Edit tour

Windows Analysis Report
https://t.co/1xLFumfAle?bol=k9UdUJ3lou

Overview

General Information

Sample URL:	https://t.co/1xLFumfAle?bol=k9UdUJ3lou
Analysis ID:	1501385
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6012 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5288 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=2000,i,15640911329859800286,5607836205167479354,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6508 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://t.co/1xLFumfAle?bol=k9UdUJ3lou" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

HTTP traffic detected: POST /report/v4?s=Pwbdsz0eQSl3Q%2FmLQ0EZfKUX5hZUoA8fzEYU3RWZLPLcWsiUPWhYRuz6TuMAxXhub4HjB%2FgBu6TRhPo7Ftd0jn4%2FEe8ITwcOHFd5emkuBBcTNUzPi5vBuvk8%2F5mOzm5bOiNKrg%3D%3D HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 400Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 18:46:06 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCache-Control: privateX-AspNetMvc-Version: 5.2X-AspNet-Version: 4.0.30319X-Powered-By: ASP.NETCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Pwbdsz0eQSl3Q%2FmLQ0EZfKUX5hZUoA8fzEYU3RWZLPLcWsiUPWhYRuz6TuMAxXhub4HjB%2FgBu6TRhPo7Ftd0jn4%2FEe8ITwcOHFd5emkuBBcTNUzPi5vBuvk8%2F5mOzm5bOiNKrg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8baeb3a948f77c7b-EWRalt-svc: h3=":443"; ma=86400

Source: chromecache_48.2.dr

String found in binary or memory: https://uswk.ytpcrmbo.top/?template=a1ek90&runner=253892b8797dab55pny

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49744 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@17/7@10/8

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=2000,i,15640911329859800286,5607836205167479354,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://t.co/1xLFumfAle?bol=k9UdUJ3lou"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=2000,i,15640911329859800286,5607836205167479354,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://t.co/1xLFumfAle?bol=k9UdUJ3lou	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label
https://uswk.ytpcrmbo.top/?template=a1ek90&runner=253892b8797dab55pny	0%	Avira URL Cloud	safe
https://uswk.ytpcrmbo.top/?template=a1ek90&runner=253892b8797dab55pny	0%	Avira URL Cloud	safe
https://uswk.ytpcrmbo.top/favicon.ico	0%	Avira URL Cloud	safe
https://a.nel.cloudflare.com/report/v4?s=Pwbdsz0eQSl3Q%2FmLQ0EZfKUX5hZUoA8fzEYU3RWZLPLcWsiUPWhYRuz6TuMAxXhub4HjB%2FgBu6TRhPo7Ftd0jn4%2FEe8ITwcOHFd5emkuBBcTNUzPi5vBuvk8%2F5mOzm5bOiNKrg%3D%3D	0%	Avira URL Cloud	safe
https://uswk.ytpcrmbo.top/2b14101e9/ATNzYO/AA0?tDkO?AII0AGcYE_4HAOaiBODAsj_x/8k8AJeN7AHATciFyEF5AAy2gAfAu/4EBAfjKCn	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false	unknown
a.nel.cloudflare.com	35.190.80.1	true	false	unknown
t.co	162.159.140.229	true	false	unknown
uswk.ytpcrmbo.top	188.114.97.3	true	false	unknown
www.google.com	142.250.185.164	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://t.co/1xLFumfAle?bol=k9UdUJ3lou	false		unknown
https://uswk.ytpcrmbo.top/2b14101e9/ATNzYO/AA0?tDkO?AII0AGcYE_4HAOaiBODAsj_x/8k8AJeN7AHATciFyEF5AAy2gAfAu/4EBAfjKCn	false	Avira URL Cloud: safe	unknown
https://a.nel.cloudflare.com/report/v4?s=Pwbdsz0eQSl3Q%2FmLQ0EZfKUX5hZUoA8fzEYU3RWZLPLcWsiUPWhYRuz6TuMAxXhub4HjB%2FgBu6TRhPo7Ftd0jn4%2FEe8ITwcOHFd5emkuBBcTNUzPi5vBuvk8%2F5mOzm5bOiNKrg%3D%3D	false	Avira URL Cloud: safe	unknown
https://uswk.ytpcrmbo.top/	false		unknown
https://uswk.ytpcrmbo.top/favicon.ico	false	Avira URL Cloud: safe	unknown
https://uswk.ytpcrmbo.top/?template=a1ek90&runner=253892b8797dab55pny	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://uswk.ytpcrmbo.top/?template=a1ek90&runner=253892b8797dab55pny	chromecache_48.2.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
162.159.140.229	t.co	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
188.114.97.3	uswk.ytpcrmbo.top	European Union	13335	CLOUDFLARENETUS	false
142.250.185.164	www.google.com	United States	15169	GOOGLEUS	false
188.114.96.3	unknown	European Union	13335	CLOUDFLARENETUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4
192.168.2.5

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1501385
Start date and time:	2024-08-29 20:45:03 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 0s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://t.co/1xLFumfAle?bol=k9UdUJ3lou
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@17/7@10/8
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.131, 216.58.206.78, 173.194.76.84, 34.104.35.123, 20.114.59.183, 199.232.210.172, 192.229.221.95, 13.85.23.206, 52.165.164.15, 142.250.186.67
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://t.co/1xLFumfAle?bol=k9UdUJ3lou

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	32038
Entropy (8bit):	3.7586031096610943
Encrypted:	false
SSDEEP:	192:cfRys3/ZtSs9axogZeLpoCaAVbZ5iDJ6j5+qDxZ7cnPgW5LnM:cr68dcgWJn
MD5:	3F0F72ED57A54B97CDA500BCF0545EFB
SHA1:	2F252619C18E729D98E16B96D37CD7CD567B38EB
SHA-256:	67FBE8EF9020E5C776AADF6801A1FEF8DC563E2E4DC9DDC740AF8010C0C38943
SHA-512:	EA68C54A3CA39A47555A41AE5FC3723F1E7C06B3AD1776EE7082FFBFF48277D2B4EE7CA1753165C2DCCDF7012EB0CBE29CDBDE21DC05373A07CF18E23DE37E54
Malicious:	false
Reputation:	low
URL:	https://uswk.ytpcrmbo.top/favicon.ico
Preview:	............ .h...F... .... .........00.... ..%..V...@@.... .(B...:..(....... ..... .....@...................e21.f32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qe21.f32Qf32.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32Q...Q.....US.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32Q.\[Q.............\|z.m<;.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32Qf32Qf32.uGG..................RP.f32.f32.f32.f32.f32.f32.f32.f32Qf32Qf32.f32.f32.xKJ..................vu.k98.f32.f32.f32.f32.f32Qf32Qf32.f32.f32.g43......^].....................{NL.f32.f32.f32Qf32Qf32.f32.f32..\[.............ts..ww...............k98.f32Qf32Qf32.f32.f32...........................................f32Qf32Qf32.f32.g43.....................................rq....f32Qh65Qh65.h65.j87..YY..[[..[[..[[..\[..]]..oo...........vu.f32Q...Q.........................................mk.g43.f32.f32.f32Q...Q........................`^.p?=.f32.f32.f32.f32.f32.f32.f32Q..Q.....ml.rB@.g43.f32.f32.f32.f32.f32.f32.f32.f32.f32.f3

Chrome Cache Entry: 46

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	dropped
Size (bytes):	32038
Entropy (8bit):	3.7586031096610943
Encrypted:	false
SSDEEP:	192:cfRys3/ZtSs9axogZeLpoCaAVbZ5iDJ6j5+qDxZ7cnPgW5LnM:cr68dcgWJn
MD5:	3F0F72ED57A54B97CDA500BCF0545EFB
SHA1:	2F252619C18E729D98E16B96D37CD7CD567B38EB
SHA-256:	67FBE8EF9020E5C776AADF6801A1FEF8DC563E2E4DC9DDC740AF8010C0C38943
SHA-512:	EA68C54A3CA39A47555A41AE5FC3723F1E7C06B3AD1776EE7082FFBFF48277D2B4EE7CA1753165C2DCCDF7012EB0CBE29CDBDE21DC05373A07CF18E23DE37E54
Malicious:	false
Reputation:	low
Preview:	............ .h...F... .... .........00.... ..%..V...@@.... .(B...:..(....... ..... .....@...................e21.f32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qe21.f32Qf32.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32Q...Q.....US.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32Q.\[Q.............\|z.m<;.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32Qf32Qf32.uGG..................RP.f32.f32.f32.f32.f32.f32.f32.f32Qf32Qf32.f32.f32.xKJ..................vu.k98.f32.f32.f32.f32.f32Qf32Qf32.f32.f32.g43......^].....................{NL.f32.f32.f32Qf32Qf32.f32.f32..\[.............ts..ww...............k98.f32Qf32Qf32.f32.f32...........................................f32Qf32Qf32.f32.g43.....................................rq....f32Qh65Qh65.h65.j87..YY..[[..[[..[[..\[..]]..oo...........vu.f32Q...Q.........................................mk.g43.f32.f32.f32Q...Q........................`^.p?=.f32.f32.f32.f32.f32.f32.f32Q..Q.....ml.rB@.g43.f32.f32.f32.f32.f32.f32.f32.f32.f32.f3

Chrome Cache Entry: 47

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ISO-8859 text, with CRLF line terminators
Category:	downloaded
Size (bytes):	1163
Entropy (8bit):	5.91401289232789
Encrypted:	false
SSDEEP:	24:hM0mIAvy4Wvs8Ea7JZRGNeHX+AYcvP2wUpafMb6k5:lmIAq1U8EiJZ+eHX+AdP2kDk5
MD5:	8363ACAEAB9CBB099B59B78A44127CA6
SHA1:	AEF448CE5500E3734059EC285CF6EC0B547075F2
SHA-256:	9B342AE7F25D65BDB817D8C995F3211AC398E41575FC5D149D994C1DCB008F0A
SHA-512:	A431F7EE4CDC3C7C6EDF43736E007E314A0F8C4D05706DBDF75B629B15BEE335D173ABC071568F447D78B4C43ABA02017C1993D6DA86A1ACDDE904EB287CB30C
Malicious:	false
Reputation:	low
URL:	https://uswk.ytpcrmbo.top/
Preview:	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="http://www.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content-Type" content="text/html; charset=gb2312"/>..<title>404 - ..............</title>..<style type="text/css">.. ..body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}..fieldset{padding:0 15px 10px 15px;} ..h1{font-size:2.4em;margin:0;color:#FFF;}..h2{font-size:1.7em;margin:0;color:#CC0000;} ..h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} ..#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;..background-color:#555555;}..#content{margin:0 0 0 2%;position:relative;}...content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}..-->..</style>..</head>..<body>..<div id="header"><h1>..........</h1></div>..<div id="content">.. <div class="content-container"

Chrome Cache Entry: 48

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (370), with no line terminators
Category:	downloaded
Size (bytes):	370
Entropy (8bit):	5.181076287259324
Encrypted:	false
SSDEEP:	6:fc3MRJVxr4R2CBRt15GnQOVAUm0RfR2CBRt15GnQOAX9BXW31AXVVILcR2CZ5Znf:fc3MxxjCBRhTGm0RECBRhTDPXK+XVV4k
MD5:	91A6F8549620A252A01EB24750CBBA0F
SHA1:	A76734D0AEE400F14F7738D4F352712D617149B1
SHA-256:	6325483436A586907FB8F2DE882BE7FD15E56CC67A81F530425E1F40A5AB78EB
SHA-512:	BCCCF0357854355C1544A72D319C7C6FBBD6BDB0C49CAFFC3D541158A3029178B134346AD34B8EC6ADEACF73E5642C17C176C82C814221C228A71369E2B402C0
Malicious:	false
Reputation:	low
URL:	https://t.co/1xLFumfAle?bol=k9UdUJ3lou
Preview:	<head><noscript><META http-equiv="refresh" content="0;URL=https://uswk.ytpcrmbo.top/?template=a1ek90&runner=253892b8797dab55pny"></noscript><title>https://uswk.ytpcrmbo.top/?template=a1ek90&runner=253892b8797dab55pny</title></head><script>window.opener = null; location.replace("https:\/\/uswk.ytpcrmbo.top\/?template=a1ek90&runner=253892b8797dab55pny")</script>

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 29, 2024 20:45:47.812283993 CEST	49675	443	192.168.2.4	173.222.162.32
Aug 29, 2024 20:45:57.453114986 CEST	49675	443	192.168.2.4	173.222.162.32
Aug 29, 2024 20:45:57.554008961 CEST	49735	443	192.168.2.4	162.159.140.229
Aug 29, 2024 20:45:57.554040909 CEST	443	49735	162.159.140.229	192.168.2.4
Aug 29, 2024 20:45:57.554105043 CEST	49735	443	192.168.2.4	162.159.140.229
Aug 29, 2024 20:45:57.554852962 CEST	49736	443	192.168.2.4	162.159.140.229
Aug 29, 2024 20:45:57.554860115 CEST	443	49736	162.159.140.229	192.168.2.4
Aug 29, 2024 20:45:57.555037975 CEST	49735	443	192.168.2.4	162.159.140.229
Aug 29, 2024 20:45:57.555047989 CEST	443	49735	162.159.140.229	192.168.2.4
Aug 29, 2024 20:45:57.555074930 CEST	49736	443	192.168.2.4	162.159.140.229
Aug 29, 2024 20:45:57.555264950 CEST	49736	443	192.168.2.4	162.159.140.229
Aug 29, 2024 20:45:57.555274963 CEST	443	49736	162.159.140.229	192.168.2.4
Aug 29, 2024 20:45:58.022842884 CEST	443	49735	162.159.140.229	192.168.2.4
Aug 29, 2024 20:45:58.023113012 CEST	49735	443	192.168.2.4	162.159.140.229
Aug 29, 2024 20:45:58.023124933 CEST	443	49735	162.159.140.229	192.168.2.4
Aug 29, 2024 20:45:58.024061918 CEST	443	49735	162.159.140.229	192.168.2.4
Aug 29, 2024 20:45:58.024125099 CEST	49735	443	192.168.2.4	162.159.140.229
Aug 29, 2024 20:45:58.025121927 CEST	49735	443	192.168.2.4	162.159.140.229
Aug 29, 2024 20:45:58.025197983 CEST	443	49735	162.159.140.229	192.168.2.4
Aug 29, 2024 20:45:58.025315046 CEST	49735	443	192.168.2.4	162.159.140.229
Aug 29, 2024 20:45:58.025324106 CEST	443	49735	162.159.140.229	192.168.2.4
Aug 29, 2024 20:45:58.038105011 CEST	443	49736	162.159.140.229	192.168.2.4
Aug 29, 2024 20:45:58.038320065 CEST	49736	443	192.168.2.4	162.159.140.229
Aug 29, 2024 20:45:58.038327932 CEST	443	49736	162.159.140.229	192.168.2.4
Aug 29, 2024 20:45:58.039203882 CEST	443	49736	162.159.140.229	192.168.2.4
Aug 29, 2024 20:45:58.039292097 CEST	49736	443	192.168.2.4	162.159.140.229
Aug 29, 2024 20:45:58.039573908 CEST	49736	443	192.168.2.4	162.159.140.229
Aug 29, 2024 20:45:58.039628029 CEST	443	49736	162.159.140.229	192.168.2.4
Aug 29, 2024 20:45:58.126203060 CEST	49736	443	192.168.2.4	162.159.140.229
Aug 29, 2024 20:45:58.126214027 CEST	443	49736	162.159.140.229	192.168.2.4
Aug 29, 2024 20:45:58.156656027 CEST	49735	443	192.168.2.4	162.159.140.229
Aug 29, 2024 20:45:58.195437908 CEST	443	49735	162.159.140.229	192.168.2.4
Aug 29, 2024 20:45:58.195545912 CEST	443	49735	162.159.140.229	192.168.2.4
Aug 29, 2024 20:45:58.195602894 CEST	49735	443	192.168.2.4	162.159.140.229
Aug 29, 2024 20:45:58.196739912 CEST	49735	443	192.168.2.4	162.159.140.229
Aug 29, 2024 20:45:58.196757078 CEST	443	49735	162.159.140.229	192.168.2.4
Aug 29, 2024 20:45:58.225610971 CEST	49736	443	192.168.2.4	162.159.140.229
Aug 29, 2024 20:45:58.469376087 CEST	49739	443	192.168.2.4	188.114.97.3
Aug 29, 2024 20:45:58.469408035 CEST	443	49739	188.114.97.3	192.168.2.4
Aug 29, 2024 20:45:58.469487906 CEST	49739	443	192.168.2.4	188.114.97.3
Aug 29, 2024 20:45:58.470040083 CEST	49740	443	192.168.2.4	188.114.97.3
Aug 29, 2024 20:45:58.470082998 CEST	443	49740	188.114.97.3	192.168.2.4
Aug 29, 2024 20:45:58.470139980 CEST	49740	443	192.168.2.4	188.114.97.3
Aug 29, 2024 20:45:58.470320940 CEST	49739	443	192.168.2.4	188.114.97.3
Aug 29, 2024 20:45:58.470330954 CEST	443	49739	188.114.97.3	192.168.2.4
Aug 29, 2024 20:45:58.470603943 CEST	49740	443	192.168.2.4	188.114.97.3
Aug 29, 2024 20:45:58.470612049 CEST	443	49740	188.114.97.3	192.168.2.4
Aug 29, 2024 20:45:58.982486010 CEST	443	49739	188.114.97.3	192.168.2.4
Aug 29, 2024 20:45:58.982831001 CEST	49739	443	192.168.2.4	188.114.97.3
Aug 29, 2024 20:45:58.982844114 CEST	443	49739	188.114.97.3	192.168.2.4
Aug 29, 2024 20:45:58.983082056 CEST	443	49740	188.114.97.3	192.168.2.4
Aug 29, 2024 20:45:58.983771086 CEST	443	49739	188.114.97.3	192.168.2.4
Aug 29, 2024 20:45:58.983833075 CEST	49739	443	192.168.2.4	188.114.97.3
Aug 29, 2024 20:45:58.984057903 CEST	49740	443	192.168.2.4	188.114.97.3
Aug 29, 2024 20:45:58.984081030 CEST	443	49740	188.114.97.3	192.168.2.4
Aug 29, 2024 20:45:58.985002041 CEST	443	49740	188.114.97.3	192.168.2.4
Aug 29, 2024 20:45:58.985054016 CEST	49740	443	192.168.2.4	188.114.97.3
Aug 29, 2024 20:45:58.988442898 CEST	49739	443	192.168.2.4	188.114.97.3
Aug 29, 2024 20:45:58.988523006 CEST	443	49739	188.114.97.3	192.168.2.4
Aug 29, 2024 20:45:58.990582943 CEST	49740	443	192.168.2.4	188.114.97.3
Aug 29, 2024 20:45:58.990667105 CEST	443	49740	188.114.97.3	192.168.2.4
Aug 29, 2024 20:45:58.990804911 CEST	49739	443	192.168.2.4	188.114.97.3
Aug 29, 2024 20:45:58.990812063 CEST	443	49739	188.114.97.3	192.168.2.4
Aug 29, 2024 20:45:59.031543970 CEST	49739	443	192.168.2.4	188.114.97.3
Aug 29, 2024 20:45:59.031548977 CEST	49740	443	192.168.2.4	188.114.97.3
Aug 29, 2024 20:45:59.031578064 CEST	443	49740	188.114.97.3	192.168.2.4
Aug 29, 2024 20:45:59.077565908 CEST	49740	443	192.168.2.4	188.114.97.3
Aug 29, 2024 20:45:59.746846914 CEST	49742	443	192.168.2.4	142.250.185.164
Aug 29, 2024 20:45:59.746890068 CEST	443	49742	142.250.185.164	192.168.2.4
Aug 29, 2024 20:45:59.746943951 CEST	49742	443	192.168.2.4	142.250.185.164
Aug 29, 2024 20:45:59.747308969 CEST	49742	443	192.168.2.4	142.250.185.164
Aug 29, 2024 20:45:59.747320890 CEST	443	49742	142.250.185.164	192.168.2.4
Aug 29, 2024 20:46:00.403143883 CEST	443	49742	142.250.185.164	192.168.2.4
Aug 29, 2024 20:46:00.403630972 CEST	49742	443	192.168.2.4	142.250.185.164
Aug 29, 2024 20:46:00.403645039 CEST	443	49742	142.250.185.164	192.168.2.4
Aug 29, 2024 20:46:00.404634953 CEST	443	49742	142.250.185.164	192.168.2.4
Aug 29, 2024 20:46:00.404697895 CEST	49742	443	192.168.2.4	142.250.185.164
Aug 29, 2024 20:46:00.674885988 CEST	49743	443	192.168.2.4	184.28.90.27
Aug 29, 2024 20:46:00.674941063 CEST	443	49743	184.28.90.27	192.168.2.4
Aug 29, 2024 20:46:00.675056934 CEST	49743	443	192.168.2.4	184.28.90.27
Aug 29, 2024 20:46:00.676819086 CEST	49743	443	192.168.2.4	184.28.90.27
Aug 29, 2024 20:46:00.676837921 CEST	443	49743	184.28.90.27	192.168.2.4
Aug 29, 2024 20:46:00.823765039 CEST	49742	443	192.168.2.4	142.250.185.164
Aug 29, 2024 20:46:00.823926926 CEST	443	49742	142.250.185.164	192.168.2.4
Aug 29, 2024 20:46:00.875787973 CEST	49742	443	192.168.2.4	142.250.185.164
Aug 29, 2024 20:46:00.875802994 CEST	443	49742	142.250.185.164	192.168.2.4
Aug 29, 2024 20:46:00.923350096 CEST	49742	443	192.168.2.4	142.250.185.164
Aug 29, 2024 20:46:01.332441092 CEST	443	49743	184.28.90.27	192.168.2.4
Aug 29, 2024 20:46:01.332514048 CEST	49743	443	192.168.2.4	184.28.90.27
Aug 29, 2024 20:46:01.340300083 CEST	49743	443	192.168.2.4	184.28.90.27
Aug 29, 2024 20:46:01.340312004 CEST	443	49743	184.28.90.27	192.168.2.4
Aug 29, 2024 20:46:01.340553999 CEST	443	49743	184.28.90.27	192.168.2.4
Aug 29, 2024 20:46:01.388642073 CEST	49743	443	192.168.2.4	184.28.90.27
Aug 29, 2024 20:46:01.582940102 CEST	49743	443	192.168.2.4	184.28.90.27
Aug 29, 2024 20:46:01.628503084 CEST	443	49743	184.28.90.27	192.168.2.4
Aug 29, 2024 20:46:01.768651009 CEST	443	49743	184.28.90.27	192.168.2.4
Aug 29, 2024 20:46:01.768719912 CEST	443	49743	184.28.90.27	192.168.2.4
Aug 29, 2024 20:46:01.768795967 CEST	49743	443	192.168.2.4	184.28.90.27
Aug 29, 2024 20:46:01.793507099 CEST	49743	443	192.168.2.4	184.28.90.27
Aug 29, 2024 20:46:01.793529034 CEST	443	49743	184.28.90.27	192.168.2.4
Aug 29, 2024 20:46:01.793541908 CEST	49743	443	192.168.2.4	184.28.90.27
Aug 29, 2024 20:46:01.793551922 CEST	443	49743	184.28.90.27	192.168.2.4
Aug 29, 2024 20:46:01.879018068 CEST	49744	443	192.168.2.4	184.28.90.27
Aug 29, 2024 20:46:01.879056931 CEST	443	49744	184.28.90.27	192.168.2.4
Aug 29, 2024 20:46:01.879209042 CEST	49744	443	192.168.2.4	184.28.90.27
Aug 29, 2024 20:46:01.879575014 CEST	49744	443	192.168.2.4	184.28.90.27
Aug 29, 2024 20:46:01.879587889 CEST	443	49744	184.28.90.27	192.168.2.4
Aug 29, 2024 20:46:02.514188051 CEST	443	49739	188.114.97.3	192.168.2.4
Aug 29, 2024 20:46:02.514297009 CEST	443	49739	188.114.97.3	192.168.2.4
Aug 29, 2024 20:46:02.514338017 CEST	49739	443	192.168.2.4	188.114.97.3
Aug 29, 2024 20:46:02.526042938 CEST	49739	443	192.168.2.4	188.114.97.3
Aug 29, 2024 20:46:02.526060104 CEST	443	49739	188.114.97.3	192.168.2.4
Aug 29, 2024 20:46:02.532751083 CEST	49740	443	192.168.2.4	188.114.97.3
Aug 29, 2024 20:46:02.544663906 CEST	443	49744	184.28.90.27	192.168.2.4
Aug 29, 2024 20:46:02.544748068 CEST	49744	443	192.168.2.4	184.28.90.27
Aug 29, 2024 20:46:02.547525883 CEST	49744	443	192.168.2.4	184.28.90.27
Aug 29, 2024 20:46:02.547537088 CEST	443	49744	184.28.90.27	192.168.2.4
Aug 29, 2024 20:46:02.547760963 CEST	443	49744	184.28.90.27	192.168.2.4
Aug 29, 2024 20:46:02.551208973 CEST	49744	443	192.168.2.4	184.28.90.27
Aug 29, 2024 20:46:02.580496073 CEST	443	49740	188.114.97.3	192.168.2.4
Aug 29, 2024 20:46:02.592500925 CEST	443	49744	184.28.90.27	192.168.2.4
Aug 29, 2024 20:46:02.822442055 CEST	443	49744	184.28.90.27	192.168.2.4
Aug 29, 2024 20:46:02.822511911 CEST	443	49744	184.28.90.27	192.168.2.4
Aug 29, 2024 20:46:02.822649002 CEST	49744	443	192.168.2.4	184.28.90.27
Aug 29, 2024 20:46:02.823848963 CEST	49744	443	192.168.2.4	184.28.90.27
Aug 29, 2024 20:46:02.823848963 CEST	49744	443	192.168.2.4	184.28.90.27
Aug 29, 2024 20:46:02.823901892 CEST	443	49744	184.28.90.27	192.168.2.4
Aug 29, 2024 20:46:02.823925018 CEST	443	49744	184.28.90.27	192.168.2.4
Aug 29, 2024 20:46:04.278984070 CEST	443	49740	188.114.97.3	192.168.2.4
Aug 29, 2024 20:46:04.279098034 CEST	443	49740	188.114.97.3	192.168.2.4
Aug 29, 2024 20:46:04.279158115 CEST	49740	443	192.168.2.4	188.114.97.3
Aug 29, 2024 20:46:04.279572010 CEST	49740	443	192.168.2.4	188.114.97.3
Aug 29, 2024 20:46:04.279587984 CEST	443	49740	188.114.97.3	192.168.2.4
Aug 29, 2024 20:46:04.289119005 CEST	49745	443	192.168.2.4	188.114.97.3
Aug 29, 2024 20:46:04.289159060 CEST	443	49745	188.114.97.3	192.168.2.4
Aug 29, 2024 20:46:04.289226055 CEST	49745	443	192.168.2.4	188.114.97.3
Aug 29, 2024 20:46:04.289577007 CEST	49745	443	192.168.2.4	188.114.97.3
Aug 29, 2024 20:46:04.289587975 CEST	443	49745	188.114.97.3	192.168.2.4
Aug 29, 2024 20:46:04.917167902 CEST	443	49745	188.114.97.3	192.168.2.4
Aug 29, 2024 20:46:04.917504072 CEST	49745	443	192.168.2.4	188.114.97.3
Aug 29, 2024 20:46:04.917526960 CEST	443	49745	188.114.97.3	192.168.2.4
Aug 29, 2024 20:46:04.917804956 CEST	443	49745	188.114.97.3	192.168.2.4
Aug 29, 2024 20:46:04.918201923 CEST	49745	443	192.168.2.4	188.114.97.3
Aug 29, 2024 20:46:04.918262005 CEST	443	49745	188.114.97.3	192.168.2.4
Aug 29, 2024 20:46:04.918380976 CEST	49745	443	192.168.2.4	188.114.97.3
Aug 29, 2024 20:46:04.960501909 CEST	443	49745	188.114.97.3	192.168.2.4
Aug 29, 2024 20:46:06.700479984 CEST	443	49745	188.114.97.3	192.168.2.4
Aug 29, 2024 20:46:06.700582027 CEST	443	49745	188.114.97.3	192.168.2.4
Aug 29, 2024 20:46:06.700849056 CEST	49745	443	192.168.2.4	188.114.97.3
Aug 29, 2024 20:46:06.705024958 CEST	49745	443	192.168.2.4	188.114.97.3
Aug 29, 2024 20:46:06.705049992 CEST	443	49745	188.114.97.3	192.168.2.4
Aug 29, 2024 20:46:06.729650021 CEST	49746	443	192.168.2.4	35.190.80.1
Aug 29, 2024 20:46:06.729695082 CEST	443	49746	35.190.80.1	192.168.2.4
Aug 29, 2024 20:46:06.729986906 CEST	49746	443	192.168.2.4	35.190.80.1
Aug 29, 2024 20:46:06.729986906 CEST	49746	443	192.168.2.4	35.190.80.1
Aug 29, 2024 20:46:06.730020046 CEST	443	49746	35.190.80.1	192.168.2.4
Aug 29, 2024 20:46:06.929429054 CEST	49747	443	192.168.2.4	188.114.97.3
Aug 29, 2024 20:46:06.929477930 CEST	443	49747	188.114.97.3	192.168.2.4
Aug 29, 2024 20:46:06.929640055 CEST	49747	443	192.168.2.4	188.114.97.3
Aug 29, 2024 20:46:06.929975986 CEST	49747	443	192.168.2.4	188.114.97.3
Aug 29, 2024 20:46:06.929986954 CEST	443	49747	188.114.97.3	192.168.2.4
Aug 29, 2024 20:46:07.260083914 CEST	443	49746	35.190.80.1	192.168.2.4
Aug 29, 2024 20:46:07.260432005 CEST	49746	443	192.168.2.4	35.190.80.1
Aug 29, 2024 20:46:07.260452032 CEST	443	49746	35.190.80.1	192.168.2.4
Aug 29, 2024 20:46:07.261514902 CEST	443	49746	35.190.80.1	192.168.2.4
Aug 29, 2024 20:46:07.261584997 CEST	49746	443	192.168.2.4	35.190.80.1
Aug 29, 2024 20:46:07.266464949 CEST	49746	443	192.168.2.4	35.190.80.1
Aug 29, 2024 20:46:07.266567945 CEST	443	49746	35.190.80.1	192.168.2.4
Aug 29, 2024 20:46:07.266706944 CEST	49746	443	192.168.2.4	35.190.80.1
Aug 29, 2024 20:46:07.266714096 CEST	443	49746	35.190.80.1	192.168.2.4
Aug 29, 2024 20:46:07.315483093 CEST	49746	443	192.168.2.4	35.190.80.1
Aug 29, 2024 20:46:07.401859999 CEST	443	49746	35.190.80.1	192.168.2.4
Aug 29, 2024 20:46:07.401947975 CEST	443	49746	35.190.80.1	192.168.2.4
Aug 29, 2024 20:46:07.402051926 CEST	49746	443	192.168.2.4	35.190.80.1
Aug 29, 2024 20:46:07.402343988 CEST	49746	443	192.168.2.4	35.190.80.1
Aug 29, 2024 20:46:07.402360916 CEST	443	49746	35.190.80.1	192.168.2.4
Aug 29, 2024 20:46:07.403661013 CEST	49748	443	192.168.2.4	35.190.80.1
Aug 29, 2024 20:46:07.403686047 CEST	443	49748	35.190.80.1	192.168.2.4
Aug 29, 2024 20:46:07.403861046 CEST	49748	443	192.168.2.4	35.190.80.1
Aug 29, 2024 20:46:07.404107094 CEST	49748	443	192.168.2.4	35.190.80.1
Aug 29, 2024 20:46:07.404124022 CEST	443	49748	35.190.80.1	192.168.2.4
Aug 29, 2024 20:46:07.425542116 CEST	443	49747	188.114.97.3	192.168.2.4
Aug 29, 2024 20:46:07.425801039 CEST	49747	443	192.168.2.4	188.114.97.3
Aug 29, 2024 20:46:07.425827026 CEST	443	49747	188.114.97.3	192.168.2.4
Aug 29, 2024 20:46:07.426279068 CEST	443	49747	188.114.97.3	192.168.2.4
Aug 29, 2024 20:46:07.426589966 CEST	49747	443	192.168.2.4	188.114.97.3
Aug 29, 2024 20:46:07.426680088 CEST	443	49747	188.114.97.3	192.168.2.4
Aug 29, 2024 20:46:07.426789999 CEST	49747	443	192.168.2.4	188.114.97.3
Aug 29, 2024 20:46:07.472510099 CEST	443	49747	188.114.97.3	192.168.2.4
Aug 29, 2024 20:46:07.565210104 CEST	443	49747	188.114.97.3	192.168.2.4
Aug 29, 2024 20:46:07.565280914 CEST	443	49747	188.114.97.3	192.168.2.4
Aug 29, 2024 20:46:07.565485001 CEST	49747	443	192.168.2.4	188.114.97.3
Aug 29, 2024 20:46:07.565509081 CEST	443	49747	188.114.97.3	192.168.2.4
Aug 29, 2024 20:46:07.567514896 CEST	443	49747	188.114.97.3	192.168.2.4
Aug 29, 2024 20:46:07.567548990 CEST	443	49747	188.114.97.3	192.168.2.4
Aug 29, 2024 20:46:07.567564011 CEST	49747	443	192.168.2.4	188.114.97.3
Aug 29, 2024 20:46:07.567578077 CEST	443	49747	188.114.97.3	192.168.2.4
Aug 29, 2024 20:46:07.567626953 CEST	49747	443	192.168.2.4	188.114.97.3
Aug 29, 2024 20:46:07.568399906 CEST	443	49747	188.114.97.3	192.168.2.4
Aug 29, 2024 20:46:07.569756031 CEST	443	49747	188.114.97.3	192.168.2.4
Aug 29, 2024 20:46:07.569796085 CEST	49747	443	192.168.2.4	188.114.97.3
Aug 29, 2024 20:46:07.569797993 CEST	443	49747	188.114.97.3	192.168.2.4
Aug 29, 2024 20:46:07.569809914 CEST	443	49747	188.114.97.3	192.168.2.4
Aug 29, 2024 20:46:07.569844007 CEST	49747	443	192.168.2.4	188.114.97.3
Aug 29, 2024 20:46:07.572448015 CEST	443	49747	188.114.97.3	192.168.2.4
Aug 29, 2024 20:46:07.615968943 CEST	49747	443	192.168.2.4	188.114.97.3
Aug 29, 2024 20:46:07.615993977 CEST	443	49747	188.114.97.3	192.168.2.4
Aug 29, 2024 20:46:07.654233932 CEST	443	49747	188.114.97.3	192.168.2.4
Aug 29, 2024 20:46:07.654320955 CEST	49747	443	192.168.2.4	188.114.97.3
Aug 29, 2024 20:46:07.654346943 CEST	443	49747	188.114.97.3	192.168.2.4
Aug 29, 2024 20:46:07.655869007 CEST	443	49747	188.114.97.3	192.168.2.4
Aug 29, 2024 20:46:07.655929089 CEST	49747	443	192.168.2.4	188.114.97.3
Aug 29, 2024 20:46:07.655937910 CEST	443	49747	188.114.97.3	192.168.2.4
Aug 29, 2024 20:46:07.658515930 CEST	443	49747	188.114.97.3	192.168.2.4
Aug 29, 2024 20:46:07.658795118 CEST	49747	443	192.168.2.4	188.114.97.3
Aug 29, 2024 20:46:07.658799887 CEST	443	49747	188.114.97.3	192.168.2.4
Aug 29, 2024 20:46:07.659938097 CEST	443	49747	188.114.97.3	192.168.2.4
Aug 29, 2024 20:46:07.659989119 CEST	49747	443	192.168.2.4	188.114.97.3
Aug 29, 2024 20:46:07.659992933 CEST	443	49747	188.114.97.3	192.168.2.4
Aug 29, 2024 20:46:07.664737940 CEST	443	49747	188.114.97.3	192.168.2.4
Aug 29, 2024 20:46:07.664777994 CEST	443	49747	188.114.97.3	192.168.2.4
Aug 29, 2024 20:46:07.664803982 CEST	49747	443	192.168.2.4	188.114.97.3
Aug 29, 2024 20:46:07.664808035 CEST	443	49747	188.114.97.3	192.168.2.4
Aug 29, 2024 20:46:07.664845943 CEST	49747	443	192.168.2.4	188.114.97.3
Aug 29, 2024 20:46:07.664849997 CEST	443	49747	188.114.97.3	192.168.2.4
Aug 29, 2024 20:46:07.666409969 CEST	443	49747	188.114.97.3	192.168.2.4
Aug 29, 2024 20:46:07.666486979 CEST	49747	443	192.168.2.4	188.114.97.3
Aug 29, 2024 20:46:07.666786909 CEST	49747	443	192.168.2.4	188.114.97.3
Aug 29, 2024 20:46:07.666801929 CEST	443	49747	188.114.97.3	192.168.2.4
Aug 29, 2024 20:46:07.880624056 CEST	443	49748	35.190.80.1	192.168.2.4
Aug 29, 2024 20:46:07.930857897 CEST	49748	443	192.168.2.4	35.190.80.1
Aug 29, 2024 20:46:07.938774109 CEST	49748	443	192.168.2.4	35.190.80.1
Aug 29, 2024 20:46:07.938786030 CEST	443	49748	35.190.80.1	192.168.2.4
Aug 29, 2024 20:46:07.939224005 CEST	443	49748	35.190.80.1	192.168.2.4
Aug 29, 2024 20:46:07.940171003 CEST	49749	443	192.168.2.4	188.114.96.3
Aug 29, 2024 20:46:07.940228939 CEST	443	49749	188.114.96.3	192.168.2.4
Aug 29, 2024 20:46:07.940305948 CEST	49749	443	192.168.2.4	188.114.96.3
Aug 29, 2024 20:46:07.941395044 CEST	49750	443	192.168.2.4	188.114.96.3
Aug 29, 2024 20:46:07.941415071 CEST	443	49750	188.114.96.3	192.168.2.4
Aug 29, 2024 20:46:07.941689014 CEST	49750	443	192.168.2.4	188.114.96.3
Aug 29, 2024 20:46:07.942301989 CEST	49748	443	192.168.2.4	35.190.80.1
Aug 29, 2024 20:46:07.942368984 CEST	443	49748	35.190.80.1	192.168.2.4
Aug 29, 2024 20:46:07.942774057 CEST	49749	443	192.168.2.4	188.114.96.3
Aug 29, 2024 20:46:07.942806959 CEST	443	49749	188.114.96.3	192.168.2.4
Aug 29, 2024 20:46:07.943051100 CEST	49750	443	192.168.2.4	188.114.96.3
Aug 29, 2024 20:46:07.943064928 CEST	443	49750	188.114.96.3	192.168.2.4
Aug 29, 2024 20:46:07.943291903 CEST	49748	443	192.168.2.4	35.190.80.1
Aug 29, 2024 20:46:07.988511086 CEST	443	49748	35.190.80.1	192.168.2.4
Aug 29, 2024 20:46:08.096601009 CEST	443	49748	35.190.80.1	192.168.2.4
Aug 29, 2024 20:46:08.101735115 CEST	443	49748	35.190.80.1	192.168.2.4
Aug 29, 2024 20:46:08.103033066 CEST	49748	443	192.168.2.4	35.190.80.1
Aug 29, 2024 20:46:08.133635044 CEST	49748	443	192.168.2.4	35.190.80.1
Aug 29, 2024 20:46:08.133668900 CEST	443	49748	35.190.80.1	192.168.2.4
Aug 29, 2024 20:46:08.482316971 CEST	443	49749	188.114.96.3	192.168.2.4
Aug 29, 2024 20:46:08.483216047 CEST	49749	443	192.168.2.4	188.114.96.3
Aug 29, 2024 20:46:08.483263016 CEST	443	49749	188.114.96.3	192.168.2.4
Aug 29, 2024 20:46:08.484337091 CEST	443	49749	188.114.96.3	192.168.2.4
Aug 29, 2024 20:46:08.484426022 CEST	49749	443	192.168.2.4	188.114.96.3
Aug 29, 2024 20:46:08.486191034 CEST	49749	443	192.168.2.4	188.114.96.3
Aug 29, 2024 20:46:08.486290932 CEST	443	49749	188.114.96.3	192.168.2.4
Aug 29, 2024 20:46:08.486591101 CEST	443	49750	188.114.96.3	192.168.2.4
Aug 29, 2024 20:46:08.486717939 CEST	49749	443	192.168.2.4	188.114.96.3
Aug 29, 2024 20:46:08.486733913 CEST	443	49749	188.114.96.3	192.168.2.4
Aug 29, 2024 20:46:08.487040997 CEST	49750	443	192.168.2.4	188.114.96.3
Aug 29, 2024 20:46:08.487055063 CEST	443	49750	188.114.96.3	192.168.2.4
Aug 29, 2024 20:46:08.488538980 CEST	443	49750	188.114.96.3	192.168.2.4
Aug 29, 2024 20:46:08.488631010 CEST	49750	443	192.168.2.4	188.114.96.3
Aug 29, 2024 20:46:08.491508007 CEST	49750	443	192.168.2.4	188.114.96.3
Aug 29, 2024 20:46:08.491645098 CEST	443	49750	188.114.96.3	192.168.2.4
Aug 29, 2024 20:46:08.530457020 CEST	49749	443	192.168.2.4	188.114.96.3
Aug 29, 2024 20:46:08.546060085 CEST	49750	443	192.168.2.4	188.114.96.3
Aug 29, 2024 20:46:08.546088934 CEST	443	49750	188.114.96.3	192.168.2.4
Aug 29, 2024 20:46:08.592945099 CEST	49750	443	192.168.2.4	188.114.96.3
Aug 29, 2024 20:46:08.626334906 CEST	443	49749	188.114.96.3	192.168.2.4
Aug 29, 2024 20:46:08.628050089 CEST	443	49749	188.114.96.3	192.168.2.4
Aug 29, 2024 20:46:08.628087997 CEST	443	49749	188.114.96.3	192.168.2.4
Aug 29, 2024 20:46:08.628097057 CEST	49749	443	192.168.2.4	188.114.96.3
Aug 29, 2024 20:46:08.628129959 CEST	443	49749	188.114.96.3	192.168.2.4
Aug 29, 2024 20:46:08.628226995 CEST	49749	443	192.168.2.4	188.114.96.3
Aug 29, 2024 20:46:08.629671097 CEST	443	49749	188.114.96.3	192.168.2.4
Aug 29, 2024 20:46:08.630956888 CEST	443	49749	188.114.96.3	192.168.2.4
Aug 29, 2024 20:46:08.630990982 CEST	443	49749	188.114.96.3	192.168.2.4
Aug 29, 2024 20:46:08.631011963 CEST	49749	443	192.168.2.4	188.114.96.3
Aug 29, 2024 20:46:08.631036043 CEST	443	49749	188.114.96.3	192.168.2.4
Aug 29, 2024 20:46:08.631150007 CEST	49749	443	192.168.2.4	188.114.96.3
Aug 29, 2024 20:46:08.632747889 CEST	443	49749	188.114.96.3	192.168.2.4
Aug 29, 2024 20:46:08.635334969 CEST	443	49749	188.114.96.3	192.168.2.4
Aug 29, 2024 20:46:08.635375977 CEST	49749	443	192.168.2.4	188.114.96.3
Aug 29, 2024 20:46:08.635402918 CEST	443	49749	188.114.96.3	192.168.2.4
Aug 29, 2024 20:46:08.686706066 CEST	49749	443	192.168.2.4	188.114.96.3
Aug 29, 2024 20:46:08.686733007 CEST	443	49749	188.114.96.3	192.168.2.4
Aug 29, 2024 20:46:08.716321945 CEST	443	49749	188.114.96.3	192.168.2.4
Aug 29, 2024 20:46:08.716357946 CEST	443	49749	188.114.96.3	192.168.2.4
Aug 29, 2024 20:46:08.716398001 CEST	49749	443	192.168.2.4	188.114.96.3
Aug 29, 2024 20:46:08.716409922 CEST	443	49749	188.114.96.3	192.168.2.4
Aug 29, 2024 20:46:08.716455936 CEST	49749	443	192.168.2.4	188.114.96.3
Aug 29, 2024 20:46:08.718529940 CEST	443	49749	188.114.96.3	192.168.2.4
Aug 29, 2024 20:46:08.721219063 CEST	443	49749	188.114.96.3	192.168.2.4
Aug 29, 2024 20:46:08.721297026 CEST	49749	443	192.168.2.4	188.114.96.3
Aug 29, 2024 20:46:08.721307993 CEST	443	49749	188.114.96.3	192.168.2.4
Aug 29, 2024 20:46:08.724495888 CEST	443	49749	188.114.96.3	192.168.2.4
Aug 29, 2024 20:46:08.724546909 CEST	49749	443	192.168.2.4	188.114.96.3
Aug 29, 2024 20:46:08.724570990 CEST	443	49749	188.114.96.3	192.168.2.4
Aug 29, 2024 20:46:08.726061106 CEST	443	49749	188.114.96.3	192.168.2.4
Aug 29, 2024 20:46:08.726140022 CEST	49749	443	192.168.2.4	188.114.96.3
Aug 29, 2024 20:46:08.726154089 CEST	443	49749	188.114.96.3	192.168.2.4
Aug 29, 2024 20:46:08.728733063 CEST	443	49749	188.114.96.3	192.168.2.4
Aug 29, 2024 20:46:08.728790045 CEST	49749	443	192.168.2.4	188.114.96.3
Aug 29, 2024 20:46:08.728811979 CEST	443	49749	188.114.96.3	192.168.2.4
Aug 29, 2024 20:46:08.732011080 CEST	443	49749	188.114.96.3	192.168.2.4
Aug 29, 2024 20:46:08.732076883 CEST	49749	443	192.168.2.4	188.114.96.3
Aug 29, 2024 20:46:08.732698917 CEST	49749	443	192.168.2.4	188.114.96.3
Aug 29, 2024 20:46:08.732722044 CEST	443	49749	188.114.96.3	192.168.2.4
Aug 29, 2024 20:46:10.292695045 CEST	443	49742	142.250.185.164	192.168.2.4
Aug 29, 2024 20:46:10.292754889 CEST	443	49742	142.250.185.164	192.168.2.4
Aug 29, 2024 20:46:10.292995930 CEST	49742	443	192.168.2.4	142.250.185.164
Aug 29, 2024 20:46:11.461091042 CEST	49742	443	192.168.2.4	142.250.185.164
Aug 29, 2024 20:46:11.461122990 CEST	443	49742	142.250.185.164	192.168.2.4
Aug 29, 2024 20:46:12.936090946 CEST	443	49736	162.159.140.229	192.168.2.4
Aug 29, 2024 20:46:12.936156988 CEST	443	49736	162.159.140.229	192.168.2.4
Aug 29, 2024 20:46:12.936216116 CEST	49736	443	192.168.2.4	162.159.140.229
Aug 29, 2024 20:46:14.375938892 CEST	49736	443	192.168.2.4	162.159.140.229
Aug 29, 2024 20:46:14.375957966 CEST	443	49736	162.159.140.229	192.168.2.4
Aug 29, 2024 20:46:15.677067041 CEST	80	49723	217.20.57.42	192.168.2.4
Aug 29, 2024 20:46:15.677216053 CEST	49723	80	192.168.2.4	217.20.57.42
Aug 29, 2024 20:46:15.677294970 CEST	49723	80	192.168.2.4	217.20.57.42
Aug 29, 2024 20:46:15.682002068 CEST	80	49723	217.20.57.42	192.168.2.4
Aug 29, 2024 20:46:23.502950907 CEST	443	49750	188.114.96.3	192.168.2.4
Aug 29, 2024 20:46:23.503019094 CEST	443	49750	188.114.96.3	192.168.2.4
Aug 29, 2024 20:46:23.503070116 CEST	49750	443	192.168.2.4	188.114.96.3
Aug 29, 2024 20:46:24.377172947 CEST	49750	443	192.168.2.4	188.114.96.3
Aug 29, 2024 20:46:24.377202988 CEST	443	49750	188.114.96.3	192.168.2.4
Aug 29, 2024 20:46:31.384440899 CEST	80	49724	217.20.57.42	192.168.2.4
Aug 29, 2024 20:46:31.384541988 CEST	49724	80	192.168.2.4	217.20.57.42
Aug 29, 2024 20:46:31.384708881 CEST	49724	80	192.168.2.4	217.20.57.42
Aug 29, 2024 20:46:31.389569044 CEST	80	49724	217.20.57.42	192.168.2.4
Aug 29, 2024 20:46:59.798078060 CEST	49759	443	192.168.2.4	142.250.185.164
Aug 29, 2024 20:46:59.798124075 CEST	443	49759	142.250.185.164	192.168.2.4
Aug 29, 2024 20:46:59.798620939 CEST	49759	443	192.168.2.4	142.250.185.164
Aug 29, 2024 20:46:59.798691988 CEST	49759	443	192.168.2.4	142.250.185.164
Aug 29, 2024 20:46:59.798707962 CEST	443	49759	142.250.185.164	192.168.2.4
Aug 29, 2024 20:47:00.442620039 CEST	443	49759	142.250.185.164	192.168.2.4
Aug 29, 2024 20:47:00.443006992 CEST	49759	443	192.168.2.4	142.250.185.164
Aug 29, 2024 20:47:00.443018913 CEST	443	49759	142.250.185.164	192.168.2.4
Aug 29, 2024 20:47:00.443469048 CEST	443	49759	142.250.185.164	192.168.2.4
Aug 29, 2024 20:47:00.443892956 CEST	49759	443	192.168.2.4	142.250.185.164
Aug 29, 2024 20:47:00.443969011 CEST	443	49759	142.250.185.164	192.168.2.4
Aug 29, 2024 20:47:00.487543106 CEST	49759	443	192.168.2.4	142.250.185.164
Aug 29, 2024 20:47:10.345247984 CEST	443	49759	142.250.185.164	192.168.2.4
Aug 29, 2024 20:47:10.345310926 CEST	443	49759	142.250.185.164	192.168.2.4
Aug 29, 2024 20:47:10.345401049 CEST	49759	443	192.168.2.4	142.250.185.164
Aug 29, 2024 20:47:10.375840902 CEST	49759	443	192.168.2.4	142.250.185.164
Aug 29, 2024 20:47:10.375854969 CEST	443	49759	142.250.185.164	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 29, 2024 20:45:55.969161987 CEST	53	55860	1.1.1.1	192.168.2.4
Aug 29, 2024 20:45:56.076194048 CEST	53	64346	1.1.1.1	192.168.2.4
Aug 29, 2024 20:45:57.474833965 CEST	53	56914	1.1.1.1	192.168.2.4
Aug 29, 2024 20:45:57.543754101 CEST	51047	53	192.168.2.4	1.1.1.1
Aug 29, 2024 20:45:57.543884993 CEST	56555	53	192.168.2.4	1.1.1.1
Aug 29, 2024 20:45:57.552458048 CEST	53	56555	1.1.1.1	192.168.2.4
Aug 29, 2024 20:45:57.552567959 CEST	53	51047	1.1.1.1	192.168.2.4
Aug 29, 2024 20:45:58.229053974 CEST	62936	53	192.168.2.4	1.1.1.1
Aug 29, 2024 20:45:58.229209900 CEST	61421	53	192.168.2.4	1.1.1.1
Aug 29, 2024 20:45:58.415941000 CEST	53	62936	1.1.1.1	192.168.2.4
Aug 29, 2024 20:45:59.066814899 CEST	53	61421	1.1.1.1	192.168.2.4
Aug 29, 2024 20:45:59.732510090 CEST	56438	53	192.168.2.4	1.1.1.1
Aug 29, 2024 20:45:59.737297058 CEST	62044	53	192.168.2.4	1.1.1.1
Aug 29, 2024 20:45:59.740190983 CEST	53	56438	1.1.1.1	192.168.2.4
Aug 29, 2024 20:45:59.744898081 CEST	53	62044	1.1.1.1	192.168.2.4
Aug 29, 2024 20:46:06.702630997 CEST	52417	53	192.168.2.4	1.1.1.1
Aug 29, 2024 20:46:06.703046083 CEST	60731	53	192.168.2.4	1.1.1.1
Aug 29, 2024 20:46:06.727545977 CEST	53	60731	1.1.1.1	192.168.2.4
Aug 29, 2024 20:46:06.728168011 CEST	53	52417	1.1.1.1	192.168.2.4
Aug 29, 2024 20:46:07.673259974 CEST	65114	53	192.168.2.4	1.1.1.1
Aug 29, 2024 20:46:07.673619986 CEST	53806	53	192.168.2.4	1.1.1.1
Aug 29, 2024 20:46:07.872993946 CEST	53	65114	1.1.1.1	192.168.2.4
Aug 29, 2024 20:46:07.873012066 CEST	53	53806	1.1.1.1	192.168.2.4
Aug 29, 2024 20:46:14.752552032 CEST	53	63858	1.1.1.1	192.168.2.4
Aug 29, 2024 20:46:16.410336971 CEST	138	138	192.168.2.4	192.168.2.255
Aug 29, 2024 20:46:34.237339973 CEST	53	59197	1.1.1.1	192.168.2.4
Aug 29, 2024 20:46:55.606019020 CEST	53	49288	1.1.1.1	192.168.2.4
Aug 29, 2024 20:46:56.110963106 CEST	53	61370	1.1.1.1	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Aug 29, 2024 20:45:59.066890955 CEST	192.168.2.4	1.1.1.1	c230	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Aug 29, 2024 20:45:57.543754101 CEST	192.168.2.4	1.1.1.1	0x40fa	Standard query (0)	t.co	A (IP address)	IN (0x0001)	false
Aug 29, 2024 20:45:57.543884993 CEST	192.168.2.4	1.1.1.1	0xba47	Standard query (0)	t.co	65	IN (0x0001)	false
Aug 29, 2024 20:45:58.229053974 CEST	192.168.2.4	1.1.1.1	0xdb2	Standard query (0)	uswk.ytpcrmbo.top	A (IP address)	IN (0x0001)	false
Aug 29, 2024 20:45:58.229209900 CEST	192.168.2.4	1.1.1.1	0x897f	Standard query (0)	uswk.ytpcrmbo.top	65	IN (0x0001)	false
Aug 29, 2024 20:45:59.732510090 CEST	192.168.2.4	1.1.1.1	0x7755	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Aug 29, 2024 20:45:59.737297058 CEST	192.168.2.4	1.1.1.1	0x1557	Standard query (0)	www.google.com	65	IN (0x0001)	false
Aug 29, 2024 20:46:06.702630997 CEST	192.168.2.4	1.1.1.1	0x5eaf	Standard query (0)	a.nel.cloudflare.com	A (IP address)	IN (0x0001)	false
Aug 29, 2024 20:46:06.703046083 CEST	192.168.2.4	1.1.1.1	0x538e	Standard query (0)	a.nel.cloudflare.com	65	IN (0x0001)	false
Aug 29, 2024 20:46:07.673259974 CEST	192.168.2.4	1.1.1.1	0xccbc	Standard query (0)	uswk.ytpcrmbo.top	A (IP address)	IN (0x0001)	false
Aug 29, 2024 20:46:07.673619986 CEST	192.168.2.4	1.1.1.1	0x6ff9	Standard query (0)	uswk.ytpcrmbo.top	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Aug 29, 2024 20:45:57.552567959 CEST	1.1.1.1	192.168.2.4	0x40fa	No error (0)	t.co		162.159.140.229	A (IP address)	IN (0x0001)	false
Aug 29, 2024 20:45:58.415941000 CEST	1.1.1.1	192.168.2.4	0xdb2	No error (0)	uswk.ytpcrmbo.top		188.114.97.3	A (IP address)	IN (0x0001)	false
Aug 29, 2024 20:45:58.415941000 CEST	1.1.1.1	192.168.2.4	0xdb2	No error (0)	uswk.ytpcrmbo.top		188.114.96.3	A (IP address)	IN (0x0001)	false
Aug 29, 2024 20:45:59.066814899 CEST	1.1.1.1	192.168.2.4	0x897f	No error (0)	uswk.ytpcrmbo.top			65	IN (0x0001)	false
Aug 29, 2024 20:45:59.740190983 CEST	1.1.1.1	192.168.2.4	0x7755	No error (0)	www.google.com		142.250.185.164	A (IP address)	IN (0x0001)	false
Aug 29, 2024 20:45:59.744898081 CEST	1.1.1.1	192.168.2.4	0x1557	No error (0)	www.google.com			65	IN (0x0001)	false
Aug 29, 2024 20:46:06.728168011 CEST	1.1.1.1	192.168.2.4	0x5eaf	No error (0)	a.nel.cloudflare.com		35.190.80.1	A (IP address)	IN (0x0001)	false
Aug 29, 2024 20:46:07.872993946 CEST	1.1.1.1	192.168.2.4	0xccbc	No error (0)	uswk.ytpcrmbo.top		188.114.96.3	A (IP address)	IN (0x0001)	false
Aug 29, 2024 20:46:07.872993946 CEST	1.1.1.1	192.168.2.4	0xccbc	No error (0)	uswk.ytpcrmbo.top		188.114.97.3	A (IP address)	IN (0x0001)	false
Aug 29, 2024 20:46:07.873012066 CEST	1.1.1.1	192.168.2.4	0x6ff9	No error (0)	uswk.ytpcrmbo.top			65	IN (0x0001)	false
Aug 29, 2024 20:46:11.076385021 CEST	1.1.1.1	192.168.2.4	0xaef7	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Aug 29, 2024 20:46:11.076385021 CEST	1.1.1.1	192.168.2.4	0xaef7	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Aug 29, 2024 20:46:11.658127069 CEST	1.1.1.1	192.168.2.4	0xc6cb	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 29, 2024 20:46:11.658127069 CEST	1.1.1.1	192.168.2.4	0xc6cb	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Aug 29, 2024 20:46:24.836091995 CEST	1.1.1.1	192.168.2.4	0xec4	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 29, 2024 20:46:24.836091995 CEST	1.1.1.1	192.168.2.4	0xec4	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Aug 29, 2024 20:46:48.884701967 CEST	1.1.1.1	192.168.2.4	0xe664	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 29, 2024 20:46:48.884701967 CEST	1.1.1.1	192.168.2.4	0xe664	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Aug 29, 2024 20:47:09.303603888 CEST	1.1.1.1	192.168.2.4	0x2433	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 29, 2024 20:47:09.303603888 CEST	1.1.1.1	192.168.2.4	0x2433	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

t.co

https:

uswk.ytpcrmbo.top

fs.microsoft.com

a.nel.cloudflare.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49735	162.159.140.229	443	5288	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-29 18:45:58 UTC	672	OUT	GET /1xLFumfAle?bol=k9UdUJ3lou HTTP/1.1 Host: t.co Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-29 18:45:58 UTC	1097	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 18:45:58 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close perf: 7402827104 vary: Origin expires: Thu, 29 Aug 2024 18:50:58 GMT set-cookie: muc=6e5c02b6-f917-4f49-a9d1-ca21d43f1f2e; Max-Age=63072000; Expires=Sat, 29 Aug 2026 18:45:58 GMT; Domain=t.co; Secure; SameSite=None Cache-Control: private,max-age=300 x-transaction-id: a31b830f5ca7b1ee x-xss-protection: 0 strict-transport-security: max-age=0 x-response-time: 15 x-connection-hash: cb41a85319242039a17b56dae7003c0da77fdfda505b4a585d6caf83cc20726e CF-Cache-Status: DYNAMIC Set-Cookie: muc_ads=6e5c02b6-f917-4f49-a9d1-ca21d43f1f2e; Max-Age=63072000; Expires=Sat, 29 Aug 2026 18:45:58 GMT; Path=/; Domain=t.co; Secure; SameSite=None Set-Cookie: __cf_bm=pSkrG2WIvUs3a6c_t0_Aq9lsqO7P89SCGFgRZFyt6WM-1724957158-1.0.1.1-W_YCPzgJbaNb8CK1Rl12EmNdAHgropuQUriB4h.mhqo7GHfXMHX89NjOz_RsybHrNdLIkEeNOxKQelFCIHJzDw; path=/; expires=Thu, 29-Aug-24 19:15:58 GMT; domain=.t.co; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 8baeb37e1a9e4401-EWR
2024-08-29 18:45:58 UTC	272	IN	Data Raw: 31 37 32 0d 0a 3c 68 65 61 64 3e 3c 6e 6f 73 63 72 69 70 74 3e 3c 4d 45 54 41 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 55 52 4c 3d 68 74 74 70 73 3a 2f 2f 75 73 77 6b 2e 79 74 70 63 72 6d 62 6f 2e 74 6f 70 2f 3f 74 65 6d 70 6c 61 74 65 3d 61 31 65 6b 39 30 26 61 6d 70 3b 72 75 6e 6e 65 72 3d 32 35 33 38 39 32 62 38 37 39 37 64 61 62 35 35 70 6e 79 22 3e 3c 2f 6e 6f 73 63 72 69 70 74 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 75 73 77 6b 2e 79 74 70 63 72 6d 62 6f 2e 74 6f 70 2f 3f 74 65 6d 70 6c 61 74 65 3d 61 31 65 6b 39 30 26 61 6d 70 3b 72 75 6e 6e 65 72 3d 32 35 33 38 39 32 62 38 37 39 37 64 61 62 35 35 70 6e 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e Data Ascii: 172<head><noscript><META http-equiv="refresh" content="0;URL=https://uswk.ytpcrmbo.top/?template=a1ek90&runner=253892b8797dab55pny"></noscript><title>https://uswk.ytpcrmbo.top/?template=a1ek90&runner=253892b8797dab55pny</title></head><script>win
2024-08-29 18:45:58 UTC	105	IN	Data Raw: 3b 20 6c 6f 63 61 74 69 6f 6e 2e 72 65 70 6c 61 63 65 28 22 68 74 74 70 73 3a 5c 2f 5c 2f 75 73 77 6b 2e 79 74 70 63 72 6d 62 6f 2e 74 6f 70 5c 2f 3f 74 65 6d 70 6c 61 74 65 3d 61 31 65 6b 39 30 26 72 75 6e 6e 65 72 3d 32 35 33 38 39 32 62 38 37 39 37 64 61 62 35 35 70 6e 79 22 29 3c 2f 73 63 72 69 70 74 3e 0d 0a Data Ascii: ; location.replace("https:\/\/uswk.ytpcrmbo.top\/?template=a1ek90&runner=253892b8797dab55pny")</script>
2024-08-29 18:45:58 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49739	188.114.97.3	443	5288	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-29 18:45:58 UTC	713	OUT	GET /?template=a1ek90&runner=253892b8797dab55pny HTTP/1.1 Host: uswk.ytpcrmbo.top Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://t.co/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-29 18:46:02 UTC	915	IN	HTTP/1.1 302 Found Date: Thu, 29 Aug 2024 18:46:02 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Cache-Control: private Location: /2b14101e9/ATNzYO/AA0?tDkO?AII0AGcYE_4HAOaiBODAsj_x/8k8AJeN7AHATciFyEF5AAy2gAfAu/4EBAfjKCn Set-Cookie: ASP.NET_SessionId=bzthnzrj4lrciwb0wziau21z; path=/; HttpOnly Set-Cookie: RdStr=bzthnzrj4lrciwb0wziau21z; path=/ X-AspNetMvc-Version: 5.2 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NasX4ToIqhxzKHmi4d0cKcJttYr6VtwmAGJCtd0BNQXpltvKGN3w4%2BdO19fOnEKemtRLpjE8B0e%2FW8%2BeJa9kZo%2BuX54D4oTf3eyu9qBRAHKNQnSngclDerLhx1sUQ9TBTLbeBg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8baeb3842d0c43dc-EWR alt-svc: h3=":443"; ma=86400
2024-08-29 18:46:02 UTC	213	IN	Data Raw: 63 66 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 2f 32 62 31 34 31 30 31 65 39 2f 41 54 4e 7a 59 4f 2f 41 41 30 3f 74 44 6b 4f 3f 41 49 49 30 41 47 63 59 45 5f 34 48 41 4f 61 69 42 4f 44 41 73 6a 5f 78 2f 38 6b 38 41 4a 65 4e 37 41 48 41 54 63 69 46 79 45 46 35 41 41 79 32 67 41 66 41 75 2f 34 45 42 41 66 6a 4b 43 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 68 32 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a Data Ascii: cf<html><head><title>Object moved</title></head><body><h2>Object moved to <a href="/2b14101e9/ATNzYO/AA0?tDkO?AII0AGcYE_4HAOaiBODAsj_x/8k8AJeN7AHATciFyEF5AAy2gAfAu/4EBAfjKCn">here</a>.</h2></body></html>
2024-08-29 18:46:02 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49743	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-08-29 18:46:01 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-08-29 18:46:01 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=139852 Date: Thu, 29 Aug 2024 18:46:01 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49740	188.114.97.3	443	5288	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-29 18:46:02 UTC	843	OUT	GET /2b14101e9/ATNzYO/AA0?tDkO?AII0AGcYE_4HAOaiBODAsj_x/8k8AJeN7AHATciFyEF5AAy2gAfAu/4EBAfjKCn HTTP/1.1 Host: uswk.ytpcrmbo.top Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://t.co/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: ASP.NET_SessionId=bzthnzrj4lrciwb0wziau21z; RdStr=bzthnzrj4lrciwb0wziau21z
2024-08-29 18:46:04 UTC	704	IN	HTTP/1.1 302 Found Date: Thu, 29 Aug 2024 18:46:04 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Cache-Control: private Location: / X-AspNetMvc-Version: 5.2 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Jqmdy02VgesVTdkgsUue6LgnxQbwlZYfDv27qCh0c%2FRDk8ey76OOsAfjGGAkoTNE%2F2%2FwXYbDdbsiIiis66nxQav4NWoBWDnXZ18sMnm9XT6%2BF2UR%2FxN0H2gGFavj%2BvGcYUjf6g%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8baeb39a2e0a4267-EWR alt-svc: h3=":443"; ma=86400
2024-08-29 18:46:04 UTC	122	IN	Data Raw: 37 34 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 68 32 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: 74<html><head><title>Object moved</title></head><body><h2>Object moved to <a href="/">here</a>.</h2></body></html>
2024-08-29 18:46:04 UTC	7	IN	Data Raw: 32 0d 0a 0d 0a 0d 0a Data Ascii: 2
2024-08-29 18:46:04 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49744	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-08-29 18:46:02 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-08-29 18:46:02 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=139804 Date: Thu, 29 Aug 2024 18:46:02 GMT Content-Length: 55 Connection: close X-CID: 2
2024-08-29 18:46:02 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49745	188.114.97.3	443	5288	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-29 18:46:04 UTC	754	OUT	GET / HTTP/1.1 Host: uswk.ytpcrmbo.top Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://t.co/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: ASP.NET_SessionId=bzthnzrj4lrciwb0wziau21z; RdStr=bzthnzrj4lrciwb0wziau21z
2024-08-29 18:46:06 UTC	676	IN	HTTP/1.1 404 Not Found Date: Thu, 29 Aug 2024 18:46:06 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Cache-Control: private X-AspNetMvc-Version: 5.2 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Pwbdsz0eQSl3Q%2FmLQ0EZfKUX5hZUoA8fzEYU3RWZLPLcWsiUPWhYRuz6TuMAxXhub4HjB%2FgBu6TRhPo7Ftd0jn4%2FEe8ITwcOHFd5emkuBBcTNUzPi5vBuvk8%2F5mOzm5bOiNKrg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8baeb3a948f77c7b-EWR alt-svc: h3=":443"; ma=86400
2024-08-29 18:46:06 UTC	693	IN	Data Raw: 34 38 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 d5 d2 Data Ascii: 48b<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=gb2312"/><title>404 -
2024-08-29 18:46:06 UTC	477	IN	Data Raw: 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e b7 fe ce f1 c6 f7 b4 ed ce f3 3c 2f 68 31 3e 3c 2f Data Ascii: rif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1></h1></
2024-08-29 18:46:06 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49746	35.190.80.1	443	5288	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-29 18:46:07 UTC	546	OUT	OPTIONS /report/v4?s=Pwbdsz0eQSl3Q%2FmLQ0EZfKUX5hZUoA8fzEYU3RWZLPLcWsiUPWhYRuz6TuMAxXhub4HjB%2FgBu6TRhPo7Ftd0jn4%2FEe8ITwcOHFd5emkuBBcTNUzPi5vBuvk8%2F5mOzm5bOiNKrg%3D%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://uswk.ytpcrmbo.top Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-29 18:46:07 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: POST, OPTIONS access-control-allow-origin: * access-control-allow-headers: content-length, content-type date: Thu, 29 Aug 2024 18:46:06 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49747	188.114.97.3	443	5288	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-29 18:46:07 UTC	674	OUT	GET /favicon.ico HTTP/1.1 Host: uswk.ytpcrmbo.top Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://uswk.ytpcrmbo.top/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: ASP.NET_SessionId=bzthnzrj4lrciwb0wziau21z; RdStr=bzthnzrj4lrciwb0wziau21z
2024-08-29 18:46:07 UTC	721	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 18:46:07 GMT Content-Type: image/x-icon Content-Length: 32038 Connection: close Last-Modified: Sun, 25 Aug 2024 10:54:31 GMT ETag: "6ab3dc29ddf6da1:0" X-Powered-By: ASP.NET Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 173 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FDv42FbI5YezMx3%2BVDW5wbNOg00gXn%2FoO0FfrO1m2fqgBVoWmSwtlzt3eR%2FfKzwgJ%2Fbqy0lvRfZpiA1MIL2JuTsRKL1fk3nzxMBIcgi7ILrhtil3tTddd98SBZgUElTOzYsbJw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8baeb3b8d8cec342-EWR alt-svc: h3=":443"; ma=86400
2024-08-29 18:46:07 UTC	648	IN	Data Raw: 00 00 01 00 04 00 10 10 00 00 00 00 20 00 68 04 00 00 46 00 00 00 20 20 00 00 00 00 20 00 a8 10 00 00 ae 04 00 00 30 30 00 00 00 00 20 00 a8 25 00 00 56 15 00 00 40 40 00 00 00 00 20 00 28 42 00 00 fe 3a 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 40 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 65 32 31 1b 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 65 32 31 1b 66 33 32 51 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 51 e4 da d8 51 be a7 a5 ff 81 55 53 ff 66 33 32 ff 66 Data Ascii: hF 00 %V@@ (B:( @e21f32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qe21f32Qf32f32f32f32f32f32f32f32f32f32f32f32f32f32f32QQUSf32f
2024-08-29 18:46:07 UTC	1369	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff f5 f2 f1 ff cf bf bf ff b3 9a 9a ff cc bb bb ff d0 c0 c0 ff a1 80 7f ff 66 33 32 51 66 33 32 51 66 33 32 ff 66 33 32 ff 67 34 33 ff e2 d8 d8 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fb fa fa ff ca b8 b8 ff b0 96 96 ff aa 8d 8d ff 95 72 71 ff c6 b0 af ff 66 33 32 51 68 36 35 51 68 36 35 ff 68 36 35 ff 6a 38 37 ff 83 59 59 ff 84 5b 5b ff 84 5b 5b ff 84 5b 5b ff 85 5c 5b ff 86 5d 5d ff 93 6f 6f ff ca b8 b7 ff cd ba b8 ff cc b9 b8 ff 9a 76 75 ff 66 33 32 51 f1 ed ed 51 f1 ed ed ff f1 ed ed ff f1 ed ed ff f1 ed ed ff f1 ed ed ff f1 ed ed ff f1 ed ed ff eb e3 e3 ff dc ce cd ff c0 a9 a8 ff 93 6d 6b ff 67 34 33 ff 66 33 32 ff 66 33 32 ff 66 33 32 51 ff ff ff 51 ff ff ff ff ff ff ff ff fe fe fe ff e9 e1 e0 ff ca b6 b5 ff a9 Data Ascii: f32Qf32Qf32f32g43rqf32Qh65Qh65h65j87YY[[[[[[\[]]oovuf32QQmkg43f32f32f32QQ
2024-08-29 18:46:07 UTC	1369	IN	Data Raw: ff fb fa fa ff ff ff ff ff fd fc fc ff d3 c1 bf ff 9a 74 72 ff 72 42 40 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 a1 ff ff ff 01 ff ff ff 01 66 33 32 a1 6b 3a 39 ff 99 77 76 ff dc d0 d0 ff fd fc fc ff ff ff ff ff fe fe fe ff e8 de dd ff b8 9c 99 ff 83 57 55 ff 68 35 33 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 a1 ff ff ff 01 ff ff ff 01 66 33 32 a1 66 33 Data Ascii: trrB@f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32k:9wvWUh53f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f3
2024-08-29 18:46:07 UTC	1369	IN	Data Raw: c5 b2 b1 ff c9 b7 b7 ff e7 df df ff be a5 a2 ff 66 33 32 ff 66 33 32 a1 ff ff ff 01 ff ff ff 01 66 33 32 a1 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 88 60 5f ff f8 f5 f5 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fa f9 f9 ff ee e8 e8 ff e9 e2 e2 ff f5 f2 f2 ff ec e6 e5 ff a3 84 83 ff ec e4 e3 ff 75 45 43 ff 66 33 32 a1 ff ff ff 01 ff ff ff 01 66 33 32 a1 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff b0 96 95 ff fe fe fe ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff f5 f2 f2 ff bb a5 a4 ff b7 9f 9e ff c5 b2 b1 ff d5 c8 c7 ff e0 d6 d6 Data Ascii: f32f32f32f32f32f32f32f32f32`_uECf32f32f32f32f32f32f32f32
2024-08-29 18:46:07 UTC	1369	IN	Data Raw: 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 a1 ff ff ff 01 ff ff ff 01 66 33 32 a1 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 a1 ff ff ff 01 ff ff ff 01 66 33 32 a1 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff Data Ascii: 32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32
2024-08-29 18:46:07 UTC	1369	IN	Data Raw: 32 ff 66 33 32 ff 65 32 31 ff 66 33 32 ff 66 33 32 ff 66 33 31 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 65 32 31 ff 66 33 32 ff 66 33 32 ff 65 32 31 ff 66 33 31 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 65 32 31 ff 66 33 31 ff 65 32 31 ff 65 32 31 ff 66 33 32 ff 65 32 31 ff 66 33 32 ff 66 33 31 ff 66 33 32 ff 65 32 31 ff 66 33 31 ff 66 33 32 ff 65 32 31 ff 65 32 32 ff 66 33 31 ff 65 32 32 f1 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 65 32 31 f1 65 32 31 ff 65 32 31 ff 66 33 32 ff 66 33 32 ff 65 32 31 ff 66 33 31 ff 66 33 32 ff 65 32 31 ff 65 32 31 ff 66 33 32 ff 66 33 31 ff 66 33 32 ff 66 33 32 ff 65 32 31 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 65 32 32 ff 66 33 31 ff 66 33 32 ff 66 33 32 ff 65 32 32 ff 65 32 31 ff 66 Data Ascii: 2f32e21f32f32f31f32f32f32f32e21f32f32e21f31f32f32f32f32e21f31e21e21f32e21f32f31f32e21f31f32e21e22f31e22e21e21e21f32f32e21f31f32e21e21f32f31f32f32e21f32f32f32f32e22f31f32f32e22e21f
2024-08-29 18:46:07 UTC	1369	IN	Data Raw: ff 66 33 32 ff 66 33 32 ff 66 33 31 ff 66 33 32 ff 66 33 32 ff 65 32 31 ff 65 32 32 ff 66 33 32 ff 66 33 32 ff 65 32 32 ff 65 32 31 ff 66 33 32 ff 66 33 32 ff 66 33 31 ff 65 32 31 ff 66 33 32 ff 65 32 31 ff 65 32 32 ff 66 33 32 ff 65 32 32 ff 65 32 31 ff 66 33 32 ff 66 33 31 ff 65 32 32 ff 66 33 32 ff 65 32 31 ff 66 33 32 ff 65 32 31 f1 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 65 32 32 f1 66 33 32 ff 66 33 32 ff 7e 52 51 ff bf aa a9 ff ed e8 e8 ff fe fd fd ff fe fe fe ff ff ff ff ff ff ff ff ff ff ff ff ff fa f7 f7 ff d0 ba b6 ff 99 74 71 ff 77 46 43 ff 67 34 32 ff 66 33 32 ff 65 32 31 ff 65 32 31 ff 65 32 32 ff 65 32 31 ff 66 33 31 ff 66 33 31 ff 66 33 32 ff 65 32 32 ff 66 33 32 ff 65 32 31 ff 66 33 32 ff 65 32 32 ff 65 32 31 ff 65 32 32 ff 66 33 Data Ascii: f32f32f31f32f32e21e22f32f32e22e21f32f32f31e21f32e21e22f32e22e21f32f31e22f32e21f32e21e22f32f32~RQtqwFCg42f32e21e21e22e21f31f31f32e22f32e21f32e22e21e22f3
2024-08-29 18:46:07 UTC	1369	IN	Data Raw: fe fe fe ff ff ff ff ff ff ff ff ff fb f9 f8 ff ec e4 e3 ff c4 ac a9 ff 8b 60 5c ff 71 40 3e ff 67 34 32 ff 65 32 32 ff 66 33 32 ff 66 33 32 ff 65 32 32 ff 65 32 32 ff 65 32 32 ff 65 32 32 ff 66 33 31 ff 65 32 32 ff 65 32 31 ff 66 33 32 ff 65 32 31 ff 66 33 32 f1 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 65 32 31 f1 66 33 32 ff 66 33 32 ff 65 32 31 ff 65 32 32 ff 66 33 32 ff 66 33 31 ff 65 32 32 ff 65 32 31 ff 66 33 32 ff 66 33 32 ff 65 32 32 ff 66 33 32 ff 6b 3a 39 ff 66 33 32 ff 66 33 32 ff 6b 3a 39 ff 92 6e 6d ff c7 b5 b4 ff f1 ed ed ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fb f9 f8 ff d3 bf bc ff aa 8a 88 ff 78 46 43 ff 67 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 31 ff 65 32 31 Data Ascii: `\q@>g42e22f32f32e22e22e22e22f31e22e21f32e21f32e21f32f32e21e22f32f31e22e21f32f32e22f32k:9f32f32k:9nmxFCg32f32f32f32f31e21
2024-08-29 18:46:07 UTC	1369	IN	Data Raw: 75 74 ff 84 5b 5a ff 75 47 46 ff 68 35 34 ff 66 33 32 ff 6c 3b 3a ff 88 60 60 ff b0 96 96 ff e0 d6 d6 ff e3 da da ff b9 a2 a1 ff fa f9 f9 ff d0 bb b9 ff 71 40 3e ff 65 32 32 ff 66 33 31 f1 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 66 33 32 f1 65 32 31 ff 66 33 31 ff 65 32 31 ff 66 33 31 ff 66 33 31 ff 66 33 32 ff 65 32 31 ff 66 33 32 ff 66 33 32 ff 66 33 31 ff b5 9d 9c ff ff ff ff ff ff ff ff ff ff ff ff ff fe fe fe ff ff ff ff ff fe fe fe ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fa f9 f9 ff e9 e2 e2 ff d8 cb ca ff c5 b2 b1 ff b4 9b 9b ff a6 89 88 ff a1 83 82 ff a7 89 89 ff d6 c8 c8 ff ea e3 e3 ff 95 72 71 ff e7 df df ff f7 f3 f3 ff 89 5d 5a ff 66 33 31 ff 66 33 31 f1 Data Ascii: ut[ZuGFh54f32l;:``q@>e22f31f32e21f31e21f31f31f32e21f32f32f31rq]Zf31f31
2024-08-29 18:46:07 UTC	1369	IN	Data Raw: fe ff ff ff ff ff ff ff ff ff fe fe fe ff ff ff ff ff fc fb fa ff dd cf cc ff 91 67 63 ff 66 33 32 ff 66 33 32 f1 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 6d 3c 3b f1 6d 3c 3b ff 6d 3c 3b ff 6d 3c 3b ff 6d 3c 3b ff 6d 3c 3b ff 6d 3c 3b ff 6d 3c 3b ff 6d 3c 3b ff 6d 3c 3b ff 6d 3c 3b ff 6d 3c 3b ff 6d 3c 3b ff 6d 3c 3b ff 6d 3c 3b ff 6d 3c 3b ff 6d 3c 3b ff 6d 3c 3b ff 6d 3c 3b ff 6d 3c 3b ff 6d 3c 3b ff 6d 3c 3b ff 6d 3c 3b ff 6d 3d 3c ff 6e 3e 3d ff 6f 3f 3e ff 71 41 40 ff 74 45 45 ff 81 58 57 ff 97 74 74 ff b5 9d 9c ff db d0 cf ff f5 f1 f1 ff fb fa fa ff ce b8 b5 ff 9a 71 6d ff 99 70 6b ff 95 6c 67 ff 91 67 64 ff 89 60 5f ff 78 49 47 ff 67 34 33 ff 66 33 32 ff 65 32 32 f1 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 d6 c8 c8 f1 d6 c8 c8 ff d6 Data Ascii: gcf32f32m<;m<;m<;m<;m<;m<;m<;m<;m<;m<;m<;m<;m<;m<;m<;m<;m<;m<;m<;m<;m<;m<;m<;m=<n>=o?>qA@tEEXWttqmpklggd`_xIGg43f32e22

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49748	35.190.80.1	443	5288	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-29 18:46:07 UTC	486	OUT	POST /report/v4?s=Pwbdsz0eQSl3Q%2FmLQ0EZfKUX5hZUoA8fzEYU3RWZLPLcWsiUPWhYRuz6TuMAxXhub4HjB%2FgBu6TRhPo7Ftd0jn4%2FEe8ITwcOHFd5emkuBBcTNUzPi5vBuvk8%2F5mOzm5bOiNKrg%3D%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 400 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-29 18:46:07 UTC	400	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 30 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 32 34 31 32 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 74 2e 63 6f 2f 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 38 38 2e 31 31 34 2e 39 37 2e 33 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 34 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 75 73 77 Data Ascii: [{"age":0,"body":{"elapsed_time":2412,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://t.co/","sampling_fraction":1.0,"server_ip":"188.114.97.3","status_code":404,"type":"http.error"},"type":"network-error","url":"https://usw
2024-08-29 18:46:08 UTC	168	IN	HTTP/1.1 200 OK Content-Length: 0 date: Thu, 29 Aug 2024 18:46:07 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49749	188.114.96.3	443	5288	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-29 18:46:08 UTC	436	OUT	GET /favicon.ico HTTP/1.1 Host: uswk.ytpcrmbo.top Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: ASP.NET_SessionId=bzthnzrj4lrciwb0wziau21z; RdStr=bzthnzrj4lrciwb0wziau21z
2024-08-29 18:46:08 UTC	715	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 18:46:08 GMT Content-Type: image/x-icon Content-Length: 32038 Connection: close Last-Modified: Sun, 25 Aug 2024 10:54:31 GMT ETag: "6ab3dc29ddf6da1:0" X-Powered-By: ASP.NET Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 174 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L3QRLaCaAOIAJWnG868deW0839KwNbbxcp%2FHSMCmfyqlKd1kTuj8KHSRjxcHmQ7PZZJ0GCqR4kJwzM%2BZaLEDOs5Y7rNzcmy8Zdg5QkFyKQqyi8FEbE3j8yRKzbVvN0TOkklzrw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8baeb3bf8c0a7d26-EWR alt-svc: h3=":443"; ma=86400
2024-08-29 18:46:08 UTC	654	IN	Data Raw: 00 00 01 00 04 00 10 10 00 00 00 00 20 00 68 04 00 00 46 00 00 00 20 20 00 00 00 00 20 00 a8 10 00 00 ae 04 00 00 30 30 00 00 00 00 20 00 a8 25 00 00 56 15 00 00 40 40 00 00 00 00 20 00 28 42 00 00 fe 3a 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 40 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 65 32 31 1b 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 65 32 31 1b 66 33 32 51 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 51 e4 da d8 51 be a7 a5 ff 81 55 53 ff 66 33 32 ff 66 Data Ascii: hF 00 %V@@ (B:( @e21f32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qe21f32Qf32f32f32f32f32f32f32f32f32f32f32f32f32f32f32QQUSf32f
2024-08-29 18:46:08 UTC	1369	IN	Data Raw: ff ff ff ff f5 f2 f1 ff cf bf bf ff b3 9a 9a ff cc bb bb ff d0 c0 c0 ff a1 80 7f ff 66 33 32 51 66 33 32 51 66 33 32 ff 66 33 32 ff 67 34 33 ff e2 d8 d8 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fb fa fa ff ca b8 b8 ff b0 96 96 ff aa 8d 8d ff 95 72 71 ff c6 b0 af ff 66 33 32 51 68 36 35 51 68 36 35 ff 68 36 35 ff 6a 38 37 ff 83 59 59 ff 84 5b 5b ff 84 5b 5b ff 84 5b 5b ff 85 5c 5b ff 86 5d 5d ff 93 6f 6f ff ca b8 b7 ff cd ba b8 ff cc b9 b8 ff 9a 76 75 ff 66 33 32 51 f1 ed ed 51 f1 ed ed ff f1 ed ed ff f1 ed ed ff f1 ed ed ff f1 ed ed ff f1 ed ed ff f1 ed ed ff eb e3 e3 ff dc ce cd ff c0 a9 a8 ff 93 6d 6b ff 67 34 33 ff 66 33 32 ff 66 33 32 ff 66 33 32 51 ff ff ff 51 ff ff ff ff ff ff ff ff fe fe fe ff e9 e1 e0 ff ca b6 b5 ff a9 8b 89 ff 89 60 5e Data Ascii: f32Qf32Qf32f32g43rqf32Qh65Qh65h65j87YY[[[[[[\[]]oovuf32QQmkg43f32f32f32QQ`^
2024-08-29 18:46:08 UTC	1369	IN	Data Raw: ff ff ff fd fc fc ff d3 c1 bf ff 9a 74 72 ff 72 42 40 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 a1 ff ff ff 01 ff ff ff 01 66 33 32 a1 6b 3a 39 ff 99 77 76 ff dc d0 d0 ff fd fc fc ff ff ff ff ff fe fe fe ff e8 de dd ff b8 9c 99 ff 83 57 55 ff 68 35 33 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 a1 ff ff ff 01 ff ff ff 01 66 33 32 a1 66 33 32 ff 66 33 32 ff Data Ascii: trrB@f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32k:9wvWUh53f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32
2024-08-29 18:46:08 UTC	1369	IN	Data Raw: b7 ff e7 df df ff be a5 a2 ff 66 33 32 ff 66 33 32 a1 ff ff ff 01 ff ff ff 01 66 33 32 a1 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 88 60 5f ff f8 f5 f5 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fa f9 f9 ff ee e8 e8 ff e9 e2 e2 ff f5 f2 f2 ff ec e6 e5 ff a3 84 83 ff ec e4 e3 ff 75 45 43 ff 66 33 32 a1 ff ff ff 01 ff ff ff 01 66 33 32 a1 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff b0 96 95 ff fe fe fe ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff f5 f2 f2 ff bb a5 a4 ff b7 9f 9e ff c5 b2 b1 ff d5 c8 c7 ff e0 d6 d6 ff e8 e0 e0 ff e5 Data Ascii: f32f32f32f32f32f32f32f32f32`_uECf32f32f32f32f32f32f32f32
2024-08-29 18:46:08 UTC	1369	IN	Data Raw: ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 a1 ff ff ff 01 ff ff ff 01 66 33 32 a1 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 a1 ff ff ff 01 ff ff ff 01 66 33 32 a1 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 Data Ascii: f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f3
2024-08-29 18:46:08 UTC	1369	IN	Data Raw: 65 32 31 ff 66 33 32 ff 66 33 32 ff 66 33 31 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 65 32 31 ff 66 33 32 ff 66 33 32 ff 65 32 31 ff 66 33 31 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 65 32 31 ff 66 33 31 ff 65 32 31 ff 65 32 31 ff 66 33 32 ff 65 32 31 ff 66 33 32 ff 66 33 31 ff 66 33 32 ff 65 32 31 ff 66 33 31 ff 66 33 32 ff 65 32 31 ff 65 32 32 ff 66 33 31 ff 65 32 32 f1 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 65 32 31 f1 65 32 31 ff 65 32 31 ff 66 33 32 ff 66 33 32 ff 65 32 31 ff 66 33 31 ff 66 33 32 ff 65 32 31 ff 65 32 31 ff 66 33 32 ff 66 33 31 ff 66 33 32 ff 66 33 32 ff 65 32 31 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 65 32 32 ff 66 33 31 ff 66 33 32 ff 66 33 32 ff 65 32 32 ff 65 32 31 ff 66 33 31 ff 66 33 31 Data Ascii: e21f32f32f31f32f32f32f32e21f32f32e21f31f32f32f32f32e21f31e21e21f32e21f32f31f32e21f31f32e21e22f31e22e21e21e21f32f32e21f31f32e21e21f32f31f32f32e21f32f32f32f32e22f31f32f32e22e21f31f31
2024-08-29 18:46:08 UTC	1369	IN	Data Raw: 33 32 ff 66 33 31 ff 66 33 32 ff 66 33 32 ff 65 32 31 ff 65 32 32 ff 66 33 32 ff 66 33 32 ff 65 32 32 ff 65 32 31 ff 66 33 32 ff 66 33 32 ff 66 33 31 ff 65 32 31 ff 66 33 32 ff 65 32 31 ff 65 32 32 ff 66 33 32 ff 65 32 32 ff 65 32 31 ff 66 33 32 ff 66 33 31 ff 65 32 32 ff 66 33 32 ff 65 32 31 ff 66 33 32 ff 65 32 31 f1 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 65 32 32 f1 66 33 32 ff 66 33 32 ff 7e 52 51 ff bf aa a9 ff ed e8 e8 ff fe fd fd ff fe fe fe ff ff ff ff ff ff ff ff ff ff ff ff ff fa f7 f7 ff d0 ba b6 ff 99 74 71 ff 77 46 43 ff 67 34 32 ff 66 33 32 ff 65 32 31 ff 65 32 31 ff 65 32 32 ff 65 32 31 ff 66 33 31 ff 66 33 31 ff 66 33 32 ff 65 32 32 ff 66 33 32 ff 65 32 31 ff 66 33 32 ff 65 32 32 ff 65 32 31 ff 65 32 32 ff 66 33 32 ff 66 33 31 ff Data Ascii: 32f31f32f32e21e22f32f32e22e21f32f32f31e21f32e21e22f32e22e21f32f31e22f32e21f32e21e22f32f32~RQtqwFCg42f32e21e21e22e21f31f31f32e22f32e21f32e22e21e22f32f31
2024-08-29 18:46:08 UTC	1369	IN	Data Raw: ff ff ff ff ff ff fb f9 f8 ff ec e4 e3 ff c4 ac a9 ff 8b 60 5c ff 71 40 3e ff 67 34 32 ff 65 32 32 ff 66 33 32 ff 66 33 32 ff 65 32 32 ff 65 32 32 ff 65 32 32 ff 65 32 32 ff 66 33 31 ff 65 32 32 ff 65 32 31 ff 66 33 32 ff 65 32 31 ff 66 33 32 f1 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 65 32 31 f1 66 33 32 ff 66 33 32 ff 65 32 31 ff 65 32 32 ff 66 33 32 ff 66 33 31 ff 65 32 32 ff 65 32 31 ff 66 33 32 ff 66 33 32 ff 65 32 32 ff 66 33 32 ff 6b 3a 39 ff 66 33 32 ff 66 33 32 ff 6b 3a 39 ff 92 6e 6d ff c7 b5 b4 ff f1 ed ed ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fb f9 f8 ff d3 bf bc ff aa 8a 88 ff 78 46 43 ff 67 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 31 ff 65 32 31 ff 66 33 32 ff 66 Data Ascii: `\q@>g42e22f32f32e22e22e22e22f31e22e21f32e21f32e21f32f32e21e22f32f31e22e21f32f32e22f32k:9f32f32k:9nmxFCg32f32f32f32f31e21f32f
2024-08-29 18:46:08 UTC	1369	IN	Data Raw: ff 75 47 46 ff 68 35 34 ff 66 33 32 ff 6c 3b 3a ff 88 60 60 ff b0 96 96 ff e0 d6 d6 ff e3 da da ff b9 a2 a1 ff fa f9 f9 ff d0 bb b9 ff 71 40 3e ff 65 32 32 ff 66 33 31 f1 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 66 33 32 f1 65 32 31 ff 66 33 31 ff 65 32 31 ff 66 33 31 ff 66 33 31 ff 66 33 32 ff 65 32 31 ff 66 33 32 ff 66 33 32 ff 66 33 31 ff b5 9d 9c ff ff ff ff ff ff ff ff ff ff ff ff ff fe fe fe ff ff ff ff ff fe fe fe ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fa f9 f9 ff e9 e2 e2 ff d8 cb ca ff c5 b2 b1 ff b4 9b 9b ff a6 89 88 ff a1 83 82 ff a7 89 89 ff d6 c8 c8 ff ea e3 e3 ff 95 72 71 ff e7 df df ff f7 f3 f3 ff 89 5d 5a ff 66 33 31 ff 66 33 31 f1 ff ff ff 01 ff ff Data Ascii: uGFh54f32l;:``q@>e22f31f32e21f31e21f31f31f32e21f32f32f31rq]Zf31f31
2024-08-29 18:46:08 UTC	1369	IN	Data Raw: ff ff ff ff fe fe fe ff ff ff ff ff fc fb fa ff dd cf cc ff 91 67 63 ff 66 33 32 ff 66 33 32 f1 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 6d 3c 3b f1 6d 3c 3b ff 6d 3c 3b ff 6d 3c 3b ff 6d 3c 3b ff 6d 3c 3b ff 6d 3c 3b ff 6d 3c 3b ff 6d 3c 3b ff 6d 3c 3b ff 6d 3c 3b ff 6d 3c 3b ff 6d 3c 3b ff 6d 3c 3b ff 6d 3c 3b ff 6d 3c 3b ff 6d 3c 3b ff 6d 3c 3b ff 6d 3c 3b ff 6d 3c 3b ff 6d 3c 3b ff 6d 3c 3b ff 6d 3c 3b ff 6d 3d 3c ff 6e 3e 3d ff 6f 3f 3e ff 71 41 40 ff 74 45 45 ff 81 58 57 ff 97 74 74 ff b5 9d 9c ff db d0 cf ff f5 f1 f1 ff fb fa fa ff ce b8 b5 ff 9a 71 6d ff 99 70 6b ff 95 6c 67 ff 91 67 64 ff 89 60 5f ff 78 49 47 ff 67 34 33 ff 66 33 32 ff 65 32 32 f1 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 d6 c8 c8 f1 d6 c8 c8 ff d6 c8 c8 ff d6 c8 c8 Data Ascii: gcf32f32m<;m<;m<;m<;m<;m<;m<;m<;m<;m<;m<;m<;m<;m<;m<;m<;m<;m<;m<;m<;m<;m<;m<;m=<n>=o?>qA@tEEXWttqmpklggd`_xIGg43f32e22

Target ID:	0
Start time:	14:45:50
Start date:	29/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	14:45:53
Start date:	29/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=2000,i,15640911329859800286,5607836205167479354,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	14:45:56
Start date:	29/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://t.co/1xLFumfAle?bol=k9UdUJ3lou"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.57.42
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.57.42
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.57.42
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.57.42
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /1xLFumfAle?bol=k9UdUJ3lou HTTP/1.1Host: t.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?template=a1ek90&runner=253892b8797dab55pny HTTP/1.1Host: uswk.ytpcrmbo.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://t.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /2b14101e9/ATNzYO/AA0?tDkO?AII0AGcYE_4HAOaiBODAsj_x/8k8AJeN7AHATciFyEF5AAy2gAfAu/4EBAfjKCn HTTP/1.1Host: uswk.ytpcrmbo.topConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://t.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=bzthnzrj4lrciwb0wziau21z; RdStr=bzthnzrj4lrciwb0wziau21z
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: uswk.ytpcrmbo.topConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://t.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=bzthnzrj4lrciwb0wziau21z; RdStr=bzthnzrj4lrciwb0wziau21z
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: uswk.ytpcrmbo.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://uswk.ytpcrmbo.top/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=bzthnzrj4lrciwb0wziau21z; RdStr=bzthnzrj4lrciwb0wziau21z
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: uswk.ytpcrmbo.topConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=bzthnzrj4lrciwb0wziau21z; RdStr=bzthnzrj4lrciwb0wziau21z

Source: global traffic	DNS traffic detected: DNS query: t.co
Source: global traffic	DNS traffic detected: DNS query: uswk.ytpcrmbo.top
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://t.co/1xLFumfAle?bol=k9UdUJ3lou

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 45

Chrome Cache Entry: 46

Chrome Cache Entry: 47

Chrome Cache Entry: 48

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 6012, Parent PID: 600

General

Chronological Activities

Analysis Process: chrome.exePID: 5288, Parent PID: 6012

General

Chronological Activities

Analysis Process: chrome.exePID: 6508, Parent PID: 600

General

Chronological Activities

Disassembly

Windows Analysis Report
https://t.co/1xLFumfAle?bol=k9UdUJ3lou