Edit tour

Windows Analysis Report
https://www.google.com/url?rct=j&sa=t&url=https://yavkus.online/296550-holly-willoughby-and-andrea-mclean-just-wore-matching-high-street-outfits-you-magazine&ct=ga&cd=CAEYACoTNjEzMzgzNzU3NTU4NDczNjY4MzIcODJmMWUyMjYyZWEyMjcxNDpjby51azplbjpHQg&usg=AOvVaw0yADjsZb33GgkW_ktbQIFH

Overview

General Information

Sample URL:	https://www.google.com/url?rct=j&sa=t&url=https://yavkus.online/296550-holly-willoughby-and-andrea-mclean-just-wore-matching-high-street-outfits-you-magazine&ct=ga&cd=CAEYACoTNjEzMzgzNzU3NTU4NDczNjY4M
Analysis ID:	862246
Infos:

Detection

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for domain / URL

Antivirus detection for URL or domain

HTML page is missing a favicon

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5320 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 1836 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1920 --field-trial-handle=1612,i,355552224743655179,4262690051431891824,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 4852 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.google.com/url?rct=j&sa=t&url=https://yavkus.online/296550-holly-willoughby-and-andrea-mclean-just-wore-matching-high-street-outfits-you-magazine&ct=ga&cd=CAEYACoTNjEzMzgzNzU3NTU4NDczNjY4MzIcODJmMWUyMjYyZWEyMjcxNDpjby51azplbjpHQg&usg=AOvVaw0yADjsZb33GgkW_ktbQIFH MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

cleanup

Joe Sandbox Signatures

• AV Detection
• Phishing
• Compliance
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://www.google.com/url?rct=j&sa=t&url=https://yavkus.online/296550-holly-willoughby-and-andrea-mclean-just-wore-matching-high-street-outfits-you-magazine&ct=ga&cd=CAEYACoTNjEzMzgzNzU3NTU4NDczNjY4MzIcODJmMWUyMjYyZWEyMjcxNDpjby51azplbjpHQg&usg=AOvVaw0yADjsZb33GgkW_ktbQIFH

SlashNext: detection malicious, Label: Rogue Software type: Phishing & Social Engineering

Multi AV Scanner detection for domain / URL

Source: https://www.highrevenuegate.com/favicon.ico	Virustotal: Detection: 7%			Perma Link
Source: https://www.highrevenuegate.com/ij6sk7s1?key=55f17a9fee68ea1b6f4ccfa2d96ecf6e	Virustotal: Detection: 11%			Perma Link

Antivirus detection for URL or domain

Source: https://www.highrevenuegate.com/favicon.ico

Avira URL Cloud: Label: malware

Source: https://www.highrevenuegate.com/ij6sk7s1?key=55f17a9fee68ea1b6f4ccfa2d96ecf6e	HTTP Parser: No favicon
Source: https://www.highrevenuegate.com/ij6sk7s1?key=55f17a9fee68ea1b6f4ccfa2d96ecf6e	HTTP Parser: No favicon
Source: https://practicallyfire.com/zhwawric6?key=e88e0e88f8c3848121a42c50d479d708	HTTP Parser: No favicon
Source: https://practicallyfire.com/zhwawric6?key=e88e0e88f8c3848121a42c50d479d708	HTTP Parser: No favicon

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\GoogleUpdater

Jump to behavior

Source: unknown

DNS traffic detected: queries for: accounts.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-104.0.5112.81Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /url?rct=j&sa=t&url=https://yavkus.online/296550-holly-willoughby-and-andrea-mclean-just-wore-matching-high-street-outfits-you-magazine&ct=ga&cd=CAEYACoTNjEzMzgzNzU3NTU4NDczNjY4MzIcODJmMWUyMjYyZWEyMjcxNDpjby51azplbjpHQg&usg=AOvVaw0yADjsZb33GgkW_ktbQIFH HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9X-Client-Data: CI22yQEIpbbJAQjBtskBCKmdygEI0e3KAQiSocsBCPyqzAEIvLzMAQjHvMwBCOfAzAEIm8HMAQiywcwBCMTBzAEI18HMAQjZxMwBCMrGzAEInMnMAQjjy8wBSec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CONSENT=PENDING+904; SOCS=CAISHAgCEhJnd3NfMjAyMjA4MDgtMF9SQzEaAmVuIAEaBgiAvOuXBg
Source: global traffic	HTTP traffic detected: GET /296550-holly-willoughby-and-andrea-mclean-just-wore-matching-high-street-outfits-you-magazine HTTP/1.1Host: yavkus.onlineConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ij6sk7s1?key=55f17a9fee68ea1b6f4ccfa2d96ecf6e HTTP/1.1Host: www.highrevenuegate.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://yavkus.online/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.highrevenuegate.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-full-version: "104.0.5112.81"sec-ch-ua-platform-version: "6.0.0"sec-ch-ua-full-version-list: "Chromium";v="104.0.5112.81", " Not A;Brand";v="99.0.0.0", "Google Chrome";v="104.0.5112.81"sec-ch-ua-model: sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.highrevenuegate.com/ij6sk7s1?key=55f17a9fee68ea1b6f4ccfa2d96ecf6eAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl=18974811
Source: global traffic	HTTP traffic detected: GET /ij6sk7s1?key=55f17a9fee68ea1b6f4ccfa2d96ecf6e HTTP/1.1Host: www.highrevenuegate.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "104.0.5112.81"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "6.0.0"sec-ch-ua-model: ""sec-ch-ua-full-version-list: "Chromium";v="104.0.5112.81", " Not A;Brand";v="99.0.0.0", "Google Chrome";v="104.0.5112.81"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://www.highrevenuegate.com/ij6sk7s1?key=55f17a9fee68ea1b6f4ccfa2d96ecf6eAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl=18974811
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.highrevenuegate.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-full-version: "104.0.5112.81"sec-ch-ua-platform-version: "6.0.0"sec-ch-ua-full-version-list: "Chromium";v="104.0.5112.81", " Not A;Brand";v="99.0.0.0", "Google Chrome";v="104.0.5112.81"sec-ch-ua-model: sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.highrevenuegate.com/ij6sk7s1?key=55f17a9fee68ea1b6f4ccfa2d96ecf6eAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl=18974811
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.highrevenuegate.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl=18974811
Source: global traffic	HTTP traffic detected: GET /zhwawric6?key=e88e0e88f8c3848121a42c50d479d708 HTTP/1.1Host: practicallyfire.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: practicallyfire.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-full-version: "104.0.5112.81"sec-ch-ua-platform-version: "6.0.0"sec-ch-ua-full-version-list: "Chromium";v="104.0.5112.81", " Not A;Brand";v="99.0.0.0", "Google Chrome";v="104.0.5112.81"sec-ch-ua-model: sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://practicallyfire.com/zhwawric6?key=e88e0e88f8c3848121a42c50d479d708Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl=19172475
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: practicallyfire.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl=19172475
Source: global traffic	HTTP traffic detected: GET /zhwawric6?key=e88e0e88f8c3848121a42c50d479d708 HTTP/1.1Host: practicallyfire.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "104.0.5112.81"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "6.0.0"sec-ch-ua-model: ""sec-ch-ua-full-version-list: "Chromium";v="104.0.5112.81", " Not A;Brand";v="99.0.0.0", "Google Chrome";v="104.0.5112.81"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl=19172475
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: practicallyfire.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-full-version: "104.0.5112.81"sec-ch-ua-platform-version: "6.0.0"sec-ch-ua-full-version-list: "Chromium";v="104.0.5112.81", " Not A;Brand";v="99.0.0.0", "Google Chrome";v="104.0.5112.81"sec-ch-ua-model: sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://practicallyfire.com/zhwawric6?key=e88e0e88f8c3848121a42c50d479d708Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl=19172475
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: practicallyfire.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl=19172475
Source: global traffic	HTTP traffic detected: GET /anonymous/ HTTP/1.1Host: highperformancedformats.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /anonymous/ HTTP/1.1Host: highperformancedformats.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: chromecache_112.1.dr, chromecache_113.1.dr

String found in binary or memory: function bz(a,b){var c=this;return b}bz.M="internal.enableAutoEventOnScroll";var bc=ca(["data-gtm-yt-inspected-"]),cz=["www.youtube.com","www.youtube-nocookie.com"],dz,ez=!1; equals www.youtube.com (Youtube)

Source: chromecache_109.1.dr, chromecache_115.1.dr	String found in binary or memory: http://highperformancedformats.com/anonymous/
Source: chromecache_114.1.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: chromecache_112.1.dr, chromecache_113.1.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: chromecache_112.1.dr, chromecache_113.1.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: chromecache_113.1.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: chromecache_113.1.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect?v=2&
Source: chromecache_114.1.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: chromecache_114.1.dr	String found in binary or memory: https://tagassistant.google.com/
Source: chromecache_112.1.dr, chromecache_113.1.dr	String found in binary or memory: https://td.doubleclick.net
Source: chromecache_112.1.dr	String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: chromecache_114.1.dr	String found in binary or memory: https://www.google-analytics.com/debug/bootstrap?id=
Source: chromecache_114.1.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: chromecache_114.1.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: chromecache_114.1.dr	String found in binary or memory: https://www.google.com/ads/ga-audiences
Source: chromecache_112.1.dr, chromecache_113.1.dr	String found in binary or memory: https://www.googletagmanager.com/a?id=
Source: chromecache_114.1.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: chromecache_111.1.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-51273128-1
Source: chromecache_111.1.dr	String found in binary or memory: https://www.highrevenuegate.com/ij6sk7s1?key=55f17a9fee68ea1b6f4ccfa2d96ecf6e
Source: chromecache_113.1.dr	String found in binary or memory: https://www.merchant-center-analytics.goog/mc/collect
Source: chromecache_110.1.dr	String found in binary or memory: https://yavkus.online/296550-holly-willoughby-and-andrea-mclean-just-wore-matching-high-street-outfi

Source: unknown

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CONSENT=PENDING+904; SOCS=CAISHAgCEhJnd3NfMjAyMjA4MDgtMF9SQzEaAmVuIAEaBgiAvOuXBg

Source: classification engine

Classification label: mal64.win@30/7@8/10

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1920 --field-trial-handle=1612,i,355552224743655179,4262690051431891824,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.google.com/url?rct=j&sa=t&url=https://yavkus.online/296550-holly-willoughby-and-andrea-mclean-just-wore-matching-high-street-outfits-you-magazine&ct=ga&cd=CAEYACoTNjEzMzgzNzU3NTU4NDczNjY4MzIcODJmMWUyMjYyZWEyMjcxNDpjby51azplbjpHQg&usg=AOvVaw0yADjsZb33GgkW_ktbQIFH
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1920 --field-trial-handle=1612,i,355552224743655179,4262690051431891824,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\GoogleUpdater

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\GoogleUpdater

Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	2 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	3 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	4 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	1 Ingress Tool Transfer	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://www.google.com/url?rct=j&sa=t&url=https://yavkus.online/296550-holly-willoughby-and-andrea-mclean-just-wore-matching-high-street-outfits-you-magazine&ct=ga&cd=CAEYACoTNjEzMzgzNzU3NTU4NDczNjY4MzIcODJmMWUyMjYyZWEyMjcxNDpjby51azplbjpHQg&usg=AOvVaw0yADjsZb33GgkW_ktbQIFH	1%	Virustotal		Browse
https://www.google.com/url?rct=j&sa=t&url=https://yavkus.online/296550-holly-willoughby-and-andrea-mclean-just-wore-matching-high-street-outfits-you-magazine&ct=ga&cd=CAEYACoTNjEzMzgzNzU3NTU4NDczNjY4MzIcODJmMWUyMjYyZWEyMjcxNDpjby51azplbjpHQg&usg=AOvVaw0yADjsZb33GgkW_ktbQIFH	0%	Avira URL Cloud	safe
https://www.google.com/url?rct=j&sa=t&url=https://yavkus.online/296550-holly-willoughby-and-andrea-mclean-just-wore-matching-high-street-outfits-you-magazine&ct=ga&cd=CAEYACoTNjEzMzgzNzU3NTU4NDczNjY4MzIcODJmMWUyMjYyZWEyMjcxNDpjby51azplbjpHQg&usg=AOvVaw0yADjsZb33GgkW_ktbQIFH	100%	SlashNext	Rogue Software type: Phishing & Social Engineering

Source	Detection	Scanner	Label	Link
https://www.merchant-center-analytics.goog/mc/collect	0%	URL Reputation	safe
https://www.google.%/ads/ga-audiences	0%	URL Reputation	safe
https://cct.google/taggy/agent.js	0%	URL Reputation	safe
http://highperformancedformats.com/anonymous/	1%	Virustotal		Browse
https://www.highrevenuegate.com/favicon.ico	100%	Avira URL Cloud	malware
https://yavkus.online/296550-holly-willoughby-and-andrea-mclean-just-wore-matching-high-street-outfits-you-magazine	0%	Avira URL Cloud	safe
https://www.highrevenuegate.com/favicon.ico	8%	Virustotal		Browse
https://yavkus.online/296550-holly-willoughby-and-andrea-mclean-just-wore-matching-high-street-outfi	0%	Avira URL Cloud	safe
https://www.highrevenuegate.com/ij6sk7s1?key=55f17a9fee68ea1b6f4ccfa2d96ecf6e	11%	Virustotal		Browse
https://practicallyfire.com/favicon.ico	0%	Avira URL Cloud	safe
http://highperformancedformats.com/anonymous/	0%	Avira URL Cloud	safe

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
practicallyfire.com	173.233.139.164	true	false	unknown
www.highrevenuegate.com	173.233.137.52	true	false	unknown
accounts.google.com	142.250.203.109	true	false	high
yavkus.online	94.130.51.141	true	false	unknown
highperformancedformats.com	192.243.59.13	true	false	unknown
www.google.com	142.250.203.100	true	false	high
clients.l.google.com	142.250.203.110	true	false	high
windowsupdatebg.s.llnwi.net	178.79.225.128	true	false	unknown
clients2.google.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://yavkus.online/296550-holly-willoughby-and-andrea-mclean-just-wore-matching-high-street-outfits-you-magazine	false	Avira URL Cloud: safe	unknown
https://www.highrevenuegate.com/favicon.ico	false	8%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://practicallyfire.com/zhwawric6?key=e88e0e88f8c3848121a42c50d479d708	false		unknown
https://www.highrevenuegate.com/ij6sk7s1?key=55f17a9fee68ea1b6f4ccfa2d96ecf6e	false	11%, Virustotal, Browse	unknown
https://www.highrevenuegate.com/ij6sk7s1?key=55f17a9fee68ea1b6f4ccfa2d96ecf6e	false	11%, Virustotal, Browse	unknown
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false		high
https://www.google.com/url?rct=j&sa=t&url=https://yavkus.online/296550-holly-willoughby-and-andrea-mclean-just-wore-matching-high-street-outfits-you-magazine&ct=ga&cd=CAEYACoTNjEzMzgzNzU3NTU4NDczNjY4MzIcODJmMWUyMjYyZWEyMjcxNDpjby51azplbjpHQg&usg=AOvVaw0yADjsZb33GgkW_ktbQIFH	false		high
http://highperformancedformats.com/anonymous/	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1	false		high
https://practicallyfire.com/favicon.ico	false	Avira URL Cloud: safe	unknown
https://practicallyfire.com/zhwawric6?key=e88e0e88f8c3848121a42c50d479d708	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://stats.g.doubleclick.net/g/collect	chromecache_113.1.dr	false		high
https://www.google.com/ads/ga-audiences	chromecache_114.1.dr	false		high
https://www.merchant-center-analytics.goog/mc/collect	chromecache_113.1.dr	false	URL Reputation: safe	unknown
https://www.google.%/ads/ga-audiences	chromecache_114.1.dr	false	URL Reputation: safe	low
https://td.doubleclick.net	chromecache_112.1.dr, chromecache_113.1.dr	false		high
https://yavkus.online/296550-holly-willoughby-and-andrea-mclean-just-wore-matching-high-street-outfi	chromecache_110.1.dr	false	Avira URL Cloud: safe	unknown
https://stats.g.doubleclick.net/g/collect?v=2&	chromecache_113.1.dr	false		high
https://tagassistant.google.com/	chromecache_114.1.dr	false		high
https://stats.g.doubleclick.net/j/collect	chromecache_114.1.dr	false		high
https://ampcid.google.com/v1/publisher:getClientId	chromecache_114.1.dr	false		high
https://cct.google/taggy/agent.js	chromecache_112.1.dr, chromecache_113.1.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
173.233.137.52	www.highrevenuegate.com	United States	7979	SERVERS-COMUS	false
142.250.203.100	www.google.com	United States	15169	GOOGLEUS	false
142.250.203.110	clients.l.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
94.130.51.141	yavkus.online	Germany	24940	HETZNER-ASDE	false
192.243.59.13	highperformancedformats.com	Dominica	39572	ADVANCEDHOSTERS-ASNL	false
173.233.139.164	practicallyfire.com	United States	7979	SERVERS-COMUS	false
142.250.203.109	accounts.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.1
192.168.2.5

General Information

Joe Sandbox Version:	37.1.0 Beryl
Analysis ID:	862246
Start date and time:	2023-05-09 16:20:18 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 8m 36s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://www.google.com/url?rct=j&sa=t&url=https://yavkus.online/296550-holly-willoughby-and-andrea-mclean-just-wore-matching-high-street-outfits-you-magazine&ct=ga&cd=CAEYACoTNjEzMzgzNzU3NTU4NDczNjY4MzIcODJmMWUyMjYyZWEyMjcxNDpjby51azplbjpHQg&usg=AOvVaw0yADjsZb33GgkW_ktbQIFH
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	12
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal64.win@30/7@8/10
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Browse: http://highperformancedformats.com/anonymous/ Browse: http://highperformancedformats.com/anonymous/

Warnings

Exclude process from analysis (whitelisted): SgrmBroker.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 23.0.174.96, 23.0.174.98, 23.0.174.91, 23.0.174.106, 23.0.174.112, 23.0.174.99, 23.0.174.107, 23.0.174.105, 23.0.174.97, 209.197.3.8, 173.222.108.210, 173.222.108.226, 93.184.221.240, 142.250.203.99, 34.104.35.123, 142.250.203.104, 216.239.32.178, 216.239.36.178, 216.239.38.178, 216.239.34.178
Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, wu.ec.azureedge.net, www-alv.google-analytics.com, ctldl.windowsupdate.com, clientservices.googleapis.com, cds.d2s7q6s2.hwcdn.net, a767.dspw65.akamai.net, www-www.bing.com.trafficmanager.net, wu-bg-shim.trafficmanager.net, wu.azureedge.net, download.windowsupdate.com.edgesuite.net, e86303.dscx.akamaiedge.net, www.bing.com.edgekey.net, edgedl.me.gvt1.com, www.googletagmanager.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, www.google-analytics.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtWriteVirtualMemory calls found.

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	115
Entropy (8bit):	4.719823396275518
Encrypted:	false
SSDEEP:	3:uNXADiFCDRAWMO5h1KRWLRE+Vs2+ZJiNRDs7SGKy:uFAyTWLhgRW2+T+ZJas7Sdy
MD5:	16579CC322E9E105427ECFA57890EF69
SHA1:	8BB47EC30CF894AB49032D7271A45F0C778BAA05
SHA-256:	F28CE5BEFE08ED90A2E12B6B2A5E9FDAFAA6AD173503079155260AA480C66590
SHA-512:	FCF36F77D99F6594929BDED28F200BEE11FAB9B316A5E437567345B8877CFC6707BF8A116C03F07B03C0235B587E71DBD4843560564BAE07BAD2F5B6295CCE3F
Malicious:	false
Reputation:	low
URL:	https://www.highrevenuegate.com/ij6sk7s1?key=55f17a9fee68ea1b6f4ccfa2d96ecf6e
Preview:	<a href = 'http://highperformancedformats.com/anonymous/' target='_blank'>Anonymous Proxy detected, click here.</a>

Chrome Cache Entry: 110

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (1174)
Category:	downloaded
Size (bytes):	1313
Entropy (8bit):	5.262243295538985
Encrypted:	false
SSDEEP:	24:NIDPlI4HtdKbGbQGbMQBSSaM99GuGVIGb5LVbD1znL6Len8BAtwML6LenltMQsb:NiIEtdMGbQGbMSSHMrcmGbHFE7ewMEcW
MD5:	6DC35140B93DA4C4C6899FE562EB765A
SHA1:	26E3C54B2EA716AC54BB579BFD5E78D23198FFC8
SHA-256:	1E5863C023E4F02DBE9B37B521EDF65F1F486B07768D2B1B7FCAEAF74037FEA8
SHA-512:	FB62D095F50D526C4F43CC711252F7A2D00DCFD19B017178819021F676B2F9C1ED60F0A6B7025F199852EF0C7D1C03D702AA1AFFE499BFF49041ADDC4B8B7F20
Malicious:	false
Reputation:	low
URL:	https://www.google.com/url?rct=j&sa=t&url=https://yavkus.online/296550-holly-willoughby-and-andrea-mclean-just-wore-matching-high-street-outfits-you-magazine&ct=ga&cd=CAEYACoTNjEzMzgzNzU3NTU4NDczNjY4MzIcODJmMWUyMjYyZWEyMjcxNDpjby51azplbjpHQg&usg=AOvVaw0yADjsZb33GgkW_ktbQIFH
Preview:	<html lang="en-GB"> <head> <meta content="origin" name="referrer"> <script nonce="TyY6Ot2aTMMaFOGUbXgNVw">window.google = {};(function(){.var d=this\|\|self;var e=function(c){this.g=c};e.prototype.toString=function(){return this.g.toString()};e.prototype.h=!0;var h;try{new URL("s://g"),h=!0}catch(c){h=!1}var k=h,l={};d.google.navigateTo=function(c,f,a){if(c!==f&&c.google){if(c.google.r){c.google.r=0;c=c.location;if(!(a instanceof e\|\|a instanceof e)){a="object"==typeof a&&a.h?a.g.toString():String(a);b:{var g=a;if(k){try{var b=new URL(g)}catch(m){b="https:";break b}b=b.protocol}else c:{b=document.createElement("a");try{b.href=g}catch(m){b=void 0;break c}b=b.protocol;b=":"===b\|\|""===b?"https:":b}}"javascript:"===b&&(a="about:invalid#zClosurez");a=new e(a,l)}c.href=a instanceof e&&a.constructor===e?a.g:"type_error:SafeUrl";f.location.replace("about:blank")}}else f.location.replace(a)};}).call(this);(function(){var redirectUrl='https://yavkus.online/296550-holly-willoughby-and-andrea-mclean

Chrome Cache Entry: 111

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	1208
Entropy (8bit):	4.8795389840764205
Encrypted:	false
SSDEEP:	24:hY0FLUrQRBv/hI63q9XfWrgLWrCSzo+LPIroSb:jFQUR9GD9PW0LW+SMco
MD5:	EFCE6008234E5495A63700F8413E02F0
SHA1:	07449F892EE2A0F09B4E3D2CB9D793027FE0D6BB
SHA-256:	0DF640CFEE6D64ABF15AE3DFE5FAFF040FF9E814A6B84E026AE1A66AADD024CC
SHA-512:	4C9D07BDCFF00AE0356737D8A977A0CD45540032F5834FBE6239CF31A312E2A64BC1451B16A6BEBEFE70B5BBED2D15080B6671AF298E49268D499B9FD96B4E21
Malicious:	false
Reputation:	low
URL:	https://yavkus.online/296550-holly-willoughby-and-andrea-mclean-just-wore-matching-high-street-outfits-you-magazine
Preview:	<!DOCTYPE html>.<html lang="en"><head>.<title>yavkus.online - Holly Willoughby and Andrea McLean just wore matching high street outfits YOU Magazine</title> Google tag (gtag.js) -->.<script async src="https://www.googletagmanager.com/gtag/js?id=UA-51273128-1"></script>.<script>. window.dataLayer = window.dataLayer \|\| [];. function gtag(){dataLayer.push(arguments);}. gtag('js', new Date());.. gtag('config', 'UA-51273128-1');.</script>.....<html>. <head>. <script type="application/javascript">. function process() {. if (window.location !== window.parent.location ) {. top.location = "https://www.highrevenuegate.com/ij6sk7s1?key=55f17a9fee68ea1b6f4ccfa2d96ecf6e";. } else {. window.location = "https://www.highrevenuegate.com/ij6sk7s1?key=55f17a9fee68ea1b6f4ccfa2d96ecf6e";. }. }. window.onerror = process;. proces

Chrome Cache Entry: 112

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3856)
Category:	downloaded
Size (bytes):	171122
Entropy (8bit):	5.539468311005735
Encrypted:	false
SSDEEP:	3072:Jt+JwQ04aUnHZ05x5FABOkh0FNw9yV9eycDYbHUIC:fQzJix7+qFNw9yVwXYLUv
MD5:	EDB6636EEF6932E42AC0676236C33C40
SHA1:	136B95547BA67E4D1C09F5CEFF2DA316723F0DD0
SHA-256:	1506A026E49E227250530B57E93659DC2D0AEA5A48B22B1D57A00808ABCCA7F3
SHA-512:	0D0E7C65C9902D6627EA47F788006635B794C9CF6A7D9858C24D7C7C1FDF6D254FACAEEC703C1C200A8B7BD96A1877C4B93F56FA2BB1F8F86E1F1D4C46209D63
Malicious:	false
Reputation:	low
URL:	https://www.googletagmanager.com/gtag/js?id=UA-51273128-1
Preview:	.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"1",. . "macros":[{"function":"__e"},{"function":"__c","vtp_value":"undefined"}],. "tags":[{"function":"__ogt_1p_data_v2","priority":2,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_autoEmailEnabled":true,"vtp_autoPhoneEnabled":false,"vtp_autoAddressEnabled":false,"vtp_isAutoCollectPiiEnabledFlag":false,"tag_id":10},{"function":"__ccd_ga_first","priority":1,"vtp_instanceDestinationId":"UA-51273128-1","tag_id":13},{"function":"__rep","vtp_containerId":"UA-51273128-1","vtp_remoteConfig":["map"],"tag_id":1},{"function":"__zone","vtp_childContainers":["list",["map","publicId","G-6V5201028T"]],"vtp_enableConfiguration":false,"tag_id":3},{"function":"__ccd_ga_last","priority":0,"vtp_instanceDestinationId":"UA-51273128-1","tag_id":12}],. "predicates":[{"function":"_eq","arg0":["macro",0],"arg1":"gtm.js"},

Chrome Cache Entry: 113

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5059)
Category:	downloaded
Size (bytes):	204125
Entropy (8bit):	5.56050037675506
Encrypted:	false
SSDEEP:	3072:tr+JwQ04QD2DLyRnC/05xdfSBOPpFNw9yV9eyaPOGfuesRFJ7uyR:VQzQsLyN9xN/pFNw9yVwpARj7uK
MD5:	23029E2D840945C8372DA53953CCA44B
SHA1:	0DB320BA99BD6C843B977DAE69EEFE8C94D5EBB9
SHA-256:	D22E6B5D4E5AA1C02EA324804896EEFC4033F82FECFDFCD6F9E12C07088AE764
SHA-512:	9066F2A68A063AE2BEEC948EB34E71B49F50D00288E40F9E71E77A4D92660423FEC0360F33CC7E5BE35FB0E9F433AA40E4C83A5CA4C2BC9E82E39B14A9B903B3
Malicious:	false
Reputation:	low
URL:	https://www.googletagmanager.com/gtag/js?id=G-6V5201028T&l=dataLayer&cx=c
Preview:	.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"1",. . "macros":[{"function":"__e"},{"vtp_signal":0,"function":"__c","vtp_value":0},{"function":"__c","vtp_value":"google.co.uk"},{"function":"__c","vtp_value":0},{"vtp_signal":0,"function":"__c","vtp_value":0},{"function":"__c","vtp_value":"google.co.uk"},{"function":"__c","vtp_value":0}],. "tags":[{"function":"__ogt_1p_data_v2","priority":7,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_autoEmailEnabled":true,"vtp_autoPhoneEnabled":false,"vtp_autoAddressEnabled":false,"vtp_isAutoCollectPiiEnabledFlag":false,"tag_id":10},{"function":"__ccd_ga_first","priority":6,"vtp_instanceDestinationId":"G-6V5201028T","tag_id":18},{"function":"__set_product_settings","priority":5,"vtp_instanceDestinationId":"G-6V5201028T","vtp_foreignTldMacroResult":["macro",5],"vtp_isChinaVipRegionMacroResult":["macro",6],"tag

Chrome Cache Entry: 114

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1573)
Category:	downloaded
Size (bytes):	52082
Entropy (8bit):	5.515813845174423
Encrypted:	false
SSDEEP:	768:L5zaBkiBCwsZtisP5XqYlpL+CyfiHOlTjdGoz2enV6KD1CgYUD0ZTXEwyVfZsk:BaBki125hziD8O9dGozFGUwyVL
MD5:	4507839525A19180914799B08FB5FA5B
SHA1:	738D7E47E47A102E67D09EFA63408D21AAF02245
SHA-256:	E7B90D32907F89C49E9E2A2CCCA95133277F756F13A14187936D9B948FF67B44
SHA-512:	124BB24B26EDE426AC7EF14DB40FF894DDEA6EB9C7A5BF408FD83B116BD55EC86B51B6839D5EEC7EC0F481AAB940795006005B4534DFF6CC0F3A6560F7CF9BEA
Malicious:	false
Reputation:	low
URL:	https://www.google-analytics.com/analytics.js
Preview:	(function(){/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var aa=this\|\|self,n=function(a,b){a=a.split(".");var c=aa;a[0]in c\|\|"undefined"==typeof c.execScript\|\|c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length\|\|void 0===b?c=c[d]&&c[d]!==Object.prototype[d]?c[d]:c[d]={}:c[d]=b};function p(){for(var a=q,b={},c=0;c<a.length;++c)b[a[c]]=c;return b}function r(){var a="ABCDEFGHIJKLMNOPQRSTUVWXYZ";a+=a.toLowerCase()+"0123456789-_";return a+"."}var q,u;.function ba(a){function b(k){for(;d<a.length;){var m=a.charAt(d++),l=u[m];if(null!=l)return l;if(!/^[\s\xa0]*$/.test(m))throw Error("Unknown base64 encoding at char: "+m);}return k}q=q\|\|r();u=u\|\|p();for(var c="",d=0;;){var e=b(-1),f=b(0),h=b(64),g=b(64);if(64===g&&-1===e)return c;c+=String.fromCharCode(e<<2\|f>>4);64!=h&&(c+=String.fromCharCode(f<<4&240\|h>>2),64!=g&&(c+=String.fromCharCode(h<<6&192\|g)))}};var v={},w=function(a){v.TAGGING=v.TAGGING\|\|[];v.TAGGING[a]=!0};var y=function(a,b){

Chrome Cache Entry: 115

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	115
Entropy (8bit):	4.719823396275518
Encrypted:	false
SSDEEP:	3:uNXADiFCDRAWMO5h1KRWLRE+Vs2+ZJiNRDs7SGKy:uFAyTWLhgRW2+T+ZJas7Sdy
MD5:	16579CC322E9E105427ECFA57890EF69
SHA1:	8BB47EC30CF894AB49032D7271A45F0C778BAA05
SHA-256:	F28CE5BEFE08ED90A2E12B6B2A5E9FDAFAA6AD173503079155260AA480C66590
SHA-512:	FCF36F77D99F6594929BDED28F200BEE11FAB9B316A5E437567345B8877CFC6707BF8A116C03F07B03C0235B587E71DBD4843560564BAE07BAD2F5B6295CCE3F
Malicious:	false
Reputation:	low
URL:	https://practicallyfire.com/zhwawric6?key=e88e0e88f8c3848121a42c50d479d708
Preview:	<a href = 'http://highperformancedformats.com/anonymous/' target='_blank'>Anonymous Proxy detected, click here.</a>

Total Packets: 189
• 443 (HTTPS)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 9, 2023 16:21:19.542057991 CEST	49698	443	192.168.2.3	142.250.203.109
May 9, 2023 16:21:19.542124987 CEST	443	49698	142.250.203.109	192.168.2.3
May 9, 2023 16:21:19.542249918 CEST	49698	443	192.168.2.3	142.250.203.109
May 9, 2023 16:21:19.542977095 CEST	49699	443	192.168.2.3	142.250.203.110
May 9, 2023 16:21:19.543035984 CEST	443	49699	142.250.203.110	192.168.2.3
May 9, 2023 16:21:19.543112040 CEST	49699	443	192.168.2.3	142.250.203.110
May 9, 2023 16:21:19.550121069 CEST	49700	443	192.168.2.3	142.250.203.109
May 9, 2023 16:21:19.550211906 CEST	443	49700	142.250.203.109	192.168.2.3
May 9, 2023 16:21:19.550285101 CEST	49700	443	192.168.2.3	142.250.203.109
May 9, 2023 16:21:19.550997972 CEST	49701	443	192.168.2.3	142.250.203.110
May 9, 2023 16:21:19.551032066 CEST	443	49701	142.250.203.110	192.168.2.3
May 9, 2023 16:21:19.551126957 CEST	49701	443	192.168.2.3	142.250.203.110
May 9, 2023 16:21:19.555182934 CEST	49699	443	192.168.2.3	142.250.203.110
May 9, 2023 16:21:19.555208921 CEST	443	49699	142.250.203.110	192.168.2.3
May 9, 2023 16:21:19.555933952 CEST	49698	443	192.168.2.3	142.250.203.109
May 9, 2023 16:21:19.555964947 CEST	443	49698	142.250.203.109	192.168.2.3
May 9, 2023 16:21:19.556971073 CEST	49700	443	192.168.2.3	142.250.203.109
May 9, 2023 16:21:19.556993008 CEST	443	49700	142.250.203.109	192.168.2.3
May 9, 2023 16:21:19.557415962 CEST	49701	443	192.168.2.3	142.250.203.110
May 9, 2023 16:21:19.557437897 CEST	443	49701	142.250.203.110	192.168.2.3
May 9, 2023 16:21:19.647576094 CEST	443	49699	142.250.203.110	192.168.2.3
May 9, 2023 16:21:19.652210951 CEST	443	49701	142.250.203.110	192.168.2.3
May 9, 2023 16:21:19.656039953 CEST	443	49700	142.250.203.109	192.168.2.3
May 9, 2023 16:21:19.673348904 CEST	443	49698	142.250.203.109	192.168.2.3
May 9, 2023 16:21:19.734916925 CEST	49698	443	192.168.2.3	142.250.203.109
May 9, 2023 16:21:19.735603094 CEST	49700	443	192.168.2.3	142.250.203.109
May 9, 2023 16:21:19.766241074 CEST	49699	443	192.168.2.3	142.250.203.110
May 9, 2023 16:21:19.767587900 CEST	49701	443	192.168.2.3	142.250.203.110
May 9, 2023 16:21:19.906215906 CEST	49698	443	192.168.2.3	142.250.203.109
May 9, 2023 16:21:19.906275988 CEST	443	49698	142.250.203.109	192.168.2.3
May 9, 2023 16:21:19.907537937 CEST	49700	443	192.168.2.3	142.250.203.109
May 9, 2023 16:21:19.907567024 CEST	443	49700	142.250.203.109	192.168.2.3
May 9, 2023 16:21:19.907691956 CEST	49701	443	192.168.2.3	142.250.203.110
May 9, 2023 16:21:19.907727003 CEST	443	49701	142.250.203.110	192.168.2.3
May 9, 2023 16:21:19.908282995 CEST	443	49701	142.250.203.110	192.168.2.3
May 9, 2023 16:21:19.908297062 CEST	443	49701	142.250.203.110	192.168.2.3
May 9, 2023 16:21:19.908318043 CEST	49699	443	192.168.2.3	142.250.203.110
May 9, 2023 16:21:19.908345938 CEST	443	49699	142.250.203.110	192.168.2.3
May 9, 2023 16:21:19.908443928 CEST	49701	443	192.168.2.3	142.250.203.110
May 9, 2023 16:21:19.909109116 CEST	443	49701	142.250.203.110	192.168.2.3
May 9, 2023 16:21:19.909159899 CEST	49701	443	192.168.2.3	142.250.203.110
May 9, 2023 16:21:19.909302950 CEST	443	49699	142.250.203.110	192.168.2.3
May 9, 2023 16:21:19.909324884 CEST	443	49699	142.250.203.110	192.168.2.3
May 9, 2023 16:21:19.909365892 CEST	49699	443	192.168.2.3	142.250.203.110
May 9, 2023 16:21:19.909606934 CEST	443	49698	142.250.203.109	192.168.2.3
May 9, 2023 16:21:19.909655094 CEST	443	49698	142.250.203.109	192.168.2.3
May 9, 2023 16:21:19.909679890 CEST	49698	443	192.168.2.3	142.250.203.109
May 9, 2023 16:21:19.909986019 CEST	443	49700	142.250.203.109	192.168.2.3
May 9, 2023 16:21:19.910039902 CEST	443	49700	142.250.203.109	192.168.2.3
May 9, 2023 16:21:19.910056114 CEST	49700	443	192.168.2.3	142.250.203.109
May 9, 2023 16:21:19.910856009 CEST	443	49699	142.250.203.110	192.168.2.3
May 9, 2023 16:21:19.910921097 CEST	49699	443	192.168.2.3	142.250.203.110
May 9, 2023 16:21:19.910943031 CEST	443	49699	142.250.203.110	192.168.2.3
May 9, 2023 16:21:19.955620050 CEST	49699	443	192.168.2.3	142.250.203.110
May 9, 2023 16:21:20.119422913 CEST	443	49698	142.250.203.109	192.168.2.3
May 9, 2023 16:21:20.119570017 CEST	49698	443	192.168.2.3	142.250.203.109
May 9, 2023 16:21:20.123449087 CEST	443	49700	142.250.203.109	192.168.2.3
May 9, 2023 16:21:20.123593092 CEST	49700	443	192.168.2.3	142.250.203.109
May 9, 2023 16:21:20.765022039 CEST	49699	443	192.168.2.3	142.250.203.110
May 9, 2023 16:21:20.765151024 CEST	49699	443	192.168.2.3	142.250.203.110
May 9, 2023 16:21:20.765162945 CEST	443	49699	142.250.203.110	192.168.2.3
May 9, 2023 16:21:20.765290976 CEST	443	49699	142.250.203.110	192.168.2.3
May 9, 2023 16:21:20.765337944 CEST	49698	443	192.168.2.3	142.250.203.109
May 9, 2023 16:21:20.765454054 CEST	49700	443	192.168.2.3	142.250.203.109
May 9, 2023 16:21:20.765513897 CEST	443	49698	142.250.203.109	192.168.2.3
May 9, 2023 16:21:20.765604973 CEST	443	49700	142.250.203.109	192.168.2.3
May 9, 2023 16:21:20.765753984 CEST	49701	443	192.168.2.3	142.250.203.110
May 9, 2023 16:21:20.765867949 CEST	49698	443	192.168.2.3	142.250.203.109
May 9, 2023 16:21:20.765887976 CEST	443	49698	142.250.203.109	192.168.2.3
May 9, 2023 16:21:20.765957117 CEST	443	49701	142.250.203.110	192.168.2.3
May 9, 2023 16:21:20.798563004 CEST	443	49699	142.250.203.110	192.168.2.3
May 9, 2023 16:21:20.798744917 CEST	49699	443	192.168.2.3	142.250.203.110
May 9, 2023 16:21:20.798753023 CEST	443	49699	142.250.203.110	192.168.2.3
May 9, 2023 16:21:20.798806906 CEST	49699	443	192.168.2.3	142.250.203.110
May 9, 2023 16:21:20.800949097 CEST	49699	443	192.168.2.3	142.250.203.110
May 9, 2023 16:21:20.800972939 CEST	443	49699	142.250.203.110	192.168.2.3
May 9, 2023 16:21:20.817661047 CEST	443	49698	142.250.203.109	192.168.2.3
May 9, 2023 16:21:20.817740917 CEST	49698	443	192.168.2.3	142.250.203.109
May 9, 2023 16:21:20.817761898 CEST	443	49698	142.250.203.109	192.168.2.3
May 9, 2023 16:21:20.818542957 CEST	443	49698	142.250.203.109	192.168.2.3
May 9, 2023 16:21:20.818630934 CEST	49698	443	192.168.2.3	142.250.203.109
May 9, 2023 16:21:20.877309084 CEST	49698	443	192.168.2.3	142.250.203.109
May 9, 2023 16:21:20.877366066 CEST	443	49698	142.250.203.109	192.168.2.3
May 9, 2023 16:21:20.938213110 CEST	49700	443	192.168.2.3	142.250.203.109
May 9, 2023 16:21:20.938277960 CEST	443	49700	142.250.203.109	192.168.2.3
May 9, 2023 16:21:20.953804016 CEST	49701	443	192.168.2.3	142.250.203.110
May 9, 2023 16:21:20.953829050 CEST	443	49701	142.250.203.110	192.168.2.3
May 9, 2023 16:21:21.064188957 CEST	49701	443	192.168.2.3	142.250.203.110
May 9, 2023 16:21:21.126523972 CEST	49700	443	192.168.2.3	142.250.203.109
May 9, 2023 16:21:22.041457891 CEST	49706	443	192.168.2.3	142.250.203.100
May 9, 2023 16:21:22.041516066 CEST	443	49706	142.250.203.100	192.168.2.3
May 9, 2023 16:21:22.041582108 CEST	49706	443	192.168.2.3	142.250.203.100
May 9, 2023 16:21:22.044159889 CEST	49706	443	192.168.2.3	142.250.203.100
May 9, 2023 16:21:22.044188976 CEST	443	49706	142.250.203.100	192.168.2.3
May 9, 2023 16:21:22.098196030 CEST	443	49706	142.250.203.100	192.168.2.3
May 9, 2023 16:21:22.108366013 CEST	49706	443	192.168.2.3	142.250.203.100
May 9, 2023 16:21:22.108411074 CEST	443	49706	142.250.203.100	192.168.2.3
May 9, 2023 16:21:22.109693050 CEST	443	49706	142.250.203.100	192.168.2.3
May 9, 2023 16:21:22.109795094 CEST	49706	443	192.168.2.3	142.250.203.100
May 9, 2023 16:21:22.149455070 CEST	49706	443	192.168.2.3	142.250.203.100
May 9, 2023 16:21:22.149648905 CEST	443	49706	142.250.203.100	192.168.2.3
May 9, 2023 16:21:22.149760962 CEST	49706	443	192.168.2.3	142.250.203.100
May 9, 2023 16:21:22.149796963 CEST	443	49706	142.250.203.100	192.168.2.3
May 9, 2023 16:21:22.227189064 CEST	443	49706	142.250.203.100	192.168.2.3
May 9, 2023 16:21:22.227248907 CEST	443	49706	142.250.203.100	192.168.2.3
May 9, 2023 16:21:22.227313995 CEST	49706	443	192.168.2.3	142.250.203.100
May 9, 2023 16:21:22.227365971 CEST	443	49706	142.250.203.100	192.168.2.3
May 9, 2023 16:21:22.227415085 CEST	49706	443	192.168.2.3	142.250.203.100
May 9, 2023 16:21:22.227427959 CEST	443	49706	142.250.203.100	192.168.2.3
May 9, 2023 16:21:22.227449894 CEST	443	49706	142.250.203.100	192.168.2.3
May 9, 2023 16:21:22.227492094 CEST	49706	443	192.168.2.3	142.250.203.100
May 9, 2023 16:21:22.285821915 CEST	49706	443	192.168.2.3	142.250.203.100
May 9, 2023 16:21:22.285867929 CEST	443	49706	142.250.203.100	192.168.2.3
May 9, 2023 16:21:22.492115974 CEST	49707	443	192.168.2.3	94.130.51.141
May 9, 2023 16:21:22.492194891 CEST	443	49707	94.130.51.141	192.168.2.3
May 9, 2023 16:21:22.492288113 CEST	49707	443	192.168.2.3	94.130.51.141
May 9, 2023 16:21:22.492892981 CEST	49707	443	192.168.2.3	94.130.51.141
May 9, 2023 16:21:22.492923975 CEST	443	49707	94.130.51.141	192.168.2.3
May 9, 2023 16:21:22.590718985 CEST	443	49707	94.130.51.141	192.168.2.3
May 9, 2023 16:21:22.605504036 CEST	49707	443	192.168.2.3	94.130.51.141
May 9, 2023 16:21:22.605539083 CEST	443	49707	94.130.51.141	192.168.2.3
May 9, 2023 16:21:22.607722044 CEST	443	49707	94.130.51.141	192.168.2.3
May 9, 2023 16:21:22.607857943 CEST	49707	443	192.168.2.3	94.130.51.141
May 9, 2023 16:21:22.633662939 CEST	49707	443	192.168.2.3	94.130.51.141
May 9, 2023 16:21:22.633913994 CEST	443	49707	94.130.51.141	192.168.2.3
May 9, 2023 16:21:22.633918047 CEST	49707	443	192.168.2.3	94.130.51.141
May 9, 2023 16:21:22.675416946 CEST	443	49707	94.130.51.141	192.168.2.3
May 9, 2023 16:21:22.756359100 CEST	49707	443	192.168.2.3	94.130.51.141
May 9, 2023 16:21:22.756406069 CEST	443	49707	94.130.51.141	192.168.2.3
May 9, 2023 16:21:22.760797977 CEST	443	49707	94.130.51.141	192.168.2.3
May 9, 2023 16:21:22.760883093 CEST	49707	443	192.168.2.3	94.130.51.141
May 9, 2023 16:21:22.760909081 CEST	443	49707	94.130.51.141	192.168.2.3
May 9, 2023 16:21:22.760931015 CEST	443	49707	94.130.51.141	192.168.2.3
May 9, 2023 16:21:22.760998964 CEST	49707	443	192.168.2.3	94.130.51.141
May 9, 2023 16:21:22.801878929 CEST	49707	443	192.168.2.3	94.130.51.141
May 9, 2023 16:21:22.801939011 CEST	443	49707	94.130.51.141	192.168.2.3
May 9, 2023 16:21:22.855911970 CEST	49709	443	192.168.2.3	173.233.137.52
May 9, 2023 16:21:22.855999947 CEST	443	49709	173.233.137.52	192.168.2.3
May 9, 2023 16:21:22.856115103 CEST	49709	443	192.168.2.3	173.233.137.52
May 9, 2023 16:21:22.856861115 CEST	49709	443	192.168.2.3	173.233.137.52
May 9, 2023 16:21:22.856910944 CEST	443	49709	173.233.137.52	192.168.2.3
May 9, 2023 16:21:22.857815981 CEST	49710	443	192.168.2.3	173.233.137.52
May 9, 2023 16:21:22.857858896 CEST	443	49710	173.233.137.52	192.168.2.3
May 9, 2023 16:21:22.857923985 CEST	49710	443	192.168.2.3	173.233.137.52
May 9, 2023 16:21:22.858526945 CEST	49710	443	192.168.2.3	173.233.137.52
May 9, 2023 16:21:22.858541965 CEST	443	49710	173.233.137.52	192.168.2.3
May 9, 2023 16:21:23.189196110 CEST	443	49709	173.233.137.52	192.168.2.3
May 9, 2023 16:21:23.189752102 CEST	49709	443	192.168.2.3	173.233.137.52
May 9, 2023 16:21:23.189780951 CEST	443	49709	173.233.137.52	192.168.2.3
May 9, 2023 16:21:23.191478968 CEST	443	49709	173.233.137.52	192.168.2.3
May 9, 2023 16:21:23.191587925 CEST	49709	443	192.168.2.3	173.233.137.52
May 9, 2023 16:21:23.194323063 CEST	49709	443	192.168.2.3	173.233.137.52
May 9, 2023 16:21:23.194562912 CEST	443	49709	173.233.137.52	192.168.2.3
May 9, 2023 16:21:23.194637060 CEST	49709	443	192.168.2.3	173.233.137.52
May 9, 2023 16:21:23.212503910 CEST	443	49710	173.233.137.52	192.168.2.3
May 9, 2023 16:21:23.214915991 CEST	49710	443	192.168.2.3	173.233.137.52
May 9, 2023 16:21:23.214939117 CEST	443	49710	173.233.137.52	192.168.2.3
May 9, 2023 16:21:23.217308044 CEST	443	49710	173.233.137.52	192.168.2.3
May 9, 2023 16:21:23.217367887 CEST	49710	443	192.168.2.3	173.233.137.52
May 9, 2023 16:21:23.218343973 CEST	49710	443	192.168.2.3	173.233.137.52
May 9, 2023 16:21:23.218533039 CEST	443	49710	173.233.137.52	192.168.2.3
May 9, 2023 16:21:23.235435963 CEST	443	49709	173.233.137.52	192.168.2.3
May 9, 2023 16:21:23.252901077 CEST	49709	443	192.168.2.3	173.233.137.52
May 9, 2023 16:21:23.252963066 CEST	443	49709	173.233.137.52	192.168.2.3
May 9, 2023 16:21:23.305567026 CEST	443	49709	173.233.137.52	192.168.2.3
May 9, 2023 16:21:23.305711985 CEST	49709	443	192.168.2.3	173.233.137.52
May 9, 2023 16:21:23.323860884 CEST	49709	443	192.168.2.3	173.233.137.52
May 9, 2023 16:21:23.323883057 CEST	443	49709	173.233.137.52	192.168.2.3
May 9, 2023 16:21:23.327450991 CEST	49710	443	192.168.2.3	173.233.137.52
May 9, 2023 16:21:23.327475071 CEST	443	49710	173.233.137.52	192.168.2.3
May 9, 2023 16:21:23.426613092 CEST	49710	443	192.168.2.3	173.233.137.52
May 9, 2023 16:21:23.465575933 CEST	49710	443	192.168.2.3	173.233.137.52
May 9, 2023 16:21:23.507424116 CEST	443	49710	173.233.137.52	192.168.2.3
May 9, 2023 16:21:23.575428963 CEST	443	49710	173.233.137.52	192.168.2.3
May 9, 2023 16:21:23.575618029 CEST	443	49710	173.233.137.52	192.168.2.3
May 9, 2023 16:21:23.575700045 CEST	49710	443	192.168.2.3	173.233.137.52
May 9, 2023 16:21:23.587272882 CEST	49710	443	192.168.2.3	173.233.137.52
May 9, 2023 16:21:23.587272882 CEST	49710	443	192.168.2.3	173.233.137.52
May 9, 2023 16:21:23.587337017 CEST	443	49710	173.233.137.52	192.168.2.3
May 9, 2023 16:21:23.587419033 CEST	49710	443	192.168.2.3	173.233.137.52
May 9, 2023 16:21:23.904737949 CEST	49714	443	192.168.2.3	173.233.137.52
May 9, 2023 16:21:23.904787064 CEST	443	49714	173.233.137.52	192.168.2.3
May 9, 2023 16:21:23.904860973 CEST	49714	443	192.168.2.3	173.233.137.52
May 9, 2023 16:21:23.904947042 CEST	49715	443	192.168.2.3	173.233.137.52
May 9, 2023 16:21:23.904999018 CEST	443	49715	173.233.137.52	192.168.2.3
May 9, 2023 16:21:23.905055046 CEST	49715	443	192.168.2.3	173.233.137.52
May 9, 2023 16:21:23.913410902 CEST	49715	443	192.168.2.3	173.233.137.52
May 9, 2023 16:21:23.913436890 CEST	443	49715	173.233.137.52	192.168.2.3
May 9, 2023 16:21:23.913573027 CEST	49714	443	192.168.2.3	173.233.137.52
May 9, 2023 16:21:23.913602114 CEST	443	49714	173.233.137.52	192.168.2.3
May 9, 2023 16:21:24.181483984 CEST	443	49714	173.233.137.52	192.168.2.3
May 9, 2023 16:21:24.181859970 CEST	443	49715	173.233.137.52	192.168.2.3
May 9, 2023 16:21:24.182045937 CEST	49714	443	192.168.2.3	173.233.137.52
May 9, 2023 16:21:24.182080030 CEST	443	49714	173.233.137.52	192.168.2.3
May 9, 2023 16:21:24.182339907 CEST	49715	443	192.168.2.3	173.233.137.52
May 9, 2023 16:21:24.182383060 CEST	443	49715	173.233.137.52	192.168.2.3
May 9, 2023 16:21:24.182571888 CEST	443	49714	173.233.137.52	192.168.2.3
May 9, 2023 16:21:24.183156013 CEST	443	49715	173.233.137.52	192.168.2.3
May 9, 2023 16:21:24.183291912 CEST	49714	443	192.168.2.3	173.233.137.52
May 9, 2023 16:21:24.183408022 CEST	443	49714	173.233.137.52	192.168.2.3
May 9, 2023 16:21:24.183854103 CEST	49715	443	192.168.2.3	173.233.137.52
May 9, 2023 16:21:24.184036016 CEST	443	49715	173.233.137.52	192.168.2.3
May 9, 2023 16:21:24.184521914 CEST	49714	443	192.168.2.3	173.233.137.52
May 9, 2023 16:21:24.226085901 CEST	49715	443	192.168.2.3	173.233.137.52
May 9, 2023 16:21:24.227421999 CEST	443	49714	173.233.137.52	192.168.2.3
May 9, 2023 16:21:24.424545050 CEST	443	49714	173.233.137.52	192.168.2.3
May 9, 2023 16:21:24.424659967 CEST	443	49714	173.233.137.52	192.168.2.3
May 9, 2023 16:21:24.424771070 CEST	49714	443	192.168.2.3	173.233.137.52
May 9, 2023 16:21:24.428951025 CEST	49714	443	192.168.2.3	173.233.137.52
May 9, 2023 16:21:24.428982019 CEST	443	49714	173.233.137.52	192.168.2.3
May 9, 2023 16:21:24.459283113 CEST	49715	443	192.168.2.3	173.233.137.52
May 9, 2023 16:21:24.499432087 CEST	443	49715	173.233.137.52	192.168.2.3
May 9, 2023 16:21:24.566040993 CEST	443	49715	173.233.137.52	192.168.2.3
May 9, 2023 16:21:24.566140890 CEST	443	49715	173.233.137.52	192.168.2.3
May 9, 2023 16:21:24.566205025 CEST	49715	443	192.168.2.3	173.233.137.52
May 9, 2023 16:21:24.572875023 CEST	49715	443	192.168.2.3	173.233.137.52
May 9, 2023 16:21:24.572911024 CEST	443	49715	173.233.137.52	192.168.2.3
May 9, 2023 16:21:24.686451912 CEST	49717	443	192.168.2.3	173.233.137.52
May 9, 2023 16:21:24.686517000 CEST	443	49717	173.233.137.52	192.168.2.3
May 9, 2023 16:21:24.686641932 CEST	49717	443	192.168.2.3	173.233.137.52
May 9, 2023 16:21:24.686985016 CEST	49717	443	192.168.2.3	173.233.137.52
May 9, 2023 16:21:24.687000990 CEST	443	49717	173.233.137.52	192.168.2.3
May 9, 2023 16:21:24.905031919 CEST	443	49717	173.233.137.52	192.168.2.3
May 9, 2023 16:21:24.905787945 CEST	49717	443	192.168.2.3	173.233.137.52
May 9, 2023 16:21:24.905810118 CEST	443	49717	173.233.137.52	192.168.2.3
May 9, 2023 16:21:24.906232119 CEST	443	49717	173.233.137.52	192.168.2.3
May 9, 2023 16:21:24.906987906 CEST	49717	443	192.168.2.3	173.233.137.52
May 9, 2023 16:21:24.907074928 CEST	443	49717	173.233.137.52	192.168.2.3
May 9, 2023 16:21:24.907809973 CEST	49717	443	192.168.2.3	173.233.137.52
May 9, 2023 16:21:24.955421925 CEST	443	49717	173.233.137.52	192.168.2.3
May 9, 2023 16:21:25.159243107 CEST	443	49717	173.233.137.52	192.168.2.3
May 9, 2023 16:21:25.159337044 CEST	443	49717	173.233.137.52	192.168.2.3
May 9, 2023 16:21:25.159456015 CEST	49717	443	192.168.2.3	173.233.137.52
May 9, 2023 16:21:25.271440983 CEST	49717	443	192.168.2.3	173.233.137.52
May 9, 2023 16:21:25.271476030 CEST	443	49717	173.233.137.52	192.168.2.3
May 9, 2023 16:21:33.867769003 CEST	49718	80	192.168.2.3	192.243.59.13
May 9, 2023 16:21:33.868944883 CEST	49719	80	192.168.2.3	192.243.59.13
May 9, 2023 16:21:33.979022026 CEST	80	49718	192.243.59.13	192.168.2.3
May 9, 2023 16:21:33.979182959 CEST	49718	80	192.168.2.3	192.243.59.13
May 9, 2023 16:21:33.979525089 CEST	49718	80	192.168.2.3	192.243.59.13
May 9, 2023 16:21:33.980171919 CEST	80	49719	192.243.59.13	192.168.2.3
May 9, 2023 16:21:33.980288982 CEST	49719	80	192.168.2.3	192.243.59.13
May 9, 2023 16:21:34.090688944 CEST	80	49718	192.243.59.13	192.168.2.3
May 9, 2023 16:21:34.095195055 CEST	80	49718	192.243.59.13	192.168.2.3
May 9, 2023 16:21:34.143105030 CEST	49718	80	192.168.2.3	192.243.59.13
May 9, 2023 16:21:34.444838047 CEST	49720	443	192.168.2.3	173.233.139.164
May 9, 2023 16:21:34.444904089 CEST	443	49720	173.233.139.164	192.168.2.3
May 9, 2023 16:21:34.444987059 CEST	49720	443	192.168.2.3	173.233.139.164
May 9, 2023 16:21:34.445558071 CEST	49720	443	192.168.2.3	173.233.139.164
May 9, 2023 16:21:34.445585966 CEST	443	49720	173.233.139.164	192.168.2.3
May 9, 2023 16:21:34.790951967 CEST	443	49720	173.233.139.164	192.168.2.3
May 9, 2023 16:21:34.899102926 CEST	49720	443	192.168.2.3	173.233.139.164
May 9, 2023 16:21:34.966623068 CEST	49720	443	192.168.2.3	173.233.139.164
May 9, 2023 16:21:34.966674089 CEST	443	49720	173.233.139.164	192.168.2.3
May 9, 2023 16:21:34.970180035 CEST	443	49720	173.233.139.164	192.168.2.3
May 9, 2023 16:21:34.970252037 CEST	443	49720	173.233.139.164	192.168.2.3
May 9, 2023 16:21:34.970290899 CEST	49720	443	192.168.2.3	173.233.139.164
May 9, 2023 16:21:34.975483894 CEST	49720	443	192.168.2.3	173.233.139.164
May 9, 2023 16:21:34.975660086 CEST	49720	443	192.168.2.3	173.233.139.164
May 9, 2023 16:21:34.975678921 CEST	443	49720	173.233.139.164	192.168.2.3
May 9, 2023 16:21:34.975836992 CEST	443	49720	173.233.139.164	192.168.2.3
May 9, 2023 16:21:35.089834929 CEST	443	49720	173.233.139.164	192.168.2.3
May 9, 2023 16:21:35.089982986 CEST	49720	443	192.168.2.3	173.233.139.164
May 9, 2023 16:21:35.372220039 CEST	49720	443	192.168.2.3	173.233.139.164
May 9, 2023 16:21:35.372289896 CEST	443	49720	173.233.139.164	192.168.2.3
May 9, 2023 16:21:35.855272055 CEST	49721	443	192.168.2.3	173.233.139.164
May 9, 2023 16:21:35.855318069 CEST	443	49721	173.233.139.164	192.168.2.3
May 9, 2023 16:21:35.855431080 CEST	49721	443	192.168.2.3	173.233.139.164
May 9, 2023 16:21:35.855866909 CEST	49721	443	192.168.2.3	173.233.139.164
May 9, 2023 16:21:35.855887890 CEST	443	49721	173.233.139.164	192.168.2.3
May 9, 2023 16:21:36.071584940 CEST	443	49721	173.233.139.164	192.168.2.3
May 9, 2023 16:21:36.075227022 CEST	49721	443	192.168.2.3	173.233.139.164
May 9, 2023 16:21:36.075277090 CEST	443	49721	173.233.139.164	192.168.2.3
May 9, 2023 16:21:36.075789928 CEST	443	49721	173.233.139.164	192.168.2.3
May 9, 2023 16:21:36.078165054 CEST	49721	443	192.168.2.3	173.233.139.164
May 9, 2023 16:21:36.078294992 CEST	443	49721	173.233.139.164	192.168.2.3
May 9, 2023 16:21:36.078535080 CEST	49721	443	192.168.2.3	173.233.139.164
May 9, 2023 16:21:36.119421959 CEST	443	49721	173.233.139.164	192.168.2.3
May 9, 2023 16:21:36.325392962 CEST	443	49721	173.233.139.164	192.168.2.3
May 9, 2023 16:21:36.325488091 CEST	443	49721	173.233.139.164	192.168.2.3
May 9, 2023 16:21:36.325608015 CEST	49721	443	192.168.2.3	173.233.139.164
May 9, 2023 16:21:36.326776981 CEST	49721	443	192.168.2.3	173.233.139.164
May 9, 2023 16:21:36.326807022 CEST	443	49721	173.233.139.164	192.168.2.3
May 9, 2023 16:21:36.363130093 CEST	49722	443	192.168.2.3	173.233.139.164
May 9, 2023 16:21:36.363187075 CEST	443	49722	173.233.139.164	192.168.2.3
May 9, 2023 16:21:36.363284111 CEST	49722	443	192.168.2.3	173.233.139.164
May 9, 2023 16:21:36.363989115 CEST	49722	443	192.168.2.3	173.233.139.164
May 9, 2023 16:21:36.364008904 CEST	443	49722	173.233.139.164	192.168.2.3
May 9, 2023 16:21:36.583523035 CEST	443	49722	173.233.139.164	192.168.2.3
May 9, 2023 16:21:36.584172010 CEST	49722	443	192.168.2.3	173.233.139.164
May 9, 2023 16:21:36.584193945 CEST	443	49722	173.233.139.164	192.168.2.3
May 9, 2023 16:21:36.584717989 CEST	443	49722	173.233.139.164	192.168.2.3
May 9, 2023 16:21:36.585448980 CEST	49722	443	192.168.2.3	173.233.139.164
May 9, 2023 16:21:36.585608006 CEST	443	49722	173.233.139.164	192.168.2.3
May 9, 2023 16:21:36.586052895 CEST	49722	443	192.168.2.3	173.233.139.164
May 9, 2023 16:21:36.627419949 CEST	443	49722	173.233.139.164	192.168.2.3
May 9, 2023 16:21:36.839739084 CEST	443	49722	173.233.139.164	192.168.2.3
May 9, 2023 16:21:36.839842081 CEST	443	49722	173.233.139.164	192.168.2.3
May 9, 2023 16:21:36.839939117 CEST	49722	443	192.168.2.3	173.233.139.164
May 9, 2023 16:21:36.841726065 CEST	49722	443	192.168.2.3	173.233.139.164
May 9, 2023 16:21:36.841748953 CEST	443	49722	173.233.139.164	192.168.2.3
May 9, 2023 16:21:41.637264013 CEST	49718	80	192.168.2.3	192.243.59.13
May 9, 2023 16:21:41.758053064 CEST	80	49718	192.243.59.13	192.168.2.3
May 9, 2023 16:21:41.764591932 CEST	49723	443	192.168.2.3	173.233.139.164
May 9, 2023 16:21:41.764651060 CEST	443	49723	173.233.139.164	192.168.2.3
May 9, 2023 16:21:41.764743090 CEST	49723	443	192.168.2.3	173.233.139.164
May 9, 2023 16:21:41.765345097 CEST	49723	443	192.168.2.3	173.233.139.164
May 9, 2023 16:21:41.765376091 CEST	443	49723	173.233.139.164	192.168.2.3
May 9, 2023 16:21:41.844058037 CEST	49718	80	192.168.2.3	192.243.59.13
May 9, 2023 16:21:41.983751059 CEST	443	49723	173.233.139.164	192.168.2.3
May 9, 2023 16:21:41.984090090 CEST	49723	443	192.168.2.3	173.233.139.164
May 9, 2023 16:21:41.984153032 CEST	443	49723	173.233.139.164	192.168.2.3
May 9, 2023 16:21:41.984713078 CEST	443	49723	173.233.139.164	192.168.2.3
May 9, 2023 16:21:41.985187054 CEST	49723	443	192.168.2.3	173.233.139.164
May 9, 2023 16:21:41.985307932 CEST	443	49723	173.233.139.164	192.168.2.3
May 9, 2023 16:21:41.985366106 CEST	49723	443	192.168.2.3	173.233.139.164
May 9, 2023 16:21:42.031474113 CEST	443	49723	173.233.139.164	192.168.2.3
May 9, 2023 16:21:42.044070005 CEST	49723	443	192.168.2.3	173.233.139.164
May 9, 2023 16:21:42.247853041 CEST	443	49723	173.233.139.164	192.168.2.3
May 9, 2023 16:21:42.247956991 CEST	443	49723	173.233.139.164	192.168.2.3
May 9, 2023 16:21:42.248030901 CEST	49723	443	192.168.2.3	173.233.139.164
May 9, 2023 16:21:42.320893049 CEST	49723	443	192.168.2.3	173.233.139.164
May 9, 2023 16:21:42.320939064 CEST	443	49723	173.233.139.164	192.168.2.3
May 9, 2023 16:21:42.479166985 CEST	49724	443	192.168.2.3	173.233.139.164
May 9, 2023 16:21:42.479274988 CEST	443	49724	173.233.139.164	192.168.2.3
May 9, 2023 16:21:42.479422092 CEST	49724	443	192.168.2.3	173.233.139.164
May 9, 2023 16:21:42.479739904 CEST	49724	443	192.168.2.3	173.233.139.164
May 9, 2023 16:21:42.479772091 CEST	443	49724	173.233.139.164	192.168.2.3
May 9, 2023 16:21:42.697278023 CEST	443	49724	173.233.139.164	192.168.2.3
May 9, 2023 16:21:42.699618101 CEST	49724	443	192.168.2.3	173.233.139.164
May 9, 2023 16:21:42.699664116 CEST	443	49724	173.233.139.164	192.168.2.3
May 9, 2023 16:21:42.700572968 CEST	443	49724	173.233.139.164	192.168.2.3
May 9, 2023 16:21:42.703047991 CEST	49724	443	192.168.2.3	173.233.139.164
May 9, 2023 16:21:42.703263998 CEST	443	49724	173.233.139.164	192.168.2.3
May 9, 2023 16:21:42.703439951 CEST	49724	443	192.168.2.3	173.233.139.164
May 9, 2023 16:21:42.747423887 CEST	443	49724	173.233.139.164	192.168.2.3
May 9, 2023 16:21:42.949511051 CEST	443	49724	173.233.139.164	192.168.2.3
May 9, 2023 16:21:42.949712038 CEST	443	49724	173.233.139.164	192.168.2.3
May 9, 2023 16:21:42.949836016 CEST	49724	443	192.168.2.3	173.233.139.164
May 9, 2023 16:21:42.978924990 CEST	49724	443	192.168.2.3	173.233.139.164
May 9, 2023 16:21:42.978991032 CEST	443	49724	173.233.139.164	192.168.2.3
May 9, 2023 16:21:43.084062099 CEST	49725	443	192.168.2.3	173.233.139.164
May 9, 2023 16:21:43.084110022 CEST	443	49725	173.233.139.164	192.168.2.3
May 9, 2023 16:21:43.084177971 CEST	49725	443	192.168.2.3	173.233.139.164
May 9, 2023 16:21:43.084520102 CEST	49725	443	192.168.2.3	173.233.139.164
May 9, 2023 16:21:43.084534883 CEST	443	49725	173.233.139.164	192.168.2.3
May 9, 2023 16:21:43.304006100 CEST	443	49725	173.233.139.164	192.168.2.3
May 9, 2023 16:21:43.304452896 CEST	49725	443	192.168.2.3	173.233.139.164
May 9, 2023 16:21:43.304871082 CEST	443	49725	173.233.139.164	192.168.2.3
May 9, 2023 16:21:43.305675983 CEST	443	49725	173.233.139.164	192.168.2.3
May 9, 2023 16:21:43.306185007 CEST	49725	443	192.168.2.3	173.233.139.164
May 9, 2023 16:21:43.306340933 CEST	443	49725	173.233.139.164	192.168.2.3
May 9, 2023 16:21:43.306376934 CEST	49725	443	192.168.2.3	173.233.139.164
May 9, 2023 16:21:43.347430944 CEST	443	49725	173.233.139.164	192.168.2.3
May 9, 2023 16:21:43.456480980 CEST	49725	443	192.168.2.3	173.233.139.164
May 9, 2023 16:21:43.560399055 CEST	443	49725	173.233.139.164	192.168.2.3
May 9, 2023 16:21:43.560539007 CEST	443	49725	173.233.139.164	192.168.2.3
May 9, 2023 16:21:43.560647964 CEST	49725	443	192.168.2.3	173.233.139.164
May 9, 2023 16:21:43.565738916 CEST	49725	443	192.168.2.3	173.233.139.164
May 9, 2023 16:21:43.565793037 CEST	443	49725	173.233.139.164	192.168.2.3
May 9, 2023 16:21:51.762765884 CEST	80	49718	192.243.59.13	192.168.2.3
May 9, 2023 16:21:51.762980938 CEST	49718	80	192.168.2.3	192.243.59.13
May 9, 2023 16:21:52.382790089 CEST	49718	80	192.168.2.3	192.243.59.13
May 9, 2023 16:21:52.495547056 CEST	80	49718	192.243.59.13	192.168.2.3
May 9, 2023 16:22:05.956866980 CEST	49700	443	192.168.2.3	142.250.203.109
May 9, 2023 16:22:05.956914902 CEST	443	49700	142.250.203.109	192.168.2.3
May 9, 2023 16:22:05.972434998 CEST	49701	443	192.168.2.3	142.250.203.110
May 9, 2023 16:22:05.972460985 CEST	443	49701	142.250.203.110	192.168.2.3
May 9, 2023 16:22:18.988262892 CEST	49719	80	192.168.2.3	192.243.59.13
May 9, 2023 16:22:19.099919081 CEST	80	49719	192.243.59.13	192.168.2.3
May 9, 2023 16:22:21.882492065 CEST	49700	443	192.168.2.3	142.250.203.109
May 9, 2023 16:22:21.882522106 CEST	49701	443	192.168.2.3	142.250.203.110
May 9, 2023 16:22:21.882612944 CEST	443	49700	142.250.203.109	192.168.2.3
May 9, 2023 16:22:21.882621050 CEST	443	49701	142.250.203.110	192.168.2.3
May 9, 2023 16:22:21.882710934 CEST	49700	443	192.168.2.3	142.250.203.109
May 9, 2023 16:22:21.882741928 CEST	49701	443	192.168.2.3	142.250.203.110
May 9, 2023 16:22:22.325160980 CEST	49728	443	192.168.2.3	142.250.203.100
May 9, 2023 16:22:22.325213909 CEST	443	49728	142.250.203.100	192.168.2.3
May 9, 2023 16:22:22.325320959 CEST	49728	443	192.168.2.3	142.250.203.100
May 9, 2023 16:22:22.325638056 CEST	49728	443	192.168.2.3	142.250.203.100
May 9, 2023 16:22:22.325654984 CEST	443	49728	142.250.203.100	192.168.2.3
May 9, 2023 16:22:22.382280111 CEST	443	49728	142.250.203.100	192.168.2.3
May 9, 2023 16:22:22.382721901 CEST	49728	443	192.168.2.3	142.250.203.100
May 9, 2023 16:22:22.382778883 CEST	443	49728	142.250.203.100	192.168.2.3
May 9, 2023 16:22:22.384632111 CEST	443	49728	142.250.203.100	192.168.2.3
May 9, 2023 16:22:22.385220051 CEST	49728	443	192.168.2.3	142.250.203.100
May 9, 2023 16:22:22.385407925 CEST	443	49728	142.250.203.100	192.168.2.3
May 9, 2023 16:22:22.427515984 CEST	49728	443	192.168.2.3	142.250.203.100
May 9, 2023 16:22:32.374314070 CEST	443	49728	142.250.203.100	192.168.2.3
May 9, 2023 16:22:32.374385118 CEST	443	49728	142.250.203.100	192.168.2.3
May 9, 2023 16:22:32.374561071 CEST	49728	443	192.168.2.3	142.250.203.100
May 9, 2023 16:22:33.882668972 CEST	49728	443	192.168.2.3	142.250.203.100
May 9, 2023 16:22:33.882742882 CEST	443	49728	142.250.203.100	192.168.2.3
May 9, 2023 16:22:34.092200041 CEST	80	49719	192.243.59.13	192.168.2.3
May 9, 2023 16:22:34.092386007 CEST	49719	80	192.168.2.3	192.243.59.13
May 9, 2023 16:22:35.882921934 CEST	49719	80	192.168.2.3	192.243.59.13
May 9, 2023 16:22:35.997585058 CEST	80	49719	192.243.59.13	192.168.2.3

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 9, 2023 16:21:19.139998913 CEST	49977	53	192.168.2.3	8.8.8.8
May 9, 2023 16:21:19.152288914 CEST	57840	53	192.168.2.3	8.8.8.8
May 9, 2023 16:21:19.155132055 CEST	53	49977	8.8.8.8	192.168.2.3
May 9, 2023 16:21:19.186033010 CEST	53	57840	8.8.8.8	192.168.2.3
May 9, 2023 16:21:21.713274956 CEST	49302	53	192.168.2.3	8.8.8.8
May 9, 2023 16:21:21.733501911 CEST	53	49302	8.8.8.8	192.168.2.3
May 9, 2023 16:21:22.393234015 CEST	51139	53	192.168.2.3	8.8.8.8
May 9, 2023 16:21:22.445396900 CEST	53	51139	8.8.8.8	192.168.2.3
May 9, 2023 16:21:22.825963020 CEST	60582	53	192.168.2.3	8.8.8.8
May 9, 2023 16:21:22.845951080 CEST	53	60582	8.8.8.8	192.168.2.3
May 9, 2023 16:21:33.808039904 CEST	60767	53	192.168.2.3	8.8.8.8
May 9, 2023 16:21:33.828339100 CEST	53	60767	8.8.8.8	192.168.2.3
May 9, 2023 16:21:34.370079041 CEST	53848	53	192.168.2.3	8.8.8.8
May 9, 2023 16:21:34.398682117 CEST	53	53848	8.8.8.8	192.168.2.3
May 9, 2023 16:22:22.304013014 CEST	58301	53	192.168.2.3	8.8.8.8
May 9, 2023 16:22:22.323419094 CEST	53	58301	8.8.8.8	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
May 9, 2023 16:21:19.139998913 CEST	192.168.2.3	8.8.8.8	0xf699	Standard query (0)	accounts.google.com	A (IP address)	IN (0x0001)	false
May 9, 2023 16:21:19.152288914 CEST	192.168.2.3	8.8.8.8	0xe30e	Standard query (0)	clients2.google.com	A (IP address)	IN (0x0001)	false
May 9, 2023 16:21:21.713274956 CEST	192.168.2.3	8.8.8.8	0x4bcb	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
May 9, 2023 16:21:22.393234015 CEST	192.168.2.3	8.8.8.8	0xe2f2	Standard query (0)	yavkus.online	A (IP address)	IN (0x0001)	false
May 9, 2023 16:21:22.825963020 CEST	192.168.2.3	8.8.8.8	0xb6c6	Standard query (0)	www.highrevenuegate.com	A (IP address)	IN (0x0001)	false
May 9, 2023 16:21:33.808039904 CEST	192.168.2.3	8.8.8.8	0xddb6	Standard query (0)	highperformancedformats.com	A (IP address)	IN (0x0001)	false
May 9, 2023 16:21:34.370079041 CEST	192.168.2.3	8.8.8.8	0xf159	Standard query (0)	practicallyfire.com	A (IP address)	IN (0x0001)	false
May 9, 2023 16:22:22.304013014 CEST	192.168.2.3	8.8.8.8	0x9bd	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
May 9, 2023 16:21:10.112092018 CEST	8.8.8.8	192.168.2.3	0x1bf1	No error (0)	windowsupdatebg.s.llnwi.net		178.79.225.128	A (IP address)	IN (0x0001)	false
May 9, 2023 16:21:10.112092018 CEST	8.8.8.8	192.168.2.3	0x1bf1	No error (0)	windowsupdatebg.s.llnwi.net		95.140.230.128	A (IP address)	IN (0x0001)	false
May 9, 2023 16:21:10.385524035 CEST	8.8.8.8	192.168.2.3	0xb635	No error (0)	windowsupdatebg.s.llnwi.net		178.79.225.128	A (IP address)	IN (0x0001)	false
May 9, 2023 16:21:10.385524035 CEST	8.8.8.8	192.168.2.3	0xb635	No error (0)	windowsupdatebg.s.llnwi.net		95.140.230.128	A (IP address)	IN (0x0001)	false
May 9, 2023 16:21:19.155132055 CEST	8.8.8.8	192.168.2.3	0xf699	No error (0)	accounts.google.com		142.250.203.109	A (IP address)	IN (0x0001)	false
May 9, 2023 16:21:19.186033010 CEST	8.8.8.8	192.168.2.3	0xe30e	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
May 9, 2023 16:21:19.186033010 CEST	8.8.8.8	192.168.2.3	0xe30e	No error (0)	clients.l.google.com		142.250.203.110	A (IP address)	IN (0x0001)	false
May 9, 2023 16:21:21.733501911 CEST	8.8.8.8	192.168.2.3	0x4bcb	No error (0)	www.google.com		142.250.203.100	A (IP address)	IN (0x0001)	false
May 9, 2023 16:21:22.445396900 CEST	8.8.8.8	192.168.2.3	0xe2f2	No error (0)	yavkus.online		94.130.51.141	A (IP address)	IN (0x0001)	false
May 9, 2023 16:21:22.845951080 CEST	8.8.8.8	192.168.2.3	0xb6c6	No error (0)	www.highrevenuegate.com		173.233.137.52	A (IP address)	IN (0x0001)	false
May 9, 2023 16:21:22.845951080 CEST	8.8.8.8	192.168.2.3	0xb6c6	No error (0)	www.highrevenuegate.com		173.233.139.164	A (IP address)	IN (0x0001)	false
May 9, 2023 16:21:22.845951080 CEST	8.8.8.8	192.168.2.3	0xb6c6	No error (0)	www.highrevenuegate.com		192.243.59.13	A (IP address)	IN (0x0001)	false
May 9, 2023 16:21:22.845951080 CEST	8.8.8.8	192.168.2.3	0xb6c6	No error (0)	www.highrevenuegate.com		192.243.59.20	A (IP address)	IN (0x0001)	false
May 9, 2023 16:21:22.845951080 CEST	8.8.8.8	192.168.2.3	0xb6c6	No error (0)	www.highrevenuegate.com		192.243.61.227	A (IP address)	IN (0x0001)	false
May 9, 2023 16:21:22.845951080 CEST	8.8.8.8	192.168.2.3	0xb6c6	No error (0)	www.highrevenuegate.com		173.233.137.60	A (IP address)	IN (0x0001)	false
May 9, 2023 16:21:22.845951080 CEST	8.8.8.8	192.168.2.3	0xb6c6	No error (0)	www.highrevenuegate.com		173.233.137.44	A (IP address)	IN (0x0001)	false
May 9, 2023 16:21:22.845951080 CEST	8.8.8.8	192.168.2.3	0xb6c6	No error (0)	www.highrevenuegate.com		192.243.61.225	A (IP address)	IN (0x0001)	false
May 9, 2023 16:21:22.845951080 CEST	8.8.8.8	192.168.2.3	0xb6c6	No error (0)	www.highrevenuegate.com		192.243.59.12	A (IP address)	IN (0x0001)	false
May 9, 2023 16:21:22.845951080 CEST	8.8.8.8	192.168.2.3	0xb6c6	No error (0)	www.highrevenuegate.com		173.233.137.36	A (IP address)	IN (0x0001)	false
May 9, 2023 16:21:33.828339100 CEST	8.8.8.8	192.168.2.3	0xddb6	No error (0)	highperformancedformats.com		192.243.59.13	A (IP address)	IN (0x0001)	false
May 9, 2023 16:21:33.828339100 CEST	8.8.8.8	192.168.2.3	0xddb6	No error (0)	highperformancedformats.com		192.243.61.227	A (IP address)	IN (0x0001)	false
May 9, 2023 16:21:33.828339100 CEST	8.8.8.8	192.168.2.3	0xddb6	No error (0)	highperformancedformats.com		192.243.61.225	A (IP address)	IN (0x0001)	false
May 9, 2023 16:21:33.828339100 CEST	8.8.8.8	192.168.2.3	0xddb6	No error (0)	highperformancedformats.com		173.233.139.164	A (IP address)	IN (0x0001)	false
May 9, 2023 16:21:33.828339100 CEST	8.8.8.8	192.168.2.3	0xddb6	No error (0)	highperformancedformats.com		192.243.59.12	A (IP address)	IN (0x0001)	false
May 9, 2023 16:21:33.828339100 CEST	8.8.8.8	192.168.2.3	0xddb6	No error (0)	highperformancedformats.com		173.233.137.60	A (IP address)	IN (0x0001)	false
May 9, 2023 16:21:33.828339100 CEST	8.8.8.8	192.168.2.3	0xddb6	No error (0)	highperformancedformats.com		173.233.137.36	A (IP address)	IN (0x0001)	false
May 9, 2023 16:21:33.828339100 CEST	8.8.8.8	192.168.2.3	0xddb6	No error (0)	highperformancedformats.com		173.233.137.44	A (IP address)	IN (0x0001)	false
May 9, 2023 16:21:33.828339100 CEST	8.8.8.8	192.168.2.3	0xddb6	No error (0)	highperformancedformats.com		173.233.137.52	A (IP address)	IN (0x0001)	false
May 9, 2023 16:21:33.828339100 CEST	8.8.8.8	192.168.2.3	0xddb6	No error (0)	highperformancedformats.com		192.243.59.20	A (IP address)	IN (0x0001)	false
May 9, 2023 16:21:34.398682117 CEST	8.8.8.8	192.168.2.3	0xf159	No error (0)	practicallyfire.com		173.233.139.164	A (IP address)	IN (0x0001)	false
May 9, 2023 16:21:34.398682117 CEST	8.8.8.8	192.168.2.3	0xf159	No error (0)	practicallyfire.com		192.243.59.20	A (IP address)	IN (0x0001)	false
May 9, 2023 16:21:34.398682117 CEST	8.8.8.8	192.168.2.3	0xf159	No error (0)	practicallyfire.com		173.233.137.52	A (IP address)	IN (0x0001)	false
May 9, 2023 16:21:34.398682117 CEST	8.8.8.8	192.168.2.3	0xf159	No error (0)	practicallyfire.com		173.233.137.60	A (IP address)	IN (0x0001)	false
May 9, 2023 16:21:34.398682117 CEST	8.8.8.8	192.168.2.3	0xf159	No error (0)	practicallyfire.com		192.243.59.12	A (IP address)	IN (0x0001)	false
May 9, 2023 16:21:34.398682117 CEST	8.8.8.8	192.168.2.3	0xf159	No error (0)	practicallyfire.com		192.243.61.225	A (IP address)	IN (0x0001)	false
May 9, 2023 16:21:34.398682117 CEST	8.8.8.8	192.168.2.3	0xf159	No error (0)	practicallyfire.com		192.243.61.227	A (IP address)	IN (0x0001)	false
May 9, 2023 16:21:34.398682117 CEST	8.8.8.8	192.168.2.3	0xf159	No error (0)	practicallyfire.com		173.233.137.36	A (IP address)	IN (0x0001)	false
May 9, 2023 16:21:34.398682117 CEST	8.8.8.8	192.168.2.3	0xf159	No error (0)	practicallyfire.com		173.233.137.44	A (IP address)	IN (0x0001)	false
May 9, 2023 16:21:34.398682117 CEST	8.8.8.8	192.168.2.3	0xf159	No error (0)	practicallyfire.com		192.243.59.13	A (IP address)	IN (0x0001)	false
May 9, 2023 16:22:22.323419094 CEST	8.8.8.8	192.168.2.3	0x9bd	No error (0)	www.google.com		142.250.203.100	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

clients2.google.com

accounts.google.com

www.google.com

https:

yavkus.online

www.highrevenuegate.com

practicallyfire.com

highperformancedformats.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.3	49699	142.250.203.110	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.3	49698	142.250.203.109	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	192.168.2.3	49721	173.233.139.164	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	192.168.2.3	49722	173.233.139.164	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
12	192.168.2.3	49723	173.233.139.164	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
13	192.168.2.3	49724	173.233.139.164	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
14	192.168.2.3	49725	173.233.139.164	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
15	192.168.2.3	49718	192.243.59.13	80	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
May 9, 2023 16:21:33.979525089 CEST	1141	OUT	GET /anonymous/ HTTP/1.1 Host: highperformancedformats.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
May 9, 2023 16:21:34.095195055 CEST	1142	IN	HTTP/1.1 307 Temporary Redirect Server: nginx/1.19.5 Date: Tue, 09 May 2023 14:21:34 GMT Content-Type: text/html Content-Length: 0 Connection: keep-alive P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA Location: https://practicallyfire.com/zhwawric6?key=e88e0e88f8c3848121a42c50d479d708 Expires: Thu, 01 Jan 1970 00:00:01 GMT Cache-Control: no-cache X-Request-ID: 8ff6c74799a91cda59445148bde70f49 Strict-Transport-Security: max-age=0; includeSubdomains
May 9, 2023 16:21:41.637264013 CEST	1156	OUT	GET /anonymous/ HTTP/1.1 Host: highperformancedformats.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
May 9, 2023 16:21:41.758053064 CEST	1157	IN	HTTP/1.1 307 Temporary Redirect Server: nginx/1.19.5 Date: Tue, 09 May 2023 14:21:41 GMT Content-Type: text/html Content-Length: 0 Connection: keep-alive P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA Location: https://practicallyfire.com/zhwawric6?key=e88e0e88f8c3848121a42c50d479d708 Expires: Thu, 01 Jan 1970 00:00:01 GMT Cache-Control: no-cache X-Request-ID: 501abe4c27b2592d0bae69332aef5ff5 Strict-Transport-Security: max-age=0; includeSubdomains

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
16	192.168.2.3	49719	192.243.59.13	80	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
May 9, 2023 16:22:18.988262892 CEST	1215	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.3	49706	142.250.203.100	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.3	49707	94.130.51.141	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.3	49709	173.233.137.52	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.3	49710	173.233.137.52	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.3	49714	173.233.137.52	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.3	49715	173.233.137.52	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.3	49717	173.233.137.52	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	192.168.2.3	49720	173.233.139.164	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.3	49699	142.250.203.110	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-05-09 14:21:20 UTC	0	OUT	GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1 Host: clients2.google.com Connection: keep-alive X-Goog-Update-Interactivity: fg X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda X-Goog-Update-Updater: chromecrx-104.0.5112.81 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-05-09 14:21:20 UTC	1	IN	HTTP/1.1 200 OK Content-Security-Policy: script-src 'report-sample' 'nonce-Pm9Rk3d8BJmVUuu8XWFrWw' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 09 May 2023 14:21:20 GMT Content-Type: text/xml; charset=UTF-8 X-Daynum: 5972 X-Daystart: 26480 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-05-09 14:21:20 UTC	1	IN	Data Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 35 39 37 32 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 32 36 34 38 30 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="5972" elapsed_seconds="26480"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
2023-05-09 14:21:20 UTC	2	IN	Data Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
2023-05-09 14:21:20 UTC	2	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.3	49698	142.250.203.109	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-05-09 14:21:20 UTC	0	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: CONSENT=PENDING+904; SOCS=CAISHAgCEhJnd3NfMjAyMjA4MDgtMF9SQzEaAmVuIAEaBgiAvOuXBg
2023-05-09 14:21:20 UTC	1	OUT	Data Raw: 20 Data Ascii:
2023-05-09 14:21:20 UTC	2	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Access-Control-Allow-Origin: https://www.google.com Access-Control-Allow-Credentials: true X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 09 May 2023 14:21:20 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-platform=, ch-ua-platform-version= Content-Security-Policy: script-src 'report-sample' 'nonce-l76ueCJDmCEx03Sli0f1PA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport Cross-Origin-Opener-Policy: same-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Server: ESF X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-05-09 14:21:20 UTC	4	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2023-05-09 14:21:20 UTC	4	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	192.168.2.3	49721	173.233.139.164	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-05-09 14:21:36 UTC	18	OUT	GET /favicon.ico HTTP/1.1 Host: practicallyfire.com Connection: keep-alive sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 sec-ch-ua-full-version: "104.0.5112.81" sec-ch-ua-platform-version: "6.0.0" sec-ch-ua-full-version-list: "Chromium";v="104.0.5112.81", " Not A;Brand";v="99.0.0.0", "Google Chrome";v="104.0.5112.81" sec-ch-ua-model: sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://practicallyfire.com/zhwawric6?key=e88e0e88f8c3848121a42c50d479d708 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: u_pl=19172475
2023-05-09 14:21:36 UTC	19	IN	HTTP/1.1 200 OK Server: nginx/1.19.5 Date: Tue, 09 May 2023 14:21:36 GMT Content-Type: image/x-icon Content-Length: 0 Connection: close Expires: Thu, 01 Jan 1970 00:00:01 GMT Cache-Control: no-cache X-Request-ID: d239c086c21714ac81ca6d991569a27f Strict-Transport-Security: max-age=0; includeSubdomains

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	192.168.2.3	49722	173.233.139.164	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-05-09 14:21:36 UTC	19	OUT	GET /favicon.ico HTTP/1.1 Host: practicallyfire.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: u_pl=19172475
2023-05-09 14:21:36 UTC	19	IN	HTTP/1.1 200 OK Server: nginx/1.19.5 Date: Tue, 09 May 2023 14:21:36 GMT Content-Type: image/x-icon Content-Length: 0 Connection: close Expires: Thu, 01 Jan 1970 00:00:01 GMT Cache-Control: no-cache X-Request-ID: fd96f4d4d41b3fab497a9a57ce743a00 Strict-Transport-Security: max-age=0; includeSubdomains

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
12	192.168.2.3	49723	173.233.139.164	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-05-09 14:21:41 UTC	20	OUT	GET /zhwawric6?key=e88e0e88f8c3848121a42c50d479d708 HTTP/1.1 Host: practicallyfire.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 sec-ch-ua-full-version: "104.0.5112.81" sec-ch-ua-platform: "Windows" sec-ch-ua-platform-version: "6.0.0" sec-ch-ua-model: "" sec-ch-ua-full-version-list: "Chromium";v="104.0.5112.81", " Not A;Brand";v="99.0.0.0", "Google Chrome";v="104.0.5112.81" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: u_pl=19172475
2023-05-09 14:21:42 UTC	21	IN	HTTP/1.1 200 OK Server: nginx/1.19.5 Date: Tue, 09 May 2023 14:21:42 GMT Content-Type: text/html Content-Length: 115 Connection: close P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA Expires: Thu, 01 Jan 1970 00:00:01 GMT Cache-Control: no-cache X-Request-ID: 0f9801c7bb339c60732784bef15208a0 Strict-Transport-Security: max-age=0; includeSubdomains
2023-05-09 14:21:42 UTC	21	IN	Data Raw: 3c 61 20 68 72 65 66 20 3d 20 27 68 74 74 70 3a 2f 2f 68 69 67 68 70 65 72 66 6f 72 6d 61 6e 63 65 64 66 6f 72 6d 61 74 73 2e 63 6f 6d 2f 61 6e 6f 6e 79 6d 6f 75 73 2f 27 20 74 61 72 67 65 74 3d 27 5f 62 6c 61 6e 6b 27 3e 41 6e 6f 6e 79 6d 6f 75 73 20 50 72 6f 78 79 20 64 65 74 65 63 74 65 64 2c 20 63 6c 69 63 6b 20 68 65 72 65 2e 3c 2f 61 3e Data Ascii: <a href = 'http://highperformancedformats.com/anonymous/' target='_blank'>Anonymous Proxy detected, click here.</a>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
13	192.168.2.3	49724	173.233.139.164	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-05-09 14:21:42 UTC	21	OUT	GET /favicon.ico HTTP/1.1 Host: practicallyfire.com Connection: keep-alive sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 sec-ch-ua-full-version: "104.0.5112.81" sec-ch-ua-platform-version: "6.0.0" sec-ch-ua-full-version-list: "Chromium";v="104.0.5112.81", " Not A;Brand";v="99.0.0.0", "Google Chrome";v="104.0.5112.81" sec-ch-ua-model: sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://practicallyfire.com/zhwawric6?key=e88e0e88f8c3848121a42c50d479d708 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: u_pl=19172475
2023-05-09 14:21:42 UTC	22	IN	HTTP/1.1 200 OK Server: nginx/1.19.5 Date: Tue, 09 May 2023 14:21:42 GMT Content-Type: image/x-icon Content-Length: 0 Connection: close Expires: Thu, 01 Jan 1970 00:00:01 GMT Cache-Control: no-cache X-Request-ID: 6c0a57a68ed22f63c8bd80c1a88f4cd0 Strict-Transport-Security: max-age=0; includeSubdomains

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
14	192.168.2.3	49725	173.233.139.164	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-05-09 14:21:43 UTC	23	OUT	GET /favicon.ico HTTP/1.1 Host: practicallyfire.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: u_pl=19172475
2023-05-09 14:21:43 UTC	23	IN	HTTP/1.1 200 OK Server: nginx/1.19.5 Date: Tue, 09 May 2023 14:21:43 GMT Content-Type: image/x-icon Content-Length: 0 Connection: close Expires: Thu, 01 Jan 1970 00:00:01 GMT Cache-Control: no-cache X-Request-ID: 6739f6ad37cfbbf9490ea62baa87c89c Strict-Transport-Security: max-age=0; includeSubdomains

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.3	49706	142.250.203.100	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-05-09 14:21:22 UTC	4	OUT	GET /url?rct=j&sa=t&url=https://yavkus.online/296550-holly-willoughby-and-andrea-mclean-just-wore-matching-high-street-outfits-you-magazine&ct=ga&cd=CAEYACoTNjEzMzgzNzU3NTU4NDczNjY4MzIcODJmMWUyMjYyZWEyMjcxNDpjby51azplbjpHQg&usg=AOvVaw0yADjsZb33GgkW_ktbQIFH HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 X-Client-Data: CI22yQEIpbbJAQjBtskBCKmdygEI0e3KAQiSocsBCPyqzAEIvLzMAQjHvMwBCOfAzAEIm8HMAQiywcwBCMTBzAEI18HMAQjZxMwBCMrGzAEInMnMAQjjy8wB Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: CONSENT=PENDING+904; SOCS=CAISHAgCEhJnd3NfMjAyMjA4MDgtMF9SQzEaAmVuIAEaBgiAvOuXBg
2023-05-09 14:21:22 UTC	5	IN	HTTP/1.1 200 OK Date: Tue, 09 May 2023 14:21:22 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, must-revalidate Content-Type: text/html; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-TyY6Ot2aTMMaFOGUbXgNVw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Server: gws X-XSS-Protection: 0 Set-Cookie: NID=511=WBdSLw0kETXqrNbu_e0J1oIsHsAVod0mVAkQLacx5SN_7UT3im-fUFFlb0kfLmIyhAmEv9sP4RIDWIIDR5kGqyxiTsN4zd5JJvzMNF7jt1inTcXPyLSo6BKDCH1daLeCjYL_flz9Ql4yFyE3GCKDZxxzo-XMQCgGsHJeHl5q_w4; expires=Wed, 08-Nov-2023 14:21:22 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-05-09 14:21:22 UTC	7	IN	Data Raw: 35 32 31 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 47 42 22 3e 20 3c 68 65 61 64 3e 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6f 72 69 67 69 6e 22 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 3e 20 20 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 54 79 59 36 4f 74 32 61 54 4d 4d 61 46 4f 47 55 62 58 67 4e 56 77 22 3e 77 69 6e 64 6f 77 2e 67 6f 6f 67 6c 65 20 3d 20 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 76 61 72 20 64 3d 74 68 69 73 7c 7c 73 65 6c 66 3b 76 61 72 20 65 3d 66 75 6e 63 74 69 6f 6e 28 63 29 7b 74 68 69 73 2e 67 3d 63 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 74 6f 53 74 72 69 6e 67 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 67 2e 74 6f 53 74 72 69 6e 67 28 29 7d 3b 65 2e 70 72 6f 74 6f 74 Data Ascii: 521<html lang="en-GB"> <head> <meta content="origin" name="referrer"> <script nonce="TyY6Ot2aTMMaFOGUbXgNVw">window.google = {};(function(){var d=this\|\|self;var e=function(c){this.g=c};e.prototype.toString=function(){return this.g.toString()};e.protot
2023-05-09 14:21:22 UTC	8	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.3	49707	94.130.51.141	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-05-09 14:21:22 UTC	8	OUT	GET /296550-holly-willoughby-and-andrea-mclean-just-wore-matching-high-street-outfits-you-magazine HTTP/1.1 Host: yavkus.online Connection: keep-alive sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://www.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-05-09 14:21:22 UTC	9	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 09 May 2023 14:21:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff X-Server-Powered-By: Engintron
2023-05-09 14:21:22 UTC	9	IN	Data Raw: 34 62 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 79 61 76 6b 75 73 2e 6f 6e 6c 69 6e 65 20 2d 20 48 6f 6c 6c 79 20 57 69 6c 6c 6f 75 67 68 62 79 20 61 6e 64 20 41 6e 64 72 65 61 20 4d 63 4c 65 61 6e 20 6a 75 73 74 20 77 6f 72 65 20 6d 61 74 63 68 69 6e 67 20 68 69 67 68 20 73 74 72 65 65 74 20 6f 75 74 66 69 74 73 20 59 4f 55 20 4d 61 67 61 7a 69 6e 65 3c 2f 74 69 74 6c 65 3e 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 74 61 67 20 28 67 74 61 67 2e 6a 73 29 20 2d 2d 3e 0a 3c 73 63 72 69 70 74 20 61 73 79 6e 63 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 74 61 67 6d 61 6e 61 67 65 72 2e 63 6f 6d 2f 67 74 61 67 2f 6a 73 3f 69 64 3d 55 Data Ascii: 4b8<!DOCTYPE html><html lang="en"><head><title>yavkus.online - Holly Willoughby and Andrea McLean just wore matching high street outfits YOU Magazine</title>... Google tag (gtag.js) --><script async src="https://www.googletagmanager.com/gtag/js?id=U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.3	49709	173.233.137.52	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-05-09 14:21:23 UTC	10	OUT	GET /ij6sk7s1?key=55f17a9fee68ea1b6f4ccfa2d96ecf6e HTTP/1.1 Host: www.highrevenuegate.com Connection: keep-alive sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://yavkus.online/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-05-09 14:21:23 UTC	11	IN	HTTP/1.1 200 OK Server: nginx/1.19.5 Date: Tue, 09 May 2023 14:21:23 GMT Content-Type: text/html Content-Length: 115 Connection: close P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA Set-Cookie: u_pl=18974811; expires=Wed, 10 May 2023 14:21:23 GMT Expires: Thu, 01 Jan 1970 00:00:01 GMT Cache-Control: no-cache X-Request-ID: bb0d2ce89b2234addeb88910a64ea4b1 Strict-Transport-Security: max-age=0; includeSubdomains
2023-05-09 14:21:23 UTC	12	IN	Data Raw: 3c 61 20 68 72 65 66 20 3d 20 27 68 74 74 70 3a 2f 2f 68 69 67 68 70 65 72 66 6f 72 6d 61 6e 63 65 64 66 6f 72 6d 61 74 73 2e 63 6f 6d 2f 61 6e 6f 6e 79 6d 6f 75 73 2f 27 20 74 61 72 67 65 74 3d 27 5f 62 6c 61 6e 6b 27 3e 41 6e 6f 6e 79 6d 6f 75 73 20 50 72 6f 78 79 20 64 65 74 65 63 74 65 64 2c 20 63 6c 69 63 6b 20 68 65 72 65 2e 3c 2f 61 3e Data Ascii: <a href = 'http://highperformancedformats.com/anonymous/' target='_blank'>Anonymous Proxy detected, click here.</a>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.3	49710	173.233.137.52	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-05-09 14:21:23 UTC	12	OUT	GET /favicon.ico HTTP/1.1 Host: www.highrevenuegate.com Connection: keep-alive sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 sec-ch-ua-full-version: "104.0.5112.81" sec-ch-ua-platform-version: "6.0.0" sec-ch-ua-full-version-list: "Chromium";v="104.0.5112.81", " Not A;Brand";v="99.0.0.0", "Google Chrome";v="104.0.5112.81" sec-ch-ua-model: sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.highrevenuegate.com/ij6sk7s1?key=55f17a9fee68ea1b6f4ccfa2d96ecf6e Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: u_pl=18974811
2023-05-09 14:21:23 UTC	13	IN	HTTP/1.1 200 OK Server: nginx/1.19.5 Date: Tue, 09 May 2023 14:21:23 GMT Content-Type: image/x-icon Content-Length: 0 Connection: close Expires: Thu, 01 Jan 1970 00:00:01 GMT Cache-Control: no-cache X-Request-ID: 4a9bb1711054d867df6491572c04cb94 Strict-Transport-Security: max-age=0; includeSubdomains

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.3	49714	173.233.137.52	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-05-09 14:21:24 UTC	13	OUT	GET /ij6sk7s1?key=55f17a9fee68ea1b6f4ccfa2d96ecf6e HTTP/1.1 Host: www.highrevenuegate.com Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 sec-ch-ua-full-version: "104.0.5112.81" sec-ch-ua-platform: "Windows" sec-ch-ua-platform-version: "6.0.0" sec-ch-ua-model: "" sec-ch-ua-full-version-list: "Chromium";v="104.0.5112.81", " Not A;Brand";v="99.0.0.0", "Google Chrome";v="104.0.5112.81" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://www.highrevenuegate.com/ij6sk7s1?key=55f17a9fee68ea1b6f4ccfa2d96ecf6e Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: u_pl=18974811
2023-05-09 14:21:24 UTC	14	IN	HTTP/1.1 200 OK Server: nginx/1.19.5 Date: Tue, 09 May 2023 14:21:24 GMT Content-Type: text/html Content-Length: 115 Connection: close P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA Expires: Thu, 01 Jan 1970 00:00:01 GMT Cache-Control: no-cache X-Request-ID: b3c9eba0535d106af134c1a6bf1564d1 Strict-Transport-Security: max-age=0; includeSubdomains
2023-05-09 14:21:24 UTC	15	IN	Data Raw: 3c 61 20 68 72 65 66 20 3d 20 27 68 74 74 70 3a 2f 2f 68 69 67 68 70 65 72 66 6f 72 6d 61 6e 63 65 64 66 6f 72 6d 61 74 73 2e 63 6f 6d 2f 61 6e 6f 6e 79 6d 6f 75 73 2f 27 20 74 61 72 67 65 74 3d 27 5f 62 6c 61 6e 6b 27 3e 41 6e 6f 6e 79 6d 6f 75 73 20 50 72 6f 78 79 20 64 65 74 65 63 74 65 64 2c 20 63 6c 69 63 6b 20 68 65 72 65 2e 3c 2f 61 3e Data Ascii: <a href = 'http://highperformancedformats.com/anonymous/' target='_blank'>Anonymous Proxy detected, click here.</a>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.3	49715	173.233.137.52	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-05-09 14:21:24 UTC	15	OUT	GET /favicon.ico HTTP/1.1 Host: www.highrevenuegate.com Connection: keep-alive sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 sec-ch-ua-full-version: "104.0.5112.81" sec-ch-ua-platform-version: "6.0.0" sec-ch-ua-full-version-list: "Chromium";v="104.0.5112.81", " Not A;Brand";v="99.0.0.0", "Google Chrome";v="104.0.5112.81" sec-ch-ua-model: sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.highrevenuegate.com/ij6sk7s1?key=55f17a9fee68ea1b6f4ccfa2d96ecf6e Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: u_pl=18974811
2023-05-09 14:21:24 UTC	15	IN	HTTP/1.1 200 OK Server: nginx/1.19.5 Date: Tue, 09 May 2023 14:21:24 GMT Content-Type: image/x-icon Content-Length: 0 Connection: close Expires: Thu, 01 Jan 1970 00:00:01 GMT Cache-Control: no-cache X-Request-ID: 38f6b8c6d587b39b138ef42f6a84feb1 Strict-Transport-Security: max-age=0; includeSubdomains

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.3	49717	173.233.137.52	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-05-09 14:21:24 UTC	16	OUT	GET /favicon.ico HTTP/1.1 Host: www.highrevenuegate.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: u_pl=18974811
2023-05-09 14:21:25 UTC	16	IN	HTTP/1.1 200 OK Server: nginx/1.19.5 Date: Tue, 09 May 2023 14:21:25 GMT Content-Type: image/x-icon Content-Length: 0 Connection: close Expires: Thu, 01 Jan 1970 00:00:01 GMT Cache-Control: no-cache X-Request-ID: 9ba87925a750bd4c7e1a724f765d263a Strict-Transport-Security: max-age=0; includeSubdomains

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	192.168.2.3	49720	173.233.139.164	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-05-09 14:21:34 UTC	16	OUT	GET /zhwawric6?key=e88e0e88f8c3848121a42c50d479d708 HTTP/1.1 Host: practicallyfire.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-05-09 14:21:35 UTC	17	IN	HTTP/1.1 200 OK Server: nginx/1.19.5 Date: Tue, 09 May 2023 14:21:35 GMT Content-Type: text/html Content-Length: 115 Connection: close P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA Set-Cookie: u_pl=19172475; expires=Wed, 10 May 2023 14:21:35 GMT Expires: Thu, 01 Jan 1970 00:00:01 GMT Cache-Control: no-cache X-Request-ID: b8e0246e7733bc5c5215ba0a2a81bc23 Strict-Transport-Security: max-age=0; includeSubdomains
2023-05-09 14:21:35 UTC	18	IN	Data Raw: 3c 61 20 68 72 65 66 20 3d 20 27 68 74 74 70 3a 2f 2f 68 69 67 68 70 65 72 66 6f 72 6d 61 6e 63 65 64 66 6f 72 6d 61 74 73 2e 63 6f 6d 2f 61 6e 6f 6e 79 6d 6f 75 73 2f 27 20 74 61 72 67 65 74 3d 27 5f 62 6c 61 6e 6b 27 3e 41 6e 6f 6e 79 6d 6f 75 73 20 50 72 6f 78 79 20 64 65 74 65 63 74 65 64 2c 20 63 6c 69 63 6b 20 68 65 72 65 2e 3c 2f 61 3e Data Ascii: <a href = 'http://highperformancedformats.com/anonymous/' target='_blank'>Anonymous Proxy detected, click here.</a>

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

High Level Behavior Distribution

• File
• Registry

Click to dive into process behavior distribution

Click to jump to process

Target ID:	0
Start time:	16:21:14
Start date:	09/05/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Imagebase:	0x7ff614650000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Show Windows behavior

Target ID:	1
Start time:	16:21:16
Start date:	09/05/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1920 --field-trial-handle=1612,i,355552224743655179,4262690051431891824,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff614650000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Show Windows behavior

Target ID:	2
Start time:	16:21:18
Start date:	09/05/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.google.com/url?rct=j&sa=t&url=https://yavkus.online/296550-holly-willoughby-and-andrea-mclean-just-wore-matching-high-street-outfits-you-magazine&ct=ga&cd=CAEYACoTNjEzMzgzNzU3NTU4NDczNjY4MzIcODJmMWUyMjYyZWEyMjcxNDpjby51azplbjpHQg&usg=AOvVaw0yADjsZb33GgkW_ktbQIFH
Imagebase:	0x7ff614650000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Show Windows behavior

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://www.google.com/url?rct=j&sa=t&url=https://yavkus.online/296550-holly-willoughby-and-andrea-mclean-just-wore-matching-high-street-outfits-you-magazine&ct=ga&cd=CAEYACoTNjEzMzgzNzU3NTU4NDczNjY4MzIcODJmMWUyMjYyZWEyMjcxNDpjby51azplbjpHQg&usg=AOvVaw0yADjsZb33GgkW_ktbQIFH

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 109

Chrome Cache Entry: 110

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 114

Chrome Cache Entry: 115

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

Behavior

System Behavior

Analysis Process: chrome.exePID: 5320, Parent PID: 4768

General

File Activities

File Opened

Windows Analysis Report
https://www.google.com/url?rct=j&sa=t&url=https://yavkus.online/296550-holly-willoughby-and-andrea-mclean-just-wore-matching-high-street-outfits-you-magazine&ct=ga&cd=CAEYACoTNjEzMzgzNzU3NTU4NDczNjY4MzIcODJmMWUyMjYyZWEyMjcxNDpjby51azplbjpHQg&usg=AOvVaw0yADjsZb33GgkW_ktbQIFH