Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://886770657-la8.mmt166.com/

Overview

General Information

Sample URL:	https://886770657-la8.mmt166.com/
Analysis ID:	1522189
Tags:	urlscan
Infos:

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

HTML body contains low number of good links

HTML body contains password input but no form action

HTML title does not match URL

Stores files to the Windows start menu directory

Classification

×

Process Tree

System is w10x64

chrome.exe (PID: 6452 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3948 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1908,i,4690189989379199674,14818043272657632033,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3776 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://886770657-la8.mmt166.com/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://886770657-la8.mmt166.com/

HTTP Parser: Number of links: 0

Source: https://886770657-la8.mmt166.com/

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://886770657-la8.mmt166.com/

HTTP Parser: Title: does not match URL

Source: https://886770657-la8.mmt166.com/

HTTP Parser: <input type="password" .../> found

Source: https://886770657-la8.mmt166.com/

HTTP Parser: No favicon

Source: https://886770657-la8.mmt166.com/

HTTP Parser: No <meta name="author".. found

Source: https://886770657-la8.mmt166.com/

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49728 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 886770657-la8.mmt166.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /default/css/aglogin.css HTTP/1.1Host: 886770657-la8.mmt166.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://886770657-la8.mmt166.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=h6msjb3t97ogbp68jffi8qjvb5
Source: global traffic	HTTP traffic detected: GET /js/jquery-1.8.3.js HTTP/1.1Host: 886770657-la8.mmt166.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://886770657-la8.mmt166.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=h6msjb3t97ogbp68jffi8qjvb5
Source: global traffic	HTTP traffic detected: GET /js/md5.js HTTP/1.1Host: 886770657-la8.mmt166.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://886770657-la8.mmt166.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=h6msjb3t97ogbp68jffi8qjvb5
Source: global traffic	HTTP traffic detected: GET /imgcode.php?act=init HTTP/1.1Host: 886770657-la8.mmt166.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://886770657-la8.mmt166.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=h6msjb3t97ogbp68jffi8qjvb5
Source: global traffic	HTTP traffic detected: GET /js/md5.js HTTP/1.1Host: 886770657-la8.mmt166.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=h6msjb3t97ogbp68jffi8qjvb5
Source: global traffic	HTTP traffic detected: GET /imgcode.php?act=init HTTP/1.1Host: 886770657-la8.mmt166.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=h6msjb3t97ogbp68jffi8qjvb5
Source: global traffic	HTTP traffic detected: GET /default/images/aglogin_l.png HTTP/1.1Host: 886770657-la8.mmt166.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://886770657-la8.mmt166.com/default/css/aglogin.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=h6msjb3t97ogbp68jffi8qjvb5
Source: global traffic	HTTP traffic detected: GET /default/images/login_r.png HTTP/1.1Host: 886770657-la8.mmt166.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://886770657-la8.mmt166.com/default/css/aglogin.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=h6msjb3t97ogbp68jffi8qjvb5
Source: global traffic	HTTP traffic detected: GET /default/images/login_btn.png HTTP/1.1Host: 886770657-la8.mmt166.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://886770657-la8.mmt166.com/default/css/aglogin.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=h6msjb3t97ogbp68jffi8qjvb5
Source: global traffic	HTTP traffic detected: GET /default/images/ico_mobile.png HTTP/1.1Host: 886770657-la8.mmt166.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://886770657-la8.mmt166.com/default/css/aglogin.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=h6msjb3t97ogbp68jffi8qjvb5
Source: global traffic	HTTP traffic detected: GET /default/images/login_newyear.png HTTP/1.1Host: 886770657-la8.mmt166.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://886770657-la8.mmt166.com/default/css/aglogin.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=h6msjb3t97ogbp68jffi8qjvb5
Source: global traffic	HTTP traffic detected: GET /default/images/ico_aplus.png HTTP/1.1Host: 886770657-la8.mmt166.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://886770657-la8.mmt166.com/default/css/aglogin.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=h6msjb3t97ogbp68jffi8qjvb5
Source: global traffic	HTTP traffic detected: GET /js/jquery-1.8.3.js HTTP/1.1Host: 886770657-la8.mmt166.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=h6msjb3t97ogbp68jffi8qjvb5
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /default/images/aglogin_l.png HTTP/1.1Host: 886770657-la8.mmt166.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=h6msjb3t97ogbp68jffi8qjvb5
Source: global traffic	HTTP traffic detected: GET /default/images/login_btn.png HTTP/1.1Host: 886770657-la8.mmt166.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=h6msjb3t97ogbp68jffi8qjvb5
Source: global traffic	HTTP traffic detected: GET /default/images/login_r.png HTTP/1.1Host: 886770657-la8.mmt166.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=h6msjb3t97ogbp68jffi8qjvb5
Source: global traffic	HTTP traffic detected: GET /default/images/ico_mobile.png HTTP/1.1Host: 886770657-la8.mmt166.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=h6msjb3t97ogbp68jffi8qjvb5
Source: global traffic	HTTP traffic detected: GET /default/images/ico_aplus.png HTTP/1.1Host: 886770657-la8.mmt166.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=h6msjb3t97ogbp68jffi8qjvb5
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 886770657-la8.mmt166.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://886770657-la8.mmt166.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=h6msjb3t97ogbp68jffi8qjvb5
Source: global traffic	HTTP traffic detected: GET /default/images/login_newyear.png HTTP/1.1Host: 886770657-la8.mmt166.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=h6msjb3t97ogbp68jffi8qjvb5

Source: global traffic	DNS traffic detected: DNS query: 886770657-la8.mmt166.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 29 Sep 2024 12:19:22 GMTContent-Type: text/htmlContent-Length: 505Connection: closeETag: "5f889070-1f9"

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49728 version: TLS 1.2

Source: classification engine

Classification label: clean2.win@16/36@6/4

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1908,i,4690189989379199674,14818043272657632033,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://886770657-la8.mmt166.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1908,i,4690189989379199674,14818043272657632033,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk			Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
www.google.com	216.58.206.68	true	false		unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false		unknown
886770657-la8.mmt166.com	101.32.12.46	true	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://886770657-la8.mmt166.com/default/images/login_btn.png	false		unknown
https://886770657-la8.mmt166.com/default/images/login_newyear.png	false		unknown
https://886770657-la8.mmt166.com/default/images/ico_aplus.png	false		unknown
https://886770657-la8.mmt166.com/	false		unknown
https://886770657-la8.mmt166.com/favicon.ico	false		unknown
https://886770657-la8.mmt166.com/default/images/login_r.png	false		unknown
https://886770657-la8.mmt166.com/js/md5.js	false		unknown
https://886770657-la8.mmt166.com/default/images/aglogin_l.png	false		unknown
https://886770657-la8.mmt166.com/default/images/ico_mobile.png	false		unknown
https://886770657-la8.mmt166.com/js/jquery-1.8.3.js	false		unknown
https://886770657-la8.mmt166.com/default/css/aglogin.css	false		unknown
https://886770657-la8.mmt166.com/imgcode.php?act=init	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved		unknown	unknown	false
101.32.12.46	886770657-la8.mmt166.com	China		132203	TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN	false
216.58.206.68	www.google.com	United States		15169	GOOGLEUS	false

Private

IP
192.168.2.8

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1522189
Start date and time:	2024-09-29 14:18:15 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 20s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://886770657-la8.mmt166.com/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean2.win@16/36@6/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.131, 142.250.185.206, 74.125.133.84, 34.104.35.123, 142.250.185.138, 142.250.186.42, 142.250.74.202, 142.250.184.202, 142.250.185.202, 172.217.16.202, 142.250.184.234, 142.250.185.234, 142.250.185.106, 142.250.186.170, 172.217.16.138, 172.217.18.10, 142.250.181.234, 216.58.206.42, 216.58.206.74, 142.250.185.170, 4.245.163.56, 192.229.221.95, 20.3.187.198, 52.165.164.15, 142.250.184.227
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: https://886770657-la8.mmt166.com/

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Input	Output
URL: https://886770657-la8.mmt166.com/ Model: jbxai	{ "brand":[], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://886770657-la8.mmt166.com/ Model: jbxai	{ "error":"local variable 'brand_input' referenced before assignment"}

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Sep 29 11:19:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9723373683562477
Encrypted:	false
SSDEEP:	48:850d1TdVxHDOidAKZdA1oehwiZUklqehTy+3:85ObJNoy
MD5:	91530406CE65C0954377646BFD593D2F
SHA1:	39E2D6ED8847E6DBF6814316B36EC2D9A5A691D9
SHA-256:	C3873FED9B9260D394D90755E4AD997010E0577AC84C98A586FD521DB1FB90E3
SHA-512:	E4BE09A5C200AD82B8CED863B78390A9BC7BB43D2B41ADE8AFCF489662B956242A609AEB7877EE265A83344824A2BE1A21F793EC93EDC139606ABA2817AC050A
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,........i...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I=Yfb....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V=Yfb....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V=Yfb....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V=Yfb..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V=Yhb...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........F.(......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Sep 29 11:19:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9861866050430614
Encrypted:	false
SSDEEP:	48:8o0d1TdVxHDOidAKZdA1leh/iZUkAQkqehYy+2:8oObJH9Q1y
MD5:	552D05E8AF93767F74034833711376AE
SHA1:	9F3573A57917678C09846768A86B04DADDBA1AF7
SHA-256:	6FDAEB16AE34080CFE5CB2B34EB0E0D7625016EA549BD88F540430AA85E24E36
SHA-512:	BB2C698D54A654BBF128690EC42633B2A001F79C194B7611D460E82593CEBB93A792AD3B6898257B4F09C3568BE55A2F6104520D5F30B41D53B6D70C8FAA5A5E
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....@.#.i...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I=Yfb....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V=Yfb....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V=Yfb....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V=Yfb..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V=Yhb...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........F.(......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:00:51 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.000966488112691
Encrypted:	false
SSDEEP:	48:8s0d1TdVbHDOidAKZdA14t5eh7sFiZUkmgqeh7sSy+BX:8sObnXnsy
MD5:	5EA8EB57EAD558B238D0DB48E8A43C04
SHA1:	9C65EC96D77FD565391AA7EB55D6316A57C52336
SHA-256:	018BD752A3F0BFE13D56A7D55249DFD4FAA33CCF98307C5B9853DA0F72C7BE12
SHA-512:	B12E988346AE51A999495C2B50FDF41EFE832F8A8E49E511C97739411EE24336D273171D269B581A264A5B33CE0F11332BD3F855CD4EB1CE396193FC40D70260
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....C..b...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I=Yfb....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V=Yfb....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V=Yfb....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V=Yfb..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VEW.@...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........F.(......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Sep 29 11:19:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.984599757956828
Encrypted:	false
SSDEEP:	48:880d1TdVxHDOidAKZdA16ehDiZUkwqeh0y+R:88ObJ0ay
MD5:	845A2B74A7047F2E6C86212D5EE9C76F
SHA1:	5B2F6FB87025674D262E45996DB66CC2787BD07C
SHA-256:	52E260A39D35696A38F3F42958C2F4E8D7403381DD983BB7BE030A44339E4A7E
SHA-512:	F642D6C476C1535604A0B6B6233F009E30E1983198607A9960D34CFF9561AF5744578B2C0487379724DF8ABAD145EA99F0F83642183790764EC72D9D40230AEF
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....%..i...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I=Yfb....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V=Yfb....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V=Yfb....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V=Yfb..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V=Yhb...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........F.(......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Sep 29 11:19:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9748031346407204
Encrypted:	false
SSDEEP:	48:820d1TdVxHDOidAKZdA1UehBiZUk1W1qehGy+C:82ObJU9my
MD5:	A12AC08BB1E4B6FED0FE1C159AA9C8E9
SHA1:	F538E079EE73A4E5A6D48558709886731708C1EC
SHA-256:	D7878D55775925225310F3C46CB924CBF23244FA351B532805F48B0F6FC3B4C1
SHA-512:	B99FE2D42D1B4B8ED795A912386DB4335A2D6BFA6C58F480D3F2C4D2A0540A70723FEB20A336374B69F86F6C7BA01F99B1F0235F33D870068B1F34869AA2762F
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......).i...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I=Yfb....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V=Yfb....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V=Yfb....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V=Yfb..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V=Yhb...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........F.(......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Sep 29 11:19:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.9887665046117964
Encrypted:	false
SSDEEP:	48:8p0d1TdVxHDOidAKZdA1duTrehOuTbbiZUk5OjqehOuTbsy+yT+:8pObJBTYTbxWOvTbsy7T
MD5:	30CE0D9385911AD34363DE6192390A7D
SHA1:	8A962E106A8D89B3BF01A43CE84A8696C391F44D
SHA-256:	ED575A9F29BC5ADCA10516FC294CDD32187F385E27FB5FC0EFFEBD9655A4DC59
SHA-512:	793F7658CE741CCBF6D962F9390D3624C7E7CB5AA611BB0771C57D8FFA1AADC306FD60DB10AD8F9D12B93CAF1C540D0E996C075563DF5EF824C4785252C68D0D
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....J..i...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I=Yfb....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V=Yfb....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V=Yfb....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V=Yfb..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V=Yhb...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........F.(......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 65

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 100 x 30, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	2050
Entropy (8bit):	7.8354855944187145
Encrypted:	false
SSDEEP:	48:6QykKKKwZ39IBnE05h2d8VYyOqYnPoPM5iT7EtxDa/Rzu:7ykKKKItIBnEczVYyPCwuiTgtxkRS
MD5:	2C9B77D6092A203B31FAC932F74C15EA
SHA1:	BB3079357144D7D823698CC887DD8ADA9D3FD0E1
SHA-256:	2D8610A03C2B34810A3E63E1A9D374D58768408E94F8E59BDEBB3D6CE828C424
SHA-512:	8D119ED946CE20942507FBB1657EDB6C636AF29793415F51B5D6913CA9205EF085E3043248FC2C78F7D1EA89A7E3DFD721F1C96DD8AD263DE60157F15DDAA11D
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...d..........[......sBIT....\|.d.....pHYs...........~.....tEXtCreation Time.03/25/20P.<-....tEXtSoftware.Adobe Fireworks CS5q..6...ZIDATh..Z?l.V...2*-)..C.......h..Q.....W.b.E..C.$....]....-W-..#..Q..u.`o..PH. ..,....n..M...7....m..........P.!.s..\|..9.1'd.0'd.0'd.0'd.0'd.0'd..I....Y.G.(...U3.o...Z>..X...f...:.R.H...X."......Wwz...D.t.....I....M.W..x!..t.Y...7..j.9.].....\..<;.\^... F...p....BO.@Vt.J}h.d.a..6.....M......1/.uR......P.4..M.U.@W.@...k.g.I....1d7..._.Z....am9...%.K..m..]}.....dL....q........!..MR>.a3..Y..9..[U+Hm..Vj.....W.C.. .d.....J.J........\........:n.F..a.?~.hh..z.(.>.0..g..8G.'-d.<....x.)Hm...t.K..s.'.sc.?.`.R..D....#.$C..a..+W.Qn.....9.,A...Y.R.^.]x.vMT.@B....;w...@.t.t..\..Q?S..\|...N.:..'K...?...6...{Rk..M..(Q..g..l.......hj.AAj.!.B..A.[.... .C..K..FNL....../.2.z.,9..e.M...m......~..fj...&I?.!......W...ES..+,..g..y...1$C....N.dEG..c5.0..{;..:%M.t.j..\.a5.!.....Z.FW.x..}.a..m).T..t...l;..GM$Dn..$...-Y...%Kf..}..

Chrome Cache Entry: 66

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	7319
Entropy (8bit):	5.280739952267423
Encrypted:	false
SSDEEP:	96:xaM8G9YPsAuuxKqQ6U/a5wElcSw8jO+lKTw8jo9aXQesWMr15lYIfK:xhmPsO8pmlDjDKTh2rYIS
MD5:	77A6BB619FED80764E1533774771559E
SHA1:	D85F8447A3A48753B189EE5BEEF73113D8837F71
SHA-256:	B7691527C917A1F2F8865191DFB938B331CEF67BAB26F13902F49CB13E523982
SHA-512:	DF5A1900C8AC3133DD569B7CA41D5D372CEE3D72491C11460F7EDB02ADBD19FE6D3493E05991DADB01C0E4A92F6CD2181590CB5B41473272A403B94731346AC6
Malicious:	false
Reputation:	low
URL:	https://886770657-la8.mmt166.com/js/md5.js
Preview:	function MD5(sMessage) {.. function RotateLeft(lValue, iShiftBits) {.. return (lValue << iShiftBits) \| (lValue >>> (32-iShiftBits));.. }.. function AddUnsigned(lX,lY) {.. var lX4,lY4,lX8,lY8,lResult;.. lX8 = (lX & 0x80000000);.. lY8 = (lY & 0x80000000);.. lX4 = (lX & 0x40000000);.. lY4 = (lY & 0x40000000);.. lResult = (lX & 0x3FFFFFFF)+(lY & 0x3FFFFFFF);.. if (lX4 & lY4) return (lResult ^ 0x80000000 ^ lX8 ^ lY8);.. if (lX4 \| lY4) {.. if (lResult & 0x40000000) return (lResult ^ 0xC0000000 ^ lX8 ^ lY8);.. else return (lResult ^ 0x40000000 ^ lX8 ^ lY8);.. } else return (lResult ^ lX8 ^ lY8);.. }.. function F(x,y,z) { return (x & y) \| ((~x) & z); }.. function G(x,y,z) { return (x & z) \| (y & (~z)); }.. function H(x,y,z) { return (x ^ y ^ z); }.. function I(x,y,z) { return (y ^ (x \| (~z))); }.. function FF(a,b,c,d,x,s,ac) {.. a = AddUnsigned(a, AddUnsigned(AddUnsigne

Chrome Cache Entry: 67

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 152 x 35, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	2834
Entropy (8bit):	7.633279060803838
Encrypted:	false
SSDEEP:	48:IKS2vnLx2/eFsIJ3YVHSPVHbFkawnRstqqBIyH/pFfiTWv50b3hRZ1MzrItDRPcB:zSefGhVHcVHbCawR6nTfpFfi1RZGrItI
MD5:	954E71D2A394EB6CC8A278FBF8EBB542
SHA1:	AA928DEE62635331A77B33B776C7ADC97D47B524
SHA-256:	66A1532F43FA55A757E9D71AE2DF5CC210E77F0CAD87094DF92B0CC624A7A181
SHA-512:	6E50BA35FB35E9489A1A9C30699986D54ECDC70F9659901F6AA2428CB9AA03DC5CC446098F9171FAACF5697AB1B3B09460BE2B9CF66D7088EE6BCC5677BB9BA2
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......#.....h......tEXtSoftware.Adobe ImageReadyq.e<...jiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:8054ae3e-c912-974c-900e-c8265e540088" xmpMM:DocumentID="xmp.did:E791AAE6C83611E7BC909456F8CC926C" xmpMM:InstanceID="xmp.iid:E791AAE5C83611E7BC909456F8CC926C" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:E2EFFDFCC76C11E79E86A82648DEFC31" stRef:documentID="xmp.did:E2EFFDFDC76C11E79E86A82648DEFC31"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.......>IDATx..\_lSU.?e..m...D].... #Jg...H.....

Chrome Cache Entry: 68

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 60 x 30, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1475
Entropy (8bit):	7.781619935741366
Encrypted:	false
SSDEEP:	24:PLbHtfpqn/X/xvHGP3ElWsoMxZwAFyXBADLF/xejYJ/yaS8gsdsB7:PLbHRyvhmPlMwAFyXB23GPaZgn
MD5:	85CC7AD450884DCD8B6EEB71982BC270
SHA1:	5D9F6DF7F79ECF2A1D9954D2D9637BA38AA9A798
SHA-256:	C05A467A44026EE49362DB714BFF9D985148EE64615309DBA893D5085D3B323D
SHA-512:	D1834DB19B21004B7391556722C591B60FBC2855592C5D3474A1AB2590F77926FA4B5C27C8D07CF94D9BE5ED66E6462E652CF6D650070AF717BCF446A9237BF5
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...<.........p.}O....sBIT....\|.d.....pHYs..........o.d....tEXtCreation Time.03/26/20B.......tEXtSoftware.Adobe Fireworks CS5q..6....IDATX..[h.e.........".pg.'..O-T.bm-...X.%)""VM..R;..H.b.b}.."...6k.Vm......h_..B+b..s&.$3...b.0$.].w......:&&&8.p.b+._.#\|.\|....e..`9`..@.0.4./...c.:.z...s.p...x...X:........c.k..mF".B...(......;....y.q....X.b..x.X..}.F.1~.\...E..a..B.q1....i...>..b.....em\#..h...0.p..X....=..u.)....:...e.]m.cVZ....7....9.......\|....I.7..8./...r.[.e...y5.5c.L.p....>.........cO..!ig=p.B.0."..x.../..$m.].p....q.}.,).!`..D.'.c.....Z.v.,H.........+.c...u..@....l.....C..m....3..Jz....Y...".t.w....nh....B..V........c...x...>D.8,.k.X.;c.>A..([v0.X.....d\|.lZv...]...Z.....w...&..x.!..M.[)c.J....r.9........EQG....f.1R.....iQ:..n.~.^.nIQ6.J.{...T.6#.. .1.T.K..z5..}.+.k.....L..\|.7.m..`.....cl(/-..V..kV\|..P....B\|...0..tE.FQ.....R...V..i$.%(./..k.t4.....9..M.]..X8...M.kf...e..1S+H..E.H...G.4.U........=e..`..R....a.AF..*...5.~.m=..+

Chrome Cache Entry: 69

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 152 x 35, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3884
Entropy (8bit):	7.894778517816134
Encrypted:	false
SSDEEP:	96:uyh7PHyw8TDv0QHDBLGxgfYGaLoLhrrEIlBU7CtbSnRH5+:uytPx8HvHDtGO+IhvEIt2nRZ+
MD5:	AB84BDDAFE2E5DCD472DD6BB7A30EBF8
SHA1:	D4C7BABDF5519B5A75E248C93C1C540E16283143
SHA-256:	001CB6C08F9D03D50016754D5353F56ED4DA4D63CEED06D6B31B4B3EFD7119DE
SHA-512:	FF2F338917C02D2AF6E909117D8BA2E733C69D8DC539B8AAFC09FF8D5B4C3C16281DDDCAA14C938690DB6E4A237EEF3456B884B6B412B9478CC75B3737853D09
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......#.....h......sBIT....\|.d.....pHYs...........~.....tEXtCreation Time.03/25/20P.<-....tEXtSoftware.Adobe Fireworks CS5q..6....IDATx..\}l..~.....~..?.q...$..I...V...U8.C..tQ....&.T...&.].UT..t'r.."...F.k.\.Lp.]Jl/_>c....f.cvvfg~..z..5......_3.....g._.;....#.G.`).`.-....... ..}-D.....:..._.....#..u.6...S..5,......p.!..&w.....\..?{e.%....yC0=\|....!m....0...'.....`+.R..&...f...F.I.x..2.$d0....d8.......a......+w..]3..........M..7..?.P.,w<.Y....U..-...3...ia$F. ,.'qy.8W.....3n".h....L...D..;....._.....{......\|q... -...D...:.........<....Q.k/I.7C..I.tp...<U.....C....`..a.kYV{..]8..w.....Z.....s.F..j...I.m.......K..........7e;.\|+. ..$]..._.. 1......7....Y..P.^?.C..q..P>.MR...].(.F.........>...g....5.R..m.I. .g..Gby...7..2..V8.x....m...S..G.n<.&x.6.N.s......_1...Nb..8O.s.m.v?u..@...5h7; ..%..5N...Li.[A.=L.?..PR.../...2Dc....`q..w.J........f[.....,.sH..>.[.U/.$.m..h..s.eh"..f.y(.~R.[Q.\|;.....?J.['..A.E5`.7......\...69G.:......W_)....(.^..y.

Chrome Cache Entry: 70

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 100 x 30, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	2050
Entropy (8bit):	7.8354855944187145
Encrypted:	false
SSDEEP:	48:6QykKKKwZ39IBnE05h2d8VYyOqYnPoPM5iT7EtxDa/Rzu:7ykKKKItIBnEczVYyPCwuiTgtxkRS
MD5:	2C9B77D6092A203B31FAC932F74C15EA
SHA1:	BB3079357144D7D823698CC887DD8ADA9D3FD0E1
SHA-256:	2D8610A03C2B34810A3E63E1A9D374D58768408E94F8E59BDEBB3D6CE828C424
SHA-512:	8D119ED946CE20942507FBB1657EDB6C636AF29793415F51B5D6913CA9205EF085E3043248FC2C78F7D1EA89A7E3DFD721F1C96DD8AD263DE60157F15DDAA11D
Malicious:	false
Reputation:	low
URL:	https://886770657-la8.mmt166.com/default/images/aglogin_l.png
Preview:	.PNG........IHDR...d..........[......sBIT....\|.d.....pHYs...........~.....tEXtCreation Time.03/25/20P.<-....tEXtSoftware.Adobe Fireworks CS5q..6...ZIDATh..Z?l.V...2*-)..C.......h..Q.....W.b.E..C.$....]....-W-..#..Q..u.`o..PH. ..,....n..M...7....m..........P.!.s..\|..9.1'd.0'd.0'd.0'd.0'd.0'd..I....Y.G.(...U3.o...Z>..X...f...:.R.H...X."......Wwz...D.t.....I....M.W..x!..t.Y...7..j.9.].....\..<;.\^... F...p....BO.@Vt.J}h.d.a..6.....M......1/.uR......P.4..M.U.@W.@...k.g.I....1d7..._.Z....am9...%.K..m..]}.....dL....q........!..MR>.a3..Y..9..[U+Hm..Vj.....W.C.. .d.....J.J........\........:n.F..a.?~.hh..z.(.>.0..g..8G.'-d.<....x.)Hm...t.K..s.'.sc.?.`.R..D....#.$C..a..+W.Qn.....9.,A...Y.R.^.]x.vMT.@B....;w...@.t.t..\..Q?S..\|...N.:..'K...?...6...{Rk..M..(Q..g..l.......hj.AAj.!.B..A.[.... .C..K..FNL....../.2.z.,9..e.M...m......~..fj...&I?.!......W...ES..+,..g..y...1$C....N.dEG..c5.0..{;..:%M.t.j..\.a5.!.....Z.FW.x..}.a..m).T..t...l;..GM$Dn..$...-Y...%Kf..}..

Chrome Cache Entry: 71

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 152 x 35, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	2834
Entropy (8bit):	7.633279060803838
Encrypted:	false
SSDEEP:	48:IKS2vnLx2/eFsIJ3YVHSPVHbFkawnRstqqBIyH/pFfiTWv50b3hRZ1MzrItDRPcB:zSefGhVHcVHbCawR6nTfpFfi1RZGrItI
MD5:	954E71D2A394EB6CC8A278FBF8EBB542
SHA1:	AA928DEE62635331A77B33B776C7ADC97D47B524
SHA-256:	66A1532F43FA55A757E9D71AE2DF5CC210E77F0CAD87094DF92B0CC624A7A181
SHA-512:	6E50BA35FB35E9489A1A9C30699986D54ECDC70F9659901F6AA2428CB9AA03DC5CC446098F9171FAACF5697AB1B3B09460BE2B9CF66D7088EE6BCC5677BB9BA2
Malicious:	false
Reputation:	low
URL:	https://886770657-la8.mmt166.com/default/images/ico_mobile.png
Preview:	.PNG........IHDR.......#.....h......tEXtSoftware.Adobe ImageReadyq.e<...jiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:8054ae3e-c912-974c-900e-c8265e540088" xmpMM:DocumentID="xmp.did:E791AAE6C83611E7BC909456F8CC926C" xmpMM:InstanceID="xmp.iid:E791AAE5C83611E7BC909456F8CC926C" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:E2EFFDFCC76C11E79E86A82648DEFC31" stRef:documentID="xmp.did:E2EFFDFDC76C11E79E86A82648DEFC31"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.......>IDATx..\_lSU.?e..m...D].... #Jg...H.....

Chrome Cache Entry: 72

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	7319
Entropy (8bit):	5.280739952267423
Encrypted:	false
SSDEEP:	96:xaM8G9YPsAuuxKqQ6U/a5wElcSw8jO+lKTw8jo9aXQesWMr15lYIfK:xhmPsO8pmlDjDKTh2rYIS
MD5:	77A6BB619FED80764E1533774771559E
SHA1:	D85F8447A3A48753B189EE5BEEF73113D8837F71
SHA-256:	B7691527C917A1F2F8865191DFB938B331CEF67BAB26F13902F49CB13E523982
SHA-512:	DF5A1900C8AC3133DD569B7CA41D5D372CEE3D72491C11460F7EDB02ADBD19FE6D3493E05991DADB01C0E4A92F6CD2181590CB5B41473272A403B94731346AC6
Malicious:	false
Reputation:	low
Preview:	function MD5(sMessage) {.. function RotateLeft(lValue, iShiftBits) {.. return (lValue << iShiftBits) \| (lValue >>> (32-iShiftBits));.. }.. function AddUnsigned(lX,lY) {.. var lX4,lY4,lX8,lY8,lResult;.. lX8 = (lX & 0x80000000);.. lY8 = (lY & 0x80000000);.. lX4 = (lX & 0x40000000);.. lY4 = (lY & 0x40000000);.. lResult = (lX & 0x3FFFFFFF)+(lY & 0x3FFFFFFF);.. if (lX4 & lY4) return (lResult ^ 0x80000000 ^ lX8 ^ lY8);.. if (lX4 \| lY4) {.. if (lResult & 0x40000000) return (lResult ^ 0xC0000000 ^ lX8 ^ lY8);.. else return (lResult ^ 0x40000000 ^ lX8 ^ lY8);.. } else return (lResult ^ lX8 ^ lY8);.. }.. function F(x,y,z) { return (x & y) \| ((~x) & z); }.. function G(x,y,z) { return (x & z) \| (y & (~z)); }.. function H(x,y,z) { return (x ^ y ^ z); }.. function I(x,y,z) { return (y ^ (x \| (~z))); }.. function FF(a,b,c,d,x,s,ac) {.. a = AddUnsigned(a, AddUnsigned(AddUnsigne

Chrome Cache Entry: 73

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	52
Entropy (8bit):	4.248825420922553
Encrypted:	false
SSDEEP:	3:OryoSbSvbPDCR:OrFSbSvbPeR
MD5:	B60C542E8BF5951F30CAC018177732CF
SHA1:	B0FF626F2A491368038E1DD43FB79437F4536A3F
SHA-256:	5CC64BEA0DFA019DECDFEA7BBA9D8CDD29365CDD6A4AEF96857FF941F3966752
SHA-512:	B0FB5F1E132305671C245C0DCAEB03C635135CB5138638F664BD1FD2BE7C0E79D52658CD30674A48F1649C2B670CA823C78EA3E4BD9EABEC1DBBE6433C45C611
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISJQm9S7_6NE130xIFDeeNQA4SBQ3OQUx6EgUNdV-5QRIFDdlllBw=?alt=proto
Preview:	CiQKBw3njUAOGgAKBw3OQUx6GgAKBw11X7lBGgAKBw3ZZZQcGgA=

Chrome Cache Entry: 74

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1920 x 970, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	63803
Entropy (8bit):	7.6523624812200195
Encrypted:	false
SSDEEP:	1536:biAMUiXRBycUlRnxbUEXNchXSfXHbKLrSyIU:bGLghUOv3G6yIU
MD5:	A8F756B83893B7186735948FC266419E
SHA1:	D4550313CA7ED858D2DBAB86DAA4899FE9DE1EEC
SHA-256:	4B5F65CDA79F425356908F5AEC3C562CF5B4D93ED2313B2CD676E023D119033D
SHA-512:	415DBC4167B3B20EE105ED9E285EA8C99089E4C9377CC725E5F1A5875016C8862CC4CAE9EF0E38C7C016EEDD60530267F3D4B1AE0F10F88663D378A1901D65BD
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............u.G.....pHYs.................sRGB.........gAMA......a.....IDATx...A.X1...qd`..#..swp.V....??..........??..........._....... A..................".`................ B..................".`................ B..................".`................ B..................".`................ B..................".`................ B..................".`................ B..................".`................ B..................".`................ ........P`.........!........D.............................".`................ B..................".`................ B..................".`................ ........P`.........!........D.........`.........!........D...........0......@...........>.`................ B..................".`................ B..........g........X........D...........0......@..........!........D...........0......@..........!........D...........0......@...........>.`................ B..........g........X........D...........0......@..........!.......

Chrome Cache Entry: 75

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (305)
Category:	downloaded
Size (bytes):	7228
Entropy (8bit):	5.088305314717459
Encrypted:	false
SSDEEP:	96:KN29WnKr3l+wGgv95sSvZUVcIMAnfxEeAFMk4cZ+y4BSYqkLea6H:f9W8l+w3jZUVtfxB2/+yZYdrG
MD5:	21EAF6A7760E5F7553A3DF0B6C779C7B
SHA1:	42A950A865D9A767DC88C26920A84B81E8E2909D
SHA-256:	17B3EFA9A0864476EBFD74480DC403C99DBFD38D9F0334F09F2FEB8965BC8487
SHA-512:	54FC713A09D641D708431DA3E006FCAA7D6ED067EF800EBC8FC6D9158B11F14A947AC90C48E4790AE8DD7F622418D48064A9EB2B4539C1D97483ED3E27E28802
Malicious:	false
Reputation:	low
URL:	https://886770657-la8.mmt166.com/default/css/aglogin.css
Preview:	* { margin: 0px; padding: 0px; }.body {width: 100%;height: 100%; font-family: "Microsoft Yahei",Arial, Verdana, Helvetica, sans-serif; font-size: 13px; color: #363636; line-height: 1.5em; background: #e6d8bd; }./* WebKit browsers /..::-webkit-input-placeholder { color: #666; }./ Mozilla Firefox 4 to 18 */.:-moz-placeholder { color: #666; }..li { list-style-type: none; }.h1, h2, h3 { font-size: 14px; font-weight: bold; }.em { font-style: normal; }.img { border: none; }...clear { clear: both; }..h_4 { height: 4px; overflow: hidden; }..lefts { float: left; text-align: left; }..rights { float: right; text-align: right; }.a.more, a.more:link, a.more:visited, a.more:hover { font-size: 12px; font-weight: normal; color: #666; text-decoration: none; margin: 0; }..a { color: #2161b3; text-decoration: none; }..a:hover { text-decoration: none; color: #ff8400; }...floatL { float: left; }..floatR { float: right; }.input { outline: none; }....login_bg{background: url("../images/login_newyear.png")

Chrome Cache Entry: 76

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65482), with CRLF line terminators
Category:	downloaded
Size (bytes):	93637
Entropy (8bit):	5.292996107428883
Encrypted:	false
SSDEEP:	1536:96IzxETpavYSGaW4snuHEk/yosnSFngC/VEEG0vd0KO4emAp2LSEMBoviR+I1z5T:v+vIklosn/BLXjxzMhsSQ
MD5:	E1288116312E4728F98923C79B034B67
SHA1:	8B6BABFF47B8A9793F37036FD1B1A3AD41D38423
SHA-256:	BA6EDA7945AB8D7E57B34CC5A3DD292FA2E4C60A5CED79236ECF1A9E0F0C2D32
SHA-512:	BF28A9A446E50639A9592D7651F89511FC4E583E213F20A0DFF3A44E1A7D73CEEFDB6597DB121C7742BDE92410A27D83D92E2E86466858A19803E72A168E5656
Malicious:	false
Reputation:	low
URL:	https://886770657-la8.mmt166.com/js/jquery-1.8.3.js
Preview:	/! jQuery v1.8.3 jquery.com \| jquery.org/license /..(function(e,t){function _(e){var t=M[e]={};return v.each(e.split(y),function(e,n){t[n]=!0}),t}function H(e,n,r){if(r===t&&e.nodeType===1){var i="data-"+n.replace(P,"-$1").toLowerCase();r=e.getAttribute(i);if(typeof r=="string"){try{r=r==="true"?!0:r==="false"?!1:r==="null"?null:+r+""===r?+r:D.test(r)?v.parseJSON(r):r}catch(s){}v.data(e,n,r)}else r=t}return r}function B(e){var t;for(t in e){if(t==="data"&&v.isEmptyObject(e[t]))continue;if(t!=="toJSON")return!1}return!0}function et(){return!1}function tt(){return!0}function ut(e){return!e\|\|!e.parentNode\|\|e.parentNode.nodeType===11}function at(e,t){do e=e[t];while(e&&e.nodeType!==1);return e}function ft(e,t,n){t=t\|\|0;if(v.isFunction(t))return v.grep(e,function(e,r){var i=!!t.call(e,r,e);return i===n});if(t.nodeType)return v.grep(e,function(e,r){return e===t===n});if(typeof t=="string"){var r=v.grep(e,function(e){return e.nodeType===1});if(it.test(t))return v.filter(t,r,!n);t=v.filter(t

Chrome Cache Entry: 77

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 13 x 50, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	188
Entropy (8bit):	6.290291827693321
Encrypted:	false
SSDEEP:	3:yionv//thPloNtn/3A+lmqRthwkBDsTBZt7d+3z+g61ebGCHZ1mZLaheXJ0YGbBw:6v/lhPoozWnDsp7M+jKmZBXJ07bDVup
MD5:	BC060972BBDB30E4CC37D108E6C010EF
SHA1:	BD0E125A283B6D45DEAC3AA175C8A8F76AF8FA5E
SHA-256:	81FA7036011137B08BD413A81CC12472BBD84886B33FB7AC9F909A7658CD40F2
SHA-512:	B908AC9DE24338C964D4B7BBB03E796E4F94CBAA9A031BBF0DA12B4F822C88D87E69425E75303F70187D3E2B97D7BE92AB1A4419CEB5FB7D976D4CDF1B8573F4
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......2........S....tEXtSoftware.Adobe ImageReadyq.e<...^IDATx.... .C..U..+...3+..a......{.....GC8...`..H...`^..\|)]g..]....y/....jG.J...=./,..S.....]..._z....IEND.B`.

Chrome Cache Entry: 78

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 13 x 50, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	188
Entropy (8bit):	6.290291827693321
Encrypted:	false
SSDEEP:	3:yionv//thPloNtn/3A+lmqRthwkBDsTBZt7d+3z+g61ebGCHZ1mZLaheXJ0YGbBw:6v/lhPoozWnDsp7M+jKmZBXJ07bDVup
MD5:	BC060972BBDB30E4CC37D108E6C010EF
SHA1:	BD0E125A283B6D45DEAC3AA175C8A8F76AF8FA5E
SHA-256:	81FA7036011137B08BD413A81CC12472BBD84886B33FB7AC9F909A7658CD40F2
SHA-512:	B908AC9DE24338C964D4B7BBB03E796E4F94CBAA9A031BBF0DA12B4F822C88D87E69425E75303F70187D3E2B97D7BE92AB1A4419CEB5FB7D976D4CDF1B8573F4
Malicious:	false
Reputation:	low
URL:	https://886770657-la8.mmt166.com/default/images/login_btn.png
Preview:	.PNG........IHDR.......2........S....tEXtSoftware.Adobe ImageReadyq.e<...^IDATx.... .C..U..+...3+..a......{.....GC8...`..H...`^..\|)]g..]....y/....jG.J...=./,..S.....]..._z....IEND.B`.

Chrome Cache Entry: 79

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 152 x 35, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	3884
Entropy (8bit):	7.894778517816134
Encrypted:	false
SSDEEP:	96:uyh7PHyw8TDv0QHDBLGxgfYGaLoLhrrEIlBU7CtbSnRH5+:uytPx8HvHDtGO+IhvEIt2nRZ+
MD5:	AB84BDDAFE2E5DCD472DD6BB7A30EBF8
SHA1:	D4C7BABDF5519B5A75E248C93C1C540E16283143
SHA-256:	001CB6C08F9D03D50016754D5353F56ED4DA4D63CEED06D6B31B4B3EFD7119DE
SHA-512:	FF2F338917C02D2AF6E909117D8BA2E733C69D8DC539B8AAFC09FF8D5B4C3C16281DDDCAA14C938690DB6E4A237EEF3456B884B6B412B9478CC75B3737853D09
Malicious:	false
Reputation:	low
URL:	https://886770657-la8.mmt166.com/default/images/ico_aplus.png
Preview:	.PNG........IHDR.......#.....h......sBIT....\|.d.....pHYs...........~.....tEXtCreation Time.03/25/20P.<-....tEXtSoftware.Adobe Fireworks CS5q..6....IDATx..\}l..~.....~..?.q...$..I...V...U8.C..tQ....&.T...&.].UT..t'r.."...F.k.\.Lp.]Jl/_>c....f.cvvfg~..z..5......_3.....g._.;....#.G.`).`.-....... ..}-D.....:..._.....#..u.6...S..5,......p.!..&w.....\..?{e.%....yC0=\|....!m....0...'.....`+.R..&...f...F.I.x..2.$d0....d8.......a......+w..]3..........M..7..?.P.,w<.Y....U..-...3...ia$F. ,.'qy.8W.....3n".h....L...D..;....._.....{......\|q... -...D...:.........<....Q.k/I.7C..I.tp...<U.....C....`..a.kYV{..]8..w.....Z.....s.F..j...I.m.......K..........7e;.\|+. ..$]..._.. 1......7....Y..P.^?.C..q..P>.MR...].(.F.........>...g....5.R..m.I. .g..Gby...7..2..V8.x....m...S..G.n<.&x.6.N.s......_1...Nb..8O.s.m.v?u..@...5h7; ..%..5N...Li.[A.=L.?..PR.../...2Dc....`q..w.J........f[.....,.sH..>.[.U/.$.m..h..s.eh"..f.y(.~R.[Q.\|;.....?J.['..A.E5`.7......\...69G.:......W_)....(.^..y.

Chrome Cache Entry: 80

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65482), with CRLF line terminators
Category:	dropped
Size (bytes):	93637
Entropy (8bit):	5.292996107428883
Encrypted:	false
SSDEEP:	1536:96IzxETpavYSGaW4snuHEk/yosnSFngC/VEEG0vd0KO4emAp2LSEMBoviR+I1z5T:v+vIklosn/BLXjxzMhsSQ
MD5:	E1288116312E4728F98923C79B034B67
SHA1:	8B6BABFF47B8A9793F37036FD1B1A3AD41D38423
SHA-256:	BA6EDA7945AB8D7E57B34CC5A3DD292FA2E4C60A5CED79236ECF1A9E0F0C2D32
SHA-512:	BF28A9A446E50639A9592D7651F89511FC4E583E213F20A0DFF3A44E1A7D73CEEFDB6597DB121C7742BDE92410A27D83D92E2E86466858A19803E72A168E5656
Malicious:	false
Reputation:	low
Preview:	/! jQuery v1.8.3 jquery.com \| jquery.org/license /..(function(e,t){function _(e){var t=M[e]={};return v.each(e.split(y),function(e,n){t[n]=!0}),t}function H(e,n,r){if(r===t&&e.nodeType===1){var i="data-"+n.replace(P,"-$1").toLowerCase();r=e.getAttribute(i);if(typeof r=="string"){try{r=r==="true"?!0:r==="false"?!1:r==="null"?null:+r+""===r?+r:D.test(r)?v.parseJSON(r):r}catch(s){}v.data(e,n,r)}else r=t}return r}function B(e){var t;for(t in e){if(t==="data"&&v.isEmptyObject(e[t]))continue;if(t!=="toJSON")return!1}return!0}function et(){return!1}function tt(){return!0}function ut(e){return!e\|\|!e.parentNode\|\|e.parentNode.nodeType===11}function at(e,t){do e=e[t];while(e&&e.nodeType!==1);return e}function ft(e,t,n){t=t\|\|0;if(v.isFunction(t))return v.grep(e,function(e,r){var i=!!t.call(e,r,e);return i===n});if(t.nodeType)return v.grep(e,function(e,r){return e===t===n});if(typeof t=="string"){var r=v.grep(e,function(e){return e.nodeType===1});if(it.test(t))return v.filter(t,r,!n);t=v.filter(t

Chrome Cache Entry: 81

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 60 x 30, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	1475
Entropy (8bit):	7.781619935741366
Encrypted:	false
SSDEEP:	24:PLbHtfpqn/X/xvHGP3ElWsoMxZwAFyXBADLF/xejYJ/yaS8gsdsB7:PLbHRyvhmPlMwAFyXB23GPaZgn
MD5:	85CC7AD450884DCD8B6EEB71982BC270
SHA1:	5D9F6DF7F79ECF2A1D9954D2D9637BA38AA9A798
SHA-256:	C05A467A44026EE49362DB714BFF9D985148EE64615309DBA893D5085D3B323D
SHA-512:	D1834DB19B21004B7391556722C591B60FBC2855592C5D3474A1AB2590F77926FA4B5C27C8D07CF94D9BE5ED66E6462E652CF6D650070AF717BCF446A9237BF5
Malicious:	false
Reputation:	low
URL:	https://886770657-la8.mmt166.com/default/images/login_r.png
Preview:	.PNG........IHDR...<.........p.}O....sBIT....\|.d.....pHYs..........o.d....tEXtCreation Time.03/26/20B.......tEXtSoftware.Adobe Fireworks CS5q..6....IDATX..[h.e.........".pg.'..O-T.bm-...X.%)""VM..R;..H.b.b}.."...6k.Vm......h_..B+b..s&.$3...b.0$.].w......:&&&8.p.b+._.#\|.\|....e..`9`..@.0.4./...c.:.z...s.p...x...X:........c.k..mF".B...(......;....y.q....X.b..x.X..}.F.1~.\...E..a..B.q1....i...>..b.....em\#..h...0.p..X....=..u.)....:...e.]m.cVZ....7....9.......\|....I.7..8./...r.[.e...y5.5c.L.p....>.........cO..!ig=p.B.0."..x.../..$m.].p....q.}.,).!`..D.'.c.....Z.v.,H.........+.c...u..@....l.....C..m....3..Jz....Y...".t.w....nh....B..V........c...x...>D.8,.k.X.;c.>A..([v0.X.....d\|.lZv...]...Z.....w...&..x.!..M.[)c.J....r.9........EQG....f.1R.....iQ:..n.~.^.nIQ6.J.{...T.6#.. .1.T.K..z5..}.+.k.....L..\|.7.m..`.....cl(/-..V..kV\|..P....B\|...0..tE.FQ.....R...V..i$.%(./..k.t4.....9..M.]..X8...M.kf...e..1S+H..E.H...G.4.U........=e..`..R....a.AF..*...5.~.m=..+

Chrome Cache Entry: 82

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Category:	downloaded
Size (bytes):	505
Entropy (8bit):	5.471157081043952
Encrypted:	false
SSDEEP:	6:qTFQW3t9YkxO3IfAbplMIT1ZQKpA5aCympRJopn+0BP+PQ7/+mHKQcRN1a+FSaXJ:qTWgyBPAgCO1BW8GmqQQhcDVWxGu
MD5:	F554227F9C9DD6D6ACC625BEDE0D537E
SHA1:	9BC18A5F0F35164189BF5CFCFCA2AA2BC60DDC60
SHA-256:	34D76AD76C83ADF293CE2900B18C73D4EB9260D6227852633D8AB976BACBDEE4
SHA-512:	91417B06A71B9556FC6D440E3F3A6D99118486086ACF5BA623E1EB03C519A24EFB1FD7F25888BCDC742245D565ED2B9B64FE4DC0EFAC268D1102B112651ECEAB
Malicious:	false
Reputation:	low
URL:	https://886770657-la8.mmt166.com/favicon.ico
Preview:	<!doctype html>..<html>..<head>..<meta charset="utf-8">..<meta http-equiv="X-UA-Compatible" content="IE=edge">..<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">..<title>404</title>..<style>...body{....background-color:#444;....font-size:14px;...}...h3{....font-size:60px;....color:#eee;....text-align:center;....padding-top:30px;....font-weight:normal;...}..</style>..</head>....<body>..<h3>404..........!</h3>..</body>..</html>..

Chrome Cache Entry: 83

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1920 x 970, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	63803
Entropy (8bit):	7.6523624812200195
Encrypted:	false
SSDEEP:	1536:biAMUiXRBycUlRnxbUEXNchXSfXHbKLrSyIU:bGLghUOv3G6yIU
MD5:	A8F756B83893B7186735948FC266419E
SHA1:	D4550313CA7ED858D2DBAB86DAA4899FE9DE1EEC
SHA-256:	4B5F65CDA79F425356908F5AEC3C562CF5B4D93ED2313B2CD676E023D119033D
SHA-512:	415DBC4167B3B20EE105ED9E285EA8C99089E4C9377CC725E5F1A5875016C8862CC4CAE9EF0E38C7C016EEDD60530267F3D4B1AE0F10F88663D378A1901D65BD
Malicious:	false
Reputation:	low
URL:	https://886770657-la8.mmt166.com/default/images/login_newyear.png
Preview:	.PNG........IHDR.............u.G.....pHYs.................sRGB.........gAMA......a.....IDATx...A.X1...qd`..#..swp.V....??..........??..........._....... A..................".`................ B..................".`................ B..................".`................ B..................".`................ B..................".`................ B..................".`................ B..................".`................ B..................".`................ ........P`.........!........D.............................".`................ B..................".`................ B..................".`................ ........P`.........!........D.........`.........!........D...........0......@...........>.`................ B..................".`................ B..........g........X........D...........0......@..........!........D...........0......@..........!........D...........0......@...........>.`................ B..........g........X........D...........0......@..........!.......

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 29, 2024 14:19:04.640162945 CEST	49673	443	192.168.2.8	23.206.229.226
Sep 29, 2024 14:19:05.030746937 CEST	49672	443	192.168.2.8	23.206.229.226
Sep 29, 2024 14:19:06.171339035 CEST	49676	443	192.168.2.8	52.182.143.211
Sep 29, 2024 14:19:07.437030077 CEST	49671	443	192.168.2.8	204.79.197.203
Sep 29, 2024 14:19:07.780713081 CEST	49677	80	192.168.2.8	192.229.211.108
Sep 29, 2024 14:19:14.324067116 CEST	49673	443	192.168.2.8	23.206.229.226
Sep 29, 2024 14:19:14.631920099 CEST	49672	443	192.168.2.8	23.206.229.226
Sep 29, 2024 14:19:15.425368071 CEST	49710	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:15.425420046 CEST	443	49710	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:15.425486088 CEST	49710	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:15.425930977 CEST	49711	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:15.425973892 CEST	443	49711	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:15.426029921 CEST	49711	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:15.430218935 CEST	49711	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:15.430229902 CEST	443	49711	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:15.430398941 CEST	49710	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:15.430413961 CEST	443	49710	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:15.773367882 CEST	49676	443	192.168.2.8	52.182.143.211
Sep 29, 2024 14:19:16.279443026 CEST	443	49703	23.206.229.226	192.168.2.8
Sep 29, 2024 14:19:16.279548883 CEST	49703	443	192.168.2.8	23.206.229.226
Sep 29, 2024 14:19:16.313925028 CEST	443	49710	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:16.315088987 CEST	49710	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:16.315102100 CEST	443	49710	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:16.316119909 CEST	443	49710	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:16.316188097 CEST	49710	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:16.317024946 CEST	443	49711	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:16.318304062 CEST	49711	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:16.318341017 CEST	443	49711	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:16.318691969 CEST	49710	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:16.318768978 CEST	443	49710	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:16.319370031 CEST	49710	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:16.319375992 CEST	443	49710	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:16.319472075 CEST	443	49711	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:16.319528103 CEST	49711	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:16.324556112 CEST	49711	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:16.324642897 CEST	443	49711	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:16.367470026 CEST	49710	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:16.367474079 CEST	49711	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:16.367501020 CEST	443	49711	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:16.412691116 CEST	49711	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:16.837024927 CEST	443	49710	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:16.837049961 CEST	443	49710	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:16.837106943 CEST	49710	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:16.837124109 CEST	443	49710	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:16.837151051 CEST	443	49710	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:16.837193012 CEST	49710	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:16.881016970 CEST	49710	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:16.881038904 CEST	443	49710	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:17.020730972 CEST	49714	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:17.020783901 CEST	443	49714	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:17.020870924 CEST	49714	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:17.021706104 CEST	49715	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:17.021755934 CEST	443	49715	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:17.021832943 CEST	49715	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:17.021863937 CEST	49711	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:17.022567034 CEST	49714	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:17.022591114 CEST	443	49714	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:17.023073912 CEST	49715	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:17.023087978 CEST	443	49715	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:17.067403078 CEST	443	49711	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:17.342293024 CEST	443	49711	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:17.342322111 CEST	443	49711	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:17.342333078 CEST	443	49711	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:17.342401028 CEST	443	49711	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:17.342408895 CEST	49711	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:17.342408895 CEST	49711	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:17.342447042 CEST	49711	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:17.357944965 CEST	49711	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:17.357954979 CEST	443	49711	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:17.361228943 CEST	49716	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:17.361248970 CEST	443	49716	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:17.361304998 CEST	49716	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:17.361604929 CEST	49716	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:17.361615896 CEST	443	49716	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:17.925617933 CEST	443	49714	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:17.926157951 CEST	443	49715	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:17.977185011 CEST	49715	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:17.978328943 CEST	49714	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:18.006524086 CEST	49714	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:18.006536961 CEST	443	49714	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:18.007023096 CEST	443	49714	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:18.007431984 CEST	49715	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:18.007445097 CEST	443	49715	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:18.008102894 CEST	443	49715	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:18.012299061 CEST	49714	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:18.012394905 CEST	443	49714	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:18.014056921 CEST	49715	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:18.014169931 CEST	443	49715	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:18.017141104 CEST	49714	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:18.017405033 CEST	49715	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:18.029062033 CEST	49717	443	192.168.2.8	216.58.206.68
Sep 29, 2024 14:19:18.029097080 CEST	443	49717	216.58.206.68	192.168.2.8
Sep 29, 2024 14:19:18.029151917 CEST	49717	443	192.168.2.8	216.58.206.68
Sep 29, 2024 14:19:18.029870033 CEST	49717	443	192.168.2.8	216.58.206.68
Sep 29, 2024 14:19:18.029877901 CEST	443	49717	216.58.206.68	192.168.2.8
Sep 29, 2024 14:19:18.063402891 CEST	443	49715	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:18.063411951 CEST	443	49714	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:18.259586096 CEST	443	49716	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:18.285285950 CEST	49716	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:18.285320997 CEST	443	49716	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:18.289279938 CEST	443	49716	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:18.289364100 CEST	49716	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:18.315624952 CEST	49716	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:18.315774918 CEST	443	49716	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:18.316171885 CEST	49716	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:18.316190958 CEST	443	49716	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:18.366102934 CEST	49716	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:18.416141987 CEST	49677	80	192.168.2.8	192.229.211.108
Sep 29, 2024 14:19:18.521044970 CEST	443	49715	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:18.521076918 CEST	443	49715	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:18.521087885 CEST	443	49715	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:18.521137953 CEST	49715	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:18.521155119 CEST	443	49715	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:18.521168947 CEST	443	49715	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:18.521187067 CEST	49715	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:18.521205902 CEST	49715	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:18.529407978 CEST	49715	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:18.529434919 CEST	443	49715	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:18.632163048 CEST	49718	443	192.168.2.8	184.28.90.27
Sep 29, 2024 14:19:18.632211924 CEST	443	49718	184.28.90.27	192.168.2.8
Sep 29, 2024 14:19:18.632288933 CEST	49718	443	192.168.2.8	184.28.90.27
Sep 29, 2024 14:19:18.641746044 CEST	49718	443	192.168.2.8	184.28.90.27
Sep 29, 2024 14:19:18.641767025 CEST	443	49718	184.28.90.27	192.168.2.8
Sep 29, 2024 14:19:18.681382895 CEST	443	49714	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:18.681410074 CEST	443	49714	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:18.681425095 CEST	443	49714	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:18.681447029 CEST	443	49714	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:18.681468964 CEST	49714	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:18.681499958 CEST	443	49714	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:18.681519985 CEST	443	49714	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:18.681534052 CEST	49714	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:18.681555033 CEST	49714	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:18.683037996 CEST	443	49714	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:18.683054924 CEST	443	49714	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:18.683085918 CEST	49714	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:18.683092117 CEST	443	49714	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:18.683131933 CEST	49714	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:18.695486069 CEST	443	49717	216.58.206.68	192.168.2.8
Sep 29, 2024 14:19:18.697905064 CEST	49717	443	192.168.2.8	216.58.206.68
Sep 29, 2024 14:19:18.697938919 CEST	443	49717	216.58.206.68	192.168.2.8
Sep 29, 2024 14:19:18.699070930 CEST	443	49717	216.58.206.68	192.168.2.8
Sep 29, 2024 14:19:18.699126959 CEST	49717	443	192.168.2.8	216.58.206.68
Sep 29, 2024 14:19:18.700639963 CEST	49717	443	192.168.2.8	216.58.206.68
Sep 29, 2024 14:19:18.700719118 CEST	443	49717	216.58.206.68	192.168.2.8
Sep 29, 2024 14:19:18.741328001 CEST	49717	443	192.168.2.8	216.58.206.68
Sep 29, 2024 14:19:18.741363049 CEST	443	49717	216.58.206.68	192.168.2.8
Sep 29, 2024 14:19:18.788383961 CEST	49717	443	192.168.2.8	216.58.206.68
Sep 29, 2024 14:19:18.829946995 CEST	443	49716	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:18.829982996 CEST	443	49716	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:18.829992056 CEST	443	49716	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:18.830048084 CEST	49716	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:18.830076933 CEST	443	49716	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:18.830091953 CEST	443	49716	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:18.830133915 CEST	49716	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:18.831018925 CEST	49716	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:18.831034899 CEST	443	49716	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:18.884418011 CEST	49719	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:18.884483099 CEST	443	49719	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:18.884671926 CEST	49719	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:18.884881973 CEST	49720	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:18.884938002 CEST	443	49720	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:18.885111094 CEST	49720	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:18.885272980 CEST	49719	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:18.885284901 CEST	443	49719	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:18.885596037 CEST	49720	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:18.885612011 CEST	443	49720	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:18.897931099 CEST	443	49714	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:18.897952080 CEST	443	49714	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:18.898006916 CEST	49714	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:18.898036957 CEST	443	49714	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:18.898550034 CEST	49714	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:18.899344921 CEST	443	49714	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:18.899362087 CEST	443	49714	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:18.899420023 CEST	49714	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:18.899436951 CEST	443	49714	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:18.899461031 CEST	49714	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:18.899478912 CEST	49714	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:18.901149988 CEST	443	49714	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:18.901165962 CEST	443	49714	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:18.901223898 CEST	49714	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:18.901243925 CEST	443	49714	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:18.901339054 CEST	49714	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:18.902086973 CEST	443	49714	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:18.902132034 CEST	443	49714	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:18.902154922 CEST	49714	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:18.902160883 CEST	443	49714	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:18.902200937 CEST	49714	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:18.943300962 CEST	49714	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:18.943341970 CEST	443	49714	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:19.001086950 CEST	49721	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.001142025 CEST	443	49721	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:19.001373053 CEST	49721	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.001554966 CEST	49722	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.001570940 CEST	443	49722	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:19.001616001 CEST	49722	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.001979113 CEST	49723	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.002017975 CEST	443	49723	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:19.002068043 CEST	49723	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.002444983 CEST	49724	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.002506971 CEST	443	49724	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:19.002559900 CEST	49724	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.002827883 CEST	49725	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.002868891 CEST	443	49725	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:19.003096104 CEST	49726	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.003096104 CEST	49725	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.003104925 CEST	443	49726	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:19.003287077 CEST	49721	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.003297091 CEST	443	49721	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:19.003309965 CEST	49726	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.003463984 CEST	49722	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.003473043 CEST	443	49722	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:19.003721952 CEST	49723	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.003741980 CEST	443	49723	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:19.003932953 CEST	49724	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.003968000 CEST	443	49724	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:19.004143000 CEST	49725	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.004164934 CEST	443	49725	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:19.004331112 CEST	49726	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.004339933 CEST	443	49726	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:19.111838102 CEST	49727	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.111898899 CEST	443	49727	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:19.111977100 CEST	49727	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.112373114 CEST	49727	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.112390995 CEST	443	49727	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:19.288975954 CEST	443	49718	184.28.90.27	192.168.2.8
Sep 29, 2024 14:19:19.289057016 CEST	49718	443	192.168.2.8	184.28.90.27
Sep 29, 2024 14:19:19.298583031 CEST	49718	443	192.168.2.8	184.28.90.27
Sep 29, 2024 14:19:19.298603058 CEST	443	49718	184.28.90.27	192.168.2.8
Sep 29, 2024 14:19:19.298870087 CEST	443	49718	184.28.90.27	192.168.2.8
Sep 29, 2024 14:19:19.353761911 CEST	49718	443	192.168.2.8	184.28.90.27
Sep 29, 2024 14:19:19.373720884 CEST	49718	443	192.168.2.8	184.28.90.27
Sep 29, 2024 14:19:19.415406942 CEST	443	49718	184.28.90.27	192.168.2.8
Sep 29, 2024 14:19:19.559849977 CEST	443	49718	184.28.90.27	192.168.2.8
Sep 29, 2024 14:19:19.559916019 CEST	443	49718	184.28.90.27	192.168.2.8
Sep 29, 2024 14:19:19.560010910 CEST	49718	443	192.168.2.8	184.28.90.27
Sep 29, 2024 14:19:19.560060024 CEST	49718	443	192.168.2.8	184.28.90.27
Sep 29, 2024 14:19:19.560077906 CEST	443	49718	184.28.90.27	192.168.2.8
Sep 29, 2024 14:19:19.560095072 CEST	49718	443	192.168.2.8	184.28.90.27
Sep 29, 2024 14:19:19.560100079 CEST	443	49718	184.28.90.27	192.168.2.8
Sep 29, 2024 14:19:19.601926088 CEST	49728	443	192.168.2.8	184.28.90.27
Sep 29, 2024 14:19:19.601977110 CEST	443	49728	184.28.90.27	192.168.2.8
Sep 29, 2024 14:19:19.602039099 CEST	49728	443	192.168.2.8	184.28.90.27
Sep 29, 2024 14:19:19.602430105 CEST	49728	443	192.168.2.8	184.28.90.27
Sep 29, 2024 14:19:19.602440119 CEST	443	49728	184.28.90.27	192.168.2.8
Sep 29, 2024 14:19:19.766231060 CEST	443	49719	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:19.766681910 CEST	49719	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.766690016 CEST	443	49720	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:19.766710997 CEST	443	49719	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:19.766899109 CEST	49720	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.766911030 CEST	443	49720	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:19.767992973 CEST	443	49720	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:19.768044949 CEST	49720	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.768266916 CEST	443	49719	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:19.768327951 CEST	49719	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.768873930 CEST	49720	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.768927097 CEST	443	49720	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:19.770153999 CEST	49719	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.770284891 CEST	443	49719	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:19.770674944 CEST	49720	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.770679951 CEST	443	49720	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:19.770787954 CEST	49719	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.770795107 CEST	443	49719	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:19.811642885 CEST	49720	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.811666012 CEST	49719	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.878093004 CEST	443	49722	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:19.881513119 CEST	443	49726	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:19.888829947 CEST	443	49721	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:19.890156984 CEST	443	49725	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:19.907718897 CEST	443	49724	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:19.919545889 CEST	49722	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.922009945 CEST	49726	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.925133944 CEST	443	49723	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:19.934534073 CEST	49725	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.934776068 CEST	49721	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.948004961 CEST	49724	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.952656031 CEST	49722	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.952665091 CEST	443	49722	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:19.952711105 CEST	49725	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.952724934 CEST	443	49725	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:19.952889919 CEST	49721	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.952894926 CEST	443	49721	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:19.953015089 CEST	49726	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.953020096 CEST	443	49726	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:19.953172922 CEST	49723	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.953186035 CEST	443	49723	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:19.953284025 CEST	443	49722	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:19.953293085 CEST	443	49721	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:19.953305960 CEST	49724	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.953320980 CEST	443	49724	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:19.953758001 CEST	443	49725	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:19.953811884 CEST	49725	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.954132080 CEST	443	49723	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:19.954175949 CEST	49723	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.954462051 CEST	443	49724	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:19.954483986 CEST	443	49726	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:19.954513073 CEST	49724	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.954533100 CEST	49726	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.955709934 CEST	49722	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.955780029 CEST	443	49722	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:19.956224918 CEST	49721	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.956286907 CEST	443	49721	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:19.956659079 CEST	49725	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.956722975 CEST	443	49725	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:19.957004070 CEST	49726	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.957084894 CEST	443	49726	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:19.957262993 CEST	49724	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.957321882 CEST	443	49724	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:19.957696915 CEST	49723	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.957788944 CEST	443	49723	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:19.958184004 CEST	49722	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.958184004 CEST	49721	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.958230972 CEST	49725	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.958241940 CEST	443	49725	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:19.958267927 CEST	49726	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.958271980 CEST	443	49726	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:19.958369970 CEST	49724	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.958376884 CEST	443	49724	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:19.958411932 CEST	49723	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.958417892 CEST	443	49723	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:19.998259068 CEST	49723	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.998259068 CEST	49724	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.998372078 CEST	49725	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.998372078 CEST	49726	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:19.999403000 CEST	443	49721	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:19.999412060 CEST	443	49722	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.020581961 CEST	443	49727	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.020876884 CEST	49727	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.020903111 CEST	443	49727	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.021795034 CEST	443	49727	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.021872997 CEST	49727	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.022715092 CEST	49727	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.022773981 CEST	443	49727	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.023078918 CEST	49727	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.023087025 CEST	443	49727	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.072630882 CEST	49727	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.248735905 CEST	443	49728	184.28.90.27	192.168.2.8
Sep 29, 2024 14:19:20.248826981 CEST	49728	443	192.168.2.8	184.28.90.27
Sep 29, 2024 14:19:20.287157059 CEST	443	49719	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.287198067 CEST	443	49719	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.287281990 CEST	443	49719	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.287331104 CEST	49719	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.287374020 CEST	49719	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.289632082 CEST	443	49720	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.289666891 CEST	443	49720	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.289674997 CEST	443	49720	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.289716959 CEST	49720	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.289735079 CEST	443	49720	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.289772987 CEST	443	49720	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.289817095 CEST	49720	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.401781082 CEST	443	49726	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.401863098 CEST	443	49726	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.401999950 CEST	49726	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.408329010 CEST	443	49721	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.408346891 CEST	443	49721	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.408392906 CEST	443	49721	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.408484936 CEST	49721	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.408533096 CEST	49721	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.414561987 CEST	443	49725	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.414586067 CEST	443	49725	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.414638996 CEST	443	49725	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.414714098 CEST	49725	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.414741039 CEST	49725	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.437639952 CEST	443	49724	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.437685013 CEST	443	49724	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.437783957 CEST	443	49724	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.437808037 CEST	49724	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.439876080 CEST	49724	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.465864897 CEST	443	49723	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.465897083 CEST	443	49723	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.465965986 CEST	443	49723	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.465992928 CEST	49723	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.466037989 CEST	49723	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.536549091 CEST	49719	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.536592960 CEST	443	49719	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.576775074 CEST	49728	443	192.168.2.8	184.28.90.27
Sep 29, 2024 14:19:20.576809883 CEST	443	49728	184.28.90.27	192.168.2.8
Sep 29, 2024 14:19:20.577111959 CEST	443	49728	184.28.90.27	192.168.2.8
Sep 29, 2024 14:19:20.578953028 CEST	49728	443	192.168.2.8	184.28.90.27
Sep 29, 2024 14:19:20.591356993 CEST	49721	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.591387033 CEST	443	49721	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.599411011 CEST	49726	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.599451065 CEST	443	49726	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.607945919 CEST	49725	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.607964039 CEST	443	49725	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.608258009 CEST	443	49722	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.608278036 CEST	443	49722	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.608304024 CEST	443	49722	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.608316898 CEST	443	49722	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.608366966 CEST	49722	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.608375072 CEST	443	49722	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.608392954 CEST	49722	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.608432055 CEST	49722	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.610157013 CEST	443	49722	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.610177040 CEST	443	49722	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.610286951 CEST	49722	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.610286951 CEST	49722	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.610292912 CEST	443	49722	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.610522985 CEST	49722	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.611815929 CEST	49724	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.611852884 CEST	443	49724	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.614432096 CEST	49720	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.614454985 CEST	443	49720	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.619420052 CEST	443	49728	184.28.90.27	192.168.2.8
Sep 29, 2024 14:19:20.624247074 CEST	49723	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.624280930 CEST	443	49723	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.702980995 CEST	49730	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.703023911 CEST	443	49730	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.703084946 CEST	49730	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.703679085 CEST	49730	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.703691006 CEST	443	49730	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.705744982 CEST	49731	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.705773115 CEST	443	49731	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.706000090 CEST	49731	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.706027031 CEST	49731	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.706032038 CEST	443	49731	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.708456993 CEST	49732	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.708494902 CEST	443	49732	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.708558083 CEST	49732	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.708848000 CEST	49732	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.708863020 CEST	443	49732	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.709425926 CEST	49733	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.709466934 CEST	443	49733	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.709513903 CEST	49733	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.709733009 CEST	49733	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.709748983 CEST	443	49733	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.712562084 CEST	49734	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.712594032 CEST	443	49734	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.712651968 CEST	49734	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.713107109 CEST	49734	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.713130951 CEST	443	49734	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.757602930 CEST	443	49727	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.757627964 CEST	443	49727	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.757633924 CEST	443	49727	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.757668972 CEST	443	49727	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.757687092 CEST	49727	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.757694006 CEST	443	49727	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.757715940 CEST	443	49727	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.757731915 CEST	49727	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.757762909 CEST	49727	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.759069920 CEST	443	49727	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.759087086 CEST	443	49727	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.759175062 CEST	49727	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.759185076 CEST	443	49727	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.759325027 CEST	49727	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.764969110 CEST	443	49728	184.28.90.27	192.168.2.8
Sep 29, 2024 14:19:20.765032053 CEST	443	49728	184.28.90.27	192.168.2.8
Sep 29, 2024 14:19:20.765152931 CEST	49728	443	192.168.2.8	184.28.90.27
Sep 29, 2024 14:19:20.766005039 CEST	49728	443	192.168.2.8	184.28.90.27
Sep 29, 2024 14:19:20.766038895 CEST	443	49728	184.28.90.27	192.168.2.8
Sep 29, 2024 14:19:20.823970079 CEST	443	49722	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.823981047 CEST	443	49722	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.824022055 CEST	443	49722	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.824141026 CEST	49722	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.824155092 CEST	443	49722	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.824165106 CEST	443	49722	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.824207067 CEST	49722	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.824316025 CEST	49722	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.837096930 CEST	49722	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.837111950 CEST	443	49722	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.906306982 CEST	49735	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.906367064 CEST	443	49735	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.906488895 CEST	49735	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.907516003 CEST	49735	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.907531977 CEST	443	49735	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.971534967 CEST	443	49727	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.971548080 CEST	443	49727	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.971581936 CEST	443	49727	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.971611023 CEST	49727	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.971638918 CEST	443	49727	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.971661091 CEST	49727	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.971676111 CEST	49727	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.972181082 CEST	443	49727	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.972198009 CEST	443	49727	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.972261906 CEST	49727	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.972269058 CEST	443	49727	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.972297907 CEST	49727	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.972309113 CEST	49727	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.973758936 CEST	443	49727	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.973782063 CEST	443	49727	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.973822117 CEST	49727	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.973829031 CEST	443	49727	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.973860025 CEST	49727	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.975425005 CEST	443	49727	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.975501060 CEST	443	49727	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.975508928 CEST	49727	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.975703955 CEST	49727	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.983159065 CEST	49727	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.983175039 CEST	443	49727	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.983722925 CEST	49736	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.983767986 CEST	443	49736	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:20.983850002 CEST	49736	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.984591007 CEST	49736	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:20.984602928 CEST	443	49736	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:21.579843998 CEST	443	49731	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:21.582071066 CEST	49731	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:21.582089901 CEST	443	49731	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:21.582474947 CEST	443	49731	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:21.582901955 CEST	49731	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:21.582966089 CEST	443	49731	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:21.583235979 CEST	49731	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:21.594623089 CEST	443	49732	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:21.594872952 CEST	49732	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:21.594902039 CEST	443	49732	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:21.596170902 CEST	443	49732	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:21.596230030 CEST	49732	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:21.596658945 CEST	49732	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:21.596766949 CEST	443	49732	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:21.596872091 CEST	49732	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:21.596884966 CEST	443	49732	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:21.600146055 CEST	443	49730	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:21.600419044 CEST	49730	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:21.600431919 CEST	443	49730	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:21.600738049 CEST	443	49730	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:21.601049900 CEST	49730	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:21.601100922 CEST	443	49730	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:21.601444960 CEST	49730	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:21.615535975 CEST	443	49734	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:21.615888119 CEST	49734	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:21.615953922 CEST	443	49734	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:21.617089033 CEST	443	49734	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:21.617162943 CEST	49734	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:21.617605925 CEST	49734	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:21.617690086 CEST	443	49734	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:21.617738008 CEST	49734	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:21.621607065 CEST	443	49733	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:21.621844053 CEST	49733	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:21.621865034 CEST	443	49733	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:21.622915030 CEST	443	49733	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:21.622992039 CEST	49733	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:21.623437881 CEST	49733	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:21.623523951 CEST	49733	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:21.623528004 CEST	443	49733	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:21.627410889 CEST	443	49731	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:21.647404909 CEST	443	49730	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:21.648119926 CEST	49732	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:21.663405895 CEST	443	49734	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:21.663758993 CEST	49734	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:21.663827896 CEST	443	49734	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:21.663861990 CEST	49733	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:21.663877964 CEST	443	49733	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:21.710635900 CEST	49734	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:21.710905075 CEST	49733	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:21.794603109 CEST	443	49735	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:21.794950962 CEST	49735	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:21.794981003 CEST	443	49735	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:21.795278072 CEST	443	49735	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:21.795592070 CEST	49735	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:21.795644045 CEST	443	49735	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:21.795883894 CEST	49735	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:21.839396954 CEST	443	49735	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:21.879772902 CEST	443	49736	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:21.914275885 CEST	49736	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:21.914300919 CEST	443	49736	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:21.915937901 CEST	443	49736	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:21.915987968 CEST	49736	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:21.916692972 CEST	49736	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:21.916882992 CEST	443	49736	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:21.917104006 CEST	49736	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:21.917109966 CEST	443	49736	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:21.959923029 CEST	49736	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:22.096834898 CEST	443	49731	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:22.096892118 CEST	443	49731	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:22.096961975 CEST	49731	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:22.096981049 CEST	443	49731	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:22.097073078 CEST	443	49731	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:22.097120047 CEST	49731	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:22.114187002 CEST	443	49732	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:22.114316940 CEST	443	49732	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:22.114387989 CEST	49732	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:22.122641087 CEST	443	49730	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:22.122675896 CEST	443	49730	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:22.122744083 CEST	443	49730	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:22.122782946 CEST	49730	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:22.122782946 CEST	49730	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:22.142443895 CEST	443	49734	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:22.142469883 CEST	443	49734	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:22.142513990 CEST	49734	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:22.142543077 CEST	443	49734	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:22.142559052 CEST	443	49734	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:22.142606974 CEST	49734	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:22.151578903 CEST	443	49733	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:22.151603937 CEST	443	49733	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:22.151654959 CEST	49733	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:22.151669025 CEST	443	49733	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:22.151684046 CEST	443	49733	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:22.151704073 CEST	49733	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:22.151731014 CEST	49733	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:22.192457914 CEST	49730	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:22.192478895 CEST	443	49730	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:22.192857027 CEST	49732	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:22.192892075 CEST	443	49732	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:22.193782091 CEST	49731	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:22.193799019 CEST	443	49731	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:22.319351912 CEST	443	49735	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:22.319451094 CEST	443	49735	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:22.319544077 CEST	49735	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:22.397836924 CEST	49734	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:22.397881985 CEST	443	49734	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:22.401740074 CEST	49733	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:22.401760101 CEST	443	49733	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:22.402420998 CEST	49735	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:22.402457952 CEST	443	49735	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:22.633433104 CEST	443	49736	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:22.633456945 CEST	443	49736	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:22.633464098 CEST	443	49736	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:22.633505106 CEST	443	49736	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:22.633522034 CEST	443	49736	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:22.633533001 CEST	443	49736	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:22.633573055 CEST	49736	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:22.633601904 CEST	443	49736	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:22.633616924 CEST	49736	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:22.633642912 CEST	49736	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:22.640822887 CEST	443	49736	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:22.640845060 CEST	443	49736	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:22.640913010 CEST	49736	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:22.640938044 CEST	443	49736	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:22.643845081 CEST	49736	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:22.826040983 CEST	443	49736	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:22.826062918 CEST	443	49736	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:22.826175928 CEST	49736	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:22.826206923 CEST	443	49736	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:22.827660084 CEST	49736	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:22.828938961 CEST	443	49736	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:22.828985929 CEST	443	49736	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:22.829006910 CEST	49736	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:22.829013109 CEST	443	49736	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:22.829037905 CEST	49736	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:22.829075098 CEST	443	49736	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:22.829118967 CEST	49736	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:23.185535908 CEST	49736	443	192.168.2.8	101.32.12.46
Sep 29, 2024 14:19:23.185576916 CEST	443	49736	101.32.12.46	192.168.2.8
Sep 29, 2024 14:19:28.584707022 CEST	443	49717	216.58.206.68	192.168.2.8
Sep 29, 2024 14:19:28.584774971 CEST	443	49717	216.58.206.68	192.168.2.8
Sep 29, 2024 14:19:28.584928036 CEST	49717	443	192.168.2.8	216.58.206.68
Sep 29, 2024 14:19:29.763887882 CEST	49717	443	192.168.2.8	216.58.206.68
Sep 29, 2024 14:19:29.763926029 CEST	443	49717	216.58.206.68	192.168.2.8
Sep 29, 2024 14:19:56.913153887 CEST	49704	80	192.168.2.8	93.184.221.240
Sep 29, 2024 14:19:56.918576002 CEST	80	49704	93.184.221.240	192.168.2.8
Sep 29, 2024 14:19:56.918622971 CEST	49704	80	192.168.2.8	93.184.221.240
Sep 29, 2024 14:20:18.055737019 CEST	49746	443	192.168.2.8	216.58.206.68
Sep 29, 2024 14:20:18.055783033 CEST	443	49746	216.58.206.68	192.168.2.8
Sep 29, 2024 14:20:18.055919886 CEST	49746	443	192.168.2.8	216.58.206.68
Sep 29, 2024 14:20:18.056489944 CEST	49746	443	192.168.2.8	216.58.206.68
Sep 29, 2024 14:20:18.056500912 CEST	443	49746	216.58.206.68	192.168.2.8
Sep 29, 2024 14:20:18.716031075 CEST	443	49746	216.58.206.68	192.168.2.8
Sep 29, 2024 14:20:18.764264107 CEST	49746	443	192.168.2.8	216.58.206.68
Sep 29, 2024 14:20:18.915853024 CEST	49746	443	192.168.2.8	216.58.206.68
Sep 29, 2024 14:20:18.915885925 CEST	443	49746	216.58.206.68	192.168.2.8
Sep 29, 2024 14:20:18.916407108 CEST	443	49746	216.58.206.68	192.168.2.8
Sep 29, 2024 14:20:18.918662071 CEST	49746	443	192.168.2.8	216.58.206.68
Sep 29, 2024 14:20:18.918730021 CEST	443	49746	216.58.206.68	192.168.2.8
Sep 29, 2024 14:20:18.976469994 CEST	49746	443	192.168.2.8	216.58.206.68
Sep 29, 2024 14:20:28.622919083 CEST	443	49746	216.58.206.68	192.168.2.8
Sep 29, 2024 14:20:28.622994900 CEST	443	49746	216.58.206.68	192.168.2.8
Sep 29, 2024 14:20:28.623038054 CEST	49746	443	192.168.2.8	216.58.206.68
Sep 29, 2024 14:20:30.942359924 CEST	49746	443	192.168.2.8	216.58.206.68
Sep 29, 2024 14:20:30.942394972 CEST	443	49746	216.58.206.68	192.168.2.8

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 29, 2024 14:19:13.505139112 CEST	53	50150	1.1.1.1	192.168.2.8
Sep 29, 2024 14:19:13.587308884 CEST	53	55459	1.1.1.1	192.168.2.8
Sep 29, 2024 14:19:14.588689089 CEST	53	63484	1.1.1.1	192.168.2.8
Sep 29, 2024 14:19:14.935255051 CEST	51465	53	192.168.2.8	1.1.1.1
Sep 29, 2024 14:19:14.935322046 CEST	56478	53	192.168.2.8	1.1.1.1
Sep 29, 2024 14:19:15.201828957 CEST	53	51465	1.1.1.1	192.168.2.8
Sep 29, 2024 14:19:15.320954084 CEST	53	56478	1.1.1.1	192.168.2.8
Sep 29, 2024 14:19:18.015958071 CEST	53969	53	192.168.2.8	1.1.1.1
Sep 29, 2024 14:19:18.016613007 CEST	59759	53	192.168.2.8	1.1.1.1
Sep 29, 2024 14:19:18.022994995 CEST	53	53969	1.1.1.1	192.168.2.8
Sep 29, 2024 14:19:18.023565054 CEST	53	59759	1.1.1.1	192.168.2.8
Sep 29, 2024 14:19:18.561052084 CEST	62474	53	192.168.2.8	1.1.1.1
Sep 29, 2024 14:19:18.561451912 CEST	62259	53	192.168.2.8	1.1.1.1
Sep 29, 2024 14:19:18.827589989 CEST	53	62474	1.1.1.1	192.168.2.8
Sep 29, 2024 14:19:19.256789923 CEST	53	62259	1.1.1.1	192.168.2.8
Sep 29, 2024 14:19:19.841435909 CEST	53	57358	1.1.1.1	192.168.2.8
Sep 29, 2024 14:19:31.584749937 CEST	53	58507	1.1.1.1	192.168.2.8
Sep 29, 2024 14:19:50.677023888 CEST	53	54798	1.1.1.1	192.168.2.8
Sep 29, 2024 14:19:56.591342926 CEST	138	138	192.168.2.8	192.168.2.255
Sep 29, 2024 14:20:13.180712938 CEST	53	52223	1.1.1.1	192.168.2.8
Sep 29, 2024 14:20:13.543728113 CEST	53	59292	1.1.1.1	192.168.2.8

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Sep 29, 2024 14:19:15.321079016 CEST	192.168.2.8	1.1.1.1	c225	(Port unreachable)	Destination Unreachable
Sep 29, 2024 14:19:19.256896019 CEST	192.168.2.8	1.1.1.1	c225	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 29, 2024 14:19:14.935255051 CEST	192.168.2.8	1.1.1.1	0x1fbe	Standard query (0)	886770657-la8.mmt166.com	A (IP address)	IN (0x0001)	false
Sep 29, 2024 14:19:14.935322046 CEST	192.168.2.8	1.1.1.1	0x2bf1	Standard query (0)	886770657-la8.mmt166.com	65	IN (0x0001)	false
Sep 29, 2024 14:19:18.015958071 CEST	192.168.2.8	1.1.1.1	0xbcc8	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Sep 29, 2024 14:19:18.016613007 CEST	192.168.2.8	1.1.1.1	0x9ca6	Standard query (0)	www.google.com	65	IN (0x0001)	false
Sep 29, 2024 14:19:18.561052084 CEST	192.168.2.8	1.1.1.1	0xda2f	Standard query (0)	886770657-la8.mmt166.com	A (IP address)	IN (0x0001)	false
Sep 29, 2024 14:19:18.561451912 CEST	192.168.2.8	1.1.1.1	0x40b3	Standard query (0)	886770657-la8.mmt166.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 29, 2024 14:19:15.201828957 CEST	1.1.1.1	192.168.2.8	0x1fbe	No error (0)	886770657-la8.mmt166.com		101.32.12.46	A (IP address)	IN (0x0001)	false
Sep 29, 2024 14:19:18.022994995 CEST	1.1.1.1	192.168.2.8	0xbcc8	No error (0)	www.google.com		216.58.206.68	A (IP address)	IN (0x0001)	false
Sep 29, 2024 14:19:18.023565054 CEST	1.1.1.1	192.168.2.8	0x9ca6	No error (0)	www.google.com			65	IN (0x0001)	false
Sep 29, 2024 14:19:18.827589989 CEST	1.1.1.1	192.168.2.8	0xda2f	No error (0)	886770657-la8.mmt166.com		101.32.12.46	A (IP address)	IN (0x0001)	false
Sep 29, 2024 14:19:25.353775978 CEST	1.1.1.1	192.168.2.8	0x3da5	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 29, 2024 14:19:25.353775978 CEST	1.1.1.1	192.168.2.8	0x3da5	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Sep 29, 2024 14:19:38.165400028 CEST	1.1.1.1	192.168.2.8	0xb990	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 29, 2024 14:19:38.165400028 CEST	1.1.1.1	192.168.2.8	0xb990	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Sep 29, 2024 14:20:05.970556974 CEST	1.1.1.1	192.168.2.8	0x4787	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 29, 2024 14:20:05.970556974 CEST	1.1.1.1	192.168.2.8	0x4787	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Sep 29, 2024 14:20:26.686461926 CEST	1.1.1.1	192.168.2.8	0x8334	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 29, 2024 14:20:26.686461926 CEST	1.1.1.1	192.168.2.8	0x8334	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

886770657-la8.mmt166.com

https:

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.8	49710	101.32.12.46	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:19:16 UTC	667	OUT	GET / HTTP/1.1 Host: 886770657-la8.mmt166.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 12:19:16 UTC	421	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 29 Sep 2024 12:19:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Set-Cookie: PHPSESSID=h6msjb3t97ogbp68jffi8qjvb5; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Strict-Transport-Security: max-age=31536000
2024-09-29 12:19:16 UTC	4622	IN	Data Raw: 31 32 30 31 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 21 2d 2d e9 81 bf e5 85 8d 49 45 e4 bd bf e7 94 a8 e5 85 bc e5 ae b9 e6 a8 a1 e5 bc 8f 2d 2d 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 Data Ascii: 1201<html><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> ...IE--> <meta http-equiv="X-UA-Compatible" content="IE=edge" /> <meta name="viewport" content="width=device-width, initial-sc

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.8	49711	101.32.12.46	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:19:17 UTC	616	OUT	GET /default/css/aglogin.css HTTP/1.1 Host: 886770657-la8.mmt166.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://886770657-la8.mmt166.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=h6msjb3t97ogbp68jffi8qjvb5
2024-09-29 12:19:17 UTC	365	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 29 Sep 2024 12:19:17 GMT Content-Type: text/css Content-Length: 7228 Last-Modified: Mon, 20 Mar 2023 09:17:38 GMT Connection: close Vary: Accept-Encoding ETag: "641824b2-1c3c" Expires: Mon, 30 Sep 2024 00:19:17 GMT Cache-Control: max-age=43200 Strict-Transport-Security: max-age=31536000 Accept-Ranges: bytes
2024-09-29 12:19:17 UTC	7228	IN	Data Raw: 2a 20 7b 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 20 70 61 64 64 69 6e 67 3a 20 30 70 78 3b 20 7d 0a 62 6f 64 79 20 7b 77 69 64 74 68 3a 20 31 30 30 25 3b 68 65 69 67 68 74 3a 20 31 30 30 25 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 4d 69 63 72 6f 73 6f 66 74 20 59 61 68 65 69 22 2c 41 72 69 61 6c 2c 20 56 65 72 64 61 6e 61 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 33 70 78 3b 20 63 6f 6c 6f 72 3a 20 23 33 36 33 36 33 36 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 35 65 6d 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 36 64 38 62 64 3b 20 7d 0a 2f 2a 20 57 65 62 4b 69 74 20 62 72 6f 77 73 65 72 73 20 2a 2f 0a 0a 3a 3a 2d 77 65 62 6b 69 74 2d 69 6e 70 75 74 2d 70 6c 61 63 65 Data Ascii: * { margin: 0px; padding: 0px; }body {width: 100%;height: 100%; font-family: "Microsoft Yahei",Arial, Verdana, Helvetica, sans-serif; font-size: 13px; color: #363636; line-height: 1.5em; background: #e6d8bd; }/* WebKit browsers */::-webkit-input-place

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.8	49714	101.32.12.46	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:19:18 UTC	597	OUT	GET /js/jquery-1.8.3.js HTTP/1.1 Host: 886770657-la8.mmt166.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://886770657-la8.mmt166.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=h6msjb3t97ogbp68jffi8qjvb5
2024-09-29 12:19:18 UTC	381	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 29 Sep 2024 12:19:18 GMT Content-Type: application/javascript Content-Length: 93637 Last-Modified: Wed, 17 Jul 2019 03:45:02 GMT Connection: close Vary: Accept-Encoding ETag: "5d2e99be-16dc5" Expires: Mon, 30 Sep 2024 00:19:18 GMT Cache-Control: max-age=43200 Strict-Transport-Security: max-age=31536000 Accept-Ranges: bytes
2024-09-29 12:19:18 UTC	16003	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 31 2e 38 2e 33 20 6a 71 75 65 72 79 2e 63 6f 6d 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0d 0a 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 66 75 6e 63 74 69 6f 6e 20 5f 28 65 29 7b 76 61 72 20 74 3d 4d 5b 65 5d 3d 7b 7d 3b 72 65 74 75 72 6e 20 76 2e 65 61 63 68 28 65 2e 73 70 6c 69 74 28 79 29 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 74 5b 6e 5d 3d 21 30 7d 29 2c 74 7d 66 75 6e 63 74 69 6f 6e 20 48 28 65 2c 6e 2c 72 29 7b 69 66 28 72 3d 3d 3d 74 26 26 65 2e 6e 6f 64 65 54 79 70 65 3d 3d 3d 31 29 7b 76 61 72 20 69 3d 22 64 61 74 61 2d 22 2b 6e 2e 72 65 70 6c 61 63 65 28 50 2c 22 2d 24 31 22 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3b 72 3d 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 Data Ascii: /! jQuery v1.8.3 jquery.com \| jquery.org/license /(function(e,t){function _(e){var t=M[e]={};return v.each(e.split(y),function(e,n){t[n]=!0}),t}function H(e,n,r){if(r===t&&e.nodeType===1){var i="data-"+n.replace(P,"-$1").toLowerCase();r=e.getAttribute
2024-09-29 12:19:18 UTC	16384	IN	Data Raw: 6f 6e 28 69 29 2c 66 26 26 28 61 3f 28 61 3d 6e 2c 6e 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 72 65 74 75 72 6e 20 61 2e 63 61 6c 6c 28 76 28 65 29 2c 6e 29 7d 29 3a 28 6e 2e 63 61 6c 6c 28 65 2c 69 29 2c 6e 3d 6e 75 6c 6c 29 29 3b 69 66 28 6e 29 66 6f 72 28 3b 6c 3c 63 3b 6c 2b 2b 29 6e 28 65 5b 6c 5d 2c 72 2c 61 3f 69 2e 63 61 6c 6c 28 65 5b 6c 5d 2c 6c 2c 6e 28 65 5b 6c 5d 2c 72 29 29 3a 69 2c 75 29 3b 73 3d 31 7d 72 65 74 75 72 6e 20 73 3f 65 3a 66 3f 6e 2e 63 61 6c 6c 28 65 29 3a 63 3f 6e 28 65 5b 30 5d 2c 72 29 3a 6f 7d 2c 6e 6f 77 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 28 6e 65 77 20 44 61 74 65 29 2e 67 65 74 54 69 6d 65 28 29 7d 7d 29 2c 76 2e 72 65 61 64 79 2e 70 72 6f 6d 69 73 65 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b Data Ascii: on(i),f&&(a?(a=n,n=function(e,t,n){return a.call(v(e),n)}):(n.call(e,i),n=null));if(n)for(;l<c;l++)n(e[l],r,a?i.call(e[l],l,n(e[l],r)):i,u);s=1}return s?e:f?n.call(e):c?n(e[0],r):o},now:function(){return(new Date).getTime()}}),v.ready.promise=function(t){
2024-09-29 12:19:18 UTC	16384	IN	Data Raw: 6e 7d 7d 29 7d 29 2c 76 2e 61 74 74 72 48 6f 6f 6b 73 2e 63 6f 6e 74 65 6e 74 65 64 69 74 61 62 6c 65 3d 7b 67 65 74 3a 6a 2e 67 65 74 2c 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 74 3d 3d 3d 22 22 26 26 28 74 3d 22 66 61 6c 73 65 22 29 2c 6a 2e 73 65 74 28 65 2c 74 2c 6e 29 7d 7d 29 2c 76 2e 73 75 70 70 6f 72 74 2e 68 72 65 66 4e 6f 72 6d 61 6c 69 7a 65 64 7c 7c 76 2e 65 61 63 68 28 5b 22 68 72 65 66 22 2c 22 73 72 63 22 2c 22 77 69 64 74 68 22 2c 22 68 65 69 67 68 74 22 5d 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 76 2e 61 74 74 72 48 6f 6f 6b 73 5b 6e 5d 3d 76 2e 65 78 74 65 6e 64 28 76 2e 61 74 74 72 48 6f 6f 6b 73 5b 6e 5d 2c 7b 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 72 3d 65 2e 67 65 74 41 74 74 72 69 62 75 Data Ascii: n}})}),v.attrHooks.contenteditable={get:j.get,set:function(e,t,n){t===""&&(t="false"),j.set(e,t,n)}}),v.support.hrefNormalized\|\|v.each(["href","src","width","height"],function(e,n){v.attrHooks[n]=v.extend(v.attrHooks[n],{get:function(e){var r=e.getAttribu
2024-09-29 12:19:18 UTC	16384	IN	Data Raw: 75 7c 7c 73 26 26 69 2e 66 69 6e 64 2e 54 41 47 28 22 2a 22 2c 68 26 26 61 2e 70 61 72 65 6e 74 4e 6f 64 65 7c 7c 61 29 2c 6b 3d 62 2b 3d 4e 3d 3d 6e 75 6c 6c 3f 31 3a 4d 61 74 68 2e 45 3b 54 26 26 28 63 3d 61 21 3d 3d 67 26 26 61 2c 6e 3d 6f 2e 65 6c 29 3b 66 6f 72 28 3b 28 70 3d 43 5b 77 5d 29 21 3d 6e 75 6c 6c 3b 77 2b 2b 29 7b 69 66 28 73 26 26 70 29 7b 66 6f 72 28 64 3d 30 3b 76 3d 65 5b 64 5d 3b 64 2b 2b 29 69 66 28 76 28 70 2c 61 2c 66 29 29 7b 6c 2e 70 75 73 68 28 70 29 3b 62 72 65 61 6b 7d 54 26 26 28 62 3d 6b 2c 6e 3d 2b 2b 6f 2e 65 6c 29 7d 72 26 26 28 28 70 3d 21 76 26 26 70 29 26 26 79 2d 2d 2c 75 26 26 78 2e 70 75 73 68 28 70 29 29 7d 79 2b 3d 77 3b 69 66 28 72 26 26 77 21 3d 3d 79 29 7b 66 6f 72 28 64 3d 30 3b 76 3d 74 5b 64 5d 3b 64 2b 2b Data Ascii: u\|\|s&&i.find.TAG("*",h&&a.parentNode\|\|a),k=b+=N==null?1:Math.E;T&&(c=a!==g&&a,n=o.el);for(;(p=C[w])!=null;w++){if(s&&p){for(d=0;v=e[d];d++)if(v(p,a,f)){l.push(p);break}T&&(b=k,n=++o.el)}r&&((p=!v&&p)&&y--,u&&x.push(p))}y+=w;if(r&&w!==y){for(d=0;v=t[d];d++
2024-09-29 12:19:18 UTC	16384	IN	Data Raw: 62 6f 64 79 3e 3c 2f 74 61 62 6c 65 3e 22 5d 2c 74 64 3a 5b 33 2c 22 3c 74 61 62 6c 65 3e 3c 74 62 6f 64 79 3e 3c 74 72 3e 22 2c 22 3c 2f 74 72 3e 3c 2f 74 62 6f 64 79 3e 3c 2f 74 61 62 6c 65 3e 22 5d 2c 63 6f 6c 3a 5b 32 2c 22 3c 74 61 62 6c 65 3e 3c 74 62 6f 64 79 3e 3c 2f 74 62 6f 64 79 3e 3c 63 6f 6c 67 72 6f 75 70 3e 22 2c 22 3c 2f 63 6f 6c 67 72 6f 75 70 3e 3c 2f 74 61 62 6c 65 3e 22 5d 2c 61 72 65 61 3a 5b 31 2c 22 3c 6d 61 70 3e 22 2c 22 3c 2f 6d 61 70 3e 22 5d 2c 5f 64 65 66 61 75 6c 74 3a 5b 30 2c 22 22 2c 22 22 5d 7d 2c 43 74 3d 6c 74 28 69 29 2c 6b 74 3d 43 74 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 64 69 76 22 29 29 3b 4e 74 2e 6f 70 74 67 72 6f 75 70 3d 4e 74 2e 6f 70 74 69 6f 6e 2c 4e 74 2e Data Ascii: body></table>"],td:[3,"<table><tbody><tr>","</tr></tbody></table>"],col:[2,"<table><tbody></tbody><colgroup>","</colgroup></table>"],area:[1,"<map>","</map>"],_default:[0,"",""]},Ct=lt(i),kt=Ct.appendChild(i.createElement("div"));Nt.optgroup=Nt.option,Nt.
2024-09-29 12:19:18 UTC	12098	IN	Data Raw: 6e 28 65 2c 74 29 7b 69 66 28 21 45 29 7b 76 61 72 20 6e 3d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3b 65 3d 77 5b 6e 5d 3d 77 5b 6e 5d 7c 7c 65 2c 62 5b 65 5d 3d 74 7d 72 65 74 75 72 6e 20 74 68 69 73 7d 2c 67 65 74 41 6c 6c 52 65 73 70 6f 6e 73 65 48 65 61 64 65 72 73 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 45 3d 3d 3d 32 3f 69 3a 6e 75 6c 6c 7d 2c 67 65 74 52 65 73 70 6f 6e 73 65 48 65 61 64 65 72 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 6e 3b 69 66 28 45 3d 3d 3d 32 29 7b 69 66 28 21 73 29 7b 73 3d 7b 7d 3b 77 68 69 6c 65 28 6e 3d 70 6e 2e 65 78 65 63 28 69 29 29 73 5b 6e 5b 31 5d 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5d 3d 6e 5b 32 5d 7d 6e 3d 73 5b 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5d 7d 72 65 74 75 72 Data Ascii: n(e,t){if(!E){var n=e.toLowerCase();e=w[n]=w[n]\|\|e,b[e]=t}return this},getAllResponseHeaders:function(){return E===2?i:null},getResponseHeader:function(e){var n;if(E===2){if(!s){s={};while(n=pn.exec(i))s[n[1].toLowerCase()]=n[2]}n=s[e.toLowerCase()]}retur

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.8	49715	101.32.12.46	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:19:18 UTC	588	OUT	GET /js/md5.js HTTP/1.1 Host: 886770657-la8.mmt166.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://886770657-la8.mmt166.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=h6msjb3t97ogbp68jffi8qjvb5
2024-09-29 12:19:18 UTC	379	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 29 Sep 2024 12:19:18 GMT Content-Type: application/javascript Content-Length: 7319 Last-Modified: Wed, 17 Jul 2019 03:45:02 GMT Connection: close Vary: Accept-Encoding ETag: "5d2e99be-1c97" Expires: Mon, 30 Sep 2024 00:19:18 GMT Cache-Control: max-age=43200 Strict-Transport-Security: max-age=31536000 Accept-Ranges: bytes
2024-09-29 12:19:18 UTC	7319	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 4d 44 35 28 73 4d 65 73 73 61 67 65 29 20 7b 0d 0a 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 52 6f 74 61 74 65 4c 65 66 74 28 6c 56 61 6c 75 65 2c 20 69 53 68 69 66 74 42 69 74 73 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 28 6c 56 61 6c 75 65 20 3c 3c 20 69 53 68 69 66 74 42 69 74 73 29 20 7c 20 28 6c 56 61 6c 75 65 20 3e 3e 3e 20 28 33 32 2d 69 53 68 69 66 74 42 69 74 73 29 29 3b 0d 0a 20 20 20 20 7d 0d 0a 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 41 64 64 55 6e 73 69 67 6e 65 64 28 6c 58 2c 6c 59 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 76 61 72 20 6c 58 34 2c 6c 59 34 2c 6c 58 38 2c 6c 59 38 2c 6c 52 65 73 75 6c 74 3b 0d 0a 20 20 20 20 20 20 20 20 6c 58 38 20 3d 20 28 6c 58 20 26 20 30 78 38 30 30 30 30 30 30 30 29 Data Ascii: function MD5(sMessage) { function RotateLeft(lValue, iShiftBits) { return (lValue << iShiftBits) \| (lValue >>> (32-iShiftBits)); } function AddUnsigned(lX,lY) { var lX4,lY4,lX8,lY8,lResult; lX8 = (lX & 0x80000000)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.8	49716	101.32.12.46	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:19:18 UTC	659	OUT	GET /imgcode.php?act=init HTTP/1.1 Host: 886770657-la8.mmt166.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://886770657-la8.mmt166.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=h6msjb3t97ogbp68jffi8qjvb5
2024-09-29 12:19:18 UTC	349	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 29 Sep 2024 12:19:18 GMT Content-Type: image/jpeg Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Strict-Transport-Security: max-age=31536000
2024-09-29 12:19:18 UTC	4464	IN	Data Raw: 31 31 36 33 0d 0a ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 03 02 02 02 02 02 03 02 02 02 03 03 03 03 04 06 04 04 04 04 04 08 06 06 05 06 09 08 0a 0a 09 08 09 09 0a 0c 0f 0c 0a 0b 0e 0b 09 09 0d 11 0d 0e 0f 10 10 11 10 0a 0c 12 13 12 10 13 0f 10 10 10 ff db 00 43 01 03 03 03 04 03 04 08 04 04 08 10 0b 09 0b 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 ff c0 00 11 08 00 26 00 5a 03 01 11 00 02 11 01 03 11 01 ff c4 00 1c 00 00 01 04 03 01 00 00 00 00 00 00 00 00 00 00 00 07 02 03 04 06 00 01 05 08 ff c4 00 2e 10 00 02 01 03 04 01 04 01 04 02 02 03 00 00 00 00 01 02 03 04 05 11 06 07 12 21 00 08 13 22 31 41 14 32 51 61 15 Data Ascii: 1163JFIFCC&Z.!"1A2Qa

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.8	49718	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:19:19 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-29 12:19:19 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF67) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=102343 Date: Sun, 29 Sep 2024 12:19:19 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.8	49720	101.32.12.46	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:19:19 UTC	403	OUT	GET /js/md5.js HTTP/1.1 Host: 886770657-la8.mmt166.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=h6msjb3t97ogbp68jffi8qjvb5
2024-09-29 12:19:20 UTC	379	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 29 Sep 2024 12:19:20 GMT Content-Type: application/javascript Content-Length: 7319 Last-Modified: Wed, 17 Jul 2019 03:45:02 GMT Connection: close Vary: Accept-Encoding ETag: "5d2e99be-1c97" Expires: Mon, 30 Sep 2024 00:19:20 GMT Cache-Control: max-age=43200 Strict-Transport-Security: max-age=31536000 Accept-Ranges: bytes
2024-09-29 12:19:20 UTC	7319	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 4d 44 35 28 73 4d 65 73 73 61 67 65 29 20 7b 0d 0a 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 52 6f 74 61 74 65 4c 65 66 74 28 6c 56 61 6c 75 65 2c 20 69 53 68 69 66 74 42 69 74 73 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 28 6c 56 61 6c 75 65 20 3c 3c 20 69 53 68 69 66 74 42 69 74 73 29 20 7c 20 28 6c 56 61 6c 75 65 20 3e 3e 3e 20 28 33 32 2d 69 53 68 69 66 74 42 69 74 73 29 29 3b 0d 0a 20 20 20 20 7d 0d 0a 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 41 64 64 55 6e 73 69 67 6e 65 64 28 6c 58 2c 6c 59 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 76 61 72 20 6c 58 34 2c 6c 59 34 2c 6c 58 38 2c 6c 59 38 2c 6c 52 65 73 75 6c 74 3b 0d 0a 20 20 20 20 20 20 20 20 6c 58 38 20 3d 20 28 6c 58 20 26 20 30 78 38 30 30 30 30 30 30 30 29 Data Ascii: function MD5(sMessage) { function RotateLeft(lValue, iShiftBits) { return (lValue << iShiftBits) \| (lValue >>> (32-iShiftBits)); } function AddUnsigned(lX,lY) { var lX4,lY4,lX8,lY8,lResult; lX8 = (lX & 0x80000000)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.8	49719	101.32.12.46	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:19:19 UTC	414	OUT	GET /imgcode.php?act=init HTTP/1.1 Host: 886770657-la8.mmt166.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=h6msjb3t97ogbp68jffi8qjvb5
2024-09-29 12:19:20 UTC	349	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 29 Sep 2024 12:19:20 GMT Content-Type: image/jpeg Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Strict-Transport-Security: max-age=31536000
2024-09-29 12:19:20 UTC	4442	IN	Data Raw: 31 31 34 64 0d 0a ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 03 02 02 02 02 02 03 02 02 02 03 03 03 03 04 06 04 04 04 04 04 08 06 06 05 06 09 08 0a 0a 09 08 09 09 0a 0c 0f 0c 0a 0b 0e 0b 09 09 0d 11 0d 0e 0f 10 10 11 10 0a 0c 12 13 12 10 13 0f 10 10 10 ff db 00 43 01 03 03 03 04 03 04 08 04 04 08 10 0b 09 0b 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 ff c0 00 11 08 00 26 00 5a 03 01 11 00 02 11 01 03 11 01 ff c4 00 1c 00 00 01 04 03 01 00 00 00 00 00 00 00 00 00 00 00 07 02 03 05 08 00 04 06 01 ff c4 00 30 10 00 02 01 03 03 03 03 04 01 03 05 01 00 00 00 00 01 02 03 04 05 11 06 12 21 00 07 31 08 13 41 14 15 22 51 32 23 Data Ascii: 114dJFIFCC&Z0!1A"Q2#

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.8	49721	101.32.12.46	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:19:19 UTC	690	OUT	GET /default/images/aglogin_l.png HTTP/1.1 Host: 886770657-la8.mmt166.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://886770657-la8.mmt166.com/default/css/aglogin.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=h6msjb3t97ogbp68jffi8qjvb5
2024-09-29 12:19:20 UTC	367	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 29 Sep 2024 12:19:20 GMT Content-Type: image/png Content-Length: 2050 Last-Modified: Mon, 20 Mar 2023 09:18:00 GMT Connection: close Vary: Accept-Encoding ETag: "641824c8-802" Expires: Tue, 29 Oct 2024 12:19:20 GMT Cache-Control: max-age=2592000 Strict-Transport-Security: max-age=31536000 Accept-Ranges: bytes
2024-09-29 12:19:20 UTC	2050	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 64 00 00 00 1e 08 06 00 00 00 da 5b bb f3 00 00 00 04 73 42 49 54 08 08 08 08 7c 08 64 88 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 00 16 74 45 58 74 43 72 65 61 74 69 6f 6e 20 54 69 6d 65 00 30 33 2f 32 35 2f 32 30 50 1d 3c 2d 00 00 00 1c 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 46 69 72 65 77 6f 72 6b 73 20 43 53 35 71 b5 e3 36 00 00 07 5a 49 44 41 54 68 81 ed 5a 3f 6c db 56 1e fe a8 32 2a 2d 29 0e 05 43 8c 84 a0 80 b8 d9 b0 86 68 b1 a1 51 da 1c d8 83 b3 08 57 dc 62 8d 45 bc a4 43 bb 24 83 0d 1c d2 a1 5d 1c 14 9d d4 2d 57 2d f6 10 23 de c4 51 b0 16 75 a0 60 6f d4 e1 50 48 a1 20 88 b6 2c 99 d1 f1 f4 6e a0 1f 4d 91 d4 1f 37 01 a2 1e f4 6d 14 df ef f1 f7 f8 Data Ascii: PNGIHDRd[sBIT\|dpHYs~tEXtCreation Time03/25/20P<-tEXtSoftwareAdobe Fireworks CS5q6ZIDAThZ?lV2*-)ChQWbEC$]-W-#Qu`oPH ,nM7m

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.8	49725	101.32.12.46	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:19:19 UTC	688	OUT	GET /default/images/login_r.png HTTP/1.1 Host: 886770657-la8.mmt166.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://886770657-la8.mmt166.com/default/css/aglogin.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=h6msjb3t97ogbp68jffi8qjvb5
2024-09-29 12:19:20 UTC	367	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 29 Sep 2024 12:19:20 GMT Content-Type: image/png Content-Length: 1475 Last-Modified: Mon, 20 Mar 2023 09:19:30 GMT Connection: close Vary: Accept-Encoding ETag: "64182522-5c3" Expires: Tue, 29 Oct 2024 12:19:20 GMT Cache-Control: max-age=2592000 Strict-Transport-Security: max-age=31536000 Accept-Ranges: bytes
2024-09-29 12:19:20 UTC	1475	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 3c 00 00 00 1e 08 06 00 00 00 70 98 7d 4f 00 00 00 04 73 42 49 54 08 08 08 08 7c 08 64 88 00 00 00 09 70 48 59 73 00 00 0e c3 00 00 0e c3 01 c7 6f a8 64 00 00 00 16 74 45 58 74 43 72 65 61 74 69 6f 6e 20 54 69 6d 65 00 30 33 2f 32 36 2f 32 30 42 a8 93 c3 00 00 00 1c 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 46 69 72 65 77 6f 72 6b 73 20 43 53 35 71 b5 e3 36 00 00 05 1b 49 44 41 54 58 85 e5 98 5b 68 1c 65 14 c7 7f 11 a3 b6 fa 90 f8 22 de 70 67 c4 27 85 a4 4f 2d 54 e9 ae 62 6d 2d 95 9d a5 58 f0 25 29 22 22 56 4d f4 a1 52 3b 9b cd 8c 48 ad 62 b7 62 7d f0 96 ad 0a 22 e2 cc 82 d7 82 36 6b 95 56 6d d5 f5 c1 17 c5 d9 ad 68 5f bc 90 42 2b 62 d3 c6 87 73 26 99 24 33 93 c4 dd 9a 62 ff 30 24 fb Data Ascii: PNGIHDR<p}OsBIT\|dpHYsodtEXtCreation Time03/26/20BtEXtSoftwareAdobe Fireworks CS5q6IDATX[he"pg'O-Tbm-X%)""VMR;Hbb}"6kVmh_B+bs&$3b0$

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.8	49726	101.32.12.46	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:19:19 UTC	690	OUT	GET /default/images/login_btn.png HTTP/1.1 Host: 886770657-la8.mmt166.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://886770657-la8.mmt166.com/default/css/aglogin.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=h6msjb3t97ogbp68jffi8qjvb5
2024-09-29 12:19:20 UTC	342	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 29 Sep 2024 12:19:20 GMT Content-Type: image/png Content-Length: 188 Last-Modified: Sun, 26 Feb 2023 14:37:24 GMT Connection: close ETag: "63fb6ea4-bc" Expires: Tue, 29 Oct 2024 12:19:20 GMT Cache-Control: max-age=2592000 Strict-Transport-Security: max-age=31536000 Accept-Ranges: bytes
2024-09-29 12:19:20 UTC	188	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 0d 00 00 00 32 08 02 00 00 00 08 a5 c6 53 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 00 5e 49 44 41 54 78 da ec 95 bb 0d c0 20 10 43 1d 94 55 b3 12 2b 02 1b a4 33 2b bc 02 61 0a ae b6 fc 93 a5 7b be fa 0b dc db 47 43 38 cb 08 c7 60 98 af 48 90 cf 8b f9 60 5e c3 bc a2 7c 29 5d 67 fc f1 5d 9d ed cf a1 9e 79 2f 0a ed e0 ee 6a 47 7f 4a f5 97 d1 3d fe 2f 2c fe 83 53 80 01 00 97 e1 5d 11 16 db 5f 7a 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: PNGIHDR2StEXtSoftwareAdobe ImageReadyqe<^IDATx CU+3+a{GC8`H`^\|)]g]y/jGJ=/,S]_zIENDB`

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.8	49724	101.32.12.46	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:19:19 UTC	691	OUT	GET /default/images/ico_mobile.png HTTP/1.1 Host: 886770657-la8.mmt166.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://886770657-la8.mmt166.com/default/css/aglogin.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=h6msjb3t97ogbp68jffi8qjvb5
2024-09-29 12:19:20 UTC	367	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 29 Sep 2024 12:19:20 GMT Content-Type: image/png Content-Length: 2834 Last-Modified: Sun, 26 Feb 2023 14:37:30 GMT Connection: close Vary: Accept-Encoding ETag: "63fb6eaa-b12" Expires: Tue, 29 Oct 2024 12:19:20 GMT Cache-Control: max-age=2592000 Strict-Transport-Security: max-age=31536000 Accept-Ranges: bytes
2024-09-29 12:19:20 UTC	2834	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 98 00 00 00 23 08 06 00 00 00 68 cf c3 97 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 6a 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 35 2d 63 30 31 34 20 37 39 2e 31 35 31 34 38 31 2c 20 32 30 31 33 2f 30 33 2f 31 33 2d 31 32 3a 30 39 3a 31 35 20 20 Data Ascii: PNGIHDR#htEXtSoftwareAdobe ImageReadyqe<jiTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.8	49722	101.32.12.46	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:19:19 UTC	694	OUT	GET /default/images/login_newyear.png HTTP/1.1 Host: 886770657-la8.mmt166.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://886770657-la8.mmt166.com/default/css/aglogin.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=h6msjb3t97ogbp68jffi8qjvb5
2024-09-29 12:19:20 UTC	369	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 29 Sep 2024 12:19:20 GMT Content-Type: image/png Content-Length: 63803 Last-Modified: Thu, 15 Feb 2024 14:26:38 GMT Connection: close Vary: Accept-Encoding ETag: "65ce1f1e-f93b" Expires: Tue, 29 Oct 2024 12:19:20 GMT Cache-Control: max-age=2592000 Strict-Transport-Security: max-age=31536000 Accept-Ranges: bytes
2024-09-29 12:19:20 UTC	16015	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 07 80 00 00 03 ca 08 06 00 00 00 75 2e 47 df 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 f8 d0 49 44 41 54 78 01 ec dd 41 ad 58 31 10 04 c1 71 64 60 e1 0f 23 81 f0 73 77 70 bc 56 15 8d d6 ec 9e bf 3f 3f bf 07 00 00 00 00 00 00 c0 e7 9d 3f 3f ff de 00 00 00 00 00 00 00 f8 bc 5f 03 00 00 00 00 00 00 20 41 00 06 00 00 00 00 00 00 88 10 80 01 00 00 00 00 00 00 22 04 60 00 00 00 00 00 00 80 08 01 18 00 00 00 00 00 00 20 42 00 06 00 00 00 00 00 00 88 10 80 01 00 00 00 00 00 00 22 04 60 00 00 00 00 00 00 80 08 01 18 00 00 00 00 00 00 20 42 00 06 00 00 00 00 00 00 88 10 80 01 00 00 00 00 00 00 22 04 Data Ascii: PNGIHDRu.GpHYssRGBgAMAaIDATxAX1qd`#swpV????_ A"` B"` B"
2024-09-29 12:19:20 UTC	16384	IN	Data Raw: 3e 0e 69 39 b3 51 d2 b2 35 a6 55 d0 a9 d9 73 44 f0 7a ab 78 df 5d 0b ed c3 fe 5a 78 6a be 86 d9 31 04 26 4b 7a 74 db 4d 84 bf 81 da c7 51 b0 e6 ab 3d da 8d cb f6 ef e9 c3 2e 85 c9 96 2b ee 79 10 09 7d 84 aa f5 6f a0 b6 b4 24 26 c7 a9 7c ad 8a f5 df 22 77 ea 45 62 d7 e7 80 88 88 88 88 88 a8 27 58 01 4c 44 44 44 44 d4 cf 14 bd 0e 47 3c 78 17 be ff fd 5f 70 c2 93 7f 17 81 5f 22 62 a5 a5 a8 14 ee aa 5a 38 b2 d2 e1 cc cb 8e 7a be a0 c7 0b a3 cd 8a 9e 6a ad ae c5 92 3f ff 13 5b df fd 14 91 2e 07 63 7d 6b e8 a9 c7 ef 19 fe c6 98 de 64 c4 8c db 6f 40 e1 27 5f a3 a5 38 fa 16 d8 1f 5d fc 73 0c 3b f3 24 a4 4f 99 80 a4 d1 c3 a1 d3 f7 ac 1d f5 40 a4 e8 aa a1 46 e6 a2 66 cd fb a8 2e 29 ec f1 38 bf ed 53 91 90 71 04 2c f1 23 10 3b b2 5d f5 5a d4 15 bc 86 86 c6 e8 c7 7e Data Ascii: >i9Q5UsDzx]Zxj1&KztMQ=.+y}o$&\|"wEb'XLDDDDG<x_p_"bZ8zj?[.c}kdo@'_8]s;$O@Ff.)8Sq,#;]Z~
2024-09-29 12:19:20 UTC	16384	IN	Data Raw: 6b 9f 7d 0d 47 fe f9 b7 7b 3c 1e f2 fa b0 e2 91 a7 a2 af de dd e1 fb bb ff aa b5 95 9e f0 b3 4b 44 70 66 44 e2 b0 7c ed 26 c7 ad fd ec ea 5f b5 3b 5f 5c 4e 26 0e fd fd 2d 3b c2 eb d8 7e b7 90 01 ed 57 37 fd b6 fd 00 5a 04 71 19 53 c6 63 e6 5d 37 69 ed 91 e5 7a 4b b2 e2 4e 06 ed 5f df fc 7b ed 7e de 71 47 c2 60 31 c1 5d 51 89 cf ae ba 15 75 1b f6 1c 7b 55 b6 94 2e 99 bb 00 9f 5f f3 2b 9c f2 f2 63 da 72 32 67 4c ea 68 d5 b4 a0 7c e7 fb f5 b7 b8 3a 9c 56 6e c3 f4 49 63 b5 e9 0b 3f fe 12 6a 38 ba 6a 47 39 a6 f2 09 ff f9 3f 98 e2 6c 18 d8 df db 82 22 fc 5d 8f e6 e2 e7 51 b2 61 79 17 c6 eb 6d 63 b4 a4 88 6d 9e b0 a3 c3 6d db fb 8c 84 bd 22 ac 5f 84 60 b0 6b c7 b1 d4 d2 d0 80 ed 0b ff 8b c1 33 9a a1 b7 fc 54 2c 2c be fd 89 d5 20 7c f5 9f a0 a1 be f3 f6 b8 3b c5 Data Ascii: k}G{<KDpfD\|&_;_\N&-;~W7ZqSc]7izKN_{~qG`1]Qu{U._+cr2gLh\|:VnIc?j8jG9?l"]Qaymcmm"_`k3T,, \|;
2024-09-29 12:19:20 UTC	15020	IN	Data Raw: 9b 97 23 1c 0a 45 3d 8f bc 68 a1 70 cd 22 84 fd 7d 5f 21 ee ad ab 47 73 51 a9 38 a7 34 61 c1 bd 0f 61 c5 bf 9e 85 1a 51 51 f6 fd 62 bc 77 f6 95 a8 5e b9 16 3d 25 db 48 7f 2d 42 66 77 65 35 88 88 88 88 88 68 e0 60 00 4c 44 44 44 44 74 80 28 fd 6e 21 b6 be fb 09 fa 94 08 8d 64 e8 7b d2 73 ff 44 ce e1 33 b5 87 1a 36 6d c5 ba e7 5f 8f aa 5a 53 67 34 62 f0 89 73 b4 df 65 b5 5a e3 d6 22 f4 a5 ac 43 a7 61 f2 f5 57 a0 bf e5 ce 9e 05 a3 cd a6 fd ee 6d 6c 6a 77 1c ce 03 81 4e 67 d2 5a 27 77 26 1c 0e 23 14 10 c1 bd ea 87 c1 92 8d a4 8c a3 da 19 93 b6 1b c4 e6 35 d9 72 b4 4a e4 58 30 c5 8d 41 4a c6 6c ec af 76 7e 56 c3 fe ad 68 a9 7e 18 4d 85 7f 41 6b dd 0a ed 31 b3 29 0e 83 46 df 00 67 ce c5 d0 e9 6d 38 98 45 42 5e 78 5c 55 5d ae 7d 4e 4c 1f 27 82 f3 be bf 40 a0 66 Data Ascii: #E=hp"}_!GsQ84aaQQbw^=%H-Bfwe5h`LDDDDt(n!d{sD36m_ZSg4bseZ"CaWmljwNgZ'w&#5rJX0AJlv~Vh~MAk1)Fgm8EB^x\U]}NL'@f

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.8	49723	101.32.12.46	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:19:19 UTC	690	OUT	GET /default/images/ico_aplus.png HTTP/1.1 Host: 886770657-la8.mmt166.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://886770657-la8.mmt166.com/default/css/aglogin.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=h6msjb3t97ogbp68jffi8qjvb5
2024-09-29 12:19:20 UTC	367	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 29 Sep 2024 12:19:20 GMT Content-Type: image/png Content-Length: 3884 Last-Modified: Sun, 26 Feb 2023 14:37:38 GMT Connection: close Vary: Accept-Encoding ETag: "63fb6eb2-f2c" Expires: Tue, 29 Oct 2024 12:19:20 GMT Cache-Control: max-age=2592000 Strict-Transport-Security: max-age=31536000 Accept-Ranges: bytes
2024-09-29 12:19:20 UTC	3884	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 98 00 00 00 23 08 06 00 00 00 68 cf c3 97 00 00 00 04 73 42 49 54 08 08 08 08 7c 08 64 88 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 00 16 74 45 58 74 43 72 65 61 74 69 6f 6e 20 54 69 6d 65 00 30 33 2f 32 35 2f 32 30 50 1d 3c 2d 00 00 00 1c 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 46 69 72 65 77 6f 72 6b 73 20 43 53 35 71 b5 e3 36 00 00 0e 84 49 44 41 54 78 9c ed 5c 7d 6c 14 e7 9d 7e de 9d 9d d9 d9 f5 7e b0 c6 80 3f c0 71 c0 d0 c5 88 24 b8 a9 49 0c c7 01 56 9b e8 12 55 38 e4 8f 88 43 97 08 74 51 1b bb ba bb 26 e8 54 b8 f4 d4 26 c0 5d ca 55 54 b5 13 74 27 72 97 2a b5 22 05 b2 e8 94 46 d7 6b 0d 5c 1a 4c 70 88 5d 4a 6c 2f 5f 3e 63 0c fe 88 f1 66 f6 63 76 76 66 Data Ascii: PNGIHDR#hsBIT\|dpHYs~tEXtCreation Time03/25/20P<-tEXtSoftwareAdobe Fireworks CS5q6IDATx\}l~~?q$IVU8CtQ&T&]UTt'r*"Fk\Lp]Jl/_>cfcvvf

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.8	49727	101.32.12.46	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:19:20 UTC	412	OUT	GET /js/jquery-1.8.3.js HTTP/1.1 Host: 886770657-la8.mmt166.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=h6msjb3t97ogbp68jffi8qjvb5
2024-09-29 12:19:20 UTC	381	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 29 Sep 2024 12:19:20 GMT Content-Type: application/javascript Content-Length: 93637 Last-Modified: Wed, 17 Jul 2019 03:45:02 GMT Connection: close Vary: Accept-Encoding ETag: "5d2e99be-16dc5" Expires: Mon, 30 Sep 2024 00:19:20 GMT Cache-Control: max-age=43200 Strict-Transport-Security: max-age=31536000 Accept-Ranges: bytes
2024-09-29 12:19:20 UTC	16003	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 31 2e 38 2e 33 20 6a 71 75 65 72 79 2e 63 6f 6d 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0d 0a 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 66 75 6e 63 74 69 6f 6e 20 5f 28 65 29 7b 76 61 72 20 74 3d 4d 5b 65 5d 3d 7b 7d 3b 72 65 74 75 72 6e 20 76 2e 65 61 63 68 28 65 2e 73 70 6c 69 74 28 79 29 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 74 5b 6e 5d 3d 21 30 7d 29 2c 74 7d 66 75 6e 63 74 69 6f 6e 20 48 28 65 2c 6e 2c 72 29 7b 69 66 28 72 3d 3d 3d 74 26 26 65 2e 6e 6f 64 65 54 79 70 65 3d 3d 3d 31 29 7b 76 61 72 20 69 3d 22 64 61 74 61 2d 22 2b 6e 2e 72 65 70 6c 61 63 65 28 50 2c 22 2d 24 31 22 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3b 72 3d 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 Data Ascii: /! jQuery v1.8.3 jquery.com \| jquery.org/license /(function(e,t){function _(e){var t=M[e]={};return v.each(e.split(y),function(e,n){t[n]=!0}),t}function H(e,n,r){if(r===t&&e.nodeType===1){var i="data-"+n.replace(P,"-$1").toLowerCase();r=e.getAttribute
2024-09-29 12:19:20 UTC	16384	IN	Data Raw: 6f 6e 28 69 29 2c 66 26 26 28 61 3f 28 61 3d 6e 2c 6e 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 72 65 74 75 72 6e 20 61 2e 63 61 6c 6c 28 76 28 65 29 2c 6e 29 7d 29 3a 28 6e 2e 63 61 6c 6c 28 65 2c 69 29 2c 6e 3d 6e 75 6c 6c 29 29 3b 69 66 28 6e 29 66 6f 72 28 3b 6c 3c 63 3b 6c 2b 2b 29 6e 28 65 5b 6c 5d 2c 72 2c 61 3f 69 2e 63 61 6c 6c 28 65 5b 6c 5d 2c 6c 2c 6e 28 65 5b 6c 5d 2c 72 29 29 3a 69 2c 75 29 3b 73 3d 31 7d 72 65 74 75 72 6e 20 73 3f 65 3a 66 3f 6e 2e 63 61 6c 6c 28 65 29 3a 63 3f 6e 28 65 5b 30 5d 2c 72 29 3a 6f 7d 2c 6e 6f 77 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 28 6e 65 77 20 44 61 74 65 29 2e 67 65 74 54 69 6d 65 28 29 7d 7d 29 2c 76 2e 72 65 61 64 79 2e 70 72 6f 6d 69 73 65 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b Data Ascii: on(i),f&&(a?(a=n,n=function(e,t,n){return a.call(v(e),n)}):(n.call(e,i),n=null));if(n)for(;l<c;l++)n(e[l],r,a?i.call(e[l],l,n(e[l],r)):i,u);s=1}return s?e:f?n.call(e):c?n(e[0],r):o},now:function(){return(new Date).getTime()}}),v.ready.promise=function(t){
2024-09-29 12:19:20 UTC	16384	IN	Data Raw: 6e 7d 7d 29 7d 29 2c 76 2e 61 74 74 72 48 6f 6f 6b 73 2e 63 6f 6e 74 65 6e 74 65 64 69 74 61 62 6c 65 3d 7b 67 65 74 3a 6a 2e 67 65 74 2c 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 74 3d 3d 3d 22 22 26 26 28 74 3d 22 66 61 6c 73 65 22 29 2c 6a 2e 73 65 74 28 65 2c 74 2c 6e 29 7d 7d 29 2c 76 2e 73 75 70 70 6f 72 74 2e 68 72 65 66 4e 6f 72 6d 61 6c 69 7a 65 64 7c 7c 76 2e 65 61 63 68 28 5b 22 68 72 65 66 22 2c 22 73 72 63 22 2c 22 77 69 64 74 68 22 2c 22 68 65 69 67 68 74 22 5d 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 76 2e 61 74 74 72 48 6f 6f 6b 73 5b 6e 5d 3d 76 2e 65 78 74 65 6e 64 28 76 2e 61 74 74 72 48 6f 6f 6b 73 5b 6e 5d 2c 7b 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 72 3d 65 2e 67 65 74 41 74 74 72 69 62 75 Data Ascii: n}})}),v.attrHooks.contenteditable={get:j.get,set:function(e,t,n){t===""&&(t="false"),j.set(e,t,n)}}),v.support.hrefNormalized\|\|v.each(["href","src","width","height"],function(e,n){v.attrHooks[n]=v.extend(v.attrHooks[n],{get:function(e){var r=e.getAttribu
2024-09-29 12:19:20 UTC	16384	IN	Data Raw: 75 7c 7c 73 26 26 69 2e 66 69 6e 64 2e 54 41 47 28 22 2a 22 2c 68 26 26 61 2e 70 61 72 65 6e 74 4e 6f 64 65 7c 7c 61 29 2c 6b 3d 62 2b 3d 4e 3d 3d 6e 75 6c 6c 3f 31 3a 4d 61 74 68 2e 45 3b 54 26 26 28 63 3d 61 21 3d 3d 67 26 26 61 2c 6e 3d 6f 2e 65 6c 29 3b 66 6f 72 28 3b 28 70 3d 43 5b 77 5d 29 21 3d 6e 75 6c 6c 3b 77 2b 2b 29 7b 69 66 28 73 26 26 70 29 7b 66 6f 72 28 64 3d 30 3b 76 3d 65 5b 64 5d 3b 64 2b 2b 29 69 66 28 76 28 70 2c 61 2c 66 29 29 7b 6c 2e 70 75 73 68 28 70 29 3b 62 72 65 61 6b 7d 54 26 26 28 62 3d 6b 2c 6e 3d 2b 2b 6f 2e 65 6c 29 7d 72 26 26 28 28 70 3d 21 76 26 26 70 29 26 26 79 2d 2d 2c 75 26 26 78 2e 70 75 73 68 28 70 29 29 7d 79 2b 3d 77 3b 69 66 28 72 26 26 77 21 3d 3d 79 29 7b 66 6f 72 28 64 3d 30 3b 76 3d 74 5b 64 5d 3b 64 2b 2b Data Ascii: u\|\|s&&i.find.TAG("*",h&&a.parentNode\|\|a),k=b+=N==null?1:Math.E;T&&(c=a!==g&&a,n=o.el);for(;(p=C[w])!=null;w++){if(s&&p){for(d=0;v=e[d];d++)if(v(p,a,f)){l.push(p);break}T&&(b=k,n=++o.el)}r&&((p=!v&&p)&&y--,u&&x.push(p))}y+=w;if(r&&w!==y){for(d=0;v=t[d];d++
2024-09-29 12:19:20 UTC	16384	IN	Data Raw: 62 6f 64 79 3e 3c 2f 74 61 62 6c 65 3e 22 5d 2c 74 64 3a 5b 33 2c 22 3c 74 61 62 6c 65 3e 3c 74 62 6f 64 79 3e 3c 74 72 3e 22 2c 22 3c 2f 74 72 3e 3c 2f 74 62 6f 64 79 3e 3c 2f 74 61 62 6c 65 3e 22 5d 2c 63 6f 6c 3a 5b 32 2c 22 3c 74 61 62 6c 65 3e 3c 74 62 6f 64 79 3e 3c 2f 74 62 6f 64 79 3e 3c 63 6f 6c 67 72 6f 75 70 3e 22 2c 22 3c 2f 63 6f 6c 67 72 6f 75 70 3e 3c 2f 74 61 62 6c 65 3e 22 5d 2c 61 72 65 61 3a 5b 31 2c 22 3c 6d 61 70 3e 22 2c 22 3c 2f 6d 61 70 3e 22 5d 2c 5f 64 65 66 61 75 6c 74 3a 5b 30 2c 22 22 2c 22 22 5d 7d 2c 43 74 3d 6c 74 28 69 29 2c 6b 74 3d 43 74 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 64 69 76 22 29 29 3b 4e 74 2e 6f 70 74 67 72 6f 75 70 3d 4e 74 2e 6f 70 74 69 6f 6e 2c 4e 74 2e Data Ascii: body></table>"],td:[3,"<table><tbody><tr>","</tr></tbody></table>"],col:[2,"<table><tbody></tbody><colgroup>","</colgroup></table>"],area:[1,"<map>","</map>"],_default:[0,"",""]},Ct=lt(i),kt=Ct.appendChild(i.createElement("div"));Nt.optgroup=Nt.option,Nt.
2024-09-29 12:19:20 UTC	12098	IN	Data Raw: 6e 28 65 2c 74 29 7b 69 66 28 21 45 29 7b 76 61 72 20 6e 3d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3b 65 3d 77 5b 6e 5d 3d 77 5b 6e 5d 7c 7c 65 2c 62 5b 65 5d 3d 74 7d 72 65 74 75 72 6e 20 74 68 69 73 7d 2c 67 65 74 41 6c 6c 52 65 73 70 6f 6e 73 65 48 65 61 64 65 72 73 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 45 3d 3d 3d 32 3f 69 3a 6e 75 6c 6c 7d 2c 67 65 74 52 65 73 70 6f 6e 73 65 48 65 61 64 65 72 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 6e 3b 69 66 28 45 3d 3d 3d 32 29 7b 69 66 28 21 73 29 7b 73 3d 7b 7d 3b 77 68 69 6c 65 28 6e 3d 70 6e 2e 65 78 65 63 28 69 29 29 73 5b 6e 5b 31 5d 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5d 3d 6e 5b 32 5d 7d 6e 3d 73 5b 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5d 7d 72 65 74 75 72 Data Ascii: n(e,t){if(!E){var n=e.toLowerCase();e=w[n]=w[n]\|\|e,b[e]=t}return this},getAllResponseHeaders:function(){return E===2?i:null},getResponseHeader:function(e){var n;if(E===2){if(!s){s={};while(n=pn.exec(i))s[n[1].toLowerCase()]=n[2]}n=s[e.toLowerCase()]}retur

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.8	49728	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:19:20 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-29 12:19:20 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=102372 Date: Sun, 29 Sep 2024 12:19:20 GMT Content-Length: 55 Connection: close X-CID: 2
2024-09-29 12:19:20 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.8	49731	101.32.12.46	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:19:21 UTC	422	OUT	GET /default/images/aglogin_l.png HTTP/1.1 Host: 886770657-la8.mmt166.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=h6msjb3t97ogbp68jffi8qjvb5
2024-09-29 12:19:22 UTC	367	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 29 Sep 2024 12:19:21 GMT Content-Type: image/png Content-Length: 2050 Last-Modified: Mon, 20 Mar 2023 09:18:00 GMT Connection: close Vary: Accept-Encoding ETag: "641824c8-802" Expires: Tue, 29 Oct 2024 12:19:21 GMT Cache-Control: max-age=2592000 Strict-Transport-Security: max-age=31536000 Accept-Ranges: bytes
2024-09-29 12:19:22 UTC	2050	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 64 00 00 00 1e 08 06 00 00 00 da 5b bb f3 00 00 00 04 73 42 49 54 08 08 08 08 7c 08 64 88 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 00 16 74 45 58 74 43 72 65 61 74 69 6f 6e 20 54 69 6d 65 00 30 33 2f 32 35 2f 32 30 50 1d 3c 2d 00 00 00 1c 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 46 69 72 65 77 6f 72 6b 73 20 43 53 35 71 b5 e3 36 00 00 07 5a 49 44 41 54 68 81 ed 5a 3f 6c db 56 1e fe a8 32 2a 2d 29 0e 05 43 8c 84 a0 80 b8 d9 b0 86 68 b1 a1 51 da 1c d8 83 b3 08 57 dc 62 8d 45 bc a4 43 bb 24 83 0d 1c d2 a1 5d 1c 14 9d d4 2d 57 2d f6 10 23 de c4 51 b0 16 75 a0 60 6f d4 e1 50 48 a1 20 88 b6 2c 99 d1 f1 f4 6e a0 1f 4d 91 d4 1f 37 01 a2 1e f4 6d 14 df ef f1 f7 f8 Data Ascii: PNGIHDRd[sBIT\|dpHYs~tEXtCreation Time03/25/20P<-tEXtSoftwareAdobe Fireworks CS5q6ZIDAThZ?lV2*-)ChQWbEC$]-W-#Qu`oPH ,nM7m

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.8	49732	101.32.12.46	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:19:21 UTC	422	OUT	GET /default/images/login_btn.png HTTP/1.1 Host: 886770657-la8.mmt166.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=h6msjb3t97ogbp68jffi8qjvb5
2024-09-29 12:19:22 UTC	342	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 29 Sep 2024 12:19:21 GMT Content-Type: image/png Content-Length: 188 Last-Modified: Sun, 26 Feb 2023 14:37:24 GMT Connection: close ETag: "63fb6ea4-bc" Expires: Tue, 29 Oct 2024 12:19:21 GMT Cache-Control: max-age=2592000 Strict-Transport-Security: max-age=31536000 Accept-Ranges: bytes
2024-09-29 12:19:22 UTC	188	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 0d 00 00 00 32 08 02 00 00 00 08 a5 c6 53 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 00 5e 49 44 41 54 78 da ec 95 bb 0d c0 20 10 43 1d 94 55 b3 12 2b 02 1b a4 33 2b bc 02 61 0a ae b6 fc 93 a5 7b be fa 0b dc db 47 43 38 cb 08 c7 60 98 af 48 90 cf 8b f9 60 5e c3 bc a2 7c 29 5d 67 fc f1 5d 9d ed cf a1 9e 79 2f 0a ed e0 ee 6a 47 7f 4a f5 97 d1 3d fe 2f 2c fe 83 53 80 01 00 97 e1 5d 11 16 db 5f 7a 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: PNGIHDR2StEXtSoftwareAdobe ImageReadyqe<^IDATx CU+3+a{GC8`H`^\|)]g]y/jGJ=/,S]_zIENDB`

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.8	49730	101.32.12.46	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:19:21 UTC	420	OUT	GET /default/images/login_r.png HTTP/1.1 Host: 886770657-la8.mmt166.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=h6msjb3t97ogbp68jffi8qjvb5
2024-09-29 12:19:22 UTC	367	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 29 Sep 2024 12:19:21 GMT Content-Type: image/png Content-Length: 1475 Last-Modified: Mon, 20 Mar 2023 09:19:30 GMT Connection: close Vary: Accept-Encoding ETag: "64182522-5c3" Expires: Tue, 29 Oct 2024 12:19:21 GMT Cache-Control: max-age=2592000 Strict-Transport-Security: max-age=31536000 Accept-Ranges: bytes
2024-09-29 12:19:22 UTC	1475	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 3c 00 00 00 1e 08 06 00 00 00 70 98 7d 4f 00 00 00 04 73 42 49 54 08 08 08 08 7c 08 64 88 00 00 00 09 70 48 59 73 00 00 0e c3 00 00 0e c3 01 c7 6f a8 64 00 00 00 16 74 45 58 74 43 72 65 61 74 69 6f 6e 20 54 69 6d 65 00 30 33 2f 32 36 2f 32 30 42 a8 93 c3 00 00 00 1c 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 46 69 72 65 77 6f 72 6b 73 20 43 53 35 71 b5 e3 36 00 00 05 1b 49 44 41 54 58 85 e5 98 5b 68 1c 65 14 c7 7f 11 a3 b6 fa 90 f8 22 de 70 67 c4 27 85 a4 4f 2d 54 e9 ae 62 6d 2d 95 9d a5 58 f0 25 29 22 22 56 4d f4 a1 52 3b 9b cd 8c 48 ad 62 b7 62 7d f0 96 ad 0a 22 e2 cc 82 d7 82 36 6b 95 56 6d d5 f5 c1 17 c5 d9 ad 68 5f bc 90 42 2b 62 d3 c6 87 73 26 99 24 33 93 c4 dd 9a 62 ff 30 24 fb Data Ascii: PNGIHDR<p}OsBIT\|dpHYsodtEXtCreation Time03/26/20BtEXtSoftwareAdobe Fireworks CS5q6IDATX[he"pg'O-Tbm-X%)""VMR;Hbb}"6kVmh_B+bs&$3b0$

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.8	49734	101.32.12.46	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:19:21 UTC	423	OUT	GET /default/images/ico_mobile.png HTTP/1.1 Host: 886770657-la8.mmt166.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=h6msjb3t97ogbp68jffi8qjvb5
2024-09-29 12:19:22 UTC	367	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 29 Sep 2024 12:19:21 GMT Content-Type: image/png Content-Length: 2834 Last-Modified: Sun, 26 Feb 2023 14:37:30 GMT Connection: close Vary: Accept-Encoding ETag: "63fb6eaa-b12" Expires: Tue, 29 Oct 2024 12:19:21 GMT Cache-Control: max-age=2592000 Strict-Transport-Security: max-age=31536000 Accept-Ranges: bytes
2024-09-29 12:19:22 UTC	2834	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 98 00 00 00 23 08 06 00 00 00 68 cf c3 97 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 6a 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 35 2d 63 30 31 34 20 37 39 2e 31 35 31 34 38 31 2c 20 32 30 31 33 2f 30 33 2f 31 33 2d 31 32 3a 30 39 3a 31 35 20 20 Data Ascii: PNGIHDR#htEXtSoftwareAdobe ImageReadyqe<jiTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.8	49733	101.32.12.46	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:19:21 UTC	422	OUT	GET /default/images/ico_aplus.png HTTP/1.1 Host: 886770657-la8.mmt166.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=h6msjb3t97ogbp68jffi8qjvb5
2024-09-29 12:19:22 UTC	367	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 29 Sep 2024 12:19:22 GMT Content-Type: image/png Content-Length: 3884 Last-Modified: Sun, 26 Feb 2023 14:37:38 GMT Connection: close Vary: Accept-Encoding ETag: "63fb6eb2-f2c" Expires: Tue, 29 Oct 2024 12:19:22 GMT Cache-Control: max-age=2592000 Strict-Transport-Security: max-age=31536000 Accept-Ranges: bytes
2024-09-29 12:19:22 UTC	3884	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 98 00 00 00 23 08 06 00 00 00 68 cf c3 97 00 00 00 04 73 42 49 54 08 08 08 08 7c 08 64 88 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 00 16 74 45 58 74 43 72 65 61 74 69 6f 6e 20 54 69 6d 65 00 30 33 2f 32 35 2f 32 30 50 1d 3c 2d 00 00 00 1c 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 46 69 72 65 77 6f 72 6b 73 20 43 53 35 71 b5 e3 36 00 00 0e 84 49 44 41 54 78 9c ed 5c 7d 6c 14 e7 9d 7e de 9d 9d d9 d9 f5 7e b0 c6 80 3f c0 71 c0 d0 c5 88 24 b8 a9 49 0c c7 01 56 9b e8 12 55 38 e4 8f 88 43 97 08 74 51 1b bb ba bb 26 e8 54 b8 f4 d4 26 c0 5d ca 55 54 b5 13 74 27 72 97 2a b5 22 05 b2 e8 94 46 d7 6b 0d 5c 1a 4c 70 88 5d 4a 6c 2f 5f 3e 63 0c fe 88 f1 66 f6 63 76 76 66 Data Ascii: PNGIHDR#hsBIT\|dpHYs~tEXtCreation Time03/25/20P<-tEXtSoftwareAdobe Fireworks CS5q6IDATx\}l~~?q$IVU8CtQ&T&]UTt'r*"Fk\Lp]Jl/_>cfcvvf

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.8	49735	101.32.12.46	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:19:21 UTC	650	OUT	GET /favicon.ico HTTP/1.1 Host: 886770657-la8.mmt166.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://886770657-la8.mmt166.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=h6msjb3t97ogbp68jffi8qjvb5
2024-09-29 12:19:22 UTC	165	IN	HTTP/1.1 404 Not Found Server: nginx Date: Sun, 29 Sep 2024 12:19:22 GMT Content-Type: text/html Content-Length: 505 Connection: close ETag: "5f889070-1f9"
2024-09-29 12:19:22 UTC	505	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 3e 0d 0a 09 62 6f 64 79 7b 0d 0a 09 Data Ascii: <!doctype html><html><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no"><title>404</title><style>body{

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.8	49736	101.32.12.46	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:19:21 UTC	426	OUT	GET /default/images/login_newyear.png HTTP/1.1 Host: 886770657-la8.mmt166.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=h6msjb3t97ogbp68jffi8qjvb5
2024-09-29 12:19:22 UTC	369	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 29 Sep 2024 12:19:22 GMT Content-Type: image/png Content-Length: 63803 Last-Modified: Thu, 15 Feb 2024 14:26:38 GMT Connection: close Vary: Accept-Encoding ETag: "65ce1f1e-f93b" Expires: Tue, 29 Oct 2024 12:19:22 GMT Cache-Control: max-age=2592000 Strict-Transport-Security: max-age=31536000 Accept-Ranges: bytes
2024-09-29 12:19:22 UTC	16015	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 07 80 00 00 03 ca 08 06 00 00 00 75 2e 47 df 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 f8 d0 49 44 41 54 78 01 ec dd 41 ad 58 31 10 04 c1 71 64 60 e1 0f 23 81 f0 73 77 70 bc 56 15 8d d6 ec 9e bf 3f 3f bf 07 00 00 00 00 00 00 c0 e7 9d 3f 3f ff de 00 00 00 00 00 00 00 f8 bc 5f 03 00 00 00 00 00 00 20 41 00 06 00 00 00 00 00 00 88 10 80 01 00 00 00 00 00 00 22 04 60 00 00 00 00 00 00 80 08 01 18 00 00 00 00 00 00 20 42 00 06 00 00 00 00 00 00 88 10 80 01 00 00 00 00 00 00 22 04 60 00 00 00 00 00 00 80 08 01 18 00 00 00 00 00 00 20 42 00 06 00 00 00 00 00 00 88 10 80 01 00 00 00 00 00 00 22 04 Data Ascii: PNGIHDRu.GpHYssRGBgAMAaIDATxAX1qd`#swpV????_ A"` B"` B"
2024-09-29 12:19:22 UTC	16384	IN	Data Raw: 3e 0e 69 39 b3 51 d2 b2 35 a6 55 d0 a9 d9 73 44 f0 7a ab 78 df 5d 0b ed c3 fe 5a 78 6a be 86 d9 31 04 26 4b 7a 74 db 4d 84 bf 81 da c7 51 b0 e6 ab 3d da 8d cb f6 ef e9 c3 2e 85 c9 96 2b ee 79 10 09 7d 84 aa f5 6f a0 b6 b4 24 26 c7 a9 7c ad 8a f5 df 22 77 ea 45 62 d7 e7 80 88 88 88 88 88 a8 27 58 01 4c 44 44 44 44 d4 cf 14 bd 0e 47 3c 78 17 be ff fd 5f 70 c2 93 7f 17 81 5f 22 62 a5 a5 a8 14 ee aa 5a 38 b2 d2 e1 cc cb 8e 7a be a0 c7 0b a3 cd 8a 9e 6a ad ae c5 92 3f ff 13 5b df fd 14 91 2e 07 63 7d 6b e8 a9 c7 ef 19 fe c6 98 de 64 c4 8c db 6f 40 e1 27 5f a3 a5 38 fa 16 d8 1f 5d fc 73 0c 3b f3 24 a4 4f 99 80 a4 d1 c3 a1 d3 f7 ac 1d f5 40 a4 e8 aa a1 46 e6 a2 66 cd fb a8 2e 29 ec f1 38 bf ed 53 91 90 71 04 2c f1 23 10 3b b2 5d f5 5a d4 15 bc 86 86 c6 e8 c7 7e Data Ascii: >i9Q5UsDzx]Zxj1&KztMQ=.+y}o$&\|"wEb'XLDDDDG<x_p_"bZ8zj?[.c}kdo@'_8]s;$O@Ff.)8Sq,#;]Z~
2024-09-29 12:19:22 UTC	16384	IN	Data Raw: 6b 9f 7d 0d 47 fe f9 b7 7b 3c 1e f2 fa b0 e2 91 a7 a2 af de dd e1 fb bb ff aa b5 95 9e f0 b3 4b 44 70 66 44 e2 b0 7c ed 26 c7 ad fd ec ea 5f b5 3b 5f 5c 4e 26 0e fd fd 2d 3b c2 eb d8 7e b7 90 01 ed 57 37 fd b6 fd 00 5a 04 71 19 53 c6 63 e6 5d 37 69 ed 91 e5 7a 4b b2 e2 4e 06 ed 5f df fc 7b ed 7e de 71 47 c2 60 31 c1 5d 51 89 cf ae ba 15 75 1b f6 1c 7b 55 b6 94 2e 99 bb 00 9f 5f f3 2b 9c f2 f2 63 da 72 32 67 4c ea 68 d5 b4 a0 7c e7 fb f5 b7 b8 3a 9c 56 6e c3 f4 49 63 b5 e9 0b 3f fe 12 6a 38 ba 6a 47 39 a6 f2 09 ff f9 3f 98 e2 6c 18 d8 df db 82 22 fc 5d 8f e6 e2 e7 51 b2 61 79 17 c6 eb 6d 63 b4 a4 88 6d 9e b0 a3 c3 6d db fb 8c 84 bd 22 ac 5f 84 60 b0 6b c7 b1 d4 d2 d0 80 ed 0b ff 8b c1 33 9a a1 b7 fc 54 2c 2c be fd 89 d5 20 7c f5 9f a0 a1 be f3 f6 b8 3b c5 Data Ascii: k}G{<KDpfD\|&_;_\N&-;~W7ZqSc]7izKN_{~qG`1]Qu{U._+cr2gLh\|:VnIc?j8jG9?l"]Qaymcmm"_`k3T,, \|;
2024-09-29 12:19:22 UTC	15020	IN	Data Raw: 9b 97 23 1c 0a 45 3d 8f bc 68 a1 70 cd 22 84 fd 7d 5f 21 ee ad ab 47 73 51 a9 38 a7 34 61 c1 bd 0f 61 c5 bf 9e 85 1a 51 51 f6 fd 62 bc 77 f6 95 a8 5e b9 16 3d 25 db 48 7f 2d 42 66 77 65 35 88 88 88 88 88 68 e0 60 00 4c 44 44 44 44 74 80 28 fd 6e 21 b6 be fb 09 fa 94 08 8d 64 e8 7b d2 73 ff 44 ce e1 33 b5 87 1a 36 6d c5 ba e7 5f 8f aa 5a 53 67 34 62 f0 89 73 b4 df 65 b5 5a e3 d6 22 f4 a5 ac 43 a7 61 f2 f5 57 a0 bf e5 ce 9e 05 a3 cd a6 fd ee 6d 6c 6a 77 1c ce 03 81 4e 67 d2 5a 27 77 26 1c 0e 23 14 10 c1 bd ea 87 c1 92 8d a4 8c a3 da 19 93 b6 1b c4 e6 35 d9 72 b4 4a e4 58 30 c5 8d 41 4a c6 6c ec af 76 7e 56 c3 fe ad 68 a9 7e 18 4d 85 7f 41 6b dd 0a ed 31 b3 29 0e 83 46 df 00 67 ce c5 d0 e9 6d 38 98 45 42 5e 78 5c 55 5d ae 7d 4e 4c 1f 27 82 f3 be bf 40 a0 66 Data Ascii: #E=hp"}_!GsQ84aaQQbw^=%H-Bfwe5h`LDDDDt(n!d{sD36m_ZSg4bseZ"CaWmljwNgZ'w&#5rJX0AJlv~Vh~MAk1)Fgm8EB^x\U]}NL'@f

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 6452, Parent PID: 3652

General

Target ID:	0
Start time:	08:19:06
Start date:	29/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff678760000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3948, Parent PID: 6452

General

Target ID:	2
Start time:	08:19:11
Start date:	29/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1908,i,4690189989379199674,14818043272657632033,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff678760000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3776, Parent PID: 3652

General

Target ID:	3
Start time:	08:19:13
Start date:	29/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://886770657-la8.mmt166.com/"
Imagebase:	0x7ff678760000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly