Edit tour

Windows Analysis Report
https://kh.slmeuxoe.com/YGVFEAIZXSSJYGXhvxgbpbohehnonpjdWK1QIVUCFR9BGKVJ4JXW995XRH156?HFWIICRFSJQPUCAUMMWWLZ

Overview

General Information

Sample URL:	https://kh.slmeuxoe.com/YGVFEAIZXSSJYGXhvxgbpbohehnonpjdWK1QIVUCFR9BGKVJ4JXW995XRH156?HFWIICRFSJQPUCAUMMWWLZ
Analysis ID:	1671085
Infos:

Detection

Score:	56
Range:	0 - 100
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

HTML body contains low number of good links

HTML title does not match URL

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6912 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 5280 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2040,i,861790946870713485,9294850841244077630,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2092 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 7060 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2040,i,861790946870713485,9294850841244077630,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=4036 /prefetch:8 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 7320 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://kh.slmeuxoe.com/YGVFEAIZXSSJYGXhvxgbpbohehnonpjdWK1QIVUCFR9BGKVJ4JXW995XRH156?HFWIICRFSJQPUCAUMMWWLZ" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

HTTP traffic detected: POST /report/v4?s=ATQPfn2W64I9fOeyvW9isv%2FCFr2TUBiqM5eZP335a9C%2Bthx076%2F%2BibthV5wQbQXV7prgqc%2FyDo4J8eA99ilC%2Fbse49hVWrcRe3c4baplRWlVNOiL32g8lP898r%2BuiT3%2FDqvr HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 504Content-Type: application/reports+jsonOrigin: https://kh.slmeuxoe.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 22 Apr 2025 13:57:38 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeServer: cloudflareReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ATQPfn2W64I9fOeyvW9isv%2FCFr2TUBiqM5eZP335a9C%2Bthx076%2F%2BibthV5wQbQXV7prgqc%2FyDo4J8eA99ilC%2Fbse49hVWrcRe3c4baplRWlVNOiL32g8lP898r%2BuiT3%2FDqvr"}],"group":"cf-nel","max_age":604800}Nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-EncodingServer-Timing: cfL4;desc="?proto=TCP&rtt=10117&min_rtt=9955&rtt_var=3849&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2821&recv_bytes=2315&delivery_rate=286087&cwnd=251&unsent_bytes=0&cid=e3d4e570002362f3&ts=28&x=0"Cache-Control: max-age=14400Cf-Cache-Status: EXPIREDCF-RAY: 9345a1a0cf09598b-PHXalt-svc: h3=":443"; ma=86400

Source: chromecache_46.3.dr	String found in binary or memory: https://fonts.googleapis.com/css2?family=Montserrat:wght
Source: chromecache_44.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v29/JTUSjIg1_i6t8kCHKm459W1hyzbi.woff2)
Source: chromecache_44.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v29/JTUSjIg1_i6t8kCHKm459WRhyzbi.woff2)
Source: chromecache_44.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v29/JTUSjIg1_i6t8kCHKm459WZhyzbi.woff2)
Source: chromecache_44.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v29/JTUSjIg1_i6t8kCHKm459Wdhyzbi.woff2)
Source: chromecache_44.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v29/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2)
Source: chromecache_44.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3-UBGEe.woff2)
Source: chromecache_44.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3CUBGEe.woff2)
Source: chromecache_44.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3GUBGEe.woff2)
Source: chromecache_44.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3KUBGEe.woff2)
Source: chromecache_44.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3OUBGEe.woff2)
Source: chromecache_44.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3iUBGEe.woff2)
Source: chromecache_44.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2)
Source: chromecache_44.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMawCUBGEe.woff2)
Source: chromecache_44.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMaxKUBGEe.woff2)
Source: chromecache_46.3.dr	String found in binary or memory: https://via.placeholder.com/100
Source: chromecache_46.3.dr	String found in binary or memory: https://via.placeholder.com/1920x600
Source: chromecache_46.3.dr	String found in binary or memory: https://via.placeholder.com/300x200

Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49675
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712

Source: unknown	HTTPS traffic detected: 142.250.69.4:443 -> 192.168.2.5:49702 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.209.55:443 -> 192.168.2.5:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.209.55:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.5:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.27.254:443 -> 192.168.2.5:49712 version: TLS 1.2

Source: classification engine

Classification label: mal56.win@23/10@9/4

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2040,i,861790946870713485,9294850841244077630,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2092 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2040,i,861790946870713485,9294850841244077630,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=4036 /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://kh.slmeuxoe.com/YGVFEAIZXSSJYGXhvxgbpbohehnonpjdWK1QIVUCFR9BGKVJ4JXW995XRH156?HFWIICRFSJQPUCAUMMWWLZ"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2040,i,861790946870713485,9294850841244077630,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2092 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2040,i,861790946870713485,9294850841244077630,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=4036 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://kh.slmeuxoe.com/YGVFEAIZXSSJYGXhvxgbpbohehnonpjdWK1QIVUCFR9BGKVJ4JXW995XRH156?HFWIICRFSJQPUCAUMMWWLZ	100%	Avira URL Cloud	malware

Source	Detection	Scanner	Label	Link
https://kh.slmeuxoe.com/favicon.ico	100%	Avira URL Cloud	malware

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
a.nel.cloudflare.com	35.190.80.1	true	false	high
kh.slmeuxoe.com	172.67.209.55	true	false	unknown
www.google.com	142.250.69.4	true	false	high
via.placeholder.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://kh.slmeuxoe.com/favicon.ico	false	Avira URL Cloud: malware	unknown
https://a.nel.cloudflare.com/report/v4?s=ATQPfn2W64I9fOeyvW9isv%2FCFr2TUBiqM5eZP335a9C%2Bthx076%2F%2BibthV5wQbQXV7prgqc%2FyDo4J8eA99ilC%2Fbse49hVWrcRe3c4baplRWlVNOiL32g8lP898r%2BuiT3%2FDqvr	false		high
https://kh.slmeuxoe.com/YGVFEAIZXSSJYGXhvxgbpbohehnonpjdWK1QIVUCFR9BGKVJ4JXW995XRH156?HFWIICRFSJQPUCAUMMWWLZ	true		unknown
https://kh.slmeuxoe.com/YGVFEAIZXSSJYGXhvxgbpbohehnonpjdWK1QIVUCFR9BGKVJ4JXW995XRH156?HFWIICRFSJQPUCAUMMWWLZ#contact	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://via.placeholder.com/1920x600	chromecache_46.3.dr	false	high
https://via.placeholder.com/100	chromecache_46.3.dr	false	high
https://via.placeholder.com/300x200	chromecache_46.3.dr	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.69.4	www.google.com	United States	15169	GOOGLEUS	false
172.67.209.55	kh.slmeuxoe.com	United States	13335	CLOUDFLARENETUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.5

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1671085
Start date and time:	2025-04-22 15:56:34 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 1s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://kh.slmeuxoe.com/YGVFEAIZXSSJYGXhvxgbpbohehnonpjdWK1QIVUCFR9BGKVJ4JXW995XRH156?HFWIICRFSJQPUCAUMMWWLZ
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	15
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.win@23/10@9/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, sppsvc.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 84.201.221.40, 142.250.68.238, 142.250.68.227, 142.250.141.84, 142.250.69.14, 142.250.68.234, 142.250.69.10, 192.178.49.170, 192.178.49.202, 142.250.69.3, 192.178.49.195, 184.29.183.29, 52.149.20.212, 4.245.163.56
Excluded domains from analysis (whitelisted): fonts.googleapis.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, c2a9c95e369881c67228a6591cac2686.clo.footprintdns.com, ax-ring.msedge.net, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com, c.pki.goog
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
VT rate limit hit for: https://kh.slmeuxoe.com/YGVFEAIZXSSJYGXhvxgbpbohehnonpjdWK1QIVUCFR9BGKVJ4JXW995XRH156?HFWIICRFSJQPUCAUMMWWLZ

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	40
Entropy (8bit):	4.327567157116928
Encrypted:	false
SSDEEP:	3:mSgGunSHnPepWnYn:mS6SHPyn
MD5:	5E67B3E03214E73743EF23244EAFCD7A
SHA1:	0E1326AB9608776AA5D7598DBFDEB300909E5864
SHA-256:	B49134A43A5F9F2DF977306465AF6832D394EAD11F0AC9937459CFDD422E38FE
SHA-512:	832C82525C39A562BEB7CB0F7C73A71AA800936648C620F956BC47A6CC065C1F8442F97FB535586068C11993635BA03F6FF943D962155B9B9C2623EE84A4FA20
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhInCQnhpRo9t5bcEgUNlFT6zxIFDYOoWz0SBQ3GaLD8IV6p-zS1xa9G?alt=proto
Preview:	ChsKBw2UVPrPGgAKBw2DqFs9GgAKBw3GaLD8GgA=

Chrome Cache Entry: 43

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 40128, version 1.0
Category:	downloaded
Size (bytes):	40128
Entropy (8bit):	7.994526034157349
Encrypted:	true
SSDEEP:	768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO
MD5:	9A01B69183A9604AB3A439E388B30501
SHA1:	8ED1D59003D0DBE6360481017B44665153665FBE
SHA-256:	20B535FA80C8189E3B87D1803038389960203A886D502BC2EF1857AFFC2F38D2
SHA-512:	0E6795255B6EEA00B5403FD7E3B904D52776D49AC63A31C2778361262883697943AEDCB29FEEE85694BA6F19EAA34DDDB9A5BFE7118F4A25B4757E92C331FECA
Malicious:	false
Reputation:	low
URL:	https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2
Preview:	wOF2..............$....F..........................p.....t?HVAR...`?STAT.N'...B..~.../~.....`..i..X.0..j.6.$..,. .... ..N[{.q.v...Lw.Q..o..J...6.Z.g.F.n..g\{t....%.!3)....sS.o...$."c.^<.iZc.I]c....0+. ..I..9.H.3..B.&.....'e....5.p.R(.j~\=..Wt.{..1.[u..Fn..<.-g.3..L..o.....E.-Q.........I..-/.4....{.Uj...3.K...g.Z....0...2)%.{......gN.../f.7....o.K....^V...!j...<...gf....\XjI.<p.PJh.4....,.S....&.C...R..,@ba..<..z.\|.X.&.(.mf.w[..l.35Mp...A.A.=d........fj...}W6..y....[...i.......!........NLND....n'"...N*k)0<n.P.......w.j..>9.vV...Z.`.$$!.".(.`ATV.,..0.]3.<.d(...-s...2.w....P@.&...-.9x7.'....Sg.N=m.=....(..))-bA<.x.......=@4qs..Ss......K...{.=H.......z...NUS....Y..6.K.......n.....F4.B....=w.....+..F3...fB..........y1...,.(...`,..&vIrP.^.fiQY..5....H.a......q...s."..\..':.xK}...fU.z.j.......$L.......f.g&....R...!.Wmew3.1%2W.'"6u..r.q"F.......~i{..9xN.g.X..NMx.H.s@.8..J.t.SP.C`-GU)G/'..6".+......f..n..Aw....r....l.<r...Cke..D....T/."..c..mj..

Chrome Cache Entry: 44

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1572)
Category:	downloaded
Size (bytes):	20529
Entropy (8bit):	5.341675812562837
Encrypted:	false
SSDEEP:	384:As25lCf5CgCPCrCyUC/qY4+C4CYCpCfMC1CWC6CyhC/qY4XCNCtCiCfDCOCdCBCC:gKhOoJUaRbn07Un9JhaEqOrELg2Jaa77
MD5:	5EB51653E41419D8489B3E2EA832A2B6
SHA1:	EA65E6995D1492971BD97FF5FB0C4276EC6EE384
SHA-256:	1FC4E404D32B7FB6FA043CD2A72C9EA3A86D6E0DA1F8F80062D6415202382680
SHA-512:	234D7A3E8397D6176A2CAD08E6645A2FF293E09AD2FA37F6C47C6FE25FF4EC8D2FA4C964DC9E671B18EF2A4B19E4E4E9CE02CC5603B19F6D30A71556374E9187
Malicious:	false
Reputation:	low
URL:	https://fonts.googleapis.com/css2?family=Montserrat:wght@400;700&family=Roboto:wght@300;400;500&display=swap
Preview:	/* cyrillic-ext /.@font-face {. font-family: 'Montserrat';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/montserrat/v29/JTUSjIg1_i6t8kCHKm459WRhyzbi.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C8A, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./ cyrillic /.@font-face {. font-family: 'Montserrat';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/montserrat/v29/JTUSjIg1_i6t8kCHKm459W1hyzbi.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./ vietnamese */.@font-face {. font-family: 'Montserrat';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/montserrat/v29/JTUSjIg1_i6t8kCHKm459WZhyzbi.woff2) format('woff2');. unicode-range: U+0102-0103, U+0110-0111, U+0128-0129, U+0168-0169, U+01A0-01A1, U+01AF-01B0, U+0300-0301, U+0303-0304, U+0308-0309, U+0323, U+

Chrome Cache Entry: 45

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 37828, version 1.0
Category:	downloaded
Size (bytes):	37828
Entropy (8bit):	7.994199601770781
Encrypted:	true
SSDEEP:	768:TLreREud92B1C5buEpioxWe6O1ESHFnLQkbknuF1dcjI5djeBX:Tu68248oxWe6O19H1zwnubdk
MD5:	50B140B1E97D859D6D0603414F4298EE
SHA1:	500E4872EE1BA9CF89F1BA626D64987B0F9AB5C9
SHA-256:	FDC9964050BFA24C27A3C76C6791B3674292A5F352CBC83D7A4DC49595BC3FB1
SHA-512:	55EF84E956A7943E3FC61A8A349E64E9F35B7DFC63402AB52B995F43A7CD4B1D2ACD300126DCDD610D0B106AF426848F998CCF154F712034422D242D6AD9130D
Malicious:	false
Reputation:	low
URL:	https://fonts.gstatic.com/s/montserrat/v29/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
Preview:	wOF2..............~....C..........................^...V..D?HVAR.'?MVARF.`?STAT.8'2..L+..\|.../~.....$.u....0..x.6.$.... .....e..([.lq...{En.0..I..h...[....-y2..)..@(.....T...K....$E.U.uA.b...AO..CU"O.W.]7..'............a.@...kF9.3.....xV..7.tg4#Ol.x}o.M...w...Q..))..-.i.R..&.P.......N..[F.C...x..9.\|.;......d$..L.<......=.M.S..HlLHr.#+.S}..+..C....D..'^..~.}..TeT`%.......^..$....0....1 A.. ...bm..]T.E...n;._Qqm....RK.....=....\{.h.O&.D$.U......YS U..i...@.:W........p..pS....-.w.EQwp@.....},.G.@,....0IAV....P...~..0.....8..f...5..Os...5..P...n&wS+.P:.7.e.$t~.s_...z..3..Z.....}.A..2Uj...@{.:Ln.}.t.....i.>Kl.."RQ..h.;.........%...eY.E?...W..00(.z.ml.J.TPP...........G...6.=.Z%...\T....W..q...9D.m...)6..1..\.....v7......U..jr..-i.c.3iL..,\..!...b.d.A...d..C.....Ra:Q.!.M,.e.SMC$$M.w..c.151=.m..o@.G$.X..P'..\|.E."..Z.k......i"......S8..@.d.....2..t..........{..X.]SN..$....K....j5..e..,.%...T..)+.";@.v...9.R..]......,...W.iY...f..r...Q.FY.P.#...X...S

Chrome Cache Entry: 46

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	7984
Entropy (8bit):	4.77365445192635
Encrypted:	false
SSDEEP:	192:vrx8pnLEtFa9lA20EFYFH95l0sq5e0uj5P7Tds/:vrWVLyFgWEFYFzD5js/
MD5:	5DE347FADC610177F15C9CD90B4BB49E
SHA1:	07130C1DCCAA2AA02D40100DA6906F80138848DC
SHA-256:	B9FA3C15182184FD3A603D3B6B05E09D91211A832729DC9CDCA71136A648F8DC
SHA-512:	955B2BBCEA728756276E8C7CA1485858DFA54BF9B132137B81DFAD260BC57901D516B2C48A402E9F67AED53075559C1D424E7B573EAF0D91F9BE6C50E8B81E91
Malicious:	false
Reputation:	low
URL:	https://kh.slmeuxoe.com/YGVFEAIZXSSJYGXhvxgbpbohehnonpjdWK1QIVUCFR9BGKVJ4JXW995XRH156?HFWIICRFSJQPUCAUMMWWLZ
Preview:	<!DOCTYPE html>.<html lang="en">.<head>. <meta charset="UTF-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <title>Portfolio & Agency - Modern Design</title>. <link href="https://fonts.googleapis.com/css2?family=Montserrat:wght@400;700&family=Roboto:wght@300;400;500&display=swap" rel="stylesheet">. <style>. /* General Styles /. body {. font-family: 'Roboto', sans-serif;. margin: 0;. padding: 0;. color: #333;. line-height: 1.6;. background-color: #f4f4f9;. }.. h1, h2, h3 {. font-family: 'Montserrat', sans-serif;. color: #2c3e50;. }.. a {. color: #3498db;. text-decoration: none;. }.. a:hover {. text-decoration: underline;. }.. / Header */. header {. background-color: #2c3e50;. color: white;. padding: 20px;. text-align: center;. box-shadow: 0 4px 6px rgba(0, 0, 0, 0.1);. }.. header h1 {. margin: 0;. font-size: 2.5rem;. fo

Total Packets: 81
• 443 (HTTPS)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 22, 2025 15:57:20.557008028 CEST	49672	443	192.168.2.5	204.79.197.203
Apr 22, 2025 15:57:25.369446993 CEST	49672	443	192.168.2.5	204.79.197.203
Apr 22, 2025 15:57:25.468584061 CEST	49676	443	192.168.2.5	20.189.173.14
Apr 22, 2025 15:57:25.775729895 CEST	49676	443	192.168.2.5	20.189.173.14
Apr 22, 2025 15:57:26.385101080 CEST	49676	443	192.168.2.5	20.189.173.14
Apr 22, 2025 15:57:27.588217974 CEST	49676	443	192.168.2.5	20.189.173.14
Apr 22, 2025 15:57:30.088217020 CEST	49676	443	192.168.2.5	20.189.173.14
Apr 22, 2025 15:57:34.715747118 CEST	49702	443	192.168.2.5	142.250.69.4
Apr 22, 2025 15:57:34.715801001 CEST	443	49702	142.250.69.4	192.168.2.5
Apr 22, 2025 15:57:34.716036081 CEST	49702	443	192.168.2.5	142.250.69.4
Apr 22, 2025 15:57:34.716165066 CEST	49702	443	192.168.2.5	142.250.69.4
Apr 22, 2025 15:57:34.716176033 CEST	443	49702	142.250.69.4	192.168.2.5
Apr 22, 2025 15:57:34.901046991 CEST	49676	443	192.168.2.5	20.189.173.14
Apr 22, 2025 15:57:34.978856087 CEST	49672	443	192.168.2.5	204.79.197.203
Apr 22, 2025 15:57:35.036916971 CEST	443	49702	142.250.69.4	192.168.2.5
Apr 22, 2025 15:57:35.037055016 CEST	49702	443	192.168.2.5	142.250.69.4
Apr 22, 2025 15:57:35.038378954 CEST	49702	443	192.168.2.5	142.250.69.4
Apr 22, 2025 15:57:35.038388014 CEST	443	49702	142.250.69.4	192.168.2.5
Apr 22, 2025 15:57:35.038595915 CEST	443	49702	142.250.69.4	192.168.2.5
Apr 22, 2025 15:57:35.088845015 CEST	49702	443	192.168.2.5	142.250.69.4
Apr 22, 2025 15:57:36.031001091 CEST	49703	443	192.168.2.5	172.67.209.55
Apr 22, 2025 15:57:36.031034946 CEST	443	49703	172.67.209.55	192.168.2.5
Apr 22, 2025 15:57:36.031092882 CEST	49703	443	192.168.2.5	172.67.209.55
Apr 22, 2025 15:57:36.031728983 CEST	49704	443	192.168.2.5	172.67.209.55
Apr 22, 2025 15:57:36.031758070 CEST	443	49704	172.67.209.55	192.168.2.5
Apr 22, 2025 15:57:36.031883001 CEST	49703	443	192.168.2.5	172.67.209.55
Apr 22, 2025 15:57:36.031892061 CEST	443	49703	172.67.209.55	192.168.2.5
Apr 22, 2025 15:57:36.031919956 CEST	49704	443	192.168.2.5	172.67.209.55
Apr 22, 2025 15:57:36.032027006 CEST	49704	443	192.168.2.5	172.67.209.55
Apr 22, 2025 15:57:36.032035112 CEST	443	49704	172.67.209.55	192.168.2.5
Apr 22, 2025 15:57:36.324131012 CEST	443	49703	172.67.209.55	192.168.2.5
Apr 22, 2025 15:57:36.324208975 CEST	49703	443	192.168.2.5	172.67.209.55
Apr 22, 2025 15:57:36.325572968 CEST	49703	443	192.168.2.5	172.67.209.55
Apr 22, 2025 15:57:36.325579882 CEST	443	49703	172.67.209.55	192.168.2.5
Apr 22, 2025 15:57:36.325817108 CEST	443	49703	172.67.209.55	192.168.2.5
Apr 22, 2025 15:57:36.326374054 CEST	49703	443	192.168.2.5	172.67.209.55
Apr 22, 2025 15:57:36.327395916 CEST	443	49704	172.67.209.55	192.168.2.5
Apr 22, 2025 15:57:36.327470064 CEST	49704	443	192.168.2.5	172.67.209.55
Apr 22, 2025 15:57:36.328263044 CEST	49704	443	192.168.2.5	172.67.209.55
Apr 22, 2025 15:57:36.328274012 CEST	443	49704	172.67.209.55	192.168.2.5
Apr 22, 2025 15:57:36.328530073 CEST	443	49704	172.67.209.55	192.168.2.5
Apr 22, 2025 15:57:36.368279934 CEST	443	49703	172.67.209.55	192.168.2.5
Apr 22, 2025 15:57:36.372236013 CEST	49704	443	192.168.2.5	172.67.209.55
Apr 22, 2025 15:57:36.974703074 CEST	443	49703	172.67.209.55	192.168.2.5
Apr 22, 2025 15:57:36.974873066 CEST	443	49703	172.67.209.55	192.168.2.5
Apr 22, 2025 15:57:36.974901915 CEST	443	49703	172.67.209.55	192.168.2.5
Apr 22, 2025 15:57:36.974925995 CEST	49703	443	192.168.2.5	172.67.209.55
Apr 22, 2025 15:57:36.974931955 CEST	443	49703	172.67.209.55	192.168.2.5
Apr 22, 2025 15:57:36.974935055 CEST	443	49703	172.67.209.55	192.168.2.5
Apr 22, 2025 15:57:36.974972963 CEST	49703	443	192.168.2.5	172.67.209.55
Apr 22, 2025 15:57:36.975181103 CEST	443	49703	172.67.209.55	192.168.2.5
Apr 22, 2025 15:57:36.975229979 CEST	49703	443	192.168.2.5	172.67.209.55
Apr 22, 2025 15:57:36.975825071 CEST	443	49703	172.67.209.55	192.168.2.5
Apr 22, 2025 15:57:36.976066113 CEST	443	49703	172.67.209.55	192.168.2.5
Apr 22, 2025 15:57:36.976186991 CEST	49703	443	192.168.2.5	172.67.209.55
Apr 22, 2025 15:57:36.976191998 CEST	443	49703	172.67.209.55	192.168.2.5
Apr 22, 2025 15:57:36.976265907 CEST	443	49703	172.67.209.55	192.168.2.5
Apr 22, 2025 15:57:36.976309061 CEST	49703	443	192.168.2.5	172.67.209.55
Apr 22, 2025 15:57:36.977210999 CEST	49703	443	192.168.2.5	172.67.209.55
Apr 22, 2025 15:57:36.977217913 CEST	443	49703	172.67.209.55	192.168.2.5
Apr 22, 2025 15:57:37.974647999 CEST	49704	443	192.168.2.5	172.67.209.55
Apr 22, 2025 15:57:38.020268917 CEST	443	49704	172.67.209.55	192.168.2.5
Apr 22, 2025 15:57:38.242599010 CEST	443	49704	172.67.209.55	192.168.2.5
Apr 22, 2025 15:57:38.242666006 CEST	443	49704	172.67.209.55	192.168.2.5
Apr 22, 2025 15:57:38.242727995 CEST	49704	443	192.168.2.5	172.67.209.55
Apr 22, 2025 15:57:38.244539976 CEST	49704	443	192.168.2.5	172.67.209.55
Apr 22, 2025 15:57:38.244555950 CEST	443	49704	172.67.209.55	192.168.2.5
Apr 22, 2025 15:57:38.384737968 CEST	49709	443	192.168.2.5	35.190.80.1
Apr 22, 2025 15:57:38.384779930 CEST	443	49709	35.190.80.1	192.168.2.5
Apr 22, 2025 15:57:38.384953022 CEST	49709	443	192.168.2.5	35.190.80.1
Apr 22, 2025 15:57:38.385003090 CEST	49709	443	192.168.2.5	35.190.80.1
Apr 22, 2025 15:57:38.385010004 CEST	443	49709	35.190.80.1	192.168.2.5
Apr 22, 2025 15:57:38.689842939 CEST	443	49709	35.190.80.1	192.168.2.5
Apr 22, 2025 15:57:38.689918995 CEST	49709	443	192.168.2.5	35.190.80.1
Apr 22, 2025 15:57:38.691149950 CEST	49709	443	192.168.2.5	35.190.80.1
Apr 22, 2025 15:57:38.691165924 CEST	443	49709	35.190.80.1	192.168.2.5
Apr 22, 2025 15:57:38.691365957 CEST	443	49709	35.190.80.1	192.168.2.5
Apr 22, 2025 15:57:38.691637993 CEST	49709	443	192.168.2.5	35.190.80.1
Apr 22, 2025 15:57:38.736269951 CEST	443	49709	35.190.80.1	192.168.2.5
Apr 22, 2025 15:57:39.026575089 CEST	443	49709	35.190.80.1	192.168.2.5
Apr 22, 2025 15:57:39.026638985 CEST	443	49709	35.190.80.1	192.168.2.5
Apr 22, 2025 15:57:39.026750088 CEST	49709	443	192.168.2.5	35.190.80.1
Apr 22, 2025 15:57:39.026981115 CEST	49709	443	192.168.2.5	35.190.80.1
Apr 22, 2025 15:57:39.027004004 CEST	443	49709	35.190.80.1	192.168.2.5
Apr 22, 2025 15:57:39.027930975 CEST	49710	443	192.168.2.5	35.190.80.1
Apr 22, 2025 15:57:39.027973890 CEST	443	49710	35.190.80.1	192.168.2.5
Apr 22, 2025 15:57:39.028043032 CEST	49710	443	192.168.2.5	35.190.80.1
Apr 22, 2025 15:57:39.028177977 CEST	49710	443	192.168.2.5	35.190.80.1
Apr 22, 2025 15:57:39.028196096 CEST	443	49710	35.190.80.1	192.168.2.5
Apr 22, 2025 15:57:39.329276085 CEST	443	49710	35.190.80.1	192.168.2.5
Apr 22, 2025 15:57:39.329658985 CEST	49710	443	192.168.2.5	35.190.80.1
Apr 22, 2025 15:57:39.329691887 CEST	443	49710	35.190.80.1	192.168.2.5
Apr 22, 2025 15:57:39.329823017 CEST	49710	443	192.168.2.5	35.190.80.1
Apr 22, 2025 15:57:39.329828978 CEST	443	49710	35.190.80.1	192.168.2.5
Apr 22, 2025 15:57:39.671974897 CEST	443	49710	35.190.80.1	192.168.2.5
Apr 22, 2025 15:57:39.672033072 CEST	443	49710	35.190.80.1	192.168.2.5
Apr 22, 2025 15:57:39.672087908 CEST	49710	443	192.168.2.5	35.190.80.1
Apr 22, 2025 15:57:39.672347069 CEST	49710	443	192.168.2.5	35.190.80.1
Apr 22, 2025 15:57:39.672365904 CEST	443	49710	35.190.80.1	192.168.2.5
Apr 22, 2025 15:57:43.158252954 CEST	49675	443	192.168.2.5	2.23.227.208
Apr 22, 2025 15:57:43.158282042 CEST	443	49675	2.23.227.208	192.168.2.5
Apr 22, 2025 15:57:43.573605061 CEST	49712	443	192.168.2.5	150.171.27.254
Apr 22, 2025 15:57:43.573645115 CEST	443	49712	150.171.27.254	192.168.2.5
Apr 22, 2025 15:57:43.573710918 CEST	49712	443	192.168.2.5	150.171.27.254
Apr 22, 2025 15:57:43.576379061 CEST	49712	443	192.168.2.5	150.171.27.254
Apr 22, 2025 15:57:43.576394081 CEST	443	49712	150.171.27.254	192.168.2.5
Apr 22, 2025 15:57:44.018158913 CEST	443	49712	150.171.27.254	192.168.2.5
Apr 22, 2025 15:57:44.018230915 CEST	49712	443	192.168.2.5	150.171.27.254
Apr 22, 2025 15:57:44.510621071 CEST	49676	443	192.168.2.5	20.189.173.14
Apr 22, 2025 15:57:45.032337904 CEST	443	49702	142.250.69.4	192.168.2.5
Apr 22, 2025 15:57:45.032392025 CEST	443	49702	142.250.69.4	192.168.2.5
Apr 22, 2025 15:57:45.032593012 CEST	49702	443	192.168.2.5	142.250.69.4
Apr 22, 2025 15:57:45.480832100 CEST	49702	443	192.168.2.5	142.250.69.4
Apr 22, 2025 15:57:45.480854034 CEST	443	49702	142.250.69.4	192.168.2.5
Apr 22, 2025 15:57:52.406666994 CEST	49713	443	192.168.2.5	172.67.209.55
Apr 22, 2025 15:57:52.406711102 CEST	443	49713	172.67.209.55	192.168.2.5
Apr 22, 2025 15:57:52.406810045 CEST	49713	443	192.168.2.5	172.67.209.55
Apr 22, 2025 15:57:52.414905071 CEST	49713	443	192.168.2.5	172.67.209.55
Apr 22, 2025 15:57:52.414920092 CEST	443	49713	172.67.209.55	192.168.2.5
Apr 22, 2025 15:57:52.702671051 CEST	443	49713	172.67.209.55	192.168.2.5
Apr 22, 2025 15:57:52.703083992 CEST	49713	443	192.168.2.5	172.67.209.55
Apr 22, 2025 15:57:52.703109980 CEST	443	49713	172.67.209.55	192.168.2.5
Apr 22, 2025 15:58:07.696115971 CEST	443	49713	172.67.209.55	192.168.2.5
Apr 22, 2025 15:58:07.696173906 CEST	443	49713	172.67.209.55	192.168.2.5
Apr 22, 2025 15:58:07.696280956 CEST	49713	443	192.168.2.5	172.67.209.55
Apr 22, 2025 15:58:07.992371082 CEST	49713	443	192.168.2.5	172.67.209.55
Apr 22, 2025 15:58:07.992386103 CEST	443	49713	172.67.209.55	192.168.2.5
Apr 22, 2025 15:58:34.631571054 CEST	49718	443	192.168.2.5	142.250.69.4
Apr 22, 2025 15:58:34.631630898 CEST	443	49718	142.250.69.4	192.168.2.5
Apr 22, 2025 15:58:34.631747961 CEST	49718	443	192.168.2.5	142.250.69.4
Apr 22, 2025 15:58:34.631850004 CEST	49718	443	192.168.2.5	142.250.69.4
Apr 22, 2025 15:58:34.631859064 CEST	443	49718	142.250.69.4	192.168.2.5
Apr 22, 2025 15:58:34.944622993 CEST	443	49718	142.250.69.4	192.168.2.5
Apr 22, 2025 15:58:34.995987892 CEST	49718	443	192.168.2.5	142.250.69.4
Apr 22, 2025 15:58:35.244281054 CEST	49718	443	192.168.2.5	142.250.69.4
Apr 22, 2025 15:58:35.244308949 CEST	443	49718	142.250.69.4	192.168.2.5
Apr 22, 2025 15:58:44.958945990 CEST	443	49718	142.250.69.4	192.168.2.5
Apr 22, 2025 15:58:44.958998919 CEST	443	49718	142.250.69.4	192.168.2.5
Apr 22, 2025 15:58:44.959074974 CEST	49718	443	192.168.2.5	142.250.69.4
Apr 22, 2025 15:58:45.479501009 CEST	49718	443	192.168.2.5	142.250.69.4
Apr 22, 2025 15:58:45.479540110 CEST	443	49718	142.250.69.4	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 22, 2025 15:57:30.360177994 CEST	53	60228	1.1.1.1	192.168.2.5
Apr 22, 2025 15:57:30.406883001 CEST	53	61786	1.1.1.1	192.168.2.5
Apr 22, 2025 15:57:31.583971024 CEST	53	61129	1.1.1.1	192.168.2.5
Apr 22, 2025 15:57:34.573602915 CEST	59767	53	192.168.2.5	1.1.1.1
Apr 22, 2025 15:57:34.573602915 CEST	60958	53	192.168.2.5	1.1.1.1
Apr 22, 2025 15:57:34.713834047 CEST	53	60958	1.1.1.1	192.168.2.5
Apr 22, 2025 15:57:34.714713097 CEST	53	59767	1.1.1.1	192.168.2.5
Apr 22, 2025 15:57:35.825696945 CEST	54510	53	192.168.2.5	1.1.1.1
Apr 22, 2025 15:57:35.826113939 CEST	56270	53	192.168.2.5	1.1.1.1
Apr 22, 2025 15:57:36.028405905 CEST	53	54510	1.1.1.1	192.168.2.5
Apr 22, 2025 15:57:36.028507948 CEST	53	56270	1.1.1.1	192.168.2.5
Apr 22, 2025 15:57:36.997040987 CEST	49959	53	192.168.2.5	1.1.1.1
Apr 22, 2025 15:57:36.997170925 CEST	52838	53	192.168.2.5	1.1.1.1
Apr 22, 2025 15:57:37.136517048 CEST	53	57077	1.1.1.1	192.168.2.5
Apr 22, 2025 15:57:37.137203932 CEST	53	49959	1.1.1.1	192.168.2.5
Apr 22, 2025 15:57:37.169030905 CEST	59419	53	192.168.2.5	1.1.1.1
Apr 22, 2025 15:57:37.170054913 CEST	53	52838	1.1.1.1	192.168.2.5
Apr 22, 2025 15:57:37.217641115 CEST	53	54625	1.1.1.1	192.168.2.5
Apr 22, 2025 15:57:37.309165001 CEST	53	59419	1.1.1.1	192.168.2.5
Apr 22, 2025 15:57:38.243880987 CEST	58890	53	192.168.2.5	1.1.1.1
Apr 22, 2025 15:57:38.244187117 CEST	61545	53	192.168.2.5	1.1.1.1
Apr 22, 2025 15:57:38.384043932 CEST	53	58890	1.1.1.1	192.168.2.5
Apr 22, 2025 15:57:38.384124994 CEST	53	61545	1.1.1.1	192.168.2.5
Apr 22, 2025 15:57:48.496391058 CEST	53	52797	1.1.1.1	192.168.2.5
Apr 22, 2025 15:58:07.283056974 CEST	53	65353	1.1.1.1	192.168.2.5
Apr 22, 2025 15:58:27.679802895 CEST	138	138	192.168.2.5	192.168.2.255
Apr 22, 2025 15:58:29.693559885 CEST	53	50122	1.1.1.1	192.168.2.5
Apr 22, 2025 15:58:29.960625887 CEST	53	57293	1.1.1.1	192.168.2.5
Apr 22, 2025 15:58:33.289496899 CEST	53	54016	1.1.1.1	192.168.2.5

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Apr 22, 2025 15:57:37.170120955 CEST	192.168.2.5	1.1.1.1	c23b	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 22, 2025 15:57:34.573602915 CEST	192.168.2.5	1.1.1.1	0x8357	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 22, 2025 15:57:34.573602915 CEST	192.168.2.5	1.1.1.1	0x48df	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 22, 2025 15:57:35.825696945 CEST	192.168.2.5	1.1.1.1	0xcf28	Standard query (0)	kh.slmeuxoe.com	A (IP address)	IN (0x0001)	false
Apr 22, 2025 15:57:35.826113939 CEST	192.168.2.5	1.1.1.1	0x40e3	Standard query (0)	kh.slmeuxoe.com	65	IN (0x0001)	false
Apr 22, 2025 15:57:36.997040987 CEST	192.168.2.5	1.1.1.1	0xe0e0	Standard query (0)	via.placeholder.com	A (IP address)	IN (0x0001)	false
Apr 22, 2025 15:57:36.997170925 CEST	192.168.2.5	1.1.1.1	0xd7ed	Standard query (0)	via.placeholder.com	65	IN (0x0001)	false
Apr 22, 2025 15:57:37.169030905 CEST	192.168.2.5	1.1.1.1	0xeead	Standard query (0)	via.placeholder.com	A (IP address)	IN (0x0001)	false
Apr 22, 2025 15:57:38.243880987 CEST	192.168.2.5	1.1.1.1	0x6b2c	Standard query (0)	a.nel.cloudflare.com	A (IP address)	IN (0x0001)	false
Apr 22, 2025 15:57:38.244187117 CEST	192.168.2.5	1.1.1.1	0x44c9	Standard query (0)	a.nel.cloudflare.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 22, 2025 15:57:34.713834047 CEST	1.1.1.1	192.168.2.5	0x48df	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 22, 2025 15:57:34.714713097 CEST	1.1.1.1	192.168.2.5	0x8357	No error (0)	www.google.com		142.250.69.4	A (IP address)	IN (0x0001)	false
Apr 22, 2025 15:57:36.028405905 CEST	1.1.1.1	192.168.2.5	0xcf28	No error (0)	kh.slmeuxoe.com		172.67.209.55	A (IP address)	IN (0x0001)	false
Apr 22, 2025 15:57:36.028405905 CEST	1.1.1.1	192.168.2.5	0xcf28	No error (0)	kh.slmeuxoe.com		104.21.23.54	A (IP address)	IN (0x0001)	false
Apr 22, 2025 15:57:36.028507948 CEST	1.1.1.1	192.168.2.5	0x40e3	No error (0)	kh.slmeuxoe.com			65	IN (0x0001)	false
Apr 22, 2025 15:57:37.137203932 CEST	1.1.1.1	192.168.2.5	0xe0e0	Name error (3)	via.placeholder.com	none	none	A (IP address)	IN (0x0001)	false
Apr 22, 2025 15:57:37.170054913 CEST	1.1.1.1	192.168.2.5	0xd7ed	Name error (3)	via.placeholder.com	none	none	65	IN (0x0001)	false
Apr 22, 2025 15:57:37.309165001 CEST	1.1.1.1	192.168.2.5	0xeead	Name error (3)	via.placeholder.com	none	none	A (IP address)	IN (0x0001)	false
Apr 22, 2025 15:57:38.384043932 CEST	1.1.1.1	192.168.2.5	0x6b2c	No error (0)	a.nel.cloudflare.com		35.190.80.1	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

kh.slmeuxoe.com

a.nel.cloudflare.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49703	172.67.209.55	443	5280	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-22 13:57:36 UTC	749	OUT	GET /YGVFEAIZXSSJYGXhvxgbpbohehnonpjdWK1QIVUCFR9BGKVJ4JXW995XRH156?HFWIICRFSJQPUCAUMMWWLZ HTTP/1.1 Host: kh.slmeuxoe.com Connection: keep-alive sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-22 13:57:36 UTC	1236	IN	HTTP/1.1 200 OK Date: Tue, 22 Apr 2025 13:57:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Server: cloudflare Cache-Control: no-cache, private Cf-Cache-Status: DYNAMIC Vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pvGzAUyjNLjcwU%2BF812cLiJ8QBgXOis1KAp7TsfOBVyl5nn4bRkM4ASxcjsxvWW5EZQCjRH7fWGqkhtKgdVDe4KHQrQgfo%2FSvWf%2FtFHKH%2FCse0KmytQfyyxA5ayb01Xjnlo3"}],"group":"cf-nel","max_age":604800} Nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server-Timing: cfL4;desc="?proto=TCP&rtt=10305&min_rtt=10258&rtt_var=3880&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2821&recv_bytes=1664&delivery_rate=277636&cwnd=251&unsent_bytes=0&cid=ce59fc728826ad91&ts=232&x=0" Set-Cookie: XSRF-TOKEN=eyJpdiI6IjQydnlydFBrMHExUEp6M1NTelNhYlE9PSIsInZhbHVlIjoidzFyZWJtSFdwaFJqRHN0aHJPSjhBSWdFcmxIMzBCeW9QcFVCWDh4UHF3eXRpeXozYTJWUGtFcHpmbFcxVTZJeW5YUXZpYTA4MzZJNDloTy9LNzAveGFVU2hHL1FPWGpqNlFVYUpJV3hHR2hHcmRYdGduRGRqWFNGYi9SREwweEciLCJtYWMiOiIxOGU1OGVmN2ZmNGUxNmZjMzVlMGE1MTNhNGNlYzUyNGFmZDk4OThmZDFlNTEwMDhmYjc3NDlhNmJjODQ3ZDYyIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Tue, 22 Apr 2025 15:57:36 GMT
2025-04-22 13:57:36 UTC	528	IN	Data Raw: 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 6c 61 72 61 76 65 6c 5f 73 65 73 73 69 6f 6e 3d 65 79 4a 70 64 69 49 36 49 6d 64 51 59 57 35 6b 51 33 4e 6e 55 47 74 32 51 32 52 54 61 44 46 42 63 32 35 51 4e 6b 45 39 50 53 49 73 49 6e 5a 68 62 48 56 6c 49 6a 6f 69 53 6b 4e 56 51 55 64 51 56 31 4a 75 4d 45 64 4d 63 57 4e 72 57 6b 78 47 53 47 39 59 61 6a 55 30 56 31 4e 76 4d 44 4a 58 5a 30 52 71 5a 47 68 4d 4f 58 4a 61 52 58 4a 4c 56 55 6c 33 4e 6b 4a 33 57 58 4a 4b 54 33 42 6e 65 55 5a 32 53 47 56 33 59 6b 70 61 63 30 52 42 61 48 4e 34 51 33 6c 7a 4d 57 49 30 63 31 45 7a 63 30 6c 69 55 47 30 77 53 33 46 4c 63 69 39 50 4d 46 56 4f 65 56 51 30 59 57 31 6c 62 6d 6c 74 51 6a 5a 71 5a 6e 4a 70 53 31 64 6f 4e 57 78 57 4b 33 6f 72 54 79 39 78 65 6d 74 44 61 6c 45 72 61 43 73 Data Ascii: Set-Cookie: laravel_session=eyJpdiI6ImdQYW5kQ3NnUGt2Q2RTaDFBc25QNkE9PSIsInZhbHVlIjoiSkNVQUdQV1JuMEdMcWNrWkxGSG9YajU0V1NvMDJXZ0RqZGhMOXJaRXJLVUl3NkJ3WXJKT3BneUZ2SGV3Ykpac0RBaHN4Q3lzMWI0c1Ezc0liUG0wS3FLci9PMFVOeVQ0YW1lbmltQjZqZnJpS1doNWxWK3orTy9xemtDalEraCs
2025-04-22 13:57:36 UTC	1369	IN	Data Raw: 31 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 50 6f 72 74 66 6f 6c 69 6f 20 26 20 41 67 65 6e 63 79 20 2d 20 4d 6f 64 65 72 6e 20 44 65 73 69 67 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 Data Ascii: 1000<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Portfolio & Agency - Modern Design</title> <link href="https://fonts.googleapis.com/css2?family=Mont
2025-04-22 13:57:36 UTC	1369	IN	Data Raw: 20 2e 68 65 72 6f 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 27 68 74 74 70 73 3a 2f 2f 76 69 61 2e 70 6c 61 63 65 68 6f 6c 64 65 72 2e 63 6f 6d 2f 31 39 32 30 78 36 30 30 27 29 20 6e 6f 2d 72 65 70 65 61 74 20 63 65 6e 74 65 72 20 63 65 6e 74 65 72 2f 63 6f 76 65 72 3b 0a 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 34 30 30 70 78 3b 0a 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 20 20 20 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b 0a 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 70 Data Ascii: .hero { background: url('https://via.placeholder.com/1920x600') no-repeat center center/cover; height: 400px; display: flex; justify-content: center; align-items: center; color: white; text-align: center; p
2025-04-22 13:57:36 UTC	1366	IN	Data Raw: 61 72 6f 75 6e 64 3b 0a 20 20 20 20 20 20 66 6c 65 78 2d 77 72 61 70 3a 20 77 72 61 70 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 73 65 72 76 69 63 65 2d 69 74 65 6d 2c 20 2e 70 6f 72 74 66 6f 6c 69 6f 2d 69 74 65 6d 2c 20 2e 74 65 73 74 69 6d 6f 6e 69 61 6c 2d 69 74 65 6d 20 7b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 33 30 25 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 32 30 70 78 20 30 3b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 39 66 39 66 39 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 30 70 78 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 62 6f 78 2d 73 68 61 64 6f 77 Data Ascii: around; flex-wrap: wrap; margin-top: 20px; } .service-item, .portfolio-item, .testimonial-item { width: 30%; margin: 20px 0; background-color: #f9f9f9; padding: 20px; border-radius: 10px; box-shadow
2025-04-22 13:57:36 UTC	689	IN	Data Raw: 32 61 61 0d 0a 62 39 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2f 2a 20 46 6f 6f 74 65 72 20 2a 2f 0a 20 20 20 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 63 33 65 35 30 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b 0a 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 30 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 34 30 70 78 3b 0a 20 20 20 20 7d 0a 20 20 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 21 2d 2d 20 48 65 61 64 65 72 20 2d 2d 3e 0a 20 20 3c 68 65 61 64 65 72 3e 0a 20 20 20 20 3c 68 31 3e 4d 6f 64 65 72 6e 20 41 67 65 6e 63 79 3c 2f 68 Data Ascii: 2aab9; } /* Footer */ footer { background-color: #2c3e50; color: white; text-align: center; padding: 20px; margin-top: 40px; } </style></head><body> ... Header --> <header> <h1>Modern Agency</h
2025-04-22 13:57:36 UTC	1369	IN	Data Raw: 63 38 36 0d 0a 57 65 20 43 72 61 66 74 20 44 69 67 69 74 61 6c 20 45 78 63 65 6c 6c 65 6e 63 65 3c 2f 68 32 3e 0a 20 20 20 20 20 20 3c 70 3e 49 6e 6e 6f 76 61 74 69 76 65 20 73 6f 6c 75 74 69 6f 6e 73 20 66 6f 72 20 79 6f 75 72 20 62 72 61 6e 64 27 73 20 73 75 63 63 65 73 73 2e 3c 2f 70 3e 0a 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 23 63 6f 6e 74 61 63 74 22 20 63 6c 61 73 73 3d 22 62 74 6e 22 3e 47 65 74 20 53 74 61 72 74 65 64 3c 2f 61 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 2f 73 65 63 74 69 6f 6e 3e 0a 0a 20 20 3c 21 2d 2d 20 41 62 6f 75 74 20 2d 2d 3e 0a 20 20 3c 73 65 63 74 69 6f 6e 20 69 64 3d 22 61 62 6f 75 74 22 20 63 6c 61 73 73 3d 22 61 62 6f 75 74 22 3e 0a 20 20 20 20 3c 68 32 3e 41 62 6f 75 74 20 55 73 3c 2f 68 32 3e 0a 20 20 20 Data Ascii: c86We Craft Digital Excellence</h2> <p>Innovative solutions for your brand's success.</p> <a href="#contact" class="btn">Get Started</a> </div> </section> ... About --> <section id="about" class="about"> <h2>About Us</h2>
2025-04-22 13:57:36 UTC	1369	IN	Data Raw: 32 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6f 72 74 66 6f 6c 69 6f 2d 67 72 69 64 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6f 72 74 66 6f 6c 69 6f 2d 69 74 65 6d 22 3e 0a 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 76 69 61 2e 70 6c 61 63 65 68 6f 6c 64 65 72 2e 63 6f 6d 2f 33 30 30 78 32 30 30 22 20 61 6c 74 3d 22 50 72 6f 6a 65 63 74 20 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 33 3e 50 72 6f 6a 65 63 74 20 31 3c 2f 68 33 3e 0a 20 20 20 20 20 20 20 20 3c 70 3e 41 20 73 6c 65 65 6b 20 77 65 62 73 69 74 65 20 64 65 73 69 67 6e 20 66 6f 72 20 61 20 67 6c 6f 62 61 6c 20 62 72 61 6e 64 2e 3c 2f 70 3e 0a 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 Data Ascii: 2> <div class="portfolio-grid"> <div class="portfolio-item"> <img src="https://via.placeholder.com/300x200" alt="Project 1"> <h3>Project 1</h3> <p>A sleek website design for a global brand.</p> </div> <div cla
2025-04-22 13:57:36 UTC	475	IN	Data Raw: 74 61 63 74 20 55 73 3c 2f 68 32 3e 0a 20 20 20 20 3c 66 6f 72 6d 20 61 63 74 69 6f 6e 3d 22 23 22 20 6d 65 74 68 6f 64 3d 22 70 6f 73 74 22 3e 0a 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 6e 61 6d 65 3d 22 6e 61 6d 65 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 59 6f 75 72 20 4e 61 6d 65 22 20 72 65 71 75 69 72 65 64 3e 0a 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 65 6d 61 69 6c 22 20 6e 61 6d 65 3d 22 65 6d 61 69 6c 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 59 6f 75 72 20 45 6d 61 69 6c 22 20 72 65 71 75 69 72 65 64 3e 0a 20 20 20 20 20 20 3c 74 65 78 74 61 72 65 61 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 59 6f 75 72 20 4d 65 73 73 61 67 65 22 20 72 6f 77 Data Ascii: tact Us</h2> <form action="#" method="post"> <input type="text" name="name" placeholder="Your Name" required> <input type="email" name="email" placeholder="Your Email" required> <textarea name="message" placeholder="Your Message" row
2025-04-22 13:57:36 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49704	172.67.209.55	443	5280	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-22 13:57:37 UTC	1400	OUT	GET /favicon.ico HTTP/1.1 Host: kh.slmeuxoe.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://kh.slmeuxoe.com/YGVFEAIZXSSJYGXhvxgbpbohehnonpjdWK1QIVUCFR9BGKVJ4JXW995XRH156?HFWIICRFSJQPUCAUMMWWLZ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: XSRF-TOKEN=eyJpdiI6IjQydnlydFBrMHExUEp6M1NTelNhYlE9PSIsInZhbHVlIjoidzFyZWJtSFdwaFJqRHN0aHJPSjhBSWdFcmxIMzBCeW9QcFVCWDh4UHF3eXRpeXozYTJWUGtFcHpmbFcxVTZJeW5YUXZpYTA4MzZJNDloTy9LNzAveGFVU2hHL1FPWGpqNlFVYUpJV3hHR2hHcmRYdGduRGRqWFNGYi9SREwweEciLCJtYWMiOiIxOGU1OGVmN2ZmNGUxNmZjMzVlMGE1MTNhNGNlYzUyNGFmZDk4OThmZDFlNTEwMDhmYjc3NDlhNmJjODQ3ZDYyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdQYW5kQ3NnUGt2Q2RTaDFBc25QNkE9PSIsInZhbHVlIjoiSkNVQUdQV1JuMEdMcWNrWkxGSG9YajU0V1NvMDJXZ0RqZGhMOXJaRXJLVUl3NkJ3WXJKT3BneUZ2SGV3Ykpac0RBaHN4Q3lzMWI0c1Ezc0liUG0wS3FLci9PMFVOeVQ0YW1lbmltQjZqZnJpS1doNWxWK3orTy9xemtDalEraCsiLCJtYWMiOiI5YjBmY2NiNzI0Mjc5ZDllYWFkMGMwMDRjYjk1MDRjZjBmY2FhNTA5MWZmYjJhNzdkYWIyMGE0MjU4NzAxZDMwIiwidGFnIjoiIn0%3D
2025-04-22 13:57:38 UTC	856	IN	HTTP/1.1 404 Not Found Date: Tue, 22 Apr 2025 13:57:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Server: cloudflare Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ATQPfn2W64I9fOeyvW9isv%2FCFr2TUBiqM5eZP335a9C%2Bthx076%2F%2BibthV5wQbQXV7prgqc%2FyDo4J8eA99ilC%2Fbse49hVWrcRe3c4baplRWlVNOiL32g8lP898r%2BuiT3%2FDqvr"}],"group":"cf-nel","max_age":604800} Nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Vary: Accept-Encoding Server-Timing: cfL4;desc="?proto=TCP&rtt=10117&min_rtt=9955&rtt_var=3849&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2821&recv_bytes=2315&delivery_rate=286087&cwnd=251&unsent_bytes=0&cid=e3d4e570002362f3&ts=28&x=0" Cache-Control: max-age=14400 Cf-Cache-Status: EXPIRED CF-RAY: 9345a1a0cf09598b-PHX alt-svc: h3=":443"; ma=86400
2025-04-22 13:57:38 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49709	35.190.80.1	443	5280	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-22 13:57:38 UTC	550	OUT	OPTIONS /report/v4?s=ATQPfn2W64I9fOeyvW9isv%2FCFr2TUBiqM5eZP335a9C%2Bthx076%2F%2BibthV5wQbQXV7prgqc%2FyDo4J8eA99ilC%2Fbse49hVWrcRe3c4baplRWlVNOiL32g8lP898r%2BuiT3%2FDqvr HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://kh.slmeuxoe.com Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-22 13:57:39 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: POST, OPTIONS access-control-allow-origin: * access-control-allow-headers: content-type, content-length date: Tue, 22 Apr 2025 13:57:38 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49710	35.190.80.1	443	5280	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-22 13:57:39 UTC	525	OUT	POST /report/v4?s=ATQPfn2W64I9fOeyvW9isv%2FCFr2TUBiqM5eZP335a9C%2Bthx076%2F%2BibthV5wQbQXV7prgqc%2FyDo4J8eA99ilC%2Fbse49hVWrcRe3c4baplRWlVNOiL32g8lP898r%2BuiT3%2FDqvr HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 504 Content-Type: application/reports+json Origin: https://kh.slmeuxoe.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-22 13:57:39 UTC	504	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 30 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 32 36 38 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 6b 68 2e 73 6c 6d 65 75 78 6f 65 2e 63 6f 6d 2f 59 47 56 46 45 41 49 5a 58 53 53 4a 59 47 58 68 76 78 67 62 70 62 6f 68 65 68 6e 6f 6e 70 6a 64 57 4b 31 51 49 56 55 43 46 52 39 42 47 4b 56 4a 34 4a 58 57 39 39 35 58 52 48 31 35 36 3f 48 46 57 49 49 43 52 46 53 4a 51 50 55 43 41 55 4d 4d 57 57 4c 5a 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 Data Ascii: [{"age":0,"body":{"elapsed_time":268,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://kh.slmeuxoe.com/YGVFEAIZXSSJYGXhvxgbpbohehnonpjdWK1QIVUCFR9BGKVJ4JXW995XRH156?HFWIICRFSJQPUCAUMMWWLZ","sampling_fraction":1.0,"server_ip":"
2025-04-22 13:57:39 UTC	214	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-allow-origin: * vary: Origin date: Tue, 22 Apr 2025 13:57:39 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

Target ID:	0
Start time:	09:57:22
Start date:	22/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff6e6b90000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	09:57:28
Start date:	22/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2040,i,861790946870713485,9294850841244077630,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2092 /prefetch:3
Imagebase:	0x7ff6e6b90000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	8
Start time:	09:57:31
Start date:	22/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2040,i,861790946870713485,9294850841244077630,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=4036 /prefetch:8
Imagebase:	0x7ff6e6b90000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	11
Start time:	09:57:34
Start date:	22/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://kh.slmeuxoe.com/YGVFEAIZXSSJYGXhvxgbpbohehnonpjdWK1QIVUCFR9BGKVJ4JXW995XRH156?HFWIICRFSJQPUCAUMMWWLZ"
Imagebase:	0x7ff6e6b90000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.27.254
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.27.254
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.27.254
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.27.254
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /YGVFEAIZXSSJYGXhvxgbpbohehnonpjdWK1QIVUCFR9BGKVJ4JXW995XRH156?HFWIICRFSJQPUCAUMMWWLZ HTTP/1.1Host: kh.slmeuxoe.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: kh.slmeuxoe.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://kh.slmeuxoe.com/YGVFEAIZXSSJYGXhvxgbpbohehnonpjdWK1QIVUCFR9BGKVJ4JXW995XRH156?HFWIICRFSJQPUCAUMMWWLZAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjQydnlydFBrMHExUEp6M1NTelNhYlE9PSIsInZhbHVlIjoidzFyZWJtSFdwaFJqRHN0aHJPSjhBSWdFcmxIMzBCeW9QcFVCWDh4UHF3eXRpeXozYTJWUGtFcHpmbFcxVTZJeW5YUXZpYTA4MzZJNDloTy9LNzAveGFVU2hHL1FPWGpqNlFVYUpJV3hHR2hHcmRYdGduRGRqWFNGYi9SREwweEciLCJtYWMiOiIxOGU1OGVmN2ZmNGUxNmZjMzVlMGE1MTNhNGNlYzUyNGFmZDk4OThmZDFlNTEwMDhmYjc3NDlhNmJjODQ3ZDYyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdQYW5kQ3NnUGt2Q2RTaDFBc25QNkE9PSIsInZhbHVlIjoiSkNVQUdQV1JuMEdMcWNrWkxGSG9YajU0V1NvMDJXZ0RqZGhMOXJaRXJLVUl3NkJ3WXJKT3BneUZ2SGV3Ykpac0RBaHN4Q3lzMWI0c1Ezc0liUG0wS3FLci9PMFVOeVQ0YW1lbmltQjZqZnJpS1doNWxWK3orTy9xemtDalEraCsiLCJtYWMiOiI5YjBmY2NiNzI0Mjc5ZDllYWFkMGMwMDRjYjk1MDRjZjBmY2FhNTA5MWZmYjJhNzdkYWIyMGE0MjU4NzAxZDMwIiwidGFnIjoiIn0%3D

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: kh.slmeuxoe.com
Source: global traffic	DNS traffic detected: DNS query: via.placeholder.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://kh.slmeuxoe.com/YGVFEAIZXSSJYGXhvxgbpbohehnonpjdWK1QIVUCFR9BGKVJ4JXW995XRH156?HFWIICRFSJQPUCAUMMWWLZ

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 42

Chrome Cache Entry: 43

Chrome Cache Entry: 44

Chrome Cache Entry: 45

Chrome Cache Entry: 46

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 6912, Parent PID: 2668

General

File Activities

File Opened

File Created

File Deleted

File Moved

Other File Operations

Windows Analysis Report
https://kh.slmeuxoe.com/YGVFEAIZXSSJYGXhvxgbpbohehnonpjdWK1QIVUCFR9BGKVJ4JXW995XRH156?HFWIICRFSJQPUCAUMMWWLZ