Joe Sandbox Cloud Basic Analysis Report
Create Interactive Tour

Windows Analysis Report
https://rotf.lol/47ht3vmu

Overview

General Information

Sample URL:https://rotf.lol/47ht3vmu
Analysis ID:782479
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

No high impact signatures.

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • chrome.exe (PID: 5256 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
    • chrome.exe (PID: 736 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1816 --field-trial-handle=1760,i,2164418309773911583,162360269692105305,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • chrome.exe (PID: 5864 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "https://rotf.lol/47ht3vmu MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

  • Compliance
  • Networking
  • System Summary

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Source: global trafficHTTP traffic detected: GET /47ht3vmu HTTP/1.1Host: rotf.lolConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-104.0.5112.81Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /c/index.php?lew HTTP/1.1Host: yxsza.cfdConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: yxsza.cfdConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://yxsza.cfd/c/index.php?lewAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: A2oqskCCrpYV8O9_Oh0EK94ENfI=xz-Q3vcdij6i4IYEa7s48pUI7AI; YrhdaoGFhlIopFueMeIviwH8ZJM=1673455025; zbCqHCC0ZTBeI8pcwN2fChU1EVk=1673541425; GlW5nOK7W--bEl8YbhuhKI3jdUw=CNu9JXZxBGU0LbNab_OWPHwF_3Y; ddU0k7wAeX-hmGghwKROZAONYyM=Ls0k_DnlVG5sGPdvh2yBNo18OJQ
Source: global trafficHTTP traffic detected: GET /c/index.php?lew HTTP/1.1Host: yxsza.cfdConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://yxsza.cfd/c/index.php?lewAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: A2oqskCCrpYV8O9_Oh0EK94ENfI=xz-Q3vcdij6i4IYEa7s48pUI7AI; YrhdaoGFhlIopFueMeIviwH8ZJM=1673455025; zbCqHCC0ZTBeI8pcwN2fChU1EVk=1673541425; GlW5nOK7W--bEl8YbhuhKI3jdUw=CNu9JXZxBGU0LbNab_OWPHwF_3Y; ddU0k7wAeX-hmGghwKROZAONYyM=Ls0k_DnlVG5sGPdvh2yBNo18OJQ; BuXijL29oYLoUraS40iVAauWTgE=1673455033; fjmjfkWOjvUeh1vL3uEqVFui4rs=1673541433; F1itJ3GHzaVMSkDfRbxqEzGIAUI=lFjDIjWN3FYGn01h0dXt8SlxkZ8
Source: unknownDNS traffic detected: queries for: clients2.google.com
Source: global trafficHTTP traffic detected: HTTP/1.1 503 Service UnavailableDate: Wed, 11 Jan 2023 16:37:15 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeX-Content-Type-Options: nosniffX-Content-Type-Options: nosniffX-XSS-Protection: 1; mode=blockX-XSS-Protection: 1; mode=blockSet-Cookie: A2oqskCCrpYV8O9_Oh0EK94ENfI=xz-Q3vcdij6i4IYEa7s48pUI7AI; path=/; expires=Thu, 12-Jan-23 16:37:05 GMT; Max-Age=86400;Set-Cookie: YrhdaoGFhlIopFueMeIviwH8ZJM=1673455025; path=/; expires=Thu, 12-Jan-23 16:37:05 GMT; Max-Age=86400;Set-Cookie: zbCqHCC0ZTBeI8pcwN2fChU1EVk=1673541425; path=/; expires=Thu, 12-Jan-23 16:37:05 GMT; Max-Age=86400;Set-Cookie: GlW5nOK7W--bEl8YbhuhKI3jdUw=CNu9JXZxBGU0LbNab_OWPHwF_3Y; path=/; expires=Thu, 12-Jan-23 16:37:05 GMT; Max-Age=86400;X-Frame-Options: SAMEORIGINCache-Control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheExpires: 0CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MfAW0AOud5LpDH0gZUsX4xy68wCmp4eLqYM2ZfS0dk5W1O6cq%2BCCdC9Oaq%2BDVMWwKkG7BPnM8Ir5ACIRGZ6rXbzSfAlmJ9JnwfpS1fCXWklcwvNi%2FzoeLZuy5dY%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 787f13731d6f2bb6-FRA
Source: global trafficHTTP traffic detected: HTTP/1.1 503 Service UnavailableDate: Wed, 11 Jan 2023 16:37:15 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeX-Content-Type-Options: nosniffX-Content-Type-Options: nosniffX-XSS-Protection: 1; mode=blockX-XSS-Protection: 1; mode=blockCache-Control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheX-Frame-Options: SAMEORIGINExpires: 0CF-Cache-Status: BYPASSSet-Cookie: K2nBiDk0zeW7ga3FqFZwQZ89824=-du7TdnP2PBhvbg3TkjP7SZIkIc; path=/; expires=Thu, 12-Jan-23 16:37:13 GMT; Max-Age=86400;Set-Cookie: H2H591e1Pe2P97NeNkigrhK9HGM=1673455033; path=/; expires=Thu, 12-Jan-23 16:37:13 GMT; Max-Age=86400;Set-Cookie: bqX08Nc7mXHvg2XJxXbpDWFas0s=1673541433; path=/; expires=Thu, 12-Jan-23 16:37:13 GMT; Max-Age=86400;Set-Cookie: eOcV1SpGd9X10O6-ytrPrnZX3OM=YpPQe2dzh3nA1-PZpfuaQUL_Mxk; path=/; expires=Thu, 12-Jan-23 16:37:13 GMT; Max-Age=86400;Set-Cookie: z0BZEqltsFbLvlEtq-br9myCduk=ewP812kMbiHMqXHBDFLvGrw3s-Y; path=/; expires=Thu, 12-Jan-23 16:37:13 GMT; Max-Age=86400;Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A0deQrO46B%2BaNfefzO5gDYNlgbyRCMkKCzMa%2BvoY4VbGJE89sMLWFQV8wOyUx9FiETUfK4DSohJ7y%2FaN0PsjsAdpyBFQZdGWbGXrvTw7POwqHoCOpA9DdSrhCKg%3D"}],"group":"cf-nel","max_age":604800}
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 11 Jan 2023 16:37:16 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Content-Type-Options: nosniffX-Content-Type-Options: nosniffX-XSS-Protection: 1; mode=blockX-XSS-Protection: 1; mode=blockCache-Control: max-age=0, private, no-cache, no-store, must-revalidateCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gu16u%2FRADRs6rFiOlAqxvText%2F5IJagZos1vn03GhEAVXsra%2FdD6UmioykgjXX%2F3WoDnQVNJPNarVZkm2OEgXUo54ZBzIq9oTne%2FKJBDupGfxwr%2FPXXbOgZnH1I%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 787f1376ecf56997-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: classification engineClassification label: clean0.win@26/0@9/9
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1816 --field-trial-handle=1760,i,2164418309773911583,162360269692105305,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "https://rotf.lol/47ht3vmu
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1816 --field-trial-handle=1760,i,2164418309773911583,162360269692105305,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath Interception1
Process Injection		2
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network Medium1
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth4
Non-Application Layer Protocol		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration5
Application Layer Protocol		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer3
Ingress Tool Transfer		SIM Card SwapCarrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 782479 URL: https://rotf.lol/47ht3vmu Startdate: 11/01/2023 Architecture: WINDOWS Score: 0 5 chrome.exe 15 1 2->5         started        8 chrome.exe 2->8         started        dnsIp3 13 192.168.2.1 unknown unknown 5->13 15 239.255.255.250 unknown Reserved 5->15 10 chrome.exe 5->10         started        process4 dnsIp5 17 accounts.google.com 142.250.180.173, 443, 49714, 49717 GOOGLEUS United States 10->17 19 clients.l.google.com 142.250.184.46, 443, 49713, 49716 GOOGLEUS United States 10->19 21 6 other IPs or domains 10->21

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://rotf.lol/47ht3vmu3%VirustotalBrowse
https://rotf.lol/47ht3vmu0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://yxsza.cfd/favicon.ico0%Avira URL Cloudsafe
https://yxsza.cfd/c/index.php?lew0%Avira URL Cloudsafe

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
yxsza.cfd
188.114.96.3
truefalse
    		unknown
    a.nel.cloudflare.com
    		35.190.80.1
    		truefalse
      		high
      accounts.google.com
      		142.250.180.173
      		truefalse
        		high
        rotf.lol
        		188.114.97.3
        		truefalse
          		unknown
          www.google.com
          		142.251.209.36
          		truefalse
            		high
            clients.l.google.com
            		142.250.184.46
            		truefalse
              		high
              clients2.google.com
              		unknown
              		unknownfalse
                		high

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                https://a.nel.cloudflare.com/report/v3?s=gu16u%2FRADRs6rFiOlAqxvText%2F5IJagZos1vn03GhEAVXsra%2FdD6UmioykgjXX%2F3WoDnQVNJPNarVZkm2OEgXUo54ZBzIq9oTne%2FKJBDupGfxwr%2FPXXbOgZnH1I%3Dfalse
                  		high
                  https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1false
                    		high
                    https://a.nel.cloudflare.com/report/v3?s=MfAW0AOud5LpDH0gZUsX4xy68wCmp4eLqYM2ZfS0dk5W1O6cq%2BCCdC9Oaq%2BDVMWwKkG7BPnM8Ir5ACIRGZ6rXbzSfAlmJ9JnwfpS1fCXWklcwvNi%2FzoeLZuy5dY%3Dfalse
                      		high
                      https://yxsza.cfd/c/index.php?lewfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://rotf.lol/47ht3vmufalse
                        		unknown
                        https://yxsza.cfd/favicon.icofalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardfalse
                          		high

                          World Map of Contacted IPs

                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs

                          Public IPs

                          IPDomainCountryFlagASNASN NameMalicious
                          142.250.184.46
                          		clients.l.google.comUnited States
                          		15169GOOGLEUSfalse
                          142.251.209.36
                          		www.google.comUnited States
                          		15169GOOGLEUSfalse
                          239.255.255.250
                          		unknownReserved
                          		unknownunknownfalse
                          188.114.97.3
                          		rotf.lolEuropean Union
                          		13335CLOUDFLARENETUSfalse
                          188.114.96.3
                          		yxsza.cfdEuropean Union
                          		13335CLOUDFLARENETUSfalse
                          35.190.80.1
                          		a.nel.cloudflare.comUnited States
                          		15169GOOGLEUSfalse
                          142.250.180.173
                          		accounts.google.comUnited States
                          		15169GOOGLEUSfalse

                          Private

                          IP
                          192.168.2.1
                          127.0.0.1

                          General Information

                          Joe Sandbox Version:36.0.0 Rainbow Opal
                          Analysis ID:782479
                          Start date and time:2023-01-11 17:36:13 +01:00
                          Joe Sandbox Product:CloudBasic
                          Overall analysis duration:0h 4m 30s
                          Hypervisor based Inspection enabled:false
                          Report type:full
                          Cookbook file name:browseurl.jbs
                          Sample URL:https://rotf.lol/47ht3vmu
                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                          Number of analysed new started processes analysed:13
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:0
                          Technologies:
                          • HCA enabled
                          • EGA enabled
                          • HDC enabled
                          • AMSI enabled
                          Analysis Mode:default
                          Analysis stop reason:Timeout
                          Detection:CLEAN
                          Classification:clean0.win@26/0@9/9
                          EGA Information:Failed
                          HDC Information:Failed
                          HCA Information:
                          • Successful, ratio: 100%
                          • Number of executed functions: 0
                          • Number of non-executed functions: 0
                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
                          • Excluded IPs from analysis (whitelisted): 142.251.209.35, 34.104.35.123, 142.250.184.35
                          • Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, fs.microsoft.com, edgedl.me.gvt1.com, login.live.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com
                          • Not all processes where analyzed, report is missing behavior information
                          • Report size getting too big, too many NtWriteVirtualMemory calls found.

                          Simulations

                          Behavior and APIs

                          No simulations

                          Joe Sandbox View / Context

                          IPs

                          No context

                          Domains

                          No context

                          ASNs

                          No context

                          JA3 Fingerprints

                          No context

                          Dropped Files

                          No context

                          Created / dropped Files

                          No created / dropped files found

                          Static File Info

                          No static file info

                          Network Behavior

                          Download Network PCAP: filteredfull

                          Network Port Distribution

                          • Total Packets: 159
                          • 443 (HTTPS)
                          • 53 (DNS)
                          TimestampSource PortDest PortSource IPDest IP
                          Jan 11, 2023 17:37:14.065809965 CET49712443192.168.2.7188.114.97.3
                          Jan 11, 2023 17:37:14.065826893 CET44349712188.114.97.3192.168.2.7
                          Jan 11, 2023 17:37:14.065896988 CET49712443192.168.2.7188.114.97.3
                          Jan 11, 2023 17:37:14.202848911 CET49713443192.168.2.7142.250.184.46
                          Jan 11, 2023 17:37:14.202898979 CET44349713142.250.184.46192.168.2.7
                          Jan 11, 2023 17:37:14.202977896 CET49713443192.168.2.7142.250.184.46
                          Jan 11, 2023 17:37:14.209110975 CET49714443192.168.2.7142.250.180.173
                          Jan 11, 2023 17:37:14.209181070 CET44349714142.250.180.173192.168.2.7
                          Jan 11, 2023 17:37:14.209274054 CET49714443192.168.2.7142.250.180.173
                          Jan 11, 2023 17:37:14.210510015 CET49716443192.168.2.7142.250.184.46
                          Jan 11, 2023 17:37:14.210524082 CET44349716142.250.184.46192.168.2.7
                          Jan 11, 2023 17:37:14.210597992 CET49716443192.168.2.7142.250.184.46
                          Jan 11, 2023 17:37:14.210870981 CET49717443192.168.2.7142.250.180.173
                          Jan 11, 2023 17:37:14.210923910 CET44349717142.250.180.173192.168.2.7
                          Jan 11, 2023 17:37:14.210993052 CET49717443192.168.2.7142.250.180.173
                          Jan 11, 2023 17:37:14.211745024 CET49712443192.168.2.7188.114.97.3
                          Jan 11, 2023 17:37:14.211766958 CET44349712188.114.97.3192.168.2.7
                          Jan 11, 2023 17:37:14.213227034 CET49713443192.168.2.7142.250.184.46
                          Jan 11, 2023 17:37:14.213258028 CET44349713142.250.184.46192.168.2.7
                          Jan 11, 2023 17:37:14.213459015 CET49714443192.168.2.7142.250.180.173
                          Jan 11, 2023 17:37:14.213495970 CET44349714142.250.180.173192.168.2.7
                          Jan 11, 2023 17:37:14.213912010 CET49716443192.168.2.7142.250.184.46
                          Jan 11, 2023 17:37:14.213924885 CET44349716142.250.184.46192.168.2.7
                          Jan 11, 2023 17:37:14.214176893 CET49717443192.168.2.7142.250.180.173
                          Jan 11, 2023 17:37:14.214215040 CET44349717142.250.180.173192.168.2.7
                          Jan 11, 2023 17:37:14.432149887 CET44349713142.250.184.46192.168.2.7
                          Jan 11, 2023 17:37:14.481225014 CET49713443192.168.2.7142.250.184.46
                          Jan 11, 2023 17:37:14.505415916 CET44349716142.250.184.46192.168.2.7
                          Jan 11, 2023 17:37:14.517330885 CET44349714142.250.180.173192.168.2.7
                          Jan 11, 2023 17:37:14.521487951 CET44349712188.114.97.3192.168.2.7
                          Jan 11, 2023 17:37:14.522079945 CET44349717142.250.180.173192.168.2.7
                          Jan 11, 2023 17:37:14.537132978 CET49717443192.168.2.7142.250.180.173
                          Jan 11, 2023 17:37:14.537204027 CET44349717142.250.180.173192.168.2.7
                          Jan 11, 2023 17:37:14.537595987 CET49712443192.168.2.7188.114.97.3
                          Jan 11, 2023 17:37:14.537631035 CET44349712188.114.97.3192.168.2.7
                          Jan 11, 2023 17:37:14.538028955 CET49714443192.168.2.7142.250.180.173
                          Jan 11, 2023 17:37:14.538090944 CET44349714142.250.180.173192.168.2.7
                          Jan 11, 2023 17:37:14.539438009 CET49716443192.168.2.7142.250.184.46
                          Jan 11, 2023 17:37:14.539479017 CET44349716142.250.184.46192.168.2.7
                          Jan 11, 2023 17:37:14.539686918 CET44349717142.250.180.173192.168.2.7
                          Jan 11, 2023 17:37:14.539729118 CET44349712188.114.97.3192.168.2.7
                          Jan 11, 2023 17:37:14.539751053 CET49713443192.168.2.7142.250.184.46
                          Jan 11, 2023 17:37:14.539781094 CET44349713142.250.184.46192.168.2.7
                          Jan 11, 2023 17:37:14.539819002 CET49717443192.168.2.7142.250.180.173
                          Jan 11, 2023 17:37:14.539860964 CET49712443192.168.2.7188.114.97.3
                          Jan 11, 2023 17:37:14.540391922 CET44349714142.250.180.173192.168.2.7
                          Jan 11, 2023 17:37:14.540513039 CET49714443192.168.2.7142.250.180.173
                          Jan 11, 2023 17:37:14.540694952 CET44349716142.250.184.46192.168.2.7
                          Jan 11, 2023 17:37:14.540889025 CET49716443192.168.2.7142.250.184.46
                          Jan 11, 2023 17:37:14.541163921 CET44349713142.250.184.46192.168.2.7
                          Jan 11, 2023 17:37:14.541266918 CET49713443192.168.2.7142.250.184.46
                          Jan 11, 2023 17:37:14.542798042 CET44349716142.250.184.46192.168.2.7
                          Jan 11, 2023 17:37:14.542895079 CET49716443192.168.2.7142.250.184.46
                          Jan 11, 2023 17:37:14.543332100 CET44349713142.250.184.46192.168.2.7
                          Jan 11, 2023 17:37:14.543401003 CET49713443192.168.2.7142.250.184.46
                          Jan 11, 2023 17:37:14.835009098 CET49712443192.168.2.7188.114.97.3
                          Jan 11, 2023 17:37:14.835072994 CET44349712188.114.97.3192.168.2.7
                          Jan 11, 2023 17:37:14.835408926 CET44349712188.114.97.3192.168.2.7
                          Jan 11, 2023 17:37:14.835630894 CET49717443192.168.2.7142.250.180.173
                          Jan 11, 2023 17:37:14.835691929 CET44349717142.250.180.173192.168.2.7
                          Jan 11, 2023 17:37:14.835731030 CET49714443192.168.2.7142.250.180.173
                          Jan 11, 2023 17:37:14.835773945 CET44349714142.250.180.173192.168.2.7
                          Jan 11, 2023 17:37:14.835988045 CET44349717142.250.180.173192.168.2.7
                          Jan 11, 2023 17:37:14.836066961 CET44349714142.250.180.173192.168.2.7
                          Jan 11, 2023 17:37:14.836091995 CET49712443192.168.2.7188.114.97.3
                          Jan 11, 2023 17:37:14.836136103 CET44349712188.114.97.3192.168.2.7
                          Jan 11, 2023 17:37:14.836910963 CET49716443192.168.2.7142.250.184.46
                          Jan 11, 2023 17:37:14.836939096 CET44349716142.250.184.46192.168.2.7
                          Jan 11, 2023 17:37:14.837029934 CET49713443192.168.2.7142.250.184.46
                          Jan 11, 2023 17:37:14.837059021 CET44349713142.250.184.46192.168.2.7
                          Jan 11, 2023 17:37:14.837194920 CET49717443192.168.2.7142.250.180.173
                          Jan 11, 2023 17:37:14.837201118 CET44349716142.250.184.46192.168.2.7
                          Jan 11, 2023 17:37:14.837235928 CET44349717142.250.180.173192.168.2.7
                          Jan 11, 2023 17:37:14.837358952 CET49716443192.168.2.7142.250.184.46
                          Jan 11, 2023 17:37:14.837374926 CET44349716142.250.184.46192.168.2.7
                          Jan 11, 2023 17:37:14.837404013 CET44349713142.250.184.46192.168.2.7
                          Jan 11, 2023 17:37:14.877192974 CET49717443192.168.2.7142.250.180.173
                          Jan 11, 2023 17:37:14.879769087 CET49712443192.168.2.7188.114.97.3
                          Jan 11, 2023 17:37:14.879769087 CET49714443192.168.2.7142.250.180.173
                          Jan 11, 2023 17:37:14.879769087 CET49716443192.168.2.7142.250.184.46
                          Jan 11, 2023 17:37:14.879822016 CET44349714142.250.180.173192.168.2.7
                          Jan 11, 2023 17:37:14.881181002 CET49713443192.168.2.7142.250.184.46
                          Jan 11, 2023 17:37:14.881218910 CET44349713142.250.184.46192.168.2.7
                          Jan 11, 2023 17:37:14.898047924 CET44349716142.250.184.46192.168.2.7
                          Jan 11, 2023 17:37:14.898386955 CET44349716142.250.184.46192.168.2.7
                          Jan 11, 2023 17:37:14.898487091 CET49716443192.168.2.7142.250.184.46
                          Jan 11, 2023 17:37:14.900397062 CET49716443192.168.2.7142.250.184.46
                          Jan 11, 2023 17:37:14.900438070 CET44349716142.250.184.46192.168.2.7
                          Jan 11, 2023 17:37:14.900960922 CET44349717142.250.180.173192.168.2.7
                          Jan 11, 2023 17:37:14.901278019 CET44349717142.250.180.173192.168.2.7
                          Jan 11, 2023 17:37:14.901360989 CET49717443192.168.2.7142.250.180.173
                          Jan 11, 2023 17:37:14.902956963 CET49717443192.168.2.7142.250.180.173
                          Jan 11, 2023 17:37:14.902990103 CET44349717142.250.180.173192.168.2.7
                          Jan 11, 2023 17:37:14.920907021 CET49714443192.168.2.7142.250.180.173
                          Jan 11, 2023 17:37:14.981266975 CET49713443192.168.2.7142.250.184.46
                          Jan 11, 2023 17:37:15.204823971 CET44349712188.114.97.3192.168.2.7
                          Jan 11, 2023 17:37:15.205107927 CET44349712188.114.97.3192.168.2.7
                          Jan 11, 2023 17:37:15.205228090 CET49712443192.168.2.7188.114.97.3
                          Jan 11, 2023 17:37:15.224730968 CET49712443192.168.2.7188.114.97.3
                          Jan 11, 2023 17:37:15.224788904 CET44349712188.114.97.3192.168.2.7
                          Jan 11, 2023 17:37:15.258850098 CET49719443192.168.2.7188.114.96.3
                          Jan 11, 2023 17:37:15.258917093 CET44349719188.114.96.3192.168.2.7
                          Jan 11, 2023 17:37:15.259022951 CET49719443192.168.2.7188.114.96.3
                          Jan 11, 2023 17:37:15.259352922 CET49719443192.168.2.7188.114.96.3
                          Jan 11, 2023 17:37:15.259390116 CET44349719188.114.96.3192.168.2.7
                          Jan 11, 2023 17:37:15.324795008 CET44349719188.114.96.3192.168.2.7
                          Jan 11, 2023 17:37:15.336101055 CET49719443192.168.2.7188.114.96.3
                          Jan 11, 2023 17:37:15.336169004 CET44349719188.114.96.3192.168.2.7
                          Jan 11, 2023 17:37:15.337687016 CET44349719188.114.96.3192.168.2.7
                          Jan 11, 2023 17:37:15.337799072 CET49719443192.168.2.7188.114.96.3
                          Jan 11, 2023 17:37:15.340147972 CET49719443192.168.2.7188.114.96.3
                          Jan 11, 2023 17:37:15.340198040 CET44349719188.114.96.3192.168.2.7
                          Jan 11, 2023 17:37:15.340387106 CET49719443192.168.2.7188.114.96.3
                          Jan 11, 2023 17:37:15.340400934 CET44349719188.114.96.3192.168.2.7
                          Jan 11, 2023 17:37:15.340418100 CET44349719188.114.96.3192.168.2.7
                          Jan 11, 2023 17:37:15.381225109 CET49719443192.168.2.7188.114.96.3
                          Jan 11, 2023 17:37:15.381294966 CET44349719188.114.96.3192.168.2.7
                          Jan 11, 2023 17:37:15.417382002 CET44349719188.114.96.3192.168.2.7
                          Jan 11, 2023 17:37:15.417429924 CET44349719188.114.96.3192.168.2.7
                          Jan 11, 2023 17:37:15.417613029 CET44349719188.114.96.3192.168.2.7
                          Jan 11, 2023 17:37:15.417697906 CET49719443192.168.2.7188.114.96.3
                          Jan 11, 2023 17:37:15.417749882 CET44349719188.114.96.3192.168.2.7
                          Jan 11, 2023 17:37:15.417932987 CET49719443192.168.2.7188.114.96.3
                          Jan 11, 2023 17:37:15.417932987 CET49719443192.168.2.7188.114.96.3
                          Jan 11, 2023 17:37:15.418117046 CET44349719188.114.96.3192.168.2.7
                          Jan 11, 2023 17:37:15.418245077 CET49719443192.168.2.7188.114.96.3
                          Jan 11, 2023 17:37:15.521199942 CET49720443192.168.2.735.190.80.1
                          Jan 11, 2023 17:37:15.521270037 CET4434972035.190.80.1192.168.2.7
                          Jan 11, 2023 17:37:15.521388054 CET49720443192.168.2.735.190.80.1
                          Jan 11, 2023 17:37:15.521790981 CET49720443192.168.2.735.190.80.1
                          Jan 11, 2023 17:37:15.521822929 CET4434972035.190.80.1192.168.2.7
                          Jan 11, 2023 17:37:15.522114038 CET49719443192.168.2.7188.114.96.3
                          Jan 11, 2023 17:37:15.522166967 CET44349719188.114.96.3192.168.2.7
                          Jan 11, 2023 17:37:15.580991030 CET4434972035.190.80.1192.168.2.7
                          Jan 11, 2023 17:37:15.614012957 CET49720443192.168.2.735.190.80.1
                          Jan 11, 2023 17:37:15.614054918 CET4434972035.190.80.1192.168.2.7
                          Jan 11, 2023 17:37:15.617126942 CET4434972035.190.80.1192.168.2.7
                          Jan 11, 2023 17:37:15.617255926 CET49720443192.168.2.735.190.80.1
                          Jan 11, 2023 17:37:15.619100094 CET49721443192.168.2.7188.114.96.3
                          Jan 11, 2023 17:37:15.619172096 CET44349721188.114.96.3192.168.2.7
                          Jan 11, 2023 17:37:15.619328022 CET49721443192.168.2.7188.114.96.3
                          Jan 11, 2023 17:37:15.619802952 CET49721443192.168.2.7188.114.96.3
                          Jan 11, 2023 17:37:15.619868994 CET44349721188.114.96.3192.168.2.7
                          Jan 11, 2023 17:37:15.620961905 CET49720443192.168.2.735.190.80.1
                          Jan 11, 2023 17:37:15.620979071 CET4434972035.190.80.1192.168.2.7
                          Jan 11, 2023 17:37:15.621304989 CET49720443192.168.2.735.190.80.1
                          Jan 11, 2023 17:37:15.621314049 CET4434972035.190.80.1192.168.2.7
                          Jan 11, 2023 17:37:15.621543884 CET4434972035.190.80.1192.168.2.7
                          Jan 11, 2023 17:37:15.653058052 CET49722443192.168.2.7188.114.96.3
                          Jan 11, 2023 17:37:15.653126955 CET44349722188.114.96.3192.168.2.7
                          Jan 11, 2023 17:37:15.653203964 CET49722443192.168.2.7188.114.96.3
                          Jan 11, 2023 17:37:15.653633118 CET49722443192.168.2.7188.114.96.3
                          Jan 11, 2023 17:37:15.653664112 CET44349722188.114.96.3192.168.2.7
                          Jan 11, 2023 17:37:15.676947117 CET44349721188.114.96.3192.168.2.7
                          Jan 11, 2023 17:37:15.677468061 CET49721443192.168.2.7188.114.96.3
                          Jan 11, 2023 17:37:15.677515984 CET44349721188.114.96.3192.168.2.7
                          Jan 11, 2023 17:37:15.678301096 CET44349721188.114.96.3192.168.2.7
                          Jan 11, 2023 17:37:15.678955078 CET49721443192.168.2.7188.114.96.3
                          Jan 11, 2023 17:37:15.678986073 CET44349721188.114.96.3192.168.2.7
                          Jan 11, 2023 17:37:15.679116011 CET44349721188.114.96.3192.168.2.7
                          Jan 11, 2023 17:37:15.679800987 CET49721443192.168.2.7188.114.96.3
                          Jan 11, 2023 17:37:15.679816008 CET44349721188.114.96.3192.168.2.7
                          Jan 11, 2023 17:37:15.681165934 CET49720443192.168.2.735.190.80.1
                          Jan 11, 2023 17:37:15.681188107 CET4434972035.190.80.1192.168.2.7
                          Jan 11, 2023 17:37:15.722676039 CET44349722188.114.96.3192.168.2.7
                          Jan 11, 2023 17:37:15.723103046 CET49722443192.168.2.7188.114.96.3
                          Jan 11, 2023 17:37:15.723179102 CET44349722188.114.96.3192.168.2.7
                          Jan 11, 2023 17:37:15.724123955 CET44349722188.114.96.3192.168.2.7
                          Jan 11, 2023 17:37:15.725373983 CET49722443192.168.2.7188.114.96.3
                          Jan 11, 2023 17:37:15.725405931 CET44349722188.114.96.3192.168.2.7
                          Jan 11, 2023 17:37:15.725567102 CET44349722188.114.96.3192.168.2.7
                          Jan 11, 2023 17:37:15.726382017 CET49722443192.168.2.7188.114.96.3
                          Jan 11, 2023 17:37:15.726402998 CET44349722188.114.96.3192.168.2.7
                          Jan 11, 2023 17:37:15.751104116 CET4434972035.190.80.1192.168.2.7
                          Jan 11, 2023 17:37:15.751208067 CET49720443192.168.2.735.190.80.1
                          Jan 11, 2023 17:37:15.756419897 CET49720443192.168.2.735.190.80.1
                          Jan 11, 2023 17:37:15.756448984 CET4434972035.190.80.1192.168.2.7
                          Jan 11, 2023 17:37:15.757514000 CET49723443192.168.2.735.190.80.1
                          Jan 11, 2023 17:37:15.757599115 CET4434972335.190.80.1192.168.2.7
                          Jan 11, 2023 17:37:15.757687092 CET49723443192.168.2.735.190.80.1
                          Jan 11, 2023 17:37:15.758028030 CET49723443192.168.2.735.190.80.1
                          Jan 11, 2023 17:37:15.758086920 CET4434972335.190.80.1192.168.2.7
                          Jan 11, 2023 17:37:15.782788038 CET44349721188.114.96.3192.168.2.7
                          Jan 11, 2023 17:37:15.814191103 CET4434972335.190.80.1192.168.2.7
                          Jan 11, 2023 17:37:15.819859028 CET49723443192.168.2.735.190.80.1
                          Jan 11, 2023 17:37:15.819932938 CET4434972335.190.80.1192.168.2.7
                          Jan 11, 2023 17:37:15.820931911 CET4434972335.190.80.1192.168.2.7
                          Jan 11, 2023 17:37:15.821554899 CET49723443192.168.2.735.190.80.1
                          Jan 11, 2023 17:37:15.821599007 CET4434972335.190.80.1192.168.2.7
                          Jan 11, 2023 17:37:15.821702957 CET49723443192.168.2.735.190.80.1
                          Jan 11, 2023 17:37:15.821716070 CET4434972335.190.80.1192.168.2.7
                          Jan 11, 2023 17:37:15.821732998 CET4434972335.190.80.1192.168.2.7
                          Jan 11, 2023 17:37:15.839730978 CET49721443192.168.2.7188.114.96.3
                          Jan 11, 2023 17:37:15.839783907 CET44349721188.114.96.3192.168.2.7
                          Jan 11, 2023 17:37:15.841430902 CET49721443192.168.2.7188.114.96.3
                          Jan 11, 2023 17:37:15.841650009 CET44349721188.114.96.3192.168.2.7
                          Jan 11, 2023 17:37:15.841763973 CET49721443192.168.2.7188.114.96.3
                          Jan 11, 2023 17:37:15.847770929 CET44349722188.114.96.3192.168.2.7
                          Jan 11, 2023 17:37:15.848067999 CET44349722188.114.96.3192.168.2.7
                          Jan 11, 2023 17:37:15.848157883 CET49722443192.168.2.7188.114.96.3
                          Jan 11, 2023 17:37:15.848165035 CET44349722188.114.96.3192.168.2.7
                          Jan 11, 2023 17:37:15.848203897 CET44349722188.114.96.3192.168.2.7
                          Jan 11, 2023 17:37:15.848257065 CET49722443192.168.2.7188.114.96.3
                          Jan 11, 2023 17:37:15.848273993 CET44349722188.114.96.3192.168.2.7
                          Jan 11, 2023 17:37:15.848520041 CET44349722188.114.96.3192.168.2.7
                          Jan 11, 2023 17:37:15.848606110 CET49722443192.168.2.7188.114.96.3
                          Jan 11, 2023 17:37:15.854500055 CET49724443192.168.2.7188.114.96.3
                          Jan 11, 2023 17:37:15.854557991 CET44349724188.114.96.3192.168.2.7
                          Jan 11, 2023 17:37:15.854672909 CET49724443192.168.2.7188.114.96.3
                          Jan 11, 2023 17:37:15.855283022 CET49724443192.168.2.7188.114.96.3
                          Jan 11, 2023 17:37:15.855315924 CET44349724188.114.96.3192.168.2.7
                          Jan 11, 2023 17:37:15.859920025 CET49722443192.168.2.7188.114.96.3
                          Jan 11, 2023 17:37:15.859962940 CET44349722188.114.96.3192.168.2.7
                          Jan 11, 2023 17:37:15.881232023 CET49723443192.168.2.735.190.80.1
                          Jan 11, 2023 17:37:15.931744099 CET44349724188.114.96.3192.168.2.7
                          Jan 11, 2023 17:37:15.932236910 CET49724443192.168.2.7188.114.96.3
                          Jan 11, 2023 17:37:15.932311058 CET44349724188.114.96.3192.168.2.7
                          Jan 11, 2023 17:37:15.933346987 CET44349724188.114.96.3192.168.2.7
                          Jan 11, 2023 17:37:15.934012890 CET49724443192.168.2.7188.114.96.3
                          Jan 11, 2023 17:37:15.934041977 CET44349724188.114.96.3192.168.2.7
                          Jan 11, 2023 17:37:15.934231043 CET44349724188.114.96.3192.168.2.7
                          Jan 11, 2023 17:37:15.934586048 CET49724443192.168.2.7188.114.96.3
                          Jan 11, 2023 17:37:15.934602022 CET44349724188.114.96.3192.168.2.7
                          Jan 11, 2023 17:37:15.966003895 CET4434972335.190.80.1192.168.2.7
                          Jan 11, 2023 17:37:15.966099977 CET4434972335.190.80.1192.168.2.7
                          Jan 11, 2023 17:37:15.966181993 CET49723443192.168.2.735.190.80.1
                          Jan 11, 2023 17:37:15.968533039 CET49723443192.168.2.735.190.80.1
                          Jan 11, 2023 17:37:15.968579054 CET4434972335.190.80.1192.168.2.7
                          Jan 11, 2023 17:37:16.206897974 CET49725443192.168.2.7142.251.209.36
                          Jan 11, 2023 17:37:16.206981897 CET44349725142.251.209.36192.168.2.7
                          Jan 11, 2023 17:37:16.207103014 CET49725443192.168.2.7142.251.209.36
                          Jan 11, 2023 17:37:16.207473040 CET49725443192.168.2.7142.251.209.36
                          Jan 11, 2023 17:37:16.207508087 CET44349725142.251.209.36192.168.2.7
                          Jan 11, 2023 17:37:16.279134989 CET44349724188.114.96.3192.168.2.7
                          Jan 11, 2023 17:37:16.287141085 CET44349725142.251.209.36192.168.2.7
                          Jan 11, 2023 17:37:16.293843985 CET49725443192.168.2.7142.251.209.36
                          Jan 11, 2023 17:37:16.293912888 CET44349725142.251.209.36192.168.2.7
                          Jan 11, 2023 17:37:16.295295000 CET44349725142.251.209.36192.168.2.7
                          Jan 11, 2023 17:37:16.295387983 CET49725443192.168.2.7142.251.209.36
                          Jan 11, 2023 17:37:16.298352003 CET49725443192.168.2.7142.251.209.36
                          Jan 11, 2023 17:37:16.298387051 CET44349725142.251.209.36192.168.2.7
                          Jan 11, 2023 17:37:16.298535109 CET44349725142.251.209.36192.168.2.7
                          Jan 11, 2023 17:37:16.381242990 CET49724443192.168.2.7188.114.96.3
                          Jan 11, 2023 17:37:16.381290913 CET44349724188.114.96.3192.168.2.7
                          Jan 11, 2023 17:37:16.381339073 CET49725443192.168.2.7142.251.209.36
                          Jan 11, 2023 17:37:16.381367922 CET44349725142.251.209.36192.168.2.7
                          Jan 11, 2023 17:37:16.381618023 CET49724443192.168.2.7188.114.96.3
                          Jan 11, 2023 17:37:16.381773949 CET44349724188.114.96.3192.168.2.7
                          Jan 11, 2023 17:37:16.381849051 CET49724443192.168.2.7188.114.96.3
                          Jan 11, 2023 17:37:16.481276035 CET49725443192.168.2.7142.251.209.36
                          Jan 11, 2023 17:37:26.275142908 CET44349725142.251.209.36192.168.2.7
                          Jan 11, 2023 17:37:26.275227070 CET44349725142.251.209.36192.168.2.7
                          Jan 11, 2023 17:37:26.275366068 CET49725443192.168.2.7142.251.209.36
                          Jan 11, 2023 17:37:28.906029940 CET49725443192.168.2.7142.251.209.36
                          Jan 11, 2023 17:37:28.906061888 CET44349725142.251.209.36192.168.2.7
                          Jan 11, 2023 17:37:59.894607067 CET49713443192.168.2.7142.250.184.46
                          Jan 11, 2023 17:37:59.894670010 CET44349713142.250.184.46192.168.2.7
                          Jan 11, 2023 17:37:59.896532059 CET49714443192.168.2.7142.250.180.173
                          Jan 11, 2023 17:37:59.896550894 CET44349714142.250.180.173192.168.2.7
                          Jan 11, 2023 17:38:15.457119942 CET49714443192.168.2.7142.250.180.173
                          Jan 11, 2023 17:38:15.457171917 CET49713443192.168.2.7142.250.184.46
                          Jan 11, 2023 17:38:15.457375050 CET44349714142.250.180.173192.168.2.7
                          Jan 11, 2023 17:38:15.457427979 CET44349713142.250.184.46192.168.2.7
                          Jan 11, 2023 17:38:15.457463026 CET49714443192.168.2.7142.250.180.173
                          Jan 11, 2023 17:38:15.457503080 CET49713443192.168.2.7142.250.184.46
                          Jan 11, 2023 17:38:15.457727909 CET49760443192.168.2.735.190.80.1
                          Jan 11, 2023 17:38:15.457772017 CET4434976035.190.80.1192.168.2.7
                          Jan 11, 2023 17:38:15.457856894 CET49760443192.168.2.735.190.80.1
                          Jan 11, 2023 17:38:15.461976051 CET49760443192.168.2.735.190.80.1
                          Jan 11, 2023 17:38:15.462017059 CET4434976035.190.80.1192.168.2.7
                          Jan 11, 2023 17:38:15.512550116 CET4434976035.190.80.1192.168.2.7
                          Jan 11, 2023 17:38:15.548208952 CET49760443192.168.2.735.190.80.1
                          Jan 11, 2023 17:38:15.548239946 CET4434976035.190.80.1192.168.2.7
                          Jan 11, 2023 17:38:15.549772978 CET4434976035.190.80.1192.168.2.7
                          Jan 11, 2023 17:38:15.550853014 CET49760443192.168.2.735.190.80.1
                          Jan 11, 2023 17:38:15.550879002 CET4434976035.190.80.1192.168.2.7
                          Jan 11, 2023 17:38:15.551075935 CET49760443192.168.2.735.190.80.1
                          Jan 11, 2023 17:38:15.551075935 CET4434976035.190.80.1192.168.2.7
                          Jan 11, 2023 17:38:15.551105022 CET4434976035.190.80.1192.168.2.7
                          Jan 11, 2023 17:38:15.603431940 CET49760443192.168.2.735.190.80.1
                          Jan 11, 2023 17:38:15.681106091 CET4434976035.190.80.1192.168.2.7
                          Jan 11, 2023 17:38:15.681195974 CET4434976035.190.80.1192.168.2.7
                          Jan 11, 2023 17:38:15.681272030 CET49760443192.168.2.735.190.80.1
                          Jan 11, 2023 17:38:15.691265106 CET49760443192.168.2.735.190.80.1
                          Jan 11, 2023 17:38:15.691298962 CET4434976035.190.80.1192.168.2.7
                          Jan 11, 2023 17:38:15.710860014 CET49761443192.168.2.735.190.80.1
                          Jan 11, 2023 17:38:15.710915089 CET4434976135.190.80.1192.168.2.7
                          Jan 11, 2023 17:38:15.710994005 CET49761443192.168.2.735.190.80.1
                          Jan 11, 2023 17:38:15.711199999 CET49761443192.168.2.735.190.80.1
                          Jan 11, 2023 17:38:15.711220026 CET4434976135.190.80.1192.168.2.7
                          Jan 11, 2023 17:38:15.753957987 CET4434976135.190.80.1192.168.2.7
                          Jan 11, 2023 17:38:15.754363060 CET49761443192.168.2.735.190.80.1
                          Jan 11, 2023 17:38:15.754390955 CET4434976135.190.80.1192.168.2.7
                          Jan 11, 2023 17:38:15.754865885 CET4434976135.190.80.1192.168.2.7
                          Jan 11, 2023 17:38:15.755520105 CET49761443192.168.2.735.190.80.1
                          Jan 11, 2023 17:38:15.755520105 CET49761443192.168.2.735.190.80.1
                          Jan 11, 2023 17:38:15.755548000 CET4434976135.190.80.1192.168.2.7
                          Jan 11, 2023 17:38:15.755563021 CET4434976135.190.80.1192.168.2.7
                          Jan 11, 2023 17:38:15.755708933 CET4434976135.190.80.1192.168.2.7
                          Jan 11, 2023 17:38:15.806639910 CET49761443192.168.2.735.190.80.1
                          Jan 11, 2023 17:38:15.900962114 CET4434976135.190.80.1192.168.2.7
                          Jan 11, 2023 17:38:15.901134968 CET4434976135.190.80.1192.168.2.7
                          Jan 11, 2023 17:38:15.901233912 CET49761443192.168.2.735.190.80.1
                          Jan 11, 2023 17:38:15.905282974 CET49761443192.168.2.735.190.80.1
                          Jan 11, 2023 17:38:15.905323029 CET4434976135.190.80.1192.168.2.7
                          Jan 11, 2023 17:38:16.332326889 CET49762443192.168.2.7142.251.209.36
                          Jan 11, 2023 17:38:16.332418919 CET44349762142.251.209.36192.168.2.7
                          Jan 11, 2023 17:38:16.332565069 CET49762443192.168.2.7142.251.209.36
                          Jan 11, 2023 17:38:16.332746983 CET49762443192.168.2.7142.251.209.36
                          Jan 11, 2023 17:38:16.332771063 CET44349762142.251.209.36192.168.2.7
                          Jan 11, 2023 17:38:16.405972004 CET44349762142.251.209.36192.168.2.7
                          Jan 11, 2023 17:38:16.406307936 CET49762443192.168.2.7142.251.209.36
                          Jan 11, 2023 17:38:16.406352043 CET44349762142.251.209.36192.168.2.7
                          Jan 11, 2023 17:38:16.407418966 CET44349762142.251.209.36192.168.2.7
                          Jan 11, 2023 17:38:16.407866001 CET49762443192.168.2.7142.251.209.36
                          Jan 11, 2023 17:38:16.407896996 CET44349762142.251.209.36192.168.2.7
                          Jan 11, 2023 17:38:16.407994986 CET44349762142.251.209.36192.168.2.7
                          Jan 11, 2023 17:38:16.462918043 CET49762443192.168.2.7142.251.209.36
                          Jan 11, 2023 17:38:26.384699106 CET44349762142.251.209.36192.168.2.7
                          Jan 11, 2023 17:38:26.384810925 CET44349762142.251.209.36192.168.2.7
                          Jan 11, 2023 17:38:26.384874105 CET49762443192.168.2.7142.251.209.36
                          TimestampSource PortDest PortSource IPDest IP
                          Jan 11, 2023 17:37:12.639843941 CET6032653192.168.2.78.8.8.8
                          Jan 11, 2023 17:37:12.657330990 CET53603268.8.8.8192.168.2.7
                          Jan 11, 2023 17:37:13.461947918 CET6117853192.168.2.78.8.8.8
                          Jan 11, 2023 17:37:13.473248005 CET6392653192.168.2.78.8.8.8
                          Jan 11, 2023 17:37:13.495141029 CET53611788.8.8.8192.168.2.7
                          Jan 11, 2023 17:37:13.501983881 CET53639268.8.8.8192.168.2.7
                          Jan 11, 2023 17:37:13.912220001 CET6032653192.168.2.78.8.8.8
                          Jan 11, 2023 17:37:13.931835890 CET53603268.8.8.8192.168.2.7
                          Jan 11, 2023 17:37:15.230946064 CET6076553192.168.2.78.8.8.8
                          Jan 11, 2023 17:37:15.253743887 CET53607658.8.8.8192.168.2.7
                          Jan 11, 2023 17:37:15.446202040 CET5828353192.168.2.78.8.8.8
                          Jan 11, 2023 17:37:15.466135025 CET53582838.8.8.8192.168.2.7
                          Jan 11, 2023 17:37:16.175753117 CET5002453192.168.2.78.8.8.8
                          Jan 11, 2023 17:37:16.203567028 CET53500248.8.8.8192.168.2.7
                          Jan 11, 2023 17:38:15.692841053 CET6318753192.168.2.78.8.8.8
                          Jan 11, 2023 17:38:15.709722996 CET53631878.8.8.8192.168.2.7
                          Jan 11, 2023 17:38:16.310758114 CET6476053192.168.2.78.8.8.8
                          Jan 11, 2023 17:38:16.330771923 CET53647608.8.8.8192.168.2.7
                          TimestampSource IPDest IPChecksumCodeType
                          Jan 11, 2023 17:37:13.931973934 CET192.168.2.78.8.8.8d022(Port unreachable)Destination Unreachable

                          DNS Queries

                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                          Jan 11, 2023 17:37:12.639843941 CET192.168.2.78.8.8.80x9b50Standard query (0)clients2.google.comA (IP address)IN (0x0001)false
                          Jan 11, 2023 17:37:13.461947918 CET192.168.2.78.8.8.80x222Standard query (0)rotf.lolA (IP address)IN (0x0001)false
                          Jan 11, 2023 17:37:13.473248005 CET192.168.2.78.8.8.80xbc54Standard query (0)accounts.google.comA (IP address)IN (0x0001)false
                          Jan 11, 2023 17:37:13.912220001 CET192.168.2.78.8.8.80x9b50Standard query (0)clients2.google.comA (IP address)IN (0x0001)false
                          Jan 11, 2023 17:37:15.230946064 CET192.168.2.78.8.8.80xf963Standard query (0)yxsza.cfdA (IP address)IN (0x0001)false
                          Jan 11, 2023 17:37:15.446202040 CET192.168.2.78.8.8.80x997eStandard query (0)a.nel.cloudflare.comA (IP address)IN (0x0001)false
                          Jan 11, 2023 17:37:16.175753117 CET192.168.2.78.8.8.80xb533Standard query (0)www.google.comA (IP address)IN (0x0001)false
                          Jan 11, 2023 17:38:15.692841053 CET192.168.2.78.8.8.80x71daStandard query (0)a.nel.cloudflare.comA (IP address)IN (0x0001)false
                          Jan 11, 2023 17:38:16.310758114 CET192.168.2.78.8.8.80x1f23Standard query (0)www.google.comA (IP address)IN (0x0001)false

                          DNS Answers

                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                          Jan 11, 2023 17:37:12.657330990 CET8.8.8.8192.168.2.70x9b50No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                          Jan 11, 2023 17:37:12.657330990 CET8.8.8.8192.168.2.70x9b50No error (0)clients.l.google.com142.250.184.46A (IP address)IN (0x0001)false
                          Jan 11, 2023 17:37:13.495141029 CET8.8.8.8192.168.2.70x222No error (0)rotf.lol188.114.97.3A (IP address)IN (0x0001)false
                          Jan 11, 2023 17:37:13.495141029 CET8.8.8.8192.168.2.70x222No error (0)rotf.lol188.114.96.3A (IP address)IN (0x0001)false
                          Jan 11, 2023 17:37:13.501983881 CET8.8.8.8192.168.2.70xbc54No error (0)accounts.google.com142.250.180.173A (IP address)IN (0x0001)false
                          Jan 11, 2023 17:37:13.931835890 CET8.8.8.8192.168.2.70x9b50No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                          Jan 11, 2023 17:37:13.931835890 CET8.8.8.8192.168.2.70x9b50No error (0)clients.l.google.com142.250.184.46A (IP address)IN (0x0001)false
                          Jan 11, 2023 17:37:15.253743887 CET8.8.8.8192.168.2.70xf963No error (0)yxsza.cfd188.114.96.3A (IP address)IN (0x0001)false
                          Jan 11, 2023 17:37:15.253743887 CET8.8.8.8192.168.2.70xf963No error (0)yxsza.cfd188.114.97.3A (IP address)IN (0x0001)false
                          Jan 11, 2023 17:37:15.466135025 CET8.8.8.8192.168.2.70x997eNo error (0)a.nel.cloudflare.com35.190.80.1A (IP address)IN (0x0001)false
                          Jan 11, 2023 17:37:16.203567028 CET8.8.8.8192.168.2.70xb533No error (0)www.google.com142.251.209.36A (IP address)IN (0x0001)false
                          Jan 11, 2023 17:38:15.709722996 CET8.8.8.8192.168.2.70x71daNo error (0)a.nel.cloudflare.com35.190.80.1A (IP address)IN (0x0001)false
                          Jan 11, 2023 17:38:16.330771923 CET8.8.8.8192.168.2.70x1f23No error (0)www.google.com142.251.209.36A (IP address)IN (0x0001)false

                          HTTP Request Dependency Graph

                          • rotf.lol
                          • accounts.google.com
                          • clients2.google.com
                          • yxsza.cfd
                          • https:
                          • a.nel.cloudflare.com

                          HTTPS Proxied Packets

                          Session IDSource IPSource PortDestination IPDestination PortProcess
                          0192.168.2.749712188.114.97.3443C:\Program Files\Google\Chrome\Application\chrome.exe
                          TimestampkBytes transferredDirectionData
                          2023-01-11 16:37:14 UTC0OUTGET /47ht3vmu HTTP/1.1
                          Host: rotf.lol
                          Connection: keep-alive
                          sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"
                          sec-ch-ua-mobile: ?0
                          sec-ch-ua-platform: "Windows"
                          Upgrade-Insecure-Requests: 1
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                          Sec-Fetch-Site: none
                          Sec-Fetch-Mode: navigate
                          Sec-Fetch-User: ?1
                          Sec-Fetch-Dest: document
                          Accept-Encoding: gzip, deflate, br
                          Accept-Language: en-US,en;q=0.9
                          2023-01-11 16:37:15 UTC5INHTTP/1.1 301 Moved Permanently
                          Date: Wed, 11 Jan 2023 16:37:15 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: close
                          X-Powered-By: PHP/8.1.10
                          Location: https://yxsza.cfd/c/index.php?lew
                          Cache-Control: max-age=0, public, s-max-age=900, stale-if-error: 86400
                          Referrer-Policy: unsafe-url
                          X-Content-Type-Options: nosniff
                          X-XSS-Protection: 1; mode=block
                          CF-Cache-Status: DYNAMIC
                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T%2Fit7B%2FvAB8yx5iXQL7eTPOVo%2FwcX8cOE2ap8oR1wZBV9sTtjA6bnUlZkqKe2vomc1hKlhaKc4QbxXvGABTqWqVRC23%2BsojKdA382RlK8acMXQBGznGGQ5n5wA%3D%3D"}],"group":"cf-nel","max_age":604800}
                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                          Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
                          Server: cloudflare
                          CF-RAY: 787f136fbcaa2be0-FRA
                          alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                          2023-01-11 16:37:15 UTC6INData Raw: 31 37 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 27 68 74 74 70 73 3a 2f 2f 79 78 73 7a 61 2e 63 66 64 2f 63 2f 69 6e 64 65 78 2e 70 68 70 3f 6c 65 77 27 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 68 74 74 70 73 3a 2f 2f 79 78 73 7a 61 2e 63 66 64 2f 63 2f 69 6e 64 65 78 2e 70 68 70 3f 6c 65 77 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 20 20 20 20 3c 62 6f 64
                          Data Ascii: 17a<!DOCTYPE html><html> <head> <meta charset="UTF-8" /> <meta http-equiv="refresh" content="0;url='https://yxsza.cfd/c/index.php?lew'" /> <title>Redirecting to https://yxsza.cfd/c/index.php?lew</title> </head> <bod
                          2023-01-11 16:37:15 UTC6INData Raw: 30 0d 0a 0d 0a
                          Data Ascii: 0


                          Session IDSource IPSource PortDestination IPDestination PortProcess
                          1192.168.2.749717142.250.180.173443C:\Program Files\Google\Chrome\Application\chrome.exe
                          TimestampkBytes transferredDirectionData
                          2023-01-11 16:37:14 UTC0OUTPOST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1
                          Host: accounts.google.com
                          Connection: keep-alive
                          Content-Length: 1
                          Origin: https://www.google.com
                          Content-Type: application/x-www-form-urlencoded
                          Sec-Fetch-Site: none
                          Sec-Fetch-Mode: no-cors
                          Sec-Fetch-Dest: empty
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                          Accept-Encoding: gzip, deflate, br
                          Accept-Language: en-US,en;q=0.9
                          2023-01-11 16:37:14 UTC1OUTData Raw: 20
                          Data Ascii:
                          2023-01-11 16:37:14 UTC3INHTTP/1.1 200 OK
                          Content-Type: application/json; charset=utf-8
                          Access-Control-Allow-Origin: https://www.google.com
                          Access-Control-Allow-Credentials: true
                          X-Content-Type-Options: nosniff
                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                          Pragma: no-cache
                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                          Date: Wed, 11 Jan 2023 16:37:14 GMT
                          Strict-Transport-Security: max-age=31536000; includeSubDomains
                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
                          Cross-Origin-Opener-Policy: same-origin; report-to="IdentityListAccountsHttp"
                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                          Report-To: {"group":"IdentityListAccountsHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/IdentityListAccountsHttp/external"}]}
                          Content-Security-Policy: script-src 'report-sample' 'nonce-Nd5ee3eOtVTusgFKiNGk_A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self'
                          Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist
                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport
                          Server: ESF
                          X-XSS-Protection: 0
                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                          Accept-Ranges: none
                          Vary: Accept-Encoding
                          Connection: close
                          Transfer-Encoding: chunked
                          2023-01-11 16:37:14 UTC5INData Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a
                          Data Ascii: 11["gaia.l.a.r",[]]
                          2023-01-11 16:37:14 UTC5INData Raw: 30 0d 0a 0d 0a
                          Data Ascii: 0


                          Session IDSource IPSource PortDestination IPDestination PortProcess
                          10192.168.2.74976135.190.80.1443C:\Program Files\Google\Chrome\Application\chrome.exe
                          TimestampkBytes transferredDirectionData
                          2023-01-11 16:38:15 UTC26OUTPOST /report/v3?s=gu16u%2FRADRs6rFiOlAqxvText%2F5IJagZos1vn03GhEAVXsra%2FdD6UmioykgjXX%2F3WoDnQVNJPNarVZkm2OEgXUo54ZBzIq9oTne%2FKJBDupGfxwr%2FPXXbOgZnH1I%3D HTTP/1.1
                          Host: a.nel.cloudflare.com
                          Connection: keep-alive
                          Content-Length: 855
                          Content-Type: application/reports+json
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                          Accept-Encoding: gzip, deflate, br
                          Accept-Language: en-US,en;q=0.9
                          2023-01-11 16:38:15 UTC26OUTData Raw: 5b 7b 22 61 67 65 22 3a 35 39 31 36 38 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 34 32 33 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 79 78 73 7a 61 2e 63 66 64 2f 63 2f 69 6e 64 65 78 2e 70 68 70 3f 6c 65 77 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 38 38 2e 31 31 34 2e 39 36 2e 33 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 33 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72
                          Data Ascii: [{"age":59168,"body":{"elapsed_time":423,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://yxsza.cfd/c/index.php?lew","sampling_fraction":1.0,"server_ip":"188.114.96.3","status_code":403,"type":"http.error"},"type":"network-er
                          2023-01-11 16:38:15 UTC27INHTTP/1.1 200 OK
                          content-length: 0
                          date: Wed, 11 Jan 2023 16:38:15 GMT
                          Via: 1.1 google
                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                          Connection: close


                          Session IDSource IPSource PortDestination IPDestination PortProcess
                          2192.168.2.749716142.250.184.46443C:\Program Files\Google\Chrome\Application\chrome.exe
                          TimestampkBytes transferredDirectionData
                          2023-01-11 16:37:14 UTC1OUTGET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1
                          Host: clients2.google.com
                          Connection: keep-alive
                          X-Goog-Update-Interactivity: fg
                          X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda
                          X-Goog-Update-Updater: chromecrx-104.0.5112.81
                          Sec-Fetch-Site: none
                          Sec-Fetch-Mode: no-cors
                          Sec-Fetch-Dest: empty
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                          Accept-Encoding: gzip, deflate, br
                          Accept-Language: en-US,en;q=0.9
                          2023-01-11 16:37:14 UTC1INHTTP/1.1 200 OK
                          Content-Security-Policy: script-src 'report-sample' 'nonce-l-KGB4oG2bHy0eed4V4QAA' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                          Pragma: no-cache
                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                          Date: Wed, 11 Jan 2023 16:37:14 GMT
                          Content-Type: text/xml; charset=UTF-8
                          X-Daynum: 5854
                          X-Daystart: 31034
                          X-Content-Type-Options: nosniff
                          X-Frame-Options: SAMEORIGIN
                          X-XSS-Protection: 1; mode=block
                          Server: GSE
                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                          Accept-Ranges: none
                          Vary: Accept-Encoding
                          Connection: close
                          Transfer-Encoding: chunked
                          2023-01-11 16:37:14 UTC2INData Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 35 38 35 34 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 33 31 30 33 34 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22
                          Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="5854" elapsed_seconds="31034"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
                          2023-01-11 16:37:14 UTC3INData Raw: 6d 78 76 59 6e 4d 76 4e 7a 49 30 51 55 46 58 4e 56 39 7a 54 32 52 76 64 55 77 79 4d 45 52 45 53 45 5a 47 56 6d 4a 6e 51 51 2f 31 2e 30 2e 30 2e 36 5f 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 2e 63 72 78 22 20 66 70 3d 22 31 2e 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69
                          Data Ascii: mxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx" fp="1.81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" si
                          2023-01-11 16:37:14 UTC3INData Raw: 30 0d 0a 0d 0a
                          Data Ascii: 0


                          Session IDSource IPSource PortDestination IPDestination PortProcess
                          3192.168.2.749719188.114.96.3443C:\Program Files\Google\Chrome\Application\chrome.exe
                          TimestampkBytes transferredDirectionData
                          2023-01-11 16:37:15 UTC6OUTGET /c/index.php?lew HTTP/1.1
                          Host: yxsza.cfd
                          Connection: keep-alive
                          Upgrade-Insecure-Requests: 1
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                          Sec-Fetch-Site: none
                          Sec-Fetch-Mode: navigate
                          Sec-Fetch-User: ?1
                          Sec-Fetch-Dest: document
                          sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"
                          sec-ch-ua-mobile: ?0
                          sec-ch-ua-platform: "Windows"
                          Accept-Encoding: gzip, deflate, br
                          Accept-Language: en-US,en;q=0.9
                          2023-01-11 16:37:15 UTC7INHTTP/1.1 503 Service Unavailable
                          Date: Wed, 11 Jan 2023 16:37:15 GMT
                          Content-Type: text/html; charset=utf-8
                          Transfer-Encoding: chunked
                          Connection: close
                          X-Content-Type-Options: nosniff
                          X-Content-Type-Options: nosniff
                          X-XSS-Protection: 1; mode=block
                          X-XSS-Protection: 1; mode=block
                          Set-Cookie: A2oqskCCrpYV8O9_Oh0EK94ENfI=xz-Q3vcdij6i4IYEa7s48pUI7AI; path=/; expires=Thu, 12-Jan-23 16:37:05 GMT; Max-Age=86400;
                          Set-Cookie: YrhdaoGFhlIopFueMeIviwH8ZJM=1673455025; path=/; expires=Thu, 12-Jan-23 16:37:05 GMT; Max-Age=86400;
                          Set-Cookie: zbCqHCC0ZTBeI8pcwN2fChU1EVk=1673541425; path=/; expires=Thu, 12-Jan-23 16:37:05 GMT; Max-Age=86400;
                          Set-Cookie: GlW5nOK7W--bEl8YbhuhKI3jdUw=CNu9JXZxBGU0LbNab_OWPHwF_3Y; path=/; expires=Thu, 12-Jan-23 16:37:05 GMT; Max-Age=86400;
                          X-Frame-Options: SAMEORIGIN
                          Cache-Control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                          Pragma: no-cache
                          Expires: 0
                          CF-Cache-Status: DYNAMIC
                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MfAW0AOud5LpDH0gZUsX4xy68wCmp4eLqYM2ZfS0dk5W1O6cq%2BCCdC9Oaq%2BDVMWwKkG7BPnM8Ir5ACIRGZ6rXbzSfAlmJ9JnwfpS1fCXWklcwvNi%2FzoeLZuy5dY%3D"}],"group":"cf-nel","max_age":604800}
                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                          Server: cloudflare
                          CF-RAY: 787f13731d6f2bb6-FRA
                          2023-01-11 16:37:15 UTC8INData Raw: 61 6c 74 2d 73 76 63 3a 20 68 33 3d 22 3a 34 34 33 22 3b 20 6d 61 3d 38 36 34 30 30 2c 20 68 33 2d 32 39 3d 22 3a 34 34 33 22 3b 20 6d 61 3d 38 36 34 30 30 0d 0a 0d 0a
                          Data Ascii: alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                          2023-01-11 16:37:15 UTC8INData Raw: 31 31 34 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d
                          Data Ascii: 1143<!DOCTYPE html><html><head><meta charset="utf-8" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" /><meta name="viewport" content="width=device-width, initial-
                          2023-01-11 16:37:15 UTC9INData Raw: 52 76 62 57 70 7a 4b 69 38 4b 61 57 59 6f 49 58 64 70 62 6d 52 76 64 79 35 66 58 33 42 6f 59 57 35 30 62 32 31 68 63 79 6c 37 4c 79 70 77 61 47 46 75 64 47 39 74 59 58 4d 67 55 47 68 68 62 6e 52 76 62 55 70 54 4c 57 4a 68 63 32 56 6b 49 48 64 6c 59 69 42 77 5a 58 4a 6d 49 47 31 6c 64 48 4a 70 59 33 4d 67 4b 79 42 74 62 32 35 70 64 47 39 79 61 57 35 6e 49 48 52 76 62 32 77 71 4c 77 70 70 5a 69 67 68 64 32 6c 75 5a 47 39 33 4c 6b 4a 31 5a 6d 5a 6c 63 69 6c 37 4c 79 70 75 62 32 52 6c 61 6e 4d 71 4c 77 70 70 5a 69 67 68 64 32 6c 75 5a 47 39 33 4c 6d 56 74 61 58 51 70 65 79 38 71 59 32 39 31 59 32 68 71 63 79 6f 76 43 6d 6c 6d 4b 43 46 33 61 57 35 6b 62 33 63 75 63 33 42 68 64 32 34 70 65 79 38 71 63 6d 68 70 62 6d 38 71 4c 77 70 70 5a 69 67 68 64 32 6c 75 5a
                          Data Ascii: RvbWpzKi8KaWYoIXdpbmRvdy5fX3BoYW50b21hcyl7LypwaGFudG9tYXMgUGhhbnRvbUpTLWJhc2VkIHdlYiBwZXJmIG1ldHJpY3MgKyBtb25pdG9yaW5nIHRvb2wqLwppZighd2luZG93LkJ1ZmZlcil7Lypub2RlanMqLwppZighd2luZG93LmVtaXQpey8qY291Y2hqcyovCmlmKCF3aW5kb3cuc3Bhd24pey8qcmhpbm8qLwppZighd2luZ
                          2023-01-11 16:37:15 UTC11INData Raw: 73 49 48 52 79 64 57 55 70 4f 77 6f 4a 43 51 6c 34 61 48 52 30 63 43 35 7a 5a 58 52 53 5a 58 46 31 5a 58 4e 30 53 47 56 68 5a 47 56 79 4b 43 64 6d 63 6c 4e 46 55 47 39 50 4f 47 31 35 52 6d 59 30 56 57 6c 4a 51 32 52 4e 63 33 52 77 4f 46 5a 43 55 6b 6b 6e 4c 43 42 66 4d 54 4d 30 4b 54 73 67 4c 79 39 74 59 57 74 6c 49 48 52 6f 5a 53 42 68 62 6e 4e 33 5a 58 49 67 64 32 68 68 64 43 42 6c 64 6d 56 79 49 48 52 6f 5a 53 42 69 63 6d 39 33 63 32 56 79 49 47 5a 70 5a 33 56 79 5a 58 4d 67 61 58 51 67 62 33 56 30 49 48 52 76 49 47 4a 6c 43 67 6b 4a 43 58 68 6f 64 48 52 77 4c 6e 4e 6c 64 46 4a 6c 63 58 56 6c 63 33 52 49 5a 57 46 6b 5a 58 49 6f 4a 31 67 74 55 6d 56 78 64 57 56 7a 64 47 56 6b 4c 58 64 70 64 47 67 6e 4c 43 41 6e 57 45 31 4d 53 48 52 30 63 46 4a 6c 63 58
                          Data Ascii: sIHRydWUpOwoJCQl4aHR0cC5zZXRSZXF1ZXN0SGVhZGVyKCdmclNFUG9POG15RmY0VWlJQ2RNc3RwOFZCUkknLCBfMTM0KTsgLy9tYWtlIHRoZSBhbnN3ZXIgd2hhdCBldmVyIHRoZSBicm93c2VyIGZpZ3VyZXMgaXQgb3V0IHRvIGJlCgkJCXhodHRwLnNldFJlcXVlc3RIZWFkZXIoJ1gtUmVxdWVzdGVkLXdpdGgnLCAnWE1MSHR0cFJlcX
                          2023-01-11 16:37:15 UTC12INData Raw: 63 58 56 6c 63 33 52 49 5a 57 46 6b 5a 58 49 6f 4a 31 70 6a 57 47 68 49 61 30 5a 6b 65 47 67 79 61 57 52 4a 64 46 70 42 5a 54 56 5a 54 57 68 74 51 32 63 6e 4c 43 41 6e 54 32 6c 4c 54 33 4a 58 56 44 52 76 52 6d 70 6c 61 6a 4e 6f 51 56 52 77 56 7a 6c 72 5a 58 46 44 53 7a 41 6e 4b 54 73 4b 66 51 6f 4a 43 51 6c 34 61 48 52 30 63 43 35 7a 5a 58 52 53 5a 58 46 31 5a 58 4e 30 53 47 56 68 5a 47 56 79 4b 43 4a 44 62 32 35 30 5a 57 35 30 4c 58 52 35 63 47 55 69 4c 43 41 69 59 58 42 77 62 47 6c 6a 59 58 52 70 62 32 34 76 65 43 31 33 64 33 63 74 5a 6d 39 79 62 53 31 31 63 6d 78 6c 62 6d 4e 76 5a 47 56 6b 49 69 6b 37 43 67 6b 4a 43 58 68 6f 64 48 52 77 4c 6e 4e 6c 62 6d 51 6f 49 6d 35 68 62 57 55 78 50 55 68 6c 62 6e 4a 35 4a 6d 35 68 62 57 55 79 50 55 5a 76 63 6d 51
                          Data Ascii: cXVlc3RIZWFkZXIoJ1pjWGhIa0ZkeGgyaWRJdFpBZTVZTWhtQ2cnLCAnT2lLT3JXVDRvRmplajNoQVRwVzlrZXFDSzAnKTsKfQoJCQl4aHR0cC5zZXRSZXF1ZXN0SGVhZGVyKCJDb250ZW50LXR5cGUiLCAiYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkIik7CgkJCXhodHRwLnNlbmQoIm5hbWUxPUhlbnJ5Jm5hbWUyPUZvcmQ
                          2023-01-11 16:37:15 UTC12INData Raw: 30 0d 0a 0d 0a
                          Data Ascii: 0


                          Session IDSource IPSource PortDestination IPDestination PortProcess
                          4192.168.2.74972035.190.80.1443C:\Program Files\Google\Chrome\Application\chrome.exe
                          TimestampkBytes transferredDirectionData
                          2023-01-11 16:37:15 UTC12OUTOPTIONS /report/v3?s=MfAW0AOud5LpDH0gZUsX4xy68wCmp4eLqYM2ZfS0dk5W1O6cq%2BCCdC9Oaq%2BDVMWwKkG7BPnM8Ir5ACIRGZ6rXbzSfAlmJ9JnwfpS1fCXWklcwvNi%2FzoeLZuy5dY%3D HTTP/1.1
                          Host: a.nel.cloudflare.com
                          Connection: keep-alive
                          Origin: https://yxsza.cfd
                          Access-Control-Request-Method: POST
                          Access-Control-Request-Headers: content-type
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                          Accept-Encoding: gzip, deflate, br
                          Accept-Language: en-US,en;q=0.9
                          2023-01-11 16:37:15 UTC15INHTTP/1.1 200 OK
                          content-length: 0
                          access-control-max-age: 86400
                          access-control-allow-methods: POST, OPTIONS
                          access-control-allow-origin: *
                          access-control-allow-headers: content-type, content-length
                          date: Wed, 11 Jan 2023 16:37:15 GMT
                          Via: 1.1 google
                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                          Connection: close


                          Session IDSource IPSource PortDestination IPDestination PortProcess
                          5192.168.2.749721188.114.96.3443C:\Program Files\Google\Chrome\Application\chrome.exe
                          TimestampkBytes transferredDirectionData
                          2023-01-11 16:37:15 UTC13OUTPOST /c/index.php?lew HTTP/1.1
                          Host: yxsza.cfd
                          Connection: keep-alive
                          Content-Length: 22
                          sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"
                          X-Requested-TimeStamp-Expire:
                          frSEPoO8myFf4UiICdMstp8VBRI: 30242133
                          sec-ch-ua-mobile: ?0
                          X-Requested-TimeStamp-Combination:
                          X-Requested-Type-Combination: GET
                          Content-type: application/x-www-form-urlencoded
                          X-Requested-Type: GET
                          X-Requested-with: XMLHttpRequest
                          X-Requested-TimeStamp:
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                          sec-ch-ua-platform: "Windows"
                          Accept: */*
                          Origin: https://yxsza.cfd
                          Sec-Fetch-Site: same-origin
                          Sec-Fetch-Mode: cors
                          Sec-Fetch-Dest: empty
                          Referer: https://yxsza.cfd/c/index.php?lew
                          Accept-Encoding: gzip, deflate, br
                          Accept-Language: en-US,en;q=0.9
                          Cookie: A2oqskCCrpYV8O9_Oh0EK94ENfI=xz-Q3vcdij6i4IYEa7s48pUI7AI; YrhdaoGFhlIopFueMeIviwH8ZJM=1673455025; zbCqHCC0ZTBeI8pcwN2fChU1EVk=1673541425; GlW5nOK7W--bEl8YbhuhKI3jdUw=CNu9JXZxBGU0LbNab_OWPHwF_3Y; ddU0k7wAeX-hmGghwKROZAONYyM=Ls0k_DnlVG5sGPdvh2yBNo18OJQ
                          2023-01-11 16:37:15 UTC14OUTData Raw: 6e 61 6d 65 31 3d 48 65 6e 72 79 26 6e 61 6d 65 32 3d 46 6f 72 64
                          Data Ascii: name1=Henry&name2=Ford
                          2023-01-11 16:37:15 UTC15INHTTP/1.1 204 No Content
                          Date: Wed, 11 Jan 2023 16:37:15 GMT
                          Connection: close
                          X-Content-Type-Options: nosniff
                          X-Content-Type-Options: nosniff
                          X-XSS-Protection: 1; mode=block
                          X-XSS-Protection: 1; mode=block
                          Set-Cookie: ddU0k7wAeX-hmGghwKROZAONYyM=Ls0k_DnlVG5sGPdvh2yBNo18OJQ; path=/; expires=Thu, 12-Jan-23 16:37:13 GMT; Max-Age=86400;
                          Set-Cookie: BuXijL29oYLoUraS40iVAauWTgE=1673455033; path=/; expires=Thu, 12-Jan-23 16:37:13 GMT; Max-Age=86400;
                          Set-Cookie: fjmjfkWOjvUeh1vL3uEqVFui4rs=1673541433; path=/; expires=Thu, 12-Jan-23 16:37:13 GMT; Max-Age=86400;
                          Set-Cookie: F1itJ3GHzaVMSkDfRbxqEzGIAUI=lFjDIjWN3FYGn01h0dXt8SlxkZ8; path=/; expires=Thu, 12-Jan-23 16:37:13 GMT; Max-Age=86400;
                          X-Frame-Options: SAMEORIGIN
                          Cache-Control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                          Pragma: no-cache
                          Expires: 0
                          X-Server-Powered-By: Engintron
                          CF-Cache-Status: DYNAMIC
                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ysd6PnNLsLRfCsuSCAPzF%2BL8rdevRzqBY0MuxO0xo9dPFGgiowwNDOk1RfnfdUWkT9nuV1Pim9MZNwUgRvXB9KdiDcUzOJ1EcN6qxuuJcwpXnNvtmK7%2FILi3lM4%3D"}],"group":"cf-nel","max_age":604800}
                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                          Server: cloudflare
                          CF-RAY: 787f1375595a911e-FRA
                          alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400


                          Session IDSource IPSource PortDestination IPDestination PortProcess
                          6192.168.2.749722188.114.96.3443C:\Program Files\Google\Chrome\Application\chrome.exe
                          TimestampkBytes transferredDirectionData
                          2023-01-11 16:37:15 UTC14OUTGET /favicon.ico HTTP/1.1
                          Host: yxsza.cfd
                          Connection: keep-alive
                          sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"
                          sec-ch-ua-mobile: ?0
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                          sec-ch-ua-platform: "Windows"
                          Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                          Sec-Fetch-Site: same-origin
                          Sec-Fetch-Mode: no-cors
                          Sec-Fetch-Dest: image
                          Referer: https://yxsza.cfd/c/index.php?lew
                          Accept-Encoding: gzip, deflate, br
                          Accept-Language: en-US,en;q=0.9
                          Cookie: A2oqskCCrpYV8O9_Oh0EK94ENfI=xz-Q3vcdij6i4IYEa7s48pUI7AI; YrhdaoGFhlIopFueMeIviwH8ZJM=1673455025; zbCqHCC0ZTBeI8pcwN2fChU1EVk=1673541425; GlW5nOK7W--bEl8YbhuhKI3jdUw=CNu9JXZxBGU0LbNab_OWPHwF_3Y; ddU0k7wAeX-hmGghwKROZAONYyM=Ls0k_DnlVG5sGPdvh2yBNo18OJQ
                          2023-01-11 16:37:15 UTC17INHTTP/1.1 503 Service Unavailable
                          Date: Wed, 11 Jan 2023 16:37:15 GMT
                          Content-Type: text/html; charset=utf-8
                          Transfer-Encoding: chunked
                          Connection: close
                          X-Content-Type-Options: nosniff
                          X-Content-Type-Options: nosniff
                          X-XSS-Protection: 1; mode=block
                          X-XSS-Protection: 1; mode=block
                          Cache-Control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                          Pragma: no-cache
                          X-Frame-Options: SAMEORIGIN
                          Expires: 0
                          CF-Cache-Status: BYPASS
                          Set-Cookie: K2nBiDk0zeW7ga3FqFZwQZ89824=-du7TdnP2PBhvbg3TkjP7SZIkIc; path=/; expires=Thu, 12-Jan-23 16:37:13 GMT; Max-Age=86400;
                          Set-Cookie: H2H591e1Pe2P97NeNkigrhK9HGM=1673455033; path=/; expires=Thu, 12-Jan-23 16:37:13 GMT; Max-Age=86400;
                          Set-Cookie: bqX08Nc7mXHvg2XJxXbpDWFas0s=1673541433; path=/; expires=Thu, 12-Jan-23 16:37:13 GMT; Max-Age=86400;
                          Set-Cookie: eOcV1SpGd9X10O6-ytrPrnZX3OM=YpPQe2dzh3nA1-PZpfuaQUL_Mxk; path=/; expires=Thu, 12-Jan-23 16:37:13 GMT; Max-Age=86400;
                          Set-Cookie: z0BZEqltsFbLvlEtq-br9myCduk=ewP812kMbiHMqXHBDFLvGrw3s-Y; path=/; expires=Thu, 12-Jan-23 16:37:13 GMT; Max-Age=86400;
                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A0deQrO46B%2BaNfefzO5gDYNlgbyRCMkKCzMa%2BvoY4VbGJE89sMLWFQV8wOyUx9FiETUfK4DSohJ7y%2FaN0PsjsAdpyBFQZdGWbGXrvTw7POwqHoCOpA9DdSrhCKg%3D"}],"group":"cf-nel","max_age":604800}
                          2023-01-11 16:37:15 UTC19INData Raw: 4e 45 4c 3a 20 7b 22 73 75 63 63 65 73 73 5f 66 72 61 63 74 69 6f 6e 22 3a 30 2c 22 72 65 70 6f 72 74 5f 74 6f 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 37 38 37 66 31 33 37 35 61 62 32 32 39 32 61 64 2d 46 52 41 0d 0a 61 6c 74 2d 73 76 63 3a 20 68 33 3d 22 3a 34 34 33 22 3b 20 6d 61 3d 38 36 34 30 30 2c 20 68 33 2d 32 39 3d 22 3a 34 34 33 22 3b 20 6d 61 3d 38 36 34 30 30 0d 0a 0d 0a
                          Data Ascii: NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 787f1375ab2292ad-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                          2023-01-11 16:37:15 UTC19INData Raw: 31 31 37 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d
                          Data Ascii: 1176<!DOCTYPE html><html><head><meta charset="utf-8" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" /><meta name="viewport" content="width=device-width, initial-
                          2023-01-11 16:37:15 UTC20INData Raw: 4a 6c 63 58 56 6c 63 33 52 49 5a 57 46 6b 5a 58 49 6f 4a 31 67 74 55 6d 56 78 64 57 56 7a 64 47 56 6b 4c 56 52 70 62 57 56 54 64 47 46 74 63 43 31 46 65 48 42 70 63 6d 55 6e 4c 43 41 6e 4a 79 6b 37 43 67 6b 4a 43 58 68 6f 64 48 52 77 4c 6e 4e 6c 64 46 4a 6c 63 58 56 6c 63 33 52 49 5a 57 46 6b 5a 58 49 6f 4a 31 67 74 55 6d 56 78 64 57 56 7a 64 47 56 6b 4c 56 52 70 62 57 56 54 64 47 46 74 63 43 31 44 62 32 31 69 61 57 35 68 64 47 6c 76 62 69 63 73 49 43 63 6e 4b 54 73 4b 43 51 6b 4a 65 47 68 30 64 48 41 75 63 32 56 30 55 6d 56 78 64 57 56 7a 64 45 68 6c 59 57 52 6c 63 69 67 6e 57 43 31 53 5a 58 46 31 5a 58 4e 30 5a 57 51 74 56 48 6c 77 5a 53 63 73 49 43 64 48 52 56 51 6e 4b 54 73 4b 43 51 6b 4a 65 47 68 30 64 48 41 75 63 32 56 30 55 6d 56 78 64 57 56 7a 64
                          Data Ascii: JlcXVlc3RIZWFkZXIoJ1gtUmVxdWVzdGVkLVRpbWVTdGFtcC1FeHBpcmUnLCAnJyk7CgkJCXhodHRwLnNldFJlcXVlc3RIZWFkZXIoJ1gtUmVxdWVzdGVkLVRpbWVTdGFtcC1Db21iaW5hdGlvbicsICcnKTsKCQkJeGh0dHAuc2V0UmVxdWVzdEhlYWRlcignWC1SZXF1ZXN0ZWQtVHlwZScsICdHRVQnKTsKCQkJeGh0dHAuc2V0UmVxdWVzd
                          2023-01-11 16:37:15 UTC21INData Raw: 64 57 31 6c 62 6e 51 75 59 58 52 30 59 57 4e 6f 52 58 5a 6c 62 6e 51 6f 49 6d 39 75 63 6d 56 68 5a 48 6c 7a 64 47 46 30 5a 57 4e 6f 59 57 35 6e 5a 53 49 73 49 47 49 70 66 54 73 4b 43 57 49 6f 5a 6e 56 75 59 33 52 70 62 32 34 6f 4b 58 73 4b 43 51 6b 4a 64 6d 46 79 49 47 35 76 64 79 41 39 49 47 35 6c 64 79 42 45 59 58 52 6c 4b 43 6b 37 43 67 6b 4a 43 58 5a 68 63 69 42 30 61 57 31 6c 49 44 30 67 62 6d 39 33 4c 6d 64 6c 64 46 52 70 62 57 55 6f 4b 54 73 4b 43 51 6b 4a 64 47 6c 74 5a 53 41 72 50 53 41 7a 4d 44 41 67 4b 69 41 78 4d 44 41 77 4f 77 6f 4a 43 51 6c 75 62 33 63 75 63 32 56 30 56 47 6c 74 5a 53 68 30 61 57 31 6c 4b 54 73 4b 43 51 6b 4a 5a 47 39 6a 64 57 31 6c 62 6e 51 75 59 32 39 76 61 32 6c 6c 49 44 30 67 4a 32 52 6b 56 54 42 72 4e 33 64 42 5a 56 67
                          Data Ascii: dW1lbnQuYXR0YWNoRXZlbnQoIm9ucmVhZHlzdGF0ZWNoYW5nZSIsIGIpfTsKCWIoZnVuY3Rpb24oKXsKCQkJdmFyIG5vdyA9IG5ldyBEYXRlKCk7CgkJCXZhciB0aW1lID0gbm93LmdldFRpbWUoKTsKCQkJdGltZSArPSAzMDAgKiAxMDAwOwoJCQlub3cuc2V0VGltZSh0aW1lKTsKCQkJZG9jdW1lbnQuY29va2llID0gJ2RkVTBrN3dBZVg
                          2023-01-11 16:37:15 UTC23INData Raw: 31 34 6f 50 7a 6f 75 4b 6a 73 70 50 31 78 7a 4b 6c 73 77 4c 54 6c 68 4c 57 5a 64 65 7a 4d 79 66 56 78 7a 4b 6a 31 63 63 79 6f 6f 57 31 34 37 58 53 73 70 4b 44 38 36 4c 69 6f 70 50 79 51 76 4b 53 6c 37 4b 69 38 76 4b 6b 68 30 64 48 42 50 62 6d 78 35 49 45 4e 76 62 32 74 70 5a 53 42 6d 62 47 46 6e 63 79 42 77 63 6d 56 32 5a 57 35 30 49 48 52 6f 61 58 4d 71 4c 77 6f 4a 43 51 6c 32 59 58 49 67 58 7a 63 78 4d 7a 31 77 59 58 4a 7a 5a 55 6c 75 64 43 67 69 4d 6a 41 79 4d 7a 41 78 4d 54 41 69 4c 43 41 78 4d 43 6b 67 4b 79 42 77 59 58 4a 7a 5a 55 6c 75 64 43 67 69 4d 54 41 77 4d 54 49 77 4d 6a 4d 69 4c 43 41 78 4d 43 6b 22 3b 76 61 72 20 5f 5f 37 33 30 3d 22 6f 64 48 52 77 4c 6e 4e 6c 64 46 4a 6c 63 58 56 6c 63 33 52 49 5a 57 46 6b 5a 58 49 6f 49 6b 4e 76 62 6e 52
                          Data Ascii: 14oPzouKjspP1xzKlswLTlhLWZdezMyfVxzKj1ccyooW147XSspKD86LiopPyQvKSl7Ki8vKkh0dHBPbmx5IENvb2tpZSBmbGFncyBwcmV2ZW50IHRoaXMqLwoJCQl2YXIgXzcxMz1wYXJzZUludCgiMjAyMzAxMTAiLCAxMCkgKyBwYXJzZUludCgiMTAwMTIwMjMiLCAxMCk";var __730="odHRwLnNldFJlcXVlc3RIZWFkZXIoIkNvbnR
                          2023-01-11 16:37:15 UTC23INData Raw: 30 0d 0a 0d 0a
                          Data Ascii: 0


                          Session IDSource IPSource PortDestination IPDestination PortProcess
                          7192.168.2.74972335.190.80.1443C:\Program Files\Google\Chrome\Application\chrome.exe
                          TimestampkBytes transferredDirectionData
                          2023-01-11 16:37:15 UTC16OUTPOST /report/v3?s=MfAW0AOud5LpDH0gZUsX4xy68wCmp4eLqYM2ZfS0dk5W1O6cq%2BCCdC9Oaq%2BDVMWwKkG7BPnM8Ir5ACIRGZ6rXbzSfAlmJ9JnwfpS1fCXWklcwvNi%2FzoeLZuy5dY%3D HTTP/1.1
                          Host: a.nel.cloudflare.com
                          Connection: keep-alive
                          Content-Length: 393
                          Content-Type: application/reports+json
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                          Accept-Encoding: gzip, deflate, br
                          Accept-Language: en-US,en;q=0.9
                          2023-01-11 16:37:15 UTC17OUTData Raw: 5b 7b 22 61 67 65 22 3a 30 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 32 31 35 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 38 38 2e 31 31 34 2e 39 36 2e 33 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 35 30 33 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 79 78 73 7a 61 2e 63 66 64 2f 63 2f 69 6e 64 65 78
                          Data Ascii: [{"age":0,"body":{"elapsed_time":215,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"","sampling_fraction":1.0,"server_ip":"188.114.96.3","status_code":503,"type":"http.error"},"type":"network-error","url":"https://yxsza.cfd/c/index
                          2023-01-11 16:37:15 UTC24INHTTP/1.1 200 OK
                          content-length: 0
                          date: Wed, 11 Jan 2023 16:37:15 GMT
                          Via: 1.1 google
                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                          Connection: close


                          Session IDSource IPSource PortDestination IPDestination PortProcess
                          8192.168.2.749724188.114.96.3443C:\Program Files\Google\Chrome\Application\chrome.exe
                          TimestampkBytes transferredDirectionData
                          2023-01-11 16:37:15 UTC23OUTGET /c/index.php?lew HTTP/1.1
                          Host: yxsza.cfd
                          Connection: keep-alive
                          Cache-Control: max-age=0
                          sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"
                          sec-ch-ua-mobile: ?0
                          sec-ch-ua-platform: "Windows"
                          Upgrade-Insecure-Requests: 1
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                          Sec-Fetch-Site: same-origin
                          Sec-Fetch-Mode: navigate
                          Sec-Fetch-Dest: document
                          Referer: https://yxsza.cfd/c/index.php?lew
                          Accept-Encoding: gzip, deflate, br
                          Accept-Language: en-US,en;q=0.9
                          Cookie: A2oqskCCrpYV8O9_Oh0EK94ENfI=xz-Q3vcdij6i4IYEa7s48pUI7AI; YrhdaoGFhlIopFueMeIviwH8ZJM=1673455025; zbCqHCC0ZTBeI8pcwN2fChU1EVk=1673541425; GlW5nOK7W--bEl8YbhuhKI3jdUw=CNu9JXZxBGU0LbNab_OWPHwF_3Y; ddU0k7wAeX-hmGghwKROZAONYyM=Ls0k_DnlVG5sGPdvh2yBNo18OJQ; BuXijL29oYLoUraS40iVAauWTgE=1673455033; fjmjfkWOjvUeh1vL3uEqVFui4rs=1673541433; F1itJ3GHzaVMSkDfRbxqEzGIAUI=lFjDIjWN3FYGn01h0dXt8SlxkZ8
                          2023-01-11 16:37:16 UTC24INHTTP/1.1 403 Forbidden
                          Date: Wed, 11 Jan 2023 16:37:16 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: close
                          X-Content-Type-Options: nosniff
                          X-Content-Type-Options: nosniff
                          X-XSS-Protection: 1; mode=block
                          X-XSS-Protection: 1; mode=block
                          Cache-Control: max-age=0, private, no-cache, no-store, must-revalidate
                          CF-Cache-Status: DYNAMIC
                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gu16u%2FRADRs6rFiOlAqxvText%2F5IJagZos1vn03GhEAVXsra%2FdD6UmioykgjXX%2F3WoDnQVNJPNarVZkm2OEgXUo54ZBzIq9oTne%2FKJBDupGfxwr%2FPXXbOgZnH1I%3D"}],"group":"cf-nel","max_age":604800}
                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                          Server: cloudflare
                          CF-RAY: 787f1376ecf56997-FRA
                          alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                          2023-01-11 16:37:16 UTC25INData Raw: 30 0d 0a 0d 0a
                          Data Ascii: 0


                          Session IDSource IPSource PortDestination IPDestination PortProcess
                          9192.168.2.74976035.190.80.1443C:\Program Files\Google\Chrome\Application\chrome.exe
                          TimestampkBytes transferredDirectionData
                          2023-01-11 16:38:15 UTC25OUTOPTIONS /report/v3?s=gu16u%2FRADRs6rFiOlAqxvText%2F5IJagZos1vn03GhEAVXsra%2FdD6UmioykgjXX%2F3WoDnQVNJPNarVZkm2OEgXUo54ZBzIq9oTne%2FKJBDupGfxwr%2FPXXbOgZnH1I%3D HTTP/1.1
                          Host: a.nel.cloudflare.com
                          Connection: keep-alive
                          Origin: https://yxsza.cfd
                          Access-Control-Request-Method: POST
                          Access-Control-Request-Headers: content-type
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                          Accept-Encoding: gzip, deflate, br
                          Accept-Language: en-US,en;q=0.9
                          2023-01-11 16:38:15 UTC26INHTTP/1.1 200 OK
                          content-length: 0
                          access-control-max-age: 86400
                          access-control-allow-methods: OPTIONS, POST
                          access-control-allow-origin: *
                          access-control-allow-headers: content-length, content-type
                          date: Wed, 11 Jan 2023 16:38:15 GMT
                          Via: 1.1 google
                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                          Connection: close


                          Statistics

                          CPU Usage

                          020406080s020406080100

                          Click to jump to process

                          Memory Usage

                          020406080s0.0020406080100MB

                          Click to jump to process

                          High Level Behavior Distribution

                          • File
                          • Registry

                          Click to dive into process behavior distribution

                          Behavior

                          Click to jump to process

                          System Behavior

                          General

                          Target ID:0
                          Start time:17:37:08
                          Start date:11/01/2023
                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                          Wow64 process (32bit):false
                          Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
                          Imagebase:0x7ff7c2920000
                          File size:2851656 bytes
                          MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:low
                          Show Windows behavior

                          File Activities

                          Show Windows behavior

                          Section Activities

                          Show Windows behavior

                          Registry Activities

                          Show Windows behavior

                          Mutex Activities

                          Show Windows behavior

                          Process Activities

                          Show Windows behavior

                          Thread Activities

                          Show Windows behavior

                          Memory Activities

                          Show Windows behavior

                          System Activities

                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                          Show Windows behavior

                          Windows UI Activities

                          Show Windows behavior

                          Process Token Activities

                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                          General

                          Target ID:1
                          Start time:17:37:10
                          Start date:11/01/2023
                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                          Wow64 process (32bit):false
                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1816 --field-trial-handle=1760,i,2164418309773911583,162360269692105305,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
                          Imagebase:0x7ff7c2920000
                          File size:2851656 bytes
                          MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:low
                          Show Windows behavior

                          File Activities

                          Show Windows behavior

                          Section Activities

                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                          Show Windows behavior

                          Thread Activities

                          Show Windows behavior

                          Memory Activities

                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                          General

                          Target ID:2
                          Start time:17:37:10
                          Start date:11/01/2023
                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                          Wow64 process (32bit):false
                          Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" "https://rotf.lol/47ht3vmu
                          Imagebase:0x7ff7c2920000
                          File size:2851656 bytes
                          MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:low
                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                          Show Windows behavior

                          Section Activities

                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                          Show Windows behavior

                          Thread Activities

                          Show Windows behavior

                          Memory Activities

                          Show Windows behavior

                          System Activities

                          Windows UI Activities

                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                          Disassembly

                          No disassembly