Edit tour

Windows Analysis Report
https://akirapowered84501.emlnk.com/lt.php?x=3DZy~GDLVnab5KCs-Nu4WOae1qEoiN9xvxk1XaPMVXahD5B9-Uy.xuG-142imNH

Overview

General Information

Sample URL:	https://akirapowered84501.emlnk.com/lt.php?x=3DZy~GDLVnab5KCs-Nu4WOae1qEoiN9xvxk1XaPMVXahD5B9-Uy.xuG-142imNH
Analysis ID:	1590604
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected non-DNS traffic on DNS port

Detected suspicious crossdomain redirect

HTML page contains hidden javascript code

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2696 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6628 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1960,i,9341624550484582711,7299028783193177845,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2148 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://akirapowered84501.emlnk.com/lt.php?x=3DZy~GDLVnab5KCs-Nu4WOae1qEoiN9xvxk1XaPMVXahD5B9-Uy.xuG-142imNH" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://akirapowered84501.emlnk.com/lt.php?x=3DZy~GDLVnab5KCs-Nu4WOae1qEoiN9xvxk1XaPMVXahD5B9-Uy.xuG-142imNH

Avira URL Cloud: detection malicious, Label: phishing

Antivirus detection for URL or domain

Source: https://akirapowered84501.activehosted.com/lt.php?x=3DZy~GDLVnab5KCs-Nu4WOae1qEoiN9xvxk1XaPMVXahD5B9-Uy.xuG-142imNH

Avira URL Cloud: Label: phishing

Source: https://systemcheckai.com/?__cf_chl_rt_tk=3Mzxe.a57zESUb2sYFe3argtlEgv14eqDBegv1aw7tA-1736848177-1.0.1.1-lNPStYJeb1wuLkmCg.vEe1YTwrphhDev6eAVw9pQiYI

HTTP Parser: Base64 decoded: <svg xmlns="http://www.w3.org/2000/svg" width="32" height="32" fill="none"><path fill="#B20F03" d="M16 3a13 13 0 1 0 13 13A13.015 13.015 0 0 0 16 3m0 24a11 11 0 1 1 11-11 11.01 11.01 0 0 1-11 11"/><path fill="#B20F03" d="M17.038 18.615H14.87L14.563 9.5h2....

Source: https://systemcheckai.com/?__cf_chl_rt_tk=3Mzxe.a57zESUb2sYFe3argtlEgv14eqDBegv1aw7tA-1736848177-1.0.1.1-lNPStYJeb1wuLkmCg.vEe1YTwrphhDev6eAVw9pQiYI

HTTP Parser: No favicon

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49737 version: TLS 1.0

Source: global traffic	TCP traffic: 192.168.2.5:49715 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.5:53460 -> 162.159.36.2:53

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: akirapowered84501.activehosted.com to https://systemcheckai.com/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: akirapowered84501.activehosted.com to https://systemcheckai.com/

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49737 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /lt.php?x=3DZy~GDLVnab5KCs-Nu4WOae1qEoiN9xvxk1XaPMVXahD5B9-Uy.xuG-142imNH HTTP/1.1Host: akirapowered84501.emlnk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /lt.php?x=3DZy~GDLVnab5KCs-Nu4WOae1qEoiN9xvxk1XaPMVXahD5B9-Uy.xuG-142imNH HTTP/1.1Host: akirapowered84501.activehosted.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: systemcheckai.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /lt.php?x=3DZy~GDLVnab5KCs-Nu4WOae1qEoiN9xvxk1XaPMVXahD5B9-Uy.xuG-142imNH HTTP/1.1Host: akirapowered84501.activehosted.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=9d7dbd0d558ea9e70471dd725e957976; cmp92792114=8f780516515547ec18cb56ad1476453e; __cf_bm=cgQlJldpCAKRQLGliDZwGTxevQ.0P6MOYWqdh5aasZc-1736848175-1.0.1.1-neHWiVOaSWfK8p0N5rYks8E8xnC_G_hO1WloiqltKuE18RNdBuTzXdH6r9jxyW6lHxvyysI5RuMIdb.ubQ6FRg
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: systemcheckai.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=901cb7967b83727b HTTP/1.1Host: systemcheckai.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://systemcheckai.com/?__cf_chl_rt_tk=3Mzxe.a57zESUb2sYFe3argtlEgv14eqDBegv1aw7tA-1736848177-1.0.1.1-lNPStYJeb1wuLkmCg.vEe1YTwrphhDev6eAVw9pQiYIAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: systemcheckai.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://systemcheckai.com/?__cf_chl_rt_tk=3Mzxe.a57zESUb2sYFe3argtlEgv14eqDBegv1aw7tA-1736848177-1.0.1.1-lNPStYJeb1wuLkmCg.vEe1YTwrphhDev6eAVw9pQiYIAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: akirapowered84501.emlnk.com
Source: global traffic	DNS traffic detected: DNS query: akirapowered84501.activehosted.com
Source: global traffic	DNS traffic detected: DNS query: systemcheckai.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: 171.39.242.20.in-addr.arpa

Source: unknown

HTTP traffic detected: POST /report/v4?s=k1%2FESnbdeZPy03GvUst0o5cnbIs8ZhSVvQrIbIOSaEe%2FPJ5T%2BGpC6%2FpV2oB47yhN8FdnVDXqwceY6oNyNnm2VSuhN9z2kHuolkVis4LJ0GeSFd4gar0TNctV5xKXK%2BxHJewP HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 386Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Tue, 14 Jan 2025 09:49:36 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeaccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcritical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcross-origin-embedder-policy: require-corpcross-origin-opener-policy: same-origincross-origin-resource-policy: same-originorigin-agent-cluster: ?1permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()referrer-policy: same-originx-content-options: nosniffx-frame-options: SAMEORIGINcf-mitigated: challenge
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Tue, 14 Jan 2025 09:49:37 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeaccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcritical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcross-origin-embedder-policy: require-corpcross-origin-opener-policy: same-origincross-origin-resource-policy: same-originorigin-agent-cluster: ?1permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()referrer-policy: same-originx-content-options: nosniffx-frame-options: SAMEORIGINcf-mitigated: challenge
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Tue, 14 Jan 2025 09:49:39 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeaccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcritical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcross-origin-embedder-policy: require-corpcross-origin-opener-policy: same-origincross-origin-resource-policy: same-originorigin-agent-cluster: ?1permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()referrer-policy: same-originx-content-options: nosniffx-frame-options: SAMEORIGINcf-mitigated: challenge

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 53650 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 53651 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53652
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53651
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53650
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53652 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: classification engine

Classification label: mal56.win@17/6@13/8

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1960,i,9341624550484582711,7299028783193177845,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://akirapowered84501.emlnk.com/lt.php?x=3DZy~GDLVnab5KCs-Nu4WOae1qEoiN9xvxk1XaPMVXahD5B9-Uy.xuG-142imNH"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1960,i,9341624550484582711,7299028783193177845,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://akirapowered84501.emlnk.com/lt.php?x=3DZy~GDLVnab5KCs-Nu4WOae1qEoiN9xvxk1XaPMVXahD5B9-Uy.xuG-142imNH	100%	Avira URL Cloud	phishing

Source	Detection	Scanner	Label
https://systemcheckai.com/	0%	Avira URL Cloud	safe
https://akirapowered84501.activehosted.com/lt.php?x=3DZy~GDLVnab5KCs-Nu4WOae1qEoiN9xvxk1XaPMVXahD5B9-Uy.xuG-142imNH	100%	Avira URL Cloud	phishing
https://systemcheckai.com/favicon.ico	0%	Avira URL Cloud	safe
https://systemcheckai.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=901cb7967b83727b	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
akirapowered84501.emlnk.com	54.235.205.181	true	false	unknown
a.nel.cloudflare.com	35.190.80.1	true	false	high
www.google.com	142.250.184.196	true	false	high
systemcheckai.com	104.26.5.115	true	false	high
akirapowered84501.activehosted.com	104.17.205.31	true	false	unknown
171.39.242.20.in-addr.arpa	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://systemcheckai.com/?__cf_chl_rt_tk=3Mzxe.a57zESUb2sYFe3argtlEgv14eqDBegv1aw7tA-1736848177-1.0.1.1-lNPStYJeb1wuLkmCg.vEe1YTwrphhDev6eAVw9pQiYI	false		unknown
https://systemcheckai.com/favicon.ico	false	Avira URL Cloud: safe	unknown
https://a.nel.cloudflare.com/report/v4?s=EWAqTtAbAv7%2FDzu%2FkIf7r%2F2O3N4IDN413lMQqp333G5DlTw9263JiEUFv%2FRPnw7c%2B1yLiM2S8X%2BQCupXitu0y3D8uRuSozvw8t8G%2F2vmpvq0xQSui2Sfi2Nw8OLLFS6MWtVw	false		high
https://a.nel.cloudflare.com/report/v4?s=k1%2FESnbdeZPy03GvUst0o5cnbIs8ZhSVvQrIbIOSaEe%2FPJ5T%2BGpC6%2FpV2oB47yhN8FdnVDXqwceY6oNyNnm2VSuhN9z2kHuolkVis4LJ0GeSFd4gar0TNctV5xKXK%2BxHJewP	false		high
https://akirapowered84501.emlnk.com/lt.php?x=3DZy~GDLVnab5KCs-Nu4WOae1qEoiN9xvxk1XaPMVXahD5B9-Uy.xuG-142imNH	true		unknown
https://systemcheckai.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=901cb7967b83727b	false	Avira URL Cloud: safe	unknown
https://akirapowered84501.activehosted.com/lt.php?x=3DZy~GDLVnab5KCs-Nu4WOae1qEoiN9xvxk1XaPMVXahD5B9-Uy.xuG-142imNH	false	Avira URL Cloud: phishing	unknown
https://systemcheckai.com/	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.184.196	www.google.com	United States	15169	GOOGLEUS	false
104.26.5.115	systemcheckai.com	United States	13335	CLOUDFLARENETUS	false
54.235.205.181	akirapowered84501.emlnk.com	United States	14618	AMAZON-AESUS	false
216.58.206.68	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.17.205.31	akirapowered84501.activehosted.com	United States	13335	CLOUDFLARENETUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.5

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1590604
Start date and time:	2025-01-14 10:48:35 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 50s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://akirapowered84501.emlnk.com/lt.php?x=3DZy~GDLVnab5KCs-Nu4WOae1qEoiN9xvxk1XaPMVXahD5B9-Uy.xuG-142imNH
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.win@17/6@13/8

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.16.195, 142.250.184.206, 108.177.15.84, 142.250.186.46, 216.58.206.78, 199.232.210.172, 2.17.190.73, 172.217.16.206, 142.250.184.238, 172.217.18.110, 216.58.206.67, 2.23.242.162, 172.202.163.200, 13.107.246.45, 20.242.39.171
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://akirapowered84501.emlnk.com/lt.php?x=3DZy~GDLVnab5KCs-Nu4WOae1qEoiN9xvxk1XaPMVXahD5B9-Uy.xuG-142imNH

Input	Output
URL: https://akirapowered84501.emlnk.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": true, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": true }
URL: https://akirapowered84501.emlnk.com
URL: https://systemcheckai.com/... Model: Joe Sandbox AI	{ "risk_score": 6, "reasoning": "The script exhibits several moderate-risk behaviors, including external data transmission, use of fallback domains, and aggressive DOM manipulation. While the script does not contain any high-risk indicators, the overall behavior is concerning and requires further review to determine the intent and potential impact." }
(function(){window._cf_chl_opt={cvId: '3',cZone: "systemcheckai.com",cType: 'non-interactive',cRay: '901cb7967b83727b',cH: 'eTLBSNgZLsZK9QzZQOtzN8s6d_XSBrseAo0OuyUDq28-1736848177-1.2.1.1-ToilnlsKB2qoW7avtcgygWsKZocrgpuL7qN_R1YU_kq4l.NFQDmPK3Q2pL28.O9t',cUPMDTk: "\/?__cf_chl_tk=3Mzxe.a57zESUb2sYFe3argtlEgv14eqDBegv1aw7tA-1736848177-1.0.1.1-lNPStYJeb1wuLkmCg.vEe1YTwrphhDev6eAVw9pQiYI",cFPWv: 'b',cITimeS: '1736848177',cTTimeMs: '1000',cMTimeMs: '120000',cTplC: 0,cTplV: 5,cTplB: 'cf',cK: "",fa: "\/?__cf_chl_f_tk=3Mzxe.a57zESUb2sYFe3argtlEgv14eqDBegv1aw7tA-1736848177-1.0.1.1-lNPStYJeb1wuLkmCg.vEe1YTwrphhDev6eAVw9pQiYI",md: "Jg6rXSGjyYAeHlcjUHD7BP.G3ccRpPVVSS2.RVuPK84-1736848177-1.2.1.1-AMrrps6hVVu_bKT.hAgeJ4jxne5V6z3_kz7PbWtAdez0Wobo4M21PyMuEGJbLNqj8jPYVMbiNf5XPOY3XEsvPw4N.JJBqMmUespGQlOpsFTcfNIs0mfLDWzaViLzNx3rWjzIh48gxKkmZ7_hT0GXQwgA9TqLSHsUa3oB6MxfN5HfzcCowpTMEYNHESMh.ygxtinkhlhKCTgin78mkoSEdUEYsY4JrWb6.._5BRHlXPkyQly.iSe_pt3u2hmlWXsT0w294VIuY29NDcCF0pT1xixOndJPD.Klds04Cn5Ve7TQq8raMuLnNz8jq5MfstXgiaL7IHI.oYdnTlbb0WISHIGMzaYqYsMNsEWOONH92FMNoxa5xjcmV9bnU3UJhN3zE27vhUBXe1bSyX3dppId3ntL3yXM8aEbxOljAvDWQCGbvE7a3Oje7x5evbar4vsSWo9glEcsoaSip6ofDcuV7SFY5TGQO60dk3GQQBNb145RqgTJuAVecT_59UQknijUGSvo2784qYwU1SjnOfRVaCIvv6h_wdr4eduR.jA__DPW.VVlIaXFyWeOf4aEA9jNJ7WgOs.tpItGM23YU.9r4k7GOd0jFnU51pe8pEejlLfsTWdeN8BanssDXj1wKP1WdkWSSSJvCx3P2QAiCVhUqKY_RLgKMvMbv7DGn0vi2RIHNj2Wjn9Do3W2D6sAxHiBtxSifMLs67.X30cGs0qBlKm6V1gS7lsQGBvbKIhDJymU9Z.o8JLZJtLQbs2B0pKMTXAaN8Wl2ef1kFyxg4vVCkDyZYfhGwCLPudZzrrwuSiXuT6gt_oNlsnmjxSWKSzaIiP91drkeuv1_o93.BS7hcmaT1EJ9qiqX1YtDu73yx3HwU8JF9RxuNaDwYtVcXWx6lSKDbMFxJaZgfHBtsWw1WIj9NfyzDYcUgx9qfbTsFaoU7l6QC_2LCtpbeXWOhzmyzyF0SGMsNqCELuJISDFYsft4VobAe7X2VyS7i_W5QI8AHAeLO.6kNVcDRbpWvPF4XE7WQ.qmjAoxZ8YE.mBISsuBKtlrrTShk76FHqOaMbw1tIthmBx1Ajtf.j6LnouOddko8EX8at6OxIsACGTJOm473cs4S8CR8FukG9WDlu0MvWAIe1nZO2Zm.I_vVj_R3MknObWm9l_lRB2mpGlW5GF433N4dtsROtQyoYd1OlOIqo.H9o2e5jrG7UQpQEqoqDkHLa6jgHrDfAdaVNr5BxB87d0_9gabhTCt9yk8QXQ7Nk7Saj39HiK2_Dfht6jrKNG27C3LbP4P8yiEsDd8pcZOKhGWapabwzOg0Y1ju_B9.1cjP2DcZjYCL46gKDf7gD503fteBisDU2NUPGXBP5Pjwg_uLJM8ky689pnmJ9OpB8XXkcgmlteVDS.i3M.IiLYLYffU4CdHm8XUpsB3.KLyqpE8w73shtMpyOTY3bZVIjbOL4yL8aFEVzLttSvlQtkEbNsMUBQ220mRIq22txHuM6sMc1mVUSpj0YtzFV.wyT_YKuKO.JGIkO37VSLuLA94XTZQC0tOViciTKqGJsaxJ24KIM46.M9doH2vCbPBpcCvLYtgNqypg6fPhxsjxdKP9dIbj.LhBMYkyOtutesn0KR.kzJOsuEtu9UH1T7PBPupeThk14LCCCeFWc7GPozAZNqDP1Q.yZugK8BIOMijt9nt8KYw_gsvl7su5txW_UJbJdtlij.LzREv2mhs51ug4GRjHljeYh7Ad5wVw",mdrd: "dKWsaGpeza01gbPR0t5gRasCfNl0m0a.yau7RkqPNpI-1736848177-1.2.1.1-WhJWCrEJzuPtyhOU9bNUC_GwrXnZBzm8RD0UPFhyyYYpzPSijGwi_RX9HJ5Mhi8ifbT_DY48PpkG64Y3tXodpkClMfbdKLkkfPkutRubCL87XoE5xoSDYmwGgy_tUsB7IeelneOMYbyNRXZAdjg5HsMmUg9h3g.sL9e0vuANt6bkXD2YUtrhFkBm.3CdUC5L6bKUBBiTi5bve1YDUZCrj_idk1x286CASqTvK5Tc_ot.KrSlojdNj9S2hCxTU0sEPmJxJ2tSnVnCAygofM1ossbc.FDSr17xPIz1RxuBZ9fpdUilXKH4JJ8s1ooWOURwQsYcAVEb7Y2saMIraDSSzfpZJhlFwcRC_0R3Zdmw6B7Cabp_U5ZiMGhRlxvW3UQj.LnraORBWdNg83DrwilPkJJMouo2G_qXjMyuynnsAz085HqpDnIfKumFrKOmU9cmutcbwpRClfQqTK1heQ644uNmyUrSWZCo5JYu0K5WIeU72bZfz7sO2cQcnE3fvtZqzZOeblLzRfHMKBS7WWINVbXNG3ZkOb3AxkADU7JGAKHjVU6aa6kO09TNDVBdCMLrCqSevwvXKZsN7atT8DeXd78FfvKeNvK1wO2cwtPxGwj3w3eVjck7ZYtTvqUa.cdr91Hx6dIvlAPGEddE7.lKEj_c4g3iQnw17i54q3AzXL2IkVhrDhHqTAIVk6IlR4OvYOC6qdBg8T4cXHWWHNRzLuoW3gb9BZDJ8YO3z3BRcNyhXRXnIsMtHno3yZmrMVqLGpmJdJF5KZTtKPwgmTDP_93hoI1AoRKP4ChUy.SetwMVKgNdyp5iRbHoACw1dt87T3lT1PU4IA5Z6QEJEYO78Dy4NNu6KvhMqfjvohF1U6tv1.5_ZUGS9ZdUoRLQHuFUyYpFndxtEe5UhvDobsCBP60A5IWliv01WhZ9hNVRuNd.OqKEXJrM9IbgekXwHt19zkTBNjTQ1Pkd23h1sP.nVxa5H981sONOyvnhGQs3qLo1fE6WfGVouKomQGgw1FNoAgcxTOjXqH1A0DACcvrjEPirqGBUjCCeRHhrmIr7DvIE8jRs6rAluywQ_zPs7YqhKbjh2m2RvLbPVg9AwHOZd1lkpUMuj9X0sKpEgQ_yf5dZn.0ob3vVZSVjBYzl0tt.UM7Lm5YHKGrphWBJYJi12StYfjAbgHEAzj8M.xu5ltdeJnLrg91LkFKo8iMsBgKDsox8CgKyYe2dRnV8nr8pGT52w7huwmRRWp8ZR9s0RPWjJQo7ho8GVDbIVeLNy8ctNAwrdNyBWgJT_otCvTDTSuBCPgzqTUbg9EMx4jH75wZaGBlSu4lvVEcax6cfb8aZM59.Pb6UUyncBjcFBo9io5e5Z37d26j3KdhpC8ixhyeCb0v6GDaOOXnpRKpRkTTOYgjWdMnJY0S0qxtDq7K9iH_BlISDpWYS.PhxPG_PajwicBFiAcn9X3r86GCvBHc0l0cPU1VD64.m3L1s7VHI

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 14 08:49:29 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.971798510276699
Encrypted:	false
SSDEEP:	48:8edmTC2iq+HkidAKZdA19ehwiZUklqehNy+3:87TiqJKy
MD5:	815BD0E04999CE1798262520E4262EB0
SHA1:	070DA8F0182288019B32F14E335B18E97D683BBC
SHA-256:	73243C6F6ACB515351A58BBC2476EFAA63AD788CA557DA2473D56B377A18C37E
SHA-512:	633B23E314E8AFCF27DF2413F24B623AC7F153A9836EA06D9D5824387CC264C2BFE1F08844852DBA52AF96035FE6D109CC58691C5AB0E06D66F69242251B37DB
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.......if..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Z-N....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Z-N....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Z-N....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Z-N..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Z/N...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........7.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 14 08:49:29 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.98619776868212
Encrypted:	false
SSDEEP:	48:8odmTC2iq+HkidAKZdA1weh/iZUkAQkqeh6y+2:8hTiqb9Q/y
MD5:	4FEF45B84CAD94CAF43EA7D64C986DB6
SHA1:	DF9FD482053E8392B9EB94D31B2D1E3F8D65D36F
SHA-256:	B692ADA39E0A379B8ECC4308C50ED9D04A7D614B15AB90A663F1389A6C691299
SHA-512:	C8402A9067D3E0FFF999CE908E9FBC68728405CF382667430F3F4927D604193B3CFBBC6F7A8805CFA960FEE90741DC6BF30987BC9F999233B0CDE7A6AAE85606
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......if..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Z-N....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Z-N....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Z-N....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Z-N..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Z/N...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........7.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.001518987630659
Encrypted:	false
SSDEEP:	48:8x3dmTC2sHkidAKZdA14tseh7sFiZUkmgqeh7s8y+BX:8xsThn2y
MD5:	814D62344D70149DCF5574B9BAAA5906
SHA1:	DCC515DDB73162BDB1F611764A4488B11AA03A89
SHA-256:	79C35461EB564156EA7A50213D2F3A610AD6F991CA24D23F4F18FE58478A79BD
SHA-512:	F652F8F747EE72553D1D5C9887540FF89D1524DD61F7C4145AFF899C3B9F87A5217F6F753559D100DE4B3BD73B4AD5DB94B611CB5103CCE99DF3D8714CAE7FF2
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Z-N....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Z-N....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Z-N....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Z-N..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........7.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 14 08:49:29 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.985033278881075
Encrypted:	false
SSDEEP:	48:89dmTC2iq+HkidAKZdA1vehDiZUkwqehOy+R:82Tiq40y
MD5:	017D00BF583B86A5BF07DDC755854885
SHA1:	D8297B0BA192BF83FE2DC1B41A432DDE87AC36CB
SHA-256:	38A645A43F6526E3D12B408FED41E3CA95261829702A902DD7D9C2C30CB90F71
SHA-512:	324D61C21C61CF4CD7D20979A62F67A170EB871B7E81B460DF5ADE434520CB12CFB564EFBB4F3A1C7EDFB4C16842F40CEE49AB93964E694C99353014BFB80500
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....%..if..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Z-N....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Z-N....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Z-N....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Z-N..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Z/N...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........7.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 14 08:49:29 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.976711213587746
Encrypted:	false
SSDEEP:	48:8DdmTC2iq+HkidAKZdA1hehBiZUk1W1qehYy+C:8ATiqo94y
MD5:	F95B311A4C02132829BE8B848DEFB2AF
SHA1:	0E2E649937C5442D9A8D80F4C5D24BD60EBBB1B0
SHA-256:	D331F50952704D12A6B2A0CD8D5ABD11CBCF31F2DE886ECBBD1A5666A89A66B0
SHA-512:	A9B5DA41B80F3FC78A06480DD89239B2E0EBCAF2C4AAD8BBF03A46B33655FB9DB4CFBD3D7A915D12BADC832F451F53AE2E59195EC709CE5D2792F755DF9B8529
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.......if..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Z-N....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Z-N....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Z-N....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Z-N..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Z/N...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........7.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 14 08:49:29 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.9855429265903064
Encrypted:	false
SSDEEP:	48:8xdmTC2iq+HkidAKZdA1duT+ehOuTbbiZUk5OjqehOuTb2y+yT+:8yTiqGT/TbxWOvTb2y7T
MD5:	5336864077DD9E7FC16F3D7CC75491B9
SHA1:	27917C30D20CEBAB65F6437F24A3425F53062822
SHA-256:	0D009A65CEDAAA94684E23249B8C2971CD36415DBCA41C89F396EE77244EC132
SHA-512:	557F098DF218681607C23D83AFF28CA52649926B1060D79F8BCCD9BF3E51FF9F7371229E80F8D17AED07A50340848361B8CBF48F3365893B8DB73F0413B88182
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,........if..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Z-N....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Z-N....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Z-N....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Z-N..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Z/N...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........7.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 14, 2025 10:49:23.290345907 CET	49674	443	192.168.2.5	23.1.237.91
Jan 14, 2025 10:49:23.290433884 CET	49675	443	192.168.2.5	23.1.237.91
Jan 14, 2025 10:49:23.415384054 CET	49673	443	192.168.2.5	23.1.237.91
Jan 14, 2025 10:49:32.555336952 CET	49712	443	192.168.2.5	142.250.184.196
Jan 14, 2025 10:49:32.555377960 CET	443	49712	142.250.184.196	192.168.2.5
Jan 14, 2025 10:49:32.555672884 CET	49712	443	192.168.2.5	142.250.184.196
Jan 14, 2025 10:49:32.555672884 CET	49712	443	192.168.2.5	142.250.184.196
Jan 14, 2025 10:49:32.555704117 CET	443	49712	142.250.184.196	192.168.2.5
Jan 14, 2025 10:49:32.904004097 CET	49674	443	192.168.2.5	23.1.237.91
Jan 14, 2025 10:49:32.904087067 CET	49675	443	192.168.2.5	23.1.237.91
Jan 14, 2025 10:49:33.029033899 CET	49673	443	192.168.2.5	23.1.237.91
Jan 14, 2025 10:49:33.211344004 CET	443	49712	142.250.184.196	192.168.2.5
Jan 14, 2025 10:49:33.211991072 CET	49712	443	192.168.2.5	142.250.184.196
Jan 14, 2025 10:49:33.212006092 CET	443	49712	142.250.184.196	192.168.2.5
Jan 14, 2025 10:49:33.213031054 CET	443	49712	142.250.184.196	192.168.2.5
Jan 14, 2025 10:49:33.213099957 CET	49712	443	192.168.2.5	142.250.184.196
Jan 14, 2025 10:49:33.215295076 CET	49712	443	192.168.2.5	142.250.184.196
Jan 14, 2025 10:49:33.215365887 CET	443	49712	142.250.184.196	192.168.2.5
Jan 14, 2025 10:49:33.263325930 CET	49712	443	192.168.2.5	142.250.184.196
Jan 14, 2025 10:49:33.263339996 CET	443	49712	142.250.184.196	192.168.2.5
Jan 14, 2025 10:49:33.310218096 CET	49712	443	192.168.2.5	142.250.184.196
Jan 14, 2025 10:49:34.081559896 CET	49715	53	192.168.2.5	1.1.1.1
Jan 14, 2025 10:49:34.086390972 CET	53	49715	1.1.1.1	192.168.2.5
Jan 14, 2025 10:49:34.086471081 CET	49715	53	192.168.2.5	1.1.1.1
Jan 14, 2025 10:49:34.086606979 CET	49715	53	192.168.2.5	1.1.1.1
Jan 14, 2025 10:49:34.086606979 CET	49715	53	192.168.2.5	1.1.1.1
Jan 14, 2025 10:49:34.091442108 CET	53	49715	1.1.1.1	192.168.2.5
Jan 14, 2025 10:49:34.091450930 CET	53	49715	1.1.1.1	192.168.2.5
Jan 14, 2025 10:49:34.107095957 CET	49715	53	192.168.2.5	1.1.1.1
Jan 14, 2025 10:49:34.107758045 CET	49716	443	192.168.2.5	54.235.205.181
Jan 14, 2025 10:49:34.107798100 CET	443	49716	54.235.205.181	192.168.2.5
Jan 14, 2025 10:49:34.107903957 CET	49716	443	192.168.2.5	54.235.205.181
Jan 14, 2025 10:49:34.108242035 CET	49717	443	192.168.2.5	54.235.205.181
Jan 14, 2025 10:49:34.108269930 CET	443	49717	54.235.205.181	192.168.2.5
Jan 14, 2025 10:49:34.108428955 CET	49717	443	192.168.2.5	54.235.205.181
Jan 14, 2025 10:49:34.108867884 CET	49716	443	192.168.2.5	54.235.205.181
Jan 14, 2025 10:49:34.108870029 CET	49717	443	192.168.2.5	54.235.205.181
Jan 14, 2025 10:49:34.108880997 CET	443	49716	54.235.205.181	192.168.2.5
Jan 14, 2025 10:49:34.108882904 CET	443	49717	54.235.205.181	192.168.2.5
Jan 14, 2025 10:49:34.155889988 CET	53	49715	1.1.1.1	192.168.2.5
Jan 14, 2025 10:49:34.453172922 CET	53	49715	1.1.1.1	192.168.2.5
Jan 14, 2025 10:49:34.453253031 CET	49715	53	192.168.2.5	1.1.1.1
Jan 14, 2025 10:49:34.672380924 CET	443	49703	23.1.237.91	192.168.2.5
Jan 14, 2025 10:49:34.672496080 CET	49703	443	192.168.2.5	23.1.237.91
Jan 14, 2025 10:49:34.765192032 CET	443	49717	54.235.205.181	192.168.2.5
Jan 14, 2025 10:49:34.766206026 CET	49717	443	192.168.2.5	54.235.205.181
Jan 14, 2025 10:49:34.766230106 CET	443	49717	54.235.205.181	192.168.2.5
Jan 14, 2025 10:49:34.767796040 CET	443	49717	54.235.205.181	192.168.2.5
Jan 14, 2025 10:49:34.767988920 CET	49717	443	192.168.2.5	54.235.205.181
Jan 14, 2025 10:49:34.767995119 CET	443	49717	54.235.205.181	192.168.2.5
Jan 14, 2025 10:49:34.768039942 CET	49717	443	192.168.2.5	54.235.205.181
Jan 14, 2025 10:49:34.771856070 CET	49717	443	192.168.2.5	54.235.205.181
Jan 14, 2025 10:49:34.771995068 CET	443	49717	54.235.205.181	192.168.2.5
Jan 14, 2025 10:49:34.772089958 CET	49717	443	192.168.2.5	54.235.205.181
Jan 14, 2025 10:49:34.772094965 CET	443	49717	54.235.205.181	192.168.2.5
Jan 14, 2025 10:49:34.811985016 CET	49717	443	192.168.2.5	54.235.205.181
Jan 14, 2025 10:49:34.874032021 CET	443	49717	54.235.205.181	192.168.2.5
Jan 14, 2025 10:49:34.874130964 CET	443	49717	54.235.205.181	192.168.2.5
Jan 14, 2025 10:49:34.874563932 CET	49717	443	192.168.2.5	54.235.205.181
Jan 14, 2025 10:49:34.877568960 CET	49717	443	192.168.2.5	54.235.205.181
Jan 14, 2025 10:49:34.877608061 CET	443	49717	54.235.205.181	192.168.2.5
Jan 14, 2025 10:49:34.892730951 CET	49718	443	192.168.2.5	104.17.205.31
Jan 14, 2025 10:49:34.892791986 CET	443	49718	104.17.205.31	192.168.2.5
Jan 14, 2025 10:49:34.892981052 CET	49718	443	192.168.2.5	104.17.205.31
Jan 14, 2025 10:49:34.893085957 CET	49718	443	192.168.2.5	104.17.205.31
Jan 14, 2025 10:49:34.893095970 CET	443	49718	104.17.205.31	192.168.2.5
Jan 14, 2025 10:49:34.933583975 CET	443	49716	54.235.205.181	192.168.2.5
Jan 14, 2025 10:49:34.933892012 CET	49716	443	192.168.2.5	54.235.205.181
Jan 14, 2025 10:49:34.933922052 CET	443	49716	54.235.205.181	192.168.2.5
Jan 14, 2025 10:49:34.934837103 CET	443	49716	54.235.205.181	192.168.2.5
Jan 14, 2025 10:49:34.934931993 CET	49716	443	192.168.2.5	54.235.205.181
Jan 14, 2025 10:49:34.934945107 CET	443	49716	54.235.205.181	192.168.2.5
Jan 14, 2025 10:49:34.935087919 CET	49716	443	192.168.2.5	54.235.205.181
Jan 14, 2025 10:49:34.935497999 CET	49716	443	192.168.2.5	54.235.205.181
Jan 14, 2025 10:49:34.935556889 CET	443	49716	54.235.205.181	192.168.2.5
Jan 14, 2025 10:49:34.982296944 CET	49716	443	192.168.2.5	54.235.205.181
Jan 14, 2025 10:49:34.982326031 CET	443	49716	54.235.205.181	192.168.2.5
Jan 14, 2025 10:49:35.029088974 CET	49716	443	192.168.2.5	54.235.205.181
Jan 14, 2025 10:49:35.372807026 CET	443	49718	104.17.205.31	192.168.2.5
Jan 14, 2025 10:49:35.373061895 CET	49718	443	192.168.2.5	104.17.205.31
Jan 14, 2025 10:49:35.373074055 CET	443	49718	104.17.205.31	192.168.2.5
Jan 14, 2025 10:49:35.373797894 CET	443	49718	104.17.205.31	192.168.2.5
Jan 14, 2025 10:49:35.373871088 CET	49718	443	192.168.2.5	104.17.205.31
Jan 14, 2025 10:49:35.374880075 CET	49718	443	192.168.2.5	104.17.205.31
Jan 14, 2025 10:49:35.374924898 CET	443	49718	104.17.205.31	192.168.2.5
Jan 14, 2025 10:49:35.375140905 CET	49718	443	192.168.2.5	104.17.205.31
Jan 14, 2025 10:49:35.375144958 CET	443	49718	104.17.205.31	192.168.2.5
Jan 14, 2025 10:49:35.421962023 CET	49718	443	192.168.2.5	104.17.205.31
Jan 14, 2025 10:49:35.698014021 CET	443	49718	104.17.205.31	192.168.2.5
Jan 14, 2025 10:49:35.698086023 CET	443	49718	104.17.205.31	192.168.2.5
Jan 14, 2025 10:49:35.698148966 CET	49718	443	192.168.2.5	104.17.205.31
Jan 14, 2025 10:49:35.699847937 CET	49718	443	192.168.2.5	104.17.205.31
Jan 14, 2025 10:49:35.699866056 CET	443	49718	104.17.205.31	192.168.2.5
Jan 14, 2025 10:49:35.736673117 CET	49719	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:35.736722946 CET	443	49719	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:35.736891031 CET	49719	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:35.737512112 CET	49719	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:35.737528086 CET	443	49719	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:36.224009991 CET	443	49719	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:36.224306107 CET	49719	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:36.224328041 CET	443	49719	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:36.225177050 CET	443	49719	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:36.225225925 CET	49719	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:36.226238966 CET	49719	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:36.226295948 CET	443	49719	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:36.226501942 CET	49719	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:36.226510048 CET	443	49719	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:36.279990911 CET	49719	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:36.368735075 CET	443	49719	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:36.368814945 CET	443	49719	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:36.368855000 CET	443	49719	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:36.368861914 CET	49719	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:36.368884087 CET	443	49719	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:36.368895054 CET	49719	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:36.368920088 CET	443	49719	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:36.368947029 CET	443	49719	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:36.368973017 CET	49719	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:36.368979931 CET	443	49719	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:36.369024038 CET	49719	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:36.369029999 CET	443	49719	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:36.369041920 CET	443	49719	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:36.369086981 CET	49719	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:36.369798899 CET	49719	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:36.369813919 CET	443	49719	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:36.374912024 CET	49720	443	192.168.2.5	104.17.205.31
Jan 14, 2025 10:49:36.374937057 CET	443	49720	104.17.205.31	192.168.2.5
Jan 14, 2025 10:49:36.374996901 CET	49720	443	192.168.2.5	104.17.205.31
Jan 14, 2025 10:49:36.375215054 CET	49720	443	192.168.2.5	104.17.205.31
Jan 14, 2025 10:49:36.375228882 CET	443	49720	104.17.205.31	192.168.2.5
Jan 14, 2025 10:49:36.381095886 CET	49721	443	192.168.2.5	35.190.80.1
Jan 14, 2025 10:49:36.381189108 CET	443	49721	35.190.80.1	192.168.2.5
Jan 14, 2025 10:49:36.381273985 CET	49721	443	192.168.2.5	35.190.80.1
Jan 14, 2025 10:49:36.381438971 CET	49721	443	192.168.2.5	35.190.80.1
Jan 14, 2025 10:49:36.381470919 CET	443	49721	35.190.80.1	192.168.2.5
Jan 14, 2025 10:49:36.838429928 CET	443	49720	104.17.205.31	192.168.2.5
Jan 14, 2025 10:49:36.838855028 CET	49720	443	192.168.2.5	104.17.205.31
Jan 14, 2025 10:49:36.838875055 CET	443	49720	104.17.205.31	192.168.2.5
Jan 14, 2025 10:49:36.839164019 CET	443	49720	104.17.205.31	192.168.2.5
Jan 14, 2025 10:49:36.839502096 CET	49720	443	192.168.2.5	104.17.205.31
Jan 14, 2025 10:49:36.839565039 CET	443	49720	104.17.205.31	192.168.2.5
Jan 14, 2025 10:49:36.839693069 CET	49720	443	192.168.2.5	104.17.205.31
Jan 14, 2025 10:49:36.842289925 CET	443	49721	35.190.80.1	192.168.2.5
Jan 14, 2025 10:49:36.842619896 CET	49721	443	192.168.2.5	35.190.80.1
Jan 14, 2025 10:49:36.842681885 CET	443	49721	35.190.80.1	192.168.2.5
Jan 14, 2025 10:49:36.844398975 CET	443	49721	35.190.80.1	192.168.2.5
Jan 14, 2025 10:49:36.844485044 CET	49721	443	192.168.2.5	35.190.80.1
Jan 14, 2025 10:49:36.845318079 CET	49721	443	192.168.2.5	35.190.80.1
Jan 14, 2025 10:49:36.845412970 CET	443	49721	35.190.80.1	192.168.2.5
Jan 14, 2025 10:49:36.845447063 CET	49721	443	192.168.2.5	35.190.80.1
Jan 14, 2025 10:49:36.887331009 CET	443	49720	104.17.205.31	192.168.2.5
Jan 14, 2025 10:49:36.891328096 CET	443	49721	35.190.80.1	192.168.2.5
Jan 14, 2025 10:49:36.893893957 CET	49721	443	192.168.2.5	35.190.80.1
Jan 14, 2025 10:49:36.893954039 CET	443	49721	35.190.80.1	192.168.2.5
Jan 14, 2025 10:49:36.935589075 CET	49721	443	192.168.2.5	35.190.80.1
Jan 14, 2025 10:49:36.968444109 CET	443	49721	35.190.80.1	192.168.2.5
Jan 14, 2025 10:49:36.968662977 CET	443	49721	35.190.80.1	192.168.2.5
Jan 14, 2025 10:49:36.968955040 CET	49721	443	192.168.2.5	35.190.80.1
Jan 14, 2025 10:49:36.968955040 CET	49721	443	192.168.2.5	35.190.80.1
Jan 14, 2025 10:49:36.969024897 CET	443	49721	35.190.80.1	192.168.2.5
Jan 14, 2025 10:49:36.969613075 CET	49722	443	192.168.2.5	35.190.80.1
Jan 14, 2025 10:49:36.969645023 CET	443	49722	35.190.80.1	192.168.2.5
Jan 14, 2025 10:49:36.969645977 CET	49721	443	192.168.2.5	35.190.80.1
Jan 14, 2025 10:49:36.969715118 CET	49722	443	192.168.2.5	35.190.80.1
Jan 14, 2025 10:49:36.969902039 CET	49722	443	192.168.2.5	35.190.80.1
Jan 14, 2025 10:49:36.969916105 CET	443	49722	35.190.80.1	192.168.2.5
Jan 14, 2025 10:49:37.137018919 CET	443	49720	104.17.205.31	192.168.2.5
Jan 14, 2025 10:49:37.137078047 CET	443	49720	104.17.205.31	192.168.2.5
Jan 14, 2025 10:49:37.137603045 CET	49720	443	192.168.2.5	104.17.205.31
Jan 14, 2025 10:49:37.138605118 CET	49720	443	192.168.2.5	104.17.205.31
Jan 14, 2025 10:49:37.138605118 CET	49720	443	192.168.2.5	104.17.205.31
Jan 14, 2025 10:49:37.138619900 CET	443	49720	104.17.205.31	192.168.2.5
Jan 14, 2025 10:49:37.139167070 CET	49723	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:37.139189005 CET	49720	443	192.168.2.5	104.17.205.31
Jan 14, 2025 10:49:37.139199972 CET	443	49723	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:37.139266968 CET	49723	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:37.139460087 CET	49723	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:37.139470100 CET	443	49723	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:37.429529905 CET	443	49722	35.190.80.1	192.168.2.5
Jan 14, 2025 10:49:37.430443048 CET	49722	443	192.168.2.5	35.190.80.1
Jan 14, 2025 10:49:37.430463076 CET	443	49722	35.190.80.1	192.168.2.5
Jan 14, 2025 10:49:37.430951118 CET	443	49722	35.190.80.1	192.168.2.5
Jan 14, 2025 10:49:37.431340933 CET	49722	443	192.168.2.5	35.190.80.1
Jan 14, 2025 10:49:37.431394100 CET	49722	443	192.168.2.5	35.190.80.1
Jan 14, 2025 10:49:37.431399107 CET	443	49722	35.190.80.1	192.168.2.5
Jan 14, 2025 10:49:37.431426048 CET	443	49722	35.190.80.1	192.168.2.5
Jan 14, 2025 10:49:37.475259066 CET	49722	443	192.168.2.5	35.190.80.1
Jan 14, 2025 10:49:37.557801962 CET	443	49722	35.190.80.1	192.168.2.5
Jan 14, 2025 10:49:37.557914019 CET	443	49722	35.190.80.1	192.168.2.5
Jan 14, 2025 10:49:37.558156967 CET	49722	443	192.168.2.5	35.190.80.1
Jan 14, 2025 10:49:37.558177948 CET	443	49722	35.190.80.1	192.168.2.5
Jan 14, 2025 10:49:37.558362961 CET	49722	443	192.168.2.5	35.190.80.1
Jan 14, 2025 10:49:37.558363914 CET	49722	443	192.168.2.5	35.190.80.1
Jan 14, 2025 10:49:37.594690084 CET	443	49723	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:37.597930908 CET	49723	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:37.597951889 CET	443	49723	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:37.598263025 CET	443	49723	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:37.601110935 CET	49723	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:37.601174116 CET	443	49723	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:37.604406118 CET	49723	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:37.651326895 CET	443	49723	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:37.723160982 CET	443	49723	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:37.723248005 CET	443	49723	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:37.723308086 CET	443	49723	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:37.723345041 CET	443	49723	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:37.723372936 CET	443	49723	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:37.723397970 CET	443	49723	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:37.723469973 CET	49723	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:37.723469973 CET	49723	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:37.723485947 CET	443	49723	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:37.723499060 CET	443	49723	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:37.723537922 CET	49723	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:37.724232912 CET	49723	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:37.724246979 CET	443	49723	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:37.769121885 CET	49724	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:37.769181967 CET	443	49724	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:37.769288063 CET	49724	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:37.770345926 CET	49724	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:37.770385027 CET	443	49724	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:38.246310949 CET	443	49724	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:38.246653080 CET	49724	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:38.246690989 CET	443	49724	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:38.246993065 CET	443	49724	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:38.247411013 CET	49724	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:38.247473001 CET	443	49724	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:38.247508049 CET	49724	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:38.291414976 CET	443	49724	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:38.295488119 CET	49724	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:38.395514011 CET	443	49724	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:38.395550013 CET	443	49724	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:38.395596027 CET	443	49724	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:38.395695925 CET	49724	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:38.395695925 CET	49724	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:38.395740032 CET	443	49724	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:38.395798922 CET	49724	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:38.395986080 CET	443	49724	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:38.396027088 CET	49724	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:38.396034002 CET	443	49724	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:38.400223017 CET	443	49724	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:38.400244951 CET	443	49724	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:38.400264978 CET	443	49724	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:38.400295019 CET	49724	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:38.400310040 CET	443	49724	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:38.400342941 CET	49724	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:38.442619085 CET	49724	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:38.595974922 CET	443	49724	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:38.596034050 CET	443	49724	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:38.596101999 CET	443	49724	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:38.596107006 CET	49724	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:38.596131086 CET	443	49724	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:38.596170902 CET	443	49724	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:38.596204996 CET	49724	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:38.596244097 CET	443	49724	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:38.596273899 CET	443	49724	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:38.596293926 CET	49724	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:38.596307039 CET	443	49724	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:38.596349001 CET	443	49724	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:38.596369028 CET	49724	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:38.596379995 CET	443	49724	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:38.596422911 CET	443	49724	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:38.596427917 CET	49724	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:38.596438885 CET	443	49724	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:38.596494913 CET	49724	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:38.596501112 CET	443	49724	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:38.596508980 CET	443	49724	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:38.596548080 CET	443	49724	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:38.596549034 CET	49724	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:38.596556902 CET	443	49724	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:38.596595049 CET	443	49724	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:38.596596956 CET	49724	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:38.596612930 CET	443	49724	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:38.596647978 CET	443	49724	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:38.596658945 CET	49724	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:38.596674919 CET	443	49724	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:38.596704960 CET	443	49724	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:38.596714020 CET	49724	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:38.596724033 CET	443	49724	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:38.596764088 CET	443	49724	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:38.596771955 CET	49724	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:38.596787930 CET	443	49724	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:38.596828938 CET	49724	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:38.600629091 CET	443	49724	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:38.600785971 CET	443	49724	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:38.600814104 CET	443	49724	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:38.600828886 CET	49724	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:38.600841999 CET	443	49724	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:38.600860119 CET	443	49724	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:38.600888968 CET	49724	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:38.600900888 CET	443	49724	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:38.600924969 CET	49724	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:38.601795912 CET	443	49724	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:38.601816893 CET	443	49724	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:38.601843119 CET	49724	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:38.601854086 CET	443	49724	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:38.601880074 CET	49724	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:38.601900101 CET	49724	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:38.602658987 CET	443	49724	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:38.602721930 CET	49724	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:38.603692055 CET	443	49724	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:38.603740931 CET	443	49724	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:38.603784084 CET	49724	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:38.603796005 CET	443	49724	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:38.603821993 CET	443	49724	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:38.603827953 CET	49724	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:38.603864908 CET	49724	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:38.603965998 CET	49724	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:38.603996038 CET	443	49724	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:38.625946999 CET	49725	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:38.626000881 CET	443	49725	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:38.626069069 CET	49725	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:38.626632929 CET	49725	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:38.626648903 CET	443	49725	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:39.101778030 CET	443	49725	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:39.102106094 CET	49725	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:39.102123976 CET	443	49725	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:39.102574110 CET	443	49725	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:39.102850914 CET	49725	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:39.102916002 CET	443	49725	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:39.102992058 CET	49725	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:39.143326998 CET	443	49725	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:39.239381075 CET	443	49725	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:39.239473104 CET	443	49725	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:39.239502907 CET	443	49725	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:39.239517927 CET	49725	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:39.239531040 CET	443	49725	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:39.239568949 CET	49725	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:39.239576101 CET	443	49725	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:39.239829063 CET	443	49725	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:39.239855051 CET	443	49725	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:39.239861965 CET	49725	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:39.239866972 CET	443	49725	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:39.239898920 CET	49725	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:39.239903927 CET	443	49725	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:39.239959955 CET	443	49725	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:39.239996910 CET	49725	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:39.240209103 CET	49725	443	192.168.2.5	104.26.5.115
Jan 14, 2025 10:49:39.240221024 CET	443	49725	104.26.5.115	192.168.2.5
Jan 14, 2025 10:49:43.110213041 CET	443	49712	142.250.184.196	192.168.2.5
Jan 14, 2025 10:49:43.110387087 CET	443	49712	142.250.184.196	192.168.2.5
Jan 14, 2025 10:49:43.110444069 CET	49712	443	192.168.2.5	142.250.184.196
Jan 14, 2025 10:49:44.405472040 CET	49712	443	192.168.2.5	142.250.184.196
Jan 14, 2025 10:49:44.405492067 CET	443	49712	142.250.184.196	192.168.2.5
Jan 14, 2025 10:49:44.640862942 CET	49703	443	192.168.2.5	23.1.237.91
Jan 14, 2025 10:49:44.640954971 CET	49703	443	192.168.2.5	23.1.237.91
Jan 14, 2025 10:49:44.641236067 CET	49737	443	192.168.2.5	23.1.237.91
Jan 14, 2025 10:49:44.641288042 CET	443	49737	23.1.237.91	192.168.2.5
Jan 14, 2025 10:49:44.641351938 CET	49737	443	192.168.2.5	23.1.237.91
Jan 14, 2025 10:49:44.645881891 CET	443	49703	23.1.237.91	192.168.2.5
Jan 14, 2025 10:49:44.645926952 CET	443	49703	23.1.237.91	192.168.2.5
Jan 14, 2025 10:49:44.655723095 CET	49737	443	192.168.2.5	23.1.237.91
Jan 14, 2025 10:49:44.655738115 CET	443	49737	23.1.237.91	192.168.2.5
Jan 14, 2025 10:49:45.263175964 CET	443	49737	23.1.237.91	192.168.2.5
Jan 14, 2025 10:49:45.263278961 CET	49737	443	192.168.2.5	23.1.237.91
Jan 14, 2025 10:49:56.318306923 CET	53460	53	192.168.2.5	162.159.36.2
Jan 14, 2025 10:49:56.323275089 CET	53	53460	162.159.36.2	192.168.2.5
Jan 14, 2025 10:49:56.323426962 CET	53460	53	192.168.2.5	162.159.36.2
Jan 14, 2025 10:49:56.328288078 CET	53	53460	162.159.36.2	192.168.2.5
Jan 14, 2025 10:49:56.769253969 CET	53460	53	192.168.2.5	162.159.36.2
Jan 14, 2025 10:49:56.774266005 CET	53	53460	162.159.36.2	192.168.2.5
Jan 14, 2025 10:49:56.774333954 CET	53460	53	192.168.2.5	162.159.36.2
Jan 14, 2025 10:50:04.418931961 CET	443	49737	23.1.237.91	192.168.2.5
Jan 14, 2025 10:50:04.419048071 CET	49737	443	192.168.2.5	23.1.237.91
Jan 14, 2025 10:50:19.998521090 CET	49716	443	192.168.2.5	54.235.205.181
Jan 14, 2025 10:50:19.998553038 CET	443	49716	54.235.205.181	192.168.2.5
Jan 14, 2025 10:50:32.620163918 CET	53650	443	192.168.2.5	216.58.206.68
Jan 14, 2025 10:50:32.620193005 CET	443	53650	216.58.206.68	192.168.2.5
Jan 14, 2025 10:50:32.620265007 CET	53650	443	192.168.2.5	216.58.206.68
Jan 14, 2025 10:50:32.620496988 CET	53650	443	192.168.2.5	216.58.206.68
Jan 14, 2025 10:50:32.620503902 CET	443	53650	216.58.206.68	192.168.2.5
Jan 14, 2025 10:50:33.272130013 CET	443	53650	216.58.206.68	192.168.2.5
Jan 14, 2025 10:50:33.272716999 CET	53650	443	192.168.2.5	216.58.206.68
Jan 14, 2025 10:50:33.272784948 CET	443	53650	216.58.206.68	192.168.2.5
Jan 14, 2025 10:50:33.273889065 CET	443	53650	216.58.206.68	192.168.2.5
Jan 14, 2025 10:50:33.274331093 CET	53650	443	192.168.2.5	216.58.206.68
Jan 14, 2025 10:50:33.274420023 CET	443	53650	216.58.206.68	192.168.2.5
Jan 14, 2025 10:50:33.326591969 CET	53650	443	192.168.2.5	216.58.206.68
Jan 14, 2025 10:50:36.377253056 CET	49716	443	192.168.2.5	54.235.205.181
Jan 14, 2025 10:50:36.377464056 CET	443	49716	54.235.205.181	192.168.2.5
Jan 14, 2025 10:50:36.377535105 CET	49716	443	192.168.2.5	54.235.205.181
Jan 14, 2025 10:50:36.386029959 CET	53651	443	192.168.2.5	35.190.80.1
Jan 14, 2025 10:50:36.386065960 CET	443	53651	35.190.80.1	192.168.2.5
Jan 14, 2025 10:50:36.386147976 CET	53651	443	192.168.2.5	35.190.80.1
Jan 14, 2025 10:50:36.386368990 CET	53651	443	192.168.2.5	35.190.80.1
Jan 14, 2025 10:50:36.386383057 CET	443	53651	35.190.80.1	192.168.2.5
Jan 14, 2025 10:50:36.849992990 CET	443	53651	35.190.80.1	192.168.2.5
Jan 14, 2025 10:50:36.850542068 CET	53651	443	192.168.2.5	35.190.80.1
Jan 14, 2025 10:50:36.850565910 CET	443	53651	35.190.80.1	192.168.2.5
Jan 14, 2025 10:50:36.850887060 CET	443	53651	35.190.80.1	192.168.2.5
Jan 14, 2025 10:50:36.851308107 CET	53651	443	192.168.2.5	35.190.80.1
Jan 14, 2025 10:50:36.851368904 CET	443	53651	35.190.80.1	192.168.2.5
Jan 14, 2025 10:50:36.851506948 CET	53651	443	192.168.2.5	35.190.80.1
Jan 14, 2025 10:50:36.899328947 CET	443	53651	35.190.80.1	192.168.2.5
Jan 14, 2025 10:50:36.979959965 CET	443	53651	35.190.80.1	192.168.2.5
Jan 14, 2025 10:50:36.980031967 CET	443	53651	35.190.80.1	192.168.2.5
Jan 14, 2025 10:50:36.980422974 CET	53651	443	192.168.2.5	35.190.80.1
Jan 14, 2025 10:50:36.980901003 CET	53651	443	192.168.2.5	35.190.80.1
Jan 14, 2025 10:50:36.980932951 CET	443	53651	35.190.80.1	192.168.2.5
Jan 14, 2025 10:50:36.981507063 CET	53652	443	192.168.2.5	35.190.80.1
Jan 14, 2025 10:50:36.981550932 CET	443	53652	35.190.80.1	192.168.2.5
Jan 14, 2025 10:50:36.981620073 CET	53652	443	192.168.2.5	35.190.80.1
Jan 14, 2025 10:50:36.981823921 CET	53652	443	192.168.2.5	35.190.80.1
Jan 14, 2025 10:50:36.981842995 CET	443	53652	35.190.80.1	192.168.2.5
Jan 14, 2025 10:50:37.438486099 CET	443	53652	35.190.80.1	192.168.2.5
Jan 14, 2025 10:50:37.438786983 CET	53652	443	192.168.2.5	35.190.80.1
Jan 14, 2025 10:50:37.438801050 CET	443	53652	35.190.80.1	192.168.2.5
Jan 14, 2025 10:50:37.439110041 CET	443	53652	35.190.80.1	192.168.2.5
Jan 14, 2025 10:50:37.439582109 CET	53652	443	192.168.2.5	35.190.80.1
Jan 14, 2025 10:50:37.439644098 CET	443	53652	35.190.80.1	192.168.2.5
Jan 14, 2025 10:50:37.440376997 CET	53652	443	192.168.2.5	35.190.80.1
Jan 14, 2025 10:50:37.440412998 CET	53652	443	192.168.2.5	35.190.80.1
Jan 14, 2025 10:50:37.440438986 CET	443	53652	35.190.80.1	192.168.2.5
Jan 14, 2025 10:50:37.564990997 CET	443	53652	35.190.80.1	192.168.2.5
Jan 14, 2025 10:50:37.565052032 CET	443	53652	35.190.80.1	192.168.2.5
Jan 14, 2025 10:50:37.565093040 CET	53652	443	192.168.2.5	35.190.80.1
Jan 14, 2025 10:50:37.565301895 CET	53652	443	192.168.2.5	35.190.80.1
Jan 14, 2025 10:50:37.565315008 CET	443	53652	35.190.80.1	192.168.2.5
Jan 14, 2025 10:50:43.175479889 CET	443	53650	216.58.206.68	192.168.2.5
Jan 14, 2025 10:50:43.175652027 CET	443	53650	216.58.206.68	192.168.2.5
Jan 14, 2025 10:50:43.175744057 CET	53650	443	192.168.2.5	216.58.206.68
Jan 14, 2025 10:50:44.406419992 CET	53650	443	192.168.2.5	216.58.206.68
Jan 14, 2025 10:50:44.406485081 CET	443	53650	216.58.206.68	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 14, 2025 10:49:27.902070045 CET	53	57898	1.1.1.1	192.168.2.5
Jan 14, 2025 10:49:27.934742928 CET	53	55090	1.1.1.1	192.168.2.5
Jan 14, 2025 10:49:28.944559097 CET	53	53034	1.1.1.1	192.168.2.5
Jan 14, 2025 10:49:32.545717955 CET	49665	53	192.168.2.5	1.1.1.1
Jan 14, 2025 10:49:32.545866013 CET	58839	53	192.168.2.5	1.1.1.1
Jan 14, 2025 10:49:32.552551985 CET	53	49665	1.1.1.1	192.168.2.5
Jan 14, 2025 10:49:32.552764893 CET	53	58839	1.1.1.1	192.168.2.5
Jan 14, 2025 10:49:34.070384979 CET	61443	53	192.168.2.5	1.1.1.1
Jan 14, 2025 10:49:34.070642948 CET	58384	53	192.168.2.5	1.1.1.1
Jan 14, 2025 10:49:34.077261925 CET	53	58384	1.1.1.1	192.168.2.5
Jan 14, 2025 10:49:34.087796926 CET	53	61443	1.1.1.1	192.168.2.5
Jan 14, 2025 10:49:34.879921913 CET	61538	53	192.168.2.5	1.1.1.1
Jan 14, 2025 10:49:34.880251884 CET	52407	53	192.168.2.5	1.1.1.1
Jan 14, 2025 10:49:34.888740063 CET	53	61538	1.1.1.1	192.168.2.5
Jan 14, 2025 10:49:34.890114069 CET	53	52407	1.1.1.1	192.168.2.5
Jan 14, 2025 10:49:35.701030016 CET	55575	53	192.168.2.5	1.1.1.1
Jan 14, 2025 10:49:35.701358080 CET	56524	53	192.168.2.5	1.1.1.1
Jan 14, 2025 10:49:35.716274023 CET	53	55575	1.1.1.1	192.168.2.5
Jan 14, 2025 10:49:35.737181902 CET	53	56524	1.1.1.1	192.168.2.5
Jan 14, 2025 10:49:36.372508049 CET	61749	53	192.168.2.5	1.1.1.1
Jan 14, 2025 10:49:36.372790098 CET	61274	53	192.168.2.5	1.1.1.1
Jan 14, 2025 10:49:36.379590034 CET	53	61749	1.1.1.1	192.168.2.5
Jan 14, 2025 10:49:36.380510092 CET	53	61274	1.1.1.1	192.168.2.5
Jan 14, 2025 10:49:45.976830959 CET	53	53382	1.1.1.1	192.168.2.5
Jan 14, 2025 10:49:56.317791939 CET	53	57745	162.159.36.2	192.168.2.5
Jan 14, 2025 10:49:56.777712107 CET	65316	53	192.168.2.5	1.1.1.1
Jan 14, 2025 10:49:56.785209894 CET	53	65316	1.1.1.1	192.168.2.5
Jan 14, 2025 10:50:32.610668898 CET	58506	53	192.168.2.5	1.1.1.1
Jan 14, 2025 10:50:32.618900061 CET	53	58506	1.1.1.1	192.168.2.5
Jan 14, 2025 10:50:36.378086090 CET	53135	53	192.168.2.5	1.1.1.1
Jan 14, 2025 10:50:36.385189056 CET	53	53135	1.1.1.1	192.168.2.5

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Jan 14, 2025 10:49:35.737272024 CET	192.168.2.5	1.1.1.1	c242	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 14, 2025 10:49:32.545717955 CET	192.168.2.5	1.1.1.1	0xf3e6	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 14, 2025 10:49:32.545866013 CET	192.168.2.5	1.1.1.1	0x68a5	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jan 14, 2025 10:49:34.070384979 CET	192.168.2.5	1.1.1.1	0xf0a2	Standard query (0)	akirapowered84501.emlnk.com	A (IP address)	IN (0x0001)	false
Jan 14, 2025 10:49:34.070642948 CET	192.168.2.5	1.1.1.1	0xead9	Standard query (0)	akirapowered84501.emlnk.com	65	IN (0x0001)	false
Jan 14, 2025 10:49:34.879921913 CET	192.168.2.5	1.1.1.1	0xf9c5	Standard query (0)	akirapowered84501.activehosted.com	A (IP address)	IN (0x0001)	false
Jan 14, 2025 10:49:34.880251884 CET	192.168.2.5	1.1.1.1	0xdfe3	Standard query (0)	akirapowered84501.activehosted.com	65	IN (0x0001)	false
Jan 14, 2025 10:49:35.701030016 CET	192.168.2.5	1.1.1.1	0x605f	Standard query (0)	systemcheckai.com	A (IP address)	IN (0x0001)	false
Jan 14, 2025 10:49:35.701358080 CET	192.168.2.5	1.1.1.1	0x7494	Standard query (0)	systemcheckai.com	65	IN (0x0001)	false
Jan 14, 2025 10:49:36.372508049 CET	192.168.2.5	1.1.1.1	0x64ed	Standard query (0)	a.nel.cloudflare.com	A (IP address)	IN (0x0001)	false
Jan 14, 2025 10:49:36.372790098 CET	192.168.2.5	1.1.1.1	0xbbd	Standard query (0)	a.nel.cloudflare.com	65	IN (0x0001)	false
Jan 14, 2025 10:49:56.777712107 CET	192.168.2.5	1.1.1.1	0x1dbc	Standard query (0)	171.39.242.20.in-addr.arpa	PTR (Pointer record)	IN (0x0001)	false
Jan 14, 2025 10:50:32.610668898 CET	192.168.2.5	1.1.1.1	0x337d	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 14, 2025 10:50:36.378086090 CET	192.168.2.5	1.1.1.1	0xd1f	Standard query (0)	a.nel.cloudflare.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 14, 2025 10:49:32.552551985 CET	1.1.1.1	192.168.2.5	0xf3e6	No error (0)	www.google.com		142.250.184.196	A (IP address)	IN (0x0001)	false
Jan 14, 2025 10:49:32.552764893 CET	1.1.1.1	192.168.2.5	0x68a5	No error (0)	www.google.com			65	IN (0x0001)	false
Jan 14, 2025 10:49:34.087796926 CET	1.1.1.1	192.168.2.5	0xf0a2	No error (0)	akirapowered84501.emlnk.com		54.235.205.181	A (IP address)	IN (0x0001)	false
Jan 14, 2025 10:49:34.087796926 CET	1.1.1.1	192.168.2.5	0xf0a2	No error (0)	akirapowered84501.emlnk.com		54.225.69.136	A (IP address)	IN (0x0001)	false
Jan 14, 2025 10:49:34.087796926 CET	1.1.1.1	192.168.2.5	0xf0a2	No error (0)	akirapowered84501.emlnk.com		34.237.253.202	A (IP address)	IN (0x0001)	false
Jan 14, 2025 10:49:34.087796926 CET	1.1.1.1	192.168.2.5	0xf0a2	No error (0)	akirapowered84501.emlnk.com		54.82.80.250	A (IP address)	IN (0x0001)	false
Jan 14, 2025 10:49:34.888740063 CET	1.1.1.1	192.168.2.5	0xf9c5	No error (0)	akirapowered84501.activehosted.com		104.17.205.31	A (IP address)	IN (0x0001)	false
Jan 14, 2025 10:49:34.888740063 CET	1.1.1.1	192.168.2.5	0xf9c5	No error (0)	akirapowered84501.activehosted.com		104.17.204.31	A (IP address)	IN (0x0001)	false
Jan 14, 2025 10:49:34.888740063 CET	1.1.1.1	192.168.2.5	0xf9c5	No error (0)	akirapowered84501.activehosted.com		104.17.203.31	A (IP address)	IN (0x0001)	false
Jan 14, 2025 10:49:34.888740063 CET	1.1.1.1	192.168.2.5	0xf9c5	No error (0)	akirapowered84501.activehosted.com		104.17.202.31	A (IP address)	IN (0x0001)	false
Jan 14, 2025 10:49:34.888740063 CET	1.1.1.1	192.168.2.5	0xf9c5	No error (0)	akirapowered84501.activehosted.com		104.17.206.31	A (IP address)	IN (0x0001)	false
Jan 14, 2025 10:49:34.890114069 CET	1.1.1.1	192.168.2.5	0xdfe3	No error (0)	akirapowered84501.activehosted.com			65	IN (0x0001)	false
Jan 14, 2025 10:49:35.716274023 CET	1.1.1.1	192.168.2.5	0x605f	No error (0)	systemcheckai.com		104.26.5.115	A (IP address)	IN (0x0001)	false
Jan 14, 2025 10:49:35.716274023 CET	1.1.1.1	192.168.2.5	0x605f	No error (0)	systemcheckai.com		104.26.4.115	A (IP address)	IN (0x0001)	false
Jan 14, 2025 10:49:35.716274023 CET	1.1.1.1	192.168.2.5	0x605f	No error (0)	systemcheckai.com		172.67.73.68	A (IP address)	IN (0x0001)	false
Jan 14, 2025 10:49:35.737181902 CET	1.1.1.1	192.168.2.5	0x7494	No error (0)	systemcheckai.com			65	IN (0x0001)	false
Jan 14, 2025 10:49:36.379590034 CET	1.1.1.1	192.168.2.5	0x64ed	No error (0)	a.nel.cloudflare.com		35.190.80.1	A (IP address)	IN (0x0001)	false
Jan 14, 2025 10:49:56.785209894 CET	1.1.1.1	192.168.2.5	0x1dbc	Name error (3)	171.39.242.20.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)	false
Jan 14, 2025 10:50:32.618900061 CET	1.1.1.1	192.168.2.5	0x337d	No error (0)	www.google.com		216.58.206.68	A (IP address)	IN (0x0001)	false
Jan 14, 2025 10:50:36.385189056 CET	1.1.1.1	192.168.2.5	0xd1f	No error (0)	a.nel.cloudflare.com		35.190.80.1	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

akirapowered84501.emlnk.com

akirapowered84501.activehosted.com

systemcheckai.com

a.nel.cloudflare.com

https:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49717	54.235.205.181	443	6628	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-14 09:49:34 UTC	742	OUT	GET /lt.php?x=3DZy~GDLVnab5KCs-Nu4WOae1qEoiN9xvxk1XaPMVXahD5B9-Uy.xuG-142imNH HTTP/1.1 Host: akirapowered84501.emlnk.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-14 09:49:34 UTC	332	IN	HTTP/1.1 307 Temporary Redirect cache-control: public, max-age=2628000 location: https://akirapowered84501.activehosted.com/lt.php?x=3DZy~GDLVnab5KCs-Nu4WOae1qEoiN9xvxk1XaPMVXahD5B9-Uy.xuG-142imNH date: Tue, 14 Jan 2025 09:49:34 GMT content-length: 0 x-envoy-upstream-service-time: 1 server: istio-envoy connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49718	104.17.205.31	443	6628	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-14 09:49:35 UTC	749	OUT	GET /lt.php?x=3DZy~GDLVnab5KCs-Nu4WOae1qEoiN9xvxk1XaPMVXahD5B9-Uy.xuG-142imNH HTTP/1.1 Host: akirapowered84501.activehosted.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-14 09:49:35 UTC	1206	IN	HTTP/1.1 302 Found Date: Tue, 14 Jan 2025 09:49:35 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: close location: https://systemcheckai.com/ Cache-Control: no-store, no-cache, must-revalidate expires: Thu, 19 Nov 1981 08:52:00 GMT pragma: no-cache Set-Cookie: PHPSESSID=9d7dbd0d558ea9e70471dd725e957976; path=/; secure; HttpOnly; SameSite=Lax x-content-type-options: nosniff x-privacy-policy: You can find our privacy policy here: https://www.activecampaign.com/help/privacy-policy/ x-request-id: 4fc4b0109354695451668f601cedf104 x-robots-tag: noindex CF-Cache-Status: DYNAMIC Set-Cookie: cmp92792114=8f780516515547ec18cb56ad1476453e; expires=Thu, 13-Feb-2025 09:49:35 GMT; Max-Age=2592000; path=/; domain=.akirapowered84501.activehosted.com; secure; SameSite=Lax Set-Cookie: __cf_bm=cgQlJldpCAKRQLGliDZwGTxevQ.0P6MOYWqdh5aasZc-1736848175-1.0.1.1-neHWiVOaSWfK8p0N5rYks8E8xnC_G_hO1WloiqltKuE18RNdBuTzXdH6r9jxyW6lHxvyysI5RuMIdb.ubQ6FRg; path=/; expires=Tue, 14-Jan-25 10:19:35 GMT; domain=.activehosted.com; HttpOnly; Secure; SameSite=None Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Server: cloudflare CF-RAY: 901cb7889809c470-EWR

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49719	104.26.5.115	443	6628	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-14 09:49:36 UTC	660	OUT	GET / HTTP/1.1 Host: systemcheckai.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-14 09:49:36 UTC	1285	IN	HTTP/1.1 403 Forbidden Date: Tue, 14 Jan 2025 09:49:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA cross-origin-embedder-policy: require-corp cross-origin-opener-policy: same-origin cross-origin-resource-policy: same-origin origin-agent-cluster: ?1 permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() referrer-policy: same-origin x-content-options: nosniff x-frame-options: SAMEORIGIN cf-mitigated: challenge
2025-01-14 09:49:36 UTC	923	IN	Data Raw: 63 66 2d 63 68 6c 2d 6f 75 74 3a 20 50 51 53 31 37 78 36 30 33 4c 61 76 69 78 75 55 2b 63 34 44 48 4b 6d 73 5a 51 49 68 4e 6a 54 4d 77 68 2f 7a 68 71 73 35 61 51 43 67 43 72 6b 54 39 6b 52 53 39 44 6d 59 5a 5a 47 30 38 6f 32 2f 58 65 61 37 71 74 4e 44 57 4d 47 36 63 35 32 37 59 51 6d 2f 79 79 56 33 46 35 6a 57 44 7a 42 76 41 72 6b 6d 78 32 4e 50 61 34 33 74 64 57 75 4b 42 76 4a 36 72 66 37 61 2b 6b 51 63 79 74 37 32 39 56 6e 79 34 7a 72 67 6b 70 46 4c 77 6b 4b 58 6a 70 69 5a 34 67 3d 3d 24 4b 76 73 32 73 35 38 55 51 37 33 69 7a 53 45 4f 54 51 4e 62 36 67 3d 3d 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 72 69 76 61 74 65 2c 20 6d 61 78 2d 61 67 65 3d 30 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 6e 6f 2d 63 61 63 68 65 2c 20 6d 75 73 74 2d 72 65 76 61 Data Ascii: cf-chl-out: PQS17x603LavixuU+c4DHKmsZQIhNjTMwh/zhqs5aQCgCrkT9kRS9DmYZZG08o2/Xea7qtNDWMG6c527YQm/yyV3F5jWDzBvArkmx2NPa43tdWuKBvJ6rf7a+kQcyt729Vny4zrgkpFLwkKXjpiZ4g==$Kvs2s58UQ73izSEOTQNb6g==Cache-Control: private, max-age=0, no-store, no-cache, must-reva
2025-01-14 09:49:36 UTC	1369	IN	Data Raw: 31 66 64 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d Data Ascii: 1fd7<!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><meta name="robots" content="noindex,nofollow"><meta name=
2025-01-14 09:49:36 UTC	1369	IN	Data Raw: 75 4d 7a 67 34 4c 6a 51 77 4e 79 34 7a 4f 44 6b 75 4e 44 41 33 4c 6a 6b 35 4e 43 41 77 49 43 34 31 4f 54 59 74 4c 6a 51 77 4e 79 34 35 4f 44 51 74 4c 6a 4d 35 4e 79 34 7a 4f 53 30 78 4c 6a 41 31 4e 79 34 7a 4f 44 6b 74 4c 6a 59 31 49 44 41 74 4d 53 34 77 4e 54 59 74 4c 6a 4d 34 4f 53 30 75 4d 7a 6b 34 4c 53 34 7a 4f 44 6b 74 4c 6a 4d 35 4f 43 30 75 4f 54 67 30 49 44 41 74 4c 6a 55 35 4e 79 34 7a 4f 54 67 74 4c 6a 6b 34 4e 53 34 30 4d 44 59 74 4c 6a 4d 35 4e 79 41 78 4c 6a 41 31 4e 69 30 75 4d 7a 6b 33 49 69 38 2b 50 43 39 7a 64 6d 63 2b 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 6e 6f 2d 72 65 70 65 61 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 63 6f 6e 74 61 69 6e 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 33 34 70 78 7d 40 6d Data Ascii: uMzg4LjQwNy4zODkuNDA3Ljk5NCAwIC41OTYtLjQwNy45ODQtLjM5Ny4zOS0xLjA1Ny4zODktLjY1IDAtMS4wNTYtLjM4OS0uMzk4LS4zODktLjM5OC0uOTg0IDAtLjU5Ny4zOTgtLjk4NS40MDYtLjM5NyAxLjA1Ni0uMzk3Ii8+PC9zdmc+);background-repeat:no-repeat;background-size:contain;padding-left:34px}@m
2025-01-14 09:49:36 UTC	1369	IN	Data Raw: 4a 50 6f 55 70 75 63 76 6d 73 34 4e 70 71 6d 72 61 52 37 6d 46 6c 41 68 4f 76 4a 67 69 72 46 32 79 78 74 6e 33 76 2e 4e 54 62 38 75 51 44 61 61 37 57 74 63 73 52 39 71 72 32 2e 79 57 64 7a 6b 30 6a 63 64 4e 47 61 30 76 6a 32 61 47 63 45 4a 77 48 70 4d 79 76 71 62 78 2e 6f 76 69 59 53 51 6a 77 43 6c 46 50 45 47 65 53 31 33 5f 54 57 56 38 4a 36 63 6c 77 6d 35 67 73 51 70 55 64 47 59 46 38 6b 2e 68 34 34 2e 49 39 71 30 4b 5a 2e 43 30 4e 32 37 6b 37 79 47 66 43 59 49 33 48 73 38 57 61 61 50 36 4c 75 54 4c 4c 4c 61 70 72 59 70 64 65 53 74 52 4a 56 44 50 49 30 54 49 37 67 50 50 56 61 35 44 77 6f 71 66 75 54 67 33 2e 46 44 54 76 53 6b 73 32 49 48 41 6f 61 61 6b 54 52 4d 56 51 47 50 53 6c 77 39 44 33 30 6a 37 52 70 5a 73 50 75 4e 53 69 30 52 72 58 33 64 51 39 34 Data Ascii: JPoUpucvms4NpqmraR7mFlAhOvJgirF2yxtn3v.NTb8uQDaa7WtcsR9qr2.yWdzk0jcdNGa0vj2aGcEJwHpMyvqbx.oviYSQjwClFPEGeS13_TWV8J6clwm5gsQpUdGYF8k.h44.I9q0KZ.C0N27k7yGfCYI3Hs8WaaP6LuTLLLaprYpdeStRJVDPI0TI7gPPVa5DwoqfuTg3.FDTvSks2IHAoaakTRMVQGPSlw9D30j7RpZsPuNSi0RrX3dQ94
2025-01-14 09:49:36 UTC	1369	IN	Data Raw: 74 6d 47 73 47 4a 6b 32 35 53 6f 49 55 47 70 6f 55 77 4d 71 70 2e 69 57 79 4f 4a 67 58 79 4f 30 6d 6c 6d 4d 4a 52 76 4c 7a 54 33 6c 69 4e 57 4e 67 79 42 52 69 38 71 49 30 79 75 65 54 4c 71 46 31 66 72 53 54 58 6f 6f 64 37 69 54 47 5f 6b 47 7a 39 6f 57 31 77 47 75 34 61 41 79 4d 35 53 33 4b 54 64 36 55 74 44 55 54 7a 68 34 6b 31 38 53 45 6b 76 6a 4c 65 70 43 73 51 41 66 73 73 4a 74 78 73 74 31 2e 70 64 68 4a 74 62 33 54 43 55 58 36 2e 67 31 37 56 41 74 67 30 4c 62 57 72 34 79 38 57 66 78 43 4c 55 66 46 34 64 63 32 4a 2e 74 4e 62 70 46 49 36 2e 45 74 43 5a 54 4f 72 51 49 31 31 32 6e 55 4a 36 4a 42 71 44 56 47 61 41 61 79 46 73 44 2e 61 58 63 38 64 74 63 75 4d 74 33 49 4b 77 72 62 32 64 5a 2e 52 43 72 4e 43 5a 51 48 4f 5a 4f 47 74 50 42 31 4d 5a 37 58 31 42 Data Ascii: tmGsGJk25SoIUGpoUwMqp.iWyOJgXyO0mlmMJRvLzT3liNWNgyBRi8qI0yueTLqF1frSTXood7iTG_kGz9oW1wGu4aAyM5S3KTd6UtDUTzh4k18SEkvjLepCsQAfssJtxst1.pdhJtb3TCUX6.g17VAtg0LbWr4y8WfxCLUfF4dc2J.tNbpFI6.EtCZTOrQI112nUJ6JBqDVGaAayFsD.aXc8dtcuMt3IKwrb2dZ.RCrNCZQHOZOGtPB1MZ7X1B
2025-01-14 09:49:36 UTC	1369	IN	Data Raw: 77 34 5f 70 63 6a 79 36 67 36 36 31 77 71 69 74 70 74 68 44 44 46 53 67 75 5a 61 5f 45 68 55 75 4f 6e 32 5a 6a 46 50 67 6d 4e 59 5f 7a 30 35 41 50 41 4f 78 4f 72 52 68 6d 61 6d 63 65 69 66 61 5f 47 34 31 31 39 64 73 73 7a 73 5f 45 58 4d 6a 61 42 63 50 65 59 37 55 5a 45 69 4a 65 67 43 62 65 58 33 73 63 61 57 71 4f 48 46 66 41 50 59 47 7a 39 53 6b 64 4f 74 61 44 73 61 5a 46 33 49 36 4f 46 6a 43 77 59 4c 5a 70 45 32 4c 47 67 54 30 44 56 59 59 42 6c 2e 32 54 75 65 69 44 43 68 52 34 48 2e 50 63 48 30 4e 32 38 38 6c 74 6e 52 70 42 4c 53 70 75 77 78 32 57 48 31 74 53 70 61 58 57 52 34 31 52 71 68 51 42 76 47 53 50 7a 33 4d 6b 55 59 4d 53 34 79 6e 62 54 2e 75 79 43 56 57 73 61 72 76 46 38 6c 65 54 76 65 39 74 35 66 2e 6b 38 66 30 4b 4b 35 38 75 62 54 52 63 4d 57 Data Ascii: w4_pcjy6g661wqitpthDDFSguZa_EhUuOn2ZjFPgmNY_z05APAOxOrRhmamceifa_G4119dsszs_EXMjaBcPeY7UZEiJegCbeX3scaWqOHFfAPYGz9SkdOtaDsaZF3I6OFjCwYLZpE2LGgT0DVYYBl.2TueiDChR4H.PcH0N288ltnRpBLSpuwx2WH1tSpaXWR41RqhQBvGSPz3MkUYMS4ynbT.uyCVWsarvF8leTve9t5f.k8f0KK58ubTRcMW
2025-01-14 09:49:36 UTC	1314	IN	Data Raw: 59 48 44 64 37 63 47 30 36 63 38 2e 75 56 76 36 36 64 51 38 6a 6c 45 45 5a 75 53 34 45 41 7a 7a 36 63 39 66 51 6b 38 6a 65 41 53 4f 48 67 49 45 5a 61 51 32 62 36 5a 57 30 30 39 52 68 49 6c 76 48 69 45 38 43 36 32 4a 62 79 7a 6b 76 38 50 36 69 6c 33 70 59 31 78 46 79 50 44 63 51 45 6c 4c 51 76 34 62 59 47 4d 2e 70 4e 4d 4d 45 6a 44 71 68 4d 4a 52 73 74 51 73 4e 66 67 50 6e 51 75 56 45 6f 42 68 5f 30 79 67 59 4c 33 6f 35 36 7a 34 6c 67 79 4a 73 4f 48 63 65 64 55 35 47 4a 70 6b 74 6e 56 35 73 31 47 34 6f 39 7a 30 71 33 2e 55 76 63 34 42 31 32 41 63 59 31 76 79 46 57 58 61 52 6a 69 49 54 58 4b 45 5a 77 34 31 45 36 78 6a 55 6f 67 30 68 31 5f 44 44 48 51 33 39 34 47 46 5f 49 4b 31 56 31 52 30 56 38 63 6d 47 35 7a 32 61 58 77 61 62 57 72 64 56 50 2e 65 51 52 45 Data Ascii: YHDd7cG06c8.uVv66dQ8jlEEZuS4EAzz6c9fQk8jeASOHgIEZaQ2b6ZW009RhIlvHiE8C62Jbyzkv8P6il3pY1xFyPDcQElLQv4bYGM.pNMMEjDqhMJRstQsNfgPnQuVEoBh_0ygYL3o56z4lgyJsOHcedU5GJpktnV5s1G4o9z0q3.Uvc4B12AcY1vyFWXaRjiITXKEZw41E6xjUog0h1_DDHQ394GF_IK1V1R0V8cmG5z2aXwabWrdVP.eQRE
2025-01-14 09:49:36 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49720	104.17.205.31	443	6628	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-14 09:49:36 UTC	1006	OUT	GET /lt.php?x=3DZy~GDLVnab5KCs-Nu4WOae1qEoiN9xvxk1XaPMVXahD5B9-Uy.xuG-142imNH HTTP/1.1 Host: akirapowered84501.activehosted.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=9d7dbd0d558ea9e70471dd725e957976; cmp92792114=8f780516515547ec18cb56ad1476453e; __cf_bm=cgQlJldpCAKRQLGliDZwGTxevQ.0P6MOYWqdh5aasZc-1736848175-1.0.1.1-neHWiVOaSWfK8p0N5rYks8E8xnC_G_hO1WloiqltKuE18RNdBuTzXdH6r9jxyW6lHxvyysI5RuMIdb.ubQ6FRg
2025-01-14 09:49:37 UTC	647	IN	HTTP/1.1 302 Found Date: Tue, 14 Jan 2025 09:49:37 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: close location: https://systemcheckai.com/ Cache-Control: no-store, no-cache, must-revalidate expires: Thu, 19 Nov 1981 08:52:00 GMT pragma: no-cache x-content-type-options: nosniff x-privacy-policy: You can find our privacy policy here: https://www.activecampaign.com/help/privacy-policy/ x-request-id: d7ae6a3dd084d514ab39bc8c723b3a15 x-robots-tag: noindex CF-Cache-Status: DYNAMIC Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Server: cloudflare CF-RAY: 901cb791cfdeef9d-EWR

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49721	35.190.80.1	443	6628	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-14 09:49:36 UTC	540	OUT	OPTIONS /report/v4?s=k1%2FESnbdeZPy03GvUst0o5cnbIs8ZhSVvQrIbIOSaEe%2FPJ5T%2BGpC6%2FpV2oB47yhN8FdnVDXqwceY6oNyNnm2VSuhN9z2kHuolkVis4LJ0GeSFd4gar0TNctV5xKXK%2BxHJewP HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://systemcheckai.com Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-14 09:49:36 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: OPTIONS, POST access-control-allow-origin: * access-control-allow-headers: content-length, content-type date: Tue, 14 Jan 2025 09:49:36 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49722	35.190.80.1	443	6628	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-14 09:49:37 UTC	480	OUT	POST /report/v4?s=k1%2FESnbdeZPy03GvUst0o5cnbIs8ZhSVvQrIbIOSaEe%2FPJ5T%2BGpC6%2FpV2oB47yhN8FdnVDXqwceY6oNyNnm2VSuhN9z2kHuolkVis4LJ0GeSFd4gar0TNctV5xKXK%2BxHJewP HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 386 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-14 09:49:37 UTC	386	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 32 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 36 36 38 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 30 34 2e 32 36 2e 35 2e 31 31 35 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 33 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 73 79 73 74 65 6d 63 68 65 63 6b 61 69 2e 63 6f 6d Data Ascii: [{"age":2,"body":{"elapsed_time":668,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"","sampling_fraction":1.0,"server_ip":"104.26.5.115","status_code":403,"type":"http.error"},"type":"network-error","url":"https://systemcheckai.com
2025-01-14 09:49:37 UTC	168	IN	HTTP/1.1 200 OK Content-Length: 0 date: Tue, 14 Jan 2025 09:49:37 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49723	104.26.5.115	443	6628	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-14 09:49:37 UTC	932	OUT	GET / HTTP/1.1 Host: systemcheckai.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-arch: "x86" sec-ch-ua-platform: "Windows" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-model: "" sec-ch-ua-bitness: "64" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-14 09:49:37 UTC	1285	IN	HTTP/1.1 403 Forbidden Date: Tue, 14 Jan 2025 09:49:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA cross-origin-embedder-policy: require-corp cross-origin-opener-policy: same-origin cross-origin-resource-policy: same-origin origin-agent-cluster: ?1 permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() referrer-policy: same-origin x-content-options: nosniff x-frame-options: SAMEORIGIN cf-mitigated: challenge
2025-01-14 09:49:37 UTC	915	IN	Data Raw: 63 66 2d 63 68 6c 2d 6f 75 74 3a 20 39 4c 5a 45 4a 38 38 49 71 34 59 72 4a 4e 6f 52 41 79 7a 7a 73 57 6d 55 57 35 63 74 33 70 2b 54 35 5a 5a 73 61 30 6e 50 4a 63 35 62 70 74 6e 46 79 6b 41 36 79 33 49 72 4b 62 46 58 68 65 76 46 46 50 59 5a 42 63 45 34 38 42 66 44 50 39 45 47 4b 47 53 36 52 4a 6e 42 2b 53 2f 45 55 72 73 47 52 63 73 68 50 2f 4a 74 73 54 30 72 78 2b 47 48 51 4d 79 69 6e 70 4a 6d 2f 33 4e 51 6b 69 56 7a 53 47 41 31 4a 63 78 31 34 68 5a 66 32 47 72 65 61 61 55 34 4a 67 3d 3d 24 6a 65 35 54 50 7a 53 37 31 74 64 72 77 79 77 37 69 35 67 34 49 67 3d 3d 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 72 69 76 61 74 65 2c 20 6d 61 78 2d 61 67 65 3d 30 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 6e 6f 2d 63 61 63 68 65 2c 20 6d 75 73 74 2d 72 65 76 61 Data Ascii: cf-chl-out: 9LZEJ88Iq4YrJNoRAyzzsWmUW5ct3p+T5ZZsa0nPJc5bptnFykA6y3IrKbFXhevFFPYZBcE48BfDP9EGKGS6RJnB+S/EUrsGRcshP/JtsT0rx+GHQMyinpJm/3NQkiVzSGA1Jcx14hZf2GreaaU4Jg==$je5TPzS71tdrwyw7i5g4Ig==Cache-Control: private, max-age=0, no-store, no-cache, must-reva
2025-01-14 09:49:37 UTC	1369	IN	Data Raw: 32 30 38 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d Data Ascii: 2082<!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><meta name="robots" content="noindex,nofollow"><meta name=
2025-01-14 09:49:37 UTC	1369	IN	Data Raw: 75 4d 7a 67 34 4c 6a 51 77 4e 79 34 7a 4f 44 6b 75 4e 44 41 33 4c 6a 6b 35 4e 43 41 77 49 43 34 31 4f 54 59 74 4c 6a 51 77 4e 79 34 35 4f 44 51 74 4c 6a 4d 35 4e 79 34 7a 4f 53 30 78 4c 6a 41 31 4e 79 34 7a 4f 44 6b 74 4c 6a 59 31 49 44 41 74 4d 53 34 77 4e 54 59 74 4c 6a 4d 34 4f 53 30 75 4d 7a 6b 34 4c 53 34 7a 4f 44 6b 74 4c 6a 4d 35 4f 43 30 75 4f 54 67 30 49 44 41 74 4c 6a 55 35 4e 79 34 7a 4f 54 67 74 4c 6a 6b 34 4e 53 34 30 4d 44 59 74 4c 6a 4d 35 4e 79 41 78 4c 6a 41 31 4e 69 30 75 4d 7a 6b 33 49 69 38 2b 50 43 39 7a 64 6d 63 2b 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 6e 6f 2d 72 65 70 65 61 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 63 6f 6e 74 61 69 6e 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 33 34 70 78 7d 40 6d Data Ascii: uMzg4LjQwNy4zODkuNDA3Ljk5NCAwIC41OTYtLjQwNy45ODQtLjM5Ny4zOS0xLjA1Ny4zODktLjY1IDAtMS4wNTYtLjM4OS0uMzk4LS4zODktLjM5OC0uOTg0IDAtLjU5Ny4zOTgtLjk4NS40MDYtLjM5NyAxLjA1Ni0uMzk3Ii8+PC9zdmc+);background-repeat:no-repeat;background-size:contain;padding-left:34px}@m
2025-01-14 09:49:37 UTC	1369	IN	Data Raw: 50 59 56 4d 62 69 4e 66 35 58 50 4f 59 33 58 45 73 76 50 77 34 4e 2e 4a 4a 42 71 4d 6d 55 65 73 70 47 51 6c 4f 70 73 46 54 63 66 4e 49 73 30 6d 66 4c 44 57 7a 61 56 69 4c 7a 4e 78 33 72 57 6a 7a 49 68 34 38 67 78 4b 6b 6d 5a 37 5f 68 54 30 47 58 51 77 67 41 39 54 71 4c 53 48 73 55 61 33 6f 42 36 4d 78 66 4e 35 48 66 7a 63 43 6f 77 70 54 4d 45 59 4e 48 45 53 4d 68 2e 79 67 78 74 69 6e 6b 68 6c 68 4b 43 54 67 69 6e 37 38 6d 6b 6f 53 45 64 55 45 59 73 59 34 4a 72 57 62 36 2e 2e 5f 35 42 52 48 6c 58 50 6b 79 51 6c 79 2e 69 53 65 5f 70 74 33 75 32 68 6d 6c 57 58 73 54 30 77 32 39 34 56 49 75 59 32 39 4e 44 63 43 46 30 70 54 31 78 69 78 4f 6e 64 4a 50 44 2e 4b 6c 64 73 30 34 43 6e 35 56 65 37 54 51 71 38 72 61 4d 75 4c 6e 4e 7a 38 6a 71 35 4d 66 73 74 58 67 69 Data Ascii: PYVMbiNf5XPOY3XEsvPw4N.JJBqMmUespGQlOpsFTcfNIs0mfLDWzaViLzNx3rWjzIh48gxKkmZ7_hT0GXQwgA9TqLSHsUa3oB6MxfN5HfzcCowpTMEYNHESMh.ygxtinkhlhKCTgin78mkoSEdUEYsY4JrWb6.._5BRHlXPkyQly.iSe_pt3u2hmlWXsT0w294VIuY29NDcCF0pT1xixOndJPD.Klds04Cn5Ve7TQq8raMuLnNz8jq5MfstXgi
2025-01-14 09:49:37 UTC	1369	IN	Data Raw: 45 38 77 37 33 73 68 74 4d 70 79 4f 54 59 33 62 5a 56 49 6a 62 4f 4c 34 79 4c 38 61 46 45 56 7a 4c 74 74 53 76 6c 51 74 6b 45 62 4e 73 4d 55 42 51 32 32 30 6d 52 49 71 32 32 74 78 48 75 4d 36 73 4d 63 31 6d 56 55 53 70 6a 30 59 74 7a 46 56 2e 77 79 54 5f 59 4b 75 4b 4f 2e 4a 47 49 6b 4f 33 37 56 53 4c 75 4c 41 39 34 58 54 5a 51 43 30 74 4f 56 69 63 69 54 4b 71 47 4a 73 61 78 4a 32 34 4b 49 4d 34 36 2e 4d 39 64 6f 48 32 76 43 62 50 42 70 63 43 76 4c 59 74 67 4e 71 79 70 67 36 66 50 68 78 73 6a 78 64 4b 50 39 64 49 62 6a 2e 4c 68 42 4d 59 6b 79 4f 74 75 74 65 73 6e 30 4b 52 2e 6b 7a 4a 4f 73 75 45 74 75 39 55 48 31 54 37 50 42 50 75 70 65 54 68 6b 31 34 4c 43 43 43 65 46 57 63 37 47 50 6f 7a 41 5a 4e 71 44 50 31 51 2e 79 5a 75 67 4b 38 42 49 4f 4d 69 6a 74 Data Ascii: E8w73shtMpyOTY3bZVIjbOL4yL8aFEVzLttSvlQtkEbNsMUBQ220mRIq22txHuM6sMc1mVUSpj0YtzFV.wyT_YKuKO.JGIkO37VSLuLA94XTZQC0tOViciTKqGJsaxJ24KIM46.M9doH2vCbPBpcCvLYtgNqypg6fPhxsjxdKP9dIbj.LhBMYkyOtutesn0KR.kzJOsuEtu9UH1T7PBPupeThk14LCCCeFWc7GPozAZNqDP1Q.yZugK8BIOMijt
2025-01-14 09:49:37 UTC	1369	IN	Data Raw: 61 35 48 39 38 31 73 4f 4e 4f 79 76 6e 68 47 51 73 33 71 4c 6f 31 66 45 36 57 66 47 56 6f 75 4b 6f 6d 51 47 67 77 31 46 4e 6f 41 67 63 78 54 4f 6a 58 71 48 31 41 30 44 41 43 63 76 72 6a 45 50 69 72 71 47 42 55 6a 43 43 65 52 48 68 72 6d 49 72 37 44 76 49 45 38 6a 52 73 36 72 41 6c 75 79 77 51 5f 7a 50 73 37 59 71 68 4b 62 6a 68 32 6d 32 52 76 4c 62 50 56 67 39 41 77 48 4f 5a 64 31 6c 6b 70 55 4d 75 6a 39 58 30 73 4b 70 45 67 51 5f 79 66 35 64 5a 6e 2e 30 6f 62 33 76 56 5a 53 56 6a 42 59 7a 6c 30 74 74 2e 55 4d 37 4c 6d 35 59 48 4b 47 72 70 68 57 42 4a 59 4a 69 31 32 53 74 59 66 6a 41 62 67 48 45 41 7a 6a 38 4d 2e 78 75 35 6c 74 64 65 4a 6e 4c 72 67 39 31 4c 6b 46 4b 6f 38 69 4d 73 42 67 4b 44 73 6f 78 38 43 67 4b 79 59 65 32 64 52 6e 56 38 6e 72 38 70 47 Data Ascii: a5H981sONOyvnhGQs3qLo1fE6WfGVouKomQGgw1FNoAgcxTOjXqH1A0DACcvrjEPirqGBUjCCeRHhrmIr7DvIE8jRs6rAluywQ_zPs7YqhKbjh2m2RvLbPVg9AwHOZd1lkpUMuj9X0sKpEgQ_yf5dZn.0ob3vVZSVjBYzl0tt.UM7Lm5YHKGrphWBJYJi12StYfjAbgHEAzj8M.xu5ltdeJnLrg91LkFKo8iMsBgKDsox8CgKyYe2dRnV8nr8pG
2025-01-14 09:49:37 UTC	1369	IN	Data Raw: 45 78 58 52 61 47 5f 45 55 6a 46 63 7a 70 59 63 63 66 4d 43 58 4a 51 6b 65 31 6d 4e 71 66 6f 6f 4a 42 32 56 79 53 35 74 37 4f 5f 57 76 78 31 63 66 71 67 39 78 46 77 30 4d 35 41 4f 78 39 6f 61 38 68 68 62 42 79 6e 47 70 59 7a 4d 4c 54 62 48 6d 4d 77 2e 32 70 4c 61 2e 4a 5a 54 6d 36 45 74 75 57 39 7a 73 6a 4c 51 50 6f 65 6b 6f 37 6f 75 42 59 72 33 6f 71 67 6e 59 4b 34 58 50 5a 37 51 6d 6e 50 69 6c 66 45 4b 64 79 45 6a 71 74 71 63 6f 42 5a 6c 46 53 6f 77 6c 4c 35 4e 5f 77 63 49 6c 78 7a 4e 5f 46 53 78 47 65 65 77 57 4c 50 6d 78 2e 42 36 47 48 69 49 30 4d 6f 4d 55 62 65 7a 79 34 45 4a 54 70 72 4b 33 46 35 4a 4d 74 55 46 33 73 33 62 77 59 38 56 61 63 59 36 68 72 2e 6d 63 30 41 57 47 7a 49 62 66 33 6f 37 4d 50 6d 56 76 48 4c 4c 66 5a 57 5f 68 6e 5f 48 45 39 47 Data Ascii: ExXRaG_EUjFczpYccfMCXJQke1mNqfooJB2VyS5t7O_Wvx1cfqg9xFw0M5AOx9oa8hhbBynGpYzMLTbHmMw.2pLa.JZTm6EtuW9zsjLQPoeko7ouBYr3oqgnYK4XPZ7QmnPilfEKdyEjqtqcoBZlFSowlL5N_wcIlxzN_FSxGeewWLPmx.B6GHiI0MoMUbezy4EJTprK3F5JMtUF3s3bwY8VacY6hr.mc0AWGzIbf3o7MPmVvHLLfZW_hn_HE9G
2025-01-14 09:49:37 UTC	116	IN	Data Raw: 61 63 65 53 74 61 74 65 28 6e 75 6c 6c 2c 20 6e 75 6c 6c 2c 20 6f 67 55 29 3b 7d 7d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 27 68 65 61 64 27 29 5b 30 5d 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 63 70 6f 29 3b 7d 28 29 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: aceState(null, null, ogU);}}document.getElementsByTagName('head')[0].appendChild(cpo);}());</script></body></html>
2025-01-14 09:49:37 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49724	104.26.5.115	443	6628	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-14 09:49:38 UTC	988	OUT	GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=901cb7967b83727b HTTP/1.1 Host: systemcheckai.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://systemcheckai.com/?__cf_chl_rt_tk=3Mzxe.a57zESUb2sYFe3argtlEgv14eqDBegv1aw7tA-1736848177-1.0.1.1-lNPStYJeb1wuLkmCg.vEe1YTwrphhDev6eAVw9pQiYI Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-14 09:49:38 UTC	837	IN	HTTP/1.1 200 OK Date: Tue, 14 Jan 2025 09:49:38 GMT Content-Type: application/javascript; charset=UTF-8 Content-Length: 97475 Connection: close cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6eoD8epUDp5VwVhjAAJDvsu2TdDyS6Hjl2vrWenhwvteU1KaAAq8v7dYj%2FKhBdsvZCeox8wKzCWddVL612OmNicGemRLoqCFQSn%2FPMrwaAhAN5PMdqlyxX5lo%2BzAyQRgmoCF"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 901cb79aadfe429e-EWR server-timing: cfL4;desc="?proto=TCP&rtt=2118&min_rtt=2115&rtt_var=800&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2840&recv_bytes=1588&delivery_rate=1362575&cwnd=208&unsent_bytes=0&cid=a2f520862a71c614&ts=155&x=0"
2025-01-14 09:49:38 UTC	532	IN	Data Raw: 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 2e 75 61 4f 3d 66 61 6c 73 65 3b 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 2e 75 61 53 52 3d 74 72 75 65 3b 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 2e 55 52 61 4f 61 38 3d 7b 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 63 68 61 6c 6c 65 6e 67 65 2e 73 75 70 70 6f 72 74 65 64 5f 62 72 6f 77 73 65 72 73 22 3a 22 68 74 74 70 73 25 33 41 25 32 46 25 32 46 64 65 76 65 6c 6f 70 65 72 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 25 32 46 66 75 6e 64 61 6d 65 6e 74 61 6c 73 25 32 46 67 65 74 2d 73 74 61 72 74 65 64 25 32 46 63 6f 6e 63 65 70 74 73 25 32 46 63 6c 6f 75 64 66 6c 61 72 65 2d 63 68 61 6c 6c 65 6e 67 65 73 25 32 46 25 32 33 62 72 6f 77 73 65 72 2d 73 75 70 70 6f 72 74 22 7d Data Ascii: window._cf_chl_opt.uaO=false;window._cf_chl_opt.uaSR=true;window._cf_chl_opt.URaOa8={"metadata":{"challenge.supported_browsers":"https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support"}
2025-01-14 09:49:38 UTC	1369	IN	Data Raw: 65 25 32 43 25 32 30 63 6f 6e 74 61 63 74 25 32 30 74 68 65 25 32 30 73 69 74 65 25 32 30 6f 77 6e 65 72 73 2e 22 2c 22 63 68 61 6c 6c 65 6e 67 65 5f 72 75 6e 6e 69 6e 67 22 3a 22 56 65 72 69 66 79 69 6e 67 25 32 30 79 6f 75 25 32 30 61 72 65 25 32 30 68 75 6d 61 6e 2e 25 32 30 54 68 69 73 25 32 30 6d 61 79 25 32 30 74 61 6b 65 25 32 30 61 25 32 30 66 65 77 25 32 30 73 65 63 6f 6e 64 73 2e 22 2c 22 66 6f 6f 74 65 72 5f 74 65 78 74 22 3a 22 50 65 72 66 6f 72 6d 61 6e 63 65 25 32 30 25 32 36 61 6d 70 25 33 42 25 32 30 73 65 63 75 72 69 74 79 25 32 30 62 79 25 32 30 43 6c 6f 75 64 66 6c 61 72 65 22 2c 22 66 61 76 69 63 6f 6e 5f 61 6c 74 22 3a 22 49 63 6f 6e 25 32 30 66 6f 72 25 32 30 25 32 35 25 37 42 70 6c 61 63 65 68 6f 6c 64 65 72 2e 63 6f 6d 25 37 44 22 Data Ascii: e%2C%20contact%20the%20site%20owners.","challenge_running":"Verifying%20you%20are%20human.%20This%20may%20take%20a%20few%20seconds.","footer_text":"Performance%20%26amp%3B%20security%20by%20Cloudflare","favicon_alt":"Icon%20for%20%25%7Bplaceholder.com%7D"
2025-01-14 09:49:38 UTC	1369	IN	Data Raw: 25 32 30 69 73 25 32 30 74 68 69 73 25 32 30 50 61 67 65 25 33 46 22 2c 22 63 68 65 63 6b 5f 64 65 6c 61 79 73 22 3a 22 56 65 72 69 66 69 63 61 74 69 6f 6e 25 32 30 69 73 25 32 30 74 61 6b 69 6e 67 25 32 30 6c 6f 6e 67 65 72 25 32 30 74 68 61 6e 25 32 30 65 78 70 65 63 74 65 64 2e 25 32 30 43 68 65 63 6b 25 32 30 79 6f 75 72 25 32 30 49 6e 74 65 72 6e 65 74 25 32 30 63 6f 6e 6e 65 63 74 69 6f 6e 25 32 30 61 6e 64 25 32 30 25 33 43 61 25 32 30 63 6c 61 73 73 25 33 44 25 32 32 72 65 66 72 65 73 68 5f 6c 69 6e 6b 25 32 32 25 33 45 72 65 66 72 65 73 68 25 32 30 74 68 65 25 32 30 70 61 67 65 25 33 43 25 32 46 61 25 33 45 25 32 30 69 66 25 32 30 74 68 65 25 32 30 69 73 73 75 65 25 32 30 70 65 72 73 69 73 74 73 2e 22 2c 22 62 72 6f 77 73 65 72 5f 6e 6f 74 5f 73 Data Ascii: %20is%20this%20Page%3F","check_delays":"Verification%20is%20taking%20longer%20than%20expected.%20Check%20your%20Internet%20connection%20and%20%3Ca%20class%3D%22refresh_link%22%3Erefresh%20the%20page%3C%2Fa%3E%20if%20the%20issue%20persists.","browser_not_s
2025-01-14 09:49:38 UTC	1369	IN	Data Raw: 69 62 6c 65 25 32 30 76 69 61 25 32 30 74 68 69 73 25 32 30 61 64 64 72 65 73 73 2e 22 2c 22 74 75 72 6e 73 74 69 6c 65 5f 6f 76 65 72 72 75 6e 5f 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 53 74 75 63 6b 25 32 30 68 65 72 65 25 33 46 22 2c 22 63 6f 6f 6b 69 65 73 5f 6d 69 73 73 69 6e 67 22 3a 22 50 6c 65 61 73 65 25 32 30 65 6e 61 62 6c 65 25 32 30 43 6f 6f 6b 69 65 73 25 32 30 61 6e 64 25 32 30 72 65 6c 6f 61 64 25 32 30 74 68 65 25 32 30 70 61 67 65 2e 22 2c 22 70 61 67 65 5f 74 69 74 6c 65 22 3a 22 4a 75 73 74 25 32 30 61 25 32 30 6d 6f 6d 65 6e 74 2e 2e 2e 22 2c 22 69 6e 74 65 72 73 74 69 74 69 61 6c 5f 68 65 6c 70 65 72 5f 65 78 70 6c 61 69 6e 65 72 22 3a 22 25 32 35 25 37 42 70 6c 61 63 65 68 6f 6c 64 65 72 2e 63 6f 6d 25 37 44 25 32 30 75 73 65 73 Data Ascii: ible%20via%20this%20address.","turnstile_overrun_description":"Stuck%20here%3F","cookies_missing":"Please%20enable%20Cookies%20and%20reload%20the%20page.","page_title":"Just%20a%20moment...","interstitial_helper_explainer":"%25%7Bplaceholder.com%7D%20uses
2025-01-14 09:49:38 UTC	1369	IN	Data Raw: 5f 74 69 6d 65 6f 75 74 22 3a 66 61 6c 73 65 2c 22 74 75 72 6e 73 74 69 6c 65 5f 66 65 65 64 62 61 63 6b 5f 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 66 61 6c 73 65 2c 22 74 65 73 74 69 6e 67 5f 6f 6e 6c 79 5f 61 6c 77 61 79 73 5f 70 61 73 73 22 3a 66 61 6c 73 65 2c 22 74 75 72 6e 73 74 69 6c 65 5f 6f 76 65 72 72 75 6e 5f 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 66 61 6c 73 65 2c 22 66 65 65 64 62 61 63 6b 5f 72 65 70 6f 72 74 5f 6f 75 74 70 75 74 5f 73 75 62 74 69 74 6c 65 22 3a 66 61 6c 73 65 7d 2c 22 72 74 6c 22 3a 66 61 6c 73 65 2c 22 6c 61 6e 67 22 3a 22 65 6e 2d 75 73 22 7d 3b 7e 66 75 6e 63 74 69 6f 6e 28 67 46 2c 65 4d 2c 65 4e 2c 65 51 2c 65 52 2c 66 6e 2c 66 70 2c 66 74 2c 66 75 2c 66 76 2c 66 7a 2c 66 41 2c 66 42 2c 66 4c 2c 66 4f 2c 66 51 2c 66 52 Data Ascii: _timeout":false,"turnstile_feedback_description":false,"testing_only_always_pass":false,"turnstile_overrun_description":false,"feedback_report_output_subtitle":false},"rtl":false,"lang":"en-us"};~function(gF,eM,eN,eQ,eR,fn,fp,ft,fu,fv,fz,fA,fB,fL,fO,fQ,fR
2025-01-14 09:49:38 UTC	1369	IN	Data Raw: 6e 20 69 3d 3d 68 7d 2c 27 68 5a 58 4a 6e 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 3e 69 7d 2c 27 54 46 6c 56 43 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 69 7c 68 7d 2c 27 42 6f 69 6b 51 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 2d 69 7d 2c 27 53 42 47 49 74 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 26 69 7d 2c 27 4a 42 53 50 75 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 2d 69 7d 2c 27 45 56 65 59 53 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 21 3d 3d 69 7d 2c 27 75 41 56 42 56 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 3c 69 7d 2c 27 4b 71 4d 48 64 27 Data Ascii: n i==h},'hZXJn':function(h,i){return h>i},'TFlVC':function(h,i){return i\|h},'BoikQ':function(h,i){return h-i},'SBGIt':function(h,i){return h&i},'JBSPu':function(h,i){return h-i},'EVeYS':function(h,i){return h!==i},'uAVBV':function(h,i){return h<i},'KqMHd'
2025-01-14 09:49:38 UTC	1369	IN	Data Raw: 34 39 29 5d 5b 68 49 28 35 31 39 29 5d 28 42 2c 43 29 29 7b 69 66 28 32 35 36 3e 43 5b 68 49 28 31 32 38 33 29 5d 28 30 29 29 7b 66 6f 72 28 73 3d 30 3b 73 3c 46 3b 48 3c 3c 3d 31 2c 64 5b 68 49 28 31 30 36 37 29 5d 28 49 2c 6a 2d 31 29 3f 28 49 3d 30 2c 47 5b 68 49 28 36 34 30 29 5d 28 64 5b 68 49 28 31 32 32 39 29 5d 28 6f 2c 48 29 29 2c 48 3d 30 29 3a 49 2b 2b 2c 73 2b 2b 29 3b 66 6f 72 28 4f 3d 43 5b 68 49 28 31 32 38 33 29 5d 28 30 29 2c 73 3d 30 3b 38 3e 73 3b 48 3d 48 3c 3c 31 7c 31 26 4f 2c 49 3d 3d 6a 2d 31 3f 28 49 3d 30 2c 47 5b 68 49 28 36 34 30 29 5d 28 64 5b 68 49 28 39 32 36 29 5d 28 6f 2c 48 29 29 2c 48 3d 30 29 3a 49 2b 2b 2c 4f 3e 3e 3d 31 2c 73 2b 2b 29 3b 7d 65 6c 73 65 7b 66 6f 72 28 4f 3d 31 2c 73 3d 30 3b 73 3c 46 3b 48 3d 64 5b 68 Data Ascii: 49)][hI(519)](B,C)){if(256>C[hI(1283)](0)){for(s=0;s<F;H<<=1,d[hI(1067)](I,j-1)?(I=0,G[hI(640)](d[hI(1229)](o,H)),H=0):I++,s++);for(O=C[hI(1283)](0),s=0;8>s;H=H<<1\|1&O,I==j-1?(I=0,G[hI(640)](d[hI(926)](o,H)),H=0):I++,O>>=1,s++);}else{for(O=1,s=0;s<F;H=d[h
2025-01-14 09:49:38 UTC	1369	IN	Data Raw: 26 28 44 3d 4d 61 74 68 5b 68 49 28 34 39 35 29 5d 28 32 2c 46 29 2c 46 2b 2b 29 2c 64 65 6c 65 74 65 20 42 5b 43 5d 7d 65 6c 73 65 20 66 6f 72 28 4f 3d 78 5b 43 5d 2c 73 3d 30 3b 64 5b 68 49 28 37 35 33 29 5d 28 73 2c 46 29 3b 48 3d 64 5b 68 49 28 38 30 39 29 5d 28 48 2c 31 29 7c 4f 26 31 2e 39 37 2c 49 3d 3d 64 5b 68 49 28 38 36 32 29 5d 28 6a 2c 31 29 3f 28 49 3d 30 2c 47 5b 68 49 28 36 34 30 29 5d 28 64 5b 68 49 28 31 32 32 39 29 5d 28 6f 2c 48 29 29 2c 48 3d 30 29 3a 49 2b 2b 2c 4f 3e 3e 3d 31 2c 73 2b 2b 29 3b 44 2d 2d 2c 44 3d 3d 30 26 26 46 2b 2b 7d 66 6f 72 28 4f 3d 32 2c 73 3d 30 3b 73 3c 46 3b 48 3d 48 3c 3c 31 7c 64 5b 68 49 28 34 36 35 29 5d 28 4f 2c 31 29 2c 49 3d 3d 64 5b 68 49 28 31 34 37 33 29 5d 28 6a 2c 31 29 3f 28 49 3d 30 2c 47 5b 68 Data Ascii: &(D=Math[hI(495)](2,F),F++),delete B[C]}else for(O=x[C],s=0;d[hI(753)](s,F);H=d[hI(809)](H,1)\|O&1.97,I==d[hI(862)](j,1)?(I=0,G[hI(640)](d[hI(1229)](o,H)),H=0):I++,O>>=1,s++);D--,D==0&&F++}for(O=2,s=0;s<F;H=H<<1\|d[hI(465)](O,1),I==d[hI(1473)](j,1)?(I=0,G[h
2025-01-14 09:49:38 UTC	1369	IN	Data Raw: 31 34 32 30 29 5d 3d 61 38 5b 68 4c 28 34 35 35 29 5d 5b 68 4c 28 31 34 32 30 29 5d 2c 73 5b 68 4c 28 38 30 36 29 5d 3d 61 39 5b 68 4c 28 34 35 35 29 5d 5b 68 4c 28 38 30 36 29 5d 2c 73 5b 68 4c 28 31 33 32 32 29 5d 3d 61 61 5b 68 4c 28 34 35 35 29 5d 5b 68 4c 28 35 33 39 29 5d 2c 78 3d 73 2c 42 3d 6e 65 77 20 61 62 5b 28 68 4c 28 39 30 37 29 29 5d 28 29 2c 21 42 29 72 65 74 75 72 6e 3b 43 3d 68 4c 28 31 33 37 37 29 2c 42 5b 68 4c 28 35 36 37 29 5d 28 43 2c 6f 2c 21 21 5b 5d 29 2c 42 5b 68 4c 28 35 34 33 29 5d 3d 35 65 33 2c 42 5b 68 4c 28 31 34 36 32 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 2c 42 5b 68 4c 28 38 33 39 29 5d 28 6a 5b 68 4c 28 36 30 37 29 5d 2c 6a 5b 68 4c 28 39 36 38 29 5d 29 2c 44 3d 7b 7d 2c 44 5b 68 4c 28 31 30 38 31 29 5d 3d 61 64 Data Ascii: 1420)]=a8[hL(455)][hL(1420)],s[hL(806)]=a9[hL(455)][hL(806)],s[hL(1322)]=aa[hL(455)][hL(539)],x=s,B=new ab[(hL(907))](),!B)return;C=hL(1377),B[hL(567)](C,o,!![]),B[hL(543)]=5e3,B[hL(1462)]=function(){},B[hL(839)](j[hL(607)],j[hL(968)]),D={},D[hL(1081)]=ad
2025-01-14 09:49:38 UTC	1369	IN	Data Raw: 5d 28 32 2c 31 36 29 2c 46 3d 31 3b 4b 21 3d 46 3b 4c 3d 48 26 47 2c 48 3e 3e 3d 31 2c 48 3d 3d 30 26 26 28 48 3d 6a 2c 47 3d 64 5b 68 50 28 39 31 38 29 5d 28 6f 2c 49 2b 2b 29 29 2c 4a 7c 3d 46 2a 28 30 3c 4c 3f 31 3a 30 29 2c 46 3c 3c 3d 31 29 3b 73 5b 42 2b 2b 5d 3d 65 28 4a 29 2c 4d 3d 42 2d 31 2c 78 2d 2d 3b 62 72 65 61 6b 3b 63 61 73 65 20 32 3a 72 65 74 75 72 6e 20 44 5b 68 50 28 38 38 34 29 5d 28 27 27 29 7d 69 66 28 78 3d 3d 30 26 26 28 78 3d 4d 61 74 68 5b 68 50 28 34 39 35 29 5d 28 32 2c 43 29 2c 43 2b 2b 29 2c 73 5b 4d 5d 29 4d 3d 73 5b 4d 5d 3b 65 6c 73 65 20 69 66 28 64 5b 68 50 28 31 30 38 36 29 5d 28 4d 2c 42 29 29 4d 3d 64 5b 68 50 28 31 30 31 32 29 5d 28 45 2c 45 5b 68 50 28 39 32 37 29 5d 28 30 29 29 3b 65 6c 73 65 20 72 65 74 75 72 6e Data Ascii: ](2,16),F=1;K!=F;L=H&G,H>>=1,H==0&&(H=j,G=d[hP(918)](o,I++)),J\|=F*(0<L?1:0),F<<=1);s[B++]=e(J),M=B-1,x--;break;case 2:return D[hP(884)]('')}if(x==0&&(x=Math[hP(495)](2,C),C++),s[M])M=s[M];else if(d[hP(1086)](M,B))M=d[hP(1012)](E,E[hP(927)](0));else return

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	49725	104.26.5.115	443	6628	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-14 09:49:39 UTC	984	OUT	GET /favicon.ico HTTP/1.1 Host: systemcheckai.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://systemcheckai.com/?__cf_chl_rt_tk=3Mzxe.a57zESUb2sYFe3argtlEgv14eqDBegv1aw7tA-1736848177-1.0.1.1-lNPStYJeb1wuLkmCg.vEe1YTwrphhDev6eAVw9pQiYI Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-14 09:49:39 UTC	1285	IN	HTTP/1.1 403 Forbidden Date: Tue, 14 Jan 2025 09:49:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA cross-origin-embedder-policy: require-corp cross-origin-opener-policy: same-origin cross-origin-resource-policy: same-origin origin-agent-cluster: ?1 permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() referrer-policy: same-origin x-content-options: nosniff x-frame-options: SAMEORIGIN cf-mitigated: challenge
2025-01-14 09:49:39 UTC	927	IN	Data Raw: 63 66 2d 63 68 6c 2d 6f 75 74 3a 20 61 55 53 2f 4d 61 42 57 6e 4f 4a 6f 71 53 5a 34 4a 39 7a 4a 45 4e 55 7a 55 64 52 44 6a 5a 79 59 68 39 73 71 70 64 62 54 33 2b 76 49 67 56 59 5a 68 65 45 52 44 7a 63 76 4d 65 76 76 68 61 73 34 53 4b 66 71 35 2b 2b 32 2b 6c 36 79 6c 63 61 72 38 6c 45 2f 52 35 6f 45 42 48 43 54 78 32 48 4d 78 71 52 6c 4e 50 41 37 47 4a 61 47 33 71 4d 75 34 61 65 2b 78 6e 37 54 53 35 75 6e 49 79 38 68 64 6b 42 63 48 36 46 6a 39 31 57 75 73 48 33 79 62 63 6c 6e 7a 41 3d 3d 24 35 38 57 4c 64 51 68 57 63 31 62 42 69 44 7a 78 4b 59 30 78 4a 67 3d 3d 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 72 69 76 61 74 65 2c 20 6d 61 78 2d 61 67 65 3d 30 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 6e 6f 2d 63 61 63 68 65 2c 20 6d 75 73 74 2d 72 65 76 61 Data Ascii: cf-chl-out: aUS/MaBWnOJoqSZ4J9zJENUzUdRDjZyYh9sqpdbT3+vIgVYZheERDzcvMevvhas4SKfq5++2+l6ylcar8lE/R5oEBHCTx2HMxqRlNPA7GJaG3qMu4ae+xn7TS5unIy8hdkBcH6Fj91WusH3ybclnzA==$58WLdQhWc1bBiDzxKY0xJg==Cache-Control: private, max-age=0, no-store, no-cache, must-reva
2025-01-14 09:49:39 UTC	1369	IN	Data Raw: 32 31 32 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d Data Ascii: 2122<!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><meta name="robots" content="noindex,nofollow"><meta name=
2025-01-14 09:49:39 UTC	1369	IN	Data Raw: 75 4d 7a 67 34 4c 6a 51 77 4e 79 34 7a 4f 44 6b 75 4e 44 41 33 4c 6a 6b 35 4e 43 41 77 49 43 34 31 4f 54 59 74 4c 6a 51 77 4e 79 34 35 4f 44 51 74 4c 6a 4d 35 4e 79 34 7a 4f 53 30 78 4c 6a 41 31 4e 79 34 7a 4f 44 6b 74 4c 6a 59 31 49 44 41 74 4d 53 34 77 4e 54 59 74 4c 6a 4d 34 4f 53 30 75 4d 7a 6b 34 4c 53 34 7a 4f 44 6b 74 4c 6a 4d 35 4f 43 30 75 4f 54 67 30 49 44 41 74 4c 6a 55 35 4e 79 34 7a 4f 54 67 74 4c 6a 6b 34 4e 53 34 30 4d 44 59 74 4c 6a 4d 35 4e 79 41 78 4c 6a 41 31 4e 69 30 75 4d 7a 6b 33 49 69 38 2b 50 43 39 7a 64 6d 63 2b 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 6e 6f 2d 72 65 70 65 61 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 63 6f 6e 74 61 69 6e 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 33 34 70 78 7d 40 6d Data Ascii: uMzg4LjQwNy4zODkuNDA3Ljk5NCAwIC41OTYtLjQwNy45ODQtLjM5Ny4zOS0xLjA1Ny4zODktLjY1IDAtMS4wNTYtLjM4OS0uMzk4LS4zODktLjM5OC0uOTg0IDAtLjU5Ny4zOTgtLjk4NS40MDYtLjM5NyAxLjA1Ni0uMzk3Ii8+PC9zdmc+);background-repeat:no-repeat;background-size:contain;padding-left:34px}@m
2025-01-14 09:49:39 UTC	1369	IN	Data Raw: 62 43 47 54 61 51 36 6f 36 4b 47 79 54 4e 77 63 55 33 6c 79 76 6d 70 67 61 74 71 48 77 33 67 30 63 38 74 70 64 52 6f 43 47 73 6d 4f 54 37 53 47 44 71 79 6f 51 51 4c 79 33 35 44 47 68 2e 4d 4e 34 55 5a 53 6c 74 76 35 69 57 52 66 75 5a 49 74 46 6c 71 52 6c 2e 48 6b 65 44 42 57 63 33 63 42 4d 37 4d 69 6e 6f 4c 42 62 6b 6e 71 77 77 38 41 36 5f 32 5a 39 62 45 74 52 55 4a 47 6d 6d 61 57 79 64 75 6d 43 61 67 52 41 67 36 6f 67 34 78 65 70 39 6d 33 37 77 6b 69 5f 55 5a 62 6e 4d 42 6e 4a 34 66 58 76 73 79 32 43 47 70 5f 67 69 5a 37 32 61 32 54 6c 6e 59 75 2e 4a 79 41 50 37 42 67 78 79 5f 59 4f 4b 75 65 4a 44 61 75 52 77 57 44 61 42 49 36 4e 59 4b 42 6b 39 67 2e 78 50 45 59 71 79 36 6c 78 30 39 5f 54 7a 45 46 47 49 48 6e 47 48 42 46 54 66 62 4e 79 79 65 67 74 4f 31 Data Ascii: bCGTaQ6o6KGyTNwcU3lyvmpgatqHw3g0c8tpdRoCGsmOT7SGDqyoQQLy35DGh.MN4UZSltv5iWRfuZItFlqRl.HkeDBWc3cBM7MinoLBbknqww8A6_2Z9bEtRUJGmmaWydumCagRAg6og4xep9m37wki_UZbnMBnJ4fXvsy2CGp_giZ72a2TlnYu.JyAP7Bgxy_YOKueJDauRwWDaBI6NYKBk9g.xPEYqy6lx09_TzEFGIHnGHBFTfbNyyegtO1
2025-01-14 09:49:39 UTC	1369	IN	Data Raw: 53 70 49 48 7a 44 4f 54 73 63 69 61 66 30 4c 4e 34 68 4e 67 58 52 51 75 55 61 58 47 4a 48 64 4b 78 55 47 34 48 44 59 30 69 6d 67 50 68 50 6e 37 4a 4e 72 77 37 32 64 76 4f 75 54 53 30 33 68 77 69 58 55 68 2e 6f 57 55 6d 72 75 63 4e 32 72 47 66 35 64 43 30 44 75 6b 56 70 6e 7a 73 42 33 44 46 55 69 72 67 70 2e 65 51 58 42 76 73 44 4d 38 5a 53 79 79 49 72 63 74 53 62 6f 57 54 31 4a 76 57 79 50 46 66 5f 72 6d 32 32 74 6f 70 48 34 6b 4f 70 6b 6a 63 74 73 35 36 41 4a 57 52 30 47 63 5f 31 6c 53 49 6d 43 5a 6a 35 37 56 35 6e 38 31 5a 6c 62 4c 61 35 37 46 41 2e 6b 6c 76 5a 67 5f 48 50 47 4e 38 74 64 45 54 43 43 6c 6c 58 52 73 34 75 32 5f 2e 5a 6b 61 31 70 6e 74 35 4f 47 2e 77 73 59 38 44 36 6b 39 4f 57 4f 7a 68 6e 4e 6d 50 4c 71 37 45 45 38 31 34 7a 41 59 5f 65 4b Data Ascii: SpIHzDOTsciaf0LN4hNgXRQuUaXGJHdKxUG4HDY0imgPhPn7JNrw72dvOuTS03hwiXUh.oWUmrucN2rGf5dC0DukVpnzsB3DFUirgp.eQXBvsDM8ZSyyIrctSboWT1JvWyPFf_rm22topH4kOpkjcts56AJWR0Gc_1lSImCZj57V5n81ZlbLa57FA.klvZg_HPGN8tdETCCllXRs4u2_.Zka1pnt5OG.wsY8D6k9OWOzhnNmPLq7EE814zAY_eK
2025-01-14 09:49:39 UTC	1369	IN	Data Raw: 67 69 6e 70 79 36 72 35 69 76 64 5a 37 58 6d 64 45 34 34 61 62 74 42 69 56 49 39 64 41 73 46 65 41 59 67 63 47 49 33 45 30 4e 63 4a 73 47 4a 4d 41 4d 53 4d 72 5a 36 4c 67 79 6d 67 6a 66 36 6b 6d 65 34 31 33 39 62 31 45 38 6f 6e 35 39 42 4d 6f 48 5a 4e 56 42 31 70 36 6a 45 41 6c 64 53 62 39 67 64 50 74 58 4e 7a 71 46 65 5a 57 67 4e 79 38 61 4f 70 37 5a 59 2e 77 62 6d 64 46 34 62 38 52 63 73 56 48 6c 78 59 6b 54 30 4b 75 54 61 53 61 6c 62 55 46 49 42 53 59 67 34 4e 33 66 6c 54 5f 49 4a 68 48 43 4a 68 41 77 4a 38 71 46 70 4d 5a 73 43 6d 37 63 43 44 76 66 35 76 62 68 56 35 6a 56 41 66 65 4e 71 44 43 4a 43 66 7a 69 43 68 7a 54 70 39 30 53 5f 65 78 30 7a 78 55 53 76 35 51 65 67 4d 74 57 56 62 73 34 2e 34 61 6e 52 59 55 4f 55 64 6f 31 66 78 63 4f 39 39 2e 69 4b Data Ascii: ginpy6r5ivdZ7XmdE44abtBiVI9dAsFeAYgcGI3E0NcJsGJMAMSMrZ6Lgymgjf6kme4139b1E8on59BMoHZNVB1p6jEAldSb9gdPtXNzqFeZWgNy8aOp7ZY.wbmdF4b8RcsVHlxYkT0KuTaSalbUFIBSYg4N3flT_IJhHCJhAwJ8qFpMZsCm7cCDvf5vbhV5jVAfeNqDCJCfziChzTp90S_ex0zxUSv5QegMtWVbs4.4anRYUOUdo1fxcO99.iK
2025-01-14 09:49:39 UTC	1369	IN	Data Raw: 31 5f 7a 68 4f 38 39 30 71 4b 55 56 5f 46 61 31 36 6b 6e 43 56 54 70 4d 69 51 62 53 47 4d 46 61 35 57 62 39 66 55 69 6f 5f 6a 35 73 58 52 6c 6a 34 66 51 76 5f 35 45 4e 48 4d 42 4b 46 52 66 6a 48 56 38 66 30 74 4a 30 47 67 69 54 6b 5a 79 75 57 79 45 5f 74 72 6c 50 4c 57 76 31 30 4e 6a 63 4c 56 78 61 36 59 68 59 6a 4c 67 5f 69 66 69 4e 62 52 72 6a 4d 70 43 4d 75 65 4e 76 6f 6a 37 4a 7a 41 4c 6d 61 6f 55 41 39 6b 33 73 43 78 66 52 54 70 46 4a 4f 53 79 45 6c 54 50 42 6d 47 52 39 79 63 5f 4c 49 6e 77 6b 57 38 74 46 46 53 69 38 51 6f 79 71 41 7a 76 64 66 58 73 43 72 6e 6f 5a 4d 54 58 51 78 48 44 73 7a 38 66 63 4f 66 7a 43 4c 7a 42 49 71 65 54 31 2e 73 57 35 65 68 58 33 4b 62 6f 4b 74 4d 64 52 65 45 4f 75 31 43 4b 44 4d 70 42 6c 48 71 42 67 6d 39 41 73 39 4a 4e Data Ascii: 1_zhO890qKUV_Fa16knCVTpMiQbSGMFa5Wb9fUio_j5sXRlj4fQv_5ENHMBKFRfjHV8f0tJ0GgiTkZyuWyE_trlPLWv10NjcLVxa6YhYjLg_ifiNbRrjMpCMueNvoj7JzALmaoUA9k3sCxfRTpFJOSyElTPBmGR9yc_LInwkW8tFFSi8QoyqAzvdfXsCrnoZMTXQxHDsz8fcOfzCLzBIqeT1.sW5ehX3KboKtMdReEOu1CKDMpBlHqBgm9As9JN
2025-01-14 09:49:39 UTC	276	IN	Data Raw: 4f 67 2e 54 52 6f 4f 5a 6e 49 47 5f 45 41 62 34 6b 33 47 52 69 73 76 4b 73 47 49 2d 31 37 33 36 38 34 38 31 37 39 2d 31 2e 30 2e 31 2e 31 2d 35 6a 58 4c 65 5f 73 58 49 66 66 37 6e 34 72 49 79 65 50 4e 46 50 48 45 55 64 4d 46 51 5a 76 52 49 4d 66 69 53 32 62 55 6c 6a 34 22 20 2b 20 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 2e 63 4f 67 55 48 61 73 68 29 3b 63 70 6f 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 68 69 73 74 6f 72 79 2e 72 65 70 6c 61 63 65 53 74 61 74 65 28 6e 75 6c 6c 2c 20 6e 75 6c 6c 2c 20 6f 67 55 29 3b 7d 7d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 27 68 65 61 64 27 29 5b 30 5d 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 63 70 6f 29 3b 7d 28 29 29 3b 3c 2f 73 63 Data Ascii: Og.TRoOZnIG_EAb4k3GRisvKsGI-1736848179-1.0.1.1-5jXLe_sXIff7n4rIyePNFPHEUdMFQZvRIMfiS2bUlj4" + window._cf_chl_opt.cOgUHash);cpo.onload = function() {history.replaceState(null, null, ogU);}}document.getElementsByTagName('head')[0].appendChild(cpo);}());</sc
2025-01-14 09:49:39 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	53651	35.190.80.1	443	6628	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-14 09:50:36 UTC	544	OUT	OPTIONS /report/v4?s=EWAqTtAbAv7%2FDzu%2FkIf7r%2F2O3N4IDN413lMQqp333G5DlTw9263JiEUFv%2FRPnw7c%2B1yLiM2S8X%2BQCupXitu0y3D8uRuSozvw8t8G%2F2vmpvq0xQSui2Sfi2Nw8OLLFS6MWtVw HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://systemcheckai.com Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-14 09:50:36 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: OPTIONS, POST access-control-allow-origin: * access-control-allow-headers: content-length, content-type date: Tue, 14 Jan 2025 09:50:36 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	53652	35.190.80.1	443	6628	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-14 09:50:37 UTC	485	OUT	POST /report/v4?s=EWAqTtAbAv7%2FDzu%2FkIf7r%2F2O3N4IDN413lMQqp333G5DlTw9263JiEUFv%2FRPnw7c%2B1yLiM2S8X%2BQCupXitu0y3D8uRuSozvw8t8G%2F2vmpvq0xQSui2Sfi2Nw8OLLFS6MWtVw HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 1585 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-14 09:50:37 UTC	1585	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 35 37 37 37 32 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 38 33 35 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 73 79 73 74 65 6d 63 68 65 63 6b 61 69 2e 63 6f 6d 2f 3f 5f 5f 63 66 5f 63 68 6c 5f 72 74 5f 74 6b 3d 33 4d 7a 78 65 2e 61 35 37 7a 45 53 55 62 32 73 59 46 65 33 61 72 67 74 6c 45 67 76 31 34 65 71 44 42 65 67 76 31 61 77 37 74 41 2d 31 37 33 36 38 34 38 31 37 37 2d 31 2e 30 2e 31 2e 31 2d 6c 4e 50 53 74 59 4a 65 62 31 77 75 4c 6b 6d 43 67 2e 76 45 65 31 59 54 77 72 70 68 68 44 65 76 36 65 41 56 77 39 Data Ascii: [{"age":57772,"body":{"elapsed_time":835,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://systemcheckai.com/?__cf_chl_rt_tk=3Mzxe.a57zESUb2sYFe3argtlEgv14eqDBegv1aw7tA-1736848177-1.0.1.1-lNPStYJeb1wuLkmCg.vEe1YTwrphhDev6eAVw9
2025-01-14 09:50:37 UTC	168	IN	HTTP/1.1 200 OK Content-Length: 0 date: Tue, 14 Jan 2025 09:50:37 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Target ID:	0
Start time:	04:49:23
Start date:	14/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	04:49:26
Start date:	14/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1960,i,9341624550484582711,7299028783193177845,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	04:49:32
Start date:	14/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://akirapowered84501.emlnk.com/lt.php?x=3DZy~GDLVnab5KCs-Nu4WOae1qEoiN9xvxk1XaPMVXahD5B9-Uy.xuG-142imNH"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://akirapowered84501.emlnk.com/lt.php?x=3DZy~GDLVnab5KCs-Nu4WOae1qEoiN9xvxk1XaPMVXahD5B9-Uy.xuG-142imNH

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 2696, Parent PID: 5668

General

Chronological Activities

Analysis Process: chrome.exePID: 6628, Parent PID: 2696

General

Chronological Activities

Windows Analysis Report
https://akirapowered84501.emlnk.com/lt.php?x=3DZy~GDLVnab5KCs-Nu4WOae1qEoiN9xvxk1XaPMVXahD5B9-Uy.xuG-142imNH