Edit tour

Windows Analysis Report
https://claims-hadiah-dxna.t5t.my.id/

Overview

General Information

Sample URL:	https://claims-hadiah-dxna.t5t.my.id/
Analysis ID:	1501465
Infos:

Detection

HTMLPhisher

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Yara detected BlockedWebSite

Detected non-DNS traffic on DNS port

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 3472 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5912 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 --field-trial-handle=2280,i,2930308555609301425,2311737329618430439,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5612 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://claims-hadiah-dxna.t5t.my.id/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_64	JoeSecurity_BlockedWebSite	Yara detected BlockedWebSite	Joe Security

HTML

Source	Rule	Description	Author	Strings
0.0.pages.csv	JoeSecurity_BlockedWebSite	Yara detected BlockedWebSite	Joe Security

HTTP traffic detected: POST /report/v4?s=cPNoSwGhi8UfuTwVnP4%2BywACVijMWtluAeKvgRfyf1w2S2ff3co5zzvBvKOMaYMPhy8OYF6MZO67w4XLeYgNxG2bnFyyMUd2YSoPoLC8z01oPbBV2NNmRYQQMRdDJiS9GhuC7wnIqjmKp6qaufGt HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 447Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 22:17:14 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400CF-Cache-Status: MISSReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cPNoSwGhi8UfuTwVnP4%2BywACVijMWtluAeKvgRfyf1w2S2ff3co5zzvBvKOMaYMPhy8OYF6MZO67w4XLeYgNxG2bnFyyMUd2YSoPoLC8z01oPbBV2NNmRYQQMRdDJiS9GhuC7wnIqjmKp6qaufGt"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8bafe8f8ae081845-EWRalt-svc: h3=":443"; ma=86400

Source: chromecache_64.2.dr	String found in binary or memory: https://www.cloudflare.com/5xx-error-landing
Source: chromecache_64.2.dr	String found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 53050 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53050
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49722 version: TLS 1.2

Source: classification engine

Classification label: mal64.phis.win@16/15@10/8

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 --field-trial-handle=2280,i,2930308555609301425,2311737329618430439,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://claims-hadiah-dxna.t5t.my.id/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 --field-trial-handle=2280,i,2930308555609301425,2311737329618430439,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://claims-hadiah-dxna.t5t.my.id/	100%	Avira URL Cloud	phishing
https://claims-hadiah-dxna.t5t.my.id/	100%	SlashNext	Fraudulent Website type: Phishing & Social Engineering

Source	Detection	Scanner	Label
https://claims-hadiah-dxna.t5t.my.id/cdn-cgi/images/icon-exclamation.png?1376755637	100%	Avira URL Cloud	phishing
https://claims-hadiah-dxna.t5t.my.id/favicon.ico	100%	Avira URL Cloud	phishing
https://www.cloudflare.com/5xx-error-landing	0%	Avira URL Cloud	safe
https://a.nel.cloudflare.com/report/v4?s=cPNoSwGhi8UfuTwVnP4%2BywACVijMWtluAeKvgRfyf1w2S2ff3co5zzvBvKOMaYMPhy8OYF6MZO67w4XLeYgNxG2bnFyyMUd2YSoPoLC8z01oPbBV2NNmRYQQMRdDJiS9GhuC7wnIqjmKp6qaufGt	0%	Avira URL Cloud	safe
https://claims-hadiah-dxna.t5t.my.id/cdn-cgi/styles/cf.errors.css	100%	Avira URL Cloud	phishing
https://www.cloudflare.com/learning/access-management/phishing-attack/	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
a.nel.cloudflare.com	35.190.80.1	true	false	unknown
www.google.com	142.250.186.68	true	false	unknown
claims-hadiah-dxna.t5t.my.id	172.67.167.190	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown
157.123.68.40.in-addr.arpa	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://claims-hadiah-dxna.t5t.my.id/cdn-cgi/images/icon-exclamation.png?1376755637	true	Avira URL Cloud: phishing	unknown
https://a.nel.cloudflare.com/report/v4?s=cPNoSwGhi8UfuTwVnP4%2BywACVijMWtluAeKvgRfyf1w2S2ff3co5zzvBvKOMaYMPhy8OYF6MZO67w4XLeYgNxG2bnFyyMUd2YSoPoLC8z01oPbBV2NNmRYQQMRdDJiS9GhuC7wnIqjmKp6qaufGt	false	Avira URL Cloud: safe	unknown
https://claims-hadiah-dxna.t5t.my.id/cdn-cgi/styles/cf.errors.css	true	Avira URL Cloud: phishing	unknown
https://claims-hadiah-dxna.t5t.my.id/favicon.ico	true	Avira URL Cloud: phishing	unknown
https://claims-hadiah-dxna.t5t.my.id/	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.cloudflare.com/learning/access-management/phishing-attack/	chromecache_64.2.dr	false	Avira URL Cloud: safe	unknown
https://www.cloudflare.com/5xx-error-landing	chromecache_64.2.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.68	www.google.com	United States	15169	GOOGLEUS	false
104.21.90.70	unknown	United States	13335	CLOUDFLARENETUS	false
142.250.185.132	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
172.67.167.190	claims-hadiah-dxna.t5t.my.id	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.6
192.168.2.5

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1501465
Start date and time:	2024-08-30 00:16:13 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 5s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://claims-hadiah-dxna.t5t.my.id/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal64.phis.win@16/15@10/8
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 216.58.212.163, 142.250.181.238, 108.177.15.84, 34.104.35.123, 52.165.165.26, 93.184.221.240, 192.229.221.95, 52.165.164.15, 13.95.31.18, 13.85.23.206, 20.3.187.198, 13.85.23.86, 40.68.123.157, 131.107.255.255, 142.250.185.131
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, wu.azureedge.net, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://claims-hadiah-dxna.t5t.my.id/

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Aug 29 21:17:10 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.979177113191037
Encrypted:	false
SSDEEP:	48:8WdIlmjTolyPpLfHYidAKZdA19ehwiZUklqehey+3:8zlmjUlepLOty
MD5:	233B0A9B84BB7FCE43323CACD67FCAFE
SHA1:	95F6CF52FA9BB470A21DF812831E98CC63E8CDF3
SHA-256:	C846B04086151390FB2BCF69D121341C9FC08032AB0EE0B977A3780E4D728578
SHA-512:	1B3BC48388E9C1562FF54B45768C7FE8D7AF202A0CE0E7A5701CEBDB360F7B12BA2176D71962EDF3358D684E48481F4DC312BEEF3CBEE0B01C19CDD1E712318A
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....v].1a...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y".....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y".....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y".....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y"............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y&............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............;.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Aug 29 21:17:10 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9925371063091615
Encrypted:	false
SSDEEP:	48:8vOdIlmjTolyPpLfHYidAKZdA1weh/iZUkAQkqehdy+2:8jlmjUlepLM9Q0y
MD5:	8D7AD4A091AC8DB8075B9E197A497488
SHA1:	D7B469555EC3A1CADDF63A04DA383F3EA1CF415D
SHA-256:	34EF040E84AC8CC84151D71F82EF77DD08EC4A6031AF11FBAC9EB805CDB64D12
SHA-512:	A659604F9CE06A2DB5562857AC272D0B1C8F70D6D703071718C0546D37EA62B95C7D9E341A7B9281CFFE28B03E94201DDB9AE62D762D53A065118DE5EF88C0D4
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....k..0a...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y".....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y".....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y".....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y"............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y&............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............;.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.005998762888736
Encrypted:	false
SSDEEP:	48:8xidIlmjTolyPpsHYidAKZdA14tseh7sFiZUkmgqeh7s7y+BX:8x3lmjUleppnRy
MD5:	39DF480CE98F523306C9E60149D8A905
SHA1:	5A15611A52F42B5995B419A88109C62E0D4A1BC5
SHA-256:	E59FF61B356B0E9A5C6000DD34110B736E4AFA07C7183ADD902480C921509272
SHA-512:	F47134B11DF4D0411D2BF35F43E7ADE0239092F1E6DEF2F38B82EA21BC5F2783977CF8587EC8AF82F657802CF856FABBDA0C749DAF060A459E4138BE6CB08BCB
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y".....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y".....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y".....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y"............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............;.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Aug 29 21:17:10 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.993319497892584
Encrypted:	false
SSDEEP:	48:84OdIlmjTolyPpLfHYidAKZdA1vehDiZUkwqehZy+R:8MlmjUlepL3jy
MD5:	AA01FD3D2CC6CAB36766D19A904E99F0
SHA1:	91073813FE13D54C0140717B24659FF041BC1484
SHA-256:	E2C0D442E65E1E03A77B2185ED331DAD83155F6356374C1491F770326859CB4B
SHA-512:	E5017B7B5AF61F577051644B74D5130B0BB68E9668EBA92C049BC24B758A6CB02D1042954F9B079BA07E576770085F0B8CFC11B9141E6A4E8F613C1E60C678F0
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.......0a...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y".....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y".....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y".....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y"............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y&............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............;.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Aug 29 21:17:10 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.979917380693294
Encrypted:	false
SSDEEP:	48:8edIlmjTolyPpLfHYidAKZdA1hehBiZUk1W1qeh/y+C:8LlmjUlepLH9fy
MD5:	BA3C0AD9175322FDD7F445A4E91328DD
SHA1:	92502FFCD464CFA466BAE7EAE66B96D16385E221
SHA-256:	0298D3723F34FF26E9DA41C5EEE00544E5F8D1F7126AA73A5A4D95A7E5223016
SHA-512:	70EA63B40458FA860AEF88913F10BAE273C80ADA3A606D6330F4314ACF882EEF641BB01B041C3D8617B7F0F9538BF796DC2F6D8514FBD90D940AE7BFF2F15664
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....,.1a...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y".....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y".....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y".....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y"............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y&............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............;.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Aug 29 21:17:10 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.9909814175852207
Encrypted:	false
SSDEEP:	48:8fOdIlmjTolyPpLfHYidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbRy+yT+:8TlmjUlepLPT/TbxWOvTbRy7T
MD5:	FA5B48C71F240296A68E0FF7A9F9BE21
SHA1:	BDEB706C08298DF26F3BBCE5F44763F9124D6027
SHA-256:	D7334EE0FC2281CC6E52B0937011D39274ADFD3E6CACFB49E25F50C7D86F937D
SHA-512:	1EB46BC5EB90F7D78930C0C551D4A50F6EE14D1D268B34C747301128E1BC01829327EA0DD4A360009D34C459DF4DFBFC165601710C4D42B49001FFCC7D5EB555
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....4..0a...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y".....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y".....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y".....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y"............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y&............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............;.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 60

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 54 x 54, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	452
Entropy (8bit):	7.0936408308765495
Encrypted:	false
SSDEEP:	12:6v/7EljW8E6Cl2SYh8SZM4tf70FSDvMXDxJp6ScFChY9:U8hCl2SIdZBtAFSDUX/ozIhK
MD5:	C33DE66281E933259772399D10A6AFE8
SHA1:	B9F9D500F8814381451011D4DCF59CD2D90AD94F
SHA-256:	F1591A5221136C49438642155691AE6C68E25B7241F3D7EBE975B09A77662016
SHA-512:	5834FB9D66F550E6CECFE484B7B6A14F3FCA795405DECE8E652BD69AD917B94B6BBDCDF7639161B9C07F0D33EABD3E79580446B5867219F72F4FC43FD43B98C3
Malicious:	false
Reputation:	low
URL:	https://claims-hadiah-dxna.t5t.my.id/cdn-cgi/images/icon-exclamation.png?1376755637
Preview:	.PNG........IHDR...6...6............3PLTE.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?..".....tRNS.@0.`........ P.p`...../IDATx.....0...l..6....+...~yJ.F"....oE..L.3..[..i2..n.WyJ..z&.....F.......b....p~...\|:t5.m...fp.i./e....%.%...n.P...enV.....!...,.......E........t![HW.B.g.R.\^.e..o+........%.&-j..q...f@..o...]... ....u0.x..2K.+C..8.U.L.Y.[=.....y...o.tF..]M..U.,4..........a.>/.)....C3gNI.i...R.=....Q7..K......IEND.B`.

Chrome Cache Entry: 61

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 54 x 54, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	452
Entropy (8bit):	7.0936408308765495
Encrypted:	false
SSDEEP:	12:6v/7EljW8E6Cl2SYh8SZM4tf70FSDvMXDxJp6ScFChY9:U8hCl2SIdZBtAFSDUX/ozIhK
MD5:	C33DE66281E933259772399D10A6AFE8
SHA1:	B9F9D500F8814381451011D4DCF59CD2D90AD94F
SHA-256:	F1591A5221136C49438642155691AE6C68E25B7241F3D7EBE975B09A77662016
SHA-512:	5834FB9D66F550E6CECFE484B7B6A14F3FCA795405DECE8E652BD69AD917B94B6BBDCDF7639161B9C07F0D33EABD3E79580446B5867219F72F4FC43FD43B98C3
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...6...6............3PLTE.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?..".....tRNS.@0.`........ P.p`...../IDATx.....0...l..6....+...~yJ.F"....oE..L.3..[..i2..n.WyJ..z&.....F.......b....p~...\|:t5.m...fp.i./e....%.%...n.P...enV.....!...,.......E........t![HW.B.g.R.\^.e..o+........%.&-j..q...f@..o...]... ....u0.x..2K.+C..8.U.L.Y.[=.....y...o.tF..]M..U.,4..........a.>/.)....C3gNI.i...R.=....Q7..K......IEND.B`.

Chrome Cache Entry: 62

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (24050)
Category:	downloaded
Size (bytes):	24051
Entropy (8bit):	4.941039417164537
Encrypted:	false
SSDEEP:	192:VuR/6okgTQwq23gGM8lUR9YRGQ2BwoX6zp+1+nDT1FvxKSI7/UsV7MSE6XZ2dKzk:JwV+oUcoQJpdf1dxKSI7/Ue7ZX2qk
MD5:	5E8C69A459A691B5D1B9BE442332C87D
SHA1:	F24DD1AD7C9080575D92A9A9A2C42620725EF836
SHA-256:	84E3C77025ACE5AF143972B4A40FC834DCDFD4E449D4B36A57E62326F16B3091
SHA-512:	6DB74B262D717916DE0B0B600EEAD2CC6A10E52A9E26D701FAE761FCBC931F35F251553669A92BE3B524F380F32E62AC6AD572BEA23C78965228CE9EFB92ED42
Malicious:	false
Reputation:	low
URL:	https://claims-hadiah-dxna.t5t.my.id/cdn-cgi/styles/cf.errors.css
Preview:	#cf-wrapper a,#cf-wrapper abbr,#cf-wrapper article,#cf-wrapper aside,#cf-wrapper b,#cf-wrapper big,#cf-wrapper blockquote,#cf-wrapper body,#cf-wrapper canvas,#cf-wrapper caption,#cf-wrapper center,#cf-wrapper cite,#cf-wrapper code,#cf-wrapper dd,#cf-wrapper del,#cf-wrapper details,#cf-wrapper dfn,#cf-wrapper div,#cf-wrapper dl,#cf-wrapper dt,#cf-wrapper em,#cf-wrapper embed,#cf-wrapper fieldset,#cf-wrapper figcaption,#cf-wrapper figure,#cf-wrapper footer,#cf-wrapper form,#cf-wrapper h1,#cf-wrapper h2,#cf-wrapper h3,#cf-wrapper h4,#cf-wrapper h5,#cf-wrapper h6,#cf-wrapper header,#cf-wrapper hgroup,#cf-wrapper html,#cf-wrapper i,#cf-wrapper iframe,#cf-wrapper img,#cf-wrapper label,#cf-wrapper legend,#cf-wrapper li,#cf-wrapper mark,#cf-wrapper menu,#cf-wrapper nav,#cf-wrapper object,#cf-wrapper ol,#cf-wrapper output,#cf-wrapper p,#cf-wrapper pre,#cf-wrapper s,#cf-wrapper samp,#cf-wrapper section,#cf-wrapper small,#cf-wrapper span,#cf-wrapper strike,#cf-wrapper strong,#cf-wrapper sub,#cf-w

Chrome Cache Entry: 63

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	315
Entropy (8bit):	5.0572271090563765
Encrypted:	false
SSDEEP:	6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoFEHcLgabzjsKtgsg93wzRbKqD:J0+oxBeRmR9etdzRxGezZfCzjsKtgizR
MD5:	A34AC19F4AFAE63ADC5D2F7BC970C07F
SHA1:	A82190FC530C265AA40A045C21770D967F4767B8
SHA-256:	D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
SHA-512:	42E53D96E5961E95B7A984D9C9778A1D3BD8EE0C87B8B3B515FA31F67C2D073C8565AFC2F4B962C43668C4EFA1E478DA9BB0ECFFA79479C7E880731BC4C55765
Malicious:	false
Reputation:	low
URL:	https://claims-hadiah-dxna.t5t.my.id/favicon.ico
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>.

Chrome Cache Entry: 64

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (394)
Category:	downloaded
Size (bytes):	4394
Entropy (8bit):	5.083977402738777
Encrypted:	false
SSDEEP:	96:1j9jwIjYjUDK/D5DMF+BOisRA2ZLimCrR49PaQxJbGD:1j9jhjYjIK/Vo+ts7ZOmCrO9ieJGD
MD5:	26B1884022D5FE5EE5DF04F628D154EF
SHA1:	25AA42B4C355C131B4DFC813FB1AF8FC81E348A9
SHA-256:	70BA1E02A69235B80E2652C3AFDFBA46BE820F08AD89F4BDFE5F7CED5B9B3460
SHA-512:	16ED7184F4154744EB17C6C7570C50A5839FD2B73EB104E7C8459BD7F3537D637A5398E97576EF458A6A3D1B3FE77483440A0512597A459BE4706C0976A12523
Malicious:	false
Reputation:	low
URL:	https://claims-hadiah-dxna.t5t.my.id/
Preview:	<!DOCTYPE html>. [if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->. [if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->. [if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->. [if gt IE 8]> > <html class="no-js" lang="en-US"> <![endif]-->.<head>.<title>Suspected phishing site \| Cloudflare</title>.<meta charset="UTF-8" />.<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.<meta http-equiv="X-UA-Compatible" content="IE=Edge" />.<meta name="robots" content="noindex, nofollow" />.<meta name="viewport" content="width=device-width,initial-scale=1" />.<link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" />. [if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]-->.<style>body{margin:0;padding:0}</style>... [if gte IE 10]> >.<script>. if (!navigator.cookieEnabled) {. window.addEventListener('DOMContentLoaded

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 30, 2024 00:16:58.769311905 CEST	49674	443	192.168.2.5	23.1.237.91
Aug 30, 2024 00:16:58.769315004 CEST	49675	443	192.168.2.5	23.1.237.91
Aug 30, 2024 00:16:58.894313097 CEST	49673	443	192.168.2.5	23.1.237.91
Aug 30, 2024 00:17:08.483304024 CEST	49675	443	192.168.2.5	23.1.237.91
Aug 30, 2024 00:17:08.560591936 CEST	49674	443	192.168.2.5	23.1.237.91
Aug 30, 2024 00:17:08.619021893 CEST	49673	443	192.168.2.5	23.1.237.91
Aug 30, 2024 00:17:10.192723036 CEST	443	49703	23.1.237.91	192.168.2.5
Aug 30, 2024 00:17:10.193496943 CEST	49703	443	192.168.2.5	23.1.237.91
Aug 30, 2024 00:17:10.864686966 CEST	49709	443	192.168.2.5	172.67.167.190
Aug 30, 2024 00:17:10.864734888 CEST	443	49709	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:10.864814043 CEST	49709	443	192.168.2.5	172.67.167.190
Aug 30, 2024 00:17:10.872387886 CEST	49710	443	192.168.2.5	172.67.167.190
Aug 30, 2024 00:17:10.872397900 CEST	443	49710	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:10.872466087 CEST	49710	443	192.168.2.5	172.67.167.190
Aug 30, 2024 00:17:10.891148090 CEST	49710	443	192.168.2.5	172.67.167.190
Aug 30, 2024 00:17:10.891170979 CEST	443	49710	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:10.894382000 CEST	49709	443	192.168.2.5	172.67.167.190
Aug 30, 2024 00:17:10.894392014 CEST	443	49709	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:11.359458923 CEST	443	49710	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:11.361826897 CEST	49710	443	192.168.2.5	172.67.167.190
Aug 30, 2024 00:17:11.361845970 CEST	443	49710	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:11.362833023 CEST	443	49710	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:11.362900972 CEST	49710	443	192.168.2.5	172.67.167.190
Aug 30, 2024 00:17:11.363272905 CEST	443	49709	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:11.366427898 CEST	49709	443	192.168.2.5	172.67.167.190
Aug 30, 2024 00:17:11.366436958 CEST	443	49709	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:11.366851091 CEST	49710	443	192.168.2.5	172.67.167.190
Aug 30, 2024 00:17:11.366925955 CEST	443	49710	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:11.367563009 CEST	443	49709	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:11.367624998 CEST	49709	443	192.168.2.5	172.67.167.190
Aug 30, 2024 00:17:11.367641926 CEST	49710	443	192.168.2.5	172.67.167.190
Aug 30, 2024 00:17:11.367647886 CEST	443	49710	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:11.369929075 CEST	49709	443	192.168.2.5	172.67.167.190
Aug 30, 2024 00:17:11.369996071 CEST	443	49709	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:11.411705971 CEST	49709	443	192.168.2.5	172.67.167.190
Aug 30, 2024 00:17:11.411712885 CEST	443	49709	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:11.417982101 CEST	49710	443	192.168.2.5	172.67.167.190
Aug 30, 2024 00:17:11.464657068 CEST	49709	443	192.168.2.5	172.67.167.190
Aug 30, 2024 00:17:11.498613119 CEST	443	49710	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:11.498652935 CEST	443	49710	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:11.498702049 CEST	49710	443	192.168.2.5	172.67.167.190
Aug 30, 2024 00:17:11.498718977 CEST	443	49710	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:11.503726006 CEST	443	49710	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:11.503779888 CEST	49710	443	192.168.2.5	172.67.167.190
Aug 30, 2024 00:17:11.503786087 CEST	443	49710	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:11.503814936 CEST	443	49710	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:11.503865004 CEST	49710	443	192.168.2.5	172.67.167.190
Aug 30, 2024 00:17:11.836462021 CEST	49710	443	192.168.2.5	172.67.167.190
Aug 30, 2024 00:17:11.836498022 CEST	443	49710	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:11.846472979 CEST	49709	443	192.168.2.5	172.67.167.190
Aug 30, 2024 00:17:11.888509989 CEST	443	49709	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:11.946886063 CEST	443	49709	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:11.946934938 CEST	443	49709	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:11.946964979 CEST	443	49709	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:11.946976900 CEST	49709	443	192.168.2.5	172.67.167.190
Aug 30, 2024 00:17:11.947004080 CEST	443	49709	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:11.947045088 CEST	49709	443	192.168.2.5	172.67.167.190
Aug 30, 2024 00:17:11.947052002 CEST	443	49709	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:11.947094917 CEST	443	49709	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:11.947130919 CEST	443	49709	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:11.947140932 CEST	49709	443	192.168.2.5	172.67.167.190
Aug 30, 2024 00:17:11.947146893 CEST	443	49709	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:11.947191954 CEST	49709	443	192.168.2.5	172.67.167.190
Aug 30, 2024 00:17:11.947390079 CEST	443	49709	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:11.948064089 CEST	443	49709	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:11.948110104 CEST	49709	443	192.168.2.5	172.67.167.190
Aug 30, 2024 00:17:11.948117971 CEST	443	49709	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:11.953303099 CEST	443	49709	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:11.953360081 CEST	49709	443	192.168.2.5	172.67.167.190
Aug 30, 2024 00:17:11.953367949 CEST	443	49709	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:11.994617939 CEST	49709	443	192.168.2.5	172.67.167.190
Aug 30, 2024 00:17:12.035664082 CEST	443	49709	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:12.035746098 CEST	443	49709	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:12.035806894 CEST	443	49709	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:12.035808086 CEST	49709	443	192.168.2.5	172.67.167.190
Aug 30, 2024 00:17:12.035825014 CEST	443	49709	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:12.035860062 CEST	49709	443	192.168.2.5	172.67.167.190
Aug 30, 2024 00:17:12.035866976 CEST	443	49709	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:12.035989046 CEST	443	49709	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:12.036041975 CEST	49709	443	192.168.2.5	172.67.167.190
Aug 30, 2024 00:17:12.048588991 CEST	49709	443	192.168.2.5	172.67.167.190
Aug 30, 2024 00:17:12.048607111 CEST	443	49709	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:13.058090925 CEST	49713	443	192.168.2.5	142.250.186.68
Aug 30, 2024 00:17:13.058135033 CEST	443	49713	142.250.186.68	192.168.2.5
Aug 30, 2024 00:17:13.058217049 CEST	49713	443	192.168.2.5	142.250.186.68
Aug 30, 2024 00:17:13.058725119 CEST	49713	443	192.168.2.5	142.250.186.68
Aug 30, 2024 00:17:13.058734894 CEST	443	49713	142.250.186.68	192.168.2.5
Aug 30, 2024 00:17:13.086483002 CEST	49714	443	192.168.2.5	172.67.167.190
Aug 30, 2024 00:17:13.086533070 CEST	443	49714	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:13.086652994 CEST	49714	443	192.168.2.5	172.67.167.190
Aug 30, 2024 00:17:13.087229013 CEST	49714	443	192.168.2.5	172.67.167.190
Aug 30, 2024 00:17:13.087244034 CEST	443	49714	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:13.636240005 CEST	443	49714	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:13.642390013 CEST	49714	443	192.168.2.5	172.67.167.190
Aug 30, 2024 00:17:13.642419100 CEST	443	49714	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:13.642745972 CEST	443	49714	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:13.644624949 CEST	49714	443	192.168.2.5	172.67.167.190
Aug 30, 2024 00:17:13.644682884 CEST	443	49714	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:13.645149946 CEST	49714	443	192.168.2.5	172.67.167.190
Aug 30, 2024 00:17:13.692497969 CEST	443	49714	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:13.697000980 CEST	443	49713	142.250.186.68	192.168.2.5
Aug 30, 2024 00:17:13.697384119 CEST	49713	443	192.168.2.5	142.250.186.68
Aug 30, 2024 00:17:13.697406054 CEST	443	49713	142.250.186.68	192.168.2.5
Aug 30, 2024 00:17:13.698555946 CEST	443	49713	142.250.186.68	192.168.2.5
Aug 30, 2024 00:17:13.698618889 CEST	49713	443	192.168.2.5	142.250.186.68
Aug 30, 2024 00:17:13.725995064 CEST	49713	443	192.168.2.5	142.250.186.68
Aug 30, 2024 00:17:13.726135969 CEST	443	49713	142.250.186.68	192.168.2.5
Aug 30, 2024 00:17:13.771161079 CEST	443	49714	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:13.771239996 CEST	443	49714	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:13.771373034 CEST	49714	443	192.168.2.5	172.67.167.190
Aug 30, 2024 00:17:13.778145075 CEST	49713	443	192.168.2.5	142.250.186.68
Aug 30, 2024 00:17:13.778162003 CEST	443	49713	142.250.186.68	192.168.2.5
Aug 30, 2024 00:17:13.783691883 CEST	49714	443	192.168.2.5	172.67.167.190
Aug 30, 2024 00:17:13.783710957 CEST	443	49714	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:13.805258989 CEST	49715	443	192.168.2.5	172.67.167.190
Aug 30, 2024 00:17:13.805313110 CEST	443	49715	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:13.805387020 CEST	49715	443	192.168.2.5	172.67.167.190
Aug 30, 2024 00:17:13.805663109 CEST	49715	443	192.168.2.5	172.67.167.190
Aug 30, 2024 00:17:13.805689096 CEST	443	49715	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:13.823705912 CEST	49713	443	192.168.2.5	142.250.186.68
Aug 30, 2024 00:17:14.141603947 CEST	49716	443	192.168.2.5	184.28.90.27
Aug 30, 2024 00:17:14.141650915 CEST	443	49716	184.28.90.27	192.168.2.5
Aug 30, 2024 00:17:14.141731024 CEST	49716	443	192.168.2.5	184.28.90.27
Aug 30, 2024 00:17:14.144243956 CEST	49716	443	192.168.2.5	184.28.90.27
Aug 30, 2024 00:17:14.144253969 CEST	443	49716	184.28.90.27	192.168.2.5
Aug 30, 2024 00:17:14.272680044 CEST	443	49715	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:14.273081064 CEST	49715	443	192.168.2.5	172.67.167.190
Aug 30, 2024 00:17:14.273102045 CEST	443	49715	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:14.273410082 CEST	443	49715	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:14.273868084 CEST	49715	443	192.168.2.5	172.67.167.190
Aug 30, 2024 00:17:14.273930073 CEST	443	49715	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:14.274190903 CEST	49715	443	192.168.2.5	172.67.167.190
Aug 30, 2024 00:17:14.316493988 CEST	443	49715	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:14.540445089 CEST	443	49715	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:14.540586948 CEST	443	49715	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:14.540641069 CEST	49715	443	192.168.2.5	172.67.167.190
Aug 30, 2024 00:17:14.544733047 CEST	49715	443	192.168.2.5	172.67.167.190
Aug 30, 2024 00:17:14.544750929 CEST	443	49715	172.67.167.190	192.168.2.5
Aug 30, 2024 00:17:14.551337004 CEST	49719	443	192.168.2.5	35.190.80.1
Aug 30, 2024 00:17:14.551361084 CEST	443	49719	35.190.80.1	192.168.2.5
Aug 30, 2024 00:17:14.551491976 CEST	49719	443	192.168.2.5	35.190.80.1
Aug 30, 2024 00:17:14.551872969 CEST	49719	443	192.168.2.5	35.190.80.1
Aug 30, 2024 00:17:14.551882029 CEST	443	49719	35.190.80.1	192.168.2.5
Aug 30, 2024 00:17:14.599030972 CEST	49720	443	192.168.2.5	104.21.90.70
Aug 30, 2024 00:17:14.599085093 CEST	443	49720	104.21.90.70	192.168.2.5
Aug 30, 2024 00:17:14.599206924 CEST	49720	443	192.168.2.5	104.21.90.70
Aug 30, 2024 00:17:14.599895000 CEST	49720	443	192.168.2.5	104.21.90.70
Aug 30, 2024 00:17:14.599915028 CEST	443	49720	104.21.90.70	192.168.2.5
Aug 30, 2024 00:17:14.790968895 CEST	443	49716	184.28.90.27	192.168.2.5
Aug 30, 2024 00:17:14.791049004 CEST	49716	443	192.168.2.5	184.28.90.27
Aug 30, 2024 00:17:14.957848072 CEST	49716	443	192.168.2.5	184.28.90.27
Aug 30, 2024 00:17:14.957876921 CEST	443	49716	184.28.90.27	192.168.2.5
Aug 30, 2024 00:17:14.958223104 CEST	443	49716	184.28.90.27	192.168.2.5
Aug 30, 2024 00:17:15.027918100 CEST	443	49719	35.190.80.1	192.168.2.5
Aug 30, 2024 00:17:15.057837963 CEST	49716	443	192.168.2.5	184.28.90.27
Aug 30, 2024 00:17:15.073467970 CEST	49719	443	192.168.2.5	35.190.80.1
Aug 30, 2024 00:17:15.084049940 CEST	49719	443	192.168.2.5	35.190.80.1
Aug 30, 2024 00:17:15.084062099 CEST	443	49719	35.190.80.1	192.168.2.5
Aug 30, 2024 00:17:15.085220098 CEST	443	49719	35.190.80.1	192.168.2.5
Aug 30, 2024 00:17:15.085283041 CEST	49719	443	192.168.2.5	35.190.80.1
Aug 30, 2024 00:17:15.226325035 CEST	443	49720	104.21.90.70	192.168.2.5
Aug 30, 2024 00:17:15.354722977 CEST	49720	443	192.168.2.5	104.21.90.70
Aug 30, 2024 00:17:15.557427883 CEST	49719	443	192.168.2.5	35.190.80.1
Aug 30, 2024 00:17:15.557617903 CEST	443	49719	35.190.80.1	192.168.2.5
Aug 30, 2024 00:17:15.557766914 CEST	49720	443	192.168.2.5	104.21.90.70
Aug 30, 2024 00:17:15.557806969 CEST	443	49720	104.21.90.70	192.168.2.5
Aug 30, 2024 00:17:15.558315039 CEST	49719	443	192.168.2.5	35.190.80.1
Aug 30, 2024 00:17:15.558350086 CEST	443	49719	35.190.80.1	192.168.2.5
Aug 30, 2024 00:17:15.559042931 CEST	443	49720	104.21.90.70	192.168.2.5
Aug 30, 2024 00:17:15.559057951 CEST	443	49720	104.21.90.70	192.168.2.5
Aug 30, 2024 00:17:15.559108019 CEST	49720	443	192.168.2.5	104.21.90.70
Aug 30, 2024 00:17:15.599642038 CEST	49716	443	192.168.2.5	184.28.90.27
Aug 30, 2024 00:17:15.601528883 CEST	49720	443	192.168.2.5	104.21.90.70
Aug 30, 2024 00:17:15.601636887 CEST	443	49720	104.21.90.70	192.168.2.5
Aug 30, 2024 00:17:15.602478027 CEST	49720	443	192.168.2.5	104.21.90.70
Aug 30, 2024 00:17:15.602502108 CEST	443	49720	104.21.90.70	192.168.2.5
Aug 30, 2024 00:17:15.640502930 CEST	443	49716	184.28.90.27	192.168.2.5
Aug 30, 2024 00:17:15.667264938 CEST	49719	443	192.168.2.5	35.190.80.1
Aug 30, 2024 00:17:15.683989048 CEST	443	49719	35.190.80.1	192.168.2.5
Aug 30, 2024 00:17:15.684067965 CEST	443	49719	35.190.80.1	192.168.2.5
Aug 30, 2024 00:17:15.684214115 CEST	49719	443	192.168.2.5	35.190.80.1
Aug 30, 2024 00:17:15.684591055 CEST	49719	443	192.168.2.5	35.190.80.1
Aug 30, 2024 00:17:15.684622049 CEST	443	49719	35.190.80.1	192.168.2.5
Aug 30, 2024 00:17:15.685740948 CEST	49721	443	192.168.2.5	35.190.80.1
Aug 30, 2024 00:17:15.685780048 CEST	443	49721	35.190.80.1	192.168.2.5
Aug 30, 2024 00:17:15.685853004 CEST	49721	443	192.168.2.5	35.190.80.1
Aug 30, 2024 00:17:15.686255932 CEST	49721	443	192.168.2.5	35.190.80.1
Aug 30, 2024 00:17:15.686269999 CEST	443	49721	35.190.80.1	192.168.2.5
Aug 30, 2024 00:17:15.713845015 CEST	443	49720	104.21.90.70	192.168.2.5
Aug 30, 2024 00:17:15.713918924 CEST	49720	443	192.168.2.5	104.21.90.70
Aug 30, 2024 00:17:15.718786001 CEST	49720	443	192.168.2.5	104.21.90.70
Aug 30, 2024 00:17:15.718822002 CEST	443	49720	104.21.90.70	192.168.2.5
Aug 30, 2024 00:17:15.803522110 CEST	443	49716	184.28.90.27	192.168.2.5
Aug 30, 2024 00:17:15.803595066 CEST	443	49716	184.28.90.27	192.168.2.5
Aug 30, 2024 00:17:15.803829908 CEST	49716	443	192.168.2.5	184.28.90.27
Aug 30, 2024 00:17:15.817733049 CEST	49716	443	192.168.2.5	184.28.90.27
Aug 30, 2024 00:17:15.817765951 CEST	443	49716	184.28.90.27	192.168.2.5
Aug 30, 2024 00:17:15.817783117 CEST	49716	443	192.168.2.5	184.28.90.27
Aug 30, 2024 00:17:15.817789078 CEST	443	49716	184.28.90.27	192.168.2.5
Aug 30, 2024 00:17:15.860110044 CEST	49722	443	192.168.2.5	184.28.90.27
Aug 30, 2024 00:17:15.860176086 CEST	443	49722	184.28.90.27	192.168.2.5
Aug 30, 2024 00:17:15.860266924 CEST	49722	443	192.168.2.5	184.28.90.27
Aug 30, 2024 00:17:15.860651970 CEST	49722	443	192.168.2.5	184.28.90.27
Aug 30, 2024 00:17:15.860668898 CEST	443	49722	184.28.90.27	192.168.2.5
Aug 30, 2024 00:17:16.137811899 CEST	443	49721	35.190.80.1	192.168.2.5
Aug 30, 2024 00:17:16.138251066 CEST	49721	443	192.168.2.5	35.190.80.1
Aug 30, 2024 00:17:16.138276100 CEST	443	49721	35.190.80.1	192.168.2.5
Aug 30, 2024 00:17:16.138578892 CEST	443	49721	35.190.80.1	192.168.2.5
Aug 30, 2024 00:17:16.138917923 CEST	49721	443	192.168.2.5	35.190.80.1
Aug 30, 2024 00:17:16.138968945 CEST	443	49721	35.190.80.1	192.168.2.5
Aug 30, 2024 00:17:16.139152050 CEST	49721	443	192.168.2.5	35.190.80.1
Aug 30, 2024 00:17:16.180500984 CEST	443	49721	35.190.80.1	192.168.2.5
Aug 30, 2024 00:17:16.265379906 CEST	443	49721	35.190.80.1	192.168.2.5
Aug 30, 2024 00:17:16.265446901 CEST	443	49721	35.190.80.1	192.168.2.5
Aug 30, 2024 00:17:16.265506983 CEST	49721	443	192.168.2.5	35.190.80.1
Aug 30, 2024 00:17:16.265804052 CEST	49721	443	192.168.2.5	35.190.80.1
Aug 30, 2024 00:17:16.265816927 CEST	443	49721	35.190.80.1	192.168.2.5
Aug 30, 2024 00:17:16.493865013 CEST	443	49722	184.28.90.27	192.168.2.5
Aug 30, 2024 00:17:16.493964911 CEST	49722	443	192.168.2.5	184.28.90.27
Aug 30, 2024 00:17:16.521759033 CEST	49722	443	192.168.2.5	184.28.90.27
Aug 30, 2024 00:17:16.521786928 CEST	443	49722	184.28.90.27	192.168.2.5
Aug 30, 2024 00:17:16.522044897 CEST	443	49722	184.28.90.27	192.168.2.5
Aug 30, 2024 00:17:16.523077965 CEST	49722	443	192.168.2.5	184.28.90.27
Aug 30, 2024 00:17:16.568501949 CEST	443	49722	184.28.90.27	192.168.2.5
Aug 30, 2024 00:17:16.801686049 CEST	443	49722	184.28.90.27	192.168.2.5
Aug 30, 2024 00:17:16.801768064 CEST	443	49722	184.28.90.27	192.168.2.5
Aug 30, 2024 00:17:16.801873922 CEST	49722	443	192.168.2.5	184.28.90.27
Aug 30, 2024 00:17:16.803416014 CEST	49722	443	192.168.2.5	184.28.90.27
Aug 30, 2024 00:17:16.803437948 CEST	443	49722	184.28.90.27	192.168.2.5
Aug 30, 2024 00:17:16.803467035 CEST	49722	443	192.168.2.5	184.28.90.27
Aug 30, 2024 00:17:16.803473949 CEST	443	49722	184.28.90.27	192.168.2.5
Aug 30, 2024 00:17:22.955936909 CEST	61316	53	192.168.2.5	1.1.1.1
Aug 30, 2024 00:17:22.961152077 CEST	53	61316	1.1.1.1	192.168.2.5
Aug 30, 2024 00:17:22.961225033 CEST	61316	53	192.168.2.5	1.1.1.1
Aug 30, 2024 00:17:22.961344957 CEST	61316	53	192.168.2.5	1.1.1.1
Aug 30, 2024 00:17:22.966149092 CEST	53	61316	1.1.1.1	192.168.2.5
Aug 30, 2024 00:17:23.410142899 CEST	53	61316	1.1.1.1	192.168.2.5
Aug 30, 2024 00:17:23.414225101 CEST	61316	53	192.168.2.5	1.1.1.1
Aug 30, 2024 00:17:23.420466900 CEST	53	61316	1.1.1.1	192.168.2.5
Aug 30, 2024 00:17:23.420614004 CEST	61316	53	192.168.2.5	1.1.1.1
Aug 30, 2024 00:17:23.599613905 CEST	443	49713	142.250.186.68	192.168.2.5
Aug 30, 2024 00:17:23.599684954 CEST	443	49713	142.250.186.68	192.168.2.5
Aug 30, 2024 00:17:23.599791050 CEST	49713	443	192.168.2.5	142.250.186.68
Aug 30, 2024 00:17:24.426254034 CEST	53043	53	192.168.2.5	1.1.1.1
Aug 30, 2024 00:17:24.433743000 CEST	53	53043	1.1.1.1	192.168.2.5
Aug 30, 2024 00:17:24.433836937 CEST	53043	53	192.168.2.5	1.1.1.1
Aug 30, 2024 00:17:24.434039116 CEST	53043	53	192.168.2.5	1.1.1.1
Aug 30, 2024 00:17:24.440031052 CEST	53	53043	1.1.1.1	192.168.2.5
Aug 30, 2024 00:17:24.879163980 CEST	53	53043	1.1.1.1	192.168.2.5
Aug 30, 2024 00:17:24.884866953 CEST	53043	53	192.168.2.5	1.1.1.1
Aug 30, 2024 00:17:24.891524076 CEST	53	53043	1.1.1.1	192.168.2.5
Aug 30, 2024 00:17:24.891598940 CEST	53043	53	192.168.2.5	1.1.1.1
Aug 30, 2024 00:17:25.018024921 CEST	49713	443	192.168.2.5	142.250.186.68
Aug 30, 2024 00:17:25.018053055 CEST	443	49713	142.250.186.68	192.168.2.5
Aug 30, 2024 00:18:12.586849928 CEST	53050	443	192.168.2.5	142.250.185.132
Aug 30, 2024 00:18:12.586882114 CEST	443	53050	142.250.185.132	192.168.2.5
Aug 30, 2024 00:18:12.586988926 CEST	53050	443	192.168.2.5	142.250.185.132
Aug 30, 2024 00:18:12.587228060 CEST	53050	443	192.168.2.5	142.250.185.132
Aug 30, 2024 00:18:12.587238073 CEST	443	53050	142.250.185.132	192.168.2.5
Aug 30, 2024 00:18:13.221297026 CEST	443	53050	142.250.185.132	192.168.2.5
Aug 30, 2024 00:18:13.221709967 CEST	53050	443	192.168.2.5	142.250.185.132
Aug 30, 2024 00:18:13.221738100 CEST	443	53050	142.250.185.132	192.168.2.5
Aug 30, 2024 00:18:13.222136021 CEST	443	53050	142.250.185.132	192.168.2.5
Aug 30, 2024 00:18:13.222486973 CEST	53050	443	192.168.2.5	142.250.185.132
Aug 30, 2024 00:18:13.222573996 CEST	443	53050	142.250.185.132	192.168.2.5
Aug 30, 2024 00:18:13.276742935 CEST	53050	443	192.168.2.5	142.250.185.132
Aug 30, 2024 00:18:23.127260923 CEST	443	53050	142.250.185.132	192.168.2.5
Aug 30, 2024 00:18:23.127330065 CEST	443	53050	142.250.185.132	192.168.2.5
Aug 30, 2024 00:18:23.127437115 CEST	53050	443	192.168.2.5	142.250.185.132
Aug 30, 2024 00:18:25.377407074 CEST	53050	443	192.168.2.5	142.250.185.132
Aug 30, 2024 00:18:25.377427101 CEST	443	53050	142.250.185.132	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 30, 2024 00:17:08.839806080 CEST	53	65430	1.1.1.1	192.168.2.5
Aug 30, 2024 00:17:08.852965117 CEST	53	53634	1.1.1.1	192.168.2.5
Aug 30, 2024 00:17:10.007544041 CEST	53	54521	1.1.1.1	192.168.2.5
Aug 30, 2024 00:17:10.570991039 CEST	61032	53	192.168.2.5	1.1.1.1
Aug 30, 2024 00:17:10.571546078 CEST	58313	53	192.168.2.5	1.1.1.1
Aug 30, 2024 00:17:10.832631111 CEST	53	61032	1.1.1.1	192.168.2.5
Aug 30, 2024 00:17:10.856533051 CEST	53	58313	1.1.1.1	192.168.2.5
Aug 30, 2024 00:17:12.585932970 CEST	61045	53	192.168.2.5	1.1.1.1
Aug 30, 2024 00:17:12.586150885 CEST	60337	53	192.168.2.5	1.1.1.1
Aug 30, 2024 00:17:12.594680071 CEST	53	61045	1.1.1.1	192.168.2.5
Aug 30, 2024 00:17:12.594944954 CEST	53	60337	1.1.1.1	192.168.2.5
Aug 30, 2024 00:17:14.543761969 CEST	58655	53	192.168.2.5	1.1.1.1
Aug 30, 2024 00:17:14.544255972 CEST	49643	53	192.168.2.5	1.1.1.1
Aug 30, 2024 00:17:14.550463915 CEST	53	58655	1.1.1.1	192.168.2.5
Aug 30, 2024 00:17:14.550828934 CEST	53	49643	1.1.1.1	192.168.2.5
Aug 30, 2024 00:17:14.559443951 CEST	63985	53	192.168.2.5	1.1.1.1
Aug 30, 2024 00:17:14.560183048 CEST	51500	53	192.168.2.5	1.1.1.1
Aug 30, 2024 00:17:14.567100048 CEST	53	63985	1.1.1.1	192.168.2.5
Aug 30, 2024 00:17:14.570779085 CEST	53	51500	1.1.1.1	192.168.2.5
Aug 30, 2024 00:17:22.955452919 CEST	53	62099	1.1.1.1	192.168.2.5
Aug 30, 2024 00:17:24.425462008 CEST	53	60572	1.1.1.1	192.168.2.5
Aug 30, 2024 00:17:27.227006912 CEST	60846	53	192.168.2.5	1.1.1.1
Aug 30, 2024 00:17:27.234112978 CEST	53	60846	1.1.1.1	192.168.2.5
Aug 30, 2024 00:17:27.520026922 CEST	53	57072	1.1.1.1	192.168.2.5
Aug 30, 2024 00:18:12.575510025 CEST	49269	53	192.168.2.5	1.1.1.1
Aug 30, 2024 00:18:12.585550070 CEST	53	49269	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Aug 30, 2024 00:17:10.570991039 CEST	192.168.2.5	1.1.1.1	0xfa52	Standard query (0)	claims-hadiah-dxna.t5t.my.id	A (IP address)	IN (0x0001)	false
Aug 30, 2024 00:17:10.571546078 CEST	192.168.2.5	1.1.1.1	0x2fc4	Standard query (0)	claims-hadiah-dxna.t5t.my.id	65	IN (0x0001)	false
Aug 30, 2024 00:17:12.585932970 CEST	192.168.2.5	1.1.1.1	0x23ed	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Aug 30, 2024 00:17:12.586150885 CEST	192.168.2.5	1.1.1.1	0x34d	Standard query (0)	www.google.com	65	IN (0x0001)	false
Aug 30, 2024 00:17:14.543761969 CEST	192.168.2.5	1.1.1.1	0xa451	Standard query (0)	a.nel.cloudflare.com	A (IP address)	IN (0x0001)	false
Aug 30, 2024 00:17:14.544255972 CEST	192.168.2.5	1.1.1.1	0x97c0	Standard query (0)	a.nel.cloudflare.com	65	IN (0x0001)	false
Aug 30, 2024 00:17:14.559443951 CEST	192.168.2.5	1.1.1.1	0xe004	Standard query (0)	claims-hadiah-dxna.t5t.my.id	A (IP address)	IN (0x0001)	false
Aug 30, 2024 00:17:14.560183048 CEST	192.168.2.5	1.1.1.1	0xb154	Standard query (0)	claims-hadiah-dxna.t5t.my.id	65	IN (0x0001)	false
Aug 30, 2024 00:17:27.227006912 CEST	192.168.2.5	1.1.1.1	0x6c44	Standard query (0)	157.123.68.40.in-addr.arpa	PTR (Pointer record)	IN (0x0001)	false
Aug 30, 2024 00:18:12.575510025 CEST	192.168.2.5	1.1.1.1	0xa497	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Aug 30, 2024 00:17:10.832631111 CEST	1.1.1.1	192.168.2.5	0xfa52	No error (0)	claims-hadiah-dxna.t5t.my.id		172.67.167.190	A (IP address)	IN (0x0001)	false
Aug 30, 2024 00:17:10.832631111 CEST	1.1.1.1	192.168.2.5	0xfa52	No error (0)	claims-hadiah-dxna.t5t.my.id		104.21.90.70	A (IP address)	IN (0x0001)	false
Aug 30, 2024 00:17:10.856533051 CEST	1.1.1.1	192.168.2.5	0x2fc4	No error (0)	claims-hadiah-dxna.t5t.my.id			65	IN (0x0001)	false
Aug 30, 2024 00:17:12.594680071 CEST	1.1.1.1	192.168.2.5	0x23ed	No error (0)	www.google.com		142.250.186.68	A (IP address)	IN (0x0001)	false
Aug 30, 2024 00:17:12.594944954 CEST	1.1.1.1	192.168.2.5	0x34d	No error (0)	www.google.com			65	IN (0x0001)	false
Aug 30, 2024 00:17:14.550463915 CEST	1.1.1.1	192.168.2.5	0xa451	No error (0)	a.nel.cloudflare.com		35.190.80.1	A (IP address)	IN (0x0001)	false
Aug 30, 2024 00:17:14.567100048 CEST	1.1.1.1	192.168.2.5	0xe004	No error (0)	claims-hadiah-dxna.t5t.my.id		104.21.90.70	A (IP address)	IN (0x0001)	false
Aug 30, 2024 00:17:14.567100048 CEST	1.1.1.1	192.168.2.5	0xe004	No error (0)	claims-hadiah-dxna.t5t.my.id		172.67.167.190	A (IP address)	IN (0x0001)	false
Aug 30, 2024 00:17:14.570779085 CEST	1.1.1.1	192.168.2.5	0xb154	No error (0)	claims-hadiah-dxna.t5t.my.id			65	IN (0x0001)	false
Aug 30, 2024 00:17:20.279628992 CEST	1.1.1.1	192.168.2.5	0x21cd	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 30, 2024 00:17:20.279628992 CEST	1.1.1.1	192.168.2.5	0x21cd	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Aug 30, 2024 00:17:27.234112978 CEST	1.1.1.1	192.168.2.5	0x6c44	Name error (3)	157.123.68.40.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)	false
Aug 30, 2024 00:18:12.585550070 CEST	1.1.1.1	192.168.2.5	0xa497	No error (0)	www.google.com		142.250.185.132	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

claims-hadiah-dxna.t5t.my.id

https:

a.nel.cloudflare.com

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49710	172.67.167.190	443	5912	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-29 22:17:11 UTC	671	OUT	GET / HTTP/1.1 Host: claims-hadiah-dxna.t5t.my.id Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-29 22:17:11 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 22:17:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yX4MBnx1XS9Wv2lsz3Ds3EI3jq0dcP6zzxspIrKoH0Nf5rt2%2Bccpcgl8J2MIllhU%2F6oInpllAgHiIy%2FSIB7zqnsiHX%2F3zjDuwwXTQUuNfWi8EX4NCiAklQC5KQCGxdXkJDoBphOSIICAqSF55fls"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bafe8e66b740f5b-EWR
2024-08-29 22:17:11 UTC	806	IN	Data Raw: 31 31 32 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 112a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-29 22:17:11 UTC	1369	IN	Data Raw: 2d 63 67 69 2f 73 74 79 6c 65 73 2f 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 Data Ascii: -cgi/styles/cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getEleme
2024-08-29 22:17:11 UTC	1369	IN	Data Raw: 70 6c 61 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 5a 41 74 54 57 71 6d 63 73 50 73 73 64 4c 4b 34 48 50 50 67 6a 4c 68 68 6c 31 4c 4a 59 4f 39 75 41 36 4a 67 71 34 34 71 6d 62 4d 2d 31 37 32 34 39 36 39 38 33 31 2d 30 2e 30 2e 31 2e 31 2d 2f 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 Data Ascii: plain"> <input type="hidden" name="atok" value="ZAtTWqmcsPssdLK4HPPgjLhhl1LJYO9uA6Jgq44qmbM-1724969831-0.0.1.1-/"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="c
2024-08-29 22:17:11 UTC	858	IN	Data Raw: 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 Data Ascii: parator sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Clou
2024-08-29 22:17:11 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49709	172.67.167.190	443	5912	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-29 22:17:11 UTC	583	OUT	GET /cdn-cgi/styles/cf.errors.css HTTP/1.1 Host: claims-hadiah-dxna.t5t.my.id Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://claims-hadiah-dxna.t5t.my.id/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-29 22:17:11 UTC	411	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 22:17:11 GMT Content-Type: text/css Content-Length: 24051 Connection: close Last-Modified: Fri, 23 Aug 2024 16:44:30 GMT ETag: "66c8bc6e-5df3" Server: cloudflare CF-RAY: 8bafe8e9580c4369-EWR X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Fri, 30 Aug 2024 00:17:11 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2024-08-29 22:17:11 UTC	958	IN	Data Raw: 23 63 66 2d 77 72 61 70 70 65 72 20 61 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 62 62 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 72 74 69 63 6c 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 73 69 64 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 69 67 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 6c 6f 63 6b 71 75 6f 74 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 6f 64 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 61 6e 76 61 73 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 61 70 74 69 6f 6e 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 65 6e 74 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 69 74 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 6f 64 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 64 64 2c 23 63 66 2d 77 72 61 70 70 Data Ascii: #cf-wrapper a,#cf-wrapper abbr,#cf-wrapper article,#cf-wrapper aside,#cf-wrapper b,#cf-wrapper big,#cf-wrapper blockquote,#cf-wrapper body,#cf-wrapper canvas,#cf-wrapper caption,#cf-wrapper center,#cf-wrapper cite,#cf-wrapper code,#cf-wrapper dd,#cf-wrapp
2024-08-29 22:17:11 UTC	1369	IN	Data Raw: 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 74 72 6f 6e 67 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 62 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 6d 6d 61 72 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 61 62 6c 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 62 6f 64 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 66 6f 6f 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 68 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 68 65 61 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 75 2c 23 63 66 2d 77 72 61 70 70 65 72 20 75 6c 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 62 6f Data Ascii: e,#cf-wrapper strong,#cf-wrapper sub,#cf-wrapper summary,#cf-wrapper sup,#cf-wrapper table,#cf-wrapper tbody,#cf-wrapper td,#cf-wrapper tfoot,#cf-wrapper th,#cf-wrapper thead,#cf-wrapper tr,#cf-wrapper tt,#cf-wrapper u,#cf-wrapper ul{margin:0;padding:0;bo
2024-08-29 22:17:11 UTC	1369	IN	Data Raw: 31 2e 35 21 69 6d 70 6f 72 74 61 6e 74 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 3b 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 74 61 70 2d 68 69 67 68 6c 69 67 68 74 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 32 34 36 2c 31 33 39 2c 33 31 2c 2e 33 29 3b 2d 77 65 62 6b 69 74 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 61 6e 74 69 61 6c 69 61 73 65 64 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 73 65 63 74 69 6f 6e 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 65 63 74 69 6f 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 30 20 30 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 32 65 6d 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 65 6d Data Ascii: 1.5!important;text-decoration:none!important;letter-spacing:normal;-webkit-tap-highlight-color:rgba(246,139,31,.3);-webkit-font-smoothing:antialiased}#cf-wrapper .cf-section,#cf-wrapper section{background:0 0;display:block;margin-bottom:2em;margin-top:2em
2024-08-29 22:17:11 UTC	1369	IN	Data Raw: 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 74 77 6f 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 32 32 2e 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 32 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 Data Ascii: ld(2n),#cf-wrapper .cf-columns.cols-4>.cf-column:nth-child(2n),#cf-wrapper .cf-columns.four>.cf-column:nth-child(2n),#cf-wrapper .cf-columns.two>.cf-column:nth-child(2n){padding-left:22.5px;padding-right:0}#cf-wrapper .cf-columns.cols-2>.cf-column:nth-chi
2024-08-29 22:17:11 UTC	1369	IN	Data Raw: 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 6f 64 64 29 7b 63 6c 65 61 72 3a 6e 6f 6e 65 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 66 69 72 73 74 2d 63 68 69 6c 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 34 6e 2b 31 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 66 69 72 73 74 2d 63 68 69 6c 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 Data Ascii: ),#cf-wrapper .cf-columns.four>.cf-column:nth-child(odd){clear:none}#cf-wrapper .cf-columns.cols-4>.cf-column:first-child,#cf-wrapper .cf-columns.cols-4>.cf-column:nth-child(4n+1),#cf-wrapper .cf-columns.four>.cf-column:first-child,#cf-wrapper .cf-columns
2024-08-29 22:17:11 UTC	1369	IN	Data Raw: 30 3b 70 61 64 64 69 6e 67 3a 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 31 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 34 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 74 72 6f 6e 67 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 36 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 30 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 33 7d 23 63 66 2d 77 72 61 70 70 65 Data Ascii: 0;padding:0}#cf-wrapper h1,#cf-wrapper h2,#cf-wrapper h3{font-weight:400}#cf-wrapper h4,#cf-wrapper h5,#cf-wrapper h6,#cf-wrapper strong{font-weight:600}#cf-wrapper h1{font-size:36px;line-height:1.2}#cf-wrapper h2{font-size:30px;line-height:1.3}#cf-wrappe
2024-08-29 22:17:11 UTC	1369	IN	Data Raw: 68 32 2b 68 34 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2b 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2b 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 34 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 6f 6c 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 75 6c 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2e 35 65 6d 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 39 39 39 3b 63 6f 6c Data Ascii: h2+h4,#cf-wrapper h2+h5,#cf-wrapper h2+h6,#cf-wrapper h3+h5,#cf-wrapper h3+h6,#cf-wrapper h3+p,#cf-wrapper h4+p,#cf-wrapper h5+ol,#cf-wrapper h5+p,#cf-wrapper h5+ul{margin-top:.5em}#cf-wrapper .cf-btn{background-color:transparent;border:1px solid #999;col
2024-08-29 22:17:11 UTC	1369	IN	Data Raw: 3a 23 36 32 61 31 64 38 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 31 36 33 39 35 39 3b 63 6f 6c 6f 72 3a 23 66 66 66 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 65 72 72 6f 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 69 6d 70 6f 72 74 61 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 62 64 32 34 32 36 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 63 6f 6c 6f 72 3a 23 66 66 66 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 3a 68 6f 76 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 65 72 72 6f 72 3a 68 6f 76 65 72 2c 23 Data Ascii: :#62a1d8;border:1px solid #163959;color:#fff}#cf-wrapper .cf-btn-danger,#cf-wrapper .cf-btn-error,#cf-wrapper .cf-btn-important{background-color:#bd2426;border-color:transparent;color:#fff}#cf-wrapper .cf-btn-danger:hover,#cf-wrapper .cf-btn-error:hover,#
2024-08-29 22:17:11 UTC	1369	IN	Data Raw: 61 63 65 3a 6e 6f 77 72 61 70 7d 23 63 66 2d 77 72 61 70 70 65 72 20 69 6e 70 75 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 65 6c 65 63 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 65 78 74 61 72 65 61 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 39 39 39 21 69 6d 70 6f 72 74 61 6e 74 3b 63 6f 6c 6f 72 3a 23 34 30 34 30 34 30 21 69 6d 70 6f 72 74 61 6e 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 36 36 36 37 65 6d 21 69 6d 70 6f 72 74 61 6e 74 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 34 21 69 6d 70 6f 72 74 61 6e 74 3b 6d 61 72 67 69 6e 3a 30 20 30 20 31 65 6d 21 69 6d 70 6f 72 74 61 6e 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 21 69 6d 70 6f 72 74 61 6e Data Ascii: ace:nowrap}#cf-wrapper input,#cf-wrapper select,#cf-wrapper textarea{background:#fff!important;border:1px solid #999!important;color:#404040!important;font-size:.86667em!important;line-height:1.24!important;margin:0 0 1em!important;max-width:100%!importan
2024-08-29 22:17:11 UTC	1369	IN	Data Raw: 3a 23 34 30 34 30 34 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 70 61 64 64 69 6e 67 3a 37 2e 35 70 78 20 31 35 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 32 70 78 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 61 6c 65 72 74 3a 65 6d 70 74 79 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 61 6c 65 72 74 20 2e 63 66 2d 63 6c 6f 73 65 7b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 38 2e 37 35 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 3b 70 61 64 64 69 6e Data Ascii: :#404040;font-size:13px;padding:7.5px 15px;position:relative;vertical-align:middle;border-radius:2px}#cf-wrapper .cf-alert:empty{display:none}#cf-wrapper .cf-alert .cf-close{border:1px solid transparent;color:inherit;font-size:18.75px;line-height:1;paddin

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49714	172.67.167.190	443	5912	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-29 22:17:13 UTC	675	OUT	GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1 Host: claims-hadiah-dxna.t5t.my.id Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://claims-hadiah-dxna.t5t.my.id/cdn-cgi/styles/cf.errors.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-29 22:17:13 UTC	409	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 22:17:13 GMT Content-Type: image/png Content-Length: 452 Connection: close Last-Modified: Tue, 27 Aug 2024 19:10:22 GMT ETag: "66ce249e-1c4" Server: cloudflare CF-RAY: 8bafe8f4c8700f4d-EWR X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Fri, 30 Aug 2024 00:17:13 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2024-08-29 22:17:13 UTC	452	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 36 00 00 00 36 08 03 00 00 00 bb 9b 9a ef 00 00 00 33 50 4c 54 45 c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f ab b2 22 ed 00 00 00 11 74 52 4e 53 00 40 30 10 60 8f bf ff ef 7f af 9f df 20 50 cf 70 60 82 c8 9b 00 00 01 2f 49 44 41 54 78 01 bd d3 05 d2 b4 30 10 06 e1 8e 6c de c1 36 dc ff b2 9f 2b 95 c9 12 7e 79 4a 91 46 22 b8 c2 8b c8 80 94 6f 45 1f ac 4c 81 33 f2 ac 03 5b 1e 95 69 32 b5 94 6e 98 57 79 4a c4 91 8a 7a 26 9a 82 a9 af a4 46 95 f5 d0 1a fb 95 c7 62 bf b2 f2 e9 70 7e e3 a7 a0 df ee 7c 3a 74 35 f1 6d b3 b3 99 66 70 af 69 f2 2f 65 ef c7 fa 99 25 de 25 1b c9 b4 f0 6e d2 50 a6 ed fb 65 Data Ascii: PNGIHDR663PLTEE?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?"tRNS@0` Pp`/IDATx0l6+~yJF"oEL3[i2nWyJz&Fbp~\|:t5mfpi/e%%nPe

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49715	172.67.167.190	443	5912	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-29 22:17:14 UTC	612	OUT	GET /favicon.ico HTTP/1.1 Host: claims-hadiah-dxna.t5t.my.id Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://claims-hadiah-dxna.t5t.my.id/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-29 22:17:14 UTC	623	IN	HTTP/1.1 404 Not Found Date: Thu, 29 Aug 2024 22:17:14 GMT Content-Type: text/html; charset=iso-8859-1 Transfer-Encoding: chunked Connection: close Cache-Control: max-age=14400 CF-Cache-Status: MISS Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cPNoSwGhi8UfuTwVnP4%2BywACVijMWtluAeKvgRfyf1w2S2ff3co5zzvBvKOMaYMPhy8OYF6MZO67w4XLeYgNxG2bnFyyMUd2YSoPoLC8z01oPbBV2NNmRYQQMRdDJiS9GhuC7wnIqjmKp6qaufGt"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bafe8f8ae081845-EWR alt-svc: h3=":443"; ma=86400
2024-08-29 22:17:14 UTC	322	IN	Data Raw: 31 33 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 Data Ascii: 13b<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying t
2024-08-29 22:17:14 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49719	35.190.80.1	443	5912	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-29 22:17:15 UTC	559	OUT	OPTIONS /report/v4?s=cPNoSwGhi8UfuTwVnP4%2BywACVijMWtluAeKvgRfyf1w2S2ff3co5zzvBvKOMaYMPhy8OYF6MZO67w4XLeYgNxG2bnFyyMUd2YSoPoLC8z01oPbBV2NNmRYQQMRdDJiS9GhuC7wnIqjmKp6qaufGt HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://claims-hadiah-dxna.t5t.my.id Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-29 22:17:15 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: POST, OPTIONS access-control-allow-origin: * access-control-allow-headers: content-length, content-type date: Thu, 29 Aug 2024 22:17:15 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49716	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-08-29 22:17:15 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-08-29 22:17:15 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=127178 Date: Thu, 29 Aug 2024 22:17:15 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49720	104.21.90.70	443	5912	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-29 22:17:15 UTC	398	OUT	GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1 Host: claims-hadiah-dxna.t5t.my.id Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-29 22:17:15 UTC	409	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 22:17:15 GMT Content-Type: image/png Content-Length: 452 Connection: close Last-Modified: Fri, 23 Aug 2024 16:44:30 GMT ETag: "66c8bc6e-1c4" Server: cloudflare CF-RAY: 8bafe900eb6f17f1-EWR X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Fri, 30 Aug 2024 00:17:15 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2024-08-29 22:17:15 UTC	452	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 36 00 00 00 36 08 03 00 00 00 bb 9b 9a ef 00 00 00 33 50 4c 54 45 c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f ab b2 22 ed 00 00 00 11 74 52 4e 53 00 40 30 10 60 8f bf ff ef 7f af 9f df 20 50 cf 70 60 82 c8 9b 00 00 01 2f 49 44 41 54 78 01 bd d3 05 d2 b4 30 10 06 e1 8e 6c de c1 36 dc ff b2 9f 2b 95 c9 12 7e 79 4a 91 46 22 b8 c2 8b c8 80 94 6f 45 1f ac 4c 81 33 f2 ac 03 5b 1e 95 69 32 b5 94 6e 98 57 79 4a c4 91 8a 7a 26 9a 82 a9 af a4 46 95 f5 d0 1a fb 95 c7 62 bf b2 f2 e9 70 7e e3 a7 a0 df ee 7c 3a 74 35 f1 6d b3 b3 99 66 70 af 69 f2 2f 65 ef c7 fa 99 25 de 25 1b c9 b4 f0 6e d2 50 a6 ed fb 65 Data Ascii: PNGIHDR663PLTEE?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?"tRNS@0` Pp`/IDATx0l6+~yJF"oEL3[i2nWyJz&Fbp~\|:t5mfpi/e%%nPe

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49721	35.190.80.1	443	5912	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-29 22:17:16 UTC	488	OUT	POST /report/v4?s=cPNoSwGhi8UfuTwVnP4%2BywACVijMWtluAeKvgRfyf1w2S2ff3co5zzvBvKOMaYMPhy8OYF6MZO67w4XLeYgNxG2bnFyyMUd2YSoPoLC8z01oPbBV2NNmRYQQMRdDJiS9GhuC7wnIqjmKp6qaufGt HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 447 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-29 22:17:16 UTC	447	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 30 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 37 33 36 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 63 6c 61 69 6d 73 2d 68 61 64 69 61 68 2d 64 78 6e 61 2e 74 35 74 2e 6d 79 2e 69 64 2f 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 37 32 2e 36 37 2e 31 36 37 2e 31 39 30 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 34 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d Data Ascii: [{"age":0,"body":{"elapsed_time":736,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://claims-hadiah-dxna.t5t.my.id/","sampling_fraction":1.0,"server_ip":"172.67.167.190","status_code":404,"type":"http.error"},"type":"network-
2024-08-29 22:17:16 UTC	168	IN	HTTP/1.1 200 OK Content-Length: 0 date: Thu, 29 Aug 2024 22:17:15 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	49722	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-08-29 22:17:16 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-08-29 22:17:16 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=127130 Date: Thu, 29 Aug 2024 22:17:16 GMT Content-Length: 55 Connection: close X-CID: 2
2024-08-29 22:17:16 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Target ID:	0
Start time:	18:17:00
Start date:	29/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	18:17:06
Start date:	29/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 --field-trial-handle=2280,i,2930308555609301425,2311737329618430439,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	18:17:09
Start date:	29/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://claims-hadiah-dxna.t5t.my.id/"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: https://claims-hadiah-dxna.t5t.my.id/	Avira URL Cloud: detection malicious, Label: phishing
Source: https://claims-hadiah-dxna.t5t.my.id/	SlashNext: detection malicious, Label: Fraudulent Website type: Phishing & Social Engineering

Source: https://claims-hadiah-dxna.t5t.my.id/cdn-cgi/images/icon-exclamation.png?1376755637	Avira URL Cloud: Label: phishing
Source: https://claims-hadiah-dxna.t5t.my.id/favicon.ico	Avira URL Cloud: Label: phishing
Source: https://claims-hadiah-dxna.t5t.my.id/cdn-cgi/styles/cf.errors.css	Avira URL Cloud: Label: phishing

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_64, type: DROPPED

Source: global traffic	TCP traffic: 192.168.2.5:61316 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.5:53043 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: claims-hadiah-dxna.t5t.my.idConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/styles/cf.errors.css HTTP/1.1Host: claims-hadiah-dxna.t5t.my.idConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://claims-hadiah-dxna.t5t.my.id/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1Host: claims-hadiah-dxna.t5t.my.idConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://claims-hadiah-dxna.t5t.my.id/cdn-cgi/styles/cf.errors.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: claims-hadiah-dxna.t5t.my.idConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://claims-hadiah-dxna.t5t.my.id/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1Host: claims-hadiah-dxna.t5t.my.idConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: claims-hadiah-dxna.t5t.my.id
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: 157.123.68.40.in-addr.arpa

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://claims-hadiah-dxna.t5t.my.id/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 60

Chrome Cache Entry: 61

Chrome Cache Entry: 62

Chrome Cache Entry: 63

Chrome Cache Entry: 64

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Windows Analysis Report
https://claims-hadiah-dxna.t5t.my.id/