Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://pkrhzxtlvs.scscollege.org/?dshhef7dyi-7c17jao-xt77v0w0o-qaglkg6oqgym5fffr1d51yfx11tqo0aczuqkhl6vwlimlntj-kn5c1~7v70x5thdvj7c1r1~56f38w80yeuur2e~myjmfimjgczyryf10fucpv~p0j241ano0rhvac-qzvpmr6b6kkd0xqdcikn5h-0xfvpwdyu9~062zk0tklf~vbjbpqf~p4mtkgudniqu01qy8mntriuy9cfvhcd-2-xov9j7c1sd-2shqdrvjte8

Overview

General Information

Sample URL:https://pkrhzxtlvs.scscollege.org/?dshhef7dyi-7c17jao-xt77v0w0o-qaglkg6oqgym5fffr1d51yfx11tqo0aczuqkhl6vwlimlntj-kn5c1~7v70x5thdvj7c1r1~56f38w80yeuur2e~myjmfimjgczyryf10fucpv~p0j241ano0rhvac-qzvpmr6b6
Analysis ID:861346
Infos:

Detection

Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for domain / URL
Antivirus detection for URL or domain
HTML page is missing a favicon

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 3464 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
    • chrome.exe (PID: 5864 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1824 --field-trial-handle=1876,i,16106273996891167105,15087393848206195252,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • chrome.exe (PID: 3676 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "https://pkrhzxtlvs.scscollege.org/?dshhef7dyi-7c17jao-xt77v0w0o-qaglkg6oqgym5fffr1d51yfx11tqo0aczuqkhl6vwlimlntj-kn5c1~7v70x5thdvj7c1r1~56f38w80yeuur2e~myjmfimjgczyryf10fucpv~p0j241ano0rhvac-qzvpmr6b6kkd0xqdcikn5h-0xfvpwdyu9~062zk0tklf~vbjbpqf~p4mtkgudniqu01qy8mntriuy9cfvhcd-2-xov9j7c1sd-2shqdrvjte8rl0n7bj8myx79rjtx6w8c6hrruf9k1suacaxma0kc-huo3t4p31t0uzu3llizpbpxat3w7qvajx9yxo23u32v4t1ju-0au-4pm15pgw0f123y09rg7-v25bw7mkndt~3aa8f8mo-bpg-9tv7enovx013t17dqlxwapfe4yw18v23ksgo54ysett0k4aqxsutj5-5yz~upoxhcry3v9tvuu6evg6n0oxzhr55ng6otqvh~33id63esxp30~-hrwrrjubs6565g3-k2iucun085yf7tpbc6nhfuylze9-51xvd8070bt-i6munyirhyuo7lwbhk0y1-y7emsq6qbpfhyeghukzbtzizqkcb6niwnhjsj0s~5~~dta42odpz4j1xtlfjd0yksq6e-8e6a2bip7w6xkcswynrka-vv0meod4ypnio7rsa6nvpgb1diulznmdl3htq4341bo~ldqypza~16btlefrzje6w8cadgndkp~n0uep~wno30toq~lcjds=value&url=memindustries.com/host/hjlwehjwhnkewhj/Y2VsbGlvdHRAd2lja2Vyc21pdGguY29t MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: https://pkrhzxtlvs.scscollege.org/?dshhef7dyi-7c17jao-xt77v0w0o-qaglkg6oqgym5fffr1d51yfx11tqo0aczuqkhl6vwlimlntj-kn5c1~7v70x5thdvj7c1r1~56f38w80yeuur2e~myjmfimjgczyryf10fucpv~p0j241ano0rhvac-qzvpmr6b6kkd0xqdcikn5h-0xfvpwdyu9~062zk0tklf~vbjbpqf~p4mtkgudniqu01qy8mntriuy9cfvhcd-2-xov9j7c1sd-2shqdrvjte8rl0n7bj8myx79rjtx6w8c6hrruf9k1suacaxma0kc-huo3t4p31t0uzu3llizpbpxat3w7qvajx9yxo23u32v4t1ju-0au-4pm15pgw0f123y09rg7-v25bw7mkndt~3aa8f8mo-bpg-9tv7enovx013t17dqlxwapfe4yw18v23ksgo54ysett0k4aqxsutj5-5yz~upoxhcry3v9tvuu6evg6n0oxzhr55ng6otqvh~33id63esxp30~-hrwrrjubs6565g3-k2iucun085yf7tpbc6nhfuylze9-51xvd8070bt-i6munyirhyuo7lwbhk0y1-y7emsq6qbpfhyeghukzbtzizqkcb6niwnhjsj0s~5~~dta42odpz4j1xtlfjd0yksq6e-8e6a2bip7w6xkcswynrka-vv0meod4ypnio7rsa6nvpgb1diulznmdl3htq4341bo~ldqypza~16btlefrzje6w8cadgndkp~n0uep~wno30toq~lcjds=value&url=memindustries.com/host/hjlwehjwhnkewhj/Y2VsbGlvdHRAd2lja2Vyc21pdGguY29tSlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social usering
Multi AV Scanner detection for domain / URL
Source: http://cdn.jsinit.directfwd.com/sk-jspark_init.phpVirustotal: Detection: 13%Perma Link
Antivirus detection for URL or domain
Source: http://cdn.jsinit.directfwd.com/sk-jspark_init.phpAvira URL Cloud: Label: malware
Source: https://pkrhzxtlvs.scscollege.org/?dshhef7dyi-7c17jao-xt77v0w0o-qaglkg6oqgym5fffr1d51yfx11tqo0aczuqkhl6vwlimlntj-kn5c1~7v70x5thdvj7c1r1~56f38w80yeuur2e~myjmfimjgczyryf10fucpv~p0j241ano0rhvac-qzvpmr6b6kkd0xqdcikn5h-0xfvpwdyu9~062zk0tklf~vbjbpqf~p4mtkgudniqu01qy8mntriuy9cfvhcd-2-xov9j7c1sd-2shqdrvjte8rl0n7bj8myx79rjtx6w8c6hrruf9k1suacaxma0kc-huo3t4p31t0uzu3llizpbpxat3w7qvajx9yxo23u32v4t1ju-0au-4pm15pgw0f123y09rg7-v25bw7mkndt~3aa8f8mo-bpg-9tv7enovx013t17dqlxwapfe4yw18v23ksgo54ysett0k4aqxsutj5-5yz~upoxhcry3v9tvuu6evg6n0oxzhr55ng6otqvh~33id63esxp30~-hrwrrjubs6565g3-k2iucun085yf7tpbc6nhfuylze9-51xvd8070bt-i6munyirhyuo7lwbhk0y1-y7emsq6qbpfhyeghukzbtzizqkcb6niwnhjsj0s~5~~dta42odpz4j1xtlfjd0yksq6e-8e6a2bip7w6xkcswynrka-vv0meod4ypnio7rsa6nvpgb1diulznmdl3htq4341bo~ldqypza~16btlefrzje6w8cadgndkp~n0uep~wno30toq~lcjds=value&url=memindustries.com/host/hjlwehjwhnkewhj/Y2VsbGlvdHRAd2lja2Vyc21pdGguY29tHTTP Parser: No favicon
Source: https://pkrhzxtlvs.scscollege.org/?dshhef7dyi-7c17jao-xt77v0w0o-qaglkg6oqgym5fffr1d51yfx11tqo0aczuqkhl6vwlimlntj-kn5c1~7v70x5thdvj7c1r1~56f38w80yeuur2e~myjmfimjgczyryf10fucpv~p0j241ano0rhvac-qzvpmr6b6kkd0xqdcikn5h-0xfvpwdyu9~062zk0tklf~vbjbpqf~p4mtkgudniqu01qy8mntriuy9cfvhcd-2-xov9j7c1sd-2shqdrvjte8rl0n7bj8myx79rjtx6w8c6hrruf9k1suacaxma0kc-huo3t4p31t0uzu3llizpbpxat3w7qvajx9yxo23u32v4t1ju-0au-4pm15pgw0f123y09rg7-v25bw7mkndt~3aa8f8mo-bpg-9tv7enovx013t17dqlxwapfe4yw18v23ksgo54ysett0k4aqxsutj5-5yz~upoxhcry3v9tvuu6evg6n0oxzhr55ng6otqvh~33id63esxp30~-hrwrrjubs6565g3-k2iucun085yf7tpbc6nhfuylze9-51xvd8070bt-i6munyirhyuo7lwbhk0y1-y7emsq6qbpfhyeghukzbtzizqkcb6niwnhjsj0s~5~~dta42odpz4j1xtlfjd0yksq6e-8e6a2bip7w6xkcswynrka-vv0meod4ypnio7rsa6nvpgb1diulznmdl3htq4341bo~ldqypza~16btlefrzje6w8cadgndkp~n0uep~wno30toq~lcjds=value&url=memindustries.com/host/hjlwehjwhnkewhj/Y2VsbGlvdHRAd2lja2Vyc21pdGguY29tHTTP Parser: No favicon
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Source: unknownDNS traffic detected: queries for: clients2.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-104.0.5112.81Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /?dshhef7dyi-7c17jao-xt77v0w0o-qaglkg6oqgym5fffr1d51yfx11tqo0aczuqkhl6vwlimlntj-kn5c1~7v70x5thdvj7c1r1~56f38w80yeuur2e~myjmfimjgczyryf10fucpv~p0j241ano0rhvac-qzvpmr6b6kkd0xqdcikn5h-0xfvpwdyu9~062zk0tklf~vbjbpqf~p4mtkgudniqu01qy8mntriuy9cfvhcd-2-xov9j7c1sd-2shqdrvjte8rl0n7bj8myx79rjtx6w8c6hrruf9k1suacaxma0kc-huo3t4p31t0uzu3llizpbpxat3w7qvajx9yxo23u32v4t1ju-0au-4pm15pgw0f123y09rg7-v25bw7mkndt~3aa8f8mo-bpg-9tv7enovx013t17dqlxwapfe4yw18v23ksgo54ysett0k4aqxsutj5-5yz~upoxhcry3v9tvuu6evg6n0oxzhr55ng6otqvh~33id63esxp30~-hrwrrjubs6565g3-k2iucun085yf7tpbc6nhfuylze9-51xvd8070bt-i6munyirhyuo7lwbhk0y1-y7emsq6qbpfhyeghukzbtzizqkcb6niwnhjsj0s~5~~dta42odpz4j1xtlfjd0yksq6e-8e6a2bip7w6xkcswynrka-vv0meod4ypnio7rsa6nvpgb1diulznmdl3htq4341bo~ldqypza~16btlefrzje6w8cadgndkp~n0uep~wno30toq~lcjds=value&url=memindustries.com/host/hjlwehjwhnkewhj/Y2VsbGlvdHRAd2lja2Vyc21pdGguY29t HTTP/1.1Host: pkrhzxtlvs.scscollege.orgConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /assets/css/style.css?v=3 HTTP/1.1Host: pkrhzxtlvs.scscollege.orgConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://pkrhzxtlvs.scscollege.org/?dshhef7dyi-7c17jao-xt77v0w0o-qaglkg6oqgym5fffr1d51yfx11tqo0aczuqkhl6vwlimlntj-kn5c1~7v70x5thdvj7c1r1~56f38w80yeuur2e~myjmfimjgczyryf10fucpv~p0j241ano0rhvac-qzvpmr6b6kkd0xqdcikn5h-0xfvpwdyu9~062zk0tklf~vbjbpqf~p4mtkgudniqu01qy8mntriuy9cfvhcd-2-xov9j7c1sd-2shqdrvjte8rl0n7bj8myx79rjtx6w8c6hrruf9k1suacaxma0kc-huo3t4p31t0uzu3llizpbpxat3w7qvajx9yxo23u32v4t1ju-0au-4pm15pgw0f123y09rg7-v25bw7mkndt~3aa8f8mo-bpg-9tv7enovx013t17dqlxwapfe4yw18v23ksgo54ysett0k4aqxsutj5-5yz~upoxhcry3v9tvuu6evg6n0oxzhr55ng6otqvh~33id63esxp30~-hrwrrjubs6565g3-k2iucun085yf7tpbc6nhfuylze9-51xvd8070bt-i6munyirhyuo7lwbhk0y1-y7emsq6qbpfhyeghukzbtzizqkcb6niwnhjsj0s~5~~dta42odpz4j1xtlfjd0yksq6e-8e6a2bip7w6xkcswynrka-vv0meod4ypnio7rsa6nvpgb1diulznmdl3htq4341bo~ldqypza~16btlefrzje6w8cadgndkp~n0uep~wno30toq~lcjds=value&url=memindustries.com/host/hjlwehjwhnkewhj/Y2VsbGlvdHRAd2lja2Vyc21pdGguY29tAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /img/removebg-preview.png HTTP/1.1Host: pkrhzxtlvs.scscollege.orgConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pkrhzxtlvs.scscollege.org/?dshhef7dyi-7c17jao-xt77v0w0o-qaglkg6oqgym5fffr1d51yfx11tqo0aczuqkhl6vwlimlntj-kn5c1~7v70x5thdvj7c1r1~56f38w80yeuur2e~myjmfimjgczyryf10fucpv~p0j241ano0rhvac-qzvpmr6b6kkd0xqdcikn5h-0xfvpwdyu9~062zk0tklf~vbjbpqf~p4mtkgudniqu01qy8mntriuy9cfvhcd-2-xov9j7c1sd-2shqdrvjte8rl0n7bj8myx79rjtx6w8c6hrruf9k1suacaxma0kc-huo3t4p31t0uzu3llizpbpxat3w7qvajx9yxo23u32v4t1ju-0au-4pm15pgw0f123y09rg7-v25bw7mkndt~3aa8f8mo-bpg-9tv7enovx013t17dqlxwapfe4yw18v23ksgo54ysett0k4aqxsutj5-5yz~upoxhcry3v9tvuu6evg6n0oxzhr55ng6otqvh~33id63esxp30~-hrwrrjubs6565g3-k2iucun085yf7tpbc6nhfuylze9-51xvd8070bt-i6munyirhyuo7lwbhk0y1-y7emsq6qbpfhyeghukzbtzizqkcb6niwnhjsj0s~5~~dta42odpz4j1xtlfjd0yksq6e-8e6a2bip7w6xkcswynrka-vv0meod4ypnio7rsa6nvpgb1diulznmdl3htq4341bo~ldqypza~16btlefrzje6w8cadgndkp~n0uep~wno30toq~lcjds=value&url=memindustries.com/host/hjlwehjwhnkewhj/Y2VsbGlvdHRAd2lja2Vyc21pdGguY29tAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /captchaImageSource.php HTTP/1.1Host: pkrhzxtlvs.scscollege.orgConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pkrhzxtlvs.scscollege.org/assets/css/style.css?v=3Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /?dshhef7dyi-7c17jao-xt77v0w0o-qaglkg6oqgym5fffr1d51yfx11tqo0aczuqkhl6vwlimlntj-kn5c1~7v70x5thdvj7c1r1~56f38w80yeuur2e~myjmfimjgczyryf10fucpv~p0j241ano0rhvac-qzvpmr6b6kkd0xqdcikn5h-0xfvpwdyu9~062zk0tklf~vbjbpqf~p4mtkgudniqu01qy8mntriuy9cfvhcd-2-xov9j7c1sd-2shqdrvjte8rl0n7bj8myx79rjtx6w8c6hrruf9k1suacaxma0kc-huo3t4p31t0uzu3llizpbpxat3w7qvajx9yxo23u32v4t1ju-0au-4pm15pgw0f123y09rg7-v25bw7mkndt~3aa8f8mo-bpg-9tv7enovx013t17dqlxwapfe4yw18v23ksgo54ysett0k4aqxsutj5-5yz~upoxhcry3v9tvuu6evg6n0oxzhr55ng6otqvh~33id63esxp30~-hrwrrjubs6565g3-k2iucun085yf7tpbc6nhfuylze9-51xvd8070bt-i6munyirhyuo7lwbhk0y1-y7emsq6qbpfhyeghukzbtzizqkcb6niwnhjsj0s~5~~dta42odpz4j1xtlfjd0yksq6e-8e6a2bip7w6xkcswynrka-vv0meod4ypnio7rsa6nvpgb1diulznmdl3htq4341bo~ldqypza~16btlefrzje6w8cadgndkp~n0uep~wno30toq~lcjds=value&url=memindustries.com/host/hjlwehjwhnkewhj/Y2VsbGlvdHRAd2lja2Vyc21pdGguY29t HTTP/1.1Host: pkrhzxtlvs.scscollege.orgConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://pkrhzxtlvs.scscollege.org/?dshhef7dyi-7c17jao-xt77v0w0o-qaglkg6oqgym5fffr1d51yfx11tqo0aczuqkhl6vwlimlntj-kn5c1~7v70x5thdvj7c1r1~56f38w80yeuur2e~myjmfimjgczyryf10fucpv~p0j241ano0rhvac-qzvpmr6b6kkd0xqdcikn5h-0xfvpwdyu9~062zk0tklf~vbjbpqf~p4mtkgudniqu01qy8mntriuy9cfvhcd-2-xov9j7c1sd-2shqdrvjte8rl0n7bj8myx79rjtx6w8c6hrruf9k1suacaxma0kc-huo3t4p31t0uzu3llizpbpxat3w7qvajx9yxo23u32v4t1ju-0au-4pm15pgw0f123y09rg7-v25bw7mkndt~3aa8f8mo-bpg-9tv7enovx013t17dqlxwapfe4yw18v23ksgo54ysett0k4aqxsutj5-5yz~upoxhcry3v9tvuu6evg6n0oxzhr55ng6otqvh~33id63esxp30~-hrwrrjubs6565g3-k2iucun085yf7tpbc6nhfuylze9-51xvd8070bt-i6munyirhyuo7lwbhk0y1-y7emsq6qbpfhyeghukzbtzizqkcb6niwnhjsj0s~5~~dta42odpz4j1xtlfjd0yksq6e-8e6a2bip7w6xkcswynrka-vv0meod4ypnio7rsa6nvpgb1diulznmdl3htq4341bo~ldqypza~16btlefrzje6w8cadgndkp~n0uep~wno30toq~lcjds=value&url=memindustries.com/host/hjlwehjwhnkewhj/Y2VsbGlvdHRAd2lja2Vyc21pdGguY29tAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /captchaImageSource.php HTTP/1.1Host: pkrhzxtlvs.scscollege.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=67a924757c35bf258ac7c1b1b92c879f
Source: global trafficHTTP traffic detected: GET /captchaImageSource.php HTTP/1.1Host: pkrhzxtlvs.scscollege.orgConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pkrhzxtlvs.scscollege.org/assets/css/style.css?v=3Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=67a924757c35bf258ac7c1b1b92c879f
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: pkrhzxtlvs.scscollege.orgConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pkrhzxtlvs.scscollege.org/?dshhef7dyi-7c17jao-xt77v0w0o-qaglkg6oqgym5fffr1d51yfx11tqo0aczuqkhl6vwlimlntj-kn5c1~7v70x5thdvj7c1r1~56f38w80yeuur2e~myjmfimjgczyryf10fucpv~p0j241ano0rhvac-qzvpmr6b6kkd0xqdcikn5h-0xfvpwdyu9~062zk0tklf~vbjbpqf~p4mtkgudniqu01qy8mntriuy9cfvhcd-2-xov9j7c1sd-2shqdrvjte8rl0n7bj8myx79rjtx6w8c6hrruf9k1suacaxma0kc-huo3t4p31t0uzu3llizpbpxat3w7qvajx9yxo23u32v4t1ju-0au-4pm15pgw0f123y09rg7-v25bw7mkndt~3aa8f8mo-bpg-9tv7enovx013t17dqlxwapfe4yw18v23ksgo54ysett0k4aqxsutj5-5yz~upoxhcry3v9tvuu6evg6n0oxzhr55ng6otqvh~33id63esxp30~-hrwrrjubs6565g3-k2iucun085yf7tpbc6nhfuylze9-51xvd8070bt-i6munyirhyuo7lwbhk0y1-y7emsq6qbpfhyeghukzbtzizqkcb6niwnhjsj0s~5~~dta42odpz4j1xtlfjd0yksq6e-8e6a2bip7w6xkcswynrka-vv0meod4ypnio7rsa6nvpgb1diulznmdl3htq4341bo~ldqypza~16btlefrzje6w8cadgndkp~n0uep~wno30toq~lcjds=value&url=memindustries.com/host/hjlwehjwhnkewhj/Y2VsbGlvdHRAd2lja2Vyc21pdGguY29tAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=67a924757c35bf258ac7c1b1b92c879f
Source: global trafficHTTP traffic detected: GET /img/removebg-preview.png HTTP/1.1Host: pkrhzxtlvs.scscollege.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=67a924757c35bf258ac7c1b1b92c879f
Source: global trafficHTTP traffic detected: GET /captchaImageSource.php HTTP/1.1Host: pkrhzxtlvs.scscollege.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=67a924757c35bf258ac7c1b1b92c879f
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 08 May 2023 14:50:43 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 22:06:30 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
Source: chromecache_103.1.drString found in binary or memory: http://cdn.jsinit.directfwd.com/sk-jspark_init.php
Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=6.SE=Md0Ynyf9ahpkx1CxTGF0vY434NJ6ymH-gDI2Tl5Ly-NQYGPjnNfggtiFRMAwx4JRDOC_gavEPcD5cTBJzUgtbJobmBEuJ8xi2UuotxvOZgApoqSIg1b0RP47U08XG8Bz_SExSzKy0ETSsajbToDlYyFsxfI93p7AyRAd-OeIBA0; CONSENT=PENDING+070
Source: classification engineClassification label: mal64.win@24/6@5/7
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1824 --field-trial-handle=1876,i,16106273996891167105,15087393848206195252,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "https://pkrhzxtlvs.scscollege.org/?dshhef7dyi-7c17jao-xt77v0w0o-qaglkg6oqgym5fffr1d51yfx11tqo0aczuqkhl6vwlimlntj-kn5c1~7v70x5thdvj7c1r1~56f38w80yeuur2e~myjmfimjgczyryf10fucpv~p0j241ano0rhvac-qzvpmr6b6kkd0xqdcikn5h-0xfvpwdyu9~062zk0tklf~vbjbpqf~p4mtkgudniqu01qy8mntriuy9cfvhcd-2-xov9j7c1sd-2shqdrvjte8rl0n7bj8myx79rjtx6w8c6hrruf9k1suacaxma0kc-huo3t4p31t0uzu3llizpbpxat3w7qvajx9yxo23u32v4t1ju-0au-4pm15pgw0f123y09rg7-v25bw7mkndt~3aa8f8mo-bpg-9tv7enovx013t17dqlxwapfe4yw18v23ksgo54ysett0k4aqxsutj5-5yz~upoxhcry3v9tvuu6evg6n0oxzhr55ng6otqvh~33id63esxp30~-hrwrrjubs6565g3-k2iucun085yf7tpbc6nhfuylze9-51xvd8070bt-i6munyirhyuo7lwbhk0y1-y7emsq6qbpfhyeghukzbtzizqkcb6niwnhjsj0s~5~~dta42odpz4j1xtlfjd0yksq6e-8e6a2bip7w6xkcswynrka-vv0meod4ypnio7rsa6nvpgb1diulznmdl3htq4341bo~ldqypza~16btlefrzje6w8cadgndkp~n0uep~wno30toq~lcjds=value&url=memindustries.com/host/hjlwehjwhnkewhj/Y2VsbGlvdHRAd2lja2Vyc21pdGguY29t
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1824 --field-trial-handle=1876,i,16106273996891167105,15087393848206195252,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath Interception1
Process Injection		2
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network Medium1
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth4
Non-Application Layer Protocol		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration5
Application Layer Protocol		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer3
Ingress Tool Transfer		SIM Card SwapCarrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://pkrhzxtlvs.scscollege.org/?dshhef7dyi-7c17jao-xt77v0w0o-qaglkg6oqgym5fffr1d51yfx11tqo0aczuqkhl6vwlimlntj-kn5c1~7v70x5thdvj7c1r1~56f38w80yeuur2e~myjmfimjgczyryf10fucpv~p0j241ano0rhvac-qzvpmr6b6kkd0xqdcikn5h-0xfvpwdyu9~062zk0tklf~vbjbpqf~p4mtkgudniqu01qy8mntriuy9cfvhcd-2-xov9j7c1sd-2shqdrvjte8rl0n7bj8myx79rjtx6w8c6hrruf9k1suacaxma0kc-huo3t4p31t0uzu3llizpbpxat3w7qvajx9yxo23u32v4t1ju-0au-4pm15pgw0f123y09rg7-v25bw7mkndt~3aa8f8mo-bpg-9tv7enovx013t17dqlxwapfe4yw18v23ksgo54ysett0k4aqxsutj5-5yz~upoxhcry3v9tvuu6evg6n0oxzhr55ng6otqvh~33id63esxp30~-hrwrrjubs6565g3-k2iucun085yf7tpbc6nhfuylze9-51xvd8070bt-i6munyirhyuo7lwbhk0y1-y7emsq6qbpfhyeghukzbtzizqkcb6niwnhjsj0s~5~~dta42odpz4j1xtlfjd0yksq6e-8e6a2bip7w6xkcswynrka-vv0meod4ypnio7rsa6nvpgb1diulznmdl3htq4341bo~ldqypza~16btlefrzje6w8cadgndkp~n0uep~wno30toq~lcjds=value&url=memindustries.com/host/hjlwehjwhnkewhj/Y2VsbGlvdHRAd2lja2Vyc21pdGguY29t0%VirustotalBrowse
https://pkrhzxtlvs.scscollege.org/?dshhef7dyi-7c17jao-xt77v0w0o-qaglkg6oqgym5fffr1d51yfx11tqo0aczuqkhl6vwlimlntj-kn5c1~7v70x5thdvj7c1r1~56f38w80yeuur2e~myjmfimjgczyryf10fucpv~p0j241ano0rhvac-qzvpmr6b6kkd0xqdcikn5h-0xfvpwdyu9~062zk0tklf~vbjbpqf~p4mtkgudniqu01qy8mntriuy9cfvhcd-2-xov9j7c1sd-2shqdrvjte8rl0n7bj8myx79rjtx6w8c6hrruf9k1suacaxma0kc-huo3t4p31t0uzu3llizpbpxat3w7qvajx9yxo23u32v4t1ju-0au-4pm15pgw0f123y09rg7-v25bw7mkndt~3aa8f8mo-bpg-9tv7enovx013t17dqlxwapfe4yw18v23ksgo54ysett0k4aqxsutj5-5yz~upoxhcry3v9tvuu6evg6n0oxzhr55ng6otqvh~33id63esxp30~-hrwrrjubs6565g3-k2iucun085yf7tpbc6nhfuylze9-51xvd8070bt-i6munyirhyuo7lwbhk0y1-y7emsq6qbpfhyeghukzbtzizqkcb6niwnhjsj0s~5~~dta42odpz4j1xtlfjd0yksq6e-8e6a2bip7w6xkcswynrka-vv0meod4ypnio7rsa6nvpgb1diulznmdl3htq4341bo~ldqypza~16btlefrzje6w8cadgndkp~n0uep~wno30toq~lcjds=value&url=memindustries.com/host/hjlwehjwhnkewhj/Y2VsbGlvdHRAd2lja2Vyc21pdGguY29t100%SlashNextCredential Stealing type: Phishing & Social usering
https://pkrhzxtlvs.scscollege.org/?dshhef7dyi-7c17jao-xt77v0w0o-qaglkg6oqgym5fffr1d51yfx11tqo0aczuqkhl6vwlimlntj-kn5c1~7v70x5thdvj7c1r1~56f38w80yeuur2e~myjmfimjgczyryf10fucpv~p0j241ano0rhvac-qzvpmr6b6kkd0xqdcikn5h-0xfvpwdyu9~062zk0tklf~vbjbpqf~p4mtkgudniqu01qy8mntriuy9cfvhcd-2-xov9j7c1sd-2shqdrvjte8rl0n7bj8myx79rjtx6w8c6hrruf9k1suacaxma0kc-huo3t4p31t0uzu3llizpbpxat3w7qvajx9yxo23u32v4t1ju-0au-4pm15pgw0f123y09rg7-v25bw7mkndt~3aa8f8mo-bpg-9tv7enovx013t17dqlxwapfe4yw18v23ksgo54ysett0k4aqxsutj5-5yz~upoxhcry3v9tvuu6evg6n0oxzhr55ng6otqvh~33id63esxp30~-hrwrrjubs6565g3-k2iucun085yf7tpbc6nhfuylze9-51xvd8070bt-i6munyirhyuo7lwbhk0y1-y7emsq6qbpfhyeghukzbtzizqkcb6niwnhjsj0s~5~~dta42odpz4j1xtlfjd0yksq6e-8e6a2bip7w6xkcswynrka-vv0meod4ypnio7rsa6nvpgb1diulznmdl3htq4341bo~ldqypza~16btlefrzje6w8cadgndkp~n0uep~wno30toq~lcjds=value&url=memindustries.com/host/hjlwehjwhnkewhj/Y2VsbGlvdHRAd2lja2Vyc21pdGguY29t0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://cdn.jsinit.directfwd.com/sk-jspark_init.php13%VirustotalBrowse
https://pkrhzxtlvs.scscollege.org/img/removebg-preview.png0%Avira URL Cloudsafe
https://pkrhzxtlvs.scscollege.org/captchaImageSource.php0%Avira URL Cloudsafe
https://pkrhzxtlvs.scscollege.org/favicon.ico0%Avira URL Cloudsafe
http://cdn.jsinit.directfwd.com/sk-jspark_init.php100%Avira URL Cloudmalware
https://pkrhzxtlvs.scscollege.org/assets/css/style.css?v=30%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
accounts.google.com
172.217.168.77
truefalse
    		high
    pkrhzxtlvs.scscollege.org
    		208.91.199.115
    		truefalse
      		unknown
      www.google.com
      		172.217.168.68
      		truefalse
        		high
        clients.l.google.com
        		142.250.203.110
        		truefalse
          		high
          clients2.google.com
          		unknown
          		unknownfalse
            		high

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            https://pkrhzxtlvs.scscollege.org/img/removebg-preview.pngfalse
            • Avira URL Cloud: safe
            		unknown
            https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1false
              		high
              https://pkrhzxtlvs.scscollege.org/assets/css/style.css?v=3false
              • Avira URL Cloud: safe
              		unknown
              https://pkrhzxtlvs.scscollege.org/captchaImageSource.phpfalse
              • Avira URL Cloud: safe
              		unknown
              https://pkrhzxtlvs.scscollege.org/favicon.icofalse
              • Avira URL Cloud: safe
              		unknown
              https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardfalse
                		high

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                http://cdn.jsinit.directfwd.com/sk-jspark_init.phpchromecache_103.1.drfalse
                • 13%, Virustotal, Browse
                • Avira URL Cloud: malware
                		unknown

                World Map of Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public IPs

                IPDomainCountryFlagASNASN NameMalicious
                172.217.168.68
                		www.google.comUnited States
                		15169GOOGLEUSfalse
                239.255.255.250
                		unknownReserved
                		unknownunknownfalse
                172.217.168.77
                		accounts.google.comUnited States
                		15169GOOGLEUSfalse
                208.91.199.115
                		pkrhzxtlvs.scscollege.orgUnited States
                		394695PUBLIC-DOMAIN-REGISTRYUSfalse
                142.250.203.110
                		clients.l.google.comUnited States
                		15169GOOGLEUSfalse

                Private

                IP
                192.168.2.1
                127.0.0.1

                General Information

                Joe Sandbox Version:37.1.0 Beryl
                Analysis ID:861346
                Start date and time:2023-05-08 16:49:32 +02:00
                Joe Sandbox Product:CloudBasic
                Overall analysis duration:0h 6m 8s
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:browseurl.jbs
                Sample URL:https://pkrhzxtlvs.scscollege.org/?dshhef7dyi-7c17jao-xt77v0w0o-qaglkg6oqgym5fffr1d51yfx11tqo0aczuqkhl6vwlimlntj-kn5c1~7v70x5thdvj7c1r1~56f38w80yeuur2e~myjmfimjgczyryf10fucpv~p0j241ano0rhvac-qzvpmr6b6kkd0xqdcikn5h-0xfvpwdyu9~062zk0tklf~vbjbpqf~p4mtkgudniqu01qy8mntriuy9cfvhcd-2-xov9j7c1sd-2shqdrvjte8rl0n7bj8myx79rjtx6w8c6hrruf9k1suacaxma0kc-huo3t4p31t0uzu3llizpbpxat3w7qvajx9yxo23u32v4t1ju-0au-4pm15pgw0f123y09rg7-v25bw7mkndt~3aa8f8mo-bpg-9tv7enovx013t17dqlxwapfe4yw18v23ksgo54ysett0k4aqxsutj5-5yz~upoxhcry3v9tvuu6evg6n0oxzhr55ng6otqvh~33id63esxp30~-hrwrrjubs6565g3-k2iucun085yf7tpbc6nhfuylze9-51xvd8070bt-i6munyirhyuo7lwbhk0y1-y7emsq6qbpfhyeghukzbtzizqkcb6niwnhjsj0s~5~~dta42odpz4j1xtlfjd0yksq6e-8e6a2bip7w6xkcswynrka-vv0meod4ypnio7rsa6nvpgb1diulznmdl3htq4341bo~ldqypza~16btlefrzje6w8cadgndkp~n0uep~wno30toq~lcjds=value&url=memindustries.com/host/hjlwehjwhnkewhj/Y2VsbGlvdHRAd2lja2Vyc21pdGguY29t
                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                Number of analysed new started processes analysed:12
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • HDC enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Detection:MAL
                Classification:mal64.win@24/6@5/7
                EGA Information:Failed
                HDC Information:Failed
                HCA Information:
                • Successful, ratio: 100%
                • Number of executed functions: 0
                • Number of non-executed functions: 0

                Warnings

                • Exclude process from analysis (whitelisted): SgrmBroker.exe, svchost.exe
                • Excluded IPs from analysis (whitelisted): 172.217.168.67, 34.104.35.123, 216.58.215.234, 172.217.168.10, 172.217.168.42, 142.250.203.106
                • Excluded domains from analysis (whitelisted): fs.microsoft.com, edgedl.me.gvt1.com, content-autofill.googleapis.com, update.googleapis.com, clientservices.googleapis.com
                • Not all processes where analyzed, report is missing behavior information
                • Report size getting too big, too many NtWriteVirtualMemory calls found.

                Simulations

                Behavior and APIs

                No simulations

                Joe Sandbox View / Context

                IPs

                No context

                Domains

                No context

                ASNs

                No context

                JA3 Fingerprints

                No context

                Dropped Files

                No context

                Created / dropped Files

                Chrome Cache Entry: 100

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:HTML document, ASCII text
                Category:downloaded
                Size (bytes):1085
                Entropy (8bit):4.058608047674449
                Encrypted:false
                SSDEEP:12:e/JqQxxbxYBPl4X2RXwZz3OBqgQlSQAiCJWyEyl/Gpb+oQb:qbxc4GKV3OBWXyBEG
                MD5:F241A4A908C2B70B395455441557694E
                SHA1:BDE4872A915E2317C2D09DA380DB8A847412972B
                SHA-256:B54543FD98803B37498311B6CEAA2CDD91915E962E29F749AAB445EE4FD6882F
                SHA-512:8058973266C0CA98825C998AEDE297730C6AF78C129A2EB50CC6F3BBF7ACC1D18686D3057DD5F148F87887046B5CEC13122951E6959EE9DBCEA7857D99B46E3D
                Malicious:false
                Reputation:low
                URL:https://pkrhzxtlvs.scscollege.org/?dshhef7dyi-7c17jao-xt77v0w0o-qaglkg6oqgym5fffr1d51yfx11tqo0aczuqkhl6vwlimlntj-kn5c1~7v70x5thdvj7c1r1~56f38w80yeuur2e~myjmfimjgczyryf10fucpv~p0j241ano0rhvac-qzvpmr6b6kkd0xqdcikn5h-0xfvpwdyu9~062zk0tklf~vbjbpqf~p4mtkgudniqu01qy8mntriuy9cfvhcd-2-xov9j7c1sd-2shqdrvjte8rl0n7bj8myx79rjtx6w8c6hrruf9k1suacaxma0kc-huo3t4p31t0uzu3llizpbpxat3w7qvajx9yxo23u32v4t1ju-0au-4pm15pgw0f123y09rg7-v25bw7mkndt~3aa8f8mo-bpg-9tv7enovx013t17dqlxwapfe4yw18v23ksgo54ysett0k4aqxsutj5-5yz~upoxhcry3v9tvuu6evg6n0oxzhr55ng6otqvh~33id63esxp30~-hrwrrjubs6565g3-k2iucun085yf7tpbc6nhfuylze9-51xvd8070bt-i6munyirhyuo7lwbhk0y1-y7emsq6qbpfhyeghukzbtzizqkcb6niwnhjsj0s~5~~dta42odpz4j1xtlfjd0yksq6e-8e6a2bip7w6xkcswynrka-vv0meod4ypnio7rsa6nvpgb1diulznmdl3htq4341bo~ldqypza~16btlefrzje6w8cadgndkp~n0uep~wno30toq~lcjds=value&url=memindustries.com/host/hjlwehjwhnkewhj/Y2VsbGlvdHRAd2lja2Vyc21pdGguY29t
                Preview:<html>.<head>.<title>Verify Human</title>.<link href="assets/css/style.css?v=3" type="text/css" rel="stylesheet" />.</head>.<body>.. <div class="div-main">.. <div class="image">. <img src="img/removebg-preview.png" alt="">. </div>.. <h2 style="text-align: center">Type Captcha Code to Prove you are Human</h2>. <form name="frmContact" method="post" action="">. <table border="0" cellpadding="10" cellspacing="1" width="100%". class="demo-table">.. <tr class="tablerow">. <td>Captcha Code: <span id="error-captcha". class="demo-error"></span>. <input name="captcha_code" type="text". class="demo-input captcha-input">. </td>. <td><br /> <input type="submit" name="submit". value="Submit" class="demo-btn"></td>.

                Chrome Cache Entry: 101

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:PNG image data, 434 x 436, 8-bit/color RGBA, non-interlaced
                Category:dropped
                Size (bytes):15598
                Entropy (8bit):7.8196723697549535
                Encrypted:false
                SSDEEP:384:+vbmyAC3cEOacUKp0znppKkr2lGYfuWM/7GZovw11:+vYEOabKp01pKkqlGYf6/acq
                MD5:85F54DDD54F2AFE99537CEE06448720F
                SHA1:2E294A5CA37696F67D81D9B3143DC970BF955822
                SHA-256:0B74297FC0A1E3C33DAD46F145582A8774CBAE57D8A75E6B1441DE745D346CF3
                SHA-512:30E59FC8B71EDFF0E6DCC44ED947C628BAC9D4FC16CA5DF8816A8B03A8738C94FCCD47355F54C146FCD029EC31B7DED4C98CA6026CD20DBD8122A8D0C99B77E1
                Malicious:false
                Reputation:low
                Preview:.PNG........IHDR.............W*.....MiCCPICC Profile..x....\SW.....$.@.d..D..@F.+..LATB.H.1&..7R.`.".jE."..V@.GQ..Q.......w3..~.....{..{...w...z.|.,....@Z(O..eMHKg....~..@.............o.C[(W.T...._.@(R..@.!g.....?....d.B..l...^(Sq.d#9...L.9..Sq....6I.\.;. ..|y...-P.*..@?.7!.K..).zd.A.1_.9....*.v.)..?9..5....bM.j!.I..|......[..s8.F...T9.....b...iVl.dC..$B.=d.*VF%k.Qs...k......h..#...1Z}V.$......XR.K.](R.'j}..&..r....m.....O(.9Z.7."...%.T.T.0j.$%...d#E^b....).sc.m...U.v.."id..?..-.H.......b.b./V...(M}....:~..M")'y.H1!f0..(,\.;...&k.....C..c{e..Z{.,.T.m .)...c.1.pAj..1...$M.xf..l.&........,..-.L..@......iz"...A...7.fpD..G.......I..C.B."P.........V...G.G..@4...Q..R..P#.....k>l....8P...(.....-...0b.1...Ax....!.y.l.o0.........k.N.).R.W.......6./3...Oo<....g....7.........P.....o......k.(...2..Bq.z.......UE...&...r.z....E......%.....ag..X3`aG....vH.Ck.w....-A.O..#..||.J*....?j.@..X.?..T...$G\...._..I.#G.<.=<.P..h..WL....<..n.>........K.......1....q

                Chrome Cache Entry: 102

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text, with no line terminators
                Category:downloaded
                Size (bytes):16
                Entropy (8bit):3.702819531114783
                Encrypted:false
                SSDEEP:3:HycMK:S9K
                MD5:F20C48603763A982D7F6B2C8830F01AD
                SHA1:DEA4D0A2ABFADDA68DB41B134271C3A4A84475F7
                SHA-256:C91C7EEE4E89FF52C17776184F3134DB98F2C1C8A9AFB98F0D5E0A9EC7D6BC43
                SHA-512:7BFDED2053A938E532B5FC31D18FB3023BC8DC8A22D64ACAF4B39B45C94F3763D76C9030053EBEBBFA7F9152EBDF9663126062C7327AEB84B4F87EAB4C3E8E2D
                Malicious:false
                Reputation:low
                URL:https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTA0LjAuNTExMi44MRIQCeRgIue7qYF2EgUNzMokYA==?alt=proto
                Preview:CgkKBw3MyiRgGgA=

                Chrome Cache Entry: 103

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:HTML document, ASCII text
                Category:downloaded
                Size (bytes):583
                Entropy (8bit):5.11550204447751
                Encrypted:false
                SSDEEP:12:vQ0AMyHWBFc+sc3Ea2KVdNxtNufiCRiTkJsU3++W6OQ4NbxBShQL:vQFrWMAEafVfN+iCR2kJe+P4NjSK
                MD5:59F6AE7C7F154EC74D418D4ED6FC5B0E
                SHA1:674860108A41AB23BA5F73635749332BD8A46B7E
                SHA-256:50E0767F2731DA7DDB56D719DC85A7F830C4A860D8F09D0F25401D3DC7097D7D
                SHA-512:501F35D5347BD1F20024A1C76172874E0026289F6DD60DE6A1F83EF2DEB0FFF07CD75C45B4DCF693A7C2FF903528BEDBD05C2B9F9BB439D294F5F904427173F7
                Malicious:false
                Reputation:low
                URL:https://pkrhzxtlvs.scscollege.org/favicon.ico
                Preview:<html>.<head>. <style>. .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; }. @keyframes spin { 0% { transform: rotate(0deg); } 100% { transform: rotate(360deg); } }. </style>. <script language="Javascript">var _skz_pid = "9PO5645V6";</script>. <script language="Javascript" src="http://cdn.jsinit.directfwd.com/sk-jspark_init.php"></script>.</head>.<body>.<div class="loader" id="sk-loader"></div>.</body>.</html>.

                Chrome Cache Entry: 104

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text
                Category:downloaded
                Size (bytes):1064
                Entropy (8bit):4.826710531010508
                Encrypted:false
                SSDEEP:24:U9KL8SvTdJYF0Z+cYFMrZWSo9OFU/6YLdFUShCYl9jso/S+HfxE:UA8uyF0Z+7FMrZWF9qE6KFUAjso/S+HW
                MD5:27F9E9CF48D68471FD3CDFF493B9347B
                SHA1:4F030E7A53FB944DC56767594976121265C70AFD
                SHA-256:C03307765D39AD9B0EBAC265B33C0903F27F32E293452E74D8A5EE6CAB098D23
                SHA-512:F4EE3BBD345532E5406D7DFB6E664929CEA6B2B8ED9FE03084CCE0B74119432C6D5E0C9D40BCFAB891A6EFC80FA3A28FCCBE16B2967AD6BDF64A232E4A11C68E
                Malicious:false
                Reputation:low
                URL:https://pkrhzxtlvs.scscollege.org/assets/css/style.css?v=3
                Preview:body {. font-family: arial;. max-width: 610px;. font-size: 0.95em;. color: #232323;.}..demo-error {. color:#FF0000;. font-size: 0.95em;.}..demo-input {. width: 100%;. border-radius: 5px;. border: #CCC 1px solid;. padding: 12px;. margin-top: 5px;.}..demo-btn {. padding: 12px;. border-radius: 5px;. background: #232323;. border: #284828 1px solid;. color: #FFF;. width: 100%;. cursor: pointer;. margin-top: 4px;.}..demo-table {. border-radius: 3px;. padding: 10px;. border: #E0E0E0 1px solid;.}..demo-success {. margin-top: 5px;. color: #478347;. background: #e2ead1;. padding: 10px;. border-radius: 5px;.}..captcha-input {. background: #FFF url(./../../captchaImageSource.php) repeat-y left center;. padding-left: 85px;.}..div-main {. position: absolute;. left: 50%;. top: 50%;. -webkit-transform: translate(-50%, -50%);. transform: translate(-50%, -50%);.}..div-main img {. width: 215px;. ma

                Chrome Cache Entry: 105

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:PNG image data, 434 x 436, 8-bit/color RGBA, non-interlaced
                Category:downloaded
                Size (bytes):15598
                Entropy (8bit):7.8196723697549535
                Encrypted:false
                SSDEEP:384:+vbmyAC3cEOacUKp0znppKkr2lGYfuWM/7GZovw11:+vYEOabKp01pKkqlGYf6/acq
                MD5:85F54DDD54F2AFE99537CEE06448720F
                SHA1:2E294A5CA37696F67D81D9B3143DC970BF955822
                SHA-256:0B74297FC0A1E3C33DAD46F145582A8774CBAE57D8A75E6B1441DE745D346CF3
                SHA-512:30E59FC8B71EDFF0E6DCC44ED947C628BAC9D4FC16CA5DF8816A8B03A8738C94FCCD47355F54C146FCD029EC31B7DED4C98CA6026CD20DBD8122A8D0C99B77E1
                Malicious:false
                Reputation:low
                URL:https://pkrhzxtlvs.scscollege.org/img/removebg-preview.png
                Preview:.PNG........IHDR.............W*.....MiCCPICC Profile..x....\SW.....$.@.d..D..@F.+..LATB.H.1&..7R.`.".jE."..V@.GQ..Q.......w3..~.....{..{...w...z.|.,....@Z(O..eMHKg....~..@.............o.C[(W.T...._.@(R..@.!g.....?....d.B..l...^(Sq.d#9...L.9..Sq....6I.\.;. ..|y...-P.*..@?.7!.K..).zd.A.1_.9....*.v.)..?9..5....bM.j!.I..|......[..s8.F...T9.....b...iVl.dC..$B.=d.*VF%k.Qs...k......h..#...1Z}V.$......XR.K.](R.'j}..&..r....m.....O(.9Z.7."...%.T.T.0j.$%...d#E^b....).sc.m...U.v.."id..?..-.H.......b.b./V...(M}....:~..M")'y.H1!f0..(,\.;...&k.....C..c{e..Z{.,.T.m .)...c.1.pAj..1...$M.xf..l.&........,..-.L..@......iz"...A...7.fpD..G.......I..C.B."P.........V...G.G..@4...Q..R..P#.....k>l....8P...(.....-...0b.1...Ax....!.y.l.o0.........k.N.).R.W.......6./3...Oo<....g....7.........P.....o......k.(...2..Bq.z.......UE...&...r.z....E......%.....ag..X3`aG....vH.Ck.w....-A.O..#..||.J*....?j.@..X.?..T...$G\...._..I.#G.<.=<.P..h..WL....<..n.>........K.......1....q

                Static File Info

                No static file info

                Network Behavior

                Network Port Distribution

                TCP Packets

                TimestampSource PortDest PortSource IPDest IP
                May 8, 2023 16:50:33.102252960 CEST49706443192.168.2.6142.250.203.110
                May 8, 2023 16:50:33.102309942 CEST44349706142.250.203.110192.168.2.6
                May 8, 2023 16:50:33.102411032 CEST49706443192.168.2.6142.250.203.110
                May 8, 2023 16:50:33.310003996 CEST49708443192.168.2.6172.217.168.77
                May 8, 2023 16:50:33.310051918 CEST44349708172.217.168.77192.168.2.6
                May 8, 2023 16:50:33.310134888 CEST49708443192.168.2.6172.217.168.77
                May 8, 2023 16:50:33.311976910 CEST49706443192.168.2.6142.250.203.110
                May 8, 2023 16:50:33.312016010 CEST44349706142.250.203.110192.168.2.6
                May 8, 2023 16:50:33.313010931 CEST49710443192.168.2.6172.217.168.77
                May 8, 2023 16:50:33.313072920 CEST44349710172.217.168.77192.168.2.6
                May 8, 2023 16:50:33.313137054 CEST49710443192.168.2.6172.217.168.77
                May 8, 2023 16:50:33.314347029 CEST49708443192.168.2.6172.217.168.77
                May 8, 2023 16:50:33.314378023 CEST44349708172.217.168.77192.168.2.6
                May 8, 2023 16:50:33.315329075 CEST49710443192.168.2.6172.217.168.77
                May 8, 2023 16:50:33.315371037 CEST44349710172.217.168.77192.168.2.6
                May 8, 2023 16:50:33.383711100 CEST44349706142.250.203.110192.168.2.6
                May 8, 2023 16:50:33.400845051 CEST44349708172.217.168.77192.168.2.6
                May 8, 2023 16:50:33.423988104 CEST49706443192.168.2.6142.250.203.110
                May 8, 2023 16:50:33.431988001 CEST44349710172.217.168.77192.168.2.6
                May 8, 2023 16:50:33.477526903 CEST49710443192.168.2.6172.217.168.77
                May 8, 2023 16:50:33.477591991 CEST44349710172.217.168.77192.168.2.6
                May 8, 2023 16:50:33.478148937 CEST49708443192.168.2.6172.217.168.77
                May 8, 2023 16:50:33.478173018 CEST44349708172.217.168.77192.168.2.6
                May 8, 2023 16:50:33.480360985 CEST44349710172.217.168.77192.168.2.6
                May 8, 2023 16:50:33.480460882 CEST49710443192.168.2.6172.217.168.77
                May 8, 2023 16:50:33.481096029 CEST49706443192.168.2.6142.250.203.110
                May 8, 2023 16:50:33.481116056 CEST44349706142.250.203.110192.168.2.6
                May 8, 2023 16:50:33.481774092 CEST44349708172.217.168.77192.168.2.6
                May 8, 2023 16:50:33.481802940 CEST44349706142.250.203.110192.168.2.6
                May 8, 2023 16:50:33.481834888 CEST44349708172.217.168.77192.168.2.6
                May 8, 2023 16:50:33.481892109 CEST49708443192.168.2.6172.217.168.77
                May 8, 2023 16:50:33.481930971 CEST49706443192.168.2.6142.250.203.110
                May 8, 2023 16:50:33.482785940 CEST44349706142.250.203.110192.168.2.6
                May 8, 2023 16:50:33.482911110 CEST49706443192.168.2.6142.250.203.110
                May 8, 2023 16:50:33.674159050 CEST49708443192.168.2.6172.217.168.77
                May 8, 2023 16:50:34.819549084 CEST49710443192.168.2.6172.217.168.77
                May 8, 2023 16:50:34.819766998 CEST44349710172.217.168.77192.168.2.6
                May 8, 2023 16:50:34.819787979 CEST49708443192.168.2.6172.217.168.77
                May 8, 2023 16:50:34.819955111 CEST44349708172.217.168.77192.168.2.6
                May 8, 2023 16:50:34.829951048 CEST49710443192.168.2.6172.217.168.77
                May 8, 2023 16:50:34.829997063 CEST44349710172.217.168.77192.168.2.6
                May 8, 2023 16:50:34.830210924 CEST49706443192.168.2.6142.250.203.110
                May 8, 2023 16:50:34.830393076 CEST49706443192.168.2.6142.250.203.110
                May 8, 2023 16:50:34.830420017 CEST44349706142.250.203.110192.168.2.6
                May 8, 2023 16:50:34.830450058 CEST44349706142.250.203.110192.168.2.6
                May 8, 2023 16:50:34.865052938 CEST44349706142.250.203.110192.168.2.6
                May 8, 2023 16:50:34.865221977 CEST49706443192.168.2.6142.250.203.110
                May 8, 2023 16:50:34.865262032 CEST44349706142.250.203.110192.168.2.6
                May 8, 2023 16:50:34.865289927 CEST44349706142.250.203.110192.168.2.6
                May 8, 2023 16:50:34.865348101 CEST49706443192.168.2.6142.250.203.110
                May 8, 2023 16:50:34.874046087 CEST49708443192.168.2.6172.217.168.77
                May 8, 2023 16:50:34.874094009 CEST44349708172.217.168.77192.168.2.6
                May 8, 2023 16:50:34.874170065 CEST49710443192.168.2.6172.217.168.77
                May 8, 2023 16:50:34.882931948 CEST44349710172.217.168.77192.168.2.6
                May 8, 2023 16:50:34.883100033 CEST44349710172.217.168.77192.168.2.6
                May 8, 2023 16:50:34.883105993 CEST49710443192.168.2.6172.217.168.77
                May 8, 2023 16:50:34.883152008 CEST49710443192.168.2.6172.217.168.77
                May 8, 2023 16:50:34.919543982 CEST49710443192.168.2.6172.217.168.77
                May 8, 2023 16:50:34.919576883 CEST44349710172.217.168.77192.168.2.6
                May 8, 2023 16:50:34.920547962 CEST49706443192.168.2.6142.250.203.110
                May 8, 2023 16:50:34.920571089 CEST44349706142.250.203.110192.168.2.6
                May 8, 2023 16:50:34.974050045 CEST49708443192.168.2.6172.217.168.77
                May 8, 2023 16:50:36.254606962 CEST49712443192.168.2.6172.217.168.68
                May 8, 2023 16:50:36.254667044 CEST44349712172.217.168.68192.168.2.6
                May 8, 2023 16:50:36.254741907 CEST49712443192.168.2.6172.217.168.68
                May 8, 2023 16:50:36.255611897 CEST49712443192.168.2.6172.217.168.68
                May 8, 2023 16:50:36.255641937 CEST44349712172.217.168.68192.168.2.6
                May 8, 2023 16:50:36.326509953 CEST44349712172.217.168.68192.168.2.6
                May 8, 2023 16:50:36.328344107 CEST49712443192.168.2.6172.217.168.68
                May 8, 2023 16:50:36.328380108 CEST44349712172.217.168.68192.168.2.6
                May 8, 2023 16:50:36.330638885 CEST44349712172.217.168.68192.168.2.6
                May 8, 2023 16:50:36.330723047 CEST49712443192.168.2.6172.217.168.68
                May 8, 2023 16:50:36.335922003 CEST49712443192.168.2.6172.217.168.68
                May 8, 2023 16:50:36.336172104 CEST44349712172.217.168.68192.168.2.6
                May 8, 2023 16:50:36.388756990 CEST49714443192.168.2.6208.91.199.115
                May 8, 2023 16:50:36.388808012 CEST44349714208.91.199.115192.168.2.6
                May 8, 2023 16:50:36.388891935 CEST49714443192.168.2.6208.91.199.115
                May 8, 2023 16:50:36.389789104 CEST49714443192.168.2.6208.91.199.115
                May 8, 2023 16:50:36.389815092 CEST44349714208.91.199.115192.168.2.6
                May 8, 2023 16:50:36.445966959 CEST49712443192.168.2.6172.217.168.68
                May 8, 2023 16:50:36.446032047 CEST44349712172.217.168.68192.168.2.6
                May 8, 2023 16:50:36.644015074 CEST49712443192.168.2.6172.217.168.68
                May 8, 2023 16:50:36.749058962 CEST44349714208.91.199.115192.168.2.6
                May 8, 2023 16:50:36.749883890 CEST49714443192.168.2.6208.91.199.115
                May 8, 2023 16:50:36.749927044 CEST44349714208.91.199.115192.168.2.6
                May 8, 2023 16:50:36.751220942 CEST44349714208.91.199.115192.168.2.6
                May 8, 2023 16:50:36.751357079 CEST49714443192.168.2.6208.91.199.115
                May 8, 2023 16:50:36.755384922 CEST49714443192.168.2.6208.91.199.115
                May 8, 2023 16:50:36.755594015 CEST44349714208.91.199.115192.168.2.6
                May 8, 2023 16:50:36.755820990 CEST49714443192.168.2.6208.91.199.115
                May 8, 2023 16:50:36.755857944 CEST44349714208.91.199.115192.168.2.6
                May 8, 2023 16:50:36.945027113 CEST49714443192.168.2.6208.91.199.115
                May 8, 2023 16:50:37.131055117 CEST44349714208.91.199.115192.168.2.6
                May 8, 2023 16:50:37.131161928 CEST44349714208.91.199.115192.168.2.6
                May 8, 2023 16:50:37.131230116 CEST49714443192.168.2.6208.91.199.115
                May 8, 2023 16:50:37.211035013 CEST49714443192.168.2.6208.91.199.115
                May 8, 2023 16:50:37.211091042 CEST44349714208.91.199.115192.168.2.6
                May 8, 2023 16:50:37.230564117 CEST49716443192.168.2.6208.91.199.115
                May 8, 2023 16:50:37.230639935 CEST44349716208.91.199.115192.168.2.6
                May 8, 2023 16:50:37.230746984 CEST49716443192.168.2.6208.91.199.115
                May 8, 2023 16:50:37.231415033 CEST49716443192.168.2.6208.91.199.115
                May 8, 2023 16:50:37.231448889 CEST44349716208.91.199.115192.168.2.6
                May 8, 2023 16:50:37.233123064 CEST49717443192.168.2.6208.91.199.115
                May 8, 2023 16:50:37.233191967 CEST44349717208.91.199.115192.168.2.6
                May 8, 2023 16:50:37.233279943 CEST49717443192.168.2.6208.91.199.115
                May 8, 2023 16:50:37.233968973 CEST49717443192.168.2.6208.91.199.115
                May 8, 2023 16:50:37.234003067 CEST44349717208.91.199.115192.168.2.6
                May 8, 2023 16:50:37.587213993 CEST44349716208.91.199.115192.168.2.6
                May 8, 2023 16:50:37.590089083 CEST44349717208.91.199.115192.168.2.6
                May 8, 2023 16:50:37.615716934 CEST49717443192.168.2.6208.91.199.115
                May 8, 2023 16:50:37.615761995 CEST44349717208.91.199.115192.168.2.6
                May 8, 2023 16:50:37.616086006 CEST49716443192.168.2.6208.91.199.115
                May 8, 2023 16:50:37.616132021 CEST44349716208.91.199.115192.168.2.6
                May 8, 2023 16:50:37.616748095 CEST44349717208.91.199.115192.168.2.6
                May 8, 2023 16:50:37.616756916 CEST44349716208.91.199.115192.168.2.6
                May 8, 2023 16:50:37.623270988 CEST49716443192.168.2.6208.91.199.115
                May 8, 2023 16:50:37.623517036 CEST44349716208.91.199.115192.168.2.6
                May 8, 2023 16:50:37.624551058 CEST49717443192.168.2.6208.91.199.115
                May 8, 2023 16:50:37.624810934 CEST44349717208.91.199.115192.168.2.6
                May 8, 2023 16:50:37.624876022 CEST49716443192.168.2.6208.91.199.115
                May 8, 2023 16:50:37.625087976 CEST49717443192.168.2.6208.91.199.115
                May 8, 2023 16:50:37.625140905 CEST44349717208.91.199.115192.168.2.6
                May 8, 2023 16:50:37.667438984 CEST44349716208.91.199.115192.168.2.6
                May 8, 2023 16:50:37.935058117 CEST44349716208.91.199.115192.168.2.6
                May 8, 2023 16:50:37.935170889 CEST44349716208.91.199.115192.168.2.6
                May 8, 2023 16:50:37.935241938 CEST49716443192.168.2.6208.91.199.115
                May 8, 2023 16:50:37.938821077 CEST44349717208.91.199.115192.168.2.6
                May 8, 2023 16:50:37.938873053 CEST44349717208.91.199.115192.168.2.6
                May 8, 2023 16:50:37.938982964 CEST49717443192.168.2.6208.91.199.115
                May 8, 2023 16:50:37.939017057 CEST44349717208.91.199.115192.168.2.6
                May 8, 2023 16:50:37.949429989 CEST49716443192.168.2.6208.91.199.115
                May 8, 2023 16:50:37.949470997 CEST44349716208.91.199.115192.168.2.6
                May 8, 2023 16:50:37.998277903 CEST49719443192.168.2.6208.91.199.115
                May 8, 2023 16:50:37.998358011 CEST44349719208.91.199.115192.168.2.6
                May 8, 2023 16:50:37.998492002 CEST49719443192.168.2.6208.91.199.115
                May 8, 2023 16:50:37.998878002 CEST49719443192.168.2.6208.91.199.115
                May 8, 2023 16:50:37.998903036 CEST44349719208.91.199.115192.168.2.6
                May 8, 2023 16:50:38.112313986 CEST44349717208.91.199.115192.168.2.6
                May 8, 2023 16:50:38.112417936 CEST44349717208.91.199.115192.168.2.6
                May 8, 2023 16:50:38.112488031 CEST49717443192.168.2.6208.91.199.115
                May 8, 2023 16:50:38.112572908 CEST49717443192.168.2.6208.91.199.115
                May 8, 2023 16:50:38.121572971 CEST49717443192.168.2.6208.91.199.115
                May 8, 2023 16:50:38.121608973 CEST44349717208.91.199.115192.168.2.6
                May 8, 2023 16:50:38.355019093 CEST44349719208.91.199.115192.168.2.6
                May 8, 2023 16:50:38.355766058 CEST49719443192.168.2.6208.91.199.115
                May 8, 2023 16:50:38.355798006 CEST44349719208.91.199.115192.168.2.6
                May 8, 2023 16:50:38.356308937 CEST44349719208.91.199.115192.168.2.6
                May 8, 2023 16:50:38.357175112 CEST49719443192.168.2.6208.91.199.115
                May 8, 2023 16:50:38.357259989 CEST44349719208.91.199.115192.168.2.6
                May 8, 2023 16:50:38.357546091 CEST49719443192.168.2.6208.91.199.115
                May 8, 2023 16:50:38.399487019 CEST44349719208.91.199.115192.168.2.6
                May 8, 2023 16:50:38.585328102 CEST49720443192.168.2.6208.91.199.115
                May 8, 2023 16:50:38.585383892 CEST44349720208.91.199.115192.168.2.6
                May 8, 2023 16:50:38.585484028 CEST49720443192.168.2.6208.91.199.115
                May 8, 2023 16:50:38.591736078 CEST49720443192.168.2.6208.91.199.115
                May 8, 2023 16:50:38.591768980 CEST44349720208.91.199.115192.168.2.6
                May 8, 2023 16:50:38.713754892 CEST44349719208.91.199.115192.168.2.6
                May 8, 2023 16:50:38.713886023 CEST44349719208.91.199.115192.168.2.6
                May 8, 2023 16:50:38.713968039 CEST49719443192.168.2.6208.91.199.115
                May 8, 2023 16:50:38.715198994 CEST49719443192.168.2.6208.91.199.115
                May 8, 2023 16:50:38.715230942 CEST44349719208.91.199.115192.168.2.6
                May 8, 2023 16:50:38.792325974 CEST49721443192.168.2.6208.91.199.115
                May 8, 2023 16:50:38.792438030 CEST44349721208.91.199.115192.168.2.6
                May 8, 2023 16:50:38.792570114 CEST49721443192.168.2.6208.91.199.115
                May 8, 2023 16:50:38.793195963 CEST49721443192.168.2.6208.91.199.115
                May 8, 2023 16:50:38.793229103 CEST44349721208.91.199.115192.168.2.6
                May 8, 2023 16:50:38.948945999 CEST44349720208.91.199.115192.168.2.6
                May 8, 2023 16:50:38.956151962 CEST49720443192.168.2.6208.91.199.115
                May 8, 2023 16:50:38.956203938 CEST44349720208.91.199.115192.168.2.6
                May 8, 2023 16:50:38.956845999 CEST44349720208.91.199.115192.168.2.6
                May 8, 2023 16:50:38.957633018 CEST49720443192.168.2.6208.91.199.115
                May 8, 2023 16:50:38.957791090 CEST44349720208.91.199.115192.168.2.6
                May 8, 2023 16:50:38.959691048 CEST49720443192.168.2.6208.91.199.115
                May 8, 2023 16:50:38.959758043 CEST44349720208.91.199.115192.168.2.6
                May 8, 2023 16:50:39.150774956 CEST44349721208.91.199.115192.168.2.6
                May 8, 2023 16:50:39.243151903 CEST49721443192.168.2.6208.91.199.115
                May 8, 2023 16:50:39.255235910 CEST49721443192.168.2.6208.91.199.115
                May 8, 2023 16:50:39.255271912 CEST44349721208.91.199.115192.168.2.6
                May 8, 2023 16:50:39.256222010 CEST44349721208.91.199.115192.168.2.6
                May 8, 2023 16:50:39.322921038 CEST44349720208.91.199.115192.168.2.6
                May 8, 2023 16:50:39.323033094 CEST44349720208.91.199.115192.168.2.6
                May 8, 2023 16:50:39.323112965 CEST49720443192.168.2.6208.91.199.115
                May 8, 2023 16:50:39.345201015 CEST49721443192.168.2.6208.91.199.115
                May 8, 2023 16:50:39.696758986 CEST49721443192.168.2.6208.91.199.115
                May 8, 2023 16:50:39.697179079 CEST44349721208.91.199.115192.168.2.6
                May 8, 2023 16:50:39.700977087 CEST49721443192.168.2.6208.91.199.115
                May 8, 2023 16:50:39.743417978 CEST44349721208.91.199.115192.168.2.6
                May 8, 2023 16:50:39.884671926 CEST44349721208.91.199.115192.168.2.6
                May 8, 2023 16:50:39.884814978 CEST44349721208.91.199.115192.168.2.6
                May 8, 2023 16:50:39.884885073 CEST49721443192.168.2.6208.91.199.115
                May 8, 2023 16:50:40.351452112 CEST49721443192.168.2.6208.91.199.115
                May 8, 2023 16:50:40.351499081 CEST44349721208.91.199.115192.168.2.6
                May 8, 2023 16:50:40.915112019 CEST49720443192.168.2.6208.91.199.115
                May 8, 2023 16:50:40.915152073 CEST44349720208.91.199.115192.168.2.6
                May 8, 2023 16:50:41.807516098 CEST49726443192.168.2.6208.91.199.115
                May 8, 2023 16:50:41.807591915 CEST44349726208.91.199.115192.168.2.6
                May 8, 2023 16:50:41.807688951 CEST49726443192.168.2.6208.91.199.115
                May 8, 2023 16:50:41.808151007 CEST49726443192.168.2.6208.91.199.115
                May 8, 2023 16:50:41.808182955 CEST44349726208.91.199.115192.168.2.6
                May 8, 2023 16:50:42.162468910 CEST44349726208.91.199.115192.168.2.6
                May 8, 2023 16:50:42.244404078 CEST49726443192.168.2.6208.91.199.115
                May 8, 2023 16:50:42.388313055 CEST49726443192.168.2.6208.91.199.115
                May 8, 2023 16:50:42.388348103 CEST44349726208.91.199.115192.168.2.6
                May 8, 2023 16:50:42.389326096 CEST44349726208.91.199.115192.168.2.6
                May 8, 2023 16:50:42.394135952 CEST49726443192.168.2.6208.91.199.115
                May 8, 2023 16:50:42.394455910 CEST44349726208.91.199.115192.168.2.6
                May 8, 2023 16:50:42.403002977 CEST49726443192.168.2.6208.91.199.115
                May 8, 2023 16:50:42.447421074 CEST44349726208.91.199.115192.168.2.6
                May 8, 2023 16:50:42.585738897 CEST44349726208.91.199.115192.168.2.6
                May 8, 2023 16:50:42.585859060 CEST44349726208.91.199.115192.168.2.6
                May 8, 2023 16:50:42.585944891 CEST49726443192.168.2.6208.91.199.115
                May 8, 2023 16:50:42.601823092 CEST49726443192.168.2.6208.91.199.115
                May 8, 2023 16:50:42.601874113 CEST44349726208.91.199.115192.168.2.6
                May 8, 2023 16:50:42.701422930 CEST49727443192.168.2.6208.91.199.115
                May 8, 2023 16:50:42.701524973 CEST44349727208.91.199.115192.168.2.6
                May 8, 2023 16:50:42.701649904 CEST49727443192.168.2.6208.91.199.115
                May 8, 2023 16:50:42.702410936 CEST49727443192.168.2.6208.91.199.115
                May 8, 2023 16:50:42.702454090 CEST44349727208.91.199.115192.168.2.6
                May 8, 2023 16:50:43.062306881 CEST44349727208.91.199.115192.168.2.6
                May 8, 2023 16:50:43.065454960 CEST49727443192.168.2.6208.91.199.115
                May 8, 2023 16:50:43.065519094 CEST44349727208.91.199.115192.168.2.6
                May 8, 2023 16:50:43.066535950 CEST44349727208.91.199.115192.168.2.6
                May 8, 2023 16:50:43.067672014 CEST49727443192.168.2.6208.91.199.115
                May 8, 2023 16:50:43.067897081 CEST44349727208.91.199.115192.168.2.6
                May 8, 2023 16:50:43.068097115 CEST49727443192.168.2.6208.91.199.115
                May 8, 2023 16:50:43.068167925 CEST44349727208.91.199.115192.168.2.6
                May 8, 2023 16:50:43.316648006 CEST49728443192.168.2.6208.91.199.115
                May 8, 2023 16:50:43.316705942 CEST44349728208.91.199.115192.168.2.6
                May 8, 2023 16:50:43.316843033 CEST49728443192.168.2.6208.91.199.115
                May 8, 2023 16:50:43.317167997 CEST49728443192.168.2.6208.91.199.115
                May 8, 2023 16:50:43.317184925 CEST44349728208.91.199.115192.168.2.6
                May 8, 2023 16:50:43.389100075 CEST49729443192.168.2.6208.91.199.115
                May 8, 2023 16:50:43.389153004 CEST44349729208.91.199.115192.168.2.6
                May 8, 2023 16:50:43.389213085 CEST49729443192.168.2.6208.91.199.115
                May 8, 2023 16:50:43.391055107 CEST49729443192.168.2.6208.91.199.115
                May 8, 2023 16:50:43.391081095 CEST44349729208.91.199.115192.168.2.6
                May 8, 2023 16:50:43.410342932 CEST44349727208.91.199.115192.168.2.6
                May 8, 2023 16:50:43.410454035 CEST44349727208.91.199.115192.168.2.6
                May 8, 2023 16:50:43.410518885 CEST49727443192.168.2.6208.91.199.115
                May 8, 2023 16:50:43.411818981 CEST49727443192.168.2.6208.91.199.115
                May 8, 2023 16:50:43.411864996 CEST44349727208.91.199.115192.168.2.6
                May 8, 2023 16:50:43.673970938 CEST44349728208.91.199.115192.168.2.6
                May 8, 2023 16:50:43.697798967 CEST49728443192.168.2.6208.91.199.115
                May 8, 2023 16:50:43.697827101 CEST44349728208.91.199.115192.168.2.6
                May 8, 2023 16:50:43.698453903 CEST44349728208.91.199.115192.168.2.6
                May 8, 2023 16:50:43.699522018 CEST49728443192.168.2.6208.91.199.115
                May 8, 2023 16:50:43.699665070 CEST44349728208.91.199.115192.168.2.6
                May 8, 2023 16:50:43.700683117 CEST49728443192.168.2.6208.91.199.115
                May 8, 2023 16:50:43.745810032 CEST44349729208.91.199.115192.168.2.6
                May 8, 2023 16:50:43.746221066 CEST49729443192.168.2.6208.91.199.115
                May 8, 2023 16:50:43.746253967 CEST44349729208.91.199.115192.168.2.6
                May 8, 2023 16:50:43.746701956 CEST44349729208.91.199.115192.168.2.6
                May 8, 2023 16:50:43.747389078 CEST49729443192.168.2.6208.91.199.115
                May 8, 2023 16:50:43.747425079 CEST44349728208.91.199.115192.168.2.6
                May 8, 2023 16:50:43.747520924 CEST44349729208.91.199.115192.168.2.6
                May 8, 2023 16:50:43.748979092 CEST49729443192.168.2.6208.91.199.115
                May 8, 2023 16:50:43.791435003 CEST44349729208.91.199.115192.168.2.6
                May 8, 2023 16:50:44.025207996 CEST44349728208.91.199.115192.168.2.6
                May 8, 2023 16:50:44.025248051 CEST44349728208.91.199.115192.168.2.6
                May 8, 2023 16:50:44.025432110 CEST49728443192.168.2.6208.91.199.115
                May 8, 2023 16:50:44.025474072 CEST44349728208.91.199.115192.168.2.6
                May 8, 2023 16:50:44.074412107 CEST49728443192.168.2.6208.91.199.115
                May 8, 2023 16:50:44.101797104 CEST44349729208.91.199.115192.168.2.6
                May 8, 2023 16:50:44.101897001 CEST44349729208.91.199.115192.168.2.6
                May 8, 2023 16:50:44.101994038 CEST49729443192.168.2.6208.91.199.115
                May 8, 2023 16:50:44.198398113 CEST44349728208.91.199.115192.168.2.6
                May 8, 2023 16:50:44.198416948 CEST44349728208.91.199.115192.168.2.6
                May 8, 2023 16:50:44.198509932 CEST44349728208.91.199.115192.168.2.6
                May 8, 2023 16:50:44.198592901 CEST49728443192.168.2.6208.91.199.115
                May 8, 2023 16:50:44.198652983 CEST49728443192.168.2.6208.91.199.115
                May 8, 2023 16:50:44.228199005 CEST49729443192.168.2.6208.91.199.115
                May 8, 2023 16:50:44.228245974 CEST44349729208.91.199.115192.168.2.6
                May 8, 2023 16:50:44.717361927 CEST49728443192.168.2.6208.91.199.115
                May 8, 2023 16:50:44.717396021 CEST44349728208.91.199.115192.168.2.6
                May 8, 2023 16:50:46.292851925 CEST44349712172.217.168.68192.168.2.6
                May 8, 2023 16:50:46.292927980 CEST44349712172.217.168.68192.168.2.6
                May 8, 2023 16:50:46.292987108 CEST49712443192.168.2.6172.217.168.68
                May 8, 2023 16:50:50.751900911 CEST49712443192.168.2.6172.217.168.68
                May 8, 2023 16:50:50.751965046 CEST44349712172.217.168.68192.168.2.6
                May 8, 2023 16:51:19.893970966 CEST49708443192.168.2.6172.217.168.77
                May 8, 2023 16:51:19.894012928 CEST44349708172.217.168.77192.168.2.6
                May 8, 2023 16:51:36.034499884 CEST49708443192.168.2.6172.217.168.77
                May 8, 2023 16:51:36.034672022 CEST44349708172.217.168.77192.168.2.6
                May 8, 2023 16:51:36.034938097 CEST44349708172.217.168.77192.168.2.6
                May 8, 2023 16:51:36.034940958 CEST49708443192.168.2.6172.217.168.77
                May 8, 2023 16:51:36.035161972 CEST49708443192.168.2.6172.217.168.77
                May 8, 2023 16:51:36.035192966 CEST49790443192.168.2.6172.217.168.68
                May 8, 2023 16:51:36.035247087 CEST44349790172.217.168.68192.168.2.6
                May 8, 2023 16:51:36.035324097 CEST49790443192.168.2.6172.217.168.68
                May 8, 2023 16:51:36.035855055 CEST49790443192.168.2.6172.217.168.68
                May 8, 2023 16:51:36.035877943 CEST44349790172.217.168.68192.168.2.6
                May 8, 2023 16:51:36.092895985 CEST44349790172.217.168.68192.168.2.6
                May 8, 2023 16:51:36.093384981 CEST49790443192.168.2.6172.217.168.68
                May 8, 2023 16:51:36.093449116 CEST44349790172.217.168.68192.168.2.6
                May 8, 2023 16:51:36.093987942 CEST44349790172.217.168.68192.168.2.6
                May 8, 2023 16:51:36.094481945 CEST49790443192.168.2.6172.217.168.68
                May 8, 2023 16:51:36.094599962 CEST44349790172.217.168.68192.168.2.6
                May 8, 2023 16:51:36.135207891 CEST49790443192.168.2.6172.217.168.68
                May 8, 2023 16:51:46.078438997 CEST44349790172.217.168.68192.168.2.6
                May 8, 2023 16:51:46.078581095 CEST44349790172.217.168.68192.168.2.6
                May 8, 2023 16:51:46.078691959 CEST49790443192.168.2.6172.217.168.68
                May 8, 2023 16:51:46.459585905 CEST49790443192.168.2.6172.217.168.68
                May 8, 2023 16:51:46.459656954 CEST44349790172.217.168.68192.168.2.6

                UDP Packets

                TimestampSource PortDest PortSource IPDest IP
                May 8, 2023 16:50:32.869354010 CEST5050653192.168.2.68.8.8.8
                May 8, 2023 16:50:32.874413013 CEST4944853192.168.2.68.8.8.8
                May 8, 2023 16:50:32.894115925 CEST53494488.8.8.8192.168.2.6
                May 8, 2023 16:50:32.898030996 CEST53505068.8.8.8192.168.2.6
                May 8, 2023 16:50:36.018121958 CEST6519853192.168.2.68.8.8.8
                May 8, 2023 16:50:36.020821095 CEST6291053192.168.2.68.8.8.8
                May 8, 2023 16:50:36.033209085 CEST53651988.8.8.8192.168.2.6
                May 8, 2023 16:50:36.172612906 CEST6322953192.168.2.68.8.8.8
                May 8, 2023 16:50:36.192825079 CEST53632298.8.8.8192.168.2.6
                May 8, 2023 16:50:36.375439882 CEST53629108.8.8.8192.168.2.6

                DNS Queries

                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                May 8, 2023 16:50:32.869354010 CEST192.168.2.68.8.8.80x8889Standard query (0)clients2.google.comA (IP address)IN (0x0001)false
                May 8, 2023 16:50:32.874413013 CEST192.168.2.68.8.8.80xeab5Standard query (0)accounts.google.comA (IP address)IN (0x0001)false
                May 8, 2023 16:50:36.018121958 CEST192.168.2.68.8.8.80x8a2Standard query (0)www.google.comA (IP address)IN (0x0001)false
                May 8, 2023 16:50:36.020821095 CEST192.168.2.68.8.8.80x5022Standard query (0)pkrhzxtlvs.scscollege.orgA (IP address)IN (0x0001)false
                May 8, 2023 16:50:36.172612906 CEST192.168.2.68.8.8.80x209dStandard query (0)www.google.comA (IP address)IN (0x0001)false

                DNS Answers

                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                May 8, 2023 16:50:32.894115925 CEST8.8.8.8192.168.2.60xeab5No error (0)accounts.google.com172.217.168.77A (IP address)IN (0x0001)false
                May 8, 2023 16:50:32.898030996 CEST8.8.8.8192.168.2.60x8889No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                May 8, 2023 16:50:32.898030996 CEST8.8.8.8192.168.2.60x8889No error (0)clients.l.google.com142.250.203.110A (IP address)IN (0x0001)false
                May 8, 2023 16:50:36.033209085 CEST8.8.8.8192.168.2.60x8a2No error (0)www.google.com172.217.168.68A (IP address)IN (0x0001)false
                May 8, 2023 16:50:36.192825079 CEST8.8.8.8192.168.2.60x209dNo error (0)www.google.com172.217.168.68A (IP address)IN (0x0001)false
                May 8, 2023 16:50:36.375439882 CEST8.8.8.8192.168.2.60x5022No error (0)pkrhzxtlvs.scscollege.org208.91.199.115A (IP address)IN (0x0001)false

                HTTP Request Dependency Graph

                • accounts.google.com
                • clients2.google.com
                • pkrhzxtlvs.scscollege.org
                • https:

                HTTPS Proxied Packets

                Session IDSource IPSource PortDestination IPDestination PortProcess
                0192.168.2.649710172.217.168.77443C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampkBytes transferredDirectionData
                2023-05-08 14:50:34 UTC0OUTPOST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1
                Host: accounts.google.com
                Connection: keep-alive
                Content-Length: 1
                Origin: https://www.google.com
                Content-Type: application/x-www-form-urlencoded
                Sec-Fetch-Site: none
                Sec-Fetch-Mode: no-cors
                Sec-Fetch-Dest: empty
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                Accept-Encoding: gzip, deflate, br
                Accept-Language: en-US,en;q=0.9
                Cookie: __Secure-ENID=6.SE=Md0Ynyf9ahpkx1CxTGF0vY434NJ6ymH-gDI2Tl5Ly-NQYGPjnNfggtiFRMAwx4JRDOC_gavEPcD5cTBJzUgtbJobmBEuJ8xi2UuotxvOZgApoqSIg1b0RP47U08XG8Bz_SExSzKy0ETSsajbToDlYyFsxfI93p7AyRAd-OeIBA0; CONSENT=PENDING+070
                2023-05-08 14:50:34 UTC0OUTData Raw: 20
                Data Ascii:
                2023-05-08 14:50:34 UTC2INHTTP/1.1 200 OK
                Content-Type: application/json; charset=utf-8
                Access-Control-Allow-Origin: https://www.google.com
                Access-Control-Allow-Credentials: true
                X-Content-Type-Options: nosniff
                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                Pragma: no-cache
                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                Date: Mon, 08 May 2023 14:50:34 GMT
                Strict-Transport-Security: max-age=31536000; includeSubDomains
                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
                Content-Security-Policy: script-src 'report-sample' 'nonce-ZVzS75M3to0ODPfNm1FdaQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self'
                Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist
                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport
                Cross-Origin-Opener-Policy: same-origin
                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                Server: ESF
                X-XSS-Protection: 0
                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                Accept-Ranges: none
                Vary: Accept-Encoding
                Connection: close
                Transfer-Encoding: chunked
                2023-05-08 14:50:34 UTC4INData Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a
                Data Ascii: 11["gaia.l.a.r",[]]
                2023-05-08 14:50:34 UTC4INData Raw: 30 0d 0a 0d 0a
                Data Ascii: 0


                Session IDSource IPSource PortDestination IPDestination PortProcess
                1192.168.2.649706142.250.203.110443C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampkBytes transferredDirectionData
                2023-05-08 14:50:34 UTC0OUTGET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1
                Host: clients2.google.com
                Connection: keep-alive
                X-Goog-Update-Interactivity: fg
                X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda
                X-Goog-Update-Updater: chromecrx-104.0.5112.81
                Sec-Fetch-Site: none
                Sec-Fetch-Mode: no-cors
                Sec-Fetch-Dest: empty
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                Accept-Encoding: gzip, deflate, br
                Accept-Language: en-US,en;q=0.9
                2023-05-08 14:50:34 UTC1INHTTP/1.1 200 OK
                Content-Security-Policy: script-src 'report-sample' 'nonce-u7_EXdDq-nDOQbxho6AJBA' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                Pragma: no-cache
                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                Date: Mon, 08 May 2023 14:50:34 GMT
                Content-Type: text/xml; charset=UTF-8
                X-Daynum: 5971
                X-Daystart: 28234
                X-Content-Type-Options: nosniff
                X-Frame-Options: SAMEORIGIN
                X-XSS-Protection: 1; mode=block
                Server: GSE
                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                Accept-Ranges: none
                Vary: Accept-Encoding
                Connection: close
                Transfer-Encoding: chunked
                2023-05-08 14:50:34 UTC2INData Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 35 39 37 31 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 32 38 32 33 34 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22
                Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="5971" elapsed_seconds="28234"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
                2023-05-08 14:50:34 UTC2INData Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a
                Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
                2023-05-08 14:50:34 UTC2INData Raw: 30 0d 0a 0d 0a
                Data Ascii: 0


                Session IDSource IPSource PortDestination IPDestination PortProcess
                10192.168.2.649728208.91.199.115443C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampkBytes transferredDirectionData
                2023-05-08 14:50:43 UTC39OUTGET /img/removebg-preview.png HTTP/1.1
                Host: pkrhzxtlvs.scscollege.org
                Connection: keep-alive
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                Accept: */*
                Sec-Fetch-Site: none
                Sec-Fetch-Mode: cors
                Sec-Fetch-Dest: empty
                Accept-Encoding: gzip, deflate, br
                Accept-Language: en-US,en;q=0.9
                Cookie: PHPSESSID=67a924757c35bf258ac7c1b1b92c879f
                2023-05-08 14:50:44 UTC39INHTTP/1.1 200 OK
                Date: Mon, 08 May 2023 14:50:43 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Wed, 22 Mar 2023 10:38:22 GMT
                Accept-Ranges: bytes
                Content-Length: 15598
                Content-Type: image/png
                2023-05-08 14:50:44 UTC40INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 b2 00 00 01 b4 08 06 00 00 00 57 2a a2 01 00 00 0c 4d 69 43 43 50 49 43 43 20 50 72 6f 66 69 6c 65 00 00 78 9c 95 97 07 5c 53 57 17 c0 ef 1b 99 24 ac 40 04 64 84 bd 44 91 19 40 46 08 2b 82 80 4c 41 54 42 12 48 18 31 26 04 11 37 52 aa 60 dd 22 0a 6a 45 ab 22 16 ad 56 40 dc b8 47 51 dc d6 51 d4 a2 a2 d4 e2 c0 85 ca 77 33 a0 d6 7e e3 f7 9d fc ee 7b ff 9c 7b ee b9 e7 9c dc 77 f3 2e 00 7a b5 7c 99 2c 1f d5 07 a0 40 5a 28 4f 88 0c 65 4d 48 4b 67 91 1e 03 04 7e f4 81 1f 40 f8 02 85 8c 13 1f 1f 03 a0 0c de ff 2e 6f ae 43 5b 28 57 dc 54 be fe d9 ff 5f c5 40 28 52 08 00 40 e2 21 67 09 15 82 02 c8 3f 03 80 97 0a 64 f2 42 00 88 6c a8 b7 9d 5e 28 53 71 06 64 23 39 0c 10 b2 4c c5 39 1a 2e 53 71 96 86 ab d5 36 49
                Data Ascii: PNGIHDRW*MiCCPICC Profilex\SW$@dD@F+LATBH1&7R`"jE"V@GQQw3~{{w.z|,@Z(OeMHKg~@.oC[(WT_@(R@!g?dBl^(Sqd#9L9.Sq6I
                2023-05-08 14:50:44 UTC49INData Raw: 1a 40 c0 27 c8 98 74 03 74 10 45 2c 4e 80 79 b5 b8 2e a7 c1 be 02 3e 41 e6 5b 36 cf 47 00 81 ab 02 84 18 23 02 01 87 37 db 20 c8 18 36 08 b8 0b f4 11 3c 7d 1c d3 bd 85 3c 13 81 61 05 9c c6 3f 41 36 6c 27 51 da 3c 05 42 bd 45 95 d3 24 9e 27 29 ad 5a b8 80 d5 9c f2 09 32 26 dd c2 47 1a cd ef 45 80 79 d5 0b 2b 07 9d b3 80 4f 90 cd d9 85 b6 21 d0 45 20 64 e8 38 fd 3b 4c 5d 2a c9 63 10 88 4c c0 7a 5e f9 04 99 75 61 91 61 52 5d 04 c6 10 60 5e 8d a1 4e 99 51 0b f8 04 59 d4 0d a7 f2 08 04 10 08 7d 16 45 88 05 e8 14 0e b1 3c 01 82 6c 79 7d 4e 8b a7 2d 40 98 4d bb 7f a8 5d bf 02 4e 8b 43 9f 20 63 c2 f5 db a1 1c 7d 79 02 cc a9 e5 f5 39 2d 0e 20 e0 13 64 01 8a e7 10 08 44 2d d0 47 f0 f4 71 cc a8 91 a9 3c 02 bb 04 5c 83 cc e9 f4 6f 57 65 f8 3e 02 08 20 80 c0 e2 05 34
                Data Ascii: @'ttE,Ny.>A[6G#7 6<}<a?A6l'Q<BE$')Z2&GEy+O!E d8;L]*cLz^uaaR]`^NQY}E<ly}N-@M]NC c}y9- dD-Gq<\oWe> 4


                Session IDSource IPSource PortDestination IPDestination PortProcess
                11192.168.2.649729208.91.199.115443C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampkBytes transferredDirectionData
                2023-05-08 14:50:43 UTC39OUTGET /captchaImageSource.php HTTP/1.1
                Host: pkrhzxtlvs.scscollege.org
                Connection: keep-alive
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                Accept: */*
                Sec-Fetch-Site: none
                Sec-Fetch-Mode: cors
                Sec-Fetch-Dest: empty
                Accept-Encoding: gzip, deflate, br
                Accept-Language: en-US,en;q=0.9
                Cookie: PHPSESSID=67a924757c35bf258ac7c1b1b92c879f
                2023-05-08 14:50:44 UTC47INHTTP/1.1 200 OK
                Date: Mon, 08 May 2023 14:50:43 GMT
                Server: Apache
                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                Cache-Control: no-store, no-cache, must-revalidate
                Pragma: no-cache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Vary: Accept-Encoding
                Transfer-Encoding: chunked
                Content-Type: image/jpeg
                2023-05-08 14:50:44 UTC48INData Raw: 34 64 32 0d 0a ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff fe 00 3e 43 52 45 41 54 4f 52 3a 20 67 64 2d 6a 70 65 67 20 76 31 2e 30 20 28 75 73 69 6e 67 20 49 4a 47 20 4a 50 45 47 20 76 36 32 29 2c 20 64 65 66 61 75 6c 74 20 71 75 61 6c 69 74 79 0a ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d 38 32 3c 2e 33 34 32 ff db 00 43 01 09 09 09 0c 0b 0c 18 0d 0d 18 32 21 1c 21 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 ff c0 00 11 08 00 1c 00 48 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01
                Data Ascii: 4d2JFIF``>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default qualityC $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222H"


                Session IDSource IPSource PortDestination IPDestination PortProcess
                2192.168.2.649714208.91.199.115443C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampkBytes transferredDirectionData
                2023-05-08 14:50:36 UTC4OUTGET /?dshhef7dyi-7c17jao-xt77v0w0o-qaglkg6oqgym5fffr1d51yfx11tqo0aczuqkhl6vwlimlntj-kn5c1~7v70x5thdvj7c1r1~56f38w80yeuur2e~myjmfimjgczyryf10fucpv~p0j241ano0rhvac-qzvpmr6b6kkd0xqdcikn5h-0xfvpwdyu9~062zk0tklf~vbjbpqf~p4mtkgudniqu01qy8mntriuy9cfvhcd-2-xov9j7c1sd-2shqdrvjte8rl0n7bj8myx79rjtx6w8c6hrruf9k1suacaxma0kc-huo3t4p31t0uzu3llizpbpxat3w7qvajx9yxo23u32v4t1ju-0au-4pm15pgw0f123y09rg7-v25bw7mkndt~3aa8f8mo-bpg-9tv7enovx013t17dqlxwapfe4yw18v23ksgo54ysett0k4aqxsutj5-5yz~upoxhcry3v9tvuu6evg6n0oxzhr55ng6otqvh~33id63esxp30~-hrwrrjubs6565g3-k2iucun085yf7tpbc6nhfuylze9-51xvd8070bt-i6munyirhyuo7lwbhk0y1-y7emsq6qbpfhyeghukzbtzizqkcb6niwnhjsj0s~5~~dta42odpz4j1xtlfjd0yksq6e-8e6a2bip7w6xkcswynrka-vv0meod4ypnio7rsa6nvpgb1diulznmdl3htq4341bo~ldqypza~16btlefrzje6w8cadgndkp~n0uep~wno30toq~lcjds=value&url=memindustries.com/host/hjlwehjwhnkewhj/Y2VsbGlvdHRAd2lja2Vyc21pdGguY29t HTTP/1.1
                Host: pkrhzxtlvs.scscollege.org
                Connection: keep-alive
                sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"
                sec-ch-ua-mobile: ?0
                sec-ch-ua-platform: "Windows"
                Upgrade-Insecure-Requests: 1
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                Sec-Fetch-Site: none
                Sec-Fetch-Mode: navigate
                Sec-Fetch-User: ?1
                Sec-Fetch-Dest: document
                Accept-Encoding: gzip, deflate, br
                Accept-Language: en-US,en;q=0.9
                2023-05-08 14:50:37 UTC5INHTTP/1.1 200 OK
                Date: Mon, 08 May 2023 14:50:36 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Vary: Accept-Encoding
                Transfer-Encoding: chunked
                Content-Type: text/html; charset=UTF-8
                2023-05-08 14:50:37 UTC6INData Raw: 34 33 64 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 56 65 72 69 66 79 20 48 75 6d 61 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 3f 76 3d 33 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 69 76 2d 6d 61 69 6e 22 3e 0a 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 69 6d 61 67 65 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 69 6d 67 2f 72 65 6d 6f 76 65 62 67 2d 70 72 65 76 69 65 77 2e 70 6e 67 22 20 61 6c 74 3d 22 22 3e 0a 20 20 20 20 20 20
                Data Ascii: 43d<html><head><title>Verify Human</title><link href="assets/css/style.css?v=3" type="text/css" rel="stylesheet" /></head><body> <div class="div-main"> <div class="image"> <img src="img/removebg-preview.png" alt="">


                Session IDSource IPSource PortDestination IPDestination PortProcess
                3192.168.2.649716208.91.199.115443C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampkBytes transferredDirectionData
                2023-05-08 14:50:37 UTC7OUTGET /assets/css/style.css?v=3 HTTP/1.1
                Host: pkrhzxtlvs.scscollege.org
                Connection: keep-alive
                sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"
                sec-ch-ua-mobile: ?0
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                sec-ch-ua-platform: "Windows"
                Accept: text/css,*/*;q=0.1
                Sec-Fetch-Site: same-origin
                Sec-Fetch-Mode: no-cors
                Sec-Fetch-Dest: style
                Referer: https://pkrhzxtlvs.scscollege.org/?dshhef7dyi-7c17jao-xt77v0w0o-qaglkg6oqgym5fffr1d51yfx11tqo0aczuqkhl6vwlimlntj-kn5c1~7v70x5thdvj7c1r1~56f38w80yeuur2e~myjmfimjgczyryf10fucpv~p0j241ano0rhvac-qzvpmr6b6kkd0xqdcikn5h-0xfvpwdyu9~062zk0tklf~vbjbpqf~p4mtkgudniqu01qy8mntriuy9cfvhcd-2-xov9j7c1sd-2shqdrvjte8rl0n7bj8myx79rjtx6w8c6hrruf9k1suacaxma0kc-huo3t4p31t0uzu3llizpbpxat3w7qvajx9yxo23u32v4t1ju-0au-4pm15pgw0f123y09rg7-v25bw7mkndt~3aa8f8mo-bpg-9tv7enovx013t17dqlxwapfe4yw18v23ksgo54ysett0k4aqxsutj5-5yz~upoxhcry3v9tvuu6evg6n0oxzhr55ng6otqvh~33id63esxp30~-hrwrrjubs6565g3-k2iucun085yf7tpbc6nhfuylze9-51xvd8070bt-i6munyirhyuo7lwbhk0y1-y7emsq6qbpfhyeghukzbtzizqkcb6niwnhjsj0s~5~~dta42odpz4j1xtlfjd0yksq6e-8e6a2bip7w6xkcswynrka-vv0meod4ypnio7rsa6nvpgb1diulznmdl3htq4341bo~ldqypza~16btlefrzje6w8cadgndkp~n0uep~wno30toq~lcjds=value&url=memindustries.com/host/hjlwehjwhnkewhj/Y2VsbGlvdHRAd2lja2Vyc21pdGguY29t
                Accept-Encoding: gzip, deflate, br
                Accept-Language: en-US,en;q=0.9
                2023-05-08 14:50:37 UTC10INHTTP/1.1 200 OK
                Date: Mon, 08 May 2023 14:50:37 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Wed, 22 Mar 2023 10:42:44 GMT
                Accept-Ranges: bytes
                Content-Length: 1064
                Vary: Accept-Encoding
                Content-Type: text/css
                2023-05-08 14:50:37 UTC10INData Raw: 62 6f 64 79 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 61 72 69 61 6c 3b 0a 20 20 20 20 6d 61 78 2d 77 69 64 74 68 3a 20 36 31 30 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 35 65 6d 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 33 32 33 32 33 3b 0a 7d 0a 2e 64 65 6d 6f 2d 65 72 72 6f 72 20 7b 0a 20 20 20 20 63 6f 6c 6f 72 3a 23 46 46 30 30 30 30 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 35 65 6d 3b 0a 7d 0a 2e 64 65 6d 6f 2d 69 6e 70 75 74 20 7b 0a 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 70 78 3b 0a 20 20 20 20 62 6f 72 64 65 72 3a 20 23 43 43 43 20 31 70 78 20 73 6f 6c 69 64 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 32 70
                Data Ascii: body { font-family: arial; max-width: 610px; font-size: 0.95em; color: #232323;}.demo-error { color:#FF0000; font-size: 0.95em;}.demo-input { width: 100%; border-radius: 5px; border: #CCC 1px solid; padding: 12p


                Session IDSource IPSource PortDestination IPDestination PortProcess
                4192.168.2.649717208.91.199.115443C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampkBytes transferredDirectionData
                2023-05-08 14:50:37 UTC8OUTGET /img/removebg-preview.png HTTP/1.1
                Host: pkrhzxtlvs.scscollege.org
                Connection: keep-alive
                sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"
                sec-ch-ua-mobile: ?0
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                sec-ch-ua-platform: "Windows"
                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                Sec-Fetch-Site: same-origin
                Sec-Fetch-Mode: no-cors
                Sec-Fetch-Dest: image
                Referer: https://pkrhzxtlvs.scscollege.org/?dshhef7dyi-7c17jao-xt77v0w0o-qaglkg6oqgym5fffr1d51yfx11tqo0aczuqkhl6vwlimlntj-kn5c1~7v70x5thdvj7c1r1~56f38w80yeuur2e~myjmfimjgczyryf10fucpv~p0j241ano0rhvac-qzvpmr6b6kkd0xqdcikn5h-0xfvpwdyu9~062zk0tklf~vbjbpqf~p4mtkgudniqu01qy8mntriuy9cfvhcd-2-xov9j7c1sd-2shqdrvjte8rl0n7bj8myx79rjtx6w8c6hrruf9k1suacaxma0kc-huo3t4p31t0uzu3llizpbpxat3w7qvajx9yxo23u32v4t1ju-0au-4pm15pgw0f123y09rg7-v25bw7mkndt~3aa8f8mo-bpg-9tv7enovx013t17dqlxwapfe4yw18v23ksgo54ysett0k4aqxsutj5-5yz~upoxhcry3v9tvuu6evg6n0oxzhr55ng6otqvh~33id63esxp30~-hrwrrjubs6565g3-k2iucun085yf7tpbc6nhfuylze9-51xvd8070bt-i6munyirhyuo7lwbhk0y1-y7emsq6qbpfhyeghukzbtzizqkcb6niwnhjsj0s~5~~dta42odpz4j1xtlfjd0yksq6e-8e6a2bip7w6xkcswynrka-vv0meod4ypnio7rsa6nvpgb1diulznmdl3htq4341bo~ldqypza~16btlefrzje6w8cadgndkp~n0uep~wno30toq~lcjds=value&url=memindustries.com/host/hjlwehjwhnkewhj/Y2VsbGlvdHRAd2lja2Vyc21pdGguY29t
                Accept-Encoding: gzip, deflate, br
                Accept-Language: en-US,en;q=0.9
                2023-05-08 14:50:37 UTC11INHTTP/1.1 200 OK
                Date: Mon, 08 May 2023 14:50:37 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Wed, 22 Mar 2023 10:38:22 GMT
                Accept-Ranges: bytes
                Content-Length: 15598
                Content-Type: image/png
                2023-05-08 14:50:37 UTC11INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 b2 00 00 01 b4 08 06 00 00 00 57 2a a2 01 00 00 0c 4d 69 43 43 50 49 43 43 20 50 72 6f 66 69 6c 65 00 00 78 9c 95 97 07 5c 53 57 17 c0 ef 1b 99 24 ac 40 04 64 84 bd 44 91 19 40 46 08 2b 82 80 4c 41 54 42 12 48 18 31 26 04 11 37 52 aa 60 dd 22 0a 6a 45 ab 22 16 ad 56 40 dc b8 47 51 dc d6 51 d4 a2 a2 d4 e2 c0 85 ca 77 33 a0 d6 7e e3 f7 9d fc ee 7b ff 9c 7b ee b9 e7 9c dc 77 f3 2e 00 7a b5 7c 99 2c 1f d5 07 a0 40 5a 28 4f 88 0c 65 4d 48 4b 67 91 1e 03 04 7e f4 81 1f 40 f8 02 85 8c 13 1f 1f 03 a0 0c de ff 2e 6f ae 43 5b 28 57 dc 54 be fe d9 ff 5f c5 40 28 52 08 00 40 e2 21 67 09 15 82 02 c8 3f 03 80 97 0a 64 f2 42 00 88 6c a8 b7 9d 5e 28 53 71 06 64 23 39 0c 10 b2 4c c5 39 1a 2e 53 71 96 86 ab d5 36 49
                Data Ascii: PNGIHDRW*MiCCPICC Profilex\SW$@dD@F+LATBH1&7R`"jE"V@GQQw3~{{w.z|,@Z(OeMHKg~@.oC[(WT_@(R@!g?dBl^(Sqd#9L9.Sq6I
                2023-05-08 14:50:38 UTC19INData Raw: 1a 40 c0 27 c8 98 74 03 74 10 45 2c 4e 80 79 b5 b8 2e a7 c1 be 02 3e 41 e6 5b 36 cf 47 00 81 ab 02 84 18 23 02 01 87 37 db 20 c8 18 36 08 b8 0b f4 11 3c 7d 1c d3 bd 85 3c 13 81 61 05 9c c6 3f 41 36 6c 27 51 da 3c 05 42 bd 45 95 d3 24 9e 27 29 ad 5a b8 80 d5 9c f2 09 32 26 dd c2 47 1a cd ef 45 80 79 d5 0b 2b 07 9d b3 80 4f 90 cd d9 85 b6 21 d0 45 20 64 e8 38 fd 3b 4c 5d 2a c9 63 10 88 4c c0 7a 5e f9 04 99 75 61 91 61 52 5d 04 c6 10 60 5e 8d a1 4e 99 51 0b f8 04 59 d4 0d a7 f2 08 04 10 08 7d 16 45 88 05 e8 14 0e b1 3c 01 82 6c 79 7d 4e 8b a7 2d 40 98 4d bb 7f a8 5d bf 02 4e 8b 43 9f 20 63 c2 f5 db a1 1c 7d 79 02 cc a9 e5 f5 39 2d 0e 20 e0 13 64 01 8a e7 10 08 44 2d d0 47 f0 f4 71 cc a8 91 a9 3c 02 bb 04 5c 83 cc e9 f4 6f 57 65 f8 3e 02 08 20 80 c0 e2 05 34
                Data Ascii: @'ttE,Ny.>A[6G#7 6<}<a?A6l'Q<BE$')Z2&GEy+O!E d8;L]*cLz^uaaR]`^NQY}E<ly}N-@M]NC c}y9- dD-Gq<\oWe> 4


                Session IDSource IPSource PortDestination IPDestination PortProcess
                5192.168.2.649719208.91.199.115443C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampkBytes transferredDirectionData
                2023-05-08 14:50:38 UTC26OUTGET /captchaImageSource.php HTTP/1.1
                Host: pkrhzxtlvs.scscollege.org
                Connection: keep-alive
                sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"
                sec-ch-ua-mobile: ?0
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                sec-ch-ua-platform: "Windows"
                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                Sec-Fetch-Site: same-origin
                Sec-Fetch-Mode: no-cors
                Sec-Fetch-Dest: image
                Referer: https://pkrhzxtlvs.scscollege.org/assets/css/style.css?v=3
                Accept-Encoding: gzip, deflate, br
                Accept-Language: en-US,en;q=0.9
                2023-05-08 14:50:38 UTC27INHTTP/1.1 200 OK
                Date: Mon, 08 May 2023 14:50:38 GMT
                Server: Apache
                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                Cache-Control: no-store, no-cache, must-revalidate
                Pragma: no-cache
                Set-Cookie: PHPSESSID=67a924757c35bf258ac7c1b1b92c879f; path=/
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Vary: Accept-Encoding
                Transfer-Encoding: chunked
                Content-Type: image/jpeg
                2023-05-08 14:50:38 UTC27INData Raw: 34 63 35 0d 0a ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff fe 00 3e 43 52 45 41 54 4f 52 3a 20 67 64 2d 6a 70 65 67 20 76 31 2e 30 20 28 75 73 69 6e 67 20 49 4a 47 20 4a 50 45 47 20 76 36 32 29 2c 20 64 65 66 61 75 6c 74 20 71 75 61 6c 69 74 79 0a ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d 38 32 3c 2e 33 34 32 ff db 00 43 01 09 09 09 0c 0b 0c 18 0d 0d 18 32 21 1c 21 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 ff c0 00 11 08 00 1c 00 48 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01
                Data Ascii: 4c5JFIF``>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default qualityC $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222H"


                Session IDSource IPSource PortDestination IPDestination PortProcess
                6192.168.2.649720208.91.199.115443C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampkBytes transferredDirectionData
                2023-05-08 14:50:38 UTC28OUTGET /?dshhef7dyi-7c17jao-xt77v0w0o-qaglkg6oqgym5fffr1d51yfx11tqo0aczuqkhl6vwlimlntj-kn5c1~7v70x5thdvj7c1r1~56f38w80yeuur2e~myjmfimjgczyryf10fucpv~p0j241ano0rhvac-qzvpmr6b6kkd0xqdcikn5h-0xfvpwdyu9~062zk0tklf~vbjbpqf~p4mtkgudniqu01qy8mntriuy9cfvhcd-2-xov9j7c1sd-2shqdrvjte8rl0n7bj8myx79rjtx6w8c6hrruf9k1suacaxma0kc-huo3t4p31t0uzu3llizpbpxat3w7qvajx9yxo23u32v4t1ju-0au-4pm15pgw0f123y09rg7-v25bw7mkndt~3aa8f8mo-bpg-9tv7enovx013t17dqlxwapfe4yw18v23ksgo54ysett0k4aqxsutj5-5yz~upoxhcry3v9tvuu6evg6n0oxzhr55ng6otqvh~33id63esxp30~-hrwrrjubs6565g3-k2iucun085yf7tpbc6nhfuylze9-51xvd8070bt-i6munyirhyuo7lwbhk0y1-y7emsq6qbpfhyeghukzbtzizqkcb6niwnhjsj0s~5~~dta42odpz4j1xtlfjd0yksq6e-8e6a2bip7w6xkcswynrka-vv0meod4ypnio7rsa6nvpgb1diulznmdl3htq4341bo~ldqypza~16btlefrzje6w8cadgndkp~n0uep~wno30toq~lcjds=value&url=memindustries.com/host/hjlwehjwhnkewhj/Y2VsbGlvdHRAd2lja2Vyc21pdGguY29t HTTP/1.1
                Host: pkrhzxtlvs.scscollege.org
                Connection: keep-alive
                Cache-Control: max-age=0
                sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"
                sec-ch-ua-mobile: ?0
                sec-ch-ua-platform: "Windows"
                Upgrade-Insecure-Requests: 1
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                Sec-Fetch-Site: same-origin
                Sec-Fetch-Mode: navigate
                Sec-Fetch-Dest: document
                Referer: https://pkrhzxtlvs.scscollege.org/?dshhef7dyi-7c17jao-xt77v0w0o-qaglkg6oqgym5fffr1d51yfx11tqo0aczuqkhl6vwlimlntj-kn5c1~7v70x5thdvj7c1r1~56f38w80yeuur2e~myjmfimjgczyryf10fucpv~p0j241ano0rhvac-qzvpmr6b6kkd0xqdcikn5h-0xfvpwdyu9~062zk0tklf~vbjbpqf~p4mtkgudniqu01qy8mntriuy9cfvhcd-2-xov9j7c1sd-2shqdrvjte8rl0n7bj8myx79rjtx6w8c6hrruf9k1suacaxma0kc-huo3t4p31t0uzu3llizpbpxat3w7qvajx9yxo23u32v4t1ju-0au-4pm15pgw0f123y09rg7-v25bw7mkndt~3aa8f8mo-bpg-9tv7enovx013t17dqlxwapfe4yw18v23ksgo54ysett0k4aqxsutj5-5yz~upoxhcry3v9tvuu6evg6n0oxzhr55ng6otqvh~33id63esxp30~-hrwrrjubs6565g3-k2iucun085yf7tpbc6nhfuylze9-51xvd8070bt-i6munyirhyuo7lwbhk0y1-y7emsq6qbpfhyeghukzbtzizqkcb6niwnhjsj0s~5~~dta42odpz4j1xtlfjd0yksq6e-8e6a2bip7w6xkcswynrka-vv0meod4ypnio7rsa6nvpgb1diulznmdl3htq4341bo~ldqypza~16btlefrzje6w8cadgndkp~n0uep~wno30toq~lcjds=value&url=memindustries.com/host/hjlwehjwhnkewhj/Y2VsbGlvdHRAd2lja2Vyc21pdGguY29t
                Accept-Encoding: gzip, deflate, br
                Accept-Language: en-US,en;q=0.9
                2023-05-08 14:50:39 UTC31INHTTP/1.1 200 OK
                Date: Mon, 08 May 2023 14:50:39 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Vary: Accept-Encoding
                Transfer-Encoding: chunked
                Content-Type: text/html; charset=UTF-8
                2023-05-08 14:50:39 UTC31INData Raw: 34 33 64 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 56 65 72 69 66 79 20 48 75 6d 61 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 3f 76 3d 33 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 69 76 2d 6d 61 69 6e 22 3e 0a 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 69 6d 61 67 65 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 69 6d 67 2f 72 65 6d 6f 76 65 62 67 2d 70 72 65 76 69 65 77 2e 70 6e 67 22 20 61 6c 74 3d 22 22 3e 0a 20 20 20 20 20 20
                Data Ascii: 43d<html><head><title>Verify Human</title><link href="assets/css/style.css?v=3" type="text/css" rel="stylesheet" /></head><body> <div class="div-main"> <div class="image"> <img src="img/removebg-preview.png" alt="">


                Session IDSource IPSource PortDestination IPDestination PortProcess
                7192.168.2.649721208.91.199.115443C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampkBytes transferredDirectionData
                2023-05-08 14:50:39 UTC32OUTGET /captchaImageSource.php HTTP/1.1
                Host: pkrhzxtlvs.scscollege.org
                Connection: keep-alive
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                Accept: */*
                Sec-Fetch-Site: none
                Sec-Fetch-Mode: cors
                Sec-Fetch-Dest: empty
                Accept-Encoding: gzip, deflate, br
                Accept-Language: en-US,en;q=0.9
                Cookie: PHPSESSID=67a924757c35bf258ac7c1b1b92c879f
                2023-05-08 14:50:39 UTC33INHTTP/1.1 200 OK
                Date: Mon, 08 May 2023 14:50:39 GMT
                Server: Apache
                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                Cache-Control: no-store, no-cache, must-revalidate
                Pragma: no-cache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Vary: Accept-Encoding
                Transfer-Encoding: chunked
                Content-Type: image/jpeg
                2023-05-08 14:50:39 UTC33INData Raw: 34 62 35 0d 0a ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff fe 00 3e 43 52 45 41 54 4f 52 3a 20 67 64 2d 6a 70 65 67 20 76 31 2e 30 20 28 75 73 69 6e 67 20 49 4a 47 20 4a 50 45 47 20 76 36 32 29 2c 20 64 65 66 61 75 6c 74 20 71 75 61 6c 69 74 79 0a ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d 38 32 3c 2e 33 34 32 ff db 00 43 01 09 09 09 0c 0b 0c 18 0d 0d 18 32 21 1c 21 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 ff c0 00 11 08 00 1c 00 48 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01
                Data Ascii: 4b5JFIF``>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default qualityC $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222H"


                Session IDSource IPSource PortDestination IPDestination PortProcess
                8192.168.2.649726208.91.199.115443C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampkBytes transferredDirectionData
                2023-05-08 14:50:42 UTC34OUTGET /captchaImageSource.php HTTP/1.1
                Host: pkrhzxtlvs.scscollege.org
                Connection: keep-alive
                sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"
                sec-ch-ua-mobile: ?0
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                sec-ch-ua-platform: "Windows"
                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                Sec-Fetch-Site: same-origin
                Sec-Fetch-Mode: no-cors
                Sec-Fetch-Dest: image
                Referer: https://pkrhzxtlvs.scscollege.org/assets/css/style.css?v=3
                Accept-Encoding: gzip, deflate, br
                Accept-Language: en-US,en;q=0.9
                Cookie: PHPSESSID=67a924757c35bf258ac7c1b1b92c879f
                2023-05-08 14:50:42 UTC35INHTTP/1.1 200 OK
                Date: Mon, 08 May 2023 14:50:42 GMT
                Server: Apache
                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                Cache-Control: no-store, no-cache, must-revalidate
                Pragma: no-cache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Vary: Accept-Encoding
                Transfer-Encoding: chunked
                Content-Type: image/jpeg
                2023-05-08 14:50:42 UTC35INData Raw: 34 63 66 0d 0a ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff fe 00 3e 43 52 45 41 54 4f 52 3a 20 67 64 2d 6a 70 65 67 20 76 31 2e 30 20 28 75 73 69 6e 67 20 49 4a 47 20 4a 50 45 47 20 76 36 32 29 2c 20 64 65 66 61 75 6c 74 20 71 75 61 6c 69 74 79 0a ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d 38 32 3c 2e 33 34 32 ff db 00 43 01 09 09 09 0c 0b 0c 18 0d 0d 18 32 21 1c 21 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 ff c0 00 11 08 00 1c 00 48 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01
                Data Ascii: 4cfJFIF``>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default qualityC $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222H"


                Session IDSource IPSource PortDestination IPDestination PortProcess
                9192.168.2.649727208.91.199.115443C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampkBytes transferredDirectionData
                2023-05-08 14:50:43 UTC36OUTGET /favicon.ico HTTP/1.1
                Host: pkrhzxtlvs.scscollege.org
                Connection: keep-alive
                sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"
                sec-ch-ua-mobile: ?0
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                sec-ch-ua-platform: "Windows"
                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                Sec-Fetch-Site: same-origin
                Sec-Fetch-Mode: no-cors
                Sec-Fetch-Dest: image
                Referer: https://pkrhzxtlvs.scscollege.org/?dshhef7dyi-7c17jao-xt77v0w0o-qaglkg6oqgym5fffr1d51yfx11tqo0aczuqkhl6vwlimlntj-kn5c1~7v70x5thdvj7c1r1~56f38w80yeuur2e~myjmfimjgczyryf10fucpv~p0j241ano0rhvac-qzvpmr6b6kkd0xqdcikn5h-0xfvpwdyu9~062zk0tklf~vbjbpqf~p4mtkgudniqu01qy8mntriuy9cfvhcd-2-xov9j7c1sd-2shqdrvjte8rl0n7bj8myx79rjtx6w8c6hrruf9k1suacaxma0kc-huo3t4p31t0uzu3llizpbpxat3w7qvajx9yxo23u32v4t1ju-0au-4pm15pgw0f123y09rg7-v25bw7mkndt~3aa8f8mo-bpg-9tv7enovx013t17dqlxwapfe4yw18v23ksgo54ysett0k4aqxsutj5-5yz~upoxhcry3v9tvuu6evg6n0oxzhr55ng6otqvh~33id63esxp30~-hrwrrjubs6565g3-k2iucun085yf7tpbc6nhfuylze9-51xvd8070bt-i6munyirhyuo7lwbhk0y1-y7emsq6qbpfhyeghukzbtzizqkcb6niwnhjsj0s~5~~dta42odpz4j1xtlfjd0yksq6e-8e6a2bip7w6xkcswynrka-vv0meod4ypnio7rsa6nvpgb1diulznmdl3htq4341bo~ldqypza~16btlefrzje6w8cadgndkp~n0uep~wno30toq~lcjds=value&url=memindustries.com/host/hjlwehjwhnkewhj/Y2VsbGlvdHRAd2lja2Vyc21pdGguY29t
                Accept-Encoding: gzip, deflate, br
                Accept-Language: en-US,en;q=0.9
                Cookie: PHPSESSID=67a924757c35bf258ac7c1b1b92c879f
                2023-05-08 14:50:43 UTC38INHTTP/1.1 404 Not Found
                Date: Mon, 08 May 2023 14:50:43 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 22:06:30 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2023-05-08 14:50:43 UTC38INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Statistics

                CPU Usage

                Click to jump to process

                Memory Usage

                Click to jump to process

                High Level Behavior Distribution

                Click to dive into process behavior distribution

                Behavior

                Click to jump to process

                System Behavior

                General

                Target ID:0
                Start time:16:50:29
                Start date:08/05/2023
                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                Wow64 process (32bit):false
                Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
                Imagebase:0x7ff6f9750000
                File size:2851656 bytes
                MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low

                General

                Target ID:1
                Start time:16:50:30
                Start date:08/05/2023
                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                Wow64 process (32bit):false
                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1824 --field-trial-handle=1876,i,16106273996891167105,15087393848206195252,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
                Imagebase:0x7ff6f9750000
                File size:2851656 bytes
                MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low

                General

                Target ID:2
                Start time:16:50:33
                Start date:08/05/2023
                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                Wow64 process (32bit):false
                Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" "https://pkrhzxtlvs.scscollege.org/?dshhef7dyi-7c17jao-xt77v0w0o-qaglkg6oqgym5fffr1d51yfx11tqo0aczuqkhl6vwlimlntj-kn5c1~7v70x5thdvj7c1r1~56f38w80yeuur2e~myjmfimjgczyryf10fucpv~p0j241ano0rhvac-qzvpmr6b6kkd0xqdcikn5h-0xfvpwdyu9~062zk0tklf~vbjbpqf~p4mtkgudniqu01qy8mntriuy9cfvhcd-2-xov9j7c1sd-2shqdrvjte8rl0n7bj8myx79rjtx6w8c6hrruf9k1suacaxma0kc-huo3t4p31t0uzu3llizpbpxat3w7qvajx9yxo23u32v4t1ju-0au-4pm15pgw0f123y09rg7-v25bw7mkndt~3aa8f8mo-bpg-9tv7enovx013t17dqlxwapfe4yw18v23ksgo54ysett0k4aqxsutj5-5yz~upoxhcry3v9tvuu6evg6n0oxzhr55ng6otqvh~33id63esxp30~-hrwrrjubs6565g3-k2iucun085yf7tpbc6nhfuylze9-51xvd8070bt-i6munyirhyuo7lwbhk0y1-y7emsq6qbpfhyeghukzbtzizqkcb6niwnhjsj0s~5~~dta42odpz4j1xtlfjd0yksq6e-8e6a2bip7w6xkcswynrka-vv0meod4ypnio7rsa6nvpgb1diulznmdl3htq4341bo~ldqypza~16btlefrzje6w8cadgndkp~n0uep~wno30toq~lcjds=value&url=memindustries.com/host/hjlwehjwhnkewhj/Y2VsbGlvdHRAd2lja2Vyc21pdGguY29t
                Imagebase:0x7ff6f9750000
                File size:2851656 bytes
                MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low

                Disassembly

                No disassembly