 15 00 00 40 40 00 00 00 00 20 00 28 42 00 00 fe 3a 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 40 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 65 32 31 1b 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 65 32 31 1b 66 33 32 51 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 51 e4 da d8 51 be a7 a5 ff 81 55 53 ff 66 33 32 ff 66 Data Ascii: hF 00 %V@@ (B:( @e21f32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qe21f32Qf32f32f32f32f32f32f32f32f32f32f32f32f32f32f32QQUSf32f
2025-01-13 00:04:47 UTC	1369	IN	Data Raw: ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 51 66 33 32 51 66 33 32 ff 66 33 32 ff 66 33 32 ff 78 4b 4a ff bf aa aa ff f8 f6 f6 ff fd fc fc ff d8 c9 c7 ff 9a 76 75 ff 6b 39 38 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 51 66 33 32 51 66 33 32 ff 66 33 32 ff 66 33 32 ff 67 34 33 ff ab 8f 8e ff 86 5e 5d ff b6 9d 9d ff f0 eb eb ff ff ff ff ff ef e9 e9 ff b6 9b 9a ff 7b 4e 4c ff 66 33 32 ff 66 33 32 ff 66 33 32 51 66 33 32 51 66 33 32 ff 66 33 32 ff 66 33 32 ff 85 5c 5b ff fe fd fd ff f7 f5 f5 ff c9 b7 b6 ff 97 74 73 ff 99 77 77 ff c7 b4 b4 ff f1 ed ed ff fb f9 f9 ff cd bb b9 ff 6b 39 38 ff 66 33 32 51 66 33 32 51 66 33 32 ff 66 33 32 ff 66 33 32 ff b4 9b 9b ff ff ff ff ff ff ff ff ff ff ff Data Ascii: f32f32f32f32f32f32f32f32Qf32Qf32f32f32xKJvuk98f32f32f32f32f32Qf32Qf32f32f32g43^]{NLf32f32f32Qf32Qf32f32f32\[tswwk98f32Qf32Qf32f32f32
2025-01-13 00:04:47 UTC	1369	IN	Data Raw: 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 a1 ff ff ff 01 ff ff ff 01 fe fd fd a1 fe fd fd ff f1 eb ea ff bb a1 9f ff 7d 4e 4b ff 68 36 34 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 a1 ff ff ff 01 ff ff ff 01 a4 86 85 a1 da ce ce ff fb fa fa Data Ascii: f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32}NKh64f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32
2025-01-13 00:04:47 UTC	1369	IN	Data Raw: aa a7 ff 84 59 56 ff 66 33 32 ff 66 33 32 ff 66 33 32 a1 ff ff ff 01 ff ff ff 01 66 33 32 a1 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff ba a3 a2 ff fe fe fe ff ff ff ff ff ff ff ff ff ff ff ff ff fe fe fe ff f7 f4 f4 ff d4 c6 c6 ff a0 81 80 ff 72 43 42 ff 6b 39 38 ff 7b 4f 4e ff a7 8a 8a ff d2 c4 c3 ff f7 f4 f4 ff ff ff ff ff ff ff ff ff fe fe fe ff f0 ea e9 ff 7c 4e 4c ff 66 33 32 ff 66 33 32 a1 ff ff ff 01 ff ff ff 01 66 33 32 a1 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 6b 39 38 ff e6 dd dd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fb fa fa ff db cf cf ff b1 98 97 ff 8d 68 67 ff 74 45 44 ff 72 43 42 ff 8c 65 65 ff c5 b2 b1 ff Data Ascii: YVf32f32f32f32f32f32f32f32f32f32f32rCBk98{ON\|NLf32f32f32f32f32f32f32f32f32k98hgtEDrCBee
2025-01-13 00:04:47 UTC	1369	IN	Data Raw: 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 a1 ff ff ff 01 ff ff ff 01 fd fd fd a1 fb fa fa ff f2 ed ec ff ce b9 b6 ff b2 97 95 ff 8c 61 5e ff 73 42 3f ff 6a 38 37 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 a1 ff ff ff 01 ff ff ff 01 95 6f 6c a1 79 48 45 ff 67 34 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 Data Ascii: 2f32f32f32f32f32f32f32f32f32f32f32f32f32f32a^sB?j87f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32olyHEg42f32f32f32f32f32f32f32f32f32f32f32f32f
2025-01-13 00:04:47 UTC	1369	IN	Data Raw: 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 66 33 32 e3 65 32 31 f1 66 33 31 f1 66 33 32 f1 66 33 32 f1 66 33 32 f1 66 33 32 f1 66 33 32 f1 65 32 32 f1 65 32 32 f1 65 32 32 f1 66 33 32 f1 65 32 32 f1 65 32 32 f1 66 33 32 f1 65 32 32 f1 65 32 32 f1 66 33 32 f1 65 32 32 f1 66 33 32 f1 66 33 31 f1 66 33 31 f1 66 33 31 f1 66 33 32 f1 66 33 31 f1 66 33 31 f1 66 33 31 f1 66 33 31 f1 66 33 32 f1 66 33 31 f1 66 33 31 f1 66 33 31 f1 66 33 31 f1 66 33 31 f1 66 33 31 f1 65 32 31 f1 66 33 31 f1 66 33 31 f1 66 33 31 f1 66 33 31 f1 66 33 31 f1 65 32 32 f1 65 32 32 f1 66 33 32 e3 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 65 32 32 f1 66 33 32 ff 66 33 32 ff 65 32 31 ff 65 32 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 Data Ascii: f32e21f31f32f32f32f32f32e22e22e22f32e22e22f32e22e22f32e22f32f31f31f31f32f31f31f31f31f32f31f31f31f31f31f31e21f31f31f31f31f31e22e22f32e22f32f32e21e22f32f32f32f32f32f3
2025-01-13 00:04:47 UTC	1369	IN	Data Raw: e9 e3 e2 ff fe fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff fb f9 f9 ff ca b3 af ff a0 7d 7b ff 75 42 3f ff 67 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 65 32 31 ff 66 33 31 ff 65 32 31 ff 65 32 31 ff 66 33 31 ff 66 33 32 ff 65 32 31 ff 66 33 32 ff 66 33 32 ff 65 32 31 ff 65 32 31 ff 65 32 32 ff 65 32 31 ff 66 33 31 ff 66 33 31 ff 65 32 31 ff 66 33 32 ff 65 32 31 ff 66 33 31 ff 66 33 31 ff 66 33 32 ff 66 33 31 ff 66 33 31 ff 66 33 31 f1 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 6a 39 38 f1 83 5a 59 ff c1 ac ac ff f6 f3 f2 ff fe fe fe ff ff ff ff ff fe fe fe ff fe fe fe ff f9 f6 f6 ff dd cf cd ff b6 99 95 ff 77 44 41 ff 68 35 34 ff 66 33 32 ff 66 33 32 ff 65 32 32 ff 66 33 32 Data Ascii: }{uB?g32f32f32f32f32f32f32f32f32f32e21f31e21e21f31f32e21f32f32e21e21e22e21f31f31e21f32e21f31f31f32f31f31f31j98ZYwDAh54f32f32e22f32
2025-01-13 00:04:47 UTC	1369	IN	Data Raw: 33 31 ff 65 32 31 ff 65 32 31 ff 65 32 31 ff 66 33 31 ff 6d 3d 3c ff 9a 79 78 ff cf bf be ff fa f8 f8 ff ff ff ff ff fe fe fe ff ff ff ff ff ff ff ff ff fe fe fe ff ff ff ff ff ff ff ff ff fc fa fa ff d3 c0 bd ff ac 8d 8a ff 79 47 44 ff 66 33 32 ff 66 33 31 ff 66 33 32 ff 66 33 31 ff 66 33 31 ff 66 33 32 ff 65 32 31 ff 65 32 31 ff 66 33 31 ff 65 32 31 ff 66 33 32 ff 66 33 31 ff 66 33 32 ff 65 32 31 ff 66 33 31 ff 66 33 32 ff 66 33 31 f1 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 66 33 32 f1 66 33 32 ff 66 33 32 ff 65 32 31 ff 66 33 32 ff 66 33 32 ff 65 32 32 ff 65 32 31 ff 66 33 32 ff 66 33 32 ff 65 32 31 ff 65 32 31 ff 66 33 32 ff 66 34 33 ff 6f 3f 3e ff 92 6d 6c ff d3 c5 c4 ff f3 ef ef ff fe fe fe ff ff ff ff ff ff ff ff ff ff ff ff ff fe fe fe ff Data Ascii: 31e21e21e21f31m=<yxyGDf32f31f32f31f31f32e21e21f31e21f32f31f32e21f31f32f31f32f32f32e21f32f32e22e21f32f32e21e21f32f43o?>ml
2025-01-13 00:04:47 UTC	1369	IN	Data Raw: fe ff ff ff ff ff ff ff ff ff fe fe fe ff ff ff ff ff fe fe fe ff ff ff ff ff ff ff ff ff fe fe fe ff f0 eb eb ff d9 cd cd ff af 95 95 ff 80 55 54 ff 67 34 33 ff 66 33 32 ff 68 36 35 ff 7a 4e 4d ff 8f 69 69 ff b3 99 98 ff d9 cd cc ff fb fa fa ff fe fe fe ff fe fe fe ff ff ff ff ff fe fe fe ff fe fe fe ff f4 ef ee ff 94 6c 69 ff 66 33 32 ff 65 32 31 ff 66 33 31 f1 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 66 33 31 f1 66 33 32 ff 66 33 32 ff 66 33 32 ff 65 32 31 ff 66 33 32 ff 65 32 31 ff 65 32 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 91 6d 6c ff f8 f5 f5 ff ff ff ff ff fe fe fe ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff e8 e1 e0 ff be a8 a8 ff 97 75 74 ff 84 Data Ascii: UTg43f32h65zNMiilif32e21f31f31f32f32f32e21f32e21e22f32f32f32mlut
2025-01-13 00:04:47 UTC	1369	IN	Data Raw: ff bb a4 a4 ff bb a4 a4 ff bb a4 a4 ff bb a4 a4 ff bb a4 a4 ff bb a4 a4 ff bb a4 a4 ff bb a4 a4 ff bb a4 a4 ff bb a4 a4 ff bb a4 a4 ff bb a4 a4 ff b9 a1 a1 ff ca b9 b9 ff bc a7 a7 ff bc a7 a7 ff bc a7 a7 ff c3 af ae ff d1 c2 c2 ff ed e7 e7 ff fe fe fe ff e5 da d9 ff 6d 39 36 ff 65 32 31 f1 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 66 33 31 f1 65 32 31 ff 66 33 32 ff 65 32 31 ff 66 33 32 ff 66 33 31 ff 66 33 32 ff 66 33 31 ff 66 33 31 ff 65 32 31 ff 66 33 32 ff 66 33 31 ff 66 33 32 ff 66 33 32 ff 65 32 31 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 31 ff 66 33 31 ff 66 33 32 ff 66 33 31 ff 66 33 32 ff 65 32 31 ff 66 33 32 ff 65 32 31 ff 66 33 31 ff 66 33 32 ff 6f 3f 3e ff a0 80 7f ff fe fe fe ff fe fe fe ff ff ff Data Ascii: m96e21f31e21f32e21f32f31f32f31f31e21f32f31f32f32e21f32f32f32f32f32f32f31f31f32f31f32e21f32e21f31f32o?>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49753	172.67.193.61	443	1312	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 00:04:47 UTC	359	OUT	GET /favicon.ico HTTP/1.1 Host: informed.deliveryele.top Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 00:04:47 UTC	977	IN	HTTP/1.1 200 OK Date: Mon, 13 Jan 2025 00:04:47 GMT Content-Type: image/vnd.microsoft.icon Content-Length: 32038 Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=86400 Last-Modified: Mon, 15 Jul 2024 08:24:14 GMT ETag: W/"7d26-190b57e07b0" CF-Cache-Status: HIT Age: 5508 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MttukaQjGlfr0%2B4s%2FUotYuMSH%2BOH1FTFMcGSwd%2B3%2FUUlD%2BYh1rpq0I7qU2pzbOp5qjcIWRMdylYTlA6nGlT6bhQ21jYCzZHjNwt4ynaQFCXQ%2FFqnakkxXxCWra6bWhFLM6aZsld0VkQH%2BcA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 90112186a9dd42eb-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1664&min_rtt=1653&rtt_var=643&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2835&recv_bytes=937&delivery_rate=1672394&cwnd=215&unsent_bytes=0&cid=959409cf2f15918b&ts=151&x=0"
2025-01-13 00:04:47 UTC	392	IN	Data Raw: 00 00 01 00 04 00 10 10 00 00 00 00 20 00 68 04 00 00 46 00 00 00 20 20 00 00 00 00 20 00 a8 10 00 00 ae 04 00 00 30 30 00 00 00 00 20 00 a8 25 00 00 56 15 00 00 40 40 00 00 00 00 20 00 28 42 00 00 fe 3a 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 40 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 65 32 31 1b 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 65 32 31 1b 66 33 32 51 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 51 e4 da d8 51 be a7 a5 ff 81 55 53 ff 66 33 32 ff 66 Data Ascii: hF 00 %V@@ (B:( @e21f32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qe21f32Qf32f32f32f32f32f32f32f32f32f32f32f32f32f32f32QQUSf32f
2025-01-13 00:04:47 UTC	1369	IN	Data Raw: a1 ff 7f 52 50 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 51 66 33 32 51 66 33 32 ff 66 33 32 ff 66 33 32 ff 78 4b 4a ff bf aa aa ff f8 f6 f6 ff fd fc fc ff d8 c9 c7 ff 9a 76 75 ff 6b 39 38 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 51 66 33 32 51 66 33 32 ff 66 33 32 ff 66 33 32 ff 67 34 33 ff ab 8f 8e ff 86 5e 5d ff b6 9d 9d ff f0 eb eb ff ff ff ff ff ef e9 e9 ff b6 9b 9a ff 7b 4e 4c ff 66 33 32 ff 66 33 32 ff 66 33 32 51 66 33 32 51 66 33 32 ff 66 33 32 ff 66 33 32 ff 85 5c 5b ff fe fd fd ff f7 f5 f5 ff c9 b7 b6 ff 97 74 73 ff 99 77 77 ff c7 b4 b4 ff f1 ed ed ff fb f9 f9 ff cd bb b9 ff 6b 39 38 ff 66 33 32 51 66 33 32 51 66 33 32 ff 66 33 32 ff 66 33 32 ff b4 9b 9b ff ff ff ff ff ff Data Ascii: RPf32f32f32f32f32f32f32f32Qf32Qf32f32f32xKJvuk98f32f32f32f32f32Qf32Qf32f32f32g43^]{NLf32f32f32Qf32Qf32f32f32\[tswwk98f32Qf32Qf32f32f32
2025-01-13 00:04:47 UTC	1369	IN	Data Raw: ff 6c 39 37 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 a1 ff ff ff 01 ff ff ff 01 fe fd fd a1 fe fd fd ff f1 eb ea ff bb a1 9f ff 7d 4e 4b ff 68 36 34 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 a1 ff ff ff 01 ff ff ff 01 a4 86 85 a1 da ce Data Ascii: l97f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32}NKh64f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32
2025-01-13 00:04:47 UTC	1369	IN	Data Raw: ef e9 e8 ff c2 aa a7 ff 84 59 56 ff 66 33 32 ff 66 33 32 ff 66 33 32 a1 ff ff ff 01 ff ff ff 01 66 33 32 a1 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff ba a3 a2 ff fe fe fe ff ff ff ff ff ff ff ff ff ff ff ff ff fe fe fe ff f7 f4 f4 ff d4 c6 c6 ff a0 81 80 ff 72 43 42 ff 6b 39 38 ff 7b 4f 4e ff a7 8a 8a ff d2 c4 c3 ff f7 f4 f4 ff ff ff ff ff ff ff ff ff fe fe fe ff f0 ea e9 ff 7c 4e 4c ff 66 33 32 ff 66 33 32 a1 ff ff ff 01 ff ff ff 01 66 33 32 a1 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 6b 39 38 ff e6 dd dd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fb fa fa ff db cf cf ff b1 98 97 ff 8d 68 67 ff 74 45 44 ff 72 43 42 ff 8c 65 65 Data Ascii: YVf32f32f32f32f32f32f32f32f32f32f32rCBk98{ON\|NLf32f32f32f32f32f32f32f32f32k98hgtEDrCBee
2025-01-13 00:04:47 UTC	1369	IN	Data Raw: 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 a1 ff ff ff 01 ff ff ff 01 fd fd fd a1 fb fa fa ff f2 ed ec ff ce b9 b6 ff b2 97 95 ff 8c 61 5e ff 73 42 3f ff 6a 38 37 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 a1 ff ff ff 01 ff ff ff 01 95 6f 6c a1 79 48 45 ff 67 34 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff Data Ascii: 32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32a^sB?j87f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32olyHEg42f32f32f32f32f32f32f32f32f32f32f32
2025-01-13 00:04:47 UTC	1369	IN	Data Raw: ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 66 33 32 e3 65 32 31 f1 66 33 31 f1 66 33 32 f1 66 33 32 f1 66 33 32 f1 66 33 32 f1 66 33 32 f1 65 32 32 f1 65 32 32 f1 65 32 32 f1 66 33 32 f1 65 32 32 f1 65 32 32 f1 66 33 32 f1 65 32 32 f1 65 32 32 f1 66 33 32 f1 65 32 32 f1 66 33 32 f1 66 33 31 f1 66 33 31 f1 66 33 31 f1 66 33 32 f1 66 33 31 f1 66 33 31 f1 66 33 31 f1 66 33 31 f1 66 33 32 f1 66 33 31 f1 66 33 31 f1 66 33 31 f1 66 33 31 f1 66 33 31 f1 66 33 31 f1 65 32 31 f1 66 33 31 f1 66 33 31 f1 66 33 31 f1 66 33 31 f1 66 33 31 f1 65 32 32 f1 65 32 32 f1 66 33 32 e3 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 65 32 32 f1 66 33 32 ff 66 33 32 ff 65 32 31 ff 65 32 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 Data Ascii: f32e21f31f32f32f32f32f32e22e22e22f32e22e22f32e22e22f32e22f32f31f31f31f32f31f31f31f31f32f31f31f31f31f31f31e21f31f31f31f31f31e22e22f32e22f32f32e21e22f32f32f32f32f
2025-01-13 00:04:47 UTC	1369	IN	Data Raw: 01 be a9 a8 f1 e9 e3 e2 ff fe fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff fb f9 f9 ff ca b3 af ff a0 7d 7b ff 75 42 3f ff 67 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 65 32 31 ff 66 33 31 ff 65 32 31 ff 65 32 31 ff 66 33 31 ff 66 33 32 ff 65 32 31 ff 66 33 32 ff 66 33 32 ff 65 32 31 ff 65 32 31 ff 65 32 32 ff 65 32 31 ff 66 33 31 ff 66 33 31 ff 65 32 31 ff 66 33 32 ff 65 32 31 ff 66 33 31 ff 66 33 31 ff 66 33 32 ff 66 33 31 ff 66 33 31 ff 66 33 31 f1 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 6a 39 38 f1 83 5a 59 ff c1 ac ac ff f6 f3 f2 ff fe fe fe ff ff ff ff ff fe fe fe ff fe fe fe ff f9 f6 f6 ff dd cf cd ff b6 99 95 ff 77 44 41 ff 68 35 34 ff 66 33 32 ff 66 33 32 ff 65 32 Data Ascii: }{uB?g32f32f32f32f32f32f32f32f32f32e21f31e21e21f31f32e21f32f32e21e21e22e21f31f31e21f32e21f31f31f32f31f31f31j98ZYwDAh54f32f32e2
2025-01-13 00:04:47 UTC	1369	IN	Data Raw: 66 33 32 ff 66 33 31 ff 65 32 31 ff 65 32 31 ff 65 32 31 ff 66 33 31 ff 6d 3d 3c ff 9a 79 78 ff cf bf be ff fa f8 f8 ff ff ff ff ff fe fe fe ff ff ff ff ff ff ff ff ff fe fe fe ff ff ff ff ff ff ff ff ff fc fa fa ff d3 c0 bd ff ac 8d 8a ff 79 47 44 ff 66 33 32 ff 66 33 31 ff 66 33 32 ff 66 33 31 ff 66 33 31 ff 66 33 32 ff 65 32 31 ff 65 32 31 ff 66 33 31 ff 65 32 31 ff 66 33 32 ff 66 33 31 ff 66 33 32 ff 65 32 31 ff 66 33 31 ff 66 33 32 ff 66 33 31 f1 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 66 33 32 f1 66 33 32 ff 66 33 32 ff 65 32 31 ff 66 33 32 ff 66 33 32 ff 65 32 32 ff 65 32 31 ff 66 33 32 ff 66 33 32 ff 65 32 31 ff 65 32 31 ff 66 33 32 ff 66 34 33 ff 6f 3f 3e ff 92 6d 6c ff d3 c5 c4 ff f3 ef ef ff fe fe fe ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: f32f31e21e21e21f31m=<yxyGDf32f31f32f31f31f32e21e21f31e21f32f31f32e21f31f32f31f32f32f32e21f32f32e22e21f32f32e21e21f32f43o?>ml
2025-01-13 00:04:47 UTC	1369	IN	Data Raw: d0 d0 ff fe fe fe ff ff ff ff ff ff ff ff ff fe fe fe ff ff ff ff ff fe fe fe ff ff ff ff ff ff ff ff ff fe fe fe ff f0 eb eb ff d9 cd cd ff af 95 95 ff 80 55 54 ff 67 34 33 ff 66 33 32 ff 68 36 35 ff 7a 4e 4d ff 8f 69 69 ff b3 99 98 ff d9 cd cc ff fb fa fa ff fe fe fe ff fe fe fe ff ff ff ff ff fe fe fe ff fe fe fe ff f4 ef ee ff 94 6c 69 ff 66 33 32 ff 65 32 31 ff 66 33 31 f1 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 66 33 31 f1 66 33 32 ff 66 33 32 ff 66 33 32 ff 65 32 31 ff 66 33 32 ff 65 32 31 ff 65 32 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 91 6d 6c ff f8 f5 f5 ff ff ff ff ff fe fe fe ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff e8 e1 e0 ff be a8 a8 ff Data Ascii: UTg43f32h65zNMiilif32e21f31f31f32f32f32e21f32e21e22f32f32f32ml
2025-01-13 00:04:47 UTC	1369	IN	Data Raw: a4 ff bb a4 a4 ff bb a4 a4 ff bb a4 a4 ff bb a4 a4 ff bb a4 a4 ff bb a4 a4 ff bb a4 a4 ff bb a4 a4 ff bb a4 a4 ff bb a4 a4 ff bb a4 a4 ff bb a4 a4 ff bb a4 a4 ff b9 a1 a1 ff ca b9 b9 ff bc a7 a7 ff bc a7 a7 ff bc a7 a7 ff c3 af ae ff d1 c2 c2 ff ed e7 e7 ff fe fe fe ff e5 da d9 ff 6d 39 36 ff 65 32 31 f1 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 66 33 31 f1 65 32 31 ff 66 33 32 ff 65 32 31 ff 66 33 32 ff 66 33 31 ff 66 33 32 ff 66 33 31 ff 66 33 31 ff 65 32 31 ff 66 33 32 ff 66 33 31 ff 66 33 32 ff 66 33 32 ff 65 32 31 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 31 ff 66 33 31 ff 66 33 32 ff 66 33 31 ff 66 33 32 ff 65 32 31 ff 66 33 32 ff 65 32 31 ff 66 33 31 ff 66 33 32 ff 6f 3f 3e ff a0 80 7f ff fe fe fe ff fe Data Ascii: m96e21f31e21f32e21f32f31f32f31f31e21f32f31f32f32e21f32f32f32f32f32f32f31f31f32f31f32e21f32e21f31f32o?>

Target ID:	0
Start time:	19:04:31
Start date:	12/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	19:04:34
Start date:	12/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=2016,i,14395267210672263836,12176443063107477041,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	19:04:41
Start date:	12/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://informed.deliveryele.top/us/"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: https://informed.deliveryele.top/cdn-cgi/styles/cf.errors.css	Avira URL Cloud: Label: phishing
Source: https://informed.deliveryele.top/favicon.ico	Avira URL Cloud: Label: phishing
Source: https://informed.deliveryele.top/cdn-cgi/images/icon-exclamation.png?1376755637	Avira URL Cloud: Label: phishing

Source: Yara match	File source: 1.1.pages.csv, type: HTML
Source: Yara match	File source: 1.0.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_48, type: DROPPED

Source: URL	Joe Sandbox AI: AI detected Brand spoofing attempt in URL: https://informed.deliveryele.top
Source: URL	Joe Sandbox AI: AI detected Typosquatting in URL: https://informed.deliveryele.top

Source: https://informed.deliveryele.top/us/	HTTP Parser: No favicon
Source: https://informed.deliveryele.top/us/	HTTP Parser: No favicon

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /us/ HTTP/1.1Host: informed.deliveryele.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/styles/cf.errors.css HTTP/1.1Host: informed.deliveryele.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://informed.deliveryele.top/us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1Host: informed.deliveryele.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://informed.deliveryele.top/cdn-cgi/styles/cf.errors.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1Host: informed.deliveryele.topConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: informed.deliveryele.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://informed.deliveryele.top/us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: informed.deliveryele.topConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: informed.deliveryele.top
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://informed.deliveryele.top/us/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 44

Chrome Cache Entry: 45

Chrome Cache Entry: 46

Chrome Cache Entry: 47

Chrome Cache Entry: 48

Chrome Cache Entry: 49

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 4228, Parent PID: 744

General

Chronological Activities

Analysis Process: chrome.exePID: 1312, Parent PID: 4228

General

Windows Analysis Report
https://informed.deliveryele.top/us/